Sec+ 601 study guide Part 4 Flashcards
When selecting a technical solution for identity management, an architect chooses to go from an in-house solution to a third party SaaS provider. Which of the following risk management strategies is this an example of?
A. Transference
B. Avoidance
C. Acceptance
D. Mitigation
A. Transference
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?
A. Salting the magnetic strip information
B. Encrypting the credit card information in transit
C. Hashing the credit card numbers upon entry
D. Tokenizing the credit cards in the database
D. Tokenizing the credit cards in the database
A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?
A. A firewall
B. A device pin
C. A USB data blocker
D. Biometrics
C. A USB data blocker
An analyst visits an Internet forum looking for information about a tool. The analyst finds a thread that appears to contain relevant information. One of the posts says the following:
Hello everyone
I am having the same problem with my server/ Can you help me?
Onload=sqlexec();
Thank You,
Kenny
Which of the following BEST describes the attack that was attempted against the forum readers? A. SQLi attack B. DLL attack C. XSS attack D. API attack
C. XSS attack
A network administrator would like to configure a site-to-site VPN utilizing IPsec. The administrator wants the tunnel to be established with data integrity, encryption, authentication, and anti-replay functions. Which of the following should the administrator use when configuring the VPN?
A. AH
B. EDR
C. ESP
D. DNSSEC
C. ESP
Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log in to any thin client located throughout the building and see the same desktop each time. Which of the following technologies are being utilized to provide these capabilities? (Choose two.)
A. COPE B. VDI C. GPS D. TOTP E. RFID F. BYOD
B. VDI
E. RFID
The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause
of the CRO’s concerns?
A. SSO would simplify username and password management, making it easier for hackers to guess accounts.
B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
C. SSO would reduce the password complexity for frontline staff.
D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.
D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.
A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?
A. Set up an air gap for the switch.
B. Change the default password for the switch.
C. Place the switch in a Faraday cage.
D. Install a cable lock on the switch.
B. Change the default password for the switch.
A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use?
A. SDP B. AAA C. IaaS D. MSSP E. Microservices
D. MSSP
A security assessment determines DES and 3DES are still being used on recently deployed
production servers. Which of the following did the assessment identify?
A. Unsecure protocols
B. Default settings
C. Open permissions
D. Weak encryption
D. Weak encryption
Which of the following types of controls is a turnstile?
A. Physical
B. Detective
C. Corrective
D. Technical
A. Physical
Which of the following describes the BEST approach for deploying application patches?
A. Apply the patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems.
B. Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems.
C. Test the patches in a test environment, apply them to the production systems, and then apply them to a staging environment.
D. Apply the patches to the production systems, apply them in a staging environment, and then test all of them in a testing environment.
A. Apply the patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems.
A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the Internet. While reviewing logs and tool output, the analyst sees the following:
IP address. Physical address
- 0.0.1 00-18-21-ad-24-bc
- 0.0.114 00-31-a3-cd-23-ab
- 0.0.115 00-18-21-ad-24-bc
- 0.0.116 00-19-08-ba-07-da
- 0.0.117 00-12-21-ca-11-ad
Which of the following attacks has occurred? A. IP conflict B. Pass-the-hash C. MAC flooding D. Directory traversal E. ARP poisoning
E. ARP poisoning
After entering a username and password, an administrator must draw a gesture on a touchscreen. Which of the following demonstrates what the administrator is providing?
A. Multifactor authentication
B. Something you can do
C. Biometrics
D. Two-factor authentication
B. Something you can do
An organization suffered an outage, and a critical system took 90 minutes to come back online. Though there was no data loss during the outage, the expectation was that the critical system would be available again within 60 minutes. Which of the following is the 60-minute expectation an example of?
A. MTBF
B. RPO
C. MTTR
D. RTO
D. RTO
Joe, a user at a company, clicked an email links that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware?
A. Install a definition-based antivirus.
B. Implement an IDS/IPS
C. Implement a heuristic behavior-detection solution.
D. Implement CASB to protect the network shares.
C. Implement a heuristic behavior-detection solution.
An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?
A. hping3 –S comptia.org –p 80
B. nc –l –v comptia.org –p 80
C. nmap comptia.org –p 80 –sV
D. nslookup –port=80 comptia.org
C. nmap comptia.org –p 80 –sV
A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive’s accounts. Which of the following security practices would have addressed the issue?
A. A non-disclosure agreement
B. Least privilege
C. An acceptable use policy
D. Offboarding
D. Offboarding
A security analyst is performing a forensic investigation involving compromised account credentials. Using the Event Viewer, the analyst was able to detect the following message:
“Special privileges assigned to new logon.”
Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?
A. Pass-the-hash
B. Buffer overflow
C. Cross-site scripting
D. Session replay
A. Pass-the-hash
A systems administrator needs to implement an access control scheme that will allow an object’s access policy to be determined by its owner. Which of the following access control schemes BEST fits the requirements?
A. Role-based access control
B. Discretionary access control
C. Mandatory access control
D. Attribute-based access control
B. Discretionary access control
cybersecurity analyst reviews the log files from a web server and sees a series of files that indicate a directory-traversal attack has occurred. Which of the following is the analyst MOST likely seeing?
A.http://sample.url.com/Please-Visit-Our-Phishing-Site
B.http://sample.url.com/someotherpageonsite/../../../etc/shadow
C.http://sample.url.com/select-from-database-where-password-null
D.http://redirect.sameple.url.sampleurl.com/malicious-dns-redirect
B.http://sample.url.com/someotherpageonsite/../../../etc/shadow
A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?
A. Implement full tape backups every Sunday at 8:00 p.m. and perform nightly tape rotations.
B. Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00 p.m.
C. Implement nightly full backups every Sunday at 8:00 p.m.
D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.
D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.
An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering if the organization may need to scale down just as quickly as it scaled up. The CIO is also concerned about the organization’s security and customer privacy. Which of the following would be BEST to address the CIO’s concerns?
A. Disallow new hires from using mobile devices for six months.
B. Select four devices for the sales department to use in a CYOD model.
C. Implement BYOD for the sales department while leveraging the MDM.
D. Deploy mobile devices using the COPE methodology.
C. Implement BYOD for the sales department while leveraging the MDM.
A malicious actor recently penetrated a company’s network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know what was in the memory on the compromised server. Which of the following files should be given to the forensics firm?
A. Security
B. Application
C. Dump
D. Syslog
C. Dump
