Last Updated on July 18, 2021 by InfraExam
SY0-501 : CompTIA Security+ Certification : Part 40
An organization’s IRP prioritizes containment over eradication. An incident has been discovered where an attacker outside of the organization has installed cryptocurrency mining software on the organization’s web servers. Given the organization’s stated priorities, which of the following would be the NEXT step?
- Remove the affected servers from the network.
- Review firewall and IDS logs to identify possible source IPs.
- Identify and apply any missing operating system and software patches.
- Delete the malicious software and determine if the servers must be reimaged.
During a security audit of a company’s network, unsecure protocols were found to be in use. A network administrator wants to ensure browser-based access to company switches is using the most secure protocol. Which of the following protocols should be implemented?
While monitoring the SIEM, a security analyst observes traffic from an external IP to an IP address of the business network on port 443. Which of the following protocols would MOST likely cause this traffic?
A technician is required to configure updates on a guest operating system while maintaining the ability to quickly revert the changes that were made while testing the updates. Which of the following should the technician implement?
- Revert to known state
- Rollback to known configuration
- Shadow copy
A technician is investigating a report of unusual behavior and slow performance on a company-owned laptop. The technician runs a command and reviews the following information:
Based on the above information, which of the following types of malware should the technician report?
- Logic bomb
An organization is building a new customer services team, and the manager needs to keep the team focused on customer issues and minimize distractions. The users have a specific set of tools installed, which they must use to perform their duties. Other tools are not permitted for compliance and tracking purposes. Team members have access to the Internet for product lookups and to research customer issues. Which of the following should a security engineer employ to fulfill the requirements for the manager?
- Install a web application firewall.
- Install HIPS on the team’s workstations.
- Implement containerization on the workstations.
- Configure whitelisting for the team.
An administrator is disposing of media that contains sensitive information. Which of the following will provide the MOST effective method to dispose of the media while ensuring the data will be unrecoverable?
- Wipe the hard drive.
- Shred the hard drive.
- Sanitize all of the data.
- Degauss the hard drive.
Which of the following is the MOST likely motivation for a script kiddie threat actor?
- Financial gain
- Political expression
- Corporate espionage
After discovering a security incident and removing the affected files, an administrator disabled an unneeded service that led to the breach. Which of the following steps in the incident response process has the administrator just completed?
A company employee recently retired, and there was a schedule delay because no one was capable of filling the employee’s position. Which of the following practices would BEST help to prevent this situation in the future?
- Mandatory vacation
- Separation of duties
- Job rotation
- Exit interviews
A security analyst is interested in setting up an IDS to monitor the company network. The analyst has been told there can be no network downtime to implement the solution, but the IDS must capture all of the network traffic. Which of the following should be used for the IDS implementation?
- Network tap
- Port mirror
A contracting company recently completed its period of performance on a government contract and would like to destroy all information associated with contract performance. Which of the following is the best NEXT step for the company to take?
- Consult data disposition policies in the contract.
- Use a pulper or pulverizer for data destruction.
- Retain the data for a period no more than one year.
- Burn hard copies containing PII or PHI
A systems administrator is receiving multiple alerts from the company NIPS. A review of the NIPS logs shows the following:
reset both: 184.108.40.206:3194 –> 10.4.100.4:80 buffer overflow attempt reset both: 220.127.116.11:3230 –> 10.4.100.4:80 directory traversal attack reset client: 18.104.22.168:4019 –> 10.4.100.4:80 Blind SQL injection attack
Which of the following should the systems administrator report back to management?
- The company web server was attacked by an external source, and the NIPS blocked the attack.
- The company web and SQL servers suffered a DoS caused by a misconfiguration of the NIPS.
- An external attacker was able to compromise the SQL server using a vulnerable web application.
- The NIPS should move from an inline mode to an out-of-band mode to reduce network latency.
Which of the following BEST distinguishes Agile development from other methodologies in terms of vulnerability management?
- Cross-functional teams
- Rapid deployments
- Daily standups
- Peer review
- Creating user stories
An organization is concerned about video emissions from users’ desktops. Which of the following is the BEST solution to implement?
- Screen filters
- Shielded cables
- Spectrum analyzers
- Infrared detection
Given the line of code above, which of the following BEST represents the attack performed during the breach?
Which of the following documents would provide specific guidance regarding ports and protocols that should be disabled on an operating system?
- Regulatory requirements
- Secure configuration guide
- Application installation guides
- User manuals
A security analyst is investigating a call from a user regarding one of the websites receiving a 503: Service Unavailable error. The analyst runs a netstat-an command to discover if the web server is up and listening. The analyst receives the following output:
TCP 10.1.5.2:80 192.168.2.112:60973 TIME_WAIT TCP 10.1.5.2:80 192.168.2.112:60974 TIME_WAIT TCP 10.1.5.2:80 192.168.2.112:60975 TIME_WAIT TCP 10.1.5.2:80 192.168.2.112:60976 TIME_WAIT TCP 10.1.5.2:80 192.168.2.112:60977 TIME_WAIT TCP 10.1.5.2:80 192.168.2.112:60978 TIME_WAIT
Which of the following types of attack is the analyst seeing?
- Buffer overflow
- Domain hijacking
- Denial of service
- ARP poisoning
Which of the following serves to warn users against downloading and installing pirated software on company devices?
An organization wants to set up a wireless network in the most secure way. Budget is not a major consideration, and the organization is willing to accept some complexity when clients are connecting. It is also willing to deny wireless connectivity for clients who cannot be connected in the most secure manner. Which of the following would be the MOST secure setup that conforms to the organization’s requirements?
- Enable WPA2-PSK for older clients and WPA2-Enterprise for all other clients.
- Enable WPA2-PSK, disable all other modes, and implement MAC filtering along with port security.
- Use WPA2-Enterprise with RADIUS and disable pre-shared keys.
- Use WPA2-PSK with a 24-character complex password and change the password monthly.