Member Home »

A+ »
Security+ »
Support »
FAQ »
Log In

Navigation
Home » Security+ (SY0-501) Test Your Readiness (75 Questions)

Security+ (SY0-501) Test Your Readiness (75 Questions)

Posted by Darril Gibson

This quiz gives you 75 random Security+ questions from the all available multiple choice questions in this online package. I encourage
you to take this until you consistently score greater than 90% (83% is a passing score on the Security+ exam).

Remember though, your score isn’t the only measure of readiness. A better measure is if you know why the correct answers are correct
and why the incorrect answers are incorrect. This way, you can accurately interpret the questions and answer them correctly no matter
how CompTIA words them.

When you’re finished, click “View questions” to view the questions with explanations.

Security+ (SY0-501) Test Your Readiness (75 Questions)

Results

69 of 75 questions answered correctly

Your time: 00:45:11

You have reached 73 of 79 point(s), (92.41%)

Remember, all the questions have explanations explaining why the correct answers are correct and why the incorrect answers are
incorrect.

Understanding the explanations will help ensure you’re prepared for the live exam. The explanation also shows the course or courses
where you can get more detailed information on the topic.

Click “View Questions” to see the explanations.

Click Here to Continue

Restart Quiz View questions Show leaderboard

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46

47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
Answered Review

1 point(s)

Management within your organization wants to prevent users from copying documents to USB flash drives. Which of the following can
be used to meet this goal?

COPE
SED
 HSM
DLP

Correct

A data loss prevention (DLP) solution can prevent users from copying documents to a USB drive.

None of the other answers control USB drives.

A hardware security module (HSM) is an external security device used to manage, generate, and securely store cryptographic keys.

COPE (corporate-owned, personally enabled) is a mobile device deployment model.

A self-encrypting drive (SED) includes the hardware and software to encrypt all data on the drive and securely store the encryption
keys.

1 point(s)

Maggie reports that she keeps receiving unwanted emails about mortgages. What does this describe?

Phishing
Spam
Vishing
Spear phishing

Correct

Spam is unwanted emails from any source.

Phishing and spear phishing are types of attacks using email.

Vishing is similar to phishing, but it uses telephone technology.

See “Comparing Threats, Vulnerabilities, and Common Attacks”

1 point(s)

An organization is developing a new application that will process highly sensitive data. Management want to ensure that all computers
used in the process are isolated. Which of the following would BEST meet this need?

A bastion host in a DMZ

A boundary firewall
An air-gapped network
An IPS

Correct

An air-gapped network would best meet this need. Air-gap indicates that the network is isolated from other networks with space or air.
The application would be developed and compiled in this isolated network. All the other answers have a level of connectivity with the
Internet and don’t
provide the best protection.

A bastion host is a hardened server that can be accessed via the Internet and it may be directly on the Internet or within a demilitarized
zone (DMZ).

A boundary firewall (sometimes called a perimeter firewall) is placed at the edge of the network between the Internet and the internal
network or DMZ.

An intrusion prevention system (IPS) is typically placed inline with traffic between the Internet and the internal network and attempts
to detect and block attacks.

SY0-501 objective 3.9 Explain the importance of physical security controls.

Chapter 3 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide covers an airgap for physical isolation.
 1 point(s)

Lisa, the new CTO at your organization wants to utilize more cloud services. For an upcoming project, she has directed the use of a cloud
service instead of purchasing all the hardware and software. She also wants to ensure that the cloud provider maintains all the required
equipment and software. Which of the following BEST describes this cloud computing service model?

IaaS
CASB
PaaS
SaaS

Incorrect

Platform as a Service (PaaS) provides customers with a preconfigured computing platform including the hardware and software. The
cloud provider maintains the hardware and specified software such as the operating system and key applications such as a web server
application.

Infrastructure as a Service (IaaS) is a cloud computing option where the vendor provides access to a computer, but customers must
install the operating system and maintain the system.

Software as a Service (SaaS) provides access to specific applications such as an email application.

A cloud access security broker (CASB) is a software tool used to provide additional security for cloud resources, but it doesn’t provide
the underlying cloud services.

Chapter 5 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide covers cloud computing topics.

SY0-501 objective 3.7 Summarize cloud and virtualization concepts.

1 point(s)

A security professional has reported an increase in the number of tailgating violations into a secure data center. Which of the following
can prevent this?

Proximity card
CCTV
Cipher lock
Mantrap

Correct

A mantrap is highly effective at preventing unauthorized entry and can also be used to prevent tailgating.

CCTV uses cameras for video surveillance and it can record unauthorized entry, but it can’t prevent it.

A proximity card is useful as an access control mechanism, but it won’t prevent tailgating, so it isn’t as useful as a mantrap.

A cipher lock is a door access control, but it can’t prevent tailgating.

4 point(s)

Identify the attack based on the attack method and the target of the attack.

Sort elements

Attack: Attacker gains access to confidential organizational data.

Whaling
Target: Executives in your organization

Attack: Attacker sends unwanted emails to individuals that have not subscribed to a
list or have opted out of receiving these emails.
Spam
Target: Anyone with an email address
 Attack: Website includes a link to fake AV software
Hoax
Target: Any Internet user

Attack: Attacker collecting credit card data via the phone.

Vishing
Target: Individuals that answer the phone

Correct

Whaling is an attack where the attacker attempts to gain data or information from executives such as Chief Executive Officers (CEOs).

A hoax is a message that tells of a security threat that simply doesn’t exist. While it is typically a message circulated through email, it
can also be a link to fake antivirus (AV) software, also known as scareware or rogueware.

Vishing is a type of attack done though the phone and attackers often use phishing to collect credit card data.

Spam is unwanted email.

Chapter 6 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide covers various attack types.

SY0-501 objective 1.2 Compare and contrast types of attacks.

1 point(s)

An application requires users to log on with passwords. The application developers want to store the passwords in such a way that it will
thwart rainbow table attacks. Which of the following is the BEST solution?

Bcrypt
ECC
Blowfish
SHA

Correct

Bcrypt is a key stretching technique designed to protect against brute force and rainbow table attacks and is the best choice of the given
answers. Another alternative is Password-Based Key Derivation Function 2 (PBKDF2). Both salt the password with additional bits.

Passwords stored using Secure Hash Algorithm (SHA) are easier to crack because they don’t use salts.

Bcrypt is based on Blowfish, but Blowfish itself isn’t commonly used to encrypt passwords.

Elliptic curve cryptography (ECC) is efficient and sometimes used with mobile devices, but not to encrypt passwords.

See “Understanding Cryptography and PKI”

1 point(s)

Management has updated the security policy and it has changed the requirements for the password policy. The password policy needs to
ensure that users change their passwords regularly and they cannot reuse their passwords. Which of the following settings need to be
configured? (Select THREE.)

