Last Updated on July 16, 2021 by InfraExam
SY0-501 : CompTIA Security+ Certification : Part 21
A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet: c:\nslookup -querytype=MX comptia.org
comptia.org MX preference=10, mail exchanger = 220.127.116.11 comptia.org MX preference=20, mail exchanger = exchg1.comptia.org exchg1.comptia.org internet address = 192.168.102.67
Which of the following should the penetration tester conclude about the command output?
- The public/private views on the Comptia.org DNS servers are misconfigured.
- Comptia.org is running an older mail server, which may be vulnerable to exploits.
- The DNS SPF records have not been updated for Comptia.org.
- 192.168.102.67 is a backup mail server that may be more vulnerable to attack.
A security analyst is inspecting the results of a recent internal vulnerability scan that was performed against intranet services.
The scan reports include the following critical-rated vulnerability: Title: Remote Command Execution vulnerability in web server Rating: Critical (CVSS 10.0)
Threat actor: any remote user of the web server
Recommendation: apply vendor patches
Which of the following actions should the security analyst perform FIRST?
- Escalate the issue to senior management.
- Apply organizational context to the risk rating.
- Organize for urgent out-of-cycle patching.
- Exploit the server to check whether it is a false positive.
Company A agrees to provide perimeter protection, power, and environmental support with
measurable goals for Company B, but will not be responsible for user authentication or patching of operating systems within the perimeter.
Which of the following is being described?
- Service level agreement
- Memorandum of understanding
- Business partner agreement
- Interoperability agreement
A company is deploying smartphones for its mobile salesforce. These devices are for personal and business use but are owned by the company. Sales personnel will save new customer data via a custom application developed for the company. This application will integrate with the contact information stored in the smartphones and will populate new customer records onto it.
The customer application’s data is encrypted at rest, and the application’s connection to the back office system is considered secure. The Chief Information Security Officer (CISO) has concerns that customer contact information may be accidentally leaked due to the limited security capabilities of the devices and the planned controls.
Which of the following will be the MOST efficient security control to implement to lower this risk?
- Implement a mobile data loss agent on the devices to prevent any user manipulation with the contact information.
- Restrict screen capture features on the devices when using the custom application and the contact information.
- Restrict contact information storage dataflow so it is only shared with the customer application.
- Require complex passwords for authentication when accessing the contact information.
The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality.
Which of the following equipment MUST be deployed to guard against unknown threats?
- Cloud-based antivirus solution, running as local admin, with push technology for definition updates
- Implementation of an off-site datacenter hosting all company data, as well as deployment of VDI for all client computing needs
- Host-based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs
- Behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed
An organization has several production-critical SCADA supervisory systems that cannot follow the normal 30- day patching policy.
Which of the following BEST maximizes the protection of these systems from malicious software?
- Configure a firewall with deep packet inspection that restricts traffic to the systems.
- Configure a separate zone for the systems and restrict access to known ports.
- Configure the systems to ensure only necessary applications are able to run.
- Configure the host firewall to ensure only the necessary applications have listening ports
An organization identifies a number of hosts making outbound connections to a known malicious IP over port TCP 80. The organization wants to identify the data being transmitted and prevent future connections to this IP.
Which of the following should the organization do to achieve this outcome?
- Use a protocol analyzer to reconstruct the data and implement a web-proxy.
- Deploy a web-proxy and then blacklist the IP on the firewall.
- Deploy a web-proxy and implement IPS at the network edge.
- Use a protocol analyzer to reconstruct the data and blacklist the IP on the firewall.
Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks.
Which of the following would have allowed the security team to use historical information to protect against the second attack?
- Key risk indicators
- Lessons learned
- Recovery point objectives
- Tabletop exercise
A small company’s Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company’s security posture quickly with regard to targeted attacks.
Which of the following should the CSO conduct FIRST?
- Survey threat feeds from services inside the same industry.
- Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic
- Conduct an internal audit against industry best practices to perform a qualitative analysis.
- Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
During a routine vulnerability assessment, the following command was successful:
echo “vrfy ‘perl -e ‘print “hi” x 500 ‘ ‘ ” | nc www.company.com 25
Which of the following vulnerabilities is being exploited?
- Buffer overflow directed at a specific host MTA
- SQL injection directed at a web server
- Cross-site scripting directed at www.company.com
- Race condition in a UNIX shell script
A forensic investigator has run into difficulty recovering usable files from a SAN drive. Which of the following SAN features might have caused the problem?
- Storage multipaths
- iSCSI initiator encryption
- Data snapshots
A company offers SaaS, maintaining all customers’ credentials and authenticating locally. Many large customers have requested the company offer some form of federation with their existing authentication infrastructures.
Which of the following would allow customers to manage authentication and authorizations from within their existing organizations?
- Implement SAML so the company’s services may accept assertions from the customers’ authentication servers.
- Provide customers with a constrained interface to manage only their users’ accounts in the company’s active directory server.
- Provide a system for customers to replicate their users’ passwords from their authentication service to the company’s.
- Use SOAP calls to support authentication between the company’s product and the customers’ authentication servers.
A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production.
Which of the following development methodologies is the team MOST likely using now?
Following the successful response to a data-leakage incident, the incident team lead facilitates an exercise that focuses on continuous improvement of the organization’s incident response capabilities. Which of the following activities has the incident team lead executed?
- Lessons learned review
- Root cause analysis
- Incident audit
- Corrective action exercise
A security analyst is attempting to break into a client’s secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use. After network enumeration, the analyst’s NEXT step is to perform:
- a risk analysis.
- a vulnerability assessment.
- a gray-box penetration test.
- an external security audit.
- a red team exercise.
A security architect has convened a meeting to discuss an organization’s key management policy. The organization has a reliable internal key management system, and some argue that it would be best to manage the cryptographic keys internally as opposed to using a solution from a third party. The company should use:
- the current internal key management system.
- a third-party key management system that will reduce operating costs.
- risk benefits analysis results to make a determination.
- a software solution including secure key escrow capabilities.
After a recent internal breach, a company decided to regenerate and reissue all certificates used in the transmission of confidential information. The company places the greatest importance on confidentiality and non-repudiation, and decided to generate dual key pairs for each client. Which of the following BEST describes how the company will use these certificates?
- One key pair will be used for encryption and decryption. The other will be used to digitally sign the data.
- One key pair will be used for encryption. The other key pair will provide extended validation.
- Data will be encrypted once by each key, doubling the confidentiality and non-repudiation strength.
- One key pair will be used for internal communication, and the other will be used for external communication.
A security manager is creating an account management policy for a global organization with sales personnel who must access corporate network resources while traveling all over the world.
Which of the following practices is the security manager MOST likely to enforce with the policy? (Choose two.)
- Time-of-day restrictions
- Password complexity
- Location-based authentication
- Group-based access control
- Standard naming convention
A security administrator learns that PII, which was gathered by the organization, has been found in an open forum. As a result, several C-level executives found their identities were compromised, and they were victims of a recent whaling attack.
Which of the following would prevent these problems in the future? (Choose two.)
- Implement a reverse proxy.
- Implement an email DLP.
- Implement a spam filter.
- Implement a host-based firewall.
- Implement a HIDS.
A security engineer is configuring a wireless network with EAP-TLS. Which of the following activities is a requirement for this configuration?
- Setting up a TACACS+ server
- Configuring federation between authentication servers
- Enabling TOTP
- Deploying certificates to endpoint devices