Download CompTIA Security+ Study Guide 2025: In-Depth Coverage of SY0-701 Topics, Real-World and more Exams Computer Security in PDF only on Docsity!
CompTIA Security+ Study Guide 2025: In-Depth
Coverage of SY0-701 Topics, Real-World
Applications, and Exam Readiness Tips
Here are the multiple-choice questions with rationales and the correct answers indicated: Question 1: A company is deploying a new video conferencing system to be used by the executive team for board meetings. The security engineer has been asked to choose the strongest available asymmetric cipher to be used for encryption of board papers, and chose the strongest available stream cipher to be configured for video streaming. Which of the following ciphers should be chosen? (Choose two) A. RSA - Correct Answer B. RC C. 3DES D. HMAC E. SJA- 256 - Correct Answer Rationale:
- A. RSA (Rivest–Shamir–Adleman): RSA is a widely used asymmetric encryption algorithm and is considered strong for encrypting data like board papers. The key size determines its strength, with larger key sizes offering greater security.
- E. Salsa20 (often implemented as SJA-256 due to its 256-bit key size variant): Salsa20 is a modern stream cipher known for its speed and strong security properties. It's a suitable choice for encrypting real-time video streams where performance is important.
- B. RC4 (Rivest Cipher 4): RC4 is a stream cipher but has known security weaknesses and should generally be avoided for new deployments.
- C. 3DES (Triple DES): 3DES is a symmetric block cipher. While more secure than DES, it is considered less efficient and less secure than more modern symmetric ciphers like AES. It's not an asymmetric cipher.
- D. HMAC (Hash-based Message Authentication Code): HMAC is a type of message authentication code involving a cryptographic hash function and a secret cryptographic key.^1 It's used for verifying data integrity and authenticity, not for encryption. Question 2: In performing an authorized penetration test of an organization's system security, a penetration tester collects information pertaining to the application versions that reside on a server. Which of the following is the best way to collect this type of information? A. Protocol analyzer B. Banner grabbing - Correct Answer C. Port scanning D. Code review Rationale:
- B. Banner grabbing: Banner grabbing is a technique used to gather information about a remote server by sending specific requests and analyzing the responses, which often include version information of the services and applications running on the server. This is a direct and efficient way to identify application versions during a penetration test.
- A. Protocol analyzer: A protocol analyzer captures and analyzes network traffic. While it can reveal information about protocols being used, it doesn't directly provide application version information in the same way banner grabbing does.
- C. Port scanning: Port scanning identifies open ports on a server, indicating the services that might be running. While this is useful reconnaissance, it doesn't directly reveal the specific versions of the applications.
- D. Code review: Code review involves examining the source code of an application. This is a very detailed method but requires access to the source code, which a penetration tester might not have during an initial assessment. Banner grabbing is a more readily available technique. Question 3: Client computers login at specified times to check and update antivirus definitions using a dedicated account configured by the administrator. One day the clients are unable to login with the account, but the server still responds to ping requests. The administrator has not made any changed. Which of the following most likely happened?
- B. Defense in depth: Describing multiple layers of security controls, including firewalls, IDS sensors, antivirus, DMZs, and HIPS, is characteristic of a defense in depth strategy (also known as layered security). This approach involves implementing several independent security mechanisms so that if one fails, others are in place to provide continued protection.
- A. Load balancers: Load balancers distribute network traffic across multiple servers to improve performance and availability. They are not a security strategy in themselves.
- C. Network segmentation: Network segmentation (e.g., using VLANs and firewalls) divides the network into smaller, isolated segments for security and performance. While the described elements contribute to network segmentation, the overall concept of using multiple, varied security controls is best described as defense in depth.
- D. UTM security appliance: A UTM (Unified Threat Management) appliance integrates multiple security features into a single device. While the company might be using a UTM, the description focuses on the concept of deploying various security elements, which aligns with defense in depth. Question 5: A security administrator is selecting an MDM solution for an organization, which has strict security requirements for the confidentiality of its data on end user devices. The organization decides to allow BYOD, but requires that users wishing to participate agree to the following specific device configurations; camera disablement, password enforcement, and application whitelisting. The organization must be able to support a device portfolio of differing mobile operating systems. Which of the following represents the MOST relevant technical security criteria for the MDM? A. Breadth of support for device manufacturers' security configuration APIS - Correct Answer B. Ability to extend the enterprise password polices to the chosen MDM C. Features to support the backup and recovery of the stored corporate data D. Capability to require the users to accept an AUP prior to device onboarding Rationale:
- A. Breadth of support for device manufacturers' security configuration APIs: Since the organization allows BYOD with differing mobile operating systems and has specific configuration requirements (camera disablement, password enforcement, application whitelisting), the MDM solution's ability to leverage the native security configuration APIs of various device manufacturers (iOS, Android,
etc.) is crucial. This ensures consistent and effective enforcement of the required security settings across different devices and operating systems.
- B. Ability to extend the enterprise password polices to the chosen MDM: While important for password enforcement, this doesn't directly address the other critical requirements like camera disablement and application whitelisting across diverse operating systems.