Minimum password age

Password complexity
Password history
Password length
Maximum password age

Correct

The maximum password age ensures users change their passwords regularly. The password history records previously used passwords
(such as the last 24 passwords) to prevent users from reusing the same passwords. The minimum password age prevents users from
changing their password repeatedly to get back to their original password and should be used with the password history setting.
Password length requires a minimum number of characters in a password.

Password complexity requires a mix of uppercase and lowercase letters, numbers, and special characters.

See “Understanding Identity and Access Management”

1 point(s)

An attacker has been analyzing encrypted data that he intercepted. He knows that the end of the data includes a template sent with all
similar messages. He uses this knowledge to decrypt the message. Which of the following types of attacks BEST describes this attack?

Rainbow table
Brute force
Known plaintext
Known ciphertext

Correct

This describes a known plaintext attack because the attacker knows some of the plaintext data used to create the encrypted data. More
specifically, this is a chosen plaintext attack (but that wasn’t available as an answer) because the attacker knew a portion of the
plaintext.

In a known ciphertext attack, the attacker doesn’t have any information on the plaintext.

A brute force attack attempts to guess a password.

A rainbow table attack uses a table of hashes to identify a password from a matched hash.

1 point(s)

Your wireless network includes one centralized AP that you configure. This AP forwards the configuration to other APs in your wireless
network. Which of the following BEST describes these APs?

The centralized AP is a fat AP and it configures thin APs in your network.

The centralized AP is a controller-based AP and it configures stand-alone APs in your network.
The centralized AP is a thin AP and it configures fat APs in your network.
The centralized AP is a stand-alone AP and it configures fat APs in your network.

Correct

The centralized access point (AP) is a fat AP and it configures thin APs in the network.

The fat AP could also be called a stand-alone, intelligent, or autonomous AP and it is used to configure thin APs, not fat APs.

Thin APs do not configure other APs.

Stand-alone APs are not configured by other APs.

1 point(s)

Your organization wants to prevent employees from accessing file sharing web sites. Which of the following choices will meet this need?

URL filter
Malware inspection
Web application firewall
Content inspection

Correct

A URL filter blocks access to specific web sites based on their URLs.

Proxy servers and unified threat management (UTM) devices include URL filters.
UTM devices also include content inspection to identify and filter out different types of files and traffic, and malware inspection to
identify and block malware.

A web application firewall (WAF) protects a web server from incoming attacks.

See “Exploring Network Technologies and Tools”

1 point(s)

Your IPS recently raised an alert from the following log entry on of your organization’s web servers:
04/23/18 23:13:50 httpd: GET /wp/forms/process.php?input=cd%20../../../etc;cat%20shadow

Based on this log entry, which of the following is MOST likely occurring

Password attack
Command injection attack
XSS attack
Buffer overflow attack
False negative

Incorrect

This a command injection attack because it is attempting to run the cd and cat commands.

A false negative indicates an attack is occurring, but a system such as the intrusion prevention system (IPS) is not detecting the attack.
Because the IPS raised an alert, it is not a false negative.

A cross-site scripting (XSS) attack used embedded HTML or JavaScript code, not command-line commands.

A password attack attempts to discover passwords. While this looks like it may be trying to discover passwords, it is unlikely to do so
if the process.php module is using adequate input validation.

A buffer overflow occurs if an application receives more data than it could handle. If the process.php module is not using adequate
input validation techniques, this could result in a buffer overflow problem, but there isn’t any indication that it did cause a buffer
overflow issue.

SY0-501 objective 1.2 Compare and contrast types of attacks.

Chapter 7 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study covers more attack types.

You may also like to view this blog post:

Log Entries and Security+
http://blogs.getcertifiedgetahead.com/log-entries-and-security/

1 point(s)

Lisa is a training instructor and she maintains a training lab with 18 computers. She has enough rights and permissions on these machines
so that she can configure them as needed for classes. However, she does not have the rights to add them to the organization’s domain.
Which of the following choices BEST describes this example?

Least privilege
Group-based privileges
Need to know
Location-based policies

Correct

When following the principle of least privilege, individuals have only enough rights and permissions to perform their job, and this is
exactly what is described in this scenario.

Need to know typically refers to data and information rather than the privileges required to perform an action, such as adding
computers to a domain.

Group-based privileges refer to giving permissions to groups, and then adding the users to the groups to give them appropriate
privileges.
A location-based policy allows or blocks access based on location, but the scenario doesn’t indicate the location is being checked.

1 point(s)

Lisa oversees and monitors processes at a water treatment plant using SCADA systems. Administrators recently discovered malware on
her system that was connecting to the SCADA systems. Although they removed the malware, management is still concerned. Lisa needs
to continue using her system and it’s not possible to update the SCADA systems. Which of the following can mitigate this risk?

Install HIPS on the SCADA systems.

Install a firewall on the border of the SCADA network.
Install a NIPS on the border of the SCADA network.
Install a honeypot on the SCADA network.

Correct

A network intrusion prevention system (NIPS) installed on the supervisory control and data acquisition (SCADA) network can
intercept malicious traffic coming into the network and is the best choice of those given.

The scenario states you cannot update the SCADA systems, so you cannot install a host-based IPS (HIPS) on any of them.

A firewall provides a level of protection. However, it wouldn’t be able to differentiate between valid traffic sent by Lisa and malicious
traffic sent by malware from Lisa’s system.

A honeypot might be useful to observe malicious traffic, but wouldn’t prevent it.

1 point(s)

An organization is considering an alternate location as part of its continuity of operations plan. It wants to identify a solution that
provides the shortest recovery time. Which of the following is the BEST choice?

Off-site backups
Warm site
Cold site
Hot site

Correct

A hot site has the shortest recovery time, but it is also the most expensive.

Cold sites have the longest recovery time, and warm sites are shorter than cold sites but not as quick as hot sites.

While a copy of backups should be stored off-site, that is not an alternate location considered in a continuity of operations plan.

See “Implementing Controls to Protect Assets”

1 point(s)

Your organization outsourced development of a software module to modify the functionality of an existing proprietary application. The
developer completed the module and is now testing it with the entire application. What type of testing is the developer performing?

White box
Black box
Gray box
Black hat

Correct

The developer is performing a gray box test. A gray box tester has some knowledge of the application. In this scenario, the tester needs
some knowledge of the application (such as input and output data) to develop and test the module.

White box testers have full knowledge about the product or network they are testing, but because this is a proprietary application, it is
unlikely the tester has full knowledge.
Black box testers do not have any knowledge about the product or network they are testing, but this isn’t feasible for a developer who
needs to develop and test a module to modify an existing application.

Black hat refers to a malicious attacker.

See “Using Risk Management Tools”

1 point(s)

Lisa is the new chief technology officer (CTO) at your organization. She wants to ensure that critical business systems are protected from
isolated outages. Which of the following would let her know how often these systems will experience outages?

RPO
RTO
MTBF
MTTR

Correct

The mean time between failures (MTBF) provides a measure of a system’s reliability and would provide an estimate of how often the
systems will experience outages.

