CompTIA Security+ Sy0-501 Practice Test 02

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Paul

Paul

Community Contributor

Quizzes Created: 3 | Total Attempts: 759

Questions: 201 | Attempts: 152 | Updated: Mar 21, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Questions and Answers

1.

You need to transmit PII via email and you want to maintain its confidentiality. Which of the following choices is the BEST solution?
- A.
  
  Use hashes.
- B.
  
  Encrypt it before sending.
- C.
  
  Protect it with a digital signature.
- D.
  
  Use RAID.
Correct Answer
B. Encrypt it before sending.

Explanation
You can maintain confidentiality of any data, including Personally Identifiable Information (PII) with encryption. Hashes provide integrity, not confidentiality. A digital signature provides authentication, nonrepudiation, and integrity. A redundant array of inexpensive disks (RAID) provides higher availability for a disk subsystem.

Rate this question:
2.

Apu manages network devices in his store and maintains copies of the configuration files for all the managed routers and switches. On a weekly basis, he creates hashes for these files and compares them with hashes he created on the same files the previous week. Which of the following use cases is the MOST likely using?
- A.
  
  Supporting confidentiality
- B.
  
  Supporting integrity
- C.
  
  Supporting encryption
- D.
  
  Supporting availability
Correct Answer
B. Supporting integrity

Explanation
He is most likely using a use case of supporting integrity. By verifying that the hashes are the same on the configuration files, he is verifying that the files have not changed. Confidentiality is enforced with encryption, access controls, and steganography. Encryption is a method of enforcing confidentiality and it doesn’t use hashes. Availability ensures systems are up and operational when needed.

Rate this question:
3.

Louie hid several plaintext documents within an image file. He then sent the image file to Tony. Which of the following BEST describes the purpose of his actions?
- A.
  
  To support steganography
- B.
  
  To support integrity
- C.
  
  To support availability
- D.
  
  To support obfuscation
Correct Answer
D. To support obfuscation

Explanation
Hiding data within data is one way to support a use case of supporting obfuscation. In this scenario, Louie is using steganography to hide the files within the image, but that is the method, not the purpose. Hashing methods and digital signatures support integrity. Redundancy and fault-tolerance methods increase availability.

Rate this question:
4.

Management has mandated the use of digital signatures by all personnel within your organization. Which of the following use cases does this primarily support?
- A.
  
  Supporting confidentiality
- B.
  
  Supporting availability
- C.
  
  Supporting obfuscation
- D.
  
  Supporting non-repudiation
Correct Answer
D. Supporting non-repudiation

Explanation
Digital signatures will support a use case of supporting nonrepudiation. Digital signatures don’t encrypt data, so they do not support a use case of supporting confidentiality. Redundancy and fault-tolerance solutions will increase availability. Steganography is one way of supporting obfuscation.

Rate this question:
5.

As the CTO, Marge is implementing a security program. She has included security controls to address confidentiality and availability. Of the following choices, what else should she include?
- A.
  
  Ensure critical systems provide uninterrupted service.
- B.
  
  Protect data-in-transit from unauthorized disclosure.
- C.
  
  Ensure systems are not susceptible to unauthorized changes.
- D.
  
  Secure data to prevent unauthorized disclosure.
Correct Answer
C. Ensure systems are not susceptible to unauthorized changes.

Explanation
The chief technology officer (CTO) should ensure systems are not susceptible to unauthorized changes, which is an element of integrity. A security program should address the three core security principles of confidentiality, integrity, and availability (CIA). The system in the example is already addressing confidentiality and availability. Ensuring critical systems provide uninterrupted service addresses availability. Protecting data and securing data to prevent unauthorized disclosure addresses confidentiality.

Rate this question:
6.

Your organization wants to reduce the amount of money it is losing due to thefts. Which of the following is the BEST example of an equipment theft deterrent?
- A.
  
  Snapshots
- B.
  
  Cable locks
- C.
  
  Strong passwords
- D.
  
  Persistent VDI
Correct Answer
B. Cable locks

Explanation
Cable locks are effective equipment theft deterrents for laptops and other systems. Snapshots refer to digital snapshots that capture the state of a virtual machine at a moment in time. Passwords prevent unauthorized access to systems but don’t provide physical security. A virtual desktop infrastructure (VDI) allows users to access a desktop on a remote server. A persistent VDI saves the user changes on the desktop, but it does not deter thefts.

Rate this question:
7.

Your organization is considering virtualization solutions. Management wants to ensure that any solution provides the best ROI. Which of the following situations indicates that virtualization would provide the best ROI?
- A.
  
  Most physical servers within the organization are currently utilized at close to 100 percent.
- B.
  
  The organization has many servers that do not require failover services.
- C.
  
  Most desktop PCs require fast processors and a high amount of memory.
- D.
  
  Most physical servers within the organization are currently underutilized.
Correct Answer
D. Most physical servers within the organization are currently underutilized.

Explanation
If most physical servers within the organization are currently underutilized, virtualization will provide a high return on investment (ROI). If the servers are currently utilized close to 100 percent, new servers will need to be purchased to virtualize them. It is possible to implement failover services on virtualized servers so there is little cost difference between physical and virtualized servers. The amount of processing power or memory requirements isn’t relevant unless you know how much systems are currently utilizing.

Rate this question:
8.

You are preparing to deploy a new application on a virtual server. The virtual server hosts another server application that employees routinely access. Which of the following is the BEST method to use when deploying the new application?
- A.
  
  Take a snapshot of the VM before deploying the new application.
- B.
  
  Take a snapshot of the VM after deploying the new application.
- C.
  
  Ensure the server is configured for non-persistence.
- D.
  
