CompTIA Security Plus practice 9-17
Amanda is assessing a vehicle's internal network. What type of bus is she most like to discover connecting its internal sensors and controllers?
A CAN bus
Lucca is prototyping an embedded system and wants to use a device that can run a full Linux operating system so that he can install and use a firewall and other security software to protect a web service he will run on it. Which of the following solutions should he use?
A Raspberry Pi
Mike wants to stop vehicles from traveling toward the entrance of his building. What physical security control should he implement?
A bollard
Olivia wants to install a host-based security package that can detect attacks against the system coming from the network, but she does not want to take the risk of blocking the attacks since she fears that she might inadvertently block legitimate traffic. What type of tool could she install that will meet this requirement?
A host intrusion detection system
Naomi wants to deploy a tool that can allow her to scale horizontally while also allowing her to patch systems without interfering with traffic to her web servers. What type of technology should she deploy? Correct!
A load balancer
Alyssa wants to use her Android phone to store and manage cryptographic certificates. What type of solution could she choose to do this using secure hardware?
A microSD HSM
The company that Hui works for has built a device based on an Arduino and wants to standardize its deployment across the entire organization. What type of device has Hui's organization deployed, and where should Hui place her focus on securing it?
A microcontroller, and on physical security
Cynthia wants to clone a virtual machine. What should she do to capture a live machine, including the machine state?
A snapshot
As part of their yearly incident response preparations, Ben's organization goes through a sample incident step by step to validate what each person will do in the incident. What type of exercise is this?
A walk-through
What type of recovery site has some or most systems in place but does not have the data needed to take over operations?
A warm site
Brian is selecting a CASB for his organization and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs?
API-based CASB
Madhuri is designing a load-balancing configuration for her company and wants to keep a single node from being overloaded. What type of design will meet this need?
Active/active
What type of NAC will provide Isaac with the greatest amount of information about the systems that are connecting while also giving him the most amount of control of systems and their potential impact on other systems that are connected to the network?
Agent-based, pre-admission NAC
How does technology diversity help ensure cybersecurity resilience?
All of the above.
Howard is assessing the legal risks to his organization based upon its handling of PII. The organization is based in the United States, handles the data of customers located in Europe, and stores information in Japanese datacenters. What law would be most important to Howard during his assessment?
All should have equal weight
The organization that Lynn works for wants to deploy an embedded system that needs to process data as it comes in to the device without processing delays or other interruptions. What type of solution does Lynn's company need to deploy?
An RTOS
Florian wants to ensure that systems on a protected network cannot be attacked via the organization's network. What design technique should he use to ensure this?
An air gap
Michelle wants to ensure that attackers who breach her network security perimeter cannot gain control of the systems that run the industrial processes her organization uses as part of their business. What type of solution is best suited to this?
An air gap
What type of physical security control is shown here?
An air gap
During a site survey, Chris discovers that there are more access points broadcasting his organization's SSID than he expects there to be. What type of wireless attack has he likely discovered?
An evil twin
What does a SSL stripping attack look for to perform an on-path attack?
An unencrypted HTTP connection
Henry wants to use an open source forensic suite. Which of the following tools should he select?
Autopsy
Gurvinder wants to select a mobile device deployment method that provides employees with devices that they can use as though they're personally owned to maximize flexibility and ease of use. Which deployment model should he select?
BYOD
Gurvinder wants to follow the order of volatility to guide his forensic data acquisition. Which of the following it the least volatile?
Backups
Octavia discovers that the contact list from her phone has been acquired via a wireless attack. Which of the following is the most likely culprit?
Bluesnarfing
What is the key difference between hashing and checksums?
Both can validate integrity, but a hash also provides a unique digital fingerprint.
What is the document that tracks the custody or control of a piece of evidence called?
Chain of custody
Which one of the following statements about cloud computing is incorrect?
Cloud computing customers provision resources through the service provider's sales team.
What type of security policy often serves as a backstop for issues not addressed in other policies?
Code of conduct
Maria has acquired a disk image from a hard drive using dd, and she wants to ensure that her process is forensically sound. What should her next step be after completing the copy?
Compare the hashes of the source and target drive.
Which one of the following is not one of the five core security functions defined by the NIST Cybersecurity Framework?