The mean time to recover (MTTR) refers to the time it takes to restore a system, not the time between failures.

The recovery time objective (RTO) identifies the maximum amount of time it can take to restore a system after an outage.

The recovery point objective (RPO) identifies a point in time where data loss is acceptable.

1 point(s)

Marge is reviewing an organization’s account management processes. She wants to ensure that security log entries accurately report the
identity of personnel taking specific actions. Which of the following steps would BEST meet this requirement?

Implement role-based privileges.

Remove all shared accounts.
Update ACLs for all files and folders.
Use an SSO solution.

Correct

Removing all shared accounts is the best answer of the available choices. If two employees are using the same account, and one
employee maliciously deletes data in a database, it isn’t possible to identify which employee deleted the data.

File and folder access control lists (ACLs) identify permissions for users, but don’t control the user identity.

Role-based (or group-based) privileges assign the same permissions to all members of a group, which simplifies administration.

A single sign-on (SSO) solution allows a user to log on once and access multiple resources.

2 point(s)

You are tasked with configuring authentication services settings on computers in your network. You are entering shared secrets on
different servers. Which of the following services are you MOST likely configuring? (Select TWO.)

RADIUS
EAP-TLS
Kerberos
LDAP

Correct

Remote Authentication Dial-in User Service (RADIUS) servers use shared secrets. You can configure them to interact with
Lightweight Directory Access Protocol (LDAP)–based systems by entering the same shared secret on both a RADIUS server and an
LDAP server. A shared secret is basically just an identical password on both systems.

Kerberos uses tickets for authentication, not shared secrets.

Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) is an authentication protocol that requires the use of
certificates on both clients and servers, not shared secrets.

1 point(s)

After discovering and removing malware on a user’s system, a security administrator suspects that the malware has other components
that haven’t been identified yet. She suspects that malicious code is still allowing unauthorized remote access to the network, and
allowing attackers to access data on servers, and exfiltrate it to servers controlled by the attackers. Which of the following would the
security administrator use to confirm her suspicions? (Select TWO.)

File integrity checker

A network DLP
Log analysis
An IDS
Firewall ACLs

Correct

A network-based data loss prevention system (DLP) can detect data exfiltration (sending data outside of a network). Log entries could
also be used to identify unauthorized access and data exfiltration. For example, logs on data servers can identify who accessed data,
what they did with it, and when. Firewall log entries can show data transfers out of the network, where it came from, and where it is
going to.

An intrusion detection system (IDS) can identify intrusion detection, but an IDS isn’t used to detect data being sent out of a network.

Firewall access control lists (ACLs) identify what traffic is allowed in or out of a network, but they wouldn’t identify data being sent
out of the network.

File integrity checkers can identify if data has been modified and are useful for finding malware, but not for verifying data exfiltration.

Chapter 5 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide covers data exfiltration and DLP systems.

SY0-501 objective 2.3 Given a scenario, troubleshoot common security issues.

1 point(s)

Employees access a secure area by entering a cipher code, but this code does not identify individuals. After a recent security incident,
management has decided to implement a key card system that will identify individuals who enter and exit this secure area. However, the
installation might take six months or longer. Which of the following choices can the organization install immediately to identify
individuals who enter or exit the secure area?

Access list
CCTV
Bollards
Mantrap

Correct

Closed-circuit television (CCTV) or a similar video surveillance system can monitor the entrance and record who enters and exits the
area.

A mantrap prevents tailgating, but it doesn’t necessarily identify individuals.

An access list is useful if a guard is identifying users and allowing access based on the access list, but the access list does not identify
users.

Bollards are a type of barricade that protects building entrances.

See “Implementing Controls to Protect Assets”

1 point(s)
Your organization is planning to implement a wireless network using WPA2 Enterprise. Of the following choices, what is required?

An authentication server with a digital certificate installed on the authentication server

An authentication server with DHCP installed on the authentication server
An authentication server with WEP running on the access point
An authentication server with DNS installed on the authentication server

Correct

WPA2 Enterprise requires an 802.1x authentication server and most implementations require a digital certificate installed on the server.

The network will likely have Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) services, but it isn’t
necessary to install them on the authentication server.

Wired Equivalent Privacy (WEP) provides poor security and is not compatible with WPA2 Enterprise.

1 point(s)

Security personnel recently released an online training module advising employees not to share specific personal information on social
media web sites that they visit. Which of the following is this advice MOST likely trying to prevent?

Phishing attack
Cognitive password attacks
Rainbow table attack
Spending time on non-work-related sites

Correct

A cognitive password attack utilizes information that a person would know, such as the name of a first pet or favorite color. If this
information is available on Facebook or another social media site, attackers can use it to change the user’s password.

This advice has nothing to do with employees visiting the sites, only with what they post.

Although attackers may use this information in a phishing attack, they can also launch phishing attacks without this information.

A rainbow table attack is a password attack, but it uses a database of precalculated hashes.

See “Implementing Policies to Mitigate Risks”

1 point(s)

Marge, a security administrator, is tasked with ensuring that all devices have updated virus definition files before they can access
network resources. Which of the following technologies would help her accomplish this goal?

DMZ
DLP
NAC
NIDS

Correct

Network access control (NAC) inspects clients for health, including having up-to-date virus definition files and can restrict network
access to unhealthy clients to a remediation network.

A network intrusion detection system (NIDS) can detect incoming attacks, but doesn’t inspect internal clients.

A data loss prevention (DLP) system typically examines outgoing traffic looking for confidential data.

A demilitarized zone (DMZ) is a buffer zone between the Internet and an internal network.

See “Securing Your Network”

1 point(s)
You need to implement antispoofing on a border router. Which one of the following choices will BEST meet this goal?

Create rules to block all incoming traffic from a private IP address.

Add a web application firewall.
Implement a flood guard on switches.
Create rules to block all outgoing traffic from a private IP address.

Correct

You would create rules to block all incoming traffic from private IP addresses. The border router is between the internal network and
the Internet and any traffic coming from the Internet with a private IP address is a spoofed source IP address.

All outgoing traffic will typically use a private IP address, so you shouldn’t block this outgoing traffic.

A flood guard on a switch protects against media access control (MAC) flood attacks and is unrelated to this question.

A web application firewall protects a web application and is unrelated to antispoofing.

1 point(s)

An outside security auditor recently completed an in-depth security audit on your network. One of the issues he reported was related to
passwords. Specifically, he found the following passwords used on the network: Pa$$, 1@W2, and G7bT3. Which of the following
should be changed to avoid the problem shown with these passwords?

Password reuse
Password complexity
Password length
Password history

Correct

The password policy should be changed to increase the minimum password length of passwords. These passwords are only four and
five characters long, which is too short to provide adequate security.

They are complex because they include a mixture of at least three of the following character types: uppercase letters, lowercase letters,
numbers, and special characters.

Password history and password reuse should be addressed if users are reusing the same passwords, but the scenario doesn’t indicate
this is a problem.