  Back up the server after installing the new application.
Correct Answer
A. Take a snapshot of the VM before deploying the new application.

Explanation
Taking a snapshot of the virtual machine (VM) before deploying it ensures that the VM can be reverted to the original configuration if the new application causes problems. Taking a snapshot after the installation doesn’t allow you to revert the image. Non-persistence is used in a virtual desktop infrastructure (VDI), where user changes to the desktop are not changed. It isn’t appropriate to use non-persistence on a virtual server. Backing up the server might be appropriate before installing the new application but not after.

Rate this question:
9.

Ned is not able to access any network resources from his Linux-based computer. Which of the following commands would he use to view the network configuration of his system?
- A.
  
  Ifconfig
- B.
  
  Ipconfig
- C.
  
  Netstat
- D.
  
  Tracert
Correct Answer
A. Ifconfig

Explanation
The ifconfig command displays network settings on a Linux computer. This includes the IP address, subnet mask, and default gateway assigned to the network interface card (NIC). The ipconfig command performs similar checks on Windows computers, but not on Linux systems. Netstat shows network statistics and active connections but not the network settings. The tracert command traces the route of data and can help determine which network devices are failing.

Rate this question:
10.

Administrators frequently create VMs for testing. They sometimes leave these running without using them again after they complete their tests. Which of the following does this describe?
- A.
  
  VM escape
- B.
  
  VDI snapshot
- C.
  
  VM sprawl
- D.
  
  Type II hypervisor
Correct Answer
C. VM sprawl

Explanation
VM sprawl occurs when an organization has many VMs that aren’t managed properly. Unmonitored VMs typically won’t get updated and can be vulnerable to attacks. VM escape is an attack that allows an attacker to access the host system from within the virtual system. A virtual desktop infrastructure (VDI) provides users with virtual desktops hosted on a server. A VDI snapshot is commonly used to provide users with the same non-persistent desktop that doesn’t save changes. The VMs might be Type II hypervisors (running as software within a host operating system), but that isn’t relevant to leaving them running and unmonitored.

Rate this question:
11.

Users within your organization access virtual desktops hosted on remote servers. This describes which of the following?
- A.
  
  VDE
- B.
  
  Snapshots for non-persistence
- C.
  
  Type I hypervisors
- D.
  
  VM sprawl
Correct Answer
A. VDE

Explanation
In a virtual desktop environment (VDE), users access virtual desktops hosted on remote servers. VDE desktops can use snapshots for non-persistence, but it is also possible to allow users to have persistent unique desktops in a VDE. Type I hypervisors (bare-metal hypervisors) run directly on the system without an operating system and are not used for a VDE. VM sprawl describes a problem of many unmanaged VMs, but the scenario doesn’t mention that the virtual desktops are not managed.

Rate this question:
12.

Your organization has implemented a VDI for most users. When a user logs off, the desktop reverts to its original state without saving any changes made by the user. Which of the following BEST describes this behavior?
- A.
  
  Container virtualization
- B.
  
  VM escape
- C.
  
  Non-persistence
- D.
  
  Elasticity
Correct Answer
C. Non-persistence

Explanation
Non-persistence in a virtual desktop infrastructure (VDI) indicates that the desktop is the same for most (or all) users and when the user logs off, the desktop reverts to a known state or rolls back to a known configuration. With container virtualization, application cells run isolated services or applications within the host, using the host’s kernel. A virtual machine (VM) escape is an attack where the attacker accesses the host system from within the VM. Elasticity refers to the ability to resize a VM in response to increased or decreased load.

Rate this question:
13.

Which type of virtualization allows a computer’s operating system kernel to run multiple isolated instances of a guest virtual machine, with each guest sharing the kernel?
- A.
  
  Container virtualization
- B.
  
  Type I hypervisor virtualization
- C.
  
  Type II hypervisor virtualization
- D.
  
  VDE
Correct Answer
A. Container virtualization

Explanation
Container-based virtualization (also called application cell virtualization) uses the same operating system kernel of the host computer. It is often used to run isolated applications or services within a virtual environment. Type I hypervisor virtualization runs directly on the system hardware. Type II hypervisor virtualization runs VMs that all include their own operating system, including their own kernel. A virtual desktop environment (VDE) provides a full desktop operating system to users.

Rate this question:
14.

You are considering rebooting a database server and want to identify if it has any active network connections. Which of the following commands will list active network connections?
- A.
  
  Arp
- B.
  
  Ipconfig
- C.
  
  Ping
- D.
  
  Netstat
Correct Answer
D. Netstat

Explanation
The netstat command displays active connections on a system. Arp displays information related to media access control (MAC) addresses. Ipconfig displays TCP/IP configuration information for wired and wireless network interface cards. Ping checks connectivity with remote systems.

Rate this question:
15.

You have configured a firewall in your network to block ICMP traffic. You want to verify that it is blocking this traffic. Which of the following commands would you use?
- A.
  
  Arp
- B.
  
  Ipconfig
- C.
  
  Netstat
- D.
  
  Ping
Correct Answer
D. Ping

Explanation
The ping command sends Internet Control Message Protocol (ICMP) echo requests and checks for ICMP echo replies. Arp resolves IP addresses to media access control (MAC) addresses and does not use echo commands. Ipconfig checks the configuration of a NIC. Netstat shows active connections and network statistics.

Rate this question:
16.

Developers in your organization have created an application designed for the sales team. Salespeople can log on to the application using a simple password of 1234. However, this password does not meet the organization’s password policy. Which of the following is the BEST response by the security administrator after learning about this?
- A.
  
  Nothing. Strong passwords aren’t required in applications.
- B.
  
