Download CompTIA Security+ SY0-701 Practice Exams: 500+ Questions with Answers and Rationale and more Exams Computer Security in PDF only on Docsity!
CompTIA Security+ SY0-701 Practice Exams: 500+
Questions with Answers and Detailed
Explanations to Boost Exam Confidence
Here are the multiple-choice questions with rationales and the correct answers indicated: Question 1: A classroom utilizes workstations running virtualization software for a maximum of one virtual machine per working station. The network settings on the virtual machines are set to bridged. Which of the following describes how the switch in the classroom should be configured to allow for the virtual machines and host workstation to connect to network resources? A. The maximum-mac settings of the ports should be set to zero B. The maximum-mac settings of the ports should be set to one C. The maximum-mac settings of the ports should be set to two - Correct Answer D. The maximum mac settings of the ports should be set to three Rationale:
- C. The maximum-mac settings of the ports should be set to two: When a virtual machine is configured in bridged mode, it obtains its own MAC address and appears as a separate physical device on the network. Therefore, each physical switch port connected to a workstation running one virtual machine in bridged mode needs to be able to handle the MAC address of the host workstation and the MAC address of the virtual machine. This requires the maximum-mac setting on each port to be at least two.
- A. The maximum-mac settings of the ports should be set to zero: A setting of zero would typically disable MAC address learning or limit it to none, preventing any devices from communicating.
- B. The maximum-mac settings of the ports should be set to one: A setting of one would only allow the MAC address of either the host or the virtual machine, preventing both from communicating simultaneously through the same port.
- D. The maximum mac settings of the ports should be set to three: While a setting of three would also work, it's not the minimum required and might unnecessarily
allow for more MAC addresses than needed in this specific scenario. Setting it to two is the most efficient and appropriate configuration. Question 2: Which of the following attacks initiates a connection by sending specially crafted packets in which multiple TCP flags are set to 1? A. Replay B. Smurf C. Xmas - Correct Answer D. Fraggle Rationale:
- C. Xmas: An Xmas attack is a port scan technique where a TCP packet is sent with several TCP flags set to 1, specifically FIN, URG, and PSH. When received by an open port, the behavior depends on the system, but closed ports are expected to respond with a RST (Reset) packet. The pattern of responses can help an attacker map open and closed ports. The packet resembles a "Christmas tree" due to the many flags being set.
- A. Replay: A replay attack involves capturing legitimate network traffic and then retransmitting it later, often to gain unauthorized access or perform an action.
- B. Smurf: A Smurf attack is a denial-of-service attack that floods a target with ICMP echo request packets. The attacker spoofs the source address of the packets to be the target's IP address and sends them to a broadcast address, causing many hosts on the network to reply to the target.
- D. Fraggle: A Fraggle attack is a denial-of-service attack similar to a Smurf attack but uses UDP packets instead of ICMP. It sends UDP packets with a spoofed source address (the target's IP) to broadcast addresses on UDP ports 7 (Echo) and 19 (Chargen). Question 3: Joe, a security analyst, is attempting to determine if a new server meets the security requirements of his organization. As a step in this process, he attempts to identify a lack of security controls and to identify common misconfigurations on the server. Which of the following is Joe attempting to complete? A. Black hat testing
deemed low for this internal integrity check, MD5 would be the fastest option among the choices.
- A. SHA1 (Secure Hash Algorithm 1): SHA1 produces a 160-bit hash value and is generally slower than MD5. It also has known collision weaknesses.
- B. RIPEMD (RACE Integrity Primitives Evaluation Message Digest): RIPEMD- 160 produces a 160-bit hash value and is generally comparable in speed to SHA1, often slightly slower than MD5.
