Professor Messer - Security+ SY0-701: Exam A Flashcards
Revision of wrong questions
DMARC?
DMARC (Domain-based Message Authentication Reporting and
Conformance) specifies the disposition of spam emails. The legitimate
owner of the originating email domain can choose to have these messages
accepted, sent to a spam folder, or rejected.
SPF?
SPF (Sender Policy Framework) is a list of all authorized mail servers for
a specific domain. All legitimate emails would be sent from one of the
servers listed in the SPF configuration.
DKIM
DKIM (Domain Keys Identified Mail) provides a way to validate all digitally signed messages from a specific email server. DKIM does not determine how the receiving server categorizes these digitally signed
messages.
A system administrator receives a text alert when access rights are
changed on a database containing private customer information. Which
of the following would describe this alert?
❍ A. Maintenance window
❍ B. Attestation and acknowledgment
❍ C. Automation
❍ D. External audit
Automation ensures that compliance checks can be performed on a regular basis without the need for human intervention. This can be especially useful to provide alerts when a configuration change causes an organization to be out of compliance.
Attestation and acknowledgment
With compliance, the process of attestation and acknowledgment is the
final verification of the formal compliance documentation.
A user connects to a third-party website and receives this message:
Your connection is not private.
NET::ERR_CERT_INVALID
Which of the following attacks would be the MOST likely reason
for this message?
❍ A. Brute force
❍ B. DoS
❍ C. On-path
❍ D. Deauthentication
An on-path attack is often associated with a third-party who is actively intercepting network traffic. This entity in the middle would not be able to provide a valid SSL certificate for a third-party website, and this error
would appear in the browser as a warning.
A company stores some employee information in encrypted form, but
other public details are stored as plaintext. Which of the following would
BEST describe this encryption strategy?
❍ A. Full-disk
❍ B. Record
❍ C. Asymmetric
❍ D. Key escrow
Record-level encryption is commonly used with databases to encrypt
individual columns within the database. This would store some information in the database as plaintext and other information as encrypted data.
Key Escrow
Key escrow describes the storage and management of decryption keys by
a third-party
A company would like to minimize database corruption if power is lost to
a server. Which of the following would be the BEST strategy to follow?
❍ A. Encryption
❍ B. Off-site backups
❍ C. Journaling
❍ D. Replication
Journaling writes data to a temporary journal before writing the information to the database. If power is lost, the system can recover the last transaction from the journal when power is restored.
A security engineer runs a monthly vulnerability scan. The scan doesn’t
list any vulnerabilities for Windows servers, but a significant vulnerability
was announced last week and none of the servers are patched yet. Which
of the following best describes this result?
❍ A. Exploit
❍ B. Compensating controls
❍ C. Zero-day attack
❍ D. False negative
False negative
A false negative is a result that fails to detect an issue when one actually exists.
An IT help desk is using automation to improve the response time for
security events. Which of the following use cases would apply to this
process?
❍ A. Escalation
❍ B. Guard rails
❍ C. Continuous integration
❍ D. Resource provisioning
Automation can recognize security events and escalate a security-related ticket to the incident response team without any additional human
interaction.
What is guard rails?
Guard rails are used by application developers to provide a set of
automated validations to user input and behavior.
Resource provisioning
Resource provisioning can be automated during the on-boarding and
off-boarding process to quickly create or remove rights and permissions.
Resource provisioning is not commonly part of the automation associated
with security event notification.
. Which of the following describes two-factor authentication?
❍ A. A printer uses a password and a PIN
❍ B. The door to a building requires a fingerprint scan
❍ C. An application requires a pseudo-random code
❍ D. A Windows Domain requires a password and smart card
A Windows Domain requires a password and smart card
The multiple factors of authentication for this Windows Domain are a
password (something you know), and a smart card (something you have).
A company is deploying a new application to all employees in the field.