  Modify the security policy to accept this password.
- C.
  
  Document this as an exception in the application’s documentation.
- D.
  
  Direct the application team manager to ensure the application adheres to the organization’s password policy.
Correct Answer
D. Direct the application team manager to ensure the application adheres to the organization’s password policy.

Explanation
The application should be recoded to adhere to the company’s password policy, so the best response is to direct the application team manager to do so. Application passwords should be strong and should adhere to an organization’s security policy. It is not appropriate to weaken a security policy to match a weakness in an application. Nor is it appropriate to simply document that the application uses a weak password.

Rate this question:
17.

Ned is reviewing password security for employees of The Leftorium. The password policy has the following settings: • The password maximum age is 30 days. • The password minimum length is 14 characters. • Passwords cannot be reused until five other passwords have been used. • Passwords must include at least one of each of the following four character types: uppercase letters, lowercase letters, numbers, and special characters. Ned discovers that despite having this password policy in place, users are still using the same password that they were using more than a month ago. Which of the following actions will resolve this issue?
- A.
  
  Create a rule in the password policy for the password minimum age to be 7 days.
- B.
  
  Change the password history to 10.
- C.
  
  Require the use of complex passwords.
- D.
  
  Change the maximum age setting to 60 days.
Correct Answer
A. Create a rule in the password policy for the password minimum age to be 7 days.

Explanation
The best solution is to create a rule in the password policy for the password minimum age. Currently, users can change their passwords five more times in just a couple of minutes, changing it back to their original password on the sixth change. None of the other settings prevent the users from doing this. A password history of 10 forces the users to take a couple more minutes to get back to the original password. The password policy currently requires complex passwords. A maximum age of 60 days increases how long a user can keep the same password.

Rate this question:
18.

Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?
- A.
  
  HOTP
- B.
  
  TOTP
- C.
  
  CAC
- D.
  
  Kerberos
Correct Answer
B. TOTP

Explanation
A Time-based One-Time Password (TOTP) meets this requirement. Passwords created with TOTP expire after 30 seconds. An HMAC-based One-Time Password (HOTP) creates passwords that do not expire. A Common Access Card (CAC) is a type of smart card, but it does not create passwords. Kerberos uses tickets instead of passwords.

Rate this question:
19.

Your organization has decided to implement a biometric solution for authentication. One of the goals is to ensure that the biometric system is highly accurate. Which of the following provides the BEST indication of accuracy with the biometric system?
- A.
  
  The lowest possible FRR
- B.
  
  The highest possible FAR
- C.
  
  The lowest possible CER
- D.
  
  The highest possible CER
Correct Answer
C. The lowest possible CER

Explanation
A lower crossover error rate (CER) indicates a more accurate biometric system. The false acceptance rate (FA R ) and the false rejection rate (FRR) vary based on the sensitivity of the biometric system and don’t indicate accuracy by themselves. A higher CER indicates a less accurate biometric system.

Rate this question:
20.

Your organization recently updated an online application that employees use to log on when working from home. Employees enter their username and password into the application from their smartphone and the application logs their location using GPS. Which type of authentication is being used?
- A.
  
  One-factor
- B.
  
  Dual-factor
- C.
  
  Something you are
- D.
  
  Somewhere you are
Correct Answer
A. One-factor

Explanation
This is using one-factor authentication—something you know. The application uses the username for identification and the password for authentication. Note that even though the application is logging the location using Global Positioning System (GPS), there isn’t any indication that it is using this information for authentication. Dual-factor authentication requires another factor of authentication. If the application verified you were logging on from a specific GPS location as part of the authentication, it would be dual-factor authentication (something you know and somewhere you are). Something you are refers to biometric authentication methods. The somewhere you are authentication method verifies you are somewhere, such as in a specific GPS location, but this isn’t being used for authentication in this scenario.

Rate this question:
21.

A network includes a ticket-granting ticket server used for authentication. Which authentication service does this network use?
- A.
  
  Shibboleth
- B.
  
  SAML
- C.
  
  LDAP
- D.
  
  Kerberos
Correct Answer
D. Kerberos

Explanation
Kerberos uses a ticket-granting ticket (TGT) server, which creates tickets for authentication. Shibboleth is a federated identity solution used in some single sign-on (SSO) solutions. Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML) used for some SSO solutions. Lightweight Directory Access Protocol (LDAP) is an X.500- based authentication service used to identify objects.

Rate this question:
22.

Lisa is a training instructor and she maintains a training lab with 18 computers. She has enough rights and permissions on these machines so that she can configure them as needed for classes. However, she does not have the rights to add them to the organization’s domain. Which of the following choices BEST describes this example?
- A.
  
  Least privilege
- B.
  
  Need to know
- C.
  
  Group-based privileges
- D.
  
  Location-based policies
Correct Answer
A. Least privilege

Explanation
When following the principle of least privilege, individuals have only enough rights and permissions to perform their job, and this is exactly what is described in this scenario. Need to know typically refers to data and information rather than the privileges required to perform an action, such as adding computers to a domain. Group-based privileges refer to giving permissions to groups, and then adding the users to the groups to give them appropriate privileges. A location-based policy allows or blocks access based on location, but the scenario doesn’t indicate the location is being checked.

Rate this question:

1
0
23.

Marge is reviewing an organization’s account management processes. She wants to ensure that security log entries accurately report the identity of personnel taking specific actions. Which of the following steps would BEST meet this requirement?
- A.
  
  Update ACLs for all files and folders.
- B.
  
  Implement role-based privileges.
- C.
  
  Use an SSO solution.
- D.
  
  Remove all shared accounts.
Correct Answer
D. Remove all shared accounts.