- C. DSA (Digital Signature Algorithm): DSA is a digital signature algorithm used for verifying the authenticity and integrity of data through digital signatures. It is not a hash function designed for simply verifying file integrity through a hash value. Important Note: While MD5 might be the fastest among the listed hash algorithms, its known collision vulnerabilities make it generally unsuitable for security-sensitive applications where data integrity and authenticity are critical and protection against malicious manipulation is required. For such scenarios, SHA-256 or SHA-3 would be preferred despite being slower. However, given the specific question's emphasis on speed for internal integrity verification of a large volume of files, MD5 is the technically correct answer among the provided options. Question 5: A system administrator is conducting baseline audit and determines that a web server is missing several critical updates. Which of the following actions should the administrator perform first to correct the issue? A. Open a service ticket according to the patch management plan - Correct Answer B. Disconnect the network interface and use the administrative management console to perform the updates C. Perform a backup of the server and install the require patches D. Disable the services for the web server but leave the server alone pending patch updates Rationale:
- A. Open a service ticket according to the patch management plan: Organizations typically have established patch management plans that outline the procedures for identifying, testing, and deploying patches. Opening a service ticket initiates this process, ensuring proper tracking, approval, scheduling, and communication according to the defined workflow. This is the most controlled and auditable first step.
- B. Disconnect the network interface and use the administrative management console to perform the updates: While disconnecting the network can reduce immediate risk during patching, it bypasses the standard change management and patch management processes, which is generally not recommended as the first step.
- C. Perform a backup of the server and install the require patches: Performing a backup is a crucial step before applying patches to mitigate the risk of installation failures. However, initiating the patch management process (which includes testing and scheduling) should come first.
- D. Disable the services for the web server but leave the server alone pending patch updates: Disabling services reduces the server's functionality and doesn't address the underlying vulnerability. The next step should be to initiate the patching process. Question 6: The IT department has been tasked with reducing the risk of sensitive information being shared with unauthorized entities from computers it is saved on, without impeding the ability of the employees to access the internet. Implementing which of the following would be the best way to accomplish this objective? A. Host-based firewalls B. DLP - Correct Answer C. URL filtering D. Pop-up blockers Rationale:
- B. DLP (Data Loss Prevention): DLP solutions are designed to prevent sensitive data from leaving the organization's control. They can monitor and control data in use, data in motion (e.g., email, web uploads), and data at rest (e.g., on local hard drives). By implementing DLP, the company can identify and prevent the unauthorized sharing of sensitive information stored on employee computers without blocking their general internet access.
- A. Host-based firewalls: Host-based firewalls control network traffic to and from individual computers. While they can prevent unauthorized external access, they don't directly prevent users from intentionally or unintentionally sharing sensitive files through allowed channels (like email or web uploads).
A - - correct ans- - An administrator is implementing a new management system for the machinery on the company's production line. One requirement is that the system only be accessible while within the production facility. Which of the following will be the MOST effective solution in limiting access based on this requirement? A. Access control list B. Firewall policy C. Air Gap D. MAC filter B - - correct ans- - A risk assessment team is concerned about hosting data with a cloud service provider (CSP) which of the following findings would justify this concern? A. The CPS utilizes encryption for data at rest and in motion B. The CSP takes into account multinational privacy concerns C. The financial review indicates the company is a startup D. SLA state service tickets will be resolved in less than 15 minutes C - - correct ans- - A company wishes to prevent unauthorized employee access to the data center. Which of the following is the MOST secure way to meet this goal? A. Use Motion detectors to signal security whenever anyone entered the center B. Mount CCTV cameras inside the center to monitor people as they enter C. Install mantraps at every entrance to the data center in conjunction with their badges D. Place biometric readers at the entrances to verify employees' identity C - - correct ans- - A company hosts a web server that requires entropy in encryption initialization and authentication. To meet this goal, the company would like to select a block cipher mode of operation that allows an arbitrary length IV and supports authenticated encryption. Which of the following would meet these objectives?
