Last Updated on July 16, 2021 by Admin 3

SY0-501 : CompTIA Security+ Certification​​ : Part 24

  1. A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal login. Which of the following should the systems administrator configure?

    • L2TP with MAC filtering
    • EAP-TTLS
    • WPA2-CCMP with PSK
    • RADIUS federation
    Explanation:

    RADIUS generally includes 802.1X that pre-authenticates devices.

  2. Which of the following uses precomputed hashes to guess passwords?

    • Iptables
    • NAT tables
    • Rainbow tables
    • ARP tables
  3. A Chief Information Security Officer (CISO) has tasked a security analyst with assessing the security posture of an organization and which internal factors would contribute to a security compromise. The analyst performs a walk-through of the organization and discovers there are multiple instances of unlabeled optical media on office desks. Employees in the vicinity either do not claim ownership or disavow any knowledge concerning who owns the media. Which of the following is the MOST immediate action to be taken?

    • Confiscate the media and dispose of it in a secure manner as per company policy.
    • Confiscate the media, insert it into a computer, find out what is on the disc, and then label it and return it to where it was found.
    • Confiscate the media and wait for the owner to claim it. If it is not claimed within one month, shred it.
    • Confiscate the media, insert it into a computer, make a copy of the disc, and then return the original to where it was found.
  4. A company has noticed multiple instances of proprietary information on public websites. It has also observed an increase in the number of email messages sent to random employees containing malicious links and PDFs. Which of the following changes should the company make to reduce the risks associated with phishing attacks? (Choose two.)

    • Install an additional firewall
    • Implement a redundant email server
    • Block access to personal email on corporate systems
    • Update the X.509 certificates on the corporate email server
    • Update corporate policy to prohibit access to social media websites 
    • Review access violation on the file server
  5. A security analyst is investigating a potential breach. Upon gathering, documenting, and securing the evidence, which of the following actions is the NEXT step to minimize the business impact?

    • Launch an investigation to identify the attacking host
    • Initiate the incident response plan
    • Review lessons learned captured in the process
    • Remove malware and restore the system to normal operation
  6. Joe, a salesman, was assigned to a new project that requires him to travel to a client site. While waiting for a flight, Joe, decides to connect to the airport wireless network without connecting to a VPN, and the sends confidential emails to fellow colleagues. A few days later, the company experiences a data breach. Upon investigation, the company learns Joe’s emails were intercepted. Which of the following MOST likely caused the data breach?

    • Policy violation
    • Social engineering
    • Insider threat
    • Zero-day attack
  7. A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed?

    • Mission-essential function
    • Single point of failure
    • backup and restoration plans
    • Identification of critical systems

    Explanation:

    The BIA is composed of the following three steps: Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime.

  8. A company wants to ensure confidential data from storage media is sanitized in such a way that the drive cannot be reused. Which of the following method should the technician use?

    • Shredding
    • Wiping
    • Low-level formatting
    • Repartitioning
    • Overwriting
  9. A forensic expert is given a hard drive from a crime scene and is asked to perform an investigation. Which of the following is the FIRST step the forensic expert needs to take the chain of custody?

    • Make a forensic copy
    • Create a hash of the hard drive
    • Recover the hard drive data
    • Update the evidence log
  10. An incident response manager has started to gather all the facts related to a SIEM alert showing

    multiple systems may have been compromised.

    The manager has gathered these facts:

    – The breach is currently indicated on six user PCs

    – One service account is potentially compromised

    – Executive management has been notified

    In which of the following phases of the IRP is the manager currently working?

    • Recovery
    • Eradication
    • Containment
    • Identification
  11. A stock trading company had the budget for enhancing its secondary datacenter approved. Since the main site is in a hurricane-affected area and the disaster recovery site is 100mi (161km) away, the company wants to ensure its business is always operational with the least amount of man hours needed. Which of the following types of disaster recovery sites should the company implement?

    • Hot site
    • Warm site
    • Cold site
    • Cloud-based site
  12. User from two organizations, each with its own PKI, need to begin working together on a joint project. Which of the following would allow the users of the separate PKIs to work together without connection errors?

    • Trust model
    • Stapling
    • Intermediate CA
    • Key escrow
  13. A security analyst is mitigating a pass-the-hash vulnerability on a Windows infrastructure.

    Given the requirement, which of the following should the security analyst do to MINIMIZE the risk?

    • Enable CHAP
    • Disable NTLM
    • Enable Kerebos
    • Disable PAP
  14. A security analyst is reviewing an assessment report that includes software versions, running services, supported encryption algorithms, and permission settings. Which of the following produced the report?

    • Vulnerability scanner
    • Protocol analyzer
    • Network mapper
    • Web inspector
  15. A Chief Information Officer (CIO) asks the company’s security specialist if the company should spend any funds on malware protection for a specific server. Based on a risk assessment, the ARO value of a malware infection for a server is 5 and the annual cost for the malware protection is $2500.

    Which of the following SLE values warrants a recommendation against purchasing the malware protection?

    • $500
    • $1000
    • $2000
    • $2500
  16. A recent internal audit is forcing a company to review each internal business unit’s VMs because the cluster they are installed on is in danger of running out of computer resources. Which of the following vulnerabilities exists?

    • Buffer overflow
    • End-of-life systems
    • System sprawl
    • Weak configuration
  17. A security analyst is attempting to identify vulnerabilities in a customer’s web application without impacting the system or its data.

    Which of the following BEST describes the vulnerability scanning concept performed?

    • Aggressive scan
    • Passive scan
    • Non-credentialed scan
    • Compliance scan
  18. Two users must encrypt and transmit large amounts of data between them.

    Which of the following should they use to encrypt and transmit the data?

    • Symmetric algorithm
    • Hash function
    • Digital signature
    • Obfuscation
  19. A new Chief Information Officer (CIO) has been reviewing the badging procedures and decides to write a policy that all employees must have their badges rekeyed at least annually. Which of the following controls BEST describes this policy?

    • Physical
    • Corrective
    • Technical
    • Administrative
  20. A software developer is concerned about DLL hijacking in an application being written. Which of the following is the MOST viable mitigation measure of this type of attack?

    • The DLL of each application should be set individually
    • All calls to different DLLs should be hard-coded in the application 
    • Access to DLLs from the Windows registry should be disabled
    • The affected DLLs should be renamed to avoid future hijacking