Explanation
Removing all shared accounts is the best answer of the available choices. If two employees are using the same account, and one employee maliciously deletes data in a database, it isn’t possible to identify which employee deleted the data. File and folder access control lists (ACLs) identify permissions for users, but don’t control the user identity. Role-based (or group-based) privileges assign the same permissions to all members of a group, which simplifies administration. A single sign-on (SSO) solution allows a user to log on once and access multiple resources.

Rate this question:
24.

A recent security audit discovered several apparently dormant user accounts. Although users could log on to the accounts, no one had logged on to them for more than 60 days. You later discovered that these accounts are for contractors who work approximately one week every quarter. Which of the following is the BEST response to this situation?
- A.
  
  Remove the account expiration from the accounts.
- B.
  
  Delete the accounts.
- C.
  
  Reset the accounts.
- D.
  
  Disable the accounts.
Correct Answer
D. Disable the accounts.

Explanation
The best response is to disable the accounts and then enable them when needed by the contractors. Ideally, the accounts would include an expiration date so that they would automatically expire when no longer needed, but the scenario doesn’t indicate the accounts have an expiration date. Because the contractors need to access the accounts periodically, it’s better to disable them rather than delete them. Reset the accounts implies you are changing the password, but this isn’t needed.

Rate this question:
25.

Members of a project team chose to meet at a local library to complete some work on a key project. All of them are authorized to work from home using a VPN connection and have connected from home successfully. However, they found that they were unable to connect to the network using the VPN from the library and they could not access any of the project data. Which of the following choices is the MOST likely reason why they can’t access this data?
- A.
  
  Role-based access control
- B.
  
  Time-of-day access control
- C.
  
  Location-based policy
- D.
  
  Discretionary access control
Correct Answer
C. Location-based policy

Explanation
A location-based policy restricts access based on location, such as with an IP address, and this is the best possible answer of those given. The scenario indicates they could use the virtual private network (VPN) connection from home, but it was blocked when they tried to access it from the library. A time-of-day access control restricts access based on the time of day, but the scenario doesn’t indicate the time. Neither a discretionary access control model nor a role-based access control model restricts access based on location.

Rate this question:
26.

You need to create an account for a contractor who will be working at your company for 60 days. Which of the following is the BEST security step to take when creating this account?
- A.
  
  Configure history on the account.
- B.
  
  Configure a password expiration date on the account.
- C.
  
  Configure an expiration date on the account.
- D.
  
  Configure complexity.
Correct Answer
C. Configure an expiration date on the account.

Explanation
When creating temporary accounts, i t ’s best to configure expiration dates so that the system will automatically disable the accounts on the specified date. History, password expiration, and complexity all refer to password policy settings. However, it’s rare to configure a specific password policy on a single account.

Rate this question:
27.

A company recently hired you as a security administrator. You notice that some former accounts used by temporary employees are currently enabled. Which of the following choices is the BEST response?
- A.
  
  Disable all the temporary accounts.
- B.
  
  Disable the temporary accounts you’ve noticed are enabled.
- C.
  
  Craft a script to identify inactive accounts based on the last time they logged on.
- D.
  
  Set account expiration dates for all accounts when creating them.
Correct Answer
C. Craft a script to identify inactive accounts based on the last time they logged on.

Explanation
Running a last logon script allows you to identify inactive accounts, such as accounts that haven’t been logged on to in the last 30 days. It’s appropriate to disable unused accounts, but it isn’t necessarily appropriate to disable all temporary accounts, because some might still be in use. If you disable the accounts you notice, you might disable accounts that some employees are still using, and you might miss some accounts that should be disabled. Setting expiration dates for newly created accounts is a good step, but it doesn’t address previously created accounts.

Rate this question:

1
0
28.

Developers are planning to develop an application using role-based access control. Which of the following would they MOST likely include in their planning?
- A.
  
  A listing of labels reflecting classification levels
- B.
  
  A requirements list identifying need to know
- C.
  
  A listing of owners
- D.
  
  A matrix of functions matched with their required privileges
Correct Answer
D. A matrix of functions matched with their required privileges

Explanation
A matrix of functions, roles, or job titles matched with the required access privileges for each of the functions, roles, or job titles is a common planning document for a role- based access control (role-BAC) model. The mandatory access control (MAC) model uses sensitivity labels and classification levels. MAC is effective at restricting access based on a need to know. The discretionary access control (DAC) model specifies that every object has an owner and it might identify owners in a list.

Rate this question:
29.

A security administrator needs to implement an access control system that will protect data based on the following matrix. (Note that this matrix only represents a subset of the overall requirements.) Which of the following models is the administrator implementing?
- A.
  
  DAC
- B.
  
  MAC
- C.
  
  Role-BAC
- D.
  
  ABAC
Correct Answer
B. MAC

Explanation
This is a mandatory access control (MAC) model. You can tell because it is using security labels. None of the other models listed use labels. A discretionary access control (DAC) model has an owner, and the owner establishes access for the objects. A role-based access control (role-BAC) model uses roles or groups to assign rights and permissions. An attribute-based access control (ABAC) model uses attributes assigned to subjects and objects within a policy to grant access.

Rate this question:
30.

Your organization is implementing an SDN. Management wants to use an access control model that controls access based on attributes. Which of the following is the BEST solution?
- A.
  
  DAC
- B.
  
  MAC
- C.
  
  Role-BAC
- D.
  
  ABAC
Correct Answer
D. ABAC

Explanation
A software defined network (SDN) typically uses an attributebased access control (ABAC) model, which is based on attributes that identify subjects and objects within a policy. A discretionary access control (DAC) model has an owner, and the owner establishes access for the objects. A mandatory access control (MAC) model uses labels assigned to subjects and objects. A role-based access control (role-BAC) model uses roles or groups to assign rights and permissions.

