CompTIA Security+ Exam MCQ!

Placing the new network segment on an extranet and configuring the firewall rules to allow both internal and external traffic is the most secure way to configure the segment. An extranet is a controlled extension of an organization's internal network that allows external users limited access. By placing the segment on an extranet, the organization can provide access to external users while still maintaining a level of security. Configuring the firewall rules to allow both internal and external traffic ensures that the necessary communication can occur while still protecting the network from unauthorized access.

The subnet 192.168.0.16/28 would best meet the requirements because it allows for a maximum of 14 physical hosts. The /28 subnet mask provides 16 IP addresses, but 2 of them are reserved for network and broadcast addresses, leaving 14 usable IP addresses for hosts.

Performing a virus scan on the device is the best course of action to ensure data confidentiality when a portable data storage device has been determined to have malicious firmware. This will help identify and remove any malware or malicious code that may be present on the device, thereby preventing unauthorized access to the data stored on it. Formatting the device or re-imaging it may not completely remove the malicious firmware, while physically destroying the device would result in permanent data loss.

not-available-via-ai

A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a credentialed scan. This type of scan requires the scanner to have valid credentials (such as username and password) to authenticate with the target systems. By doing so, the scanner can access more detailed information about the system's configuration and installed software, allowing for a more accurate assessment of vulnerabilities. This type of scan is often preferred for internal network assessments where the scanner has legitimate access to the systems being scanned.

Using magnetic fields to erase the data would have most likely prevented the data from being exposed. This method involves using strong magnetic fields to completely erase the data on the hard drives, making it impossible for anyone to recover the confidential information. By erasing the data in this way, the dumpster diver would not have been able to retrieve the confidential data and post it online.

The developer is most likely to use SSL (Secure Sockets Layer) as the secure protocol for the application. SSL is commonly used for secure communication over the internet and can provide encryption and authentication for data transmission. Port 80 is typically used for HTTP communication, and SSL can be implemented on top of HTTP to secure the data being transmitted. FTPS and SFTP are secure protocols for file transfer, LDAPS is used for secure LDAP communication, and SSH is used for secure remote access, but SSL is the most suitable choice for secure transport over port 80 in this scenario.

Having users sign their name naturally can be a form of biometric authentication. Each person's signature is unique, and by verifying the signature, the application can confirm the user's identity. This adds an additional layer of security to the authentication process, making it a suitable choice for implementing multifactor authentication. Facial recognition, palm geometry scan, and iris recognition are also forms of biometric authentication, but they are not mentioned in the question and therefore not the correct answer.

After an identified security breach, the analyst should take the next step of identification. This involves gathering information and evidence to determine the scope and nature of the breach. By identifying the specific details of the breach, the analyst can then proceed with the appropriate actions in the incident response process, such as containment, eradication, and recovery.

BCP stands for Business Continuity Planning, which is a process that identifies critical systems and components within an organization. It involves creating a plan to ensure that these systems and components can continue to operate or be quickly restored in the event of a disruption. BCP helps organizations minimize downtime, maintain customer trust, and protect their reputation. MOU (Memorandum of Understanding), BPA (Business Process Automation), and ITCP (Information Technology Contingency Plan) are not specifically designed to identify critical systems and components.

By gaining root/administrative access through exploiting vulnerabilities associated with various services, it is clear that there are unnecessary services enabled on the web servers. By disabling these unnecessary services, the organization can reduce the attack surface and minimize the potential vulnerabilities that can be exploited by attackers. This recommendation will help better protect the web servers in the future.

To ensure that invalid certificates are not used by a custom developed application, the security administrator must implement a Certificate Revocation List (CRL). A CRL is a list maintained by a certificate authority (CA) that contains the serial numbers of revoked certificates. The application can check the validity of certificates by referencing the CRL, even when internet access is unavailable. This allows the application to verify if a certificate has been revoked before accepting it as valid. The other options, CSR (Certificate Signing Request), OCSP (Online Certificate Status Protocol), and SSH (Secure Shell), do not provide the same functionality as a CRL in this context.

A tabletop exercise is a simulated scenario where key stakeholders gather together to discuss and practice their response to a potential incident. By conducting tabletop exercises, the director can identify any gaps or weaknesses in the response process and make necessary improvements. This practice helps to familiarize the team with their roles and responsibilities, improves communication and coordination, and allows for the development of more efficient response strategies. Ultimately, by regularly conducting tabletop exercises, the director can enhance the team's preparedness and shorten the response time in real incidents.

