Download Cybersecurity Concepts and Attacks and more Exams Nursing in PDF only on Docsity! Quiz: CompTIA Security+ SYO-601 Post-Assessment Quiz With Complete Solutions Typically, certain employees of an organization get texts that update them on various IT activities. If there is a support ticket or downtime, they will receive texts to let them know about the activity. They have started to receive some messages via text instructing them to call the IT help desk at the provided number. When they call the help desk number, a recording asks them for their employee ID. Assuming that the IT department did not send those texts, which of the following social engineering attacks is this? a. Smishing b. Whaling c. Spimming d. Vishing Smishing Which of the following social engineering attacks continues to be a primary weapon used by threat actors? a. Vishing b. Spear phishing c. Phishing d. Google dorking Phishing David, a software engineer, recently bought a brand new laptop because his enterprise follows the BYOD (bring your own device) model. David was part of a software development project where the software code was leaked before its release. Further investigation proved that a vulnerability in David's laptop caused the exposure. David insists he never used the laptop to access any network or integrate any devices, and the laptop was kept in a vault while not in use. Which of the following attack vectors was used by the threat actor? a. Direct access b. Wireless c. Supply chain d. Removable media Supply chain Which category of cybersecurity vulnerability is exploited by attackers before anyone else knows about it? a. Patches b. Platforms c. Zero day d. Third parties site scripting and XML entity injection vulnerabilities. John has been told to perform a vulnerability assessment on these servers to verify if the audit report is valid. He is also told that he should not attempt to engage or exploit any vulnerabilities. By applying his knowledge of vulnerability assessment concepts, which type of vulnerability scanning should John use? a. Intrusive non-credentialed b. Intrusive credentialed c. Non-intrusive credentialed d. Non-intrusive non-credentialed Non-intrusive Credentialed Quinton has been asked to analyze the TTPs of an attack that recently occurred and prepare an SOP to hunt for future treats. When researching the recent attack, Quinton discovered that after penetrating the system, the threat actor moved through the network using elevated credentials. Which technique was the threat actor using to move through the network? a. Initial compromise b. Lateral movement c. Privilege escalation d. Data exfiltration b. Lateral movement Meta is a penetration testing engineer assigned to pen test the security firm's network. So far, she cannot tunnel through the network looking for additional systems accessible through advanced privileges. What should Meta do to gain repeated and long-term access to the system in the future? a. Perform privilege escalation b. Perform backdoor installation c. Perform data exfiltration d. Perform lateral movement b. Perform backdoor installation Shaun is an external penetration testing consultant. The Chief Information Security Officer (CISO) of the organization he is working with indicated that none of the internal higher management executives should receive any kind of spear- phishing emails during Shaun's testing. Which part of the rules of engagement would cover this limitation? a. Authorization b. Other boundaries c. Initiation d. Target locations Other boundaries?? (it's not Target locations) ABC Automobiles is a large manufacturing company based in Munich, Germany. To ensure productivity, all departments like Finance, Purchase, Sales, R&D, Management, etc., are using computers, and for security, each department is placed in different physical and logical networks while interconnected. Johnson, the Vice President of IT, has requested your service in identifying a problem. Details provided by Johnson and your initial probe include the following: The problem started a few weeks ago in the sales department. Videos of six employees working on the computer are shared outside the organization without the users switching on the cameras or the webcam. Their personal phone numbers and email IDs are also found compromised from these devices. At specific times during the day, these computers exhibited substantial amounts of network traffic. Johnson removed these compromised machines from the network immediately to avoid vulnerabilities spreading in the network. He monitored these machines for any unusual behavior for 40 continuous hours. He could not find anything unusual, except that employees who were using these machines were receiving spam messages on their phones. He also scanned these computers using antivirus software but could not find any viruses. He connected these machines back to the network after these b. Keylogger c. PUP d. Backdoor Keylogger An attack where the threat actor changes the value of the variable outside of the programmer's intended range is known as _____________. a. Improper input handling b. Race condition c. Buffer overflow d. Integer overflow Integer overflow Jennifer created an e-learning web application where a login form has to be filled by the user entering the application. Jennifer created an 8-byte buffer for the user name file while developing the application. One day, the application halted with denial of service. An attack on the web application due to the incorrect entry of input values in the login screen was then discovered. What caused the denial of service issue? a. This is due to a backdoor attack. b. This is due to a buffer overflow attack. c. This is due to a race condition caused by the attack. d. This is due to an application program interface attack. This is due to a buffer overflow attack. Which application protocol is used to exchange cyber threat intelligence over HTTP? a. STIX b. TAXII c. TCP d. UDP TAXII A zero-day vulnerability has been found in an e-commerce website used to purchase electronics. Neither the website owner nor the general public knows about the vulnerability; it was discovered by a computer security specialist making a purchase. What should the specialist do? a. Make a report of the zero-day vulnerability and launch it to the public to make them aware. b. Be a broker and sell this zero-day vulnerability to the potential buyers so that they can decide for themselves what to do with it. c. Privately share their findings regarding the zero-day vulnerability with the e-commerce company. d. Ignore it; it is not the specialist's job to alert the website's owner about the vulnerability. Privately share their findings regarding the zero-day vulnerability with the e-commerce company. Why is the UEFI framework considered to be better than the BIOS framework? a. It has a better user interface and supports remote troubleshooting. b. It restricts the hardware support to less than 1TB, offering better security than BIOS. c. It can identify the virus and malware in a device before the system is launched. d. It comes with additional features of OS hardening and anti- intrusion systems. It has a