CompTIA Security+ Certification SYO-701 Exam Questions 2 Flashcards
A recent security audit found that your VPN allows split tunneling. The auditors preferred to require full tunneling on the VPN. What security risk are the auditors attempting to mitigate?
The user’s corporate Active Directory (AD) credentials can leak out of the split tunnel and be exposed to the Internet.
Attacks that come from the public network could be routed through the endpoint and potentially bypass network perimeter controls of the organization.
The VPN will bypass all network intrusion detection and prevention technologies as the host is on a trusted network segment.
Split-tunnel VPNs can avoid external email filtering by sending emails through directly to the main corporate email server.
** “Attacks that come from the public network…” is correct.**
A split-tunnel VPN can potentially allow an attack from the untrusted Internet to attack the endpoint and then potentially allow that compromise into the organization from an unexpected network location.
After recent phishing attacks through email, you decide to implement a solution internally where employees can be assured of the authenticity of messages from other employees. Which email feature should you implement?
Encryption
URL scanning
Digital signatures
Spam filtering
** “Digital signatures” is correct. **
Digital signatures are created with the sender’s private key. Recipients verify the signature validity with the sender’s related public key. Digital signatures assure the recipient that the message has not been tampered with and comes from who it says it came from.
Which term is defined as a weakness that can be exploited by a threat?
Vulnerability
Threat
Internal
Impact
** “Vulnerability” is correct.**
Vulnerability is a weakness that can be exploited by a threat.
Which of the following are two characteristics of strong passwords? (Select two choices)
Encryption strength
Password length
Authentication methods
Use of additional character space
** “Password length” ** and ** “Use of additional character space” ** are correct.
The password length and the use of additional character space are two important characteristics of password strength and complexity.
Which of the following is the name given to the process of assigning permissions or authorities to objects?
Quality assurance
Integrity measurement
Staging
Provisioning
** “Provisioning” is correct. **
This is a description of the provisioning process. Users can be provisioned into groups, and computer processes or threads can be provisioned to higher levels of authority when executing.
What is the name of an enclosure of conductive material that is grounded with no significant gap in the enclosure material, the purpose of which is to help shield EMI, especially in high radio frequency environments?
Faraday cage
Demilitarized zone enclosure
Vault
Air gap box
** “Faraday cage” is correct. **
This is a description of a Faraday cage. It can encompass an entire room or be the size of a specific item, such as a smaller cage that encases just a single smartphone.
Which phase of the incident response process involves restoring normal business operations?
Containment
Recovery
Eradication
Identification
** “Recovery” is correct. **
Recovery is the process of returning assets to their business function and restoring normal operations.
“Identification” is incorrect. Identification is when the team recognizes the incident and notifies the incident response team.
“Containment” is incorrect. Containment involves the actions taken to constrain the incident.
“Eradication” is incorrect. Eradication involves removing the problem.
What is the name given to parts of an organization that perform their own IT functions?
Clandestine IT
Mirror IT
Secondary IT
Shadow IT
** “Shadow IT” is correct. **
Shadow IT is the name given to the parts of an organization that perform their IT functions. These groups rise out of a desire to “get things done” when central IT does not respond in what the unit considers to be a reasonable timeframe.
You have fallen victim to a social media phishing scam. After receiving an email notification of a video of you from the past, you clicked the link, which played a generic stock video, and you realized it was a scam. What is the first thing you should do?
Run a full malware scan on your device.
Delete the email message.
Notify your company’s IT security officer.
Disconnect your device from the network.
** “Disconnect your device from the network” is correct. **
Clicking malicious links and executing programs or media files can infect a device. While many actions should take place to contain the potential malware, the easiest and first thing that should be done is to disconnect the device from all networks. All users should receive security awareness training that emphasizes this type of immediate response.
All of the following are characteristics of the RADIUS authentication protocol, except:
RADIUS encrypts user passwords during the authentication process.
RADIUS uses UDP port 1812.
RADIUS accepts earlier forms of authentication protocols, such as PAP.
RADIUS uses TCP port 1812.
** “RADIUS uses TCP port 1812” is correct. **
RADIUS does not use TCP.
Which of the following details the specific access levels that individuals or entities may have when interacting with objects?
Access control list
Metadata table
Rule-based access control
Access approval list
** “Access control list” is correct. **
An access control list (ACL) is a physical or logical list that details specific access levels individuals or entities may have when interacting with objects. An ACL is also used on network devices to determine how traffic from various users can enter and exit a network device and access internal hosts.
Which of the following terms indicates the amount of time it takes for a hardware component to recover from failure?
Mean time to failure
Mean time to replace
Mean time to recovery (MTTR)
Mean time between failures (MTBF)
** “Mean time to recovery” is correct. **
Mean time to recovery (MTTR) is the amount of time it takes for a hardware component to recover from failure.
All of the following are supporting elements of authorization, except:
Credential validation
Principle of least privilege
Separation of duties
Rights, permissions, and privileges
** “Credential validation” is correct. **
Validating credentials is an important aspect of authentication, not authorization.
Which of the following types of attacks can be prevented by using TLS 1.3?