The most likely cause of the connectivity issues is that the user's laptop only supports WPA and WEP. Since the wireless network is WPA2 Enterprise, which requires users to be a member of the wireless security group to authenticate, the user's laptop would not be able to connect to the network if it only supports WPA and WEP. This would explain why the user is unable to connect to both internal and Internet resources, and why the wireless icon shows connectivity but has no network access.

Enforcing authentication for network devices is the best way to ensure that users do not connect any unauthorized devices to the company network. By requiring authentication, only authorized devices and users will be able to connect to the network. This helps to prevent unauthorized access and potential security breaches.

TACACS+ is the best access technology for Joe to use because it provides separate access control functionalities for internal, external, and VOIP services. TACACS+ allows for granular control over user access and authentication, making it ideal for maintaining security while allowing remote access for traveling staff. RADIUS, Diameter, and Kerberos do not offer the same level of control and functionality as TACACS+.

Load balancers and application layer firewalls are both methods to implement high availability (HA) in a web application server environment. Load balancers distribute incoming network traffic across multiple servers to ensure efficient utilization and prevent overload. This helps to improve availability by ensuring that if one server fails, others can handle the traffic. Application layer firewalls, on the other hand, provide an additional layer of security by monitoring and filtering network traffic at the application layer. This helps to protect the web application server from various attacks and vulnerabilities, thereby enhancing its availability and reliability.

not-available-via-ai

The company should implement DLP (Data Loss Prevention) technology controls. DLP helps prevent sensitive data from leaving the network by monitoring and controlling data transfers. In this case, the company has discovered that engineering documents are leaving the network on a particular port. By implementing DLP, the company can set up policies and rules to detect and prevent the unauthorized transfer of these documents, ensuring that sensitive information remains within the network.

The correct answer is C. Requiring all new accounts to be handled by someone else other than a teller since they have different duties would implement a true separation of duties approach. This would prevent tellers from opening accounts without management approval, as another individual with different responsibilities would handle the account creation process. By assigning this task to someone else, the bank ensures that there is a check and balance system in place, reducing the risk of unauthorized account openings.

The best course of action is to deny the former employee's request for a password reset. This is because, according to the organization's security policy, the employee's access to all network resources is terminated immediately upon resignation. Granting a password reset would allow the former employee to regain access to all network resources, which is against the organization's security policy. Therefore, denying the request is the most appropriate action to ensure the security of the network resources.

The user should disable GEO-Tagging in order to achieve the stated goal. GEO-Tagging is a feature that allows location information to be attached to messages or media files. By disabling this feature, the user can ensure that geographic positioning information is not included in messages sent on the social network platform.

A collision attack and a rainbow table attack are two different types of attacks in cryptography. A collision attack occurs when two different inputs produce the same hash value. On the other hand, a rainbow table attack involves precomputing and storing a large table of hash values and their corresponding inputs to quickly crack hashed passwords. In a rainbow table attack, the attacker performs a hash lookup by searching the table for a matching hash value. Therefore, option A correctly differentiates a rainbow table attack from a collision attack.

The most likely cause of the untrusted certificate errors is that the valid period for the certificate has expired and a new certificate has not been issued. This means that the certificate is no longer considered valid by the browser or operating system, leading to the error message. It is important to regularly renew certificates to ensure that they remain trusted and valid.

To provide the most complete protection of data, it is important to store customer data based on national borders to comply with varying data retention and privacy laws. Additionally, implementing end-to-end encryption between ATMs, end users, and servers ensures that data is securely transmitted and accessed. Testing redundancy and COOP (Continuity of Operations) plans is crucial to prevent data from being inadvertently shifted from one legal jurisdiction to another with more stringent regulations, ensuring compliance and data protection.

The correct answer is A. The firewall should be configured to prevent user traffic from matching the implicit deny rule. When a new firewall is placed into service without any configuration, it typically has an implicit deny rule in place, which means that all traffic is denied by default. In order for employees on the network segment covered by the firewall to access the network, the firewall needs to be configured to allow their traffic to pass through. By configuring the firewall to prevent user traffic from matching the implicit deny rule, the employees will be able to access the network.

The given payload includes JavaScript code that tries to insert data from the file "/etc/passwd" into the webpage. This type of attack is known as JavaScript data insertion, where an attacker tries to inject malicious code or data into a webpage using JavaScript. This can be used to steal sensitive information or perform unauthorized actions on the website.

