Last Updated on July 18, 2021 by InfraExam

SY0-501 : CompTIA Security+ Certification​​ : Part 38

  1. A company network is currently under attack. Although security controls are in place to stop the attack, the security administrator needs more information about the types of attacks being used. Which of the following network types would BEST help the administrator gather this information?

    • DMZ
    • Guest network
    • Ad hoc
    • Honeynet
  2. Moving laterally within a network once an initial exploit is used to gain persistent access for the purpose of establishing further control of a system is known as:

    • pivoting.
    • persistence.
    • active reconnaissance.
    • a backdoor.
  3. A systems administrator is increasing the security settings on a virtual host to ensure users on one VM cannot access information from another VM. Which of the following is the administrator protecting against?

    • VM sprawl
    • VM escape
    • VM migration
    • VM sandboxing
  4. A network administrator is implementing multifactor authentication for employees who travel and use company devices remotely by using the company VPN. Which of the following would provide the required level of authentication?

    • 802.1X and OTP
    • Fingerprint scanner and voice recognition
    • RBAC and PIN
    • Username/Password and TOTP
  5. Which of the following encryption algorithms require one encryption key? (Choose two.)

    • MD5
    • 3DES
    • BCRYPT
    • RC4
    • DSA
  6. A preventive control differs from a compensating control in that a preventive control is:

    • put in place to mitigate a weakness in a user control.
    • deployed to supplement an existing control that is EOL.
    • relied on to address gaps in the existing control structure.
    • designed to specifically mitigate a risk.
  7. A systems administrator has installed a new UTM that is capable of inspecting SSL/TLS traffic for malicious payloads. All inbound network traffic coming from the Internet and terminating on the company’s secure web servers must be inspected. Which of the following configurations would BEST support this requirement?

    • The web servers’ CA full certificate chain must be installed on the UTM.
    • The UTM certificate pair must be installed on the web servers.
    • The web servers’ private certificate must be installed on the UTM.
    • The UTM and web servers must use the same certificate authority.
  8. A security administrator receives alerts from the perimeter UTM. Upon checking the logs, the administrator finds the following output:

    Time: 12/25 0300
    From Zone: Untrust
    To Zone: DMZ
    Attacker: externalip.com
    Victim: 172.16.0.20
    To Port: 80
    Action: Alert
    Severity: Critical

    When examining the PCAP associated with the event, the security administrator finds the following information:

    <script> alert ("Click here for important information regarding your account! http://externalip.com/account.php"); </script>

    Which of the following actions should the security administrator take?

    • Upload the PCAP to the IDS in order to generate a blocking signature to block the traffic.
    • Manually copy the <script> data from the PCAP file and generate a blocking signature in the HIDS to block the traffic for future events.
    • Implement a host-based firewall rule to block future events of this type from occurring.
    • Submit a change request to modify the XSS vulnerability signature to TCP reset on future attempts.
  9. Given the information below:

    MD5HASH document.doc 049eab40fd36caadlfab10b3cdf4a883
    MD5HASH image.jpg 049eab40fd36caadlfab10b3cdf4a883

    Which of the following concepts are described above? (Choose two.)

    • Salting
    • Collision
    • Steganography
    • Hashing
    • Key stretching
  10. An organization wishes to allow its users to select devices for business use but does not want to overwhelm the service desk with requests for too many different device types and models. Which of the following deployment models should the organization use to BEST meet these requirements?

    • VDI environment
    • CYOD model
    • DAC mode
    • BYOD model
  11. A state-sponsored threat actor has launched several successful attacks against a corporate network. Although the target has a robust patch management program in place, the attacks continue in depth and scope, and the security department has no idea how the attacks are able to gain access. Given that patch management and vulnerability scanners are being used, which of the following would be used to analyze the attack methodology?

    • Rogue system detection
    • Honeypots
    • Next-generation firewall
    • Penetration test
  12. A technician, who is managing a secure B2B connection, noticed the connection broke last night. All networking equipment and media are functioning as expected, which leads the technician to question certain PKI components. Which of the following should the technician use to validate this assumption? (Choose two.)

    • PEM
    • CER
    • SCEP
    • CRL
    • OCSP
    • PFX
  13. A security administrator is investigating a report that a user is receiving suspicious emails. The user’s machine has an old functioning modem installed. Which of the following security concerns need to be identified and mitigated? (Choose two.)

    • Vishing
    • Whaling
    • Spear phishing
    • Pharming
    • War dialing
    • Hoaxing
  14. Which of the following provides PFS?

    • AES
    • RC4
    • DHE
    • HMAC
  15. A Chief Information Officer (CIO) is concerned that encryption keys might be exfiltrated by a contractor. The CIO wants to keep control over key visibility and management. Which of the following would be the BEST solution for the CIO to implement?”

    • HSM
    • CA
    • SSH
    • SSL
  16. A company recently implemented a new security system. In the course of configuration, the security administrator adds the following entry:

    #Whitelist
    USB\VID_13FE&PID_4127&REV_0100

    Which of the following security technologies is MOST likely being configured?

    • Application whitelisting
    • HIDS
    • Data execution prevention
    • Removable media control
  17. A penetration tester is checking to see if an internal system is vulnerable to an attack using a remote listener. Which of the following commands should the penetration tester use to verify if this vulnerability exists? (Choose two.)

    • tcpdump
    • nc
    • nmap
    • nslookup
    • tail
    • tracert
  18. Which of the following is MOST likely caused by improper input handling?

    • Loss of database tables
    • Untrusted certificate warning
    • Power off reboot loop
    • Breach of firewall ACLs
  19. A security administrator is investigating a possible account compromise. The administrator logs onto a desktop computer, executes the command notepad.exe c:\Temp\qkakforlkgfkja.1og, and reviews the following:

    Lee,\rI have completed the task that was assigned to me\rrespectfully\rJohn\r
    https://www.portal.com\rjohnuser\rilovemycat2

    Given the above output, which of the following is the MOST likely cause of this compromise?

    • Virus
    • Worm
    • Rootkit
    • Keylogger
  20. Which of the following command line tools would be BEST to identify the services running in a server?

    • Traceroute
    • Nslookup
    • Ipconfig
    • Netstat