SY0-501 : CompTIA Security+ Certification​​ : Part 26

SY0-501 : CompTIA Security+ Certification​​ : Part 26

1. A security analyst is hardening a WiFi infrastructure.

   The primary requirements are the following:
   – The infrastructure must allow staff to authenticate using the most secure method.
   – The infrastructure must allow guests to use an “open” WiFi network that logs valid email addresses before granting access to the Internet.

   Given these requirements, which of the following statements BEST represents what the analyst should recommend and configure?

   • Configure a captive portal for guests and WPS for staff.
   • Configure a captive portal for staff and WPA for guests.
   • Configure a captive portal for staff and WEP for guests.
   • Configure a captive portal for guest and WPA2 Enterprise for staff

2. A security administrator is trying to eradicate a worm, which is spreading throughout the organization, using an old remote vulnerability in the SMB protocol. The worm uses Nmap to identify target hosts within the company. The administrator wants to implement a solution that will eradicate the current worm and any future attacks that may be using zero-day vulnerabilities.

   Which of the following would BEST meet the requirements when implemented?

   • Host-based firewall
   • Enterprise patch management system
   • Network-based intrusion prevention system
   • Application blacklisting
   • File integrity checking

3. Which of the following is a deployment concept that can be used to ensure only the required OS access is exposed to software applications?

   • Staging environment
   • Sandboxing
   • Secure baseline
   • Trusted OS

4. A procedure differs from a policy in that it:

   • is a high-level statement regarding the company’s position on a topic.
   • sets a minimum expected baseline of behavior.
   • provides step-by-step instructions for performing a task. 
   • describes adverse actions when violations occur.

5. Ann, a user, reports she is unable to access an application from her desktop. A security analyst verifies Ann’s access and checks the SIEM for any errors. The security analyst reviews the log file from Ann’s system and notices the following output:

   

   Which of the following is MOST likely preventing Ann from accessing the application from the desktop?

   • Web application firewall
   • DLP
   • Host-based firewall
   • UTM
   • Network-based firewall

6. Which of the following types of penetration test will allow the tester to have access only to password hashes prior to the penetration test?

   • Black box
   • Gray box
   • Credentialed
   • White box

7. Which of the following threats has sufficient knowledge to cause the MOST danger to an organization?

   • Competitors
   • Insiders
   • Hacktivists
   • Script kiddies

8. While troubleshooting a client application connecting to the network, the security administrator notices the following error: Certificate is not valid.

   Which of the following is the BEST way to check if the digital certificate is valid?

   • PKI
   • CRL
   • CSR
   • IPSec

9. A business sector is highly competitive, and safeguarding trade secrets and critical information is paramount. On a seasonal basis, an organization employs temporary hires and contractor personnel to accomplish its mission objectives. The temporary and contract personnel require access to network resources only when on the clock.

   Which of the following account management practices are the BEST ways to manage these accounts?

   • Employ time-of-day restrictions.
   • Employ password complexity.
   • Employ a random key generator strategy.
   • Employ an account expiration strategy.
   • Employ a password lockout policy

10. Which of the following locations contain the MOST volatile data?

    • SSD
    • Paging file
    • RAM
    • Cache memory

11. Ann, a customer, is reporting that several important files are missing from her workstation. She recently received communication from an unknown party who is requesting funds to restore the files. Which of the following attacks has occurred?

    • Ransomware
    • Keylogger
    • Buffer overflow
    • Rootkit

12. Every morning, a systems administrator monitors failed login attempts on the company’s log management server. The administrator notices the DBAdmin account has five failed username and/or password alerts during a ten-minute window. The systems administrator determines the user account is a dummy account used to attract attackers.

    Which of the following techniques should the systems administrator implement?

    • Role-based access control
    • Honeypot
    • Rule-based access control
    • Password cracker

13. Joe, a user, has been trying to send Ann, a different user, an encrypted document via email. Ann has not received the attachment but is able to receive the header information.

    Which of the following is MOST likely preventing Ann from receiving the encrypted file?

    • Unencrypted credentials
    • Authentication issues
    • Weak cipher suite
    • Permission issues

14. A systems administrator is configuring a system that uses data classification labels.

    Which of the following will the administrator need to implement to enforce access control?

    • Discretionary access control
    • Mandatory access control
    • Role-based access control
    • Rule-based access control

15. An analyst is using a vulnerability scanner to look for common security misconfigurations on devices.

    Which of the following might be identified by the scanner? (Choose two.)

    • The firewall is disabled on workstations.
    • SSH is enabled on servers.
    • Browser homepages have not been customized.
    • Default administrator credentials exist on networking hardware.
    • The OS is only set to check for updates once a day.

16. A security analyst is reviewing patches on servers. One of the servers is reporting the following error message in the WSUS management console:

    The computer has not reported status in 30 days.

    Given this scenario, which of the following statements BEST represents the issue with the output above?

    • The computer in question has not pulled the latest ACL policies for the firewall.
    • The computer in question has not pulled the latest GPO policies from the management server.
    • The computer in question has not pulled the latest antivirus definitions from the antivirus program.
    • The computer in question has not pulled the latest application software updates.

17. A security administrator is reviewing the following PowerShell script referenced in the Task Scheduler on a database server:

    

    Which of the following did the security administrator discover?

    • Ransomeware
    • Backdoor
    • Logic bomb
    • Trojan

18. A bank is experiencing a DoS attack against an application designed to handle 500 IP-based sessions.

    in addition, the perimeter router can only handle 1Gbps of traffic.

    Which of the following should be implemented to prevent a DoS attacks in the future?

    • Deploy multiple web servers and implement a load balancer
    • Increase the capacity of the perimeter router to 10 Gbps
    • Install a firewall at the network to prevent all attacks
    • Use redundancy across all network devices and services

19. A malicious system continuously sends an extremely large number of SYN packets to a server. Which of the following BEST describes the resulting effect?

    • The server will be unable to server clients due to lack of bandwidth
    • The server’s firewall will be unable to effectively filter traffic due to the amount of data transmitted
    • The server will crash when trying to reassemble all the fragmented packets
    • The server will exhaust its memory maintaining half-open connections

20. A systems administrator is deploying a new mission essential server into a virtual environment. Which of the following is BEST mitigated by the environment’s rapid elasticity characteristic?

    • Data confidentiality breaches
    • VM escape attacks
    • Lack of redundancy
    • Denial of service