An IDS (Intrusion Detection System) is designed to monitor network traffic and detect any malicious or suspicious activity. By reviewing the IDS logs, it would be possible to obtain more information on the unknown traffic and identify any potential security breaches or unauthorized access attempts. Firewall logs may provide some information but they primarily focus on network traffic that is allowed or blocked based on predefined rules. Increased spam filtering would not be relevant in this context as it is specifically for filtering out unwanted emails. A protocol analyzer could be useful for analyzing network traffic, but an IDS would be more suitable for detecting and investigating unknown traffic.

The main reason why a systems administrator would install security patches in a staging environment before applying them to the production server is to prevent server availability issues. By testing the patches in a controlled environment first, any potential issues or conflicts can be identified and resolved before they impact the live production server. Additionally, installing patches in a staging environment allows users to test the functionality of the system after the patches are applied, ensuring that there are no unexpected issues or disruptions in the production environment.

Server101 should be addressed first because it is the only server that is both internet-facing and vulnerable to a buffer overflow exploit. This means that external attackers have the potential to exploit this vulnerability and gain unauthorized access to the server. Addressing this vulnerability will help mitigate the risk of unauthorized information being accessed by external attackers.

Requiring SIPS (Secure Internet Protocol Session) on connections to the PBX would best prevent interception and compromise of credentials during authentication. SIPS is a secure version of the Session Initiation Protocol (SIP) used for VoIP communications. By using SIPS, the communication between the IP phones and the PBX is encrypted, ensuring that any intercepted data is unreadable and secure. This helps to protect the authentication process and prevents unauthorized access to the PBX system. Implementing SRTP (Secure Real-time Transport Protocol) between the phones and the PBX would also provide encryption, but it does not specifically address the authentication process. Placing the phones and PBX in their own VLAN and restricting phone connections to the PBX can provide some level of network segregation and control, but they do not directly address the security of the authentication process.

Developing and implementing updated access control policies is important to ensure that only authorized individuals have access to the organization's systems. This helps to prevent former employees from infiltrating the systems. Assessing and eliminating inactive accounts is also necessary as these accounts may still provide access to former employees who were terminated during the transition. By removing these accounts, the organization can further reduce the risk of infiltration.

MDM (Mobile Device Management) software should be implemented in order to meet the security policy requirements. MDM software allows for the management and tracking of mobile devices, including tablets. It can provide a unique identifier for each device and track their usage and location through the inventory management system. This would enable the company to meet the requirement of assigning a unique identifier to each endpoint computing device and tracking them, even for the difficult-to-tag and track tablet devices.

Requiring swipe-card access to enter the lab can help prevent the specific threat of stealing confidential information after working hours. By implementing swipe-card access, the CEO can track and monitor who enters the lab during non-working hours, making it easier to identify any unauthorized individuals. This measure adds an extra layer of security and accountability, deterring potential thieves and ensuring that only authorized personnel have access to the lab and its confidential information.

Continuous monitoring can help reduce the likelihood of a brute force attack going undetected. By constantly monitoring the system logs and user account activities, any suspicious or unauthorized login attempts can be identified and addressed promptly. This allows the security administrator to take immediate action, such as blocking the attacker's IP address or implementing additional security measures, to prevent further unauthorized access and mitigate the impact of the attack. Continuous monitoring ensures that any unusual or malicious activities are detected in real-time, enhancing the overall security of the system.

SQL injection is a code injection technique used to attack data-driven applications, not a social engineering attack. Social engineering attacks manipulate individuals to gain access to sensitive information. Phishing uses deceptive emails or websites for this purpose. Pretexting involves creating a false scenario to gain trust. Baiting offers something enticing to lure victims into a trap.

The correct answer is A. SPoF, which stands for Single Point of Failure. In this scenario, the primary datacenter is experiencing an outage due to an HVAC malfunction, causing the node in the datacenter to lose power and become non-operational. This means that there is a single point of failure, as the organization does not have a backup or redundancy in place to ensure uninterrupted connectivity to the alternate datacenter. This highlights the importance of identifying and mitigating single points of failure to minimize the impact of such incidents.

PEAP (Protected Extensible Authentication Protocol) is the correct answer because it is an authentication protocol that supports mutual authentication between the wireless client and the authentication server. It also allows for authentication with usernames and passwords. EAP-FAST and EAP-TLS are also authentication protocols, but they do not specifically mention support for mutual authentication or authentication with usernames and passwords. EAP, on the other hand, is a general term for Extensible Authentication Protocol and does not specify a particular authentication method.

Implementing separation of duties for the payroll department would be the best method to prevent similar audit findings in the future. This means assigning different tasks and responsibilities to different individuals within the department, ensuring that no single employee has complete control over the payroll process. By implementing separation of duties, it reduces the risk of fraud or unauthorized access to confidential data, as multiple employees would need to collaborate to carry out any malicious activities. This control measure enhances accountability, transparency, and reduces the likelihood of errors or intentional misconduct.

