SY0-501 : CompTIA Security+ Certification​​ : Part 49

SY0-501 : CompTIA Security+ Certification​​ : Part 49

1. An accountant is attempting to log in to the internal accounting system and receives a message that the website’s certificate is fraudulent. The accountant finds instructions for manually installing the new trusted root onto the local machine. Which of the following would be the company’s BEST option for this situation in the future?

   • Utilize a central CRL.
   • Implement certificate management.
   • Ensure access to KMS.
   • Use a stronger cipher suite.

2. A hospital has received reports from multiple patients that their PHI was stolen after completing forms on the hospital’s website. Upon investigation, the hospital finds a packet analyzer was used to steal data. Which of the following protocols would prevent this attack from reoccurring?

   • SFTP
   • HTTPS
   • FTPS
   • SRTP

3. A security consultant was asked to revise the security baselines that are utilized by a large organization. Although the company provides different platforms for its staff, including desktops, laptops, and mobile devices, the applications do not vary by platform. Which of the following should the consultant recommend? (Choose two.)

   • Apply patch management on a daily basis.
   • Allow full functionality for all applications that are accessed remotely.
   • Apply default configurations of all operating systems.
   • Apply application whitelisting.
   • Disable default accounts and/or passwords.

4. Which of the following types of attack is being used when an attacker responds by sending the MAC address of the attacking machine to resolve the MAC to IP address of a valid server?

   • Session hijacking
   • IP spoofing
   • Evil twin
   • ARP poisoning

5. A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

   • The Diamond Model of Intrusion Analysis
   • The Cyber Kill Chain
   • The MITRE CVE database
   • The incident response process

6. A system in the network is used to store proprietary secrets and needs the highest level of security possible. Which of the following should a security administrator implement to ensure the system cannot be reached from the Internet?

   • VLAN
   • Air gap
   • NAT
   • Firewall

7. Which of the following implements two-factor authentication on a VPN?

   • Username, password, and source IP
   • Public and private keys
   • HOTP token and logon credentials
   • Source and destination IP addresses

8. Which of the following is a component of multifactor authentication?

   • RADIUS
   • SSO
   • Transitive trust
   • OTP

9. A technician is auditing network security by connecting a laptop to open hardwired jacks within the facility to verify they cannot connect. Which of the following is being tested?

   • Layer 3 routing
   • Port security
   • Secure IMAP
   • S/MIME

10. A network technician discovered the usernames and passwords used for network device configuration have been compromised by a user with a packet sniffer. Which of the following would secure the credentials from sniffing?

    • Implement complex passwords
    • Use SSH for remote access
    • Configure SNMPv2 for device management
    • Use TFTP to copy device configuration

11. A company is looking for an all-in-one solution to provide identification, authentication, authorization, and accounting services. Which of the following technologies should the company use?

    • Diameter
    • SAML
    • Kerberos
    • CHAP

12. An organization has the following password policies:
    – Passwords must be at least 16 characters long.
    – A password cannot be the same as any previous 20 passwords.
    – Three failed login attempts will lock the account for five minutes.
    – Passwords must have one uppercase letter, one lowercase letter, and one non-alphanumeric symbol.

    A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and suspicious logins are now being detected on a completely separate server.

    Which of the following is MOST likely the issue and the best solution?

    • Some users are reusing passwords for different systems; the organization should scan for password reuse across systems.
    • The organization has improperly configured single sign-on; the organization should implement a RADIUS server to control account logins.
    • User passwords are not sufficiently long or complex; the organization should increase the complexity and length requirements for passwords.
    • The trust relationship between the two servers has been compromised; the organization should place each server on a separate VLAN.

13. Ann, a user, reports she is receiving emails that appear to be from organizations to which she belongs, but the emails contain links to websites that do not belong to those organizations. Which of the following security scenarios does this describe?

    • A hacker is using Ann’s social media information to create a spear phishing attack
    • The DNS servers for the organizations have been hacked and are pointing to malicious sites
    • The company’s mail system has changed the organization’s links to point to a proxy server for security
    • Ann’s computer is infected with adware that has changed the email links

14. An application developer is working on a new calendar and scheduling application. The developer wants to test new functionality that is time/date dependent and set the local system time to one year in the future. The application also has a feature that uses SHA-256 hashing and AES encryption for data exchange. The application attempts to connect to a separate remote server using SSL, but the connection fails. Which of the following is the MOST likely cause and next step?

    • The date is past the certificate expiration; reset the system to the current time and see if the connection still fails
    • The remote server cannot support SHA-256; try another hashing algorithm like SHA-1 and see if the application can connect
    • AES is date/time dependent; either reset the system time to the correct time or try a different encryption approach
    • SSL is not the correct protocol to use in this situation; change to TLS and try the client-server connection again

15. A network administrator is trying to provide the most resilient hard drive configuration in a server. With five hard drives, which of the following is the MOST fault-tolerant configuration?

    • RAID 1
    • RAID 5
    • RAID 6
    • RAID 10

16. A company is deploying a wireless network. It is a requirement that client devices must use X.509 certifications to mutually authenticate before connecting to the wireless network. Which of the following protocols would be required to accomplish this?

    • EAP-TTLS
    • EAP-MD5
    • LEAP
    • EAP-TLS
    • EAP-TOTP

17. A security analyst is implementing mobile device security for a company. To save money, management has decided on a BYOD model. The company is most concerned with ensuring company data will not be exposed if a phone is lost or stolen. Which of the following techniques BEST accomplish this goal? (Choose two.)

    • Containerization
    • Full device encryption
    • Geofencing
    • Remote wipe
    • Application management
    • Storage segmentation

18. Which of the following is an algorithm family that was developed for use cases in which power consumption and lower computing power are constraints?

    • Elliptic curve
    • RSA
    • Diffie-Hellman
    • SHA

19. An organization has created a review process to determine how to best handle data with different sensitivity levels. The process includes the following requirements:
    – Soft copy PII must be encrypted.
    – Hard copy PII must be placed in a locked container.
    – Soft copy PHI must be encrypted and audited monthly.
    – Hard copy PHI must be placed in a locked container and inventoried monthly.

    Locked containers must be approved and designated for document storage. Any violations must be reported to the Chief Security Officer (CSO).

    While searching for coffee in the kitchen, an employee unlocks a cabinet and discovers a list of customer names and phone numbers. Which of the following actions should the employee take?

    • Put the document back in the cabinet, lock the cabinet, and report the incident to the CSO
    • Take custody of the document, secure it at a desk, and report the incident to the CSO
    • Take custody of the document and immediately report the incident to the CSO
    • Put the document back in the cabinet, inventory the contents, lock the cabinet, and report the incident to the CSO

20. The Chief Information Officer (CIO) has decided to add two-factor authentication along with the use of passwords when logging on to the network. Which of the following should be implemented to BEST accomplish this requirement?

    • Require users to enter a PIN
    • Require users to set complex passwords
    • Require users to insert a smart card when logging on
    • Require the system to use a CAPTCHA