CompTia Security+ Post Assessment
What makes Python a good choice for crafting malicious scripts for an attack?
⁃ Python is installed by default on the majority of Linux distributions and is available to install on the rest.
A user logs into their computer and is presented with a screen showing a US Department of Justice logo indicating the computer has been locked due to the user violating federal law. The screen gives several details of the violation and indicates that the user must pay a fine of $500 within 72 hours, or a warrant will be issued for their arrest. The user cannot unlock the system. What type of malware has likely infected the computer?
⁃ Ransomware
You've found a computer infected by stealth malware. The program installed itself as part of the computer's boot process to gain access to the entire operating system and hide from anti-malware software. What kind of malware is it?
⁃ Rootkit
You're asked to build a DMZ network but only have single firewall and also need to provide direct connection to the Internet and the internal network. In order to accommodate all zones with a single appliance, which of the following topologies should you choose?
⁃ Three-homed firewall
Which of these factors or methods best ensures the orderly correlation of events that occurred across many systems all around the world?
⁃ Timestamps
Which of the following is an example of preventative control?
- A locked door
If a password cracker is not in a particular hurry and wants to target a system with a very large number of users accounts and a policy that locks accounts after three failed login attempts, which attacks has the best chance of succeeding to find even a single account to compromise?
- A password spraying attack - Password spraying targets many accounts at the same time by attempting to compromise with a weak password.
Which of the following physical security solutions qualifies as both a preventative and a detective control?
- A security guard
You want to implement an access control model that lets you easily assign users to a combination of multiple roles, and also restrict access to some actions based on the time of day and physical location of the user. which model best fit?
- ABAC - Attribute-based access control (ABAC) is a flexible add-on for other access-control models.
Which of these terms refers to a category of security control in contrast to a type of control?
- Administrative
When performing a penetration test, how would OSINT be classified as a resource?
- As a form of passive reconnaissance
Which type of cryptography is most commonly used for secure key exchange?
- Asymmetric encryption
Which functions are performed by the Kerberos KDC?
- Authentication Service - TGT (Ticket Granting Ticket)
A co-worker mentioned a utility called the Sleuth Kit, also known as TSK indicating that it's a great piece of software for storage forensics but that the command-line interface is a little tough to deal with, never having been great with scripting or CLls in general. Which of the following is a graphical front-end for TSK that you should mention as an option, so your own co-worker won't have to deal with the CLl as much?
- Autopsy
An organization chooses among other competing options, to replace insecure legacy systems with newer ones that are compatible with modern digital security techniques and protocols. Which risk management strategy is being employed?
- Avoidance
During a massive security-impacting incident that takes a critical system offline, which type of plan should be consulted to determine the correct procedure to minimize lost revenue until the system can be brought back online?
- BCP - Business Continuity Plan
Which of the following phrases best describes the benefit of fail-close doors?
- Bad for safety but good for security.
Bob is interested in standing up his first web sever for his small organization. Having no idea hot to assess and confirm is his server will be as secure possible, what resource can Bob avail himself for guidance that is based on the industry's best practices?
- Benchmarks and secure configuration guides
Your remote access system currently uses RAIDUS, but one administrator is proposing replacing it with TACACS+. What benefits might this provide?
- Better able to support non-IP protocols - Better suited to large networks - More Secure
What tools allow amplification of DoS attack?
- Bonnets - Malformed packets - Reflection
Which cybersecurity framework offers a number of benchmarks by which an organization can measure their adherence to their own security baselines?
- CIS - Center for Internet Security
Which of the following security risks is least important to address in enterprise patch management systems?
- CPU microcode - CPU microcode is baked into the CPU itself.
When dealing with which class of third-part entity might an organization be interested in adding right to audit clauses to the SLA as well as be concerned about the additional risk implications of such factors as jurisdiction, regulatory compliance and data breach notification laws, which are more complicated when dealing with these entities?