The auditor is most concerned with clear text credentials because this means that sensitive information such as usernames and passwords are being transmitted over the network in plain text, making it easy for attackers to intercept and steal this information. This is a serious security risk as it can lead to unauthorized access to the web server and potentially compromise the company's data and systems.

The security analyst should use the "dig" command with the "axfr" option to test for unauthorized DNS zone transfers. This command allows the analyst to request a full zone transfer from the DNS server at example.org for the domain comptia.org. This will help the analyst determine if any unauthorized transfers are occurring within the LAN.

The Subject Alternative Name (SAN) attribute of a certificate should be taken advantage of because it provides extended site validation. This means that the certificate is able to verify and validate multiple domains, providing an added level of security. This is especially important for organizations that have multiple domains or subdomains that need to be protected. By using the SAN attribute, the security administrator can ensure that all these domains are properly validated and encrypted, enhancing the overall security of the communication.

The security administrator should use the "Ipconfig" tool to check the IP configuration of the system and verify if the default gateway has been tampered with. They should also use the "Tracert" tool to trace the route to the default gateway and identify any unexpected hops or deviations. Both of these tools can help the administrator detect and confirm a MITM attack targeting the default gateway.

The security administrator should recommend classifying each application into like security groups and segmenting the groups from one another. This approach allows for both the ease of administration desired by the database administrators and the segmentation required by the networking group. By grouping applications with similar security requirements together, it is possible to implement appropriate security measures for each group while still maintaining a level of ease in administration. This solution addresses the competing requirements and ensures that security is maintained across the network.

The correct answer is B. The presence of FIN, URG, and PSH flags in the packet header indicates that the attacker is using a technique called a TCP scan. By setting these flags, the attacker is attempting to determine the status of the TCP ports on the destination system. This type of scan is often used to identify open ports and potential vulnerabilities in a target system. Therefore, the presence of these flags suggests that the attack is being carried out through a TCP scan.

The administrator should implement geofencing and containerization to protect the data stored on the mobile devices. Geofencing allows the administrator to set up virtual boundaries around the warehouse, and if the devices leave this area, the secure container on the devices will be automatically destroyed. Containerization, on the other hand, provides a secure and isolated environment for the storage and processing of data on the devices, ensuring that the data is protected even if the devices are lost or stolen.

The CFO has requested ways to improve the organization's authorization controls. Role-based permissions allow for the assignment of specific access rights based on an individual's role within the organization, ensuring that employees only have access to the resources necessary for their job. Separation of duties involves dividing tasks and responsibilities among multiple individuals to prevent any single person from having too much control or access. Least privilege is the principle of granting users the minimum level of access necessary to perform their job functions, reducing the risk of unauthorized access. These controls address the CFO's request for improving authorization controls.

The security administrator determines that several accounts will not be used in production after reviewing the access logs and user accounts. To correct this deficiency, the administrator should implement host hardening. Host hardening involves securing the operating system and applications running on the host to reduce vulnerabilities and protect against unauthorized access. This can include removing unnecessary user accounts, disabling unnecessary services, and implementing security measures such as firewalls and intrusion detection systems. By hardening the host, the security administrator can ensure that only necessary and secure components are present in the system image for virtual machines.

Option B is the best choice because it restricts access to the share where the report resides to only human resources employees. By doing so, only authorized personnel will be able to access the share and prevent unauthorized printing of confidential reports. Enabling auditing will also allow for the tracking and monitoring of any access attempts, providing additional security and accountability. Option A, implementing a DLP solution, may help in preventing data leakage but does not specifically address the issue of unauthorized printing. Option C, having all members of the IT department review and sign the AUP and disciplinary policies, is unrelated to preventing unauthorized printing. Option D, placing human resources computers on a restricted VLAN, may limit access but does not specifically address the issue of unauthorized printing.

The company should use SCP (Secure Copy Protocol) to transfer files. The audit revealed that the files were being transferred in the clear, which means they were not encrypted and could be intercepted by unauthorized individuals. SCP is a secure file transfer protocol that uses SSH (Secure Shell) for encryption and authentication, ensuring that files are transferred securely and cannot be easily intercepted or tampered with. HTTPS (Hypertext Transfer Protocol Secure) is used for secure web communication, LDAPS (LDAP over SSL) is used for secure LDAP communication, and SNMPv3 (Simple Network Management Protocol version 3) is used for secure network management, but none of these protocols are specifically designed for secure file transfer like SCP.