CompTIA Security+ 501 Topic 2, Volume B
Which of the following network architecture concepts is used to securely isolate at the boundary between networks?
DMZ
Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach?
$3,750
During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall?
22, 23, SSH, and Telnet
Which of the following provides additional encryption strength by repeating the encryption process with additional keys?
3DES
Pete, the compliance manager, wants to meet regulations. Pete would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Pete implement to BEST achieve this goal?
A host-based firewall
Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?
A recent security breach in which passwords were cracked.
Each server on a subnet is configured to only allow SSH access from the administrator's workstation. Which of the following BEST describes this implementation?
Host-based firewalls
Which of the following can be implemented with multiple bit strength?
AES
Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie?
Anti-spyware software
The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity?
Application change management
Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices. A security administrator should perform which of the following before deploying new software?
Application hardening
Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?
Attributes based
Which of the following passwords is the LEAST complex? A. MyTrain!45 B. Mytr@in!! C. MyTr@in12 D. MyTr@in#8
B. Mytr@in!!
Which of the following offers the LEAST secure encryption capabilities?
PAP
In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified?
Best practice
A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected?
Block cipher
Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent?
Buffer overflow
While opening an email attachment, Pete, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?
Buffer overflow
Which of the following does full disk encryption prevent?
Clear text access
Which of the following technologies can store multi-tenant data with different security requirements?
Cloud computing
Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent?
Clustering
The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following?
Cognitive passwords attacks
Which of the following encompasses application patch management
Configuration management
Layer 7 devices used to prevent specific types of html tags are called:
Content filters.
In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered?
Continuous security monitoring
A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction. Which of the following types of controls is being used?
Corrective
An administrator connects VoIP phones to the same switch as the network PCs and printers. Which of the following would provide the BEST logical separation of these three device types while still allowing traffic between them via ACL?
Create three VLANs on the switch connected to a router
A security analyst needs to ensure all external traffic is able to access the company's front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?
DMZ
Elastic cloud computing environments often reuse the same physical hardware for multiple customers over time as virtual machines are instantiated and deleted. This has important implications for which of the following data security concerns?
Data confidentiality
Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability?
ECC
When implementing fire suppression controls in a datacenter it is important to:
Ensure proper placement of sprinkler lines to avoid accidental leakage onto servers.
Which of the following is an application security coding problem?
Error and exception handling
After a recent breach, the security administrator performs a wireless survey of the corporate network. The security administrator notices a problem with the following output: MACSSIDENCRYPTIONPOWERBEACONS 00:10:A1:36:12:CCMYCORPWPA2 CCMP601202 00:10:A1:49:FC:37MYCORPWPA2 CCMP709102 FB:90:11:42:FA:99MYCORPWPA2 CCMP403031 00:10:A1:AA:BB:CCMYCORPWPA2 CCMP552021 00:10:A1:FA:B1:07MYCORPWPA2 CCMP306044 Given that the corporate wireless network has been standardized, which of the following attacks is underway?
Evil twin
After viewing wireless traffic, an attacker notices the following networks are being broadcasted by local access points: Corpnet Coffeeshop FreePublicWifi Using this information the attacker spoofs a response to make nearby laptops connect back to a malicious device. Which of the following has the attacker created?
Evil twin
Which of the following fire suppression systems is MOST likely used in a datacenter?
FM-200
The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include
Fire- or water-proof safe and Locking cabinets and drawers
Mandatory vacations are a security control which can be used to uncover which of the following?
Fraud committed by a system administrator
Methods to test the responses of software and web applications to unusual or unexpected inputs is known as
Fuzzing.
Pete, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct?
Gray Box Testing
An IT auditor tests an application as an authenticated user. This is an example of which of the following types of testing?
Gray box
Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment?
HVAC
Which of the following is the LEAST volatile when performing incident response procedures?
Hard drive
Which of the following BEST explains the use of an HSM within the company servers?
Hardware encryption is faster than software encryption
A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario?
IPv6
A system administrator attempts to ping a hostname and the response is 2001:4860:0:2001::68. Which of the following replies has the administrator received?
IPv6 address
Which of the following is the MOST specific plan for various problems that can arise within a system?