Rate this question:
31.

Your organization’s security policy requires that PII data-in-transit must be encrypted. Which of the following protocols would BEST meet this requirement?
- A.
  
  FTP
- B.
  
  SSH
- C.
  
  SMTP
- D.
  
  HTTP
Correct Answer
B. SSH

Explanation
You can use Secure Shell (SSH) to encrypt Personally Identifiable Information (PII) data when transmitting it over the network (data-intransit). Secure File Transfer Protocol (SFTP) uses SSH to encrypt File Transfer Protocol (FTP) traffic. FTP, Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP) transmit data in cleartext unless they are combined with an encryption protocol.

Rate this question:
32.

A server in your network's DMZ was recently attacked. The firewall logs show that the server was attacked from an external IP address with the following socket: 72.52.206.134:5678. You need to check the server to see if it still has an active connection. Which of the following tools should you use?
- A.
  
  Netstat
- B.
  
  Dig
- C.
  
  Tracert
- D.
  
  Arp
Correct Answer
A. Netstat

Explanation
The netstat command can be used to display a list of open connections, including both the IP address and the port. A socket is an established connection with both an IP address and port, such as an IP address of 72.52.206.134 and a port of 5678, displayed as 72.52.206.134:5678. None of the other commands display active connections. The tracert command lists the routers between two systems. The arp command shows the contents of the Address Resolution Protocol (ARP) cache. The dig command can be used on Linux systems to query Domain Name System (DNS) servers.

Rate this question:
33.

You suspect that a computer in your network is connecting to a remote computer without any user interaction. You want to verify this and identify the remote computer. Additionally, you want to identify how this connection is being initiated. Which of the following will BEST meet this need?
- A.
  
  Tracert
- B.
  
  Netstat
- C.
  
  Netcat
- D.
  
  Tcpdump
- E.
  
  Nmap
Correct Answer
B. Netstat

Explanation
The netstat -nab command can show connections (with the -a switch), addresses and ports of these connections (with the -n switch) to identify the remote computer, and the executable that created the connection (with the -b switch).

Tcpdump is a command-line packet analyzer user to capture packets. While it will show the IP address of the connection if it occurs duing the packet capture, it won't show how the connection is being initiated.

The tracert command will list the routers between two systems, but it wont identify the remote computer unless you already know the remote computer's IP address.

Nmap is a network scanner. While it can detect hosts, it doesn't track connections.

Ncat is a command-line tool used to connect to remote systems and often used in banner grabbing.

Rate this question:
34.

Your organization hosts an ecommerce website. Lisa analyzed the computer utilization of this website and noted that usage spikes at different times of the year. She wants to implement a cost-effective solution to handle the variable capacity demand. Which of the following strategies is she pursuing?
- A.
  
  Resiliency
- B.
  
  Scalability
- C.
  
  Elasticity
- D.
  
  Persistence
- E.
  
  Redundancy
Correct Answer
C. Elasticity

Explanation
She is pursuing an elasticity strategy. Elasticity refers to the ability of a system to resize computing capacity based on the load. This includes both expanding the computing ability to handle increased loads and reducing the computing ability when the load is reduced. Because elasticity strategies increase or decrease computing abilities based on loads, they reduce overall costs and are cost-effective.

Resiliency strategies help deploy systems securely and keep them in a secure state.

Scalability refers to the ability of a system to scale up to handle an increased load, but it doesn't refer to reducing the computing ability when the load decreases.

Persistence refers virtual desktops and is unrelated to this question. In a persistent virtual desktop, each user has a custom desktop image. Non-persistent virtual desktops serve the same desktop for all users.

Redundancy adds duplication to critical system components and networks and provides fault tolerance.

Rate this question:
35.

Lisa is an administrator of a secure server and she is in the WebAdmins group. The WebAdmins group has the following permissions on a file named ChangeLog. - rWX rW- r- However, Lisa is unable to make changes to this file. Of the following, what is the MOST likely reason why Lisa cannot make changes to this file?
- A.
  
  The chmod command must be used to change the permissions on the file.
- B.
  
  The secure server is using SELinux and it is set to permissive mode.
- C.
  
  The secure server is using SELinux and it has been disabled.
- D.
  
  The user does not have adequate permissions to modify the file.
- E.
  
  The secure server is using SELinux and it is set to enforcing mode.
Correct Answer
E. The secure server is using SELinux and it is set to enforcing mode.

Explanation
The most likely reason of the given choices is that the secure server is using Security-Enhanced Linux (SELinux) and it is set to enforcing mode. If SELinux is in enforcing mode, it enforces the SELinux policy. In this scenario, it could prevent the changes even though the permissions clearly show that the user has adequate permissions to make changes to the file.

If SELinux is in permissive mode, it does not enforce the SELinux policy so the change in the scenario would not be blocked. However, the SELinux system logs what would have been blocked.

If SELinux has been disabled, it would not apply any SELinux policy.

The user has adequate permissions. Note that the leading dash (-) indicates the permissions are for a file. The rwx permission indicates that the group owner (Web Admins) has read, write, and execute permissions on the file, which is more than enough to modify the file.

While chmod is the correct command to enter against the file to change the permissions, this is not necessary because the permissions are adequate. Instead, the SELinux policy would need to be modified or the set to permissive mode or disabled.

Rate this question:

1
0
36.

Marge needs to collect network device configuration information and network statistics from devices on the network. She wants to protect the confidentiality of credentials used to connect to these devices. Which of the following protocols would BEST meet this need?
- A.
  
