Download Cybersecurity Concepts and Attacks and more Exams Nursing in PDF only on Docsity! CompTIA Security+ SY0-601 Practice Questions and correct answers The user installed Trojan horse malware. - answer ✅✅A user used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user experienced frequent crashes, slow computer performance, and strange services running when turning on the computer. What most likely happened to cause these issues? A worm - answer ✅✅A security operations center (SOC) analyst investigates the propagation of a memory-resident virus across the network and notices a rapid consumption of network bandwidth, causing a Denial of Service (DoS). What type of virus is this? PUP (potentially unwanted program) - answer ✅✅A user purchased a laptop from a local computer shop. After powering on the laptop for the first time, the user noticed a few programs like Norton Antivirus asking for permission to install. How would an IT security specialist classify these programs? -Uses lightweight shellcode -Uses low observable characteristic attacks - answer ✅✅A fileless malicious software can replicate between processes in memory on a local host or over network shares. What other behaviors and techniques would classify malware as fileless rather than a normal virus? (Select all that apply.) -Computer Bots, -Command & Control - answer ✅✅An attacker is planning to set up a backdoor that will infect a set of specific computers at an organization, to inflict a set of other intrusion attacks remotely. Which of the following will support the attackers' plan? (Select all that apply.) -A dictionary word - answer ✅✅An attacker can exploit a weakness in a password protocol to calculate the hash of a password. Which of the following can the attacker match the hash to, as a means to obtain the password? (Select all that apply.) A rainbow table attack - answer ✅✅Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value? Clone it. - answer ✅✅How can an attacker make unauthorized use of acquired user and account details from a user's smart card? Skimming - answer ✅✅What type of attack is occurring when a counterfeit card reader is in use? Cross-site scripting (XSS) - answer ✅✅An attacker discovered an input validation vulnerability on a website, crafted a URL with additional HTML code, and emailed the link to a victim. The victim unknowingly defaced (vandalized) the web site after clicking on the malicious URL. No other malicious operations occurred outside of the web application's root directory. This scenario is describing which type of attack? DLL injection - answer ✅✅An attacker escalated privileges to a local administrator and used code refactoring to evade antivirus detection. The attacker then allowed one process to attach to another and forced the operating system to load a malicious binary package. What did the attacker successfully perform? LDAP injection - answer ✅✅Using an open connection to a small company's network, an attacker submitted arbitrary queries on port 389 to the domain controllers. The attacker initiated the query from a client computer. What type of injection attack did the attacker perform? A malicious process can alter the execution environment to create a null pointer, and crash the program. - answer ✅✅How can the lack of logic statement tests on memory location variables be detrimental to software in development? A buffer overflow - answer ✅✅An attacker gained remote access to a user's computer by exploiting a vulnerability in a piece of software on the device. The attacker sent data that was able to manipulate the memory size that the application reserved to store expected data. Which vulnerability exploit resulted from the attacker's actions? Race condition - answer ✅✅Developers found a "time of check to time of use" (TOCTTOU) vulnerability in their application. The vulnerability made it possible to change temporary data created within the app before the app uses the data later. This vulnerability is taking advantage of what process in the application? Revealing database server configuration - answer ✅✅A web application's code prevents the output of any type of information when an error occurs during a request. The A shim - answer ✅✅By compromising a Windows XP application that ran on a Windows 10 machine, an attacker installed persistent malware on a victim computer with local administrator privileges. What should the attacker add to the registry, along with its files added to the system folder, to execute this malware? Refactoring - answer ✅✅Through what method can malware evade antivirus software detection, so that the software no longer identifies the malware by its signature? -A pass-the-hash attack -A replay attack - answer ✅✅A security engineer implemented once-only tokens and timestamping sessions. What type of attacks can this type of security prevent? (Select all that apply.) A rogue access point (AP) - answer ✅✅A security analyst's scans and network logs show that unauthorized