Last Updated on July 16, 2021 by InfraExam
SY0-501 : CompTIA Security+ Certification : Part 25
An application was recently compromised after some malformed data came in via web form. Which of the following would MOST likely have prevented this?
- Input validation
- Proxy server
- Stress testing
While working on an incident, Joe, a technician, finished restoring the OS and applications on a workstation from the original media. Joe is about to begin copying the user’s files back onto the hard drive.
Which of the following incident response steps is Joe working on now?
A systems administrator found a suspicious file in the root of the file system. The file contains URLs, usernames, passwords, and text from other documents being edited on the system. Which of the following types of malware would generate such a file?
A computer emergency response team is called at midnight to investigate a case in which a mail server was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an active connection.
Which of the following is the NEXT step the team should take?
- Identify the source of the active connection
- Perform eradication of active connection and recover
- Performance containment procedure by disconnecting the server
- Format the server and restore its initial configuration
A remote intruder wants to take inventory of a network so exploits can be researched. The intruder is looking for information about software versions on the network. Which of the following techniques is the intruder using?
- Banner grabbing
- Port scanning
- Packet sniffing
- Virus scanning
A security technician is configuring an access management system to track and record user actions. Which of the following functions should the technician configure?
A security administrator installed a new network scanner that identifies new host systems on the network.
Which of the following did the security administrator install?
- Vulnerability scanner
- Network-based IDS
- Rogue system detection
- Configuration compliance scanner
A Chief Information Officer (CIO) has decided it is not cost effective to implement safeguards against a known vulnerability.
Which of the following risk responses does this BEST describe?
A technician is investigating a potentially compromised device with the following symptoms:
– Browser slowness
– Frequent browser crashes
– Hourglass stuck
– New search toolbar
– Increased memory consumption
Which of the following types of malware has infected the system?
A penetration tester has written an application that performs a bit-by-bit XOR 0xFF operation on binaries prior to transmission over untrusted media. Which of the following BEST describes the action performed by this type of application?
- Key exchange
An audit reported has identifies a weakness that could allow unauthorized personnel access to the facility at its main entrance and from there gain access to the network. Which of the following would BEST resolve the vulnerability?
- Faraday cage
- Air gap
When attempting to secure a mobile workstation, which of the following authentication technologies rely on the user’s physical characteristics? (Choose two.)
- MAC address table
- Retina scan
- Fingerprint scan
- Two-factor authentication
- Password string
Systems administrator and key support staff come together to simulate a hypothetical interruption of service. The team updates the disaster recovery processes and documentation after meeting. Which of the following describes the team’s efforts?
- Business impact analysis
- Continuity of operation
- Tabletop exercise
- Order of restoration
A company has two wireless networks utilizing captive portals. Some employees report getting a trust error in their browsers when connecting to one of the networks.
Both captive portals are using the same server certificate for authentication, but the analyst notices the following differences between the two certificate details:
Geotrust Global CA
Which of the following would resolve the problem?
- Use a wildcard certificate.
- Use certificate chaining.
- Use a trust model.
- Use an extended validation certificate.
Company A has acquired Company B. Company A has different domains spread globally, and typically migrates its acquisitions infrastructure under its own domain infrastructure. Company B, however, cannot be merged into Company A’s domain infrastructure.
Which of the following methods would allow the two companies to access one another’s resources?
- Single sign-on
A technician is configuring a load balancer for the application team to accelerate the network performance of their applications. The applications are hosted on multiple servers and must be redundant.
Given this scenario, which of the following would be the BEST method of configuring the load balancer?
- Least connection
An organization’s employees currently use three different sets of credentials to access multiple internal resources. Management wants to make this process less complex. Which of the following would be the BEST option to meet this goal?
- Transitive trust
- Single sign-on
- Secure token
An external attacker can modify the ARP cache of an internal computer.
Which of the following types of attacks is described?
- DNS poisoning
- Client-side attack
A systems administrator has isolated an infected system from the network and terminated the malicious process from executing.
Which of the following should the administrator do NEXT according to the incident response process?
- Restore lost data from a backup.
- Wipe the system.
- Document the lessons learned.
- Notify regulations of the incident.
A new security administrator ran a vulnerability scanner for the first time and caused a system outage.
Which of the following types of scans MOST likely caused the outage?
- Non-intrusive credentialed scan
- Non-intrusive non-credentialed scan
- Intrusive credentialed scan
- Intrusive non-credentialed scan