See “Understanding Identity and Access Management”

1 point(s)

A security auditor discovered that several employees in the Accounting department can print and sign checks. In her final report, she
recommended restricting the number of people who can print checks and the number of people who can sign them. She also
recommended that no one should be authorized to print and sign checks. Which security policy does this describe?

Rule-based access control

Discretionary access control
Job rotation
Separation of duties

Correct

This recommendation is enforcing a separation of duties principle, which prevents any single person from performing multiple job
functions that might allow the person to commit fraud.

Discretionary access control specifies that every object has an owner, but doesn’t separate duties.

Devices such as routers use a rule-based access control model, but it doesn’t separate duties.

Job rotation policies rotate employees into different jobs, but they don’t necessarily separate job functions.
See “Implementing Policies to Mitigate Risks”

1 point(s)

Looking at logs for an online web application, you see that someone has entered the following phrase into several queries:

' or '1'='1' --

Which of the following is the MOST likely explanation for this?

A buffer overflow attack

An XSS attack
A SQL injection attack
A DLL injection attack

Correct

Attackers use the phrase (‘ or ‘1’=’1 –) in SQL injection attacks to query or modify databases.

A buffer overflow attack sends more data or unexpected data to an application with the goal of accessing system memory.

A cross-site scripting (XSS) attack attempts to insert HTML or JavaScript code into a web site or email.

A Dynamic Link Library (DLL) injection attack attempts to inject DLLs into memory, causing DLL commands to run.

1 point(s)

An organization’s security policy requires employees to place all discarded paper documents in containers for temporary storage. These
papers are later burned in an incinerator. Which of the following attacks are these actions MOST likely trying to prevent?

Dumpster diving
Vishing
Tailgating
Shoulder surfing

Correct

Dumpster diving is the practice of looking for documents in the trash dumpsters, but shredding or incinerating documents ensures
dumpster divers cannot retrieve any paper documents.

Shoulder surfers attempt to view something on a monitor or other screen, not papers.

Tailgating refers to entering a secure area by following someone else.

Vishing is a form of phishing using the phone.

See “Comparing Threats, Vulnerabilities, and Common Attacks”

1 point(s)

After a major data breach, Lisa has been tasked with reviewing security policies related to data loss. Which of the following is MOST
closely related to data loss?

Clean desk policy

Background check policy
Legal hold policy
Job rotation policy

Correct

A clean desk policy requires users to organize their areas to reduce the risk of possible data theft and password compromise.
A legal hold refers to a court order to protect data that might be needed as evidence. A legal hold policy may state that the organization
will comply with the court order, but it isn’t related to data theft.

Job rotation policies require employees to change roles on a regular basis and can expose fraudulent activity.

A background check policy typically identifies what to check for when hiring an employee.

1 point(s)

Your organization has been receiving a significant amount of spam with links to malicious web sites. You want to stop the spam. Of the
following choices, which provides the BEST solution?

Add antivirus software.

Add the domain to a block list.
Use a URL filter.
Use a MAC filter.

Correct

You can block emails from a specific domain sending spam by adding the domain to a block list. While the question doesn’t indicate
that the spam is coming from a single domain, this is still the best answer of the given choices.

A URL filter blocks outgoing traffic and can be used to block the links to the malicious web sites in this scenario, but it doesn’t stop
the email.

Routers and switches use MAC filters to restrict access within a network.

Antivirus software does not block spam.

See “Comparing Threats, Vulnerabilities, and Common Attacks”

1 point(s)

You need to secure access to a data center. Which of the following choices provides the BEST physical security to meet this need?
(Select THREE.)

Mantrap
Cable locks
CCTV
Biometrics

Incorrect

A biometric reader used for access control, a mantrap, and a closed-circuit television (CCTV) system all provide strong physical
security for accessing a data center.

Cable locks are effective theft deterrents for mobile devices such as laptops, but they don’t protect data centers.

See “Implementing Controls to Protect Assets”

1 point(s)

Users in your organization have reported receiving a similar email from the same sender. The email included a link, but after recent
training on emerging threats, all the users chose not to click the link. Security investigators determined the link was malicious and was
designed to download ransomware. Which of the following BEST describes the email?

Vishing
Spam
Spear phishing
Phishing

Correct
This email is a form of spear phishing because it is targeting users in the same organization.

While it is a form of phishing, spear phishing is a better answer because the email targeted users in the same organization.

It is also spam because it is unwanted email, but not all spam is malicious.

Phishing and spear phishing are types of attacks using email.

Vishing is similar to phishing, but it uses telephone technology.

See “Comparing Threats, Vulnerabilities, and Common Attacks”

1 point(s)

Your organization is planning to expand its cloud-based services. In preparation, they expanded the datacenter. It currently includes a full
row of server racks but the expansion will support two full rows. Management directed that the second row of server racks must face in
the opposite direction of the first row. What is primary reason for this configuration?

To create hot and cold aisles

To reduce power consumption from the servers
To provide fire suppression
To increase physical security

Correct

Hot and cold aisles have server rows facing in the opposite direction and provide more efficient cooling of systems within a data center.

While hot and cold aisles can reduce power consumption from the heating, ventilation, and air conditioning (HVAC) system,
modifying the direction of the server rows does not reduce power consumption from the servers.

This configuration doesn’t provide fire suppression capabilities.

As an environmental control, hot and cold aisles are physical security controls, that isn’t the primary reason for them.

Chapter 9 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide covers various more information on
environmental controls.

3.9 Explain the importance of physical security controls.

1 point(s)

You are planning a wireless network for a business. A core requirement is to ensure that the solution encrypts user credentials when users
enter their usernames and passwords. Which of the following BEST meets this requirement?

WPS with EAP-FAST

WPA2 using CCMP
WPA2-PSK
WPA2 with EAP-TTLS

Correct

Wi-Fi Protected Access II (WPA2) with Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS) encrypts
user credentials when users enter their usernames and passwords. EAP-TTLS is implemented in Enterprise mode and would use an
802.1x server.

WPA2-pre-shared key (PSK) does not authenticate users based on their usernames.

WPA2 with Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) is strong, but it only uses a PSK,
not usernames.

Wi-Fi Protected Setup (WPS) is a standard designed to simplify the setup of a wireless network, but it does not implement usernames.
EAP-Flexible Authentication via Secure Tunneling (EAP-FAST) is a lightweight version of EAP, but it is not used with WPS.

See “Securing Your Network”

1 point(s)
Ziffcorp is developing a new technology that they expect to become a huge success when it’s released. The CIO is concerned about
someone stealing their company secrets related to this technology. Which of the following will help the CIO identify potential dangers
related to the loss of this technology?

Privacy impact assessment

Privacy threshold assessment
Vulnerability assessment
Threat assessment

Correct

A threat assessment evaluates potential dangers that can compromise the confidentiality, integrity, and/or availability of data or a
system. It evaluates threats and attempts to identify the potential impact from threats.

