SY0-501 : CompTIA Security+ Certification​​ : Part 43

SY0-501 : CompTIA Security+ Certification​​ : Part 43

1. A system uses an application server and database server. Employing the principle of least privilege, only database administrators are given administrative privileges on the database server, and only application team members are given administrative privileges on the application server. Audit and log file reviews are performed by the business unit (a separate group from the database and application teams).

   The organization wants to optimize operational efficiency when application or database changes are needed, but it also wants to enforce least privilege, prevent modification of log files, and facilitate the audit and log review performed by the business unit. Which of the following approaches would BEST meet the organization’s goals?

   • Restrict privileges on the log file directory to “read only” and use a service account to send a copy of these files to the business unit.
   • Switch administrative privileges for the database and application servers. Give the application team administrative privileges on the database servers and the database team administrative privileges on the application servers.
   • Remove administrative privileges from both the database and application servers, and give the business unit “read only” privileges on the directories where the log files are kept.
   • Give the business unit administrative privileges on both the database and application servers so they can independently monitor server activity.

2. A company has had a BYOD policy in place for many years and now wants to roll out an MDM solution. The company has decided that end users who wish to utilize their personal devices for corporate use must opt in to the MDM solution. End users are voicing concerns about the company having access to their personal devices via the MDM solution. Which of the following should the company implement to ease these concerns?

   • Sideloading
   • Full device encryption
   • Application management
   • Containerization

3. A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file download from a social media site and subsequently installed it without the user’s knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gain access?

   • A bot
   • A fileless virus
   • A logic bomb
   • A RAT

4. A systems administrator is auditing the company’s Active Directory environment. It is quickly noted that the username “company\bsmith” is interactively logged into several desktops across the organization. Which of the following has the systems administrator MOST likely come across?

   • Service account
   • Shared credentials
   • False positive
   • Local account

5. A systems administrator needs to configure an SSL remote access VPN according to the following organizational guidelines:

   – The VPN must support encryption of header and payload.
   – The VPN must route all traffic through the company’s gateway.

   Which of the following should be configured on the VPN concentrator?

   • Full tunnel
   • Transport mode
   • Tunnel mode
   • IPSec

6. During a forensic investigation, which of the following must be addressed FIRST according to the order of volatility?

   • Hard drive
   • RAM
   • Network attached storage
   • USB flash drive

7. A computer forensics analyst collected a flash drive that contained a single file with 500 pages of text. Which of the following algorithms should the analyst use to validate the integrity of the file?

   • 3DES
   • AES
   • MD5
   • RSA

8. A mobile application developer wants to secure an application that transmits sensitive information. Which of the following should the developer implement to prevent SSL MITM attacks?

   • Stapling
   • Chaining
   • Signing
   • Pinning

9. Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?

   • Investigation
   • Containment
   • Recovery
   • Lessons learned

10. A technician is designing a solution that will be required to process sensitive information, including classified government data. The system needs to be common criteria certified. Which of the following should the technician select?

    • Security baseline
    • Hybrid cloud solution
    • Open-source software applications
    • Trusted operating system

11. While testing a new vulnerability scanner, a technician becomes concerned about reports that list security concerns that are not present on the systems being tested. Which of the following BEST describes this flaw?

    • False positives
    • Crossover error rate
    • Uncredentialed scan
    • Passive security controls

12. An incident response analyst in a corporate security operations center receives a phone call from an SOC analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware; however, even after reimaging, the host continued to generate SIEM alerts. Which of the following types of malware is MOST likely responsible for producing the SIEM alerts?

    • Ransomware
    • Logic bomb
    • Rootkit
    • Adware

13. During a risk assessment, results show that a fire in one of the company’s datacenters could cost up to $20 million in equipment damages and lost revenue. As a result, the company insures the datacenter for up to $20 million damages for the cost of $30,000 a year. Which of the following risk response techniques has the company chosen?

    • Transference
    • Avoidance
    • Mitigation
    • Acceptance

14. To further secure a company’s email system, an administrator is adding public keys to DNS records in the company’s domain. Which of the following is being used?

    • PFS
    • SPF
    • DMARC
    • DNSSEC

15. A security team has downloaded a public database of the largest collection of password dumps on the Internet. This collection contains the cleartext credentials of every major breach for the last four years. The security team pulls and compares users’ credentials to the database and discovers that more than 30% of the users were still using passwords discovered in this list. Which of the following would be the BEST combination to reduce the risks discovered?

    • Password length, password encryption, password complexity
    • Password complexity, least privilege, password reuse
    • Password reuse, password complexity, password expiration
    • Group policy, password history, password encryption

16. A systems administrator is installing and configuring an application service that requires access to read and write to log and configuration files on a local hard disk partition. The service must run as an account with authorization to interact with the file system. Which of the following would reduce the attack surface added by the service and account? (Choose two.)

    • Use a unique managed service account.
    • Utilize a generic password for authenticating.
    • Enable and review account audit logs.
    • Enforce least possible privileges for the account.
    • Add the account to the local administrators group.
    • Use a guest account placed in a non-privileged users group.

17. An organization is drafting an IRP and needs to determine which employees have the authority to take systems offline during an emergency situation. Which of the following is being outlined?

    • Reporting and escalation procedures
    • Permission auditing
    • Roles and responsibilities
    • Communication methodologies

18. A cryptographer has developed a new proprietary hash function for a company and solicited employees to test the function before recommending its implementation. An employee takes the plaintext version of a document and hashes it, then changes the original plaintext document slightly and hashes it, and continues repeating this process until two identical hash values are produced from two different documents. Which of the following BEST describes this cryptographic attack?

    • Brute force
    • Known plaintext
    • Replay
    • Collision

19. Which of the following is a benefit of credentialed vulnerability scans?

    • Credentials provide access to scan documents to identify possible data theft.
    • The vulnerability scanner is able to inventory software on the target.
    • A scan will reveal data loss in real time.
    • Black-box testing can be performed.

20. A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA?

    • Onetime passwords
    • Email tokens
    • Push notifications
    • Hardware authentication