SY0-501 : CompTIA Security+ Certification​​ : Part 42

  1. Which of the following BEST describes the concept of perfect forward secrecy?

    • Using quantum random number generation to make decryption effectively impossible
    • Preventing cryptographic reuse so a compromise of one operation does not affect other operations
    • Implementing elliptic curve cryptographic algorithms with true random numbers
    • The use of NDAs and policy controls to prevent disclosure of company secrets
  2. Which of the following is the MAIN disadvantage of using SSO?

    • The architecture can introduce a single point of failure.
    • Users need to authenticate for each resource they access.
    • It requires an organization to configure federation.
    • The authentication is transparent to the user.
  3. An intruder sniffs network traffic and captures a packet of internal network transactions that add funds to a game card. The intruder pushes the same packet multiple times across the network, which increments the funds on the game card. Which of the following should a security administrator implement to BEST protect against this type of attack?

    • An IPS
    • A WAF
    • SSH
    • An IPSec VPN
  4. Which of the following is a reason why an organization would define an AUP?

    • To define the lowest level of privileges needed for access and use of the organization’s resources
    • To define the set of rules and behaviors for users of the organization’s IT systems
    • To define the intended partnership between two organizations
    • To define the availability and reliability characteristics between an IT provider and consumer
  5. After a systems administrator installed and configured Kerberos services, several users experienced authentication issues. Which of the following should be installed to resolve these issues?

    • RADIUS server
    • NTLM service
    • LDAP service
    • NTP server
  6. A Chief Security Office’s (CSO’s) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO’s objectives?

    • Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares.
    • Purchase cyber insurance from a reputable provider to reduce expenses during an incident.
    • Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization’s susceptibility to phishing attacks.
    • Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.
  7. The application team within a company is asking the security team to investigate why its application is slow after an upgrade. The source of the team’s application is 10.13.136.9, and the destination IP is 10.17.36.5. The security analyst pulls the logs from the endpoint security software but sees nothing is being blocked. The analyst then looks at the UTM firewall logs and sees the following:

    SY0-501 Part 42 Q07 108
    SY0-501 Part 42 Q07 108

    Which of the following should the security analyst request NEXT based on the UTM firewall analysis?

    • Request the application team to allow TCP port 87 to listen on 10.17.36.5.
    • Request the network team to open port 1433 from 10.13.136.9 to 10.17.36.5.
    • Request the network team to turn off IPS for 10.13.136.8 going to 10.17.36.5.
    • Request the application team to reconfigure the application and allow RPC communication.
  8. Which of the following types of controls is a turnstile?

    • Physical
    • Detective
    • Corrective
    • Technical
  9. After being alerted to potential anomalous activity related to trivial DNS lookups, a security analyst looks at the following output of implemented firewall rules:

    SY0-501 Part 42 Q09 109
    SY0-501 Part 42 Q09 109

    The analyst notices that the expected policy has no hit count for the day. Which of the following MOST likely occurred?

    • Data execution prevention is enabled.
    • The VLAN is not trunked properly.
    • There is a policy violation for DNS lookups.
    • The firewall policy is misconfigured.
  10. A security analyst is performing a BIA. The analyst notes that in a disaster, failover systems must be up and running within 30 minutes. The failover systems must use backup data that is no older than one hour. Which of the following should the analyst include in the business continuity plan?

    • A maximum MTTR of 30 minutes
    • A maximum MTBF of 30 minutes
    • A maximum RTO of 60 minutes
    • A maximum RPO of 60 minutes
    • An SLA guarantee of 60 minutes
  11. A security administrator in a bank is required to enforce an access control policy so no single individual is allowed to both initiate and approve financial transactions. Which of the following BEST represents the impact the administrator is deterring?

    • Principle of least privilege
    • External intruder
    • Conflict of interest
    • Fraud
  12. An incident responder is preparing to acquire images and files from a workstation that has been compromised. The workstation is still powered on and running. Which of the following should be acquired LAST?

    • Application files on hard disk
    • Processor cache
    • Processes in running memory
    • Swap space
  13. A malicious actor recently penetrated a company’s network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know what was in the memory on the compromised server. Which of the following files should be given to the forensics firm?

    • Security
    • Application
    • Dump
    • Syslog
  14. Fuzzing is used to reveal which of the following vulnerabilities in web applications?

    • Weak cipher suites
    • Improper input handling
    • DLL injection
    • Certificate signing flaws
  15. An attacker is able to capture the payload for the following packet:

    IP 192.168.1.22:2020 10.10.10.5:443
    IP 192.168.1.10:1030 10.10.10.1:21
    IP 192.168.1.57:5217 10.10.10.1:3389

    During an investigation, an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company. Which of the following is the MOST likely reason?

    • The attacker has exploited a vulnerability that is commonly associated with TLS1.3.
    • The application server is also running a web server that has been compromised.
    • The attacker is picking off unencrypted credentials and using those to log in to the secure server.
    • User accounts have been improperly configured to allow single sign-on across multiple servers.
  16. A forensics analyst is investigating a hard drive for evidence of suspected illegal activity. Which of the following should the analyst do FIRST?

    • Create a hash of the hard drive.
    • Export the Internet history.
    • Save a copy of the case number and date as a text file in the root directory.
    • Back up the pictures directory for further inspection.
  17. Which of the following is a passive method to test whether transport encryption is implemented?

    • Black box penetration test
    • Port scan
    • Code analysis
    • Banner grabbing
  18. The help desk received a call from a user who was trying to access a set of files from the day before but received the following error message: File format not recognized. Which of the following types of malware MOST likely caused this to occur?

    • Ransomware
    • Polymorphic virus
    • Rootkit
    • Spyware
  19. Ann, a user, reported to the service desk that many files on her computer will not open or the contents are not readable. The service desk technician asked Ann if she encountered any strange messages on boot-up or login, and Ann indicated she did not. Which of the following has MOST likely occurred on Ann’s computer?

    • The hard drive is falling, and the files are being corrupted.
    • The computer has been infected with crypto-malware.
    • A replay attack has occurred.
    • A keylogger has been installed.
  20. A technician is recommending preventive physical security controls for a server room. Which of the following would the technician MOST likely recommend? (Choose two.)

    • Geofencing
    • Video surveillance
    • Protected cabinets
    • Mantrap
    • Key exchange
    • Authorized personnel signage