- C. Features to support the backup and recovery of the stored corporate data: Backup and recovery are important for data availability and potential loss scenarios, but the primary concern here is enforcing confidentiality through specific device configurations.
- D. Capability to require the users to accept an AUP prior to device onboarding: Requiring users to accept an Acceptable Use Policy (AUP) is a good administrative control but doesn't technically enforce the required device configurations. Question 6: Employees are reporting that they have been receiving a large number of emails advertising products and services. Links in the email direct the users' browsers to the websites for the items being offered. No reports of increased virus activity have been observed. A security administrator suspects that the users are the targets of: A. A watering hole attack B. Spear phishing C. A spoofing attack D. A spam campaign - Correct Answer Rationale:
- D. A spam campaign: The description of employees receiving a large volume of unsolicited emails advertising products and services, with links to external websites, aligns with the characteristics of a spam campaign. Spam emails are typically sent in bulk and often contain advertisements or other unwanted content. The lack of reported virus activity suggests the primary goal is marketing rather than malicious software distribution.
- A. A watering hole attack: A watering hole attack involves compromising a website that a specific group of users is known to visit and then infecting their computers when they access the site. This scenario describes unsolicited emails, not compromised websites.
E - - correct ans- - A chief information officer (CIO) is concerned about PII contained in the organization's various data warehouse platforms. Since not all of the PII transferred to the organization is required for proper operation of the data warehouse application, the CIO requests the in needed PII data be parsed and securely discarded. Which of the following controls would be MOST appropriate in this scenario? A. Execution of PII data identification assessments B. Implementation of data sanitization routines C. Encryption of data-at-rest D. Introduction of education programs and awareness training E. Creation of policies and procedures D - - correct ans- - The security administrator receives a service ticket saying a host based firewall is interfering with the operation of a new application that is being tested in development. The administrator asks for clarification on which ports need to be open. The software vendor replies that it could use up to 20 ports and many customers have disabled the host based firewall. After examining the system, the administrator sees several ports that are open for database and application servers that only used locally. The vendor continues to recommend disabling the host based firewall. Which of the following is the best course of action for the administrator to take? A. Allow ports used by the application through the network firewall B. Allow ports used externally through the host firewall C. Follow the vendor recommendations and disable the host firewall D. Allow ports used locally through the host firewall C - - correct ans- - A corporate wireless guest network uses an open SSID with a captive portal to authenticate guest users. Guests can obtain their portal password at the service desk. A
security consultant alerts the administrator that the captive portal is easily bypassed, as long as one other wireless guest user is on the network. Which of the following attacks did the security consultant use? A. ARP poisoning B. DNS cache poisoning C. MAC spoofing D. Rouge DHCP server D - - correct ans- - A company requires that all wireless communication be compliant with the Advanced encryption standard. The current wireless infrastructure implements WEP + TKIP. Which of the following wireless protocols should be implemented? A. CCMP B. 802.1x C. 802. D. WPA E. AES B - - correct ans- - A security analyst, while doing a security scan using packet capture security tools, noticed large volumes of data images of company products being exfiltrated to foreign IP addresses. Which of the following is the FIRST step in responding to scan results? A. Incident identification B. Implement mitigation C. Chain of custody D. Capture system image
A. HIPS & SIEM
B. NIPS & HIDS
C. HIDS& SIEM
D. NIPS&HIPS
B - - correct ans- - Which of the following best describes the objectives of succession planning? A. To identify and document the successive order in which critical systems should be reinstated following a disaster situation B. To ensure that a personnel management plan is in place to ensure continued operation of critical processes during an incident C. To determine the appropriate order in which contract internal resources, third party suppliers and external customers during a disaster response D. To document the order that systems should be reinstated at the primary site following a failover operation at a backup site. C - - correct ans- - A system administrator wants to use open source software but is worried about the source code being comprised. As a part of the download and installation process, the administrator should verify the integrity of the software by: A. Creating a digital signature of the file before installation B. Using a secure protocol like HTTPS to download the file C. Checking the has against an official mirror that contains the same file D. Encryption any connections the software makes A - - correct ans- - The chief security officer (CSO) has reported a rise in data loss but no break-ins have occurred. By doing which of the following would the CSO MOST likely to reduce the number of incidents?
A. Implement protected distribution B. Employ additional firewalls C. Conduct security awareness training D. Install perimeter barricades A - - correct ans- - In an effort to test the effectiveness of an organization's security awareness training, a penetrator tester crafted an email and sent it to all of the employees to see how many of them clicked on the enclosed links. Which of the following is being tested? A. How many employees are susceptible to a SPAM attack B. How many employees are susceptible to a cross-site scripting attack C. How many employees are susceptible to a phishing attack D. How many employees are susceptible to a vishing attack B - - correct ans- - Devices on the SCADA network communicate exclusively at Layer 2. Which of the following should be used to prevent unauthorized systems using ARP- based attacks to compromise the SCADA network? A. Application firewall B. IPSec C. Hardware encryption D. VLANS D - - correct ans- - When information is shared between two separate organizations, which of the following documents would describe the sensitivity as well as the type and flow of the information?