Contain
Fred's company issues devices in a BYOD model. That means that Fred wants to ensure that corporate data and applications are kept separate from personal applications on the devices. What technology is best suited to meeting this need?
Containerization
What factor is a major reason organizations do not use security guards?
Cost
Which one of the following is not a common use of the NIST Cybersecurity Framework?
Create specific technology requirements for an organization.
What term is given to an individual or organization who determines the reasons for processing personal information?
Data controller
Helen's organization maintains medical records on behalf of its customers, who are individual physicians. What term best describes the role of Helen's organization?
Data processor
Under the European Union's GDPR, what term is assigned to the individual who leads an organization's privacy efforts?
Data protection officer
Which one of the following policies would typically answer questions about when an organization should destroy records?
Data retention policy
Theresa's organization has received a legal hold notice for their files and documents. Which of the following is not an action she needs to take?
Delete all sensitive documents related to the case.
James is concerned about preventing broadcast storms on his network. Which of the following solutions is not a useful method of preventing broadcast storms on his network?
Disable ARP on all accessible ports
Which of the following is not one of the four phases in COOP?
Documentation and reporting
What term is used to describe tools focused on detecting and responding to suspicious activities occurring on endpoints like desktops, laptops, and mobile devices? Correct!
EDR
Wanda is responsible for a series of seismic sensors placed at remote locations. These sensors have low-bandwidth connections and she would like to place computing power on the sensors to allow them to preprocess data before it is sent back to the cloud. What term best describes this approach?
Edge computing
Selah is following the Cyber Kill Chain model and has completed the delivery phase. What step is next according to the Kill Chain?
Exploitation
What are the two most commonly deployed biometric authentication solutions for mobile devices?
Face recognition and fingerprint recognition
Alex has been handed a flash media device that was quick-formatted and has been asked to recover the data. What data will remain on the drive?
Files will remain but file indexes will not.
Which of the following is not a common constraint of an embedded system?
Form factor
What law creates privacy obligations for those who handle the personal information of European Union residents?
GDPR
Michelle has deployed iPads to her staff who work her company's factory floor. She wants to ensure that the devices work only in the factory and that if they are taken home they cannot access business data or services. What type of solution is best suited to her needs?
Geofencing
Gurvinder identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away?
Geographic dispersal
Joe is authoring a document that explains to system administrators one way in which they might comply with the organization's requirement to encrypt all laptops. What type of document is Joe writing?
Guideline
Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers?
Hybrid cloud
What component of a virtualization platform is primarily responsible for preventing VM escape attacks?
Hypervisor
Which of the following statements about the security implications of IPv6 is not true?
IPv6's NAT implementation is insecure.
In which of the following cloud categories are customers typically charged based on the number of virtual server instances dedicated to their use?
IaaS and PaaS
What phase in the incident response process leverages indicators of compromise and log analysis as part of a review of events?
Identification
Frank's organization is preparing to deploy a data loss prevention (DLP) system. What key process should they undertake before they deploy it?
Implement and use a data classification scheme.
Madhuri wants to check a PNG-formatted photo for GPS coordinates. Where can she find that information if it exists in the photo?
In the photo's metadata
Charles needs to know about actions an individual performed on a PC. What is the best starting point to help him identify those actions?
Interview the individual.
Mark unplugs the network connection from a system that is part of an incident and places tape over its Ethernet jack with a sign that says "Do not reconnect without approval from IR team." How is this method best described?
Isolation
What technique is used to ensure that DNSSEC-protected DNS information is trustworthy?
It is digitally signed
What legal concept determines the law enforcement agency or agencies that will be involved in a case based on location?
Jurisdiction
Bonita has discovered that her organization is running a service on TCP port 636. What secure protocol is most likely in use?
LDAPS
Brenda's company provides a managed incident response service to its customers. What term best describes this type of service offering?
MSSP
Which team member acts as a primary conduit to senior management on an IR team?
Management
Colin would like to implement a security control in his accounting department that is specifically designed to detect cases of fraud that are able to occur despite the presence of other security controls. Which one of the following controls is best suited to meet Colin's need?
Mandatory vacations
Randy wants to prevent DHCP attacks on his network. What secure protocol should he implement to have the greatest impact?
None of the above
Chuck wants to provide route security for his organization, and he wants to secure the BGP traffic that his routers rely on for route information. What should Chuck do?
