Security Plus Questions: CompTIA Quiz!

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Themes
T
Themes
Community Contributor
Quizzes Created: 416 | Total Attempts: 709,551
Questions: 47 | Attempts: 213

SettingsSettingsSettings
CompTIA Quizzes & Trivia

CompTIA Security+ is an entry-level certification that develops network security knowledge. CompTIA certification covers IT concepts, basic IT literacy, and terminology. It's the first step toward the A+ certification. Take this quiz to test your fundamentals about Comptia security+. Let's try it out. All the best!


Questions and Answers
  • 1. 

    A security analyst captures forensic evidence from a potentially compromised system for further investigation. The evidence is documented and securely stored to FIRST:

    • A.

      Maintain the chain of custody.

    • B.

      Preserve the data.

    • C.

      Obtain a legal hold.

    • D.

      Recover data at a later time

    Correct Answer
    B. Preserve the data.
    Explanation
    Preserving the data is crucial in the process of capturing forensic evidence from a potentially compromised system. By securely storing the evidence, it ensures that the integrity and authenticity of the data are maintained. This is important for further investigation and analysis by the security analyst. The preservation of data also allows for the possibility of recovering any lost or deleted information at a later time if necessary. However, the other options mentioned, such as maintaining the chain of custody or obtaining a legal hold, are not directly related to the act of preserving the data itself.

    Rate this question:

  • 2. 

    A security analyst is investigating a security breach. Upon inspection of the audit and access logs, the analyst notices the host was accessed and the /etc/passwd file was modified with a new entry for username “gotcha” and user ID of 0. Which of the following are the MOST likely attack vector and tool the analyst should use to determine if the attack is still ongoing? 

    • A.

      Logic bomb

    • B.

      Backdoor

    • C.

      Keylogger

    • D.

      Netstat

    • E.

      Tracert

    • F.

      Ping

    Correct Answer(s)
    B. Backdoor
    D. Netstat
    Explanation
    The analyst should use the backdoor as the most likely attack vector because the modification of the /etc/passwd file suggests unauthorized access to the system. To determine if the attack is still ongoing, the analyst should use netstat, which is a network utility tool that displays active network connections and listening ports. By using netstat, the analyst can identify any suspicious or unauthorized connections that may indicate ongoing malicious activity.

    Rate this question:

  • 3. 

    A company recently replaced its unsecured email server with a cloud-based email and collaboration solution that is managed and insured by a third party. Which of the following actions did the company take regarding risks related to its email and collaboration services?

    • A.

      Transference

    • B.

      Acceptance

    • C.

      Mitigation

    • D.

      Deterrence

    Correct Answer
    A. Transference
    Explanation
    The company transferred the risks related to its email and collaboration services by replacing its unsecured email server with a cloud-based solution managed and insured by a third party. This means that the responsibility for managing and insuring the security of the email and collaboration services now lies with the third party, reducing the company's own risk exposure.

    Rate this question:

  • 4. 

    A datacenter recently experienced a breach. When access was gained, an RF device was used to access an air-gapped and locked server rack. Which of the following would BEST prevent this type of attack?

    • A.

      Faraday cage

    • B.

      Smart cards

    • C.

      Infrared detection

    • D.

      Alarms

    Correct Answer
    A. Faraday cage
    Explanation
    A Faraday cage is designed to block electromagnetic signals, preventing RF devices from accessing or communicating with devices inside the cage. By enclosing the server rack in a Faraday cage, the RF device used in the breach would be rendered ineffective, as it would not be able to establish a connection with the server rack. This would effectively prevent this type of attack, as the RF device would not be able to access the air-gapped and locked server rack within the datacenter.

    Rate this question:

  • 5. 

    A security analyst is working on a project that requires the implementation of a stream cipher. Which of the following should the analyst use?

    • A.

      Hash function

    • B.

      Elliptic curve

    • C.

      Symmetric algorithm

    • D.

      Public key cryptography

    Correct Answer
    C. Symmetric algorithm
    Explanation
    A stream cipher is a type of encryption algorithm that encrypts data one bit at a time. It uses a symmetric key, which means the same key is used for both encryption and decryption. Therefore, the security analyst should use a symmetric algorithm, as it is specifically designed for stream ciphers.

    Rate this question:

  • 6. 

    Which of the following would allow for the QUICKEST restoration of a server into a warm recovery site in a case in which server data mirroring is not enabled?

    • A.

      Full backup

    • B.

      Incremental backup

    • C.

      Differential backup

    • D.