A vulnerability assessment evaluates vulnerabilities (or weaknesses), not potential dangers.

A privacy threshold assessment helps an organization identify Personally Identifiable Information (PII) within a system and a privacy
impact assessment attempts to identify potential risks related to PII. However, this scenario doesn’t mention PII.

See “Using Risk Management Tools”

1 point(s)

Access to a security office in your organization needs to be restricted to security personal only. However, access is currently restricted by
the following security controls, some of which are redundant.
• Retina scanner
• Voiceprint scanner
• Thumbprint scanner
• Smart card reader
• PIN pad
• Mantrap
Management wants to simplify access to include authentication from the something you know authentication factor. They also want to
retain the smart card reader. What should be retained?

Voiceprint scanner
Thumbprint scanner
Retina scanner
Smart card reader
PIN pad
Mantrap

Correct

The smart card reader should be retained because the scenario says it should. Smart cards are often used with personal identification
numbers (PINs) and a PIN is in the something you know factor.

Retina scanners, voiceprint scanners, and thumbprint scanners are all in the something you are factor and should not be retained.

A mantrap is a physical security control that controls access, but it is not in the something you know factor of authentication.

Chapter 2 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide covers authentication concepts.

SY0-501 objective 4.1 Compare and contrast identity and access management concepts.

1 point(s)

Management within your organization wants to ensure that switches are not susceptible to switching loop problems. Which of the
following protocols is the BEST choice to meet this need?

Flood guard
SNMPv3
SRTP
RSTP
Correct

Rapid STP (RSTP) prevents switching loop problems and should be enabled on the switches to meet this need.

A flood guard on a switch helps prevent a media access control (MAC) flood attack.

Simple Network Management Protocol version 3 (SNMPv3) is used to manage and monitor network devices.

The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for video and voice data.

1 point(s)

A security technician runs an automated script every night designed to detect changes in files. Of the following choices, what are the
MOST likely protocols used in this script?

AES and Twofish

SHA and HMAC
ECC and HMAC
PGP and SHA

Correct

Hashing algorithms such as Secure Hash Algorithm (SHA) and Hash-based Message Authentication Code (HMAC) can detect changes
in files (or verify the files have not lost integrity).

Pretty Good Privacy (PGP) is a method used to secure email communication.

Elliptic curve cryptography (ECC), Advanced Encryption Standard (AES), and Twofish are all encryption algorithms.

See “Understanding Cryptography and PKI”

1 point(s)

An organization is implementing a feature that allows multiple servers to operate on a single physical server. Which of the following is
the feature being implemented?

Virtualization
IaaS
DLP
Cloud computing

Correct

Virtualization allows multiple virtual servers to exist on a single physical server.

Infrastructure as a Service (IaaS) is a cloud computing option where the vendor provides access to a computer, but customers manage
it.

Cloud computing refers to accessing computing resources via a different location than your local computer.

Data loss prevention (DLP) techniques examine and inspect data looking for unauthorized data transmissions.

See “Mastering Security Basics”

1 point(s)

Your organization is implementing an SDN. Management wants to use an access control model that controls access based on attributes.
Which of the following is the BEST solution?

DAC
MAC
Role-BAC
 ABAC

Correct

A software defined network (SDN) typically uses an attribute-based access control (ABAC) model, which is based on attributes that
identify subjects and objects within a policy.

A discretionary access control (DAC) model has an owner, and the owner establishes access for the objects.

A mandatory access control (MAC) model uses labels assigned to subjects and objects.

A role-based access control (role-BAC) model uses roles or groups to assign rights and permissions.

1 point(s)

Your organization hosts an ecommerce website. Lisa analyzed the computer utilization of this website and noted that usage spikes at
different times of the year. She wants to implement a cost-effective solution to handle the variable capacity demand. Which of the
following strategies is she pursuing?

Persistence
Elasticity
Scalability
Resiliency
Redundancy

Incorrect

She is pursuing an elasticity strategy. Elasticity refers to the ability of a system to resize computing capacity based on the load. This
includes both expanding the computing ability to handle increased loads and reducing the computing ability when the load is reduced.
Because elasticity strategies increase or decrease computing abilities based on loads, they reduce overall costs and are cost-effective.

Resiliency strategies help deploy systems securely and keep them in a secure state.

Scalability refers to the ability of a system to scale up to handle an increased load, but it doesn’t refer to reducing the computing ability
when the load decreases.

Persistence refers virtual desktops and is unrelated to this question. In a persistent virtual desktop, each user has a custom desktop
image. Non-persistent virtual desktops serve the same desktop for all users.

Redundancy adds duplication to critical system components and networks and provides fault tolerance.

Chapter 1 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide covers elasticity and other resiliency strategies.

SY0-501 objective 3.8 Explain how resiliency and automation strategies reduce risk.

1 point(s)

You are examining a certificate received from a web server used for secure transport encryption. Which of the following items will you
be able to see in the certificate? (Choose TWO.)

The server’s public key

The server’s private key
The CSR
The CAs public key
The OID

Correct

The object identifier (OID) is a dot-separated series of numbers such as 2.23.140.1.2.1. It is viewable on the General tab of the
certificate. The server’s public key is also viewable in the certificate on the Details tab of the certificate.

A server’s private key is always kept private.

The Certification Path tab of the certificate shows the certificate authority (CA) that issued the certificate, but not the CAs public key.
The certificate signing request (CSR) is used to request a certificate, but it is not contained in the issued certificate.

See Chapter 10 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide.
SY0-501 objective 6.4 Given a scenario, implement public key infrastructure.

1 point(s)

Which of the following accurately identifies primary security control types?

Role-based and discretionary

Technical and administrative
Encryption and hashing
Confidentiality and availability

Correct

Security controls are classified as technical (implemented by technical means) and administrative (implemented via administrative or
management methods).

The other combinations are not security control classifications.

Access control models include role-based access control (role-BAC) and discretionary access control (DAC).

Confidentiality and availability are common security goals.

Encryption is a method used to ensure confidentiality, and hashing is a method used to ensure integrity.

See “Mastering Security Basics”

1 point(s)

Your organization recently purchased some laptops that include a TPM. Which of the following BEST identifies what the TPM provides?

An external security device used to store cryptographic keys

Sandboxing
A hardware root of trust
Detection of unauthorized data transfers

Correct

A Trusted Platform Module (TPM) includes an encryption key burned into the chip, and this key provides a hardware root of trust.

Data loss prevention (DLP) systems detect unauthorized data transfers.

Sandboxing provides an isolated area on a system, typically used for testing.

A hardware security module (HSM) is an external security device used to store cryptographic keys, but a TPM is a chip within the
system.

See “Securing Hosts and Data”

1 point(s)

Kyle is showing Martin a new app that he downloaded from a third party onto his smartphone. Martin has the same model of
smartphone, but when tries to locate the app, he is unsuccessful. Of the following choices, what is the most likely explanation for this?