devices are connecting to the network. After tracing this down, the analyst discovered a tethered smartphone creating a backdoor to gain access to the network. Which of the following describes this device? Bluesnarfing - answer ✅✅An attacker used an exploit to steal information from a mobile device, which allowed the attacker to circumvent the authentication process. The mobile device is vulnerable to which of the following attacks? -Locate the offending radio source and disable it. -Boost the signal of the legitimate equipment. - answer ✅✅An attacker used an illegal access point (AP) with a very strong signal near a wireless network. If the attacker performed a jamming attack, which of the following would mitigate this type of network disruption? (Select all that apply.) IV attacks - answer ✅✅Wi-Fi Protected Access (WPA) fixes critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard. Understanding that WPA uses a combination of an RC4 stream cipher and Temporal Key Integrity Protocol (TKIP), this makes a wireless access point NOT vulnerable to which of the following attacks when related to encrypted wireless packets? A Man-in-the-Middle attack - answer ✅✅A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute? Domain Name System (DNS) client cache poisoning - answer ✅✅A hacker corrupted the name:IP records held on the HOSTS file on a client, to divert traffic for a legitimate domain to a malicious IP address. What type of attack did the hacker perform? -Domain reputation -URL redirections - answer ✅✅External hackers have some access to a company's website and made some changes. Customers have submitted multiple complaints via email for wrong orders and inappropriate images on RAID-10 - answer ✅✅Which Redundant Array of Independent Disks (RAID) combines mirroring and striping and is the better option for mission critical applications? UPS - answer ✅✅A data center needs to ensure that data is not lost at the system level in the event of a blackout. Servers must stay operable for at least an eight-hour window as part of the response and recovery controls implemented. Which redundancy effort should be put in place to ensure the data remains available? Managed PDUs - answer ✅✅A system engineer can monitor and control voltage factors in a data center. The engineer can make critical decisions on the center's energy consumption and load balancing. Which device is the engineer likely using to make these decisions? SAN - answer ✅✅A company requires a means of managing storage centrally and the ability to share the storage with multiple hosts where users can access data quickly, with little to no latency. Which of the following storage architectures would best meet the company's needs? Revert to known state - answer ✅✅A company has implemented a Virtual Desktop Infrastructure (VDI) where the user's desktop operates as a Virtual Machine (VM) on a centralized server. When users log off the machine, any changes made at the VM level are not saved. Which means for ensuring non-persistence has been implemented? Take a snapshot of the server before installing on the server. - answer ✅✅A system engineer has tested a new application in the lab, and wants to deploy the application on a production server. The server is a virtual machine that processes and stores live data for company employees. Which of the following is the BEST approach for deploying the new application on the server? Tape - answer ✅✅A system engineer is researching backup solutions that are inexpensive and can store large amounts of data offline. The backup solution must be portable and maintainable for a certain length of time defined in the company's backup recovery plan. Which of the following is the best backup solution? NAS - answer ✅✅A network administrator is installing a device that uses Redundant Array of Independent Disks (RAID) technologies for redundancy and provides employees remote access so that files can be accessed anywhere. The device does not require licensing and stores data at the file level. Which device is the employee likely installing in the infrastructure? Offline - answer ✅✅An aviation tracking system maintains flight records for equipment and personnel. The system is a critical command and control system that must maintain an availability rate of 99% for key parameter performance. The cloud service provider (CSP) guarantees a failover to multiple zones if an outage occurs. In addition to the multi-zonal cloud failover, what backup solution would allow the system to maintain data locally? -Tunnel -Transport - answer ✅✅A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote access server listening on port 443 to encrypt traffic with a client machine. An IPSec (Internet Protocol Security) VPN can deliver traffic in two modes. One mode encrypts only the payload of the IP packet. The other mode encrypts the whole IP packet (header and payload). These two modes describe which of the following? (Select all that apply.) -Establish