CompTIA Security+ Sy0-501 Practice Test 02

A server in your network's DMZ was recently attacked. The firewall logs show that the server was attacked from an external IP address with the following socket: 72.52.206.134:5678. You need to check the server to see if it still has an active connection. Which of the following tools should you use?

• Netstat

• Dig

• Tracert

• Arp 

Which type of device would have the following entries used to define its operation? permit IP any any eq 80 permit IP any any eq 443 deny IP any any

• Firewall

• Layer 2 switch

• Proxy server

• Web server

You want to implement the STRONGEST level of security on a wireless network. Which of the following supports this goal?

• Implementing WPA with TKIP

• Disabling SSID broadcast

• Enabling MAC filtering

• Implementing WPA2 with CCMP

Your organization is planning to implement a VPN. They want to ensure that after a VPN client connects to the VPN server, all traffic from the VPN client is encrypted. Which of the following would BEST meet this goal?

• Split tunnel

• Full tunnel

• IPsec using Tunnel mode

• IPsec using Transport mode

Attackers recently attacked a web server hosted by your organization. Management has tasked administrators with configuring the servers following the principle of least functionality. Which of the following will meet this goal?

• Disabling unnecessary services

• Installing and updating antivirus software

• Identifying the baseline

• Installing a NIDS

The Springfield Nuclear Power Plant has created an online application teaching nuclear physics. Only students and teachers in the Springfield Elementary school can access this application via the cloud. What type of cloud service model is this?

• IaaS

• PaaS

• SaaS

• Public

Your network includes dozens of servers. Administrators in your organization are having problems aggregating and correlating the logs from these servers. Which of the following provides the BEST solution for these problems?

• SIEM

• Nmap

• Network Mapper

• Network scanner

Lisa is setting up a secure web server. She needs the server's cryptography to support perfect forward secrecy. Of the following choices, which cipher suite should she ensure is used by the server?

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

• TLS_RSA_WITH_AES_128_CBC_SHA256

• TLS_DH_WITH AES_256_CBC_SHA256

• SSL_RSA_WITH_AES_128_CBC_SHA256

A security administrator recently noticed abnormal activity on a workstation. It is connecting to systems outside the organization’s internal network using uncommon ports. The administrator discovered the computer is also running several hidden processes. Which of the following choices BEST describes this activity?

• Rootkit

• Backdoor

• Spam

• Trojan

Attackers recently sent some malicious emails to the CFO within your organization. These emails have forged From blocks and look like they are coming from the CEO of the organization. They include a PDF file that is described as a funding document for an upcoming project. However, the PDF is infected with malware. Which of the following BEST describes the attack type in this scenario?

• Phishing

• Spam

• Trojan

• Whaling

An attacker has captured a database filled with hashes of randomly generated passwords. Which of the following attacks is MOST likely to crack the largest number of passwords in this database?

• Dictionary Attack

• Birthday Attack

• Brute Force Attack

• Rainbow Tables

Your organization recently purchased a new hardware-based firewall. Administrators need to install it as part of a DMZ within the network. Which of the following references will provide them with the MOST appropriate instructions to install the firewall?

• A regulatory framework

• A non-regulatory framework

• A general-purpose firewall guide

• A vendor-specific guide

Your organization includes an e-commerce web site used to sell digital products. You are tasked with evaluating all the elements used to support this web site. What are you performing?

• Quantitative Assessment

• Qualitative Assessment

• Threat Assessment

• Supply Chain Assessment

You are troubleshooting issues between two servers on your network and need to analyze the network traffic. Of the following choices, what is the BEST tool to capture and analyze this traffic?

• Network Mapper

• Protocol Analyzer

• Network Scanner

• SIEM

You suspect that an attacker has been sending specially crafted TCP packets to a server trying to exploit a vulnerability. You decide to capture TCP packets being sent to this server for later analysis and you want to use a command-line tool to do so. Which of the following tools will BEST meet your need?

• Wiredump

• Tcpdump

• Netcat

• Nmap

Thieves recently rammed a truck through the entrance of your company’s main building. During the chaos, their partners proceeded to steal a significant amount of IT equipment. Which of the following choices can you use to prevent this from happening again?

• Bollards

• Guards

• CCTV

• Mantrap

All of the disks within a redundant array of inexpensive disks (RAID) array are 400 GB in size. How much usable space for data is within a four-disk RAID-6? (Provide just the number of GB, but omit "GB". For example, if the answer is 100 GB, enter "100".)