Pass the hash
Driver manipulation
SSL stripping
DLL injection
** “SSL stripping” is correct. **
Secure Sockets Layer (SSL) stripping is an on-path (man-in-the-middle) attack against all SSL and early versions of TLS connections (TLS 1.0 and 1.1). The attack works by intercepting the initial connection request for HTTPS, redirecting it to an HTTP site, and meditating in the middle. TLS 1.3 has specific protections built into it to defeat SSL stripping and other man-in-the-middle attacks.
What is the initialization vector (IV) used for in a wireless communications protocol?
To ensure no other radios are operating on the same spectrum
As the starting port number for a network connection
To communicate the exact key length of the protocol
As the randomization element at the beginning of a
** “As the randomization element at the beginning of a connection” is correct. **
The initialization vector (IV) is used in wireless systems as the randomization element at the beginning of a connection. A good IV will help prevent attackers from decrypting the wireless traffic.
The process of verifying an identity previously established in a computer system is known as which of the following?
Auditability
Authorization
Accountability
Authentication
** “Authentication” is correct. **
This is a description of authentication. This is frequently confused with authorization, which describes what a user can do on the system.
Which of the following is not a recognized attack vector?
Firewalls
Supply chain
Direct access
** “Firewalls” is correct. **
Firewalls are defensive systems meant to protect an organization and are not an attack vector (or method)
“Direct access” is incorrect. Direct access refers to direct access to a target system. It is one of the most effective attack vectors, as there’s usually no barrier between the attacker and the targeted system.
“Email” is incorrect. Email is an attack vector often used in social engineering attacks such as phishing.
“Supply chain” is incorrect. A supply chain is an attack vector where the attacker attempts to compromise a component used in the system before the final product is assembled (for example, infecting hard drives before they are placed into servers by the manufacturer).
Your company hosts public web servers that allow connections directly to TCP port 80 over HTTP and are configured with public IPv4 addresses. You need to enable connections to company HTTP servers using HTTPS while hiding the true identities of the servers. Which security solutions should you implement? (Select two choices)
PKI certificate
Reverse proxy server
Source network address translation
VPN
** “PKI certificate”** and ** “Reverse proxy server”** are correct. Transport layer security (TLS) uses a public key infrastructure (PKI) certificate to secure network communications, such as an HTTPS web server over TCP port 443 by default.
Reverse proxy servers accept client requests for network services and route those to backend servers hidden behind the proxy; the true identities of backend servers are never
Which of the following statements about open permissions are true? (Select two choices)
The risk associated with open permissions is context-dependent.
A file with open permissions might be accessible to anyone, including guest accounts.
Only files can have open permissions.
Files with open permissions are always of little value.
** “A file with open permissions might be accessible to anyone, including guest accounts”** and ** “The risk associated with open permissions is context dependent” ** are correct. A file with open permissions is equivalent to a file with no access control protections, meaning it may be accessible by anyone with access to the system, including unauthorized, anonymous, and guest accounts. The risk associated with open permissions is context-dependent depend on the file or directory with the open permissions. A directory of memes with open permissions is low risk. A file containing accounts and passwords with open permissions is high risk.
Custom-built software running on an internal Windows server communicates over TCP port 4489.
You need to configure a firewall solution to allow traffic destined for port 4489 from the IP address range assigned to the sales team subnet.
Which type of firewall should you configure while minimizing administrative effort and cost?
SD-WAN
Layer 4 firewall
Content-filtering firewall
VPN
** “Layer 4 firewall” is correct.**
Layer 4 of the OSI model (the transport layer) applies to transport protocols such as TCP and UDP as well as port numbers used by network services. A layer 4 firewall implies the ability to also read packet headers at lower levels of the OSl model, including layer 3 (the network layer), which applies to IP addresses.
Senarios 1
IT Admin: That last attack did some real damage! We need to add systems that identify malicious activity on our network immediately.
**
Security Control Remediation Needed:
Technical
Functional Type Remediation Needed:
Detective
Control Remediation Needed:
Set up Firewall
**
Senario2
CEO: Our employees are visiting bad, unsecure websites way too often, but have we even stated that they shouldn’t be doing this yet?
**
Security Control Remediation Needed:
Operational
Functional Type Remediation Needed:
Directive
Control Remediation Needed:
Update Policy
**
Senario3
CIO: It appears that anyone could possibly walk into the server room. We need to evaluate and ensure only authorized people can enter.
**
Security Control Remediation Needed:
Physical
Functional Type Remediation Needed:
Preventive
Control Remediation Needed:
Install Keycard
**
A large multimedia company is experiencing a distributed denial of service (DDoS) attack that has led the company’s platform to become unresponsive.
Customers are submitting tickets complaining that they can no longer access the platform and cannot complete their work. What BEST describes what the company is going through?
A. Service disruption
B. Data exfiltration
C. Disinformation
D. Insider threat
** Correct Answer: A. Service disruption **
Service disruption prevents an organization from working as it usually does. This disruption could involve an attack on its website, such as a denial of service attack or using malware to block access to servers and employee workstations.
Data exfiltration refers to the attack where an actor transfers a copy of some valuable information from a computer or network without authorization.
Disinformation refers to falsifying a trusted resource, such as changing a website’s content, manipulating search engines to inject fake sites, or using bots to post false information on social media sites.