a guest zone -Upload files using SSH -Use configuration templates - answer ✅✅Consider the principles of web server hardening and determine which actions a system administrator should take when deploying a new web server in a demilitarized zone (DMZ). FTPES - answer ✅✅Which of the following protocols would secure file transfer services for an internal network? Directory services - answer ✅✅Implementing Lightweight Directory Access Protocol Secure (LDAPS) on a web server secures direct queries to which of the following? -Source routing -Route injection -Software exploits - answer ✅✅Select the vulnerabilities that can influence routing. (Select all that apply.) Provision SSO access - answer ✅✅Management has set up a feed or subscription service to inform users on regular updates to the network and its various systems and services. The feed is only accessible from the internal network. What else can systems administrators do to limit the service to internal access? -Prevent malicious traffic between VMs -Protection from zero day attacks - answer ✅✅A small organization operates several virtual servers in a single host environment. The physical network utilizes a physical firewall with NIDS for security. What would be the benefits of installing a Host Intrusion Prevention System (HIPS) at the end points? (Select all that apply.) Measured Boot - answer ✅✅Which of the following would secure an endpoint and provide attestation signed by a trusted platform module (TPM)? Measured boot will record the presence of unsigned kernel-level code. - answer ✅✅A support technician reviews a computer's boot integrity capabilities and discovers that the system supports a measured boot process. Which statement accurately describes this process? Input validation - answer ✅✅A developer writes code for a new application, and wants to ensure protective countermeasures against the execution of SQL injection attacks. What secure coding technique will provide this? most security between services on the cloud platform. Which of the following would ensure this type of network security is within the cloud? (Select all that apply.) TLS 1.2 - answer ✅✅A company recently implemented a Secure Sockets Layer/Transport Layer Security (SSL/TLS) version that supports Secure Hashing Algorithm-256 (SHA-256) cipher. Which SSL/TLS version was deployed? HTML5 - answer ✅✅Systems administrators want to set up a way for remote administration from home. Rather than installing a software agent, the solution should use an underlying technology that is available to an application, such as a web browser. Which option would best support these requirements? Broadcast storms - answer ✅✅A network engineer is plugging in new patch cables and wants to prevent inadvertent disruptions to the network while doing so. What will the engineer prevent if Spanning Tree Protocol (STP) is configured on the switches? Provide secure access to DMZ servers. - answer ✅✅What is a jump server commonly used for? Reverse Proxy - answer ✅✅A company hosts internal web servers between two firewalls: one firewall at the edge network and another near the internal gateways. These web servers provide multiple services to employees on the road. A recent security audit advised the company to find ways to further secure connections between remote clients and these internal web servers. Which of the following will satisfy the security advice? Signature-based - answer ✅✅An administrator deploys a basic network intrusion detection (NID) device to identify common patterns of attacks. What detection method does this device use? -Block TCP ports -Allow network protocols - answer ✅✅A network administrator set up a basic packet filtering firewall using an open-source application running on a Linux virtual machine. The immediate benefit to this deployment is the quick configuration of basic firewall rules. Which of the following reasons may have also influenced the administrator's decision to deploy a stateless, rather than a stateful, firewall? (Select all that apply.) ACL - answer ✅✅An administrator navigates to the Windows Firewall with Advanced Security. The inbound rules show a custom rule, which assigned the action, "Allow the connection" to all programs, all protocols, and all ports with a scope of 192.168.0.0/24. This is an example of what type of security setting? -Message authentication -Block source routed packets - answer ✅✅A company is renovating a new office space and is updating all Cisco routers. The up-to- customer configure these VPCs to ensure the highest degree of network security? -78% average error rate -Spike in API calls - answer ✅✅A cloud service provider (CSP) dashboard provides a view of all applicable logs for cloud resources and services. When examining the application programming interface (API) logs, the cloud engineer sees some odd metrics. Which of the following are examples that the engineer would have concerns for? (Select all that apply.) The provider is