Jailbreaking
SMS configuration
Tethering
Sidebreaking

Incorrect
Jailbreaking (or rooting depending on the smartphone model) is the most like reason for this. It’s possible to jailbreak an iPhone to
remove all software restrictions, including the ability to install applications from sources other than the Apple App Store.

Tethering allows you to share an Internet connection with one mobile device to other mobile devices.

Sideloading is the process of installing application packages from an Application Packet Kit (APK) but sidebreaking isn’t a relevant
term in this context.

Short Message Service (SMS) is a basic text message service and is not relevant in this scenario.

SY0-501 objective 2.5 Given a scenario, deploy mobile devices securely.

See Chapter 5 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide.

1 point(s)

Lisa, a new CIO at your organization, has mandated that all passwords should be salted. Which of the following attacks is this designed
to thwart?

Pass the hash

Dictionary
Brute force
Rainbow table

Correct

Salting passwords adds additional bits to the password before hashing it to thwart rainbow table attacks. Rainbow tables are not
associated with any of the other available answers.

A brute force attack attempts to guess all possible character combinations.

A dictionary attack uses a dictionary of words and attempts every word in the dictionary to see if it works.

In a pass the hash attack, the attacker discovers the hash of the user’s password and then uses it to log on to the system as the user.

Chapter 7 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide covers various attacks including password
attacks.

SY0-501 objective 1.2 Compare and contrast types of attacks.

1 point(s)

An administrator needs to grant users access to different servers based on their job functions. Which access control model is the BEST
choice to use?

Discretionary access control

Mandatory access control
Role-based access control
Rule-based access control

Correct

The role-based access control (role-BAC) model is the best choice for assigning access based on job functions.

A discretionary access control (DAC) model specifies that every object has an owner and owners have full control over objects, but it
isn’t related to job functions.

A mandatory access control (MAC) model uses labels and a lattice to grant access rather than job functions.

A rule-based access control (rule-BAC) model uses rules that trigger in response to events.

See “Understanding Identity and Access Management”

1 point(s)
An organization has recently had several attacks against servers within a DMZ. Security administrators discovered that many of these
attacks are using TCP, but they did not start with a three-way handshake. Which of the following devices provides the BEST solution?

Stateful firewall
Stateless firewall
Application-based firewall
Network firewall

Correct

A stateful firewall filters traffic based on the state of the packet within a session. It would filter a packet that isn’t part of a TCP three-
way handshake.

A stateless firewall filters traffic based on the IP address, port, or protocol ID.

While it’s appropriate to place a network firewall in a demilitarized zone (DMZ), a network firewall could be either a stateless firewall
or a stateful firewall.

An application-based firewall is typically only protecting a host, not a network.

1 point(s)

Your organization has a legacy server running within the DMZ. It is running older software that is not compatible with current patches,
so management has decided to let it remain unpatched. Management wants to know if attackers can access the internal network if they
successfully compromise this server. Which of the following is the MOST appropriate action?

Perform a vulnerability scan.

Perform a port scan.
Perform a black box test.
Perform a penetration test.

Correct

A penetration test attempts to exploit a vulnerability and can determine if a successful attack will allow attackers into the internal
network.

A vulnerability scan is passive. It does not attempt to compromise a system, so it cannot verify if an attacker can access the internal
network.

A port scan only identifies open ports.

A black box test only refers to the knowledge of the testers and indicates they have zero knowledge prior to starting a test.

1 point(s)

Kyle is showing Martin a new app that he downloaded from a third party onto his smartphone. Martin has the same model of
smartphone, but when tries to locate the app, he is unsuccessful. Of the following choices, what is the most likely explanation for this?

Sideloading
Ad hoc connecting
Rootbreaking
OTA updates

Correct

Sideloading is the most likely reason. More specifically, sideloading allows you to install application packages onto Android devices. It
is sometimes done to test apps.

Rooting is the process of modifying an Android device to give the user root-level access, but rootbreaking isn’t a relevant term in this
context.

Over-the-air (OTA) updates are common way of updating devices, but these updates won’t install apps from third party sources.

SY0-501 objective 2.5 Given a scenario, deploy mobile devices securely.

See Chapter 5 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide.

1 point(s)

Security administrators recently discovered suspicious activity within your network. After investigating the activity, they discovered
malicious traffic from outside your network connecting to a server within your network. They determined that a malicious threat actor
used this connection to install malware on the server and the malware is collecting data and sending it out of the network. Which of the
following BEST describes the type of malware used by the threat actor?

APT
RAT
Crypto-malware
Organized crime

Correct

The scenario describes a remote access Trojan (RAT), which is a type of malware that allows attackers to take control of systems from
remote locations.

While the threat actor may be a member of an advanced persistent threat (APT) or an organized crime group, these are threat actor
types, not types of malware.

Crypto-malware is a type of ransomware that encrypts data, but there isn’t indication that the data is being encrypted in this scenario.

1 point(s)

An application developer needs to use an encryption protocol to encrypt credit card data within a database used by the application.
Which of the following would be the FASTEST, while also providing strong confidentiality?

Blowfish
DES
AES-256
SHA-2

Correct

Blowfish would be the fastest in this scenario. Blowfish provides strong encryption, so it would provide strong confidentiality.

Advanced Encryption Standard-256 (AES-256) is a strong encryption protocol, but Blowfish is faster than AES in some situations,
such as when comparing it against AES-256.

Data Encryption Standard (DES) is not secure and is not recommended today.

Secure Hash Algorithm version 2 (SHA-2) is a hashing algorithm used for integrity.

See “Understanding Cryptography and PKI”

1 point(s)

Bart is adding a DMZ into his organization’s network. Which of the following is the BEST description of why he would do so?

To increase security for servers accessed from public networks

To provide a secure physical location for networking equipment
To lure attackers to a fake server or fake network
To cache data retrieved from a web server

Correct

A demilitarized zone (DMZ) is a logical buffer zone for servers accessed from public networks such as the Internet, and it provides a
layer of security for servers in the DMZ.

A wiring closet or server room provides physical security for networking equipment.
A honeypot is a fake server used to lure attackers and a honeynet is a fake network.

Proxy servers cache data retrieved from web servers.

See “Exploring Network Technologies and Tools”

1 point(s)

Users in your organization sign their emails with digital signatures. Which of the following provides integrity for these digital
signatures?

Private key
Encryption
Non-repudiation
Hashing

Correct

Hashing provides integrity for digital signatures and other data.

A digital signature is a hash of the message encrypted with the sender’s private key, but the encryption doesn’t provide integrity.

The digital signature provides non-repudiation, but non-repudiation does not provide integrity.

The private key and public key are both needed, but the private key does not provide integrity.

See “Understanding Cryptography and PKI”

1 point(s)

An organization wants to provide protection against malware attacks. Administrators have installed antivirus software on all computers.
Additionally, they implemented a firewall and an IDS on the network. Which of the following BEST identifies this principle?