- CSP - Cloud Service Provider
You were asked to build a web server for a new business unit in your company. One of the administrators, Bob, manages all of the SSL certificates for the enterprise. Once you get the server fully established and configured, you head over to Bob's office with the name and IP address of the server to watch the process he uses to obtain a certificate for the server. Bob remotes into the server with the address you supplied and enters an openssl command, specifying a 4096-bit cipher, that creates two files; one, containing a private key, he places in a directory with restricted access, and another he copies the contents of before pasting them in a form on the website of the registration authority (RA) for the certificate (CA) that your company uses. During the process, the openssl command prompts Bob to enter a distinguished name (DN) made up of the company's name and location the name of the new business unit as well as Bob's email address and the FQDN of the new website. What did Bob send to the RA to apply for the server's certificate?
- CSR - A certificate signing request (CSR)
What kind of attack do synchronization tokens help prevent?
- CSRF - Cross-Site Request Forgery
Your company allows you to use the same smartphone for both personal and work purposes, but only if it's one of a half-dozen different models on an approved list. If you don't have an approved device, the company will pay for part of your upgrade. What kind of deployment model does the company use?
- CYOD - Choose Your Own Device
Which solution allows separation of resources down to the application level if necessary?
- Containers
What automation practice keeps code created by multiple developers from diverting or conflicting?
- Continuos integration
A host on the network is potentially infected with a novel virus and you don't want it to spread while you study it. You've decided that network segmentation won't be effective enough and you'd prefer to isolate the host. Which of the following will best achieve the goal?
- Creating an air gap.
What is post-quantum cryptography being designed to counteract?
- Cryptanalysis techniques that can break public-key cryptography
Which of the following is a form of ransomware?
- Crypto-malware - Crypto-malware is a form of ransomware that encrypts a filesystem or individual objects within one.
It has come to your attention that a newly created sensitive document is making the rounds among authorized users in the company. Which enterprise utility can you adjust the configuration of to reduce the likelihood that the document will fall into the wrong hands in a readable format?
- DLP - Data Loss Prevention (DLP)
Which of the following technologies helps to control what information can be exfiltrated from internal users and systems and what form such data can take?
- DLP - Data Loss Prevention (DLP)
Privacy-enhancing technologies are part of a larger principle by which the amount of PII, PHI, or other sensitive private data that is collected and stored is carefully limited. What is the "umbrella" term under which many other terms regarding privacy enhancement fall?
- Data Minimization
Which vulnerability impact generally precedes both data loss and data exfiltration?
- Data breaches
What classification data most benefits from the use of homomorphic encryption?
- Data in use (in processing)
As part of a cloud transition your team is examining IaC approaches for cloud orchestration. You've been asked to tell a less technical stakeholder the relative advantages of immutable infrastructure over mutable. Which of the following might you say?
- Immutable infrastructure is less prone to configuration drift. - Immutable infrastructure scales more easily.
Secure access-control models are based on which assumption?
- Implicit Deny - Implicit Deny is a fail-safe model where if there is no rule to explicitly allow access, it is denied by default.
Based on the rationale given, which of the following statements is least likely to lead to an exploitable vulnerability?
- It is okay to implement network appliances and systems that support insecure protocols as long as their use is blocked and any necessary related functions are performed by secure protocols.
What police document generally describes mutual goals between organizations?
- MOU - Memorandum Of Understanding
Which of the following is a characteristic that is chiefly associated with unified threat management (UTM) appliances?
- Marketed toward small to medium businesses
An enterprise security administrator has been tasked with upgrading the organization's perimeter defenses because existing appliances fall short in the protection of users and systems from cloud-enabled attacks that are made possible by the confluence of cloud services and web applications that is gaining in popularity in the enterprise. Which of the following appliances has the capability of replacing the existing NGFW, proxy server, and content filter while adding enhanced cloud protection?
- NG SWG - Next-Generation Secure Web Gateway
Which kind of attackers an APT most commonly associated with?
- Nation states
Which of the following involves contacting a separate host known as a responder to verify the revocation status of a digital certificate?