responsible for the availability of the software. - answer ✅✅A company is looking into integrating on- premise services and cloud services with a cloud service provider (CSP) using an Infrastructure as a Service (IaaS) plan. As a cloud architect works on architectural design, which of the following statements would NOT apply in this case? Allow list - answer ✅✅A company set up controls to allow only a specific set of software and tools to install on workstations. A user navigates to a software library to make a selection. What type of method prevents installation of software that is not a part of a library? CASB - answer ✅✅A company would like to deploy a software service to monitor traffic and enforce security policies in their cloud environment. What tool should the company consider using? CASB - answer ✅✅A large firm requires better control over mobile users' access to business applications in the cloud. This will require single-sign on and support for different device types. What solution should the company consider using? -A solution that is known as zone-redundant storage. -Access is available if a single data center is destroyed. - answer ✅✅An organization moves its data to the cloud. Engineers utilize regional replication to protect data. Review the descriptions and conclude which ones apply to this configuration. (Select all that apply.) -Regional replication -High availability - answer ✅✅Cloud service providers make services available around the world through a variety of methods. The concept of a zone assumes what type of service level? (Select all that apply.) Next-generation secure web gateway - answer ✅✅Determine a solution that can combine with a cloud access security broker (CASB) to provide a wholly cloud-hosted platform for client access? Resource policies - answer ✅✅If managed improperly, which of the following would be most detrimental to access management of cloud-based storage resources? Layer 7 - Application Layer - answer ✅✅When implementing a native-cloud firewall, which layer of the Open Systems Interconnection PFX - answer ✅✅Which certificate format allows the transfer of private keys and is password protected? -An online CA is needed in order to publish a CRL. -An online root is required to add an intermediate CA. - answer ✅✅A company has a two-level certificate authority (CA) hierarchy. One of the CA servers is offline, while the others are online. Which statements are TRUE of online and offline CAs? (Select all that apply.) OCSP stapling - answer ✅✅There are several ways to check on the status of an online certificate, but some introduce privacy concerns. Consider how each of the following is structured, and select the option with the best ability to hide the identity of the certificate status requestor. Use certificate pinning - answer ✅✅An independent penetration testing company is invited to test a company's legacy banking application developed for Android phones. It uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. Penetrations tests reveal the connections with clients were vulnerable to a Man-in-the-Middle (MITM) attack. How does the company prevent this from happening in the public Internet? Trust model - answer ✅✅In a Public Key Infrastructure (PKI), which option best describes how users and multiple Certificate Authorities (CA) interact with each other in a large environment? Key escrow - answer ✅✅A company with multiple types of archived encrypted data is looking to archive the keys needed to decrypt the data. However, the company wants to separate the two in order to heavily guard these keys. Analyze the scenario to determine the most likely key placement. Use correct certificate path. - answer ✅✅A company has two web servers using a load- balance configuration. Users report having periodic trust errors connecting to the website. Both servers are using server-only certificates. Which of the following actions would most likely resolve the issue? openssl genrsa -aes256 -out server.key 1024 - answer ✅✅A public key infrastructure (PKI) is being set up for a logistics company, utilizing OpenSSL. Which of the following commands can the team use, when setting up the PKI, to create an encrypted RSA key pair? Public cloud - answer ✅✅A new cloud service provider (CSP) leases resources to multiple organizations (or customers) around the world. Each customer is independent and does not share the same cloud storage resource. The customers use an on-demand payment plan. Which cloud model is the CSP most likely providing to its customers? -nmap xxx.xxx.x.x -O -nmap xxx.xxx.x.x -A - answer ✅✅A penetration tester is experimenting with Nmap on a test network. The tester would like to know the operating system of the target device. Select all Nmap commands Cuckoo - answer ✅✅A malware expert wants to examine a new worm that is infecting Windows devices. Verify the sandbox tool that will enable the expert to contain the worm and study it in its active state. head -n 15 /var/log/hostnames - answer ✅✅Identify the command that will output only the 15 oldest entries in the log file called hostnames. tail -n 15 /var/log/hostnames - answer ✅✅Identify the command that will output the 15 most recent entries in the log file called hostnames. cat security.log - answer ✅✅A network technician working for a three-letter intelligence organization has to troubleshoot a specialized, air-gapped Linux device without asking any questions. The technician only has access to the CLI and needs to read a log file, without a GUI, and without network access. Outline the command that will easily enable the technician to view the file from the command line. logger -f hostnames - answer ✅✅An administrator of a Linux network is writing a script to transfer a list of local host names, contained in a file called hostnames, directly into the syslog file. Predict the CLI command the admin is likely to use to accomplish this. -tcpdump -tshark - answer ✅✅A systems administrator recently hardened two servers (Linux and Windows), disabling unused ports and setting up a software firewall to block specific port connections and protocols. These servers support employees at an external branch that operates on wireless network connections and laptops. Which of the following tools will help audit the server's security settings with the least amount of effort? (Select all that apply.) Volatility - answer ✅✅A forensics analyst is attempting a live acquisition of the contents of the memory of a running Linux device. In order to copy the blocked /dev/mem file with memdump or dd, the analyst must install a kernel driver. Recommend a framework that will enable the analyst to install a kernel driver. Autopsy - answer ✅✅A cyber forensic investigator is analyzing a disk image acquired from a suspect in a major network breach and wants to generate a timeline of events from the image. Predict the tool the investigator will use to piece together a timeline of events so that they can tie the hacker's disk to the breach in question. Gather employee login credentials. - answer ✅✅A security event popped up, alerting security of a suspicious user gaining access to, and copying files from, the %SystemRoot %\NTDS\ file path on a server. What is the user trying to do? -Use the DoD 5220.22-M method -Degauss media with a magnet - answer ✅✅A government agency is getting rid of older workstations. The agency will donate these together a playbook. Evaluate the elements that the security expert should include in the playbook. (Select all that apply.) Reputation damage - answer ✅✅Hackers infiltrated a home furnishings store's network six months ago. The hackers obtained customer information to include account and payment data. Since the breach, sales have gone down, and customers have closed accounts with the store. Which of the following consequences is a direct result of the breach? -Reputation damage -Fines -Identity theft - answer ✅✅Which of the following can be consequences of a data breach? (Select all that apply.) IP theft - answer ✅✅A hacker uses a spear phishing technique to infiltrate an Information Technology (IT) company's network to steal sensitive data pertaining to new and developing technologies. What is the hacker's goal? Escalate the information to a security manager. - answer ✅✅A financial institution employee notices from the audit log, that several attempts were made by a user to bypass the authentication process. The user attempted to log in ten times in twenty minutes using various methods, though the user never gained visible access. Which of the following describes what the employee should do next? Data masking - answer ✅✅An application maintains social security numbers and birthdates as primary keys for personnel tasking of various contingencies and mobility exercises. To maintain the personally identifiable information (PII), which of the following deidentification methods should the application adopt? Data controller - answer ✅✅An employee is responsible for protecting the privacy and rights of data used and transmitted by an organization. The employee dictates the procedures and purpose of data usage. Which governance role for oversight does the employee maintain? Data processor - answer ✅✅A third-party vendor collects and analyzes data for a paint supply retailer website. The retailer specifically asks for information, such as what colors customers are searching for regularly and what quantity customers request the most. Which of the following best describes the third-party vendor? Information life cycle - answer ✅✅A logistics detail facility must maintain transportation data up to 365 days after transaction closeout. At the creation of the transaction, the logistics planner tags the information contained in the file according to classification. The transaction data is protected until disposal. Which data model does this best represent? Privacy notice - answer ✅✅A website allows a user to apply for a home loan with multiple