CompTIA Security+ SY0-701 Practice Exam1 Flashcards
Which of the following types of factors could be used to describe a fingerprint-based method of logging in and authenticating to a touchscreen device?
Something you are.
Something you have.
Something you know.
Something you do.
** Answer: Something you are. **
In a vulnerability scan, a reported vulnerability that is not a vulnerability is known as which of the following?
False negative
False positive
Negative positive
Vulnerability assessment
** Answer: False positive **
“False positive” is correct. A reported vulnerability that is not a real vulnerability is known as a false positive.
You get an indicator for something, but that indicator is wrong and should not have been reported.
Which of the following statements about bug bounty programs are true? (Select two choices)
They are usually open to the public.
Companies pay people to find vulnerabilities in their software.
They are not used by reputable companies.
Discovered bugs are worth very little.
** Answer: a, b **
“Companies pay people to find vulnerabilities in their software” and “They are usually open to the public” are correct. Bug bounty programs are mechanisms where companies pay hackers to reveal the details of vulnerabilities discovered in software and/or hardware products, providing the company an opportunity to correct an issue before it is exploited for malicious purposes. Also, bug bounty programs are usually open to the public, as companies like to have as many people testing their software as possible.
When information is converted to an unreadable state using cryptography, in what form is the information?
Plaintext
Hash
Ciphertext
Message digest
** Answer: Ciphertext **
Ciphertext is a result of the encryption process; it is encrypted text.
Travis just got promoted to network administrator after the previous administrator left rather abruptly. Three new hires need onboarding with user accounts. When Travis looks at all the existing account names, he notices there is no common naming system. Where should he look to try to give the new hires user accounts with proper naming conventions?
The Sarbanes-Oxley regulation
Microsoft best practices
The company’s account policy
The most pertinent FIPS documentation
** Answer: The company’s account policy **
The company’s account policy will guide how to deal with naming systems for new user accounts.
Which of the following allows for the mixing of business and personal matters?
Segmentation
Biometrics
Authentication
Containerization
** Answer: Containerization **
Containerization divides a device into containers holding company information, and the other holding personal information.
You are asked to prepare a brief for senior management about insider threats. You detail the use of data loss prevention (DLP) as a major factor in identifying and protecting against insider threats. What is the primary reason DLP can protect against these threats?
Avoiding data leakage through malware
Prevention of critical data not being backup up properly
Prevention of sensitive data being transferred in an unauthorized manner
Prevention of access to confidential data by unauthorized personnel
** Answer:
Prevention of sensitive data being transferred in an unauthorized manner
**
DLP is designed to prevent sensitive data from being moved into storage that could allow it to be transferred outside an organization, or to prevent sensitive data from being sent via email or other network-based transfers.
Which of the following concepts should be the most important consideration when determining how to budget properly for security controls?
Qualitative costs
Asset identification
Threat of natural disasters
Risk likelihood and impact
** Answer: Risk likelihood and impact **
“Risk likelihood and impact” is correct. The risk likelihood and impact should directly determine how much you budget for controls to prevent the occurrence of
Which is not a specific type of recovery site?
Hot site
Warm site
Cold site
Geographic site
** Answer: Geographic site **
Geographic site is not a specific type of recovery site.
What is one major disadvantage external actors have when compared to internal actors?
External actors never obtain root/administrator access.
External actors have to establish access to the systems they want to attack.
External actors have little to no funding.
External actors do not have access to zero day attacks.
** Answer:
External actors have to establish access to the systems they want to attack.
**
External actors have to establish access to the systems they want to attack. Internal actors are often employees or even administrators of the organization; they already have access into the organization and systems being attacked.
Your organization wants you to create and implement a policy that will detail proper use of its information systems during work hours. Which of the following is the best choice?
Due care
Acceptable-use policy
Service level agreement
Access control policies
** Answer: AUP (Acceptable-use policy) **
An acceptable-use policy details what is (and is not) acceptable for users to do during their working hours, including personal use and unacceptable activities on the company network, such as gambling and pornography.
You have received reports that several hosts in your company’s internal network are sluggish and unresponsive. After troubleshooting other items, you decide to use a sniffer to examine the network traffic coming into the host. You see that massive amounts of ICMP broadcasts are being sent on the network. The switch is having trouble processing all of this traffic, due to repeated ICMP replies, causing it to slow down. Which of the following is the most likely explanation for this?
Man-in-the-middle attack
Flood attack
Malware attack
Phishing attack
** Answer: Flood attack **
A flood is a type of network attack based upon confusing a switch with ICMP traffic.
What resides on network devices and filters traffic coming into and out of the device?
SNMP
Syslog
SMTP
ACL
** Answer: ACL **
An access control list (ACL) resides on network devices and filters traffic coming into and out of the device.