- OCSP - Online Certificate Status Protocol
Which of the following are differences between SED and non-SED FDE?
- Opal is a standard that applies only to SED. - SED-based encryption does not suffer from OS-related performance degradation.
Which of these common pentest is performed in an effort exploit the trust relationship between two hosts, for instance?
- Pivoting
What is the difference between a push notification and 2FA BY SMS?
- Push notifications use a secure application.
Which of the following RAID levels does not use disk stripping to increase performance over the alternative?
- RAID 1
Which of the following is a stream cipher?
- RC4 - Rivest Cipher 4 is a popular stream cipher due its simplicity and high performance
You're planning a role-based security training program. Which role's training should spend the highest percentage of its time on social engineering attacks?
- Receptionist
Which of the following hash algorithms offers both a 256-bit and 512-bit version?
- SHA-2 - Secure Hash Algorithm-2
Alice, a contractor that was hired to develop a critical application, performs most of programming remotely. In order to prevent establishing any form direct remote access to the development platform, Alice placed a hardened server, which only she is authorized to connect to remotely, on the same network segment as the development system without anyone else's knowledge. Once the project was complete, , Alice left word that the remote-access server should be dismantled to prevent potential malicious indirect access to the development platform and ultimately to the application server. Unfortunately, the server was never removed. What is this an example of?
- Shadow IT
What security control might have a positive have a positive effect on security in one context and a negative effect when employed in a context outside of use as a security control?
- Signage
US military personnel use CACs, while US Federal employees use PIVs. Both of these authentication methods are examples of which of the following?
- Smart Cards
Several co-workers in the sales department received an email claiming to be from you. Each message was personally addressed and contained a link to a "test site" and a request to log in with standard user credentials. You never sent it, and on examination, the supposed test site is a phishing scam. Exactly what variant of phishing is this?
- Spear Phishing
What SQL injection technique relies on unfiltered semicolons?
- Stacked query
Which features, available to software developers, are used primarily to reduce the risk associated with injection attacks?
- Stored procedures - Normalization
An embedded hardware modification that acts as a backdoor was discovered in some of the highly customized machines that your company produced and sold. Upon investigation, the backdoor was also discovered in some of the newly arriving chassis shipped from a trusted vendor that were to be used as a raw materials in your future manufacturing process. What is the most likely vector that used to introduce this unauthorized modification?
- Supply Chain Compromise
You were told to set up a "structured walkthrough" of a disaster recovery plan, but that terminology isn't in the procedures manual. What other term should you look for?
- Tabletop Exercise
What data management model assists professionals in decision making with regard to the creation of policy based on the convergence of data security and privacy, focusing on such aspects as to how it's attained and classified, how it's used and stored, and how it's archived and destroyed?
- The Information Life Cycle
In terms of data governance policies, what is the relationship between the terms data custodian and data steward?
- The custodian is interested in the technical nature of data security. - The steward is focus on its value usefulness and compliance to standards.
A company decides to invest i embedded systems to improve security by limiting the number of components used in various critical and sensitive systems. Which of the following would make it more difficult to justify embedded systems in certain cases?
- The wireless networking range
What do reading irresponsibly placed sticky notes on monitors and stealing a certificate's private key have in common?
- They are both forms of credential harvesting.
Why is it most important to record time offsets when collecting evidence?
- To compensate for time differences among multiple systems.
The forensic specialist associated with your company's incident response team has requested the various dump files of a system for which you are the administrator. Why might the specialist request such files?
- To obtain a snapshot of the state of the system's RAM under one or more circumstances.
Which of the following is a concern most related to data sovereignty?
- Trusting a cloud service provider in the storage of a company's data.
An administrator has created two EC2 instance in an AWS VPC. Noticing that the default behavior of the instances is to allow full communication between them, the administrator investigates ways to control their interaction with one another. what option best supports the interests of the administrator?
- Using non-standard security groups
Which Wi-Fi feature can be disabled to improve security?