  SSH
- B.
  
  FTPS
- C.
  
  C. SNMPv3
- D.
  
  D. TLS
Correct Answer
C. C. SNMPv3

Explanation
Simple Network Management Protocol version 3 (SNMPv3) is a secure protocol that can monitor and collect information from network devices. It includes strong authentication mechanisms to protect the confidentiality of credentials. None of the other protocols listed are used to monitor network devices. Secure Shell (SSH) provides a secure method of connecting to devices, but does not monitor them. File Transfer Protocol Secure (FTPS) is useful for encrypting large files in transit, using Transport Layer Security (TLS). TLS is commonly used to secure transmissions, but doesn’t include methods to monitor devices.

Rate this question:
37.

Lisa is enabling NTP on some servers within the DMZ. Which of the following use cases is she MOST likely supporting with this action?
- A.
  
  Support voice and video transmissions
- B.
  
  Provide time synchronization
- C.
  
  Enable email usage
- D.
  
  Encrypt data-in-transit
Correct Answer
B. Provide time synchronization

Explanation
The Network Time Protocol (NTP) provides time synchronization services, so enabling NTP on servers would meet this use case. The Real-time Transport Protocol (RTP) delivers audio and video over IP networks, and Secure RTP (SRTP) provides encryption, message authentication, and integrity for RTP. Protocols such as Simple Mail Transfer Protocol (SMTP), Post Office Protocol v3 (POP3), and Internet Message Access Protocol version 4 (IMAP4) are used for email. Encrypting data isn’t relevant to time synchronization services provided by NTP.

Rate this question:
38.

Your organization wants to increase security for VoIP and video teleconferencing applications used within the network. Which of the following protocols will BEST support this goal?
- A.
  
  SMTP
- B.
  
  TLS
- C.
  
  SFTP
- D.
  
  SRTP
Correct Answer
D. SRTP

Explanation
The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for Voice over Internet Protocol(VoIP), video teleconferencing, and other streaming media applications. None of the other answers are directly related to VoIP or video teleconferencing. Simple Mail Transfer Protocol (SMTP) transfers email. The Transport Layer Security (TLS) protocol is used to encrypt data-in-transit, but isn’t the best choice for streaming media. Secure File Transfer Protocol (SFTP) is a secure implementation of FTP to transfer files.

Rate this question:
39.

Management within your organization wants to ensure that switches are not susceptible to switching loop problems. Which of the following protocols is the BEST choice to meet this need?
- A.
  
  Flood guard
- B.
  
  SNMPv3
- C.
  
  SRTP
- D.
  
  RSTP
Correct Answer
D. RSTP

Explanation
Rapid STP (RSTP) prevents switching loop problems and should be enabled on the switches to meet this need. A flood guard on a switch helps prevent a media access control (MAC) flood attack. Simple Network Management Protocol version 3 (SNMPv3) is used to manage and monitor network devices. The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for video and voice data.

Rate this question:
40.

A network technician incorrectly wired switch connections in your organization’s network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. Which of the following should be done to prevent this situation in the future?
- A.
  
  Install an IDS.
- B.
  
  Only use Layer 2 switches.
- C.
  
  Install SNMPv3 on the switches.
- D.
  
  Implement STP or RSTP.
Correct Answer
D. Implement STP or RSTP.

Explanation
Spanning Tree Protocol (STP) and Rapid STP (RSTP) both prevent switching loop problems. It’s rare for a wiring error to take down a switch. However, if two ports on a switch are connected to each other, it creates a switching loop and effectively disables the switch. An intrusion detection system (IDS) will not prevent a switching loop. Layer 2 switches are susceptible to this problem. Administrators use Simple Network Management Protocol version 3 (SNMPv3) to manage and monitor devices, but it doesn’t prevent switching loops.

Rate this question:
41.

Developers recently configured a new service on ServerA. ServerA is in a DMZ and accessed by internal users and via the Internet. Network administrators modified firewall rules to access the service. Testing shows the service works when accessed from internal systems. However, it does not work when accessed from the Internet. Which of the following is MOST likely configured incorrectly?
- A.
  
  The new service
- B.
  
  An ACL
- C.
  
  ServerA
- D.
  
  The VLAN
Correct Answer
B. An ACL

Explanation
The most likely problem of the available choices is that an access control list (ACL) is configured incorrectly. The server is in a demilitarized zone (DMZ) and the most likely problem is an incorrectly configured ACL on the border firewall. The service is operating when accessed from internal clients, so it isn’t likely that it is the problem. Also, the server works for internal systems indicating it is working correctly. There isn’t any indication a virtual local area network (VLAN) is in use.

Rate this question:
42.

You manage a Linux computer used for security within your network. You plan to use it to inspect and handle network-based traffic using iptables. Which of the following network devices can this replace?
- A.
  
  Wireless access point
- B.
  
  Firewall
- C.
  
  Layer 2 switch
- D.
  
  Bridge
Correct Answer
B. Firewall

Explanation
Iptables include settings used by the Linux Kernel firewall and can be used to replace a firewall. While it’s possible to implement iptables on a wireless access point (assuming it is Linux-based), iptables still function as a firewall, not a wireless access point. A Layer 2 switch routes traffic based on the destination media access control (MAC) address, but iptables focus on IP addresses. A network bridge connects multiple networks together.

Rate this question:
43.

You need to implement antispoofing on a border router. Which one of the following choices will BEST meet this goal?
- A.
  
  Create rules to block all outgoing traffic from a private IP address.
- B.
  
  Implement a flood guard on switches.
- C.
  
  Add a web application firewall.
- D.
  
  Create rules to block all incoming traffic from a private IP address.
Correct Answer
D. Create rules to block all incoming traffic from a private IP address.

