Security+ SYO-501 - Quiz Flashcards
An attacker has decided to attempt to compromise your organization’s network. They have already determined the ISP you are using and know your public IP addresses. They have also performed port scanning to discover your open ports. What communications technique can the hacker now use to identify the applications that are running on each open port facing the Internet? A. Credentialed penetration test B. Intrusive vulnerability scan C. Banner grabbing D. Port scanning
Q1.1
C. Banner grabbing
C. Banner grabbing is the communications technique a hacker can use to identify the product that is running on an open port facing the Internet.
You are the security manager for a large organization. Your NIDS has reported abnormal levels of network activity and several systems have become unresponsive. While investigating the causes of these issues, you discover a rootkit on your mission-critical database server. What is the best step to take to return this system to production? A. Reconstitute the system. B. Run an antivirus tool. C. Install a HIDS. D. Apply vendor patches.
Q1.2
A. Reconstitute the system.
A. The only real option to return a system to a secure state after a rootkit is reconstitution
If user awareness is overlooked, what attack is more likely to succeed? A. Man-in-the-middle B. Reverse hash matching C. Physical intrusion D. Social engineering
Q1.3
D. Social engineering
D. Social engineering is more likely to occur if users aren’t properly trained to detect and prevent it. The lack of user awareness training won’t have as much impact on man-in-the-middle, reverse hash-matching, or physical intrusion attacks.
A pirated movie-sharing service is discovered operating on company equipment. Administrators do not know who planted the service or who the users are. What technique could be used to attempt to trace the identity of the users? A. Typo squatting B. Integer overflow C. Watering hole attack D. Ransomware
Q1.4
C. Watering hole attack
C. A watering hole attack could be used to plant phone-home-to-identity malware on the systems of subsequent visitors.
You are the IT security manager for a retail merchant organization that is just going online with an e-commerce website. You hired several programmers to craft the code that is the backbone of your new web sales system. However, you are concerned that while the new code functions well, it might not be secure. You begin to review the code, systems design, and services architecture to track down issues and concerns. Which of the following do you hope to find in order to prevent or protect against XSS? A. Input validation B. Defensive coding C. Allowing script input D. Escaping metacharacters
Q1.5
A. Input validation
B. Defensive coding
D. Escaping metacharacters
A, B, and D. A programmer can implement the most effective way to prevent XSS by validating input, coding defensively, escaping metacharacters, and rejecting all script-like input.
What type of virus attempts to disable security features that are focused on preventing malware infection? A. Retrovirus B. Polymorphic C. Companion D. Armored
Q1.6
A. Retrovirus
A. Retroviruses specifically target antivirus systems to render them useless.
What does the acronym RAT stand for? A. Random Access Token B. Remote Authentication Testing C. Random Authorization Trajectory D. Remote Access Trojan
Q1.7
D. Remote Access Trojan
D. A RAT is a remote access Trojan. A RAT is a form of malicious code that grants an attacker some level of remote control access to a compromised system.
What form of social engineering attack focuses on stealing credentials or identity information from any potential target? A. Phishing B. Tailgating C. Dumpster diving D. Logic bomb
Q1.8
A. Phishing
A. Phishing is a form of social engineering attack focused on stealing credentials or identity information from any potential target. It is based on the concept of fishing for information. Phishing is employed by attackers to obtain sensitive information such as usernames, passwords, credit card details, or other personally identifiable information by masquerading as a trustworthy entity (a bank, a service provider, or a merchant, for example) in electronic communication (usually email).
What type of service attack positions the attacker in the communication path between a client and a server? A. Session hijacking B. Man-in-the-middle C. Amplification D. Replay
Q1.9
B. Man-in-the-middle
B. A man-in-the-middle attack is a communications eavesdropping attack. Attackers position themselves in the communication stream between a client and server (or any two communicating entities). The client and server believe that they’re communicating directly with each other—they may even have secured or encrypted communication links.
What form of attack abuses a program’s lack of length limitation on the data it receives before storing the input in memory and can lead to arbitrary code execution? A. ARP poisoning B. XSS C. Domain hijacking D. Buffer overflow
Q1.10
D. Buffer overflow
D. A buffer overflow attack occurs when an attacker submits data to a process that is larger than the input variable is able to contain. Unless the program is properly coded to handle excess input, the extra data is dropped into the system’s execution stack and may execute as a fully privileged operation.
What is a programmatic activity that restricts or reorganizes software code without changing its externally perceived behavior or produced results? A. Buffer overflow B. Pass the hash C. Refactoring D. Shimming
Q.1.11
C. Refactoring
C. Refactoring is restricting or reorganizing software code without changing its externally perceived behavior or produced results. Refactoring focuses on improving software’s nonfunctional elements (quality attributes, nonbehavioral requirements, service requirements, or constraints). Refactoring can improve readability, reduce complexity, ease troubleshooting, and simplify future expansion and extension efforts.
