Download CompTIA Security+ Certification Guide 2025: Complete Study Plan, Exam Objectives and more Exams Computer Security in PDF only on Docsity!
CompTIA Security+ Certification Guide 2025:
Complete Study Plan, Exam Objectives, and Real-
World Cybersecurity Scenarios
Here are the multiple-choice questions with rationales and the correct answers indicated: Question 1: Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure? A. PAT - Correct Answer B. NAP C. DNAT D. NAC Rationale:
- A. PAT (Port Address Translation): PAT is a type of NAT (Network Address Translation) that allows multiple internal hosts with private IP addresses to share a single public IP address by using different port numbers. This is exactly what Sara needs to configure to translate many internal public IPs to one external public IP.
- B. NAP (Network Access Protection): NAP is a Microsoft technology that enforces health policies for network access. It's not related to IP address translation.
- C. DNAT (Destination NAT): DNAT is used to translate traffic destined for a public IP address and port to a specific private IP address and port within the internal network. This is typically used for making internal servers accessible from the internet.
- D. NAC (Network Access Control): NAC controls access to the network based on the security posture of connecting devices. It's not involved in IP address translation.
Question 2: Which of the following devices is MOST likely being used when processing the following? "1 PERMIT IP ANY ANY EQ 80 2 DENY IP ANY ANY" A. Firewall - Correct Answer B. NIPS C. Load Balancer D. URL fitter Rationale:
- A. Firewall: The rules "PERMIT IP ANY ANY EQ 80" (allow any IP traffic from any source to any destination on port 80) and "DENY IP ANY ANY" (deny all other IP traffic) are characteristic of a firewall. Firewalls use access control lists (ACLs) with permit and deny rules based on source/destination IP addresses, ports, and protocols to control network traffic.
- B. NIPS (Network Intrusion Prevention System): While a NIPS can also have rules, it primarily focuses on detecting and preventing malicious traffic patterns and exploits, often with more complex signatures than simple permit/deny rules based on basic IP and port information.
- C. Load Balancer: A load balancer distributes network traffic across multiple servers. While it has configuration, it doesn't primarily use simple permit/deny rules on all IP traffic like this.
- D. URL filter: A URL filter operates at the application layer and controls access to web addresses (URLs), not all IP traffic based on ports. Question 3: The security administrator at ABC company received the following log information from an external party: 10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal 10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
- C. Firewall: iptables is a powerful command-line firewall utility in Linux that allows administrators to configure rules for filtering network traffic based on source/destination IP addresses, ports, and protocols. It provides the core functionality of a traditional firewall by inspecting and controlling network traffic.
- A. Sniffer: While tools like tcpdump can be used on Linux to capture network traffic (similar to a sniffer), iptables is for controlling and filtering traffic, not just passively capturing it.
- B. Router: While a Linux machine can be configured to perform routing, iptables primarily focuses on packet filtering and network address translation, which are firewall functions.
- D. Switch: A switch operates at Layer 2 of the OSI model and forwards traffic based on MAC addresses. iptables operates at Layer 3 and 4, dealing with IP addresses and ports. Question 5: Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model? A. Packet Filter Firewall B. Stateful Firewall C. Proxy Firewall D. Application Firewall - Correct Answer Rationale:
- D. Application Firewall: An application firewall (also known as a proxy firewall operating at the application layer) inspects network traffic at the highest level of the OSI model (Layer 7). It understands the specific protocols used by applications (like HTTP, SMTP, DNS) and can filter traffic based on the content and context of these application-layer communications, providing the most granular level of inspection.
- A. Packet Filter Firewall: Operates at Layers 3 and 4 (Network and Transport layers), examining source/destination IP addresses, ports, and protocols.
- B. Stateful Firewall: Operates at Layers 3, 4, and sometimes up to Layer 7 to track the state of network connections, allowing it to make more informed decisions than a stateless packet filter.
- C. Proxy Firewall: Acts as an intermediary between clients and servers, inspecting traffic at the application layer for the specific protocols it supports. This is a type of application firewall. Question 6: The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data should be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO's requirements? A. Sniffers B. NIDS C. Firewalls - Correct Answer D. Web proxies E. Layer 2 switches Rationale:
- C. Firewalls: Firewalls are the most appropriate security control for network segmentation and access control. By placing the systems handling credit card data behind a dedicated firewall (or a well-defined firewall zone), you can: o Segregate: Create a distinct network segment, limiting connectivity between the cardholder data environment (CDE) and the main corporate network. o Control Access: Define specific rules to allow only necessary traffic to and from the CDE, preventing unauthorized access. o Log Access: Configure the firewall to log all connection attempts and traffic flows to the CDE, providing an audit trail of access.
- A. Sniffers: Sniffers capture network traffic but don't actively prevent unauthorized access or enforce segmentation.
- B. NIDS (Network Intrusion Detection System): NIDS detect malicious activity but don't inherently enforce network segmentation or access control.
- D. Web proxies: Web proxies are primarily used to control and filter web traffic and are not the primary mechanism for network segmentation of backend systems.
- E. Layer 2 switches: Layer 2 switches provide connectivity within a local network segment but don't offer the access control and segmentation capabilities of a
B - - correct ans- - Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website? A. Protocol analyzer B. Load balancer C. VPN concentrator D. Web security gateway D - - correct ans- - Pete, the system administrator, wishes to monitor and limit users' access to external websites. Which of the following would BEST address this? A. Block all traffic on port 80. B. Implement NIDS. C. Use server load balancers. D. Install a proxy server. C - - correct ans- - Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task? A. HIDS B. Firewall C. NIPS D. Spam filter A - - correct ans- - Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network?