Explanation
You would create rules to block all incoming traffic from private IP addresses. The border router is between the internal network and the Internet and any traffic coming from the Internet with a private IP address is a spoofed source IP address. All outgoing traffic will typically use a private IP address, so you shouldn’t block this outgoing traffic. A flood guard on a switch protects against media access control (MAC) flood attacks and is unrelated to this question. A web application firewall protects a web application and is unrelated to antispoofing.

Rate this question:
44.

An organization has recently had several attacks against servers within a DMZ. Security administrators discovered that many of these attacks are using TCP, but they did not start with a three-way handshake. Which of the following devices provides the BEST solution?
- A.
  
  Stateless firewall
- B.
  
  Stateful firewall
- C.
  
  Network firewall
- D.
  
  Application-based firewall
Correct Answer
B. Stateful firewall

Explanation
A stateful firewall filters traffic based on the state of the packet within a session. It would filter a packet that isn’t part of a TCP three-way handshake. A stateless firewall filters traffic based on the IP address, port, or protocol ID. While it’s appropriate to place a network firewall in a demilitarized zone (DMZ), a network firewall could be either a stateless firewall or a stateful firewall. An application-based firewall is typically only protecting a host, not a network.

Rate this question:
45.

Which type of device would have the following entries used to define its operation? permit IP any any eq 80 permit IP any any eq 443 deny IP any any
- A.
  
  Firewall
- B.
  
  Layer 2 switch
- C.
  
  Proxy server
- D.
  
  Web server
Correct Answer
A. Firewall

Explanation
These are rules in an access control list (ACL) for a firewall. The first two rules indicate that traffic from any IP address, to any IP address, using ports 80 or 443 is permitted or allowed. The final rule is also known as an implicit deny rule and is placed last in the ACL. It ensures that all traffic that hasn’t been previously allowed is denied. Layer 2 switches do not use ACLs. A proxy server would not use an ACL, although it would use ports 80 and 443 for Hypertext Transfer Protocol (HTTP) and HTTP Secure (HTTPS), respectively. A web server wouldn’t use an ACL, although it would also use ports 80 and 443.

Rate this question:
46.

Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic from internal network traffic. Which of the following provides the BEST solution?
- A.
  
  DMZ
- B.
  
  VLAN
- C.
  
  Firewall
- D.
  
  WAF
Correct Answer
A. DMZ

Explanation
A demilitarized zone (DMZ) is a buffered zone between a private network and the Internet, and it will separate the web server’s web-facing traffic from the internal network. You can use a virtual local area network (VLAN) to group computers together based on job function or some other administrative need, but it is created on switches in the internal network. A firewall does provide protection for the web server, but doesn’t necessarily separate the web-facing traffic from the internal network. A web application firewall (WAF) protects a web server from incoming attacks, but it does not necessarily separate Internet and internal network traffic.

Rate this question:
47.

Management at your organization wants to prevent employees from accessing social media sites using company-owned computers. Which of the following devices would you implement?
- A.
  
  Transparent proxy
- B.
  
  Reverse proxy
- C.
  
  Nontransparent proxy
- D.
  
  Caching proxy
Correct Answer
C. Nontransparent proxy

Explanation
A nontransparent proxy includes the ability to filter traffic based on the URL and is the best choice. A transparent proxy doesn’t modify or filter requests. A reverse proxy is used for incoming traffic to an internal firewall, not traffic going out of the network. Proxy servers are caching proxy servers, but won’t block outgoing traffic.

Rate this question:
48.

You need to configure a UTM security appliance to restrict traffic going to social media sites. Which of the following are you MOST likely to configure?
- A.
  
  Content inspection
- B.
  
  Malware inspection
- C.
  
  URL filter
- D.
  
  DDoS mitigator
Correct Answer
C. URL filter

Explanation
You would most likely configure the Uniform Resource Locator (URL) filter on the unified threat management (UTM) security appliance. This would block access to the peer-to-peer sites based on their URL. Content inspection and malware inspection focus on inspecting the data as it passes through the UTM, but they do not block access to sites. A distributed denial-of-service (DDoS) mitigator will attempt to block incoming DDoS attack traffic.

Rate this question:
49.

Your organization recently purchased a sophisticated security appliance that includes a DDoS mitigator. Where should you place this device?
- A.
  
  Within the DMZ
- B.
  
  At the border of the network, between the intranet and the DMZ
- C.
  
  At the border of the network, between the private network and the Internet
- D.
  
  In the internal network
Correct Answer
C. At the border of the network, between the private network and the Internet

Explanation
A distributed denial-of-service (DDoS) mitigator attempts to block DDoS attacks and should be placed at the border of the network, between the private network and the Internet. If the network includes a demilitarized zone (DMZ), the appliance should be placed at the border of the DMZ and the Internet. Placing it in the DMZ or the internal network doesn’t ensure it will block incoming traffic.

Rate this question:
50.

You organization wants to increase security for name resolution by implementing DNSSEC. Which of the following is the BEST choice to support the deployment of DNSSEC?
- A.
  
  SSH
- B.
  
  SRTP
- C.
  
  TLS
- D.
  
  SSL
- E.
  
  LDAPS
Correct Answer
C. TLS

Explanation
Transport Layer Security (TLS) is the best choice. Domain Name System (DNS) provides name resolution services and DNS Security Extensions (DNSSEC) add security to DNS systems. DNSSEC uses a Resource Record Signature (RRSIG), commonly referred to as a digital signature, to provide data integrity and authentication for DNS replies. RRSIG can use Transport Layer Security (TLS) to create the signature.