      Snapshot

    Correct Answer
    C. Differential backup
    Explanation
    A differential backup would allow for the quickest restoration of a server into a warm recovery site in a case where server data mirroring is not enabled. A differential backup only includes the data that has changed since the last full backup, making it faster to restore compared to a full backup which includes all the data. Incremental backups only include the data that has changed since the last backup, which could be a full or differential backup, so it would take longer to restore. Snapshots are not typically used for server restoration.

    Rate this question:

  • 7. 

    In determining when it may be necessary to perform a credentialed scan against a system instead of a non-credentialed scan, which of the following requirements is MOST likely to influence this decision?

    • A.

      The scanner must be able to enumerate the host OS of devices scanned.

    • B.

      The scanner must be able to footprint the network.

    • C.

      The scanner must be able to check for open ports with listening services

    • D.

      The scanner must be able to audit file system permissions

    Correct Answer
    D. The scanner must be able to audit file system permissions
    Explanation
    The requirement that is most likely to influence the decision of performing a credentialed scan instead of a non-credentialed scan is the ability of the scanner to audit file system permissions. Credentialed scans require the use of valid credentials (such as username and password) to access the system being scanned. This level of access allows the scanner to gather more detailed information about the system, including auditing file system permissions. This is important for assessing the security posture of the system and identifying any potential vulnerabilities or misconfigurations related to file system permissions.

    Rate this question:

  • 8. 

    The computer resource center issued smartphones to all first-level and above managers. The managers have the ability to install mobile tools. Which of the following tools should be implemented to control the types of tools the managers install?

    • A.

      Download manager

    • B.

      Content manager

    • C.

      Segmentation manager

    • D.

      Application manager

    Correct Answer
    D. Application manager
    Explanation
    An application manager should be implemented to control the types of tools the managers install on their smartphones. This tool will allow the computer resource center to have control over the applications that are installed on the devices. It can restrict certain applications from being installed or provide a list of approved applications that managers can choose from. This helps ensure that only authorized and appropriate applications are installed on the smartphones issued by the resource center.

    Rate this question:

  • 9. 

    Which of the following BEST describes a network-based attack that can allow an attacker to take full control of a vulnerable host?

    • A.

      Remote exploit

    • B.

      Amplification

    • C.

      Sniffing

    • D.

      Man-in-the-middle

    Correct Answer
    A. Remote exploit
    Explanation
    A remote exploit refers to a network-based attack where an attacker takes advantage of vulnerabilities in a system to gain complete control over a vulnerable host. This type of attack allows the attacker to remotely access and manipulate the target system, potentially compromising its security and gaining unauthorized privileges. By exploiting weaknesses in the system's software or network protocols, the attacker can execute malicious code or commands on the vulnerable host, giving them full control over its operations.

    Rate this question:

  • 10. 

    A security auditor is putting together a report for the Chief Executive Officer (CEO) on personnel security and its impact on the security posture of the whole organization. Which of the following would be the MOST important factor to consider when it comes to personnel security?

    • A.

      Insider threats

    • B.

      Privilege escalation

    • C.

      Hacktivist

    • D.

      Phishing through social media

    • E.

      Corporate espionage

    Correct Answer
    A. Insider threats
    Explanation
    Insider threats are the most important factor to consider when it comes to personnel security. Insider threats refer to the risk posed by individuals within an organization who have authorized access to sensitive information and systems but may misuse or abuse their privileges. These individuals can intentionally or unintentionally cause harm to the organization's security posture, such as leaking sensitive data, sabotaging systems, or conducting fraudulent activities. Addressing insider threats requires implementing strong access controls, monitoring employee behavior, conducting regular security awareness training, and establishing a culture of security within the organization.

    Rate this question:

  • 11. 

    A security administrator wants to configure a company’s wireless network in a way that will prevent wireless clients from broadcasting the company’s SSID. Which of the following should be configured on the company’s access points?

    • A.

      Enable ESSID broadcast

    • B.

      Enable protected management frames

    • C.

      Enable wireless encryption

    • D.

      Disable MAC authentication

    • E.

      Disable WPS

    • F.

      Disable SSID broadcast

    Correct Answer
    F. Disable SSID broadcast
    Explanation
    Disabling SSID broadcast on the company's access points will prevent wireless clients from broadcasting the company's SSID. When SSID broadcast is disabled, the wireless network will not be visible to devices scanning for available networks. Clients will need to manually enter the SSID to connect to the network, which adds an extra layer of security by making the network less visible to potential attackers.

    Rate this question:

  • 12. 

    A wireless network has the following design requirements:     Authentication must not be dependent on enterprise directory service   It must allow background reconnection for mobile users   It must not depend on user certificates   Which of the following should be used in the design to meet the requirements? 

    • A.

      PEAP

    • B.

      PSK

    • C.

      Open systems authentication

    • D.

      EAP-TLS

    • E.