A. HIPS on each virtual machine B. NIPS on the network C. NIDS on the network D. HIDS on each virtual machine A - - correct ans- - Pete, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network? A. NIPS B. HIDS C. HIPS D. NIDS B - - correct ans- - An administrator is looking to implement a security device which will be able not only to detect network intrusions at the organization level, but also help to defend against them. Which of the following is being described here? A. NIDS B. NIPS C. HIPS D. HIDS B - - correct ans- - In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization? A. Supervisor
traffic is on the network. Which of the following types of technologies will BEST address this scenario? A. Application Firewall B. Anomaly Based IDS C. Proxy Firewall D. Signature IDS B - - correct ans- - Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue? A. Spam filter B. Protocol analyzer C. Web application firewall D. Load balancer BC - - correct ans- - Which the following flags are used to establish a TCP connection? (Choose two. Answer is just two letters with no comma or space, in alphabetical order.) A. PSH B. ACK C. SYN D. URG E. FIN B - - correct ans- - Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?
A. Spam filter B. URL filter C. Content inspection D. Malware inspection C - - correct ans- - Pete, the system administrator, wants to restrict access to advertisements, games, and gambling websites. Which of the following devices would BEST achieve this goal? A. Firewall B. Switch C. URL content filter D. Spam filter D - - correct ans- - The administrator receives a call from an employee named Joe. Joe says the Internet is down and he is receiving a blank page when typing to connect to a popular sports website. The administrator asks Joe to try visiting a popular search engine site, which Joe reports as successful. Joe then says that he can get to the sports site on this phone. Which of the following might the administrator need to configure? A. The access rules on the IDS B. The pop up blocker in the employee's browser C. The sensitivity level of the spam filter D. The default block page on the URL filter B - - correct ans- - Layer 7 devices used to prevent specific types of html tags are called:
A. WAF
B. NIDS
C. Routers D. Switches DEG - - correct ans- - Which of the following should the security administrator implement to limit web traffic based on country of origin? (Choose three. Answer is 3 letters, no spaces or commas, in alphabetical order.) A. Spam filter B. Load balancer C. Antivirus D. Proxies E. Firewall F. NIDS G. URL filtering B - - correct ans- - A security engineer is reviewing log data and sees the output below: POST: /payload.php HTTP/1. HOST: localhost Accept: / Referrer: http://localhost/
HTTP/1.1 403 Forbidden Connection: close Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log?
A. Host-based Intrusion Detection System B. Web application firewall C. Network-based Intrusion Detection System D. Stateful Inspection Firewall E. URL Content Filter C - - correct ans- - An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start? A. Review past security incidents and their resolution B. Rewrite the existing security policy C. Implement an intrusion prevention system D. Install honey pot systems B - - correct ans- - A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability? A. Host-based firewall B. IDS C. IPS D. Honeypot C - - correct ans- - Which of the following firewall rules only denies DNS zone transfers? A. deny udp any any port 53
A. Implement a virtual firewall B. Install HIPS on each VM C. Virtual switches with VLANs D. Develop a patch management guide B - - correct ans- - A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces? A. The network uses the subnet of 255.255.255.128. B. The switch has several VLANs configured on it. C. The sub-interfaces are configured for VoIP traffic. D. The sub-interfaces each implement quality of service. A - - correct ans- - Joe, a technician at the local power plant, notices that several turbines had ramped up in cycles during the week. Further investigation by the system engineering team determined that a timed .exe file had been uploaded to the system control console during a visit by international contractors. Which of the following actions should Joe recommend? A. Create a VLAN for the SCADA B. Enable PKI for the MainFrame C. Implement patch management D. Implement stronger WPA2 Wireless D - - correct ans- - The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?
A. Implicit deny B. VLAN management C. Port security D. Access control lists AF - - correct ans- - Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Choose two. Answer is just two letters with no comma or space, in alphabetical order.) A. Virtual switch B. NAT C. System partitioning D. Access-list E. Disable spanning tree F. VLAN C - - correct ans- - A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application's task. Which of the following is the security administrator practicing in this example? A. Explicit deny B. Port security C. Access control lists
B. The DNS server is overwhelmed with connections and is unable to respond to queries. C. The company IDS detected a wireless attack and disabled the wireless network. D. The Remote Authentication Dial-In User Service server certificate has expired. D - - correct ans- - A company determines a need for additional protection from rogue devices plugging into physical ports around the building. Which of the following provides the highest degree of protection from unauthorized wired network access? A. Intrusion Prevention Systems B. MAC filtering C. Flood guards D. 802.1x D - - correct ans- - While configuring a new access layer switch, the administrator, Joe, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens? A. Log Analysis B. VLAN Management C. Network separation D. 802.1x AF - - correct ans- - A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface. PERMIT TCP ANY ANY 80
PERMIT TCP ANY ANY 443
Which of the following rules would accomplish this task? (Choose two. Answer is just two letters with no commas or spaces, in alphabetical order) A. Change the firewall default settings so that it implements an implicit deny http://comptiaexamtest.com B. Apply the current ACL to all interfaces of the firewall C. Remove the current ACL D. Add the following ACL at the top of the current ACLDENY TCP ANY ANY 53 E. Add the following ACL at the bottom of the current ACLDENY ICMP ANY ANY 53 F. Add the following ACL at the bottom of the current ACLDENY IP ANY ANY 53 D - - correct ans- - Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL? PERMIT TCP ANY HOST 192.168.0.10 EQ 80 PERMIT TCP ANY HOST 192.168.0.10 EQ 443 A. It implements stateful packet filtering. B. It implements bottom-up processing. C. It failed closed. D. It implements an implicit deny. B - - correct ans- - The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?