SSL has been deprecated and should not be used.

Secure Shell (SSH) is commonly used to connect to remote systems and can be used to send files in an encrypted format over a network, but RRSIG does not use SSH.

Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for video and voice data, but not documents.

Lightweight Directory Access Protocol (LDAP) specifies formats and methods to query directories. LDAP Secure (LDAPS) uses encryption to protect LDAP transmissions.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 21, 2023

Quiz Edited by
ProProfs Editorial Team
Apr 23, 2020

Quiz Created by
Paul

CompTIA Security+ Sy0-501 Practice Test 02

You need to transmit PII via email and you want to maintain its confidentiality. Which of the following choices is the BEST solution?

Louie hid several plaintext documents within an image file. He then sent the image file to Tony. Which of the following BEST describes the purpose of his actions?

Management has mandated the use of digital signatures by all personnel within your organization. Which of the following use cases does this primarily support?

As the CTO, Marge is implementing a security program. She has included security controls to address confidentiality and availability. Of the following choices, what else should she include?

Your organization wants to reduce the amount of money it is losing due to thefts. Which of the following is the BEST example of an equipment theft deterrent?

Your organization is considering virtualization solutions. Management wants to ensure that any solution provides the best ROI. Which of the following situations indicates that virtualization would provide the best ROI?

You are preparing to deploy a new application on a virtual server. The virtual server hosts another server application that employees routinely access. Which of the following is the BEST method to use when deploying the new application?

Ned is not able to access any network resources from his Linux-based computer. Which of the following commands would he use to view the network configuration of his system?

Administrators frequently create VMs for testing. They sometimes leave these running without using them again after they complete their tests. Which of the following does this describe?

Users within your organization access virtual desktops hosted on remote servers. This describes which of the following?

Your organization has implemented a VDI for most users. When a user logs off, the desktop reverts to its original state without saving any changes made by the user. Which of the following BEST describes this behavior?

Which type of virtualization allows a computer’s operating system kernel to run multiple isolated instances of a guest virtual machine, with each guest sharing the kernel?

You are considering rebooting a database server and want to identify if it has any active network connections. Which of the following commands will list active network connections?

You have configured a firewall in your network to block ICMP traffic. You want to verify that it is blocking this traffic. Which of the following commands would you use?

Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?

Your organization has decided to implement a biometric solution for authentication. One of the goals is to ensure that the biometric system is highly accurate. Which of the following provides the BEST indication of accuracy with the biometric system?

Your organization recently updated an online application that employees use to log on when working from home. Employees enter their username and password into the application from their smartphone and the application logs their location using GPS. Which type of authentication is being used?

A network includes a ticket-granting ticket server used for authentication. Which authentication service does this network use?

Marge is reviewing an organization’s account management processes. She wants to ensure that security log entries accurately report the identity of personnel taking specific actions. Which of the following steps would BEST meet this requirement?

You need to create an account for a contractor who will be working at your company for 60 days. Which of the following is the BEST security step to take when creating this account?

A company recently hired you as a security administrator. You notice that some former accounts used by temporary employees are currently enabled. Which of the following choices is the BEST response?

Developers are planning to develop an application using role-based access control. Which of the following would they MOST likely include in their planning?

A security administrator needs to implement an access control system that will protect data based on the following matrix. (Note that this matrix only represents a subset of the overall requirements.) Which of the following models is the administrator implementing?

Your organization is implementing an SDN. Management wants to use an access control model that controls access based on attributes. Which of the following is the BEST solution?

Your organization’s security policy requires that PII data-in-transit must be encrypted. Which of the following protocols would BEST meet this requirement?

A server in your network's DMZ was recently attacked. The firewall logs show that the server was attacked from an external IP address with the following socket: 72.52.206.134:5678. You need to check the server to see if it still has an active connection. Which of the following tools should you use?

You suspect that a computer in your network is connecting to a remote computer without any user interaction. You want to verify this and identify the remote computer. Additionally, you want to identify how this connection is being initiated. Which of the following will BEST meet this need?

Marge needs to collect network device configuration information and network statistics from devices on the network. She wants to protect the confidentiality of credentials used to connect to these devices. Which of the following protocols would BEST meet this need?

Lisa is enabling NTP on some servers within the DMZ. Which of the following use cases is she MOST likely supporting with this action?

Your organization wants to increase security for VoIP and video teleconferencing applications used within the network. Which of the following protocols will BEST support this goal?

Management within your organization wants to ensure that switches are not susceptible to switching loop problems. Which of the following protocols is the BEST choice to meet this need?

A network technician incorrectly wired switch connections in your organization’s network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. Which of the following should be done to prevent this situation in the future?

You manage a Linux computer used for security within your network. You plan to use it to inspect and handle network-based traffic using iptables. Which of the following network devices can this replace?

You need to implement antispoofing on a border router. Which one of the following choices will BEST meet this goal?

An organization has recently had several attacks against servers within a DMZ. Security administrators discovered that many of these attacks are using TCP, but they did not start with a three-way handshake. Which of the following devices provides the BEST solution?

Which type of device would have the following entries used to define its operation? permit IP any any eq 80 permit IP any any eq 443 deny IP any any

Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic from internal network traffic. Which of the following provides the BEST solution?

Management at your organization wants to prevent employees from accessing social media sites using company-owned computers. Which of the following devices would you implement?

You need to configure a UTM security appliance to restrict traffic going to social media sites. Which of the following are you MOST likely to configure?

Your organization recently purchased a sophisticated security appliance that includes a DDoS mitigator. Where should you place this device?

You organization wants to increase security for name resolution by implementing DNSSEC. Which of the following is the BEST choice to support the deployment of DNSSEC?