- WPS - Wifi-Protected Setup
Your company rents a spare server room in a secondary location. It has all the necessary hardware, software and network services, so you can power everything up, man it and load backups of your production environment before taking over. What is this scenario referring to?
- Warm Site
What potential security risk does an SD card pose that a USB flash drive does not?
- Wireless attacks
The facilities manager wants to deploy IoT devices for building automation by using an open wireless IEEE-based standard. Which of the following should you recommend?
- Zigbee
Which of the following commands is most likely to display the TLS handshake between a client and the server at https://www.javatucana.com, including the negotiated cipher-suite that was agreed upon and partial details of the server's certificate, before downloading the site's main webpage?
- curl -v -L www.javatucana.com
Which of the following commands will display the most recent "failed" entries in log file?
- grep "failed" log file | tail
As part of a cloud transition, you're looking for something to tie disparate services together, as the ESB (Enterprise Service Bus) does in the on-premises data center. What kind of cloud service should you look for?
- iPaaS - Integration Platform As A Service
Complete the given statement: Unlike LDAP (Lightweight Directory Access Protocol), LDAPS (Lightweight Directory Access Protocols) ________.
- includes SSL or TLS encryption - use port 636
Which of the following authentication protocols gives the implementer the option use client-side certificates but requires the use of sever-side certificates?
- EAP-TTLS - Extensible Authentication Protocol-Tunneled TLS
Which of the following statements about environments for software development, deployment and automation are correct?
- Each environment has a distinct purpose in the process. - The QA environment is aimed less at testing for functionality than the other environments.
Which resources do the Cloud Security Alliance (CSA) maintain to promote industry-wide best practices and methodologies for secure and trusted cloud services from the perspectives of both the provider and the consumer?
- Enterprise Reference Architecture - Cloud Control Matrix
Which of the following are implicitly secure protocols that were created by adding SSL/TLS security to protocols that were insecure on their own?
- FTPS - HTTPS - SNMPv3
You're shopping for a new A/C unit for your server room and are comparing manufacturer ratings. Which combination will minimize the time you'll have to go without sufficient cooling?
- High MTBF and low MTTR - A high mean time between failure (MTBF) and low mean time to repair (MTTR)
Which of the following statements concerning hybrid warfare is a false statement?
- Hybrid warfare requires human-to-human interaction.
In the field of account management, which of the following sources can be used individually as proof of identity when authenticating a user or system?
- IdP - Certificate - Token - Smart Card
Which of following is most likely an impact of vulnerability that resulted in data exfiltration?
- Identity theft
The user bob smith has shell-access privileges to the Linux host filesvr that is listening on TCP port 22. The user wants to be able to accomplish the following tasks: - Access port 22 on the server in the future to employ various related functions from his local Linux workstation. - After generating a local key pari that is compatible with the service transfer the public key to the server. - Establish the transferred key as an authorized key that can be used to authenticate the user without the need for entering a password What single command can the user enter at a shell prompt on his Linux workstation to accomplish these tasks, assuming his local key pair has already generated?
- ssh-copy-id bobsmith@filesvr
What is the primary difference between SIEM and SOAR?
SIEM (Security Information and Event Monitoring Response) can automate security monitoring. SOAR (Security Orchestration Automation) can orchestrate automated responses to an incident according to related workflow.
Your company has signed a BPA (Business Partnership Agreement) with a business partner. What most likely is not a part of it?
Technical requirements for secured data connections between the two companies.
What might you or an attacker be interested in with regard to emails, web traffic and stored files that is not overtly displayed or communicated by or with each one?
Their metadata
Which of the following features primarily helps to protect against DoS attacks?
⁃ Loop prevention
Which feature of SIEM utilities brings together log entries from multiple components in order to find broader trends and relationships than those formed by the individual entries?
⁃ Correlation
While analyzing the shortcomings in the operation of the enterprise's NIDS, you discover that in its current mode of operation only known attacks are being reported. What is recommended to enable detection of previously unknown attack methods through the use of artificial intelligence (AI)?
⁃ Heuristic