Least privilege
Implicit deny
Layered security
Flood guard

Correct

Layered security (or defense in depth) implements multiple controls to provide several layers of protection. In this case, the antivirus
software provides one layer of protection while the firewall and the intrusion detection system (IDS) provide additional layers.

Implicit deny blocks access unless it has been explicitly allowed.

Least privilege ensures that users are granted only the access they need to perform their jobs, and no more.

A flood guard attempts to block SYN flood attacks.

See “Implementing Controls to Protect Assets”

1 point(s)

Your organization hosts a web site used only by employees. The web site uses a certificate issued by a private CA and the network
downloads a CRL from the CA once a week. However, after a recent compromise, security administrators want to use a real-time
alternative to the CRL. Which of the following will BEST meet this need?

OCSP
DSA
HMAC
CSR

Correct
The Online Certificate Status Protocol (OCSP) provides real-time responses to validate certificates issued by a Certificate Authority
(CA). A certificate revocation list (CRL) includes a list of revoked certificates, but if it is only downloaded once a week, it can quickly
be out of date.

None of the other answers validates certificates.

A digital signature algorithm (DSA) creates a digital signature.

A Hash-based Message Authentication Code (HMAC) creates a hash.

A certificate signing request (CSR) is used to request a certificate.

See “Understanding Cryptography and PKI”

1 point(s)

Management asks you if you can modify the wireless network to prevent users from easily discovering it. Which of the following would
you modify to meet this goal?

SSID broadcast
WPA2 Enterprise
CCMP
MAC address filter

Correct

You can disable service set identifier (SSID) broadcasting to prevent users from easily discovering the wireless networks. None of the
other methods hide the network.

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) provides stronger security for Wi-Fi Protected
Access II (WPA2) and WPA2 Enterprise adds authentication for a wireless network.

Media access control (MAC) address filtering can restrict access to the wireless network.

See “Securing Your Network”

1 point(s)

A security analyst is creating a document that includes the expected monetary loss from a major outage. She is calculating the potential
impact on life, property, finances, and the organization’s reputation. Which of the following documents is she MOST likely creating?

BCP
BIA
MTBF
RPO

Correct

A business impact analysis (BIA) includes information on potential monetary losses along with the impact on life, property, and the
organization’s reputation. It is the most likely document of those listed that would include this information.

A business continuity plan (BCP) includes a BIA, but the BIA is more likely to include this information than the BCP is.

The mean time between failures (MTBF) provides a measure of a system’s reliability.

The recovery point objective (RPO) refers to the amount of data you can afford to lose, but it does not include monetary losses.

1 point(s)

Developers in your organization have created an application designed for the sales team. Salespeople can log on to the application using
a simple password of 1234. However, this password does not meet the organization’s password policy. Which of the following is the
BEST response by the security administrator after learning about this?

Direct the application team manager to ensure the application adheres to the organization’s password policy.
Document this as an exception in the application’s documentation.
 Modify the security policy to accept this password.
Nothing. Strong passwords aren’t required in applications.

Correct

The application should be recoded to adhere to the company’s password policy, so the best response is to direct the application team
manager to do so.

Application passwords should be strong and should adhere to an organization’s security policy.

It is not appropriate to weaken a security policy to match a weakness in an application.

Nor is it appropriate to simply document that the application uses a weak password.

1 point(s)

You suspect that traffic in your network is being rerouted to an unauthorized router within your network. Which of the following
command-line tools would help you narrow down the problem?

netstat
ipconfig
tracert
ping

Correct

You can use tracert to track packet flow through a network and if an extra router has been added to your network, tracert will identify
it.

You can use ping to check connectivity with a remote system, but it doesn’t show the route.

The ipconfig command will show the network settings on a Windows computer, but it doesn’t identify failed routers.

Netstat shows active connections and other network statistics on a local system, but it doesn’t identify network paths.

See “Mastering Security Basics”

1 point(s)

An attacker has captured a database filled with hashes of randomly generated passwords. Which of the following attacks is MOST likely
to crack the largest number of passwords in this database?

Dictionary attack
Birthday attack
Brute force attack
Rainbow tables

Correct

A rainbow table attack attempts to discover the password from the hash. However, they use rainbow tables, which are huge databases
of precomputed hashes.

A dictionary attack compares passwords against words in a dictionary of words, but a dictionary of words wouldn’t include randomly
generated passwords.

A birthday attack relies on hash collisions. However, it wouldn’t necessarily be effective depending on what hashing algorithm is used.

A brute force attack attempts to guess all possible character combinations but is very time-consuming for each password.

1 point(s)

Your organization is preparing to deploy a web-based application, which will accept user input. Which of the following will BEST test
the reliability of this application to maintain availability and data integrity?
 Model verification
Dynamic analysis
Input validation
Error handling

Correct

Dynamic analysis techniques (such as fuzzing) can test the application’s ability to maintain availability and data integrity for some
scenarios. Fuzzing sends random data to an application to verify the random data doesn’t crash the application or expose the system to
a data breach.

Model verification ensures that the software meets specifications and fulfills its intended purpose, but it doesn’t focus on reliability or
integrity.

Input validation and error-handling techniques protect applications, but do not test them.

1 point(s)

Lisa needs to identify if a risk exists within a web application and identify potential misconfigurations on the server. However, she
should passively test the security controls. Which of the following is the BEST choice to meet her needs?

Perform a penetration test.

Perform a port scan.
Perform a vulnerability scan.
Perform traffic analysis with a sniffer.

Correct

A vulnerability scan identifies vulnerabilities that attackers can potentially exploit, and vulnerability scanners perform passive testing.

A penetration test actively tests the application and can potentially compromise the system.

A port scan only identifies open ports.

A sniffer can capture traffic for analysis, but it doesn’t check for security controls.

See “Using Risk Management Tools”

1 point(s)

Homer needs to send an email to his supervisor with an attachment that includes proprietary data. He wants to maintain the
confidentiality of this data. Which of the following choices is the BEST choice to meet his needs?

Encryption
Hashing
Digital signature
Steganography

Correct

Encryption is the best choice to provide confidentiality of any type of information, including proprietary data.

A digital signature provides integrity, non-repudiation, and authentication.

Steganography provides a level of confidentiality, but it is not as strong as encryption.

Hashing provides integrity.

See “Mastering Security Basics”

1 point(s)
An antivirus alert on a server indicates one of the files has a hash of known malware. The file was pushed to the server from the
organization’s patch management system and is scheduled to be applied to the server early the next morning. The antivirus software
indicates that the file and hash of the malware is:

File: app2_upgrade.exe
Hash: b815571e26035d95e5e9232b4aff48db

You check the logs of the patch management system and see the following information:

Status Update Name Hash

Pushed app2_upgrade.exe b815571e26035d95e5e9232b4aff48db

Which of the following indicates what MOST likely occurred?

The file was infected when the patch management system downloaded it.
The file was infected after it was pushed out to the server.
The file was embedded with crypto-malware before it was pushed to the server.
The file was listed in the patch management system’s blacklist.