IT Contingency Plan
Pete's corporation has outsourced help desk services to a large provider. Management has published a procedure that requires all users, when receiving support, to call a special number. Users then need to enter the code provided to them by the help desk technician prior to allowing the technician to work on their PC. Which of the following does this procedure prevent?
Impersonation
An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?
Implement OS hardening by applying GPOs
Which of the following is an advantage of implementing individual file encryption on a hard drive which already deploys full disk encryption?
Individually encrypted files will remain encrypted when copied to external media
An IT director is looking to reduce the footprint of their company's server environment. They have decided to move several internally developed software applications to an alternate environment, supported by an external company. Which of the following BEST describes this arrangement?
Infrastructure as a Service
Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system?
Input validation
Pete, the system administrator, wishes to monitor and limit users' access to external websites. Which of the following would BEST address this?
Install a proxy server.
A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization?
Kerberos
Jane, a security administrator, has been tasked with explaining authentication services to the company's management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the company's environment?
Kerberos
Which of the following types of authentication solutions use tickets to provide access to various resources from a central location?
Kerberos
Which of the following is an important implementation consideration when deploying a wireless network that uses a shared password
Key length
Which of the following provides the BEST application availability and is easily expanded as demand grows?
Load balancing
Which of the following presents the STRONGEST access control?
MAC
Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card?
MAC filtering
Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together?
Mandatory vacations
Pete, an IT Administrator, needs to secure his server room. Which of the following mitigation methods would provide the MOST physical protection?
Mantrap
Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?
Matt should implement DLP and encrypt the company database.
Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?
PAP, MSCHAPv2
Which of the following types of encryption will help in protecting files on a PED?
Mobile device encryption
Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by?
Non-repudiation
Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure?
PAT
Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?
PEAP-MSCHAPv2
During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?
Port scanner
Company A sends a PGP encrypted file to company B. If company A used company B's public key to encrypt the file, which of the following should be used to decrypt data at company B?
Private key
Pete, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide?
Protection against malware introduced by banner ads
Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?
RAID
Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address?
Rogue access point
A security technician is working with the network firewall team to implement access controls at the company's demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond?
Rule based access control
Which of the following protocols allows for secure transfer of files?
SFTP and SCP
A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports?
SNMPv3
Which of the following network devices is used to analyze traffic between various network interfaces?
Sniffers
A company's business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model?
Software as a Service
The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO's direction but has mandated that key authentication systems be run within the organization's network. Which of the following would BEST meet the CIO and CRO's requirements?
Software as a Service
Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following?
System hardening
Which of the following is an authentication and accounting service that uses TCP for connecting to routers and switches
TACACS+
Pete needs to open ports on the firewall to allow for secure transmission of files. Which of the following ports should be opened on the firewall?
TCP 22
Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?
Tailgating
Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company's password policy. Which of the following should Pete do NEXT?
Tell the application development manager to code the application to adhere to the company's password policy.
A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards. Which of the following steps should the system administrator implement to address the vulnerability?
Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes
Which statement is TRUE about the operation of a packet sniffer?
The Ethernet card must be placed in promiscuous mode.
Which of the following BEST describes the weakness in WEP encryption?
The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.
Which of the following is a best practice when a mistake is made during a forensics examination?
The examiner should document the mistake and workaround the problem.
Some customers have reported receiving an untrusted certificate warning when visiting the company's website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem
The intermediate CA certificates were not installed on the server
Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. Which of the following should Sara do to address the risk?
Transfer the risk saving $5,000.
Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure?
Trust Model
Pete, the system administrator, wants to restrict access to advertisements, games, and gambling web sites. Which of the following devices would BEST achieve this goal?
URL content filter
Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete's BEST option?
Use hardware already at an offsite location and configure it to be quickly utilized.
A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS+. This type of implementation supports which of the following risk mitigation strategies?
User rights and permissions review
Which of the following BEST describes part of the PKI process?
User1 encrypts data with User2's public key
A recent audit of a company's identity management system shows that 30% of active accounts belong to people no longer with the firm. Which of the following should be performed to help avoid this scenario?
Utilize automated provisioning and de-provisioning processes where possible and perform regular user account review / revalidation process.
A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?
Virtual switches with VLANs
A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff?
Virtualization
Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform?
Vulnerability assessment
Which of the following firewall rules only denies DNS zone transfers?
deny tcp any any port 53
Input validation is an important security defense because it:
rejects bad or malformed data.