C. Password complexity D. User access reviews D - - correct ans- - A user contacts the help desk after being unable to log in to a corporate website. The user can log into the site from another computer in the next office, but not from the PC. The user's PC was able to connect earlier in the day. The help desk has user restart the NTP service. Afterwards the user is able to log into the website. The MOST likely reason for the initial failure was that the website was configured to use which of the following authentication mechanisms? A. Secure LDAP B. RADIUS C. NTLMv D. Kerberos B - - correct ans- - A security analyst has been investigating an incident involving the corporate website. Upon investigation, it has been determined that users visiting the corporate website would be automatically redirected to a, malicious site. Further investigation on the corporate website has revealed that the home page on the corporate website has been altered to include an unauthorized item. Which of the following would explain why users are being redirected to the malicious site? A. DNS poisoning B. XSS C. Iframe D. Session hijacking
E - - correct ans- - A news and weather toolbar was accidently installed into a web browser. The toolbar tracks users' online activities and sends them to a central logging server. Which of the following attacks took place? A. Man-in-the-browser B. Flash cookies C. Session hijacking D. Remote code execution E. Malicious add-on B - - correct ans- - A project manager is working with an architectural firm that focuses on physical security. The project manager would like to provide requirements that support the primary goal of safely. Based on the project manager's desires, which of the following controls would the BEST to incorporate into the facility design? A. Biometrics B. Escape routers C. Reinforcements D. Access controls A - - correct ans- - While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security controls? A. MAC spoofing B. Pharming C. Xmas attack D. ARP poisoning
D. Key management for mobile devices C - - correct ans- - Software developers at a company routinely make changes to production systems they maintain based on code deliveries that are only peer reviewed and are not rigorously tested by the test engineering group. These changes frequently result in a loss of service. Which of the following risk migration controls or strategies should be implemented to prevent these ad hoc changes from occurring in the future? A. Threat modeling B. User rights reviews C. Change management D. Trust modeling B - - correct ans- - A system administrator runs a network inventory scan every Friday at 10:00 am to track the progress of a large organization's operating system upgrade of all laptops. The system administrator discovers that some laptops are now only being reported as IP addresses. Which of the following options is MOST likely the cause of this issue? A. HIDS B. Host-based firewalls rules C. All the laptops are currently turned off D. DNS outage B - - correct ans- - A security administrator working for a law enforcement organization is asked to secure a computer system at the scene of a crime for transport to the law enforcement forensic facility. In order to capture as much evidence as possible, the computer system has been left running. The security administrator begins information by image which of the following system components FIRST?
A. NVRAM
B. RAM
C. TPM
D. SSD
A - - correct ans- - A new employee has been hired to perform system administration duties across a large enterprise comprised of multiple separate security domains. Each remote location implements a separate security domain. The new employee has successfully responded to and fixed computer issues for the main office. When the new employee tries to perform work on remote computers, the following messages appears. You need permission to perform this action. Which of the following can be implemented to provide system administrators with the ability to perform administrative tasks on remote computers using their uniquely assigned account? A. Implement transitive trust across security domains B. Enable the trusted OS feature across all enterprise computers C. Install and configure the appropriate CA certificate on all domain controllers D. Verify that system administrators are in the domain administrator group in the main office C - - correct ans- - A project manager is evaluating proposals for a cloud commuting project. The project manager is particularly concerned about logical security controls in place at the service provider's facility. Which of the following sections of the proposal would be MOST important to review, given the project manager's concerns? A. CCTV monitoring B. Perimeter security lighting system C. Biometric access system
and group ownerships are in place, which of the following sets of permissions should have been assigned to the directories containing the employee records? A. R-x---rwx B. Rwxrwxrwx C. Rwx----wx D. Rwxrwxr— A - - correct ans- - An employee reports work was being completed on a company- owned laptop using a public wireless hot-spot. A pop-up screen appeared, and the user closed the pop-up. Seconds later, the desktop background was changed to the image of a padlock with a message demanding immediate payment to recover the data. Which of the following types of malware MOST likely caused this issue? A. Ransomware B. Rootkit C. Scareware D. Spyware A - - correct ans- - Which of the following can be mitigated with proper secure coding techniques? A. Input validation B. Error handling C. Header manipulation D. Cross-site scripting
C - - correct ans- - Recently, the desktop support group has been performing a hardware refresh and has replaced numerous computers. An auditor discovered that a number of the new computers did not have the company's antivirus software installed on them. Which of the following could be utilized to notify the network support group when computers without the antivirus software are added to the network? A. Network port protection B. NAC C. NIDS D. Mac Filtering CE - - correct ans- - An administrator needs to protect against downgrade attacks due to various vulnerabilities in SSL/TLS. Which of the following actions should be performed? (Choose two.) A. Set minimum protocol supported B. Request a new certificate from the CA C. Configure cipher order D. Disable flash cookie support E. Re-key the SSL certificate F. Add the old certificate to the CRL B - - correct ans- - A developer needs to utilize AES encryption in an application but requires the speed of encryption and decryption to be as fast as possible. The data that will be secured is not sensitive so speed is valued over encryption complexity. Which of the following would BEST satisfy these requirements? A. AES with output feedback B. AES with cipher feedback