      Captive portals

    Correct Answer(s)
    B. PSK
    E. Captive portals
    Explanation
    The design requirements state that authentication should not be dependent on enterprise directory service and should not depend on user certificates. PSK (Pre-Shared Key) authentication meets these requirements as it does not require a directory service or user certificates for authentication. Captive portals can also be used to meet the requirements as they allow background reconnection for mobile users and do not rely on enterprise directory service or user certificates. Therefore, PSK and captive portals are the appropriate choices for this wireless network design.

    Rate this question:

  • 13. 

    Which of the following strategies should a systems architect use to minimize availability risks due to insufficient storage capacity?

    • A.

      High availability

    • B.

      Scalability

    • C.

      Distributive allocation

    • D.

      Load balancing

    Correct Answer
    B. Scalability
    Explanation
    Scalability is the correct answer because it refers to the ability of a system to handle increasing amounts of work or data by adding resources, such as storage capacity, without affecting performance or availability. By implementing scalability, a systems architect can ensure that the system can accommodate the growing storage demands and minimize the risk of availability issues caused by insufficient storage capacity.

    Rate this question:

  • 14. 

    A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication. Which of the following should the engineer implement if the design requires client MAC address to be visible across the tunnel?

    • A.

      Tunnel mode IPSec

    • B.

      Transport mode VPN IPSec

    • C.

      L2TP

    • D.

      SSL VPN

    Correct Answer
    D. SSL VPN
    Explanation
    An SSL VPN would be the best choice for the engineer to implement if the design requires the client MAC address to be visible across the tunnel. SSL VPNs allow for secure remote access to network resources by using SSL/TLS protocols to encrypt the communication between the client and the VPN gateway. This means that the client MAC address can be encapsulated within the SSL VPN traffic and transmitted across the tunnel.

    Rate this question:

  • 15. 

    After surfing the Internet, Joe, a user, woke up to find all his files were corrupted. His wallpaper was replaced by a message stating the files were encrypted and he needed to transfer money to a foreign country to recover them. Joe is a victim of:

    • A.

      A keylogger.

    • B.

      Spyware.

    • C.

      Ransomware.

    • D.

      A logic bomb

    Correct Answer
    C. Ransomware.
    Explanation
    Joe is a victim of ransomware. Ransomware is a type of malware that encrypts files on a user's computer and demands a ransom in exchange for the decryption key. In this case, Joe's files were corrupted and his wallpaper was replaced with a message asking him to transfer money to a foreign country to recover his files. This is a classic example of a ransomware attack, where the attacker holds the victim's files hostage until they pay the demanded ransom.

    Rate this question:

  • 16. 

    Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users' email contacts are complaining of an increase in spam and social networking requests. Due to a large number of affected accounts, remediation must be accomplished quickly.     Which of the following actions should be taken FIRST? (Select TWO)

    • A.

      Disable the compromised accounts

    • B.

      Update WAF rules to block social networks

    • C.

      Remove the compromised accounts with all AD groups

    • D.

      Change the compromised accounts' passwords

    • E.

      Disable the open relay on the email server

    • F.

      Enable sender policy framework

    Correct Answer(s)
    E. Disable the open relay on the email server
    F. Enable sender policy framework
    Explanation
    The first action that should be taken is to disable the open relay on the email server. This will prevent the server from being used to send out spam and social networking requests. The second action is to enable sender policy framework, which helps to prevent email spoofing and further reduce the amount of spam being sent from the compromised accounts. By taking these actions, the security administrators can mitigate the immediate impact of the phishing attack and protect the affected users and their contacts.

    Rate this question:

  • 17. 

    Which of the following allows an auditor to test proprietary-software compiled code for security flaws?

    • A.

      Fuzzing

    • B.

      Static preview

    • C.

      Code signing

    • D.

      Regression testing

    Correct Answer
    A. Fuzzing
    Explanation
    Fuzzing is a technique used by auditors to test proprietary-software compiled code for security flaws. It involves inputting random or invalid data into a program to identify vulnerabilities or crashes. By doing so, auditors can uncover potential security weaknesses and assess the software's resilience against unexpected inputs. Fuzzing helps to identify and fix security flaws before the software is deployed, reducing the risk of exploitation by attackers.

    Rate this question:

  • 18. 

    Ann, a user, states that her machine has been behaving erratically over the past week. She has experienced slowness and input lag and found text files that appear to contain pieces of her emails or online conversations with coworkers. The technician runs a standard virus scan but detects nothing.   Which of the following types of malware has infected the machine?

    • A.

      Ransomware

    • B.

      Rootkit

    • C.

      Backdoor

    • D.

