Last Updated on July 16, 2021 by InfraExam
SY0-501 : CompTIA Security+ Certification : Part 23
Which of the following is used to validate the integrity of data?
A user typically works remotely over the holidays using a web-based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. Which of the following is MOST likely the cause?
- The certificate has expired
- The browser does not support SSL
- The user’s account is locked out
- The VPN software has reached the seat license maximum
When it comes to cloud computing, if one of the requirements for a project is to have the most control over the systems in the cloud, which of the following is a service model that would be BEST suited for this goal?
A security analyst is acquiring data from a potential network incident.
Which of the following evidence is the analyst MOST likely to obtain to determine the incident?
- Volatile memory capture
- Traffic and logs
- System image capture
A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port.
Upon investigation, the origin host that initiated the socket shows this output:
Given the above output, which of the following commands would have established the questionable socket?
- traceroute 184.108.40.206
- ping -1 30 220.127.116.11 -s 600
- nc -1 192.168.5.1 -p 9856
- pskill pid 9487
A security administrator has written a script that will automatically upload binary and text-based configuration files onto a remote server using a scheduled task. The configuration files contain sensitive information.
Which of the following should the administrator use? (Choose two.)
- FTP over a non-standard pot
- Certificate-based authentication
A security analyst conducts a manual scan on a known hardened host that identifies many non-compliant configuration items.
Which of the following BEST describe why this has occurred? (Choose two.)
- Privileged-user credentials were used to scan the host
- Non-applicable plugins were selected in the scan policy
- The incorrect audit file was used
- The output of the report contains false positives
- The target host has been compromised
Which of the following solutions should an administrator use to reduce the risk from an unknown vulnerability in a third-party software application?
A network administrator needs to allocate a new network for the R&D group. The network must not be accessible from the Internet regardless of the network firewall or other external misconfigurations. Which of the following settings should the network administrator implement to accomplish this?
- Configure the OS default TTL to 1
- Use NAT on the R&D network
- Implement a router ACL
- Enable protected ports on the switch
To help prevent one job role from having sufficient access to create, modify, and approve payroll data, which of the following practices should be employed?
- Least privilege
- Job rotation
- Background checks
- Separation of duties
When attackers use a compromised host as a platform for launching attacks deeper into a company’s network, it is said that they are:
- escalating privilege
- becoming persistent
The help desk received a call after hours from an employee who was attempting to log into the payroll server remotely. When the help desk returned the call the next morning, the employee was able to log into the server remotely without incident. However, the incident occurred again the next evening.
Which of the following BEST describes the cause of the issue?
- The password expired on the account and needed to be reset
- The employee does not have the rights needed to access the database remotely
- Time-of-day restrictions prevented the account from logging in
- The employee’s account was locked out and needed to be unlocked
An analyst receives an alert from the SIEM showing an IP address that does not belong to the assigned network can be seen sending packets to the wrong gateway.
Which of the following network devices is misconfigured and which of the following should be done to remediate the issue?
- Firewall; implement an ACL on the interface
- Router; place the correct subnet on the interface
- Switch; modify the access port to trunk port
- Proxy; add the correct transparent interface
A home invasion occurred recently in which an intruder compromised a home network and accessed a WiFI- enabled baby monitor while the baby’s parents were sleeping.
Which of the following BEST describes how the intruder accessed the monitor?
- Outdated antivirus
- WiFi signal strength
- Social engineering
- Default configuration
A security engineer must install the same x.509 certificate on three different servers. The client application that connects to the server performs a check to ensure the certificate matches the host name. Which of the following should the security engineer use?
- Wildcard certificate
- Extended validation certificate
- Certificate chaining
- Certificate utilizing the SAN file
SAN = Subject Alternate Names
Which of the following refers to the term used to restore a system to its operational state?
A Chief Information Officer (CIO) recently saw on the news that a significant security flaws exists with a specific version of a technology the company uses to support many critical application. The CIO wants to know if this reported vulnerability exists in the organization and, if so, to what extent the company could be harmed.
Which of the following would BEST provide the needed information?
- Penetration test
- Vulnerability scan
- Active reconnaissance
- Patching assessment report
An organization is expanding its network team. Currently, it has local accounts on all network devices, but with growth, it wants to move to centrally managed authentication. Which of the following are the BEST solutions for the organization? (Choose two.)
An active/passive configuration has an impact on:
Which of the following would provide additional security by adding another factor to a smart card?
- Proximity badge
- Physical key