Some of the problems associated with this roll out include:
* The company does not have a way to manage the devices in theA Linux administrator is downloading an updated version of her Linux
distribution. The download site shows a link to the ISO and a SHA256
hash value. Which of these would describe the use of this hash value?
❍ A. Verifies that the file was not corrupted during the file transfer
❍ B. Provides a key for decrypting the ISO after download
❍ C. Authenticates the site as an official ISO distribution site
❍ D. Confirms that the file does not contain any malwarefield
* Team members have many different kinds of mobile devices
* The same device needs to be used for both corporate and private use
Which of the following deployment models would address these
concerns?
❍ A. CYOD
❍ B. SSO
❍ C. COPE
❍ D. BYOD
A COPE (Corporate-owned, Personally Enabled) device would solve the issue of device standardization and would allow the device to be used for both corporate access and personal use.
A Linux administrator is downloading an updated version of her Linux
distribution. The download site shows a link to the ISO and a SHA256
hash value. Which of these would describe the use of this hash value?
❍ A. Verifies that the file was not corrupted during the file transfer
❍ B. Provides a key for decrypting the ISO after download
❍ C. Authenticates the site as an official ISO distribution site
❍ D. Confirms that the file does not contain any malware
Verifies that the file was not corrupted during the file transfer
Once the file is downloaded, the administrator can calculate the file’s SHA256 hash and confirm that it matches the value on the website.
A company is installing a new application in a public cloud. Which of the following determines the assignment of data security in this cloud
infrastructure?
❍ A. Playbook
❍ B. Audit committee
❍ C. Responsibility matrix
❍ D. Right-to-audit clause
A cloud responsibility matrix is usually published by the provider to
document the responsibilities for all cloud-based services. For example,
the customer responsibilities for an IaaS (Infrastructure as a Service)
implementation will be different than SaaS (Software as a Service).
When decommissioning a device, a company documents the type and size of storage drive, the amount of RAM, and any installed adapter cards.
Which of the following describes this process?
❍ A. Destruction
❍ B. Sanitization
❍ C. Certification
❍ D. Enumeration
Enumeration describes the detailed listing of all parts in a particular
device. For a computer, this could include the CPU type, memory, storage
drive details, keyboard model, and more.
A company is in the process of configuring and enabling host-based firewalls on all user devices. Which of the following threats is the company addressing?
❍ A. Default credentials
❍ B. Vishing
❍ C. Instant messaging
❍ D. On-path
Instant messaging is commonly used as an attack vector, and one way to help protect against malicious links delivered by instant messaging is a
host-based firewall.
A user has opened a helpdesk ticket complaining of poor system performance, excessive pop up messages, and the cursor moving without anyone touching the mouse. This issue began after they opened a spreadsheet from a vendor containing part numbers and pricing information. Which of the following is MOST likely the cause of this
user’s issues?
❍ A. On-path
❍ B. Worm
❍ C. Trojan horse
❍ D. Logic bomb
Since a Trojan horse is usually disguised as legitimate software, the
victim often doesn’t realize they’re installing malware. Once the Trojan is
installed, the attacker can install additional software to control the infected
system.
The security policies in a manufacturing company prohibit the
transmission of customer information. However, a security administrator
has received an alert that credit card numbers were transmitted as an
email attachment. Which of the following was the MOST likely source
of this alert message?
❍ A. IPS
❍ B. DLP
❍ C. RADIUS
❍ D. IPsec
DLP (Data Loss Prevention) technologies can identify and block the transmission of sensitive data across the network.
A company would like to securely deploy applications without the
overhead of installing a virtual machine for each system. Which of the
following would be the BEST way to deploy these applications?
❍ A. Containerization
❍ B. IoT
❍ C. Proxy
❍ D. RTOS
Application containerization uses a single virtual machine to use as a
foundation for separate application “containers.” These containers are
implemented as isolated instances, and an application in one container is
not inherently accessible from other containers on the system.