A. CFB
B. GCM
C. ECB
D. CBC
A - - correct ans- - A chief information security officer (CISO) is providing a presentation to a group of network engineers. In the presentation, the CISO presents information regarding exploit kits. Which of the following might the CISO present? A. Exploit kits are tools capable of taking advantage of multiple CVEs B. Exploit kits are vulnerability scanners used by penetration testers C. Exploit kits are WIFI scanning tools that can find new honeypots D. Exploit kits are a new type of malware that allow attackers to control their computers B - - correct ans- - During a company-wide initiative to harden network security, it is discovered that end users who have laptops cannot be removed from the local administrator group. Which of the following could be used to help mitigate the risk of these machines becoming compromised? A. Security log auditing B. Firewalls C. HIPS D. IDS A - - correct ans- - An administrator receives a security alert that appears to be from one of the company's vendors. The email contains information and instructions for patching a serious flaw that has not been publicly announced. Which of the following can an employee use to validate the authenticity if the email?
C. Chip and Pin D. OTP B - - correct ans- - Which of the following internal security controls is aimed at preventing two system administrators from completing the same tasks? A. Least privilege B. Separation of Duties C. Mandatory Vacation D. Security Policy B - - correct ans- - An administrator performs a risk calculation to determine if additional availability controls need to be in place. The administrator estimates that a server fails and needs to be replaced once every 2 years at a cost of $8,000. Which of the following represents the factors that the administrator would use to facilitate this calculation? A. ARO= 0.5; SLE= $4,000; ALE= $2, B. ARO=0.5; SLE=$8,000; ALE=$4, C. ARO=0.5; SLE= $4,000; ALE=$8, D. ARO=2; SLE= $4,000; ALE=$8, E. ARO=2; SLE= $8,000; ALE= $16, C - - correct ans- - A security administrator needs to implement a technology that creates a secure key exchange. Neither party involved in the key exchange will have pre- existing knowledge of one another. Which of the following technologies would allow for this? A. Blowfish B. NTLM
C. Diffie-Hellman D. CHAP D - - correct ans- - A technician has been assigned a service request to investigate a potential vulnerability in the organization's extranet platform. Once the technician performs initial investigative measures, it is determined that the potential vulnerability was a false- alarm. Which of the following actions should the technician take in regards to the findings? A. Write up the findings and disable the vulnerability rule in future vulnerability scans B. Refer the issue to the server administrator for resolution C. Mark the finding as a false-negative and close the service request D. Document the results and report the findings according to the incident response plan C - - correct ans- - A security administrator is using a software program to test the security of a wireless access point. After running the program for a few hours, the access point sends the wireless secret key back to the software program. Which of the following attacks is this an example of? A. WPS B. IV C. Deauth D. Replay A - - correct ans- - A user, Ann, has been issued a smart card and is having problems opening old encrypted email. Ann published her certificates to the local windows store and to the global address list. Which of the following would still need to be performed? A. Setup the email security with her new certificates
A. Implicit deny B. Policy routing C. Port forwarding D. Forwarding proxy B - - correct ans- - During a routine configuration audit, a systems administrator determines that a former employee placed an executable on an application server. Once the system was isolated and diagnosed, it was determined that the executable was programmed to establish a connection to a malicious command and control server. Which of the following forms of malware is best described in the scenario? A. Logic bomb B. Rootkit C. Back door D. Ransomware B - - correct ans- - The chief information officer (CIO) of a major company intends to increase employee connectivity and productivity by issuing employees mobile devices with access to their enterprise email, calendar, and contacts. The solution the CIO intends to use requires a PKI that automates the enrollment of mobile device certificates. Which of the following, when implemented and configured securely, will meet the CIO's requirement? A. OCSP B. SCEP C. SAML D. OSI