None of the above.
Scott send his backups to a company that keeps them in a secure vault. What type of backup solution has he implemented?
Offline
Bart knows that there are two common connection methods between Wi-Fi devices. Which of the following best describes ad hoc mode?
Point-to-point
Which one of the following documents must normally be approved by the CEO or similarly high-level executive?
Policy
Asa believes that her organization is taking data collected from customers for technical support and using it for marketing without their permission. What principle is most likely being violated?
Purpose limitation
Gabby wants to implement a mirrored drive solution. What RAID level does this describe?
RAID 1
Ben wants to implement a RAID array that combines both read and write performance while retaining data integrity if a drive fails. Cost is not a concern compared to speed and resilience. What RAID type should he use?
RAID 10
Which wireless technology is frequently used for door access cards?
RFID
Gene recently conducted an assessment and determined that his organization can be without its main transaction database for a maximum of two hours before unacceptable damage occurs to the business. What metric has Gene identified?
RTO
You notice a high number of SQL injection attacks against a web application run by your organization, so you install a web application firewall to block many of these attacks before they reach the server. How have you altered the severity of this risk?
Reduced the probability
Kathleen wants to discourage potential attackers from entering the facility she is responsible for. Which of the following is not a common control used for this type of preventive defense?
Robotic sentries
Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen's service?
SaaS
In what cloud security model does the cloud service provider bear the most responsibility for implementing security controls?
SaaS
Ian has been receiving hundreds of false positive alerts from his SIEM every night when scheduled jobs run across his datacenter. What should he adjust on his SIEM to reduce the false positive rate?
Sensitivity
Theresa has implemented a technology that keeps data for personal use separate from data for her company on mobile devices used by members of her staff. What is this concept called?
Storage segmentation
What protocol is used to securely wrap many otherwise insecure protocols?
TLS
Chris has turned on logon auditing for a Windows system. Which log will show them?
The Windows Security log
Why are Faraday cages deployed?
To prevent EMI
Which one of the following data protection techniques is reversible when conducted properly?
Tokenization
Which one of the following U.S. government classification levels requires the highest degree of security control?
Top Secret
Cynthia wants to make an exact copy of a drive using a Linux command-line tool. What command should she use?
dd
Naomi is preparing to migrate her organization to a cloud service and wants to ensure that she has the appropriate contractual language in place. Which of the following is not a common item she should include?
Right to forensic examination
Ursula would like to link the networks in her on-premises datacenter with cloud VPCs in a secure manner. What technology would help her best achieve this goal?
Transit gateway
Which of the following controls helps prevent insider threats? Correct!
Two-person control
Chris wants systems that connect to his network to report their boot processes to a server where they can be validated before being permitted to join the network. What technology should he use to do this on the workstations?
UEFI/Measured boot
Elaine wants to securely erase the contents of a tape used for backups in her organization's tape library. What is the fastest secure erase method available to her that will allow the tape to be reused?
Use a degausser.
Henry wants to check to see if services were installed by an attacker. What commonly gathered organizational data can he use to see if a new service appeared on systems?
Vulnerability scans
Frank is concerned about the admissibility of his forensic data. Which of the following is not an element he should be concerned about?
Whether the forensic information includes a timestamp
Greg wants to use a tool that can directly edit disks for forensic purposes. What commercial tool could he select from this list?
WinHex
Danielle wants to capture traffic from a network so that she can analyze a VoIP conversation. Which of the following tools will allow her to review the conversation most effectively?
Wireshark
The company that Theresa works for has deployed IoT sensors that have built-in cellular modems for communication back to a central server. What issue may occur if the devices can be accessed by attackers?
Attackers may steal the SIM cards from the devices and use them for their own purposes.
Which of the following is not a typical reason to use an IP addressing schema in an enterprise?
Avoiding use of other organizations' IP addresses
Which of the following is not typically part of a SoC?
Memory
Alaina wants to maintain chain of custody documentation and has created a form. Which of the following is not a common element on a chain of custody form?
Method of transport
Madhuri wants to implement a camera system but is concerned about the amount of storage space that the video recordings will require. What technology can help with this?
Motion detection
Brian has deployed a system that monitors sensors and uses that data to manage the power distribution for the power company that he works for. Which of the following terms is commonly used to describe this type of control and monitoring solution?