      Keylogger

    Correct Answer
    D. Keylogger
    Explanation
    Based on the symptoms described by Ann, the most likely type of malware that has infected her machine is a keylogger. Keyloggers are malicious programs that record keystrokes on a computer, allowing attackers to capture sensitive information such as passwords, credit card numbers, and personal messages. The slowness and input lag could be caused by the keylogger running in the background and capturing every keystroke. The discovery of text files containing pieces of her emails or online conversations further supports the presence of a keylogger, as it is likely that the malware is logging and saving her typed messages.

    Rate this question:

  • 19. 

    Which of the following is the BEST reason for salting a password hash before it is stored in a database?

    • A.

      To prevent duplicate values from being stored

    • B.

      To make the password retrieval process very slow

    • C.

      To protect passwords from being saved in readable format

    • D.

      To prevent users from using simple passwords for their access credentials

    Correct Answer
    A. To prevent duplicate values from being stored
    Explanation
    Salting a password hash before storing it in a database helps prevent duplicate values from being stored. Salting involves adding a random string of characters to the password before hashing it, which ensures that even if two users have the same password, their hashed passwords will be different due to the unique salt. This prevents attackers from easily identifying duplicate passwords by comparing hashed values, increasing the security of the stored passwords.

    Rate this question:

  • 20. 

    An actor downloads and runs a program against a corporate login page. The program imports a list of usernames and passwords, looking for a successful attempt.   Which of the following terms does BEST describe the actor in this situation?

    • A.

      Script kiddie

    • B.

      Hacktivist

    • C.

      Cryptologist

    • D.

      Security auditor

    Correct Answer
    A. Script kiddie
    Explanation
    In this situation, the term "Script kiddie" best describes the actor. A script kiddie is an individual who lacks advanced technical skills and knowledge but uses pre-existing tools or scripts to carry out hacking activities. In this case, the actor is downloading and running a program that imports a list of usernames and passwords, indicating a lack of technical expertise and reliance on ready-made tools. The term "Hacktivist" refers to someone who hacks for political or social reasons, "Cryptologist" refers to a person who studies and uses cryptography, and a "Security auditor" is a professional who assesses and evaluates the security measures of a system.

    Rate this question:

  • 21. 

    An organization wants to utilize a common, Internet-based third-party provider for authorization and authentication. The provider uses a technology based on OAuth 2.0 to provide required services. To which of the following technologies is the provider referring?

    • A.

      Open ID Connect

    • B.

      SAML

    • C.

      XACML

    • D.

      LDAP

    Correct Answer
    A. Open ID Connect
    Explanation
    The correct answer is Open ID Connect. Open ID Connect is a technology based on OAuth 2.0 that provides authentication and authorization services. It allows users to authenticate themselves to multiple websites or applications using a single set of credentials. It is commonly used for single sign-on (SSO) and is widely adopted in the industry for its security and interoperability. SAML, XACML, and LDAP are also authentication and authorization technologies, but they are not specifically based on OAuth 2.0.

    Rate this question:

  • 22. 

    A penetration tester harvests potential usernames from a social networking site. The penetration tester then uses social engineering to obtain associated passwords to gain unauthorized access to shares on a network server.   Which of the following methods is the penetration tester MOST likely using?

    • A.

      Escalation of privilege

    • B.

      SQL injection

    • C.

      Active reconnaissance

    • D.

      Proxy server

    Correct Answer
    C. Active reconnaissance
    Explanation
    The penetration tester is most likely using active reconnaissance. Active reconnaissance involves actively gathering information about a target system or network, often through techniques such as scanning, enumeration, and probing. In this scenario, the tester is harvesting potential usernames from a social networking site, which falls under the category of active reconnaissance. This information can then be used to launch further attacks, such as social engineering, to obtain associated passwords and gain unauthorized access to shares on a network server.

    Rate this question:

  • 23. 

    Which of the following could occur when both strong and weak ciphers are configured on a VPN concentrator? 

    • A.

      An attacker could potentially perform a downgrade attack.

    • B.

      The connection is vulnerable to resource exhaustion.

    • C.

      The integrity of the data could be at risk.

    • D.

      The VPN concentrator could revert to L2TP.

    • E.

      The IPSec payload reverted to 16-bit sequence numbers.

    Correct Answer(s)
    A. An attacker could potentially perform a downgrade attack.
    E. The IPSec payload reverted to 16-bit sequence numbers.
    Explanation
    When both strong and weak ciphers are configured on a VPN concentrator, it opens up the possibility of an attacker performing a downgrade attack. This means that the attacker can force the VPN connection to use the weaker cipher, making it easier for them to decrypt and manipulate the data being transmitted. Additionally, the IPSec payload may revert to 16-bit sequence numbers, which could compromise the integrity and security of the data being transmitted.

    Rate this question:

  • 24. 