Application developers are creating an application that requires users to log on with strong passwords. The developers want to store the passwords in such a way that it will thwart brute force attacks. Which of the following is the BEST solution?

• 3DES

• MD5

• PBKDF2

• Database fields

You recently learned that attackers exploited the POODLE vulnerability on one of your organization's web servers. What type of attack is this?

• Wireless

• Pinning

• Downgrade

• Spoofing

After learning that an employee had unauthorized material on his computer, management directed security personnel to confiscate his computer. Later, a security expert captured a forensic image of the system disk. However, he reported that the computer was left unattended for several hours before he captured the image. Which of the following is a potential issue if this incident goes to court?

• Chain of Custody

• Order of Volatility

• Time Offset

• Screenshot

A web site is using a certificate. Users have recently been receiving errors from the web site indicating that the web site’s certificate is revoked. Which of the following includes a list of certificates that have been revoked?

• CRL

• CA

• OCSP

• CSR

After a recent security audit, management has decided to upgrade the security policy. Among other items, they want to identify a policy that will reduce the risk of personnel within an organization colluding to embezzle company funds. Which of the following is the BEST choice to meet this need?

• AUP

• Training

• Mandatory Vacations

• Background Check

Administrators frequently create VMs for testing. They sometimes leave these running without using them again after they complete their tests. Which of the following does this describe?

• VM escape

• VDI snapshot

• VM sprawl

• Type II hypervisor

Developers in your organization have created an application designed for the sales team. Salespeople can log on to the application using a simple password of 1234. However, this password does not meet the organization’s password policy. Which of the following is the BEST response by the security administrator after learning about this?

• Nothing. Strong passwords aren’t required in applications.

• Modify the security policy to accept this password.

• Document this as an exception in the application’s documentation.

• Direct the application team manager to ensure the application adheres to the organization’s password policy.

Your organization recently updated an online application that employees use to log on when working from home. Employees enter their username and password into the application from their smartphone and the application logs their location using GPS. Which type of authentication is being used?

• One-factor

• Dual-factor

• Something you are

• Somewhere you are

Lisa is a training instructor and she maintains a training lab with 18 computers. She has enough rights and permissions on these machines so that she can configure them as needed for classes. However, she does not have the rights to add them to the organization’s domain. Which of the following choices BEST describes this example?

• Least privilege

• Need to know

• Group-based privileges

• Location-based policies

A company recently hired you as a security administrator. You notice that some former accounts used by temporary employees are currently enabled. Which of the following choices is the BEST response?

• Disable all the temporary accounts.

• Disable the temporary accounts you’ve noticed are enabled.

• Craft a script to identify inactive accounts based on the last time they logged on.

• Set account expiration dates for all accounts when creating them.

Developers recently configured a new service on ServerA. ServerA is in a DMZ and accessed by internal users and via the Internet. Network administrators modified firewall rules to access the service. Testing shows the service works when accessed from internal systems. However, it does not work when accessed from the Internet. Which of the following is MOST likely configured incorrectly?

• The new service

• An ACL

• ServerA

• The VLAN

You need to implement antispoofing on a border router. Which one of the following choices will BEST meet this goal?

• Create rules to block all outgoing traffic from a private IP address.

• Implement a flood guard on switches.

• Add a web application firewall.

• Create rules to block all incoming traffic from a private IP address.

You are preparing to deploy a heuristic-based detection system to monitor network activity. Which of the following would you create first?

• Flood guards

• Signatures

• Baseline

• Honeypot

Attackers have recently launched several attacks against servers in your organization’s DMZ. You are tasked with identifying a solution that will have the best chance at preventing these attacks in the future. Which of the following is the BEST choice?

• An out-of-band IPS

• An in-band IPS

• A passive IDS

• An out-of-band IDS

Lisa oversees and monitors processes at a water treatment plant using SCADA systems. Administrators recently discovered malware on her system that was connecting to the SCADA systems. Although they removed the malware, management is still concerned. Lisa needs to continue using her system and it’s not possible to update the SCADA systems. Which of the following can mitigate this risk?

• Install HIPS on the SCADA systems.

• Install a firewall on the border of the SCADA network.

• Install a NIPS on the border of the SCADA network.

• Install a honeypot on the SCADA network.

