CompTIA Security+ (SY0-501) and (SY0-601) Practice Questions

Question 1

Which of the following disaster recovery sites would require the MOST time to get operations back online? 

A. Colocation 

B. Cold 

C. Hot 

D. Warm

The disaster recovery sites listed, from the option that would require the MOST time to get operations back online to the option that would require the LEAST time, are as follows:

B. Cold D. Warm A. Colocation C. Hot

Therefore, the option that would require the MOST time to get operations back online is the B. Cold site.

Question 2

A security manager needed to protect a high-security datacenter, so the manager installed an access control vestibule that can detect an employee's heartbeat, weight, and badge. Which of the following did the security manager implement? 

A. A physical control 

B. A corrective control 

C. A compensating control 

D. A managerial control

The security manager implemented A. A physical control.

Physical controls are security measures that are put in place to physically restrict or control access to a facility or a specific area within a facility. In this case, the access control vestibule with the capability to detect an employee's heartbeat, weight, and badge is a physical control that enhances security by providing an additional layer of verification and authentication before granting access to the high-security data center.

Question 3

A system administrator is configuring accounts on a newly established server. Which of the following characteristics BEST differentiates service accounts from other types of accounts? 

A. They can often be restricted in privilege. 

​B. They are meant for non-person entities. 

​C. They require special permissions to OS files and folders. 

D. They remain disabled in operations. E. They do not allow passwords to be set.

The BEST characteristic that differentiates service accounts from other types of accounts is B. They are meant for non-person entities.

Service accounts are specifically designed and intended for non-person entities such as applications, services, or processes running on a system. Unlike user accounts, which are associated with individual human users, service accounts are used to facilitate automated processes, perform specific functions, and interact with other systems or services. They are typically used for running background services, executing scheduled tasks, or accessing network resources on behalf of applications or systems.

Question 4

Recently, a company has been facing an issue with shoulder surfing. Which of the following safeguards would help with this? 

A. Screen filters 

​B. Biometric authentication 

​C. Smart cards 

D. Video cameras

To address the issue of shoulder surfing, the most appropriate safeguard would be A. Screen filters.

Shoulder surfing refers to the act of someone looking over another person's shoulder to gain unauthorized access to sensitive information, such as passwords or confidential data displayed on a screen. Screen filters are privacy filters or screen protectors that restrict the viewing angles of a screen, making it difficult for individuals nearby to see the information displayed unless they are directly in front of the screen. By limiting the visibility of the screen to only the user in front of it, screen filters can help mitigate the risk of shoulder surfing and protect sensitive information.

Question 5

The process of presenting a user ID to a validating system is known as: 

A. authorization. 

​B. authentication. 

​C. identification. 

D. single sign-on.

The process of presenting a user ID to a validating system is known as C. identification.

Identification is the initial step in the authentication process, where a user provides a unique identifier, such as a username or user ID, to the system. This identifier is used to distinguish the user from others within the system. After identification, the system proceeds with the authentication process to verify the identity of the user and determine whether the user is authorized to access the requested resources or perform specific actions.

Question 6

An input field that is accepting more data than has been allocated for it in memory is an attribute of: 

A. buffer overflow. 

​B. memory leak. 

​C. cross-site request forgery. 

D. resource exhaustion.

An input field that is accepting more data than has been allocated for it in memory is an attribute of A. buffer overflow.

A buffer overflow occurs when a program or system tries to store more data in a buffer (a temporary storage area in memory) than it can hold. If an input field allows input that exceeds the allocated buffer size, it can overwrite adjacent memory locations, leading to unpredictable behavior and potential security vulnerabilities. This can be exploited by attackers to execute arbitrary code, crash the system, or gain unauthorized access. Buffer overflows are a common programming error and can pose significant security risks if not properly handled.

Question 7

Which of the following if used would BEST reduce the number of successful phishing attacks? 

A. Two-factor authentication 

​B. Application layer firewall 

​C. Mantraps 

D. User training

Among the options provided, the one that would BEST reduce the number of successful phishing attacks is D. User training.

Phishing attacks often rely on tricking users into providing sensitive information or performing actions that they shouldn't. User training plays a crucial role in raising awareness about phishing techniques, teaching users how to identify and respond to suspicious emails, links, or requests. By providing education and guidance on recognizing phishing attempts, users can become more vigilant and less likely to fall victim to such attacks.