Correct

Of the given choices, the best answer is that the file was infected when the patch management system downloaded it. This is because
the name and hash of the file is the same on the server as it is on the patch management system. Note that the question may look like
it’s asking about malware, it is really testing your comprehension of hashes.

If it was infected after it was pushed out to the server, the two hashes would be different.

The scenario doesn’t indicate what type of infection the malware has, so it isn’t possible to tell if it is crypto-malware or another type
of malware.

A blacklist blocks files so if the file was listed in the patch management system’s blacklist, the patch management system wouldn’t
push it out to systems.

Objective 6.1 Compare and contrast basic concepts of cryptography.

See Chapter 10 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide.

1 point(s)

Your organization wants to combine some of the security controls used to control incoming and outgoing network traffic. At a minimum,
the solution should include malware inspection, content inspection, and a DDoS mitigator. Which of the following BEST meets this
goal?

DNSSEC
UTM
VLAN
NAT

Correct

A unified threat management (UTM) device combines multiple security controls into a single device and typically includes malware
inspection, content inspection, and a distributed denial-of-service (DDoS) mitigator.

None of the other answers includes these components.

You can configure a virtual local area network (VLAN) on a switch to group computers together logically.

Network Address Translation (NAT) translates public IP addresses to private IP addresses and private addresses back to public IP
addresses.

Domain Name System Security Extensions (DNSSEC) is a suite of extensions for DNS that provides validation for DNS responses.

See “Exploring Network Technologies and Tools”

1 point(s)
Management wants to ensure that employees do not print any documents that include customer or employee PII. Which of the following
solutions would meet this goal?

VLAN
TPM
HSM
DLP

Correct

A data loss prevention (DLP) solution can detect documents sent to a printer that contain Personally Identifiable Information (PII) and
prevent them from printing.

A hardware security module (HSM) and a Trusted Platform Module (TPM) both provide full disk encryption, but cannot block
documents sent to a printer.

A virtual local area network (VLAN) segments traffic and can help protect a supervisory control and data acquisition (SCADA)
system, but isn’t selective about documents sent to a printer.

See “Securing Hosts and Data”

1 point(s)

You are tasked with configuring a switch so that it separates VoIP and data traffic. Which of the following provides the BEST solution?

DMZ
VLAN
SRTP
NAC

Correct

A virtual local area network (VLAN) provides separation for traffic and can be configured to separate Voice over IP (VoIP) traffic and
data traffic.

Network access control (NAC) solutions inspect clients for health after they connect to a network.

A demilitarized zone (DMZ) provides a layer of protection for Internet-facing systems, while also allowing clients to connect to them.

Secure Real-time Transport Protocol (SRTP) provides encryption and authentication for Real-time Transport Protocol (RTP) traffic.
RTP is used for audio/video streaming, such as in video teleconferencing applications.

See “Exploring Network Technologies and Tools”

1 point(s)

An application stores user passwords in a hashed format. Which of the following can decrease the likelihood that attackers can discover
these passwords?

Salt
Input validation
MD5
Rainbow tables

Correct

A password salt is additional random characters added to a password before hashing the password, and it decreases the success of
password attacks.

Rainbow tables are used by attackers and contain precomputed hashes.

Message Digest 5 (MD5) is a hashing algorithm that creates hashes, but the scenario already states that passwords are hashed.

Input validation techniques verify data is valid before using it and they are unrelated to protecting hashed passwords.
 1 point(s)

An organization has a critical SCADA network it is using to manage a water treatment plant for a large city. Availability of this system is
important. Which of the following security controls would be MOST relevant to protect this system?

TPM
EMP
DLP
NIPS

Correct

A network intrusion prevention system (NIPS) is the most relevant security control of those listed to ensure availability of the
supervisory control and data acquisition (SCADA) system.

A data loss prevention (DLP) system helps prevent loss of data, but wouldn’t protect a SCADA system from potential attacks.

A Trusted Platform Module (TPM) is a hardware chip on a computer’s motherboard that stores cryptographic keys used for encryption.

An electromagnetic pulse (EMP) is a short burst of electromagnetic energy and unrelated to a SCADA system.

1 point(s)

Web developers are implementing error handling in a web site application. Which of the following represents a best practice for this?

Displaying a detailed error message but logging generic information on the error
Displaying a generic error message but logging detailed information on the error
Displaying a detailed error message and logging detailed information on the error
Displaying a generic error message and logging generic information on the error

Correct

You should display a generic error message but log detailed information on the error.

Detailed error messages to the user are often confusing to them and give attackers information they can use against the system.

Logging generic information makes it more difficult to troubleshoot the problem later.

See “Protecting Against Advanced Attacks”

1 point(s)

Homer recently received an email thanking him for a purchase that he did not make. He asked an administrator about it and the
administrator noticed a pop-up window, which included the following code:

<body

onload="document.getElementByID('myform').submit()">

<form id="myForm"

action="gcgapremium.com/purchase.php" method="post"

<input name="Buy Now" value="Buy Now" />

</form>

</body>

Which of the following is the MOST likely explanation?

XSRF
Buffer overflow
SQL injection
 Dead code

Correct

A cross-site request forgery (XSRF) attack causes users to perform actions without their knowledge. This scenario indicates the user
visited a web site, most likely through a malicious link, and the link initiated a purchase.

None of the other attacks cause unsuspecting users to make purchases.

A buffer overflow attacks a web site and attempts to access system memory.

A SQL injection attack attempts to access data on a database server.

Dead code is code that never executes and is unrelated to this scenario.

1 point(s)

Your organization has implemented a system that stores user credentials in a central database. Users log on once with their credentials.
They can then access other systems in the organization without logging on again. Which of the following does this describe?

Federation
SAML
Single sign-on
Biometrics

Correct

This describes a single sign-on (SSO) solution in which users only log on once.

Although a federation supports SSO, not all SSO systems use a federation.

Security Assertion Markup Language (SAML) is an SSO solution used for web-based applications, but not all SSO solutions use
SAML.

Biometrics is a method of authentication, such as a fingerprint, but it isn’t an SSO solution.

See “Understanding Identity and Access Management”

1 point(s)

A hard drive failure in one of your organization’s domain controllers resulted in a catastrophic failure. You need to provide a junior
administrator with appropriate credentials to rebuild this server. Of the following choices, what type of account would BEST meet this
need?

Guest account
Privileged account
Service account
Generic account
User account

Incorrect

A privileged account is the best choice of the available answers. More specifically, it would be a user account with administrative
privileges (also known as a privileged account). A user account is most often used by a regular user without administrative privileges.
A generic account (also known as a shared account) is shared between two or more users and is not recommended. A guest account is
disabled by default and it is not appropriate to grant the guest account administrative privileges. A service account is an account
created to be used by a service or application, not a person. A generic account is the same as a shared account and should not be used.

101 Comments