Last Updated on July 18, 2021 by InfraExam

SY0-501 : CompTIA Security+ Certification​​ : Part 44

  1. Which of the following would provide a safe environment for an application to access only the resources needed to function while not having access to run at the system level?

    • Sandbox
    • Honeypot
    • GPO
    • DMZ
  2. Which of the following attacks is used to capture the WPA2 handshake?

    • Replay
    • IV
    • Evil twin
    • Disassociation
  3. A user loses a COPE device. Which of the following should the user do NEXT to protect the data on the device?

    • Call the company help desk to remotely wipe the device.
    • Report the loss to authorities.
    • Check with corporate physical security for the device.
    • Identify files that are potentially missing on the device.
  4. A government agency with sensitive information wants to virtualize its infrastructure. Which of the following cloud deployment models BEST fits the agency’s needs?

    • Public
    • Community
    • Private
    • Hybrid
  5. An organization is developing its mobile device management policies and procedures and is concerned about vulnerabilities that are associated with sensitive data being saved to a mobile device, as well as weak authentication when using a PIN. As part of some discussions on the topic, several solutions are proposed. Which of the following controls, when required together, will address the protection of data-at-rest as well as strong authentication? (Choose two.)

    • Containerization
    • FDE
    • Remote wipe capability
    • MDM
    • MFA
    • OTA updates
  6. Which of the following is the BEST use of a WAF?

    • To protect sites on web servers that are publicly accessible
    • To allow access to web services of internal users of the organization
    • To maintain connection status of all HTTP requests
    • To deny access to all websites with certain contents
  7. The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and server. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

    • Install a NIDS device at the boundary.
    • Segment the network with firewalls.
    • Update all antivirus signatures daily.
    • Implement application blacklisting.
  8. A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?

    • Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
    • Restrict administrative privileges and patch all systems and applications.
    • Rebuild all workstations and install new antivirus software.
    • Implement application whitelisting and perform user application hardening.
  9. A forensics investigator is examining a number of unauthorized payments that were reported on the company’s website. Some unusual log entries show users received an email for an unwanted mailing attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:

    <a href=””>Click here to unsubscribe</a>

    Which of the following will the forensics investigator MOST likely determine has occurred?

    • SQL injection
    • CSRF
    • XSS
    • XSRF
  10. A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?

    • Nmap
    • Wireshark
    • Autopsy
    • DNSEnum
  11. A network administrator at a large organization is reviewing methods to improve the security of the wired LAN. Any security improvement must be centrally managed and allow corporate-owned devices to have access to the intranet but limit others to Internet access only. Which of the following should the administrator recommend?

    • 802.1X utilizing the current PKI infrastructure
    • SSO to authenticate corporate users
    • MAC address filtering with ACLs on the router
    • PAM for users account management
  12. Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

    • The document is a honeyfile and is meant to attract the attention of a cyberintruder.
    • The document is a backup file if the system needs to be recovered.
    • The document is a standard file that the OS needs to verify the login credentials.
    • The document is a keylogger that stores all keystrokes should the account be compromised.
  13. In which of the following risk management strategies would cybersecurity insurance be used?

    • Transference
    • Avoidance
    • Acceptance
    • Mitigation
  14. A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements?

    • RA
    • OCSP
    • CRI
    • CSR
  15. A company needs to fix some audit findings related to its physical security. A key finding was that multiple people could physically enter a location at the same time. Which of the following is the BEST control to address this audit finding?

    • Faraday cage
    • Mantrap
    • Biometrics
    • Proximity cards
  16. A network administrator was concerned during an audit that users were able to use the same passwords the day after a password change policy took effect. The following settings are in place:

    – Users must change their passwords every 30 days.
    – Users cannot reuse the last 10 passwords.

    Which of the following settings would prevent users from being able to immediately reuse the same passwords?

    • Minimum password age of five days
    • Password history of ten passwords
    • Password length greater than ten characters
    • Complex passwords must be used
  17. After successfully breaking into several networks and infecting multiple machines with malware, hackers contact the network owners, demanding payment to remove the infection and decrypt files. The hackers threaten to publicly release information about the breach if they are not paid. Which of the following BEST describes these attackers?

    • Gray hat hackers
    • Organized crime
    • Insiders
    • Hacktivists
  18. When implementing automation with IoT devices, which of the following should be considered FIRST to keep the network secure?

    • Z-Wave compatibility
    • Network range
    • Zigbee configuration
    • Communication protocols
  19. A local coffee shop runs a small WiFi hotspot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure. Which of the following technologies should the coffee shop use in place of PSK?

    • WEP
    • EAP
    • WPS
    • SAE
  20. An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

    • It allows for the sharing of digital forensics data across organizations.
    • It provides insurance in case of a data breach.
    • It provides complimentary training and certification resources to IT security staff.
    • It certifies the organization can work with foreign entities that require a security clearance.
    • It assures customers that the organization meets security standards.