While the other options can also contribute to overall security, user training has a direct impact on reducing successful phishing attacks by empowering individuals to make informed decisions and avoid falling for phishing scams. Two-factor authentication, application layer firewalls, and mantraps provide additional layers of security, but they may not directly address the human factor involved in phishing attacks.

Question 8

Joe, a security analyst, is asked by a co-worker, "What is this AAA thing all about in the security world? Sounds like something I can use for my car." Which of the following terms should Joe discuss in his response to his co-worker? (Select THREE). 

A. Accounting 

​B. Accountability 

​C. Authorization 

D. Authentication 

E. Access 

F. Agreement

In response to his co-worker, Joe should discuss the following three terms related to AAA (Authentication, Authorization, and Accounting) in the security world:

D. Authentication: Authentication refers to the process of verifying the identity of a user, device, or system entity attempting to access a resource or service. It ensures that the claimed identity is valid and trustworthy before granting access.

C. Authorization: Authorization involves determining the privileges, permissions, or access rights that an authenticated user or entity has to specific resources or actions. It establishes what a user can or cannot do after successful authentication.

A. Accounting: Accounting pertains to the tracking and recording of events and activities related to the use of resources, such as monitoring user activities, resource utilization, and generating audit logs. It provides a means for accountability and helps in forensic analysis and compliance auditing.

Therefore, Joe should discuss Authentication, Authorization, and Accounting with his co-worker when explaining the AAA concept in the security world.

Question 9

A Chief Financial Officer (CFO) has been receiving email messages that have suspicious links embedded from unrecognized senders. The emails ask the recipient for identity verification. The IT department has not received reports of this happening to anyone else. Which of the following is the MOST likely explanation for this behavior? 

A. The CFO is the target of a whaling attack. 

B. The CFO is the target of identity fraud. 

C. The CFO is receiving spam that got past the mail filters. 

D. The CFO is experiencing an impersonation attack.

The MOST likely explanation for the CFO receiving suspicious emails with embedded links from unrecognized senders, asking for identity verification, is A. The CFO is the target of a whaling attack.

Whaling attacks, also known as CEO fraud or executive impersonation attacks, specifically target high-level executives or individuals in key positions within an organization, such as the CFO. These attacks aim to trick the target into revealing sensitive information, credentials, or authorizing financial transactions. The attackers often impersonate trusted individuals or use social engineering techniques to gain the trust of the target and convince them to take action.

Given that the CFO is receiving emails asking for identity verification and the fact that the IT department has not received similar reports from others, it suggests that the CFO is being specifically targeted. This aligns with the characteristics of a whaling attack, making it the most likely explanation in this scenario.

Question 10

Joe, an employee, knows he is going to be fired in three days. Which of the following characterizations describes the employee? 

A. An insider threat 

B. A competitor 

C. A hacktivist 

D. A state actor

The employee in this scenario can be characterized as A. An insider threat.

Insider threats refer to individuals within an organization who pose a risk to its security, data, or operations. These individuals have authorized access to sensitive information and systems but may misuse that access for malicious purposes or personal gain. In this case, Joe's knowledge of his impending termination and the potential motivations or actions he may take due to this knowledge align with the characteristics of an insider threat.

The other options, such as B. A competitor, C. A hacktivist, and D. A state actor, do not accurately reflect the situation described in the question.

Question 11

The IT department receives a call one morning about users being unable to access files on the network shared drives. An IT technician investigates and determines the files became encrypted at 12:00 a.m. While the files are being recovered from backups, one of the IT supervisors realizes the day is the birthday of a technician who was fired two months prior. Which of the following describes what MOST likely occurred? 

A. The fired technician placed a logic bomb. 

B. The fired technician installed a rootkit on all the affected users' computers. 

C. The fired technician installed ransomware on the file server. 

D. The fired technician left a network worm on an old work computer.

Based on the information provided, the MOST likely scenario that occurred is C. The fired technician installed ransomware on the file server.

Ransomware is a type of malicious software designed to encrypt files or block access to a system until a ransom is paid. In this case, the fact that the files became encrypted at 12:00 a.m. indicates a deliberate act to encrypt the files and prevent users from accessing them. Additionally, the timing of the incident coinciding with the birthday of the fired technician raises suspicion of their involvement.