    Which of the following is the BEST choice for a security control that represents a preventive and corrective logical control at the same time?

    • A.

      Security awareness training

    • B.

      Antivirus

    • C.

      Firewalls

    • D.

      Intrusion detection system

    Correct Answer
    B. Antivirus
    Explanation
    Antivirus software is the best choice for a security control that represents a preventive and corrective logical control at the same time. It prevents malware infections by detecting and removing malicious software before it can cause harm. Additionally, it can also correct any issues by quarantining or deleting infected files. Antivirus software acts as a proactive measure to prevent attacks and as a reactive measure to mitigate any damage caused by malware. It is a versatile security control that offers both preventive and corrective capabilities.

    Rate this question:

  • 25. 

    A web developer improves client access to the company's REST API. Authentication needs to be tokenized but not expose the client's password.   Which of the following methods would BEST meet the developer's requirements?

    • A.

      SAML

    • B.

      LDAP

    • C.

      OAuth

    • D.

      Shibboleth

    Correct Answer
    A. SAML
    Explanation
    SAML (Security Assertion Markup Language) would be the best method to meet the developer's requirements. SAML is an XML-based open standard for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider. It allows for the tokenization of authentication without exposing the client's password, ensuring secure access to the company's REST API. LDAP (Lightweight Directory Access Protocol) is a protocol for accessing and maintaining distributed directory information, but it does not specifically address tokenization. OAuth is an authorization framework, not specifically focused on tokenization. Shibboleth is a federated identity solution, which may not be necessary for the given requirements.

    Rate this question:

  • 26. 

    A vulnerability scan is being conducted against a desktop system. The scan is looking for files, versions, and registry values known to be associated with system vulnerabilities. Which of the following BEST describes the type of scan being performed?

    • A.

      Non-intrusive

    • B.

      Authenticated

    • C.

      Credentialed

    • D.

      Active

    Correct Answer
    C. Credentialed
    Explanation
    A credentialed scan is being performed in this scenario. This type of scan requires the use of valid credentials, such as usernames and passwords, to access the system being scanned. It allows the scanner to have deeper access to the system, including the ability to check files, versions, and registry values. This type of scan is more thorough and accurate in identifying vulnerabilities compared to non-intrusive or active scans. Authenticated scans, on the other hand, typically refer to scans that require user authentication but may not have the same level of access as credentialed scans.

    Rate this question:

  • 27. 

    A security analyst is updating a BIA document. The security analyst notices the support vendor's time to replace a server hard drive went from eight hours to two hours.   Given these new metrics, which of the following can be concluded? 

    • A.

      The MTTR is faster.

    • B.

      The MTTR is slower.

    • C.

      The RTO has increased.

    • D.

      The RTO has decreased.

    • E.

      The MTTF has increased.

    • F.

      The MTTF has decreased.

    Correct Answer(s)
    A. The MTTR is faster.
    D. The RTO has decreased.
    Explanation
    The security analyst can conclude that the Mean Time to Repair (MTTR) has become faster because the time to replace a server hard drive has decreased from eight hours to two hours. Additionally, the Recovery Time Objective (RTO) has decreased because the time it takes to recover from a failure or incident has decreased.

    Rate this question:

  • 28. 

    Which of the following could help detect trespassers in a secure facility? 

    • A.

      Faraday cages

    • B.

      Motion-detection sensors

    • C.

      Tall, chain-link fencing

    • D.

      Security guards

    • E.

      Smart cards

    Correct Answer(s)
    B. Motion-detection sensors
    D. Security guards
    Explanation
    Motion-detection sensors and security guards can both help detect trespassers in a secure facility. Motion-detection sensors are designed to detect any movement within a specified area and can trigger alarms or alerts when unauthorized individuals are detected. Security guards can physically patrol the facility, monitor surveillance cameras, and respond to any suspicious activity or breaches in security. Both of these measures work together to enhance the security of the facility and ensure that any trespassers are detected and dealt with promptly.

    Rate this question:

  • 29. 

    The IT department is deploying new computers. To ease the transition, users will be allowed to access their old and new systems.   The help desk is receiving reports that users are experiencing the following error when attempting to log in   to their previous system:   Logon Failure: Access Denied   Which of the following can cause this issue?

    • A.

      Permission issues

    • B.

      Access violations

    • C.

      Certificate issues

    • D.

      Misconfigured devices

    Correct Answer
    C. Certificate issues
    Explanation
    Certificate issues can cause the "Logon Failure: Access Denied" error. Certificates are used to authenticate and verify the identity of a user or system. If there is an issue with the certificate, such as it being expired, revoked, or not trusted, the system may deny access to the user. This can happen if the certificate used for authentication on the previous system is not recognized or trusted by the new system, resulting in the access denied error.