What wireless attack is able to trick mobile device users into connecting into its man-in-the-middle style of attack by automatically appearing as if it is a trusted network that they have connected to in the past? A. Replay B. Evil twin C. Bluesnarfing D. Disassociation
Q1.12
B. Evil twin
B. Evil twin is an attack where a hacker operates a false access point that will automatically clone or twin the identity of an access point based on a client device’s request to connect. Each time a device successfully connects to a wireless network, it retains a wireless profile in its history.
What type of hacker hacks for a cause or purpose, knowing that they may be identified, apprehended, and prosecuted? A. Hacktivist B. Script kiddie C. Nation-state hacker D. Internal attacker
Q1.13
A. Hacktivist
A. A hacktivist is someone who uses their hacking skills for a cause or purpose. A hacktivist commits criminal activities for the furtherance of their cause. A hacktivist attacks targets even when they know they will be identified, apprehended, and prosecuted. They do this because they believe their purpose or cause is more important than themselves.
When an attacker selects a target, they must perform reconnaissance to learn as much as possible about the systems and their configuration before launching attacks. What is the term for the gathering of information from any publicly available resource, such as websites, social networks, discussion forums, file services, and public databases? A. Banner grabbing B. Port scanning C. Open-source intelligence D. Enumeration
Q1.14
C. Open-source intelligence
C. Open source intelligence is the gathering of information from any publicly available resource. This includes websites, social networks, discussion forums, file services, public databases, and other online sources. This also includes non-Internet sources, such as libraries and periodicals.
What penetration testing or hacking term refers to the concept of continuing an intrusion after an initial compromise in order to further breach an organization by focusing on new targets that may not have been accessible initially? A. Man-in-the-browser B. Pivot C. Daisy chaining D. Shimming
Q1.15
B. Pivot
B. In penetration testing (or hacking in general), a pivot is the action or ability to compromise a system, then using the privileges or accessed gained through the attack to focus attention on another target that may not have been visible or exploitable initially. It is the ability to adjust the focus or the target of an intrusion after an initial foothold is gained.
What is the term for an attack or exploit that grants the attacker greater privileges, permissions, or access than what may have been achieved by the initial exploitation? A. Hoax B. Impersonation C. Piggybacking D. Privilege escalation
Q1.16
D. Privilege escalation
D. Privilege escalation is an attack or exploit that grants the attacker greater privileges, permissions, or access than may have been achieved by the initial exploitation.
What type of information-gathering tactics rely on direct interaction with the target while attempting to avoid being detected as malicious? A. Passive reconnaissance B. Banner grabbing C. Active reconnaissance D. Social engineering
Q1.17
C. Active reconnaissance
C. Active reconnaissance is the idea of collecting information about a target through interactive means. By directly interacting with a target, the attacker can collect accurate and detailed information quickly but at the expense of potentially being identified as an attacker rather than just an innocent, benign, random visitor.
What type of test of security controls is performed with an automated vulnerability scanner that seeks to identify weaknesses while listening in on network communications? A. Active B. Passive C. External D. Noncredentialed
Q1.18
B. Passive
B. A passive test of security controls is being performed when an automated vulnerability scanner is being used that seeks to identify weaknesses while listening in on network communications.
What is the term used to describe systems that are no longer receiving updates and support from their vendors? A. Passive B. Embedded C. End-of-life D. Static
Q1.19
C. End-of-life
C. End-of-life systems are those that are no longer receiving updates and support from their vendor. If an organization continues to use an end-of-life system, the risk of compromise is high because any future exploitation will never be patched or fixed. It is of utmost important to move off end-of-life systems in order to maintain a secure environment.
What is present on a system for ease of installation and initial configuration in order to minimize support calls from new customers? A. Default configuration B. Resource exhaustion trigger C. Buffer overflow flaw D. Collision tool
Q1.20
A. Default configuration
A. Default configurations should never be allowed to remain on a device or within an application. Defaults are such for ease of installation and initial configuration in order to minimize support calls from new customers.
You are implanting a new network for a small office environment. The network includes a domain controller, four resource servers, a network printer, a wireless access point, and three dozen client systems. In addition to standard network management devices, such as switches and routers, why would you want to deploy a firewall?
A. To watch for intrusions
B. To control traffic entering and leaving a network
C. To require strong passwords
D. To prevent misuse of company resources
Q2.01
As the security administrator for a moderate-sized network, you need to deploy security solutions to reduce the risk of a security breach. You elect to install a network-based IDS. However, after deployment you discover that the NIDS is not suitable for detecting which of the following?
A. Email spoofing
B. Denial-of-service attacks
C. Attacks against the network
D. Attacks against an environment that produces significant traffic
Q2.02
Illegal or unauthorized zone transfers are a significant and direct threat to what type of network server? A. Web B. DHCP C. DNS D. Database
Q2.03
What mechanism of loop protection is based on an element in a protocol header? A. Spanning Tree Protocol B. Ports C. Time to live D. Distance vector protocols
Q2.04
What type of wireless antenna can be used to send or receive signals in any direction? A. Cantenna B. Yagi C. Rubber duck D. Panel
Q2.05
What mechanism of wireless security is based on AES? A. TKIP B. CCMP C. LEAP D. WEP
Q2.06
What technology provides an organization with the best control over BYOD equipment? A. Encrypted removable storage B. Mobile device management C. Geotagging D. Application whitelisting
Q2.07
What is the most effective means to reduce the risk of losing the data on a mobile device, such as a notebook computer?