Options A, B, and D are less likely in this scenario. A logic bomb refers to a piece of code designed to execute a malicious action at a specific trigger event or condition, which is not described in the given scenario. Installing a rootkit or leaving a network worm on an old work computer would not directly explain the encryption of the network shared drives and the impact on user access.

Question 12

An organization has a policy in place that states the person who approves firewall controls/changes cannot be the one implementing the changes. Which of the following describes this policy? 

A. Change management 

B. Job rotation 

C. Separation of duties 

D. Least privilege

The policy that states the person who approves firewall controls/changes cannot be the one implementing the changes is an example of C. Separation of duties.

Separation of duties is a principle in security and risk management that aims to prevent conflicts of interest, errors, and fraud by dividing critical tasks or responsibilities among different individuals. By separating the roles of approval and implementation, the organization ensures that there is a check-and-balance system in place. This helps reduce the risk of unauthorized or inappropriate changes to the firewall controls and enhances the overall security posture.

Change management (option A) refers to the formal process of planning, implementing, and managing changes to IT systems, infrastructure, or processes. Job rotation (option B) involves periodically rotating employees across different roles or functions to promote cross-training and reduce the risk of a single point of failure. Least privilege (option D) is a principle that advocates granting users only the necessary privileges to perform their specific job functions, minimizing the potential impact of a security breach or mistake. While these principles are important in security practices, they are not specifically related to the described policy in the question.

Question 13

Which of the following would be the BEST method to prevent the physical theft of staff laptops at an open-plan bank location with a high volume of customers each day? 

A. Guards at the door 

B. Cable locks 

C. Visitor logs 

D. Cameras

In the given scenario, the BEST method to prevent the physical theft of staff laptops at an open-plan bank location with a high volume of customers each day would be B. Cable locks.

Cable locks are physical security devices that allow laptops or other portable devices to be securely attached to a fixed object, such as a desk or table. They typically consist of a metal cable and a locking mechanism that can be looped around an immovable object and secured to the laptop. This prevents unauthorized individuals from easily walking away with the laptops, providing a deterrent against theft.

While options such as guards at the door (option A), visitor logs (option C), and cameras (option D) can contribute to overall security, they may not directly address the specific concern of preventing the physical theft of staff laptops. Guards at the door can help monitor and control access, visitor logs can track who enters the premises, and cameras can provide surveillance footage, but they may not prevent opportunistic theft of unattended laptops in a high-traffic area. Cable locks, on the other hand, offer a targeted and effective method to secure the laptops themselves.


Comments

Post a Comment

Popular posts from this blog

A Publication by the National Institute for Standards and Technology (NIST)

  A Publication by the National Institute for Standards and Technology Financial data is continuously at risk of theft from external cyber threats. These threats have the potential to cost financial institutions like banks and credit unions millions of dollars in damages. The persistence of these threats remains an issue to those within the computer security domain. Security managers and executives need guidance on how to manage information systems under their purview and address these threats as they develop. Enter the NIST 800. The NIST 800 series is a technical standard set of publications that details U.S. government procedures, policies, and guidelines on information systems - developed by the National Institute of Standards and Technology. This non-regulatory agency assists agencies by supplying information to aid in information systems governance.   Application of the NIST 800 Series While they may not hold any data regarding that particular aspect, specific c...
Read more

HPING

Image
 DENIAL OF SERVICE ATTACK- SYN FLOOD ATTACK Hping :  Hping is a popular command-line network tool that is used for various purposes related to network troubleshooting, security assessment, and penetration testing. It is known for its ability to send custom TCP/IP packets and perform advanced network scanning and testing. Here are some common use cases for Hping: Network scanning: Hping can be used to perform port scanning, where it sends TCP or UDP packets to specific ports of a target system to identify open ports, closed ports, or filtered ports. This information can be useful for network administrators to assess the security of their network or for attackers trying to identify potential entry points.   Firewall testing: Hping can help evaluate the effectiveness of firewalls by sending packets with various flags and payloads to test how the firewall responds. It can help identify potential weaknesses or misconfigurations in firewall rules.   Denial-of-Service (DoS...
Read more