SCADA
Michael wants to acquire the firmware from a running device for analysis. What method is most likely to succeed?
Use forensic memory acquisition techniques.
Which of the following is not a typical security concern with MFPs?
Use of weak encryption
Charles wants to obtain a forensic copy of a running virtual machine. What technique should he use to capture the image?
Use the VM host to create a snapshot.
Naomi has discovered the following TCP ports open on a system she wants to harden. Which ports are used for unsecure services and thus should be disabled to allow their secure equivalents to continue to be used? 21 22 23 80 443
21, 23, and 80
Wayne is concerned that an on-path attack has been used against computers he is responsible for. What artifact is he most likely to find associated with this attack?
A browser plug-in
Amanda wants to securely destroy data held on DVDs. Which of the following options is not a suitable solution for this?
Degaussing
Gabby wants to capture the pagefile for a system. Where will she find the pagefile stored?
On disk
Isaac is performing a forensic analysis on two systems that were compromised in the same event in the same facility. As he performs his analysis, he notices that the event appears to have happened almost exactly one hour earlier on one system than the other. What is the most likely issue he has encountered?
One system is set to an incorrect time zone.
Fred wants to ensure that the administrative interfaces for the switches and routers are protected so that they cannot be accessed by attackers. Which of the following solutions should he recommend as part of his organization's network design?
Out-of-band management
Isabelle needs to select the EAP protocol that she will use with her wireless network. She wants to use a secure protocol that does not require client devices to have a certificate, but she does want to require mutual authentication. Which EAP protocol should she use?
PEAP
Sally is working to restore her organization's operations after a disaster took her datacenter offline. What critical document should she refer to as she restarts systems?
The restoration order documentation
Which one of the following is not an example of infrastructure as code?
Using a cloud provider's web interface to provision resources
Which of the following is a memory forensics toolkit that includes memdump?
Volatility
Jim configures a Windows machine with the built-in BitLocker full disk encryption tool. When is the machine least vulnerable to having data stolen from it?
When the machine is off
Melissa wants to capture network traffic for forensic purposes. What tool should she use to capture it?
Wireshark
Ben wants to observe malicious behavior targeted at multiple systems on a network. He sets up a variety of systems and instruments to allow him to capture copies of attack tools and to document all the attacks that are conducted. What has he set up?
A honeynet
Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed?
An allow list application
Tony purchases virtual machines from Microsoft Azure and uses them exclusively for use by his organization. What model of cloud computing is this?
Public cloud
Jen identified a missing patch on a Windows server that might allow an attacker to gain remote control of the system. After consulting with her manager, she applied the patch. From a risk management perspective, what has she done?
Removed the vulnerability
Which one of the following would not normally be found in an organization's information security policy?
Requirement to use AES-256 encryption
Please refer to the following scenario: Grace recently completed a risk assessment of her organization's exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk. Grace is considering dropping the customer activities that collect and store sensitive personal information. What risk management strategy would this approach use?
Risk avoidance
Please refer to the following scenario: Grace recently completed a risk assessment of her organization's exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk. Grace's first idea is to add a web application firewall to protect her organization against SQL injection attacks. What risk management strategy does this approach adopt?
Risk mitigation
Please refer to the following scenario: Grace recently completed a risk assessment of her organization's exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk. Grace's company decided to install the web application firewall and continue doing business. They are still worried about other risks to the information that were not addressed by the firewall and are considering purchasing an insurance policy to cover those risks. What strategy does this use?
Risk transference
Fran's organization uses a Type I hypervisor to implement an IaaS offering that it sells to customers. Which one of the following security controls is least applicable to this environment?
The provider must maintain security patches on the host operating system.
Ryan is selecting a new security control to meet his organization's objectives. He would like to use it in their multicloud environment and would like to minimize the administrative work required from his fellow technologists. What approach would best meet his needs?
Third-party control
Kevin discovered that his web server was being overwhelmed by traffic, causing a CPU bottleneck. Using the interface offered by his cloud service provider, he added another CPU to the server. What term best describes Kevin's action?
Vertical scaling
Alyssa wants to prevent a known Microsoft Word file from being downloaded and accessed on devices she is responsible for. What type of tool can she use to prevent this?