Mobile users in your network report that they frequently lose connectivity with the wireless network on some days, but on other days they don’t have any problems. You suspect this is due to an attack. Which of the following attacks is MOST likely causing this problem?

• Wireless jamming

• IV

• Replay

• Bluesnarfing

Your organization recently implemented a BYOD policy. However, management wants to ensure that mobile devices meet minimum standards for security before they can access any network resources. Which of the following agents would the NAC MOST likely have?

• Permanent

• Health

• RADIUS

• Dissolvable

A coffee shop recently stopped broadcasting the SSID for their wireless network. Instead, paying customers can view it on their receipt and use it to connect to the coffee shop's wireless network. Today, Lisa turned on her laptop computer and saw the SSID. Which of the following is the MOST likely reason why?

• Rouge AP

• Bluejacking

• Evil Attacker

• Jamming 

Network administrators have identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer. You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of applications from the master image, you verify this application is very likely the problem. What allowed you to make this determination?

• Least functionality

• Sandbox

• Blacklist

• Integrity measurements

Your organization wants to ensure that employees do not install any unauthorized software on their computers. Which of the following is the BEST choice to prevent this?

• Master image

• Application whitelisting

• Anti-malware software

• Antivirus software

A new mobile device security policy has authorized the use of employee-owned devices, but mandates additional security controls to protect them if they are lost or stolen. Which of the following meets this goal?

• Screen locks and GPS tagging

• Patch management and change management

• Screen locks and device encryption

• Full device encryption and IaaS

Management within your company wants to restrict access to the Bizz app from mobile devices. If users are within the company’s property, they should be granted access. If they are not within the company’s property, their access should be blocked. Which of the following answers provides the BEST solution to meet this goal?

• Geofencing

• Geolocation

• GPS tagging

• Containerization

Lisa does not have access to the project.doc file, but she needs access to this file for her job. Homer is the system administrator and he has identified the following permissions for the file: rwx rw- --- What should Homer use to grant Lisa read access to the file?

• The chmod command

• A remote wipe

• Push notification

• The chroot command

Management within your organization wants to prevent users from copying documents to USB flash drives. Which of the following can be used to meet this goal?

• DLP

• HSM

• COPE

• SED

You recently learned that attackers exploited the POODLE vulnerability on one of your organization's web servers. What type of attack is this?

• Downgrade

• Wireless

• Pinning

• Spoofing 

The Marvin Monroe Memorial Hospital recently suffered a serious attack. The attackers notified management personnel that they encrypted a significant amount of data on the hospital’s servers and it would remain encrypted until the management paid a hefty sum to the attackers. Which of the following identifies the MOST likely threat actor in this attack?

• Organized crime

• Ransomware

• Competitors

• Hacktivist

Lisa is a database administrator and received a phone call from someone identifying himself as a technician working with a known hardware vendor. The technician said he’s aware of a problem with database servers they’ve sold, but it only affects certain operating system versions. He asks Lisa what operating system the company is running on their database servers. Which of the following choices is the BEST response from Lisa?

• Let the caller know what operating system and versions are running on the database servers to determine if any further action is needed.

• Thank the caller and end the call, report the call to her supervisor, and independently check the vendor for issues.

• Ask the caller for his phone number so that she can call him back after checking the servers.

• Contact law enforcement personnel.

Your organization recently suffered a loss from malware that wasn’t previously known by any trusted sources. Which of the following BEST describes this attack?

• Phishing

• Zero-day

• Open-source intelligence

• Hoax

Attackers have launched an attack using multiple systems against a single target. Which type of attack is this?

• DoS

• DDoS

• SYN Flood

• Buffer Overflow

Management at your organization is planning to hire a development firm to create a sophisticated web application. One of their primary goals is to ensure that personnel involved with the project frequently collaborate with each other throughout the project. Which of the following is an appropriate model for this project?

• Waterfall

• SDLC

• Agile

• Secure DevOps

Homer recently received an email thanking him for a purchase that he did not make. He asked an administrator about it and the administrator noticed a pop-up window, which included the following code: <body =”document.getElementByID(‘myform’).submit()”>     <form id=”myForm” action=”gcgapremium.com/purchase.php”     method=”post”   <input name=”Buy Now” value=”Buy Now” />      </form> </body> Which of the following is the MOST likely explanation?

• XSRF

• Buffer overflow

• SQL injection

• Dead code