better user interface and supports remote troubleshooting. Rachel has taken over as a systems administrator of Creative Network, which has a network of 300 computers in two different domains. Rachel has been instructed by the CEO to ensure all employees have access to a certain set of folders on the server. The individual workstations may have the personal data of employees in a particular folder. She was informed that there have been previous instances where employees misused the machines. Frank is authorized to issue mandatory security guidelines for IoT device manufacturers in the United States. Which of the following guidelines should Frank NOT issue? a. The devices' embedded systems should use network protocols that have advanced security features. b. The devices should have authentication features. c. The devices should present a cost-effective solution for consumers. d. The devices should receive updates provided by the manufacturer at least once every six months. The devices should present a cost-effective solution for consumers. Which of the following systems combines the functions of a printer, copier, scanner, fax machine, and special-purpose computer with a CPU? a. HVAC b. MFP c. SCADA d. UAV MFP You are the security administrator for an enterprise that follows the bring your own device (BYOD) deployment model. What is the first action that you should take to protect sensitive enterprise data from exposure if an employee device is stolen and can't be located? a. You should seek the help of legal authorities. b. You should search for the thief on your own. c. You should change the data access credentials. d. You should perform a remote wipe. You should perform a remote wipe. You are the security administrator in your organization and have been asked to choose a deployment method that ensures the utmost security, where the data is stored in a centralized server and can be accessed by authorized employees using their own devices. Which of the following should you choose? a. Virtual desktop infrastructure (VDI) b. Choose your own device (CYOD) c. Corporate-owned personally enabled (COPE) d. Corporate-owned devices (COD) Virtual desktop infrastructure (VDI) Which cryptography method provides cryptographic solutions uniquely customized to low-power devices that need to manage resources instead of security constraints? a. Asymmetric cryptography b. Private key cryptography c. Lightweight cryptography d. Symmetric cryptography Lightweight cryptography Which of the following is NOT a characteristic of a trusted platform module (TPM)? a. TPM provides cryptographic services in hardware instead of software. b. TPM generates asymmetric cryptographic public and private keys. c. TPM can easily be transported to another computer. d. TPM includes a pseudorandom number generator. TPM includes a pseudorandom number generator. We have an expert-written solution to this problem! Which technique added to cryptographic algorithms can change a single character of plaintext into multiple characters of ciphertext? a. Eavesdropping b. Collision c. Confusion d. Diffusion a. Hierarchical trust model b. Distributed trust model c. Bridge trust model d. Web of trust model Hierarchical trust model For which of the following is the encapsulating security payload (ESP) protocol applied? a. Authentication b. Confidentiality c. Key management d. Applications Confidentiality Which of the below cryptographic protocol is an encrypted alternative to the Telnet protocol used to access remote computers? a. Transport layer security (TLS) b. Secure shell (SSH) c. Secure sockets layer (SSL) d. Secure real-time transport protocol (SRTP) Secure shell (SSH) Which of the following encrypts one character at a time? a. ECB b. CBC c. Stream d. Block Stream Which of the following only encrypts the IP packet data and leaves the header unencrypted? a. Tunnel mode b. Transport mode c. Encapsulating security payload (ESP) d. Authentication header (AH) Transport mode Which layer of the OSI model is targeted by the threat actors for layer 2 attack? a. Physical layer b. Application layer c. Data link layer d. Transport layer Data link layer Which of the following is an attack that affects data availability? a. Rogue AP b. MAC address c. On-path attack d. DDoS attack DDoS attack Which of the following is the Windows network analysis tool that checks the connection to each hop between source and destination? a. Netstat b. Pathping c. Traceroute d. Curl Pathping Which of the following is a physical security measure? a. Secured socket layer b. Full disk encryption c. Industrial camouflage d. Packet analysis Industrial camouflage We have an expert-written solution to this problem! a. Make an allow rule for the source address 192.168.20.73. b. Make a force allow rule for source address 192.168.20.73. c. Make a deny rule for source address 192.168.20.73. d. Make a log-only rule for source address 192.168.20.73. Make a force allow rule for source address 192.168.20.73. What is data masking? a. Encrypting of files to prevent unauthorized access b. Creating the copy of data by obfuscating sensitive elements c. Protecting sensitive data using strong authentication d. Hiding the data to prevent unauthorized access Creating the copy of data by obfuscating sensitive elements Which of the following is a VPN protocol? a. SMTP b. POP3 c. SSTP d. TCP SSTP Your enterprise network's security was breached when a non- employee connected a device to the network. In a security review meeting, you were asked to employ appropriate measures to prevent this from happening in the future while, at the same time, continuing to allow outsiders to connect to the network. Which of the following actions should you take? a. Set up a virtual private network b. Set up an access control list c. Set up a network access control d. Set up data loss prevention Set up a network access control What is a thin client? a. A thin client is a computing device with limited storage capacity used for latency reduction. b. A thin client is a computer that runs from resources stored on a central cloud server. c. A thin client is a type of virtualized hardware with computing capabilities. d. A thin client is a computer that runs from resources stored on the localized hard drive. A thin client is a computer that runs from resources stored on a central cloud server. In a practical test, you are given a computer with a Windows host OS. You are asked to install a guest machine with Linux OS. What should you do? a. Use Type I hypervisor program b. Use Type II hypervisor program c. Use a container hypervisor d. Use a hardware hypervisor Use Type II hypervisor program In an interview, you are provided the following statements regarding virtualization security. Which statement should you identify as correct? a. Software-defined visibility (SDV) is a framework that allows users to make any network structure transparent. b. A software-defined network virtualizes parts of the physical network to be more quickly and easily reconfigured. c. A user can make a sandbox before performing extensive modifications or alterations to a virtual machine (VM). d. A guest operating system that has