A deny list tool
Rick performs a backup that captures the changes since the last full backup. What type of backup has he performed?
A differential backup
Gwen is building her organization's documentation and processes and wants to create the plan for what the organization would if her datacenter burned down. What type of plan would typically cover that type of scenario?
A disaster recovery plan
Amanda wants to create view of her buildings that shows Wi-Fi signal strength and coverage. What is this type of view called?
A heatmap
Brian recently conducted a risk mitigation exercise and has determined the level of risk that remains after implementing a series of controls. What term best describes this risk?
Residual risk
Brian would like to limit the ability of users inside his organization to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal?
Resource policy
Madhuri disables SMS, MMS, and RCS on phones in her organization. What has she prevented from being sent?
Text messages and multimedia messages
Susan has discovered that an incident took place on her network almost six months ago. As she prepares to identify useful data for the incident, which common policy is most likely to cause her difficulties during her investigation?
Retention policies
Which one of the following would not commonly be available as an IaaS service offering?
CRM
Greg would like to find a reference document that describes how to map cloud security controls to different regulatory standards. What document would best assist with this task?
CSA CCM
Kira would like to implement a security control that can implement access restrictions across all of the SaaS solutions used by her organization. What control would best meet her needs?
CASB
Megan's organization uses the Diamond Model of Intrusion Analysis as part of their incident response process. A user in Megan's organization has discovered a compromised system. What core feature would help her determine how the compromise occurred?
Capability
Hitesh wants to keep a system online but limit the impact of the malware that was found on it while an investigation occurs. What method from the following list should he use? Correct!
Containment
Which one of the following statements is not true about compensating controls under PCI DSS?
Controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement.
Tina works for a hospital system and manages the system's patient records. What category of personal information best describes the information that is likely to be found in those records?
PHI
Gary wants to use secure protocols for email access for his end users. Which of the following groups of protocols should he implement to accomplish this task?
POPS, IMAPS, HTTPS
Laura wants to deploy a WPA2 secured wireless for her small business, but she doesn't have a RADIUS server set up. If she wants her Wi-Fi to be encrypted, what is her best option for wireless authentication?
PSK
What scripting environment is native to Windows systems?
PowerShell
The following figure shows the Security+ incident response cycle. What item is missing?
Preparation
What is the most frequent concern that leads to GPS tagging being disabled by some companies via an MDM tool?
Privacy
Please refer to the following scenario: Grace recently completed a risk assessment of her organization's exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk. Grace's company decided to install the web application firewall and continue doing business. They are still worried about other risks to the information that were not addressed by the firewall and are considering purchasing an insurance policy to cover those risks. In the end, Grace found that the insurance policy was too expensive and opted not to purchase it. She is taking no additional action. What risk management strategy is being used in this situation?
Risk acceptance
What is the primary concern with SFlow in a large, busy network?
SFlow samples only network traffic, meaning that some detail will be lost.
What tool is specifically designed to support incident responders by allowing unified, automated responses across an organization?
SOAR
Elle is implementing a VoIP telephony system and wants to use secure protocols. If she has already implemented SIPS, which other protocol is she most likely to use?
SRTP
Valerie wants to replace the telnet access that she found still in use in her organization. Which protocol should she use to replace it, and what port will it run on?
SSH, port 22
Nick wants to display the ARP cache for a Windows system. What command should he run to display the cache?
arp /a
Jim wants to view log entries that describe actions taken by applications on a CentOS Linux system. Which of the following tools can he use on the system to view those logs?
journalctl
Connor believes that there is an issue between his organization's network and a remote web server, and he wants to verify this by checking each hop along the route. Which tool should he use if he is testing from a Windows 10 system?
pathping
Michael wants to log directly to a database while also using TCP and TLS to protect his log information and to ensure it is received. What tool should he use?
syslog-ng
Charles wants to monitor changes to a log file via a command line in real time. Which of the following command-line Linux tools will let him see the last lines of a log file as they change?
tail
Bart needs to assess whether a three-way TCP handshake is occurring between a Linux server and a Windows workstation. He believes that the workstation is sending a SYN but is not sure what is occurring next. If he wants to monitor the traffic, and he knows that the Linux system does not provide a GUI, what tool should he use to view that traffic?
tcpdump