Why is time synchronization an important function for a SIEM system to perform?
All systems rely on UTC to record time.
It’s important to compare events in both local time for local events and UTC.
Rules and implementation of daylight saving time are stable and consistent.
Most companies are geographically centralized in a global market.
** Answer:
It’s important to compare events in both local time for local events and UTC.
**
SIEM systems can simplify the maintenance and correlation of local events to UTC.
Which of the following involves the use of rules and analytical engines to identify predetermined patterns and react to them?
Event deduplication
NAC
Standalone
Automated alerting
** Answer: Automated alerting **
Automated alerting uses rules and analytical engines to identify predetermined patterns and issue alerts or react to them.
Which of the following formal management efforts is a formalized process that involves both long-term and short-term infrastructure changes?
Patch management
Account management
Upgrade management
Change management
** Answer: Change management **
Change management is a formalized process that involves both long-term and short-term infrastructure changes, as well as configuration changes to hosts and networks.
Which of these items are considered “unsecure” protocols? (Select three choices)
HTTP
SSH
Telnet
FTP
** Answer: HTTP, Telnet, FTP **
HTTP, or Hypertext Transfer Protocol, is an unencrypted web protocol.
Because it is unencrypted, anyone with the ability to view/capture HTTP traffic can see everything sent and received in an HTTP session. FTP, or File Transfer Protocol, is an unencrypted file transfer protocol. Because it is unencrypted, anyone with the ability to view/capture the FTP session can see everything sent and received in that FTP session, including the files transferred and the contents of those files. Finally, Telnet is an unencrypted application protocol used to provide bidirectional, interactive, text-oriented communication between a client and a server. Anyone with the ability to sniff the traffic could see everything passed in the Telnet session, including passwords.
Your web application developers come to you and request affinity scheduling from the load balancers. Why does a web application benefit from affinity scheduling?
a. Affinity scheduling helps web servers know the source of the traffic.
b. Affinity scheduling reduces the total number of connections to the web application by offloading the TLS operations.
c. Affinity scheduling can allow a user to stay logged in to a session instead of opening a new session each time they are sent to a new server host.
d. Affinity scheduling allows the load balancer to move traffic to the closest server, reducing overall latency.
** Answer: C **
Affinity scheduling sends each subsequent request to the same web server, allowing the server to track the session state even though HTTP/HTTPS is a stateless protocol.
Which of the following terms indicates the length of time a device is expected to last in operation, and only a single, definitive failure will occur and will require that the device be replaced rather than repaired?
Mean time between failures
Mean time to recovery
Mean time to failure
Mean time to replace
** Answer: MTTF (Mean time to failure) **
The mean time to failure (MTTF) is the length of time a device is expected to last in operation. In MTTF, only a single, definitive failure will occur and will require that the device be replaced rather than repaired.
Which of the following is a software or a hardware appliance responsible for balancing user requests and network traffic among several different physical or virtualized hosts?
Host operating system
Hypervisor
Guest operating system
Load balancer
** Answer: Load balancer**
A load balancer is a piece of application software
You are conducting a penetration test for a vehicle repair shop. The environment consists of a guest Wi-Fi network requiring a security code, which is printed on a piece of paper in the guest waiting area. The employee computers are connected to a separate wired network in the office. After posing as a legitimate customer, you wait in the guest lounge connect to the Wi-Fi network, and capture network traffic using a network protocol analyzer program. After analyzing captured traffic, you realize that the Wi-Fi router appears to be using vulnerable network protocols.
To which penetration testing phase does this activity apply?
Scanning
Gaining access
Maintaining access
Reconnaissance
** Answer: Reconnaissance **
Reconnaissance means learning as much as possible about attack targets. Capturing network traffic is considered passive; there is no reaching out and scanning of some or all hosts and devices on the network.
Which of the following refers to the collecting of information in a central place, in a common format, to facilitate analysis and decision making?
Time synchronization
Aggregation
USB blocking
Controller-based
** Answer: Aggregation **
Aggregation is the collecting of information in a central place, in a common format, to facilitate analysis and decision-making.
For which of the following should employees receive training to establish how they are to treat information of differing sensitivity levels?
Information classification
Clean desk policies
Protection of personally identifiable information on social media
Data Disposal
** Answer: Information classification **
An organization’s information classification policy not only outlines what level of security protection certain data receives, but also serves to instruct employees on how to treat sensitive data.
Which of the following is a list of known vulnerabilities in software systems?
Common Vulnerabilities and Exposures
Intelligence Fusion
Vulnerability Scoring System
Credentialed Scan
** Answer: Common Vulnerabilities and Exposures **
The Common Vulnerabilities and Exposures (CVE) enumeration is a list of known vulnerabilities in software systems. Each vulnerability in the list has an identification number, a description, and reference.