    Rate this question:

  • 30. 

    A third-party penetration testing company was able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another server that was not in the original network.   Which of the following is the MOST likely method used to gain access to the other host?

    • A.

      Backdoor

    • B.

      Pivoting

    • C.

      Persistance

    • D.

      Logic bomb

    Correct Answer
    B. Pivoting
    Explanation
    The most likely method used to gain access to the other host is pivoting. Pivoting refers to the technique of using an already compromised system to gain access to other systems within the network. In this scenario, the third-party penetration testing company successfully gained root access on the initial server using ARP cache poison technique. With this compromised server, they were then able to move to another server that was not in the original network, which indicates the use of pivoting to gain access to the other host.

    Rate this question:

  • 31. 

    Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO.   Which of the following are needed given these requirements?

    • A.

      Public key

    • B.

      Shared key

    • C.

      Elliptic curve

    • D.

      MD5

    • E.

      Private key

    • F.

      DES

    Correct Answer(s)
    A. Public key
    E. Private key
    Explanation
    To ensure credentials are encrypted in transit when implementing a RADIUS server for SSO, both a public key and a private key are needed. The public key is used to encrypt the data, while the private key is used to decrypt it. This combination of keys allows for secure communication between the RADIUS server and the clients, ensuring that sensitive information, such as credentials, cannot be intercepted and read by unauthorized individuals.

    Rate this question:

  • 32. 

    The POODLE attack is an MITM exploit that affects:

    • A.

      TLS1.0 with CBC mode cipher

    • B.

      SSLv2.0 with CBC mode cipher

    • C.

      SSLv3.0 with CBC mode cipher

    • D.

      SSLv3.0 with ECB mode cipher

    Correct Answer
    C. SSLv3.0 with CBC mode cipher
    Explanation
    The POODLE attack is a man-in-the-middle (MITM) exploit that affects SSLv3.0 with CBC mode cipher. This attack takes advantage of a vulnerability in SSLv3.0 that allows an attacker to decrypt secure communications by exploiting the padding oracle vulnerability in the CBC mode cipher. By manipulating the padding in the cipher, the attacker can gradually decrypt the encrypted data. This attack does not affect TLS1.0 with CBC mode cipher or SSLv2.0 with CBC mode cipher, as they do not have the same vulnerability. Additionally, the use of ECB mode cipher does not make systems vulnerable to the POODLE attack.

    Rate this question:

  • 33. 

    To determine the ALE of a particular risk, which of the following must be calculated? 

    • A.

      ARO

    • B.

      ROI

    • C.

      RPO

    • D.

      SLE

    • E.

      RTO

    Correct Answer(s)
    A. ARO
    D. SLE
    Explanation
    To determine the Annualized Loss Expectancy (ALE) of a particular risk, two factors must be calculated: the Annual Rate of Occurrence (ARO) and the Single Loss Expectancy (SLE). The ARO represents the estimated frequency at which the risk event will occur in a year, while the SLE represents the expected financial loss associated with each occurrence of the risk event. By multiplying the ARO with the SLE, the ALE can be calculated, which provides an estimate of the expected annual financial impact of the risk. The other options, ROI (Return on Investment), RPO (Recovery Point Objective), and RTO (Recovery Time Objective), are not directly related to calculating the ALE.

    Rate this question:

  • 34. 

    Which of the following are used to increase the computing time it takes to brute force a password using an offline attack?

    • A.

      XOR

    • B.

      PBKDF2

    • C.

      Bcrypt

    • D.

      HMAC

    • E.

      RIPEMD

    Correct Answer(s)
    B. PBKDF2
    C. Bcrypt
    Explanation
    PBKDF2 and bcrypt are both cryptographic algorithms that are specifically designed to increase the computing time it takes to brute force a password using an offline attack. They achieve this by applying a large number of iterations and incorporating a salt value into the password hashing process. This makes it significantly more time-consuming and resource-intensive for an attacker to guess the password through repeated trial-and-error attempts. XOR, HMAC, and RIPEMD, on the other hand, are not specifically designed for password hashing and do not provide the same level of protection against brute force attacks.

    Rate this question:

  • 35. 

    Users in a corporation currently authenticate with a username and password. A security administrator wishes to implement two-factor authentication to improve security.   Which of the following authentication methods should be deployed to achieve this goal?

    • A.

      PIN

    • B.

      Security Question

    • C.

      Smart card

    • D.

      Passphrase

    • E.

      CAPTCHA

    Correct Answer
    C. Smart card
    Explanation
    A smart card is a physical device that can store and process data. It is typically used for authentication purposes and can provide an additional layer of security in a two-factor authentication system. By requiring users to have both the smart card and their username/password, the security administrator can ensure that only authorized individuals are able to access the system. This is because the smart card contains unique information that is difficult to replicate or forge, making it a reliable authentication method.