BE - - correct ans- - An attacker impersonates a fire marshal and demands access to the datacenter under the threat of a fine. Which of the following reasons make this effective? (Choose two.) A. Consensus B. Authority C. Intimidation D. Trust E. Scarcity A - - correct ans- - In the course of troubleshooting wireless issues from users, a technician discovers that users are connecting to their home SSIDs while at work. The technician scans but detects none of those SSIDs. The technician eventually discovers a rouge access point that spoofs any SSID request. Which of the following allows wireless use while mitigating this type of attack? A. Configure the device to verify access point MAC addresses. B. Disable automatic connection to known SSIDs. C. Only connect to trusted wireless networks. D. Enable MAC filtering on the wireless access point. D - - correct ans- - Which of the following describes the implementation of PAT? A. Translating the source and destination IPS, but not the source and destination ports B. A one to one persistent mapping between on private IP and one Public IP C. Changing the priority of a TCP stream based on the source address D. Associating multiple public IP addresses with one private address
boxes appear on the screen, making it difficult to access the legitimate sites. Which of the following would best mitigate this issue? A. Pop-up blockers B. URL filtering C. Antivirus D. Anti-spam D - - correct ans- - A company hires a penetration testing team to test its overall security posture. The organization has not disclosed any information to the penetration testing team and has allocated five days for testing. Which of the following types of testing will the penetration testing team have to conduct? A. Static analysis B. Gray Box C. White box D. Black box B - - correct ans- - A web administrator has just implemented a new web server to be placed in production. As part of the company's security plan, any new system must go through a security test before it is placed in production. The security team runs a port scan resulting in the following data: 21 tcp open FTP 23 tcp open Telnet 22 tcp open SSH 25 UDP open smtp 110 tcp open pop 443 tcp open https Which of the following is the BEST recommendation for the web administrator?
A. Implement an IPS B. Disable unnecessary services C. Disable unused accounts D. Implement an IDS E. Wrap TELNET in SSL A - - correct ans- - Which of the following best describes the reason for using hot and cold aisles? A. To ensure air exhaust from one aisle doesn't blow into the air intake of the next aisle B. To ensure the dewpoint stays low enough that water doesn't condensate on equipment C. To decrease amount of power wiring that is run to each aisle D. Too maintain proper humidity in the datacenter across all aisles B - - correct ans- - An organization has an internal PKI that utilizes client certificates on each workstation. When deploying a new wireless network, the security engineer has asked that the new network authenticate clients by utilizes the existing client certificates. Which of the following authentication mechanisms should be utilized to meet this goal? A. EAP-FAST B. LEAP C. PEAP D. EAP-TLS D - - correct ans- - An attacker is attempting to insert malicious code into an installer file that is available on the internet. The attacker is able to gain control of the web server that houses both the installer and the web page which features information about the downloadable file. To implement the attack and delay detection, the attacker should modify both the
A. Mobile device management B. Containerization C. Application whitelisting D. Application wrapping E. Mobile application store AD - - correct ans- - A server administrator discovers the web farm is using weak ciphers and wants to ensure that only stronger ciphers are accepted. Which of the following ciphers should the administrator implement in the load balancer? (Choose Two) A. SHA- 129 B. DES C. MD D. RC E. CRC- 32 A - - correct ans- - An application developer has coded a new application with a module to examine all user entries for the graphical user interface. The module verifies that user entries match the allowed types for each field and that OS and database commands are rejected before entries are sent for further processing within the application. These are example of: A. Input validation B. SQL injection C. Application whitelisting D. Error handling
D - - correct ans- - Ann, a security administrator is hardening the user password policies. She currently has the following in place. Passwords expire every 60 days Password length is at least eight characters Passwords must contain at least one capital letter and one numeric character Passwords cannot be reused until the password has been changed eight times She learns that several employees are still using their original password after the 60-day forced change. Which of the following can she implement to BEST mitigate this? A. Lower the password expiry time to every 30days instead of every 60 days B. Require that the password contains at least one capital, one numeric, and one special character C. Change the re-usage time from eight to 16 changes before a password can be repeated D. Create a rule that users can only change their passwords once every two weeks D - - correct ans- - Which of the following BEST describes disk striping with parity? A. RAID O B. RAID 1 C. RAID 2 D. RAID 5 D - - correct ans- - Which of the following will allow the live state of the virtual machine to be easily reverted after a failed upgrade? A. Replication B. Backups C. Fault tolerance