A. Encrypt the hard drive.
B. Minimize sensitive data stored on the mobile device.
C. Use a cable lock.
D. Define a strong logon password.
Q2.08
Which security stance will be most successful at preventing malicious software execution? A. Deny by exception B. Whitelisting C. Allow by default D. Blacklisting
Q2.09
LDAP operates over what TCP ports? A. 636 and 389 B. 110 and 25 C. 443 and 80 D. 20 and 21
Q2.10
What type of NAC agent is written in a web or mobile language and is temporarily executed on a system only when the specific management page is accessed? A. Permanent B. Dissolvable C. Passive D. Stateless
Q2.11
What is the purpose or use of a media gateway?
A. It is a fictitious environment designed to fool attackers and intruders and lure them away from the private secured network.
B. It is used to connect several network segments and enable traffic from one network segment to traverse into another network segment.
C. It is used to spread or distribute network traffic load across several network links or network devices.
D. It is any device or service that converts data from one communication format to another.
Q2.12
Which of the following is true regarding an exploitation framework? (Select all that apply.)
A. Is a passive scanner
B. Fully exploits vulnerabilities
C. Only operates in an automated fashion
D. Allows for customization of test elements
E. Represents additional risk to the environment
F. Can only assess systems over IPv4
Q2.13
What is the purpose of a banner grabbing activity?
A. Detecting the presence of a wireless network
B. Capturing the initial response or welcome message from a network service that may directly or indirectly reveal its identity
C. Preventing access to a network until the client has accepted use terms or fully authenticated
D. Altering the source IP address of an outbound request
Q2.14
How are effective permissions determined or calculated?
A. Accumulate allows, remove any denials
B. Count the number of users listed in the ACL
C. View the last access time stamp of the asset
D. Review the user’s group memberships
Q2.15
What is a content filter mechanism that can reduce the possibility of malicious executable code being accepted as input?
A. Checking length
B. Blocking hex characters
C. Escaping metacharacters
D. Filtering on known patterns of malicious content
Q2.16
What is an example of a PUP? A. A backdoor B. Unwanted marketing pop-ups C. A Trojan horse D. A password cracker
Q2.17
What is the purpose of DEP being present in an operating system? A. To block buffer overflows B. To prevent social-engineering attacks C. To stop ransomware infections D. To interrupt backdoor installations
Q2.18
What is the term used to describe the designation of a specific geographical area that is then used to implement features on mobile devices, which can be defined by GPS coordinates, a wireless indoor positioning system (IPS), or the presence or lack of a specific wireless signal? A. Bluesmacking B. Geofencing C. Banner grabbing D. CYOD
Q2.19
What is the definition of DNSSEC?
A. It is an Internet standard for encrypting and digitally signing email.
B. It can be used as a secure Telnet replacement, it can be used to encrypt protocols similar to TLS, and it can be used as a VPN protocol.
C. It is a standard network-management protocol supported by most network devices and TCP/IP-compliant hosts used to obtain status information, performance data, statistics, and configuration details.
D. It is a security improvement to the existing name resolution infrastructure. The primary function of this tool is to provide reliable authentication between devices when performing resolution operations.
Q2.20
Which of the following allows the deployment of a publicly accessible web server without compromising the security of the private network? A. Intranet B. DMZ C. Extranet D. Switch
Q3.01
An organization has a high-speed fiber Internet connection that it uses for most of its daily operations, as well as its offsite backup operations. This represents what security problem? A. Single point of failure B. Redundant connections C. Backup generator D. Offsite backup storage
Q3.02
A security template can be used to perform all but which of the following tasks?
A. Capture the security configuration of a master system
B. Apply security settings to a target system
C. Return a target system to its precompromised state
D. Evaluate compliance with security of a target system
Q3.03
What technique or method can be employed by hackers and researchers to discover unknown flaws or errors in software? A. Dictionary attacks B. Fuzzing C. War dialing D. Cross-site request forgery
Q3.04
What is a security risk of an embedded system that is not commonly found in a standard PC?
A. Power loss
B. Access to the Internet
C. Control of a mechanism in the physical world
D. Software flaws
Q3.05
To ensure that whole-drive encryption provides the best security possible, which of the following should not be performed?
A. Screen lock the system overnight.
B. Require a boot password to unlock the drive.
C. Lock the system in a safe when it is not in use.
D. Power down the system after use.
Q3.06
In order to avoid creating a monolithic security structure, organizations should adopt a wide range of security mechanisms. This concept is known as \_\_\_\_\_\_\_\_\_\_. A. Defense in depth B. Control diversity C. Intranet buffering D. Sandboxing
Q3.07
When offering a resource to public users, what means of deployment provides the most protection for a private network? A. Intranet B. Wireless C. Honeynet D. DMZ
Q3.08