    Rate this question:

  • 36. 

    A security administrator needs to address the following audit recommendations for a public-facing   SFTP server: Users should be restricted to upload and download files to their own home directories only.   Users should not be allowed to use interactive shell login.     Which of the following configuration parameters should be implemented? 

    • A.

      PermitTunnel

    • B.

      ChrootDirectory

    • C.

      PermitTTY

    • D.

      AllowTcpForwarding

    • E.

      IgnoreRhosts

    Correct Answer(s)
    B. ChrootDirectory
    C. PermitTTY
    Explanation
    The ChrootDirectory parameter should be implemented to restrict users to their own home directories only. This parameter sets the directory that the user is restricted to when they log in. The PermitTTY parameter should also be implemented to disallow users from using interactive shell login. This parameter controls whether a TTY (terminal) is allocated for the user when they log in. By setting it to "no", the user will not be able to use interactive shell login.

    Rate this question:

  • 37. 

    An organization recently moved its custom web applications to the cloud, and it is obtaining managed services of the back-end environment as part of its subscription. Which of the following types of services is this company now using?

    • A.

      SaaS

    • B.

      CASB

    • C.

      IaaS

    • D.

      PaaS

    Correct Answer
    B. CASB
  • 38. 

    Which of the following is commonly done as part of a vulnerability scan?

    • A.

      Exploiting misconfigured applications

    • B.

      Cracking employee passwords

    • C.

      Sending phishing emails to employees

    • D.

      Identifying unpatched workstations

    Correct Answer
    D. Identifying unpatched workstations
    Explanation
    As part of a vulnerability scan, identifying unpatched workstations is commonly done. Vulnerability scans are conducted to identify and assess potential weaknesses in a system or network. Unpatched workstations refer to computers that have not received the latest updates or patches, which can leave them susceptible to known vulnerabilities. By identifying these unpatched workstations, organizations can take appropriate measures to apply the necessary updates and patches to mitigate potential risks and secure their systems.

    Rate this question:

  • 39. 

    A company is evaluating cloud providers to reduce the cost of its internal IT operations. The company's aging systems are unable to keep up with customer demand. Which of the following cloud models will the company MOST likely select?

    • A.

      PaaS

    • B.

      SaaS

    • C.

      IaaS

    • D.

      BaaS

    Correct Answer
    C. IaaS
    Explanation
    The company is looking to reduce costs and improve its IT operations, which suggests a need for flexibility and scalability. Infrastructure as a Service (IaaS) would be the most likely cloud model for the company to select. With IaaS, the company can outsource its infrastructure needs, including servers, storage, and networking, allowing them to scale resources up or down as needed. This would enable the company to meet customer demand more effectively and reduce the burden of maintaining aging systems.

    Rate this question:

  • 40. 

    After a security incident, management is meeting with involved employees to document the incident and its aftermath.   Which of the following BEST describes this phase of the incident response process?

    • A.

      Lessons learned

    • B.

      Recovery

    • C.

      Identification

    • D.

      Preparation

    Correct Answer
    A. Lessons learned
    Explanation
    This phase of the incident response process involves meeting with the involved employees to document the incident and its aftermath. It is called "Lessons learned" because the purpose is to gather information and insights from the incident in order to improve future incident response and prevent similar incidents from happening again. This phase focuses on analyzing the incident, identifying any gaps or weaknesses in the response process, and implementing corrective actions to enhance security measures.

    Rate this question:

  • 41. 

    A user needs to send sensitive information to a colleague using PKI.     Which of the following concepts apply when a sender encrypts the message hash with the sender's private key? 

    • A.

      Non-repudiation

    • B.

      Email content encryption

    • C.

      Steganography

    • D.

      Transport security

    • E.

      Message integrity

    Correct Answer(s)
    A. Non-repudiation
    E. Message integrity
    Explanation
    When a sender encrypts the message hash with the sender's private key, it ensures both non-repudiation and message integrity. Non-repudiation means that the sender cannot deny sending the message since it can be verified using their private key. Message integrity ensures that the message has not been tampered with during transmission, as any changes to the message would result in a different hash value. Therefore, the use of PKI in this scenario provides both non-repudiation and message integrity.

    Rate this question:

  • 42. 

    As part of a new BYOD rollout, a security analyst has been asked to find a way to store company data on personal devices securely.   Which of the following would BEST help to accomplish this?

    • A.

      Require the use of an eight-character PIN.

    • B.

      Implement containerization of company data

    • C.

      Require annual AUP sign-off.

    • D.

