SY0-501 : CompTIA Security+ Certification​​ : Part 25

  1. An application was recently compromised after some malformed data came in via web form. Which of the following would MOST likely have prevented this?

    • Input validation
    • Proxy server
    • Stress testing
    • Encoding
  2. While working on an incident, Joe, a technician, finished restoring the OS and applications on a workstation from the original media. Joe is about to begin copying the user’s files back onto the hard drive.

    Which of the following incident response steps is Joe working on now?

    • Recovery
    • Eradication
    • Containment
    • Identification
  3. A systems administrator found a suspicious file in the root of the file system. The file contains URLs, usernames, passwords, and text from other documents being edited on the system. Which of the following types of malware would generate such a file?

    • Keylogger
    • Rootkit
    • Bot
    • RAT
  4. A computer emergency response team is called at midnight to investigate a case in which a mail server was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an active connection.

    Which of the following is the NEXT step the team should take?

    • Identify the source of the active connection
    • Perform eradication of active connection and recover
    • Performance containment procedure by disconnecting the server
    • Format the server and restore its initial configuration
  5. A remote intruder wants to take inventory of a network so exploits can be researched. The intruder is looking for information about software versions on the network. Which of the following techniques is the intruder using?

    • Banner grabbing
    • Port scanning
    • Packet sniffing
    • Virus scanning
  6. A security technician is configuring an access management system to track and record user actions. Which of the following functions should the technician configure?

    • Accounting
    • Authorization
    • Authentication
    • Identification
  7. A security administrator installed a new network scanner that identifies new host systems on the network.

    Which of the following did the security administrator install?

    • Vulnerability scanner
    • Network-based IDS
    • Rogue system detection
    • Configuration compliance scanner
  8. A Chief Information Officer (CIO) has decided it is not cost effective to implement safeguards against a known vulnerability.

    Which of the following risk responses does this BEST describe?

    • Transference
    • Avoidance
    • Mitigation
    • Acceptance
  9. A technician is investigating a potentially compromised device with the following symptoms:

    – Browser slowness

    – Frequent browser crashes

    – Hourglass stuck

    – New search toolbar

    – Increased memory consumption

    Which of the following types of malware has infected the system?

    • Man-in-the-browser
    • Spoofer
    • Spyware
    • Adware
  10. A penetration tester has written an application that performs a bit-by-bit XOR 0xFF operation on binaries prior to transmission over untrusted media. Which of the following BEST describes the action performed by this type of application?

    • Hashing
    • Key exchange
    • Encryption
    • Obfusication
  11. An audit reported has identifies a weakness that could allow unauthorized personnel access to the facility at its main entrance and from there gain access to the network. Which of the following would BEST resolve the vulnerability?

    • Faraday cage
    • Air gap
    • Mantrap
    • Bollards
  12. When attempting to secure a mobile workstation, which of the following authentication technologies rely on the user’s physical characteristics? (Choose two.)

    • MAC address table
    • Retina scan
    • Fingerprint scan
    • Two-factor authentication
    • CAPTCHA
    • Password string
  13. Systems administrator and key support staff come together to simulate a hypothetical interruption of service. The team updates the disaster recovery processes and documentation after meeting. Which of the following describes the team’s efforts?

    • Business impact analysis
    • Continuity of operation
    • Tabletop exercise
    • Order of restoration
  14. A company has two wireless networks utilizing captive portals. Some employees report getting a trust error in their browsers when connecting to one of the networks.
    Both captive portals are using the same server certificate for authentication, but the analyst notices the following differences between the two certificate details:
    Certificate 1
    Certificate Path:
    Geotrust Global CA
    *company.com
    Certificate 2
    Certificate Path:
    *company.com

    Which of the following would resolve the problem?

    • Use a wildcard certificate.
    • Use certificate chaining.
    • Use a trust model.
    • Use an extended validation certificate.
  15. Company A has acquired Company B. Company A has different domains spread globally, and typically migrates its acquisitions infrastructure under its own domain infrastructure. Company B, however, cannot be merged into Company A’s domain infrastructure.

    Which of the following methods would allow the two companies to access one another’s resources?

    • Attestation
    • Federation
    • Single sign-on
    • Kerberos
  16. A technician is configuring a load balancer for the application team to accelerate the network performance of their applications. The applications are hosted on multiple servers and must be redundant.

    Given this scenario, which of the following would be the BEST method of configuring the load balancer?

    • Round-robin
    • Weighted
    • Least connection
    • Locality-based
  17. An organization’s employees currently use three different sets of credentials to access multiple internal resources. Management wants to make this process less complex. Which of the following would be the BEST option to meet this goal?

    • Transitive trust
    • Single sign-on
    • Federation
    • Secure token
  18. An external attacker can modify the ARP cache of an internal computer.

    Which of the following types of attacks is described?

    • Replay
    • Spoofing
    • DNS poisoning
    • Client-side attack
  19. A systems administrator has isolated an infected system from the network and terminated the malicious process from executing.

    Which of the following should the administrator do NEXT according to the incident response process?

    • Restore lost data from a backup.
    • Wipe the system.
    • Document the lessons learned.
    • Notify regulations of the incident.
  20. A new security administrator ran a vulnerability scanner for the first time and caused a system outage.

    Which of the following types of scans MOST likely caused the outage?

    • Non-intrusive credentialed scan
    • Non-intrusive non-credentialed scan
    • Intrusive credentialed scan
    • Intrusive non-credentialed scan