      Use geofencing tools to unlock devices while on the premises

    Correct Answer
    B. Implement containerization of company data
    Explanation
    Implementing containerization of company data would be the best solution for securely storing company data on personal devices in a BYOD environment. Containerization involves creating isolated containers or partitions on the device where company data can be stored separately from personal data. This ensures that company data remains protected and isolated even if the device is lost, stolen, or compromised. It also allows for easy management and control of the company data within the container, such as implementing encryption, access controls, and remote wipe capabilities.

    Rate this question:

  • 43. 

    A web server, which is configured to use TLS with AES-GCM-256, SHA-384, and ECDSA, recently suffered an information loss breach.   Which of the following is MOST likely the cause?

    • A.

      Insufficient key bit length

    • B.

      Weak cipher suite

    • C.

      Unauthenticated encryption method

    • D.

      Poor implementation

    Correct Answer
    D. Poor implementation
    Explanation
    A poor implementation is the most likely cause of the information loss breach. Even though the web server is configured to use strong encryption algorithms (TLS with AES-GCM-256, SHA-384, and ECDSA), it is possible that the implementation of these algorithms was flawed. This could include mistakes in the code, misconfigurations, or other vulnerabilities that allowed attackers to gain unauthorized access to the information. Simply having strong encryption algorithms does not guarantee security if they are not implemented correctly.

    Rate this question:

  • 44. 

    An incident involving a workstation that is potentially infected with a virus has occurred. The workstation may have sent confidential data to an unknown internet server.   Which of the following should a security analyst do FIRST?

    • A.

      Make a copy of everything in memory on the workstation.

    • B.

      Turn off the workstation.

    • C.

      Consult information security policy.

    • D.

      Run a virus scan.

    Correct Answer
    A. Make a copy of everything in memory on the workstation.
    Explanation
    The first step in responding to an incident involving a potentially infected workstation is to make a copy of everything in memory on the workstation. This is important because it allows the security analyst to preserve any evidence that may be present in the workstation's memory, such as running processes, network connections, and any malicious code that may be active. This will provide valuable information for further analysis and investigation. Turning off the workstation or running a virus scan may be necessary steps, but they should be done after the memory has been copied to avoid losing any critical information. Consulting the information security policy may provide guidance, but it is not the first action to take in this situation.

    Rate this question:

  • 45. 

    A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops' local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this?

    • A.

      Put the desktops in the DMZ.

    • B.

      Create a separate VLAN for the desktops.

    • C.

      Air gap the desktops.

    • D.

      Join the desktops to an ad-hoc network

    Correct Answer
    C. Air gap the desktops.
    Explanation
    Air gapping the desktops is the best way to accomplish the goal of isolating them as much as possible. Air gapping involves physically disconnecting the desktops from the network, ensuring that they have no connection to any external networks or devices. This prevents any potential unauthorized access or data breaches, providing a high level of security for the desktops and the product creation process.

    Rate this question:

  • 46. 

    An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography.   Discovery of which of the following would help catch the tester in the act?

    • A.

      Abnormally high numbers of outgoing instant messages that contain obfuscated text

    • B.

      Large-capacity USB drives on the tester's desk with encrypted zip files

    • C.

      Outgoing emails containing unusually large image files

    • D.

      Unusual SFTP connections to a consumer IP address

    Correct Answer
    C. Outgoing emails containing unusually large image files
    Explanation
    If the in-house penetration tester is planning to exfiltrate data through steganography, it means that they will be hiding the data within image files and sending them out as emails. Therefore, outgoing emails containing unusually large image files would be a red flag as it is not normal behavior for regular users. This would help catch the tester in the act as it indicates potential data exfiltration.

    Rate this question:

  • 47. 

    A member of the admins group reports being unable to modify the "changes" file on a server.   The permissions on the file are as follows:     Permissions User Group File   -rwxrw-r--+ Admins Admins changes     Based on the output above, which of the following BEST explains why the user is unable to modify the "changes" file?

    • A.

      The SELinux mode on the server is set to "enforcing."

    • B.

      The SELinux mode on the server is set to "permissive."

    • C.

      An FACL has been added to the permissions for the file.

    • D.

      The admins group does not have adequate permissions to access the file.

    Correct Answer
    C. An FACL has been added to the permissions for the file.
    Explanation
    The correct answer is "An FACL has been added to the permissions for the file." This is because the output shows that there is a "+" symbol at the end of the permissions, indicating that there is an FACL (File Access Control List) present for the file. FACLs can override traditional Unix permissions and restrict or allow access to a file for specific users or groups. In this case, it is likely that the FACL is preventing the member of the admins group from modifying the "changes" file.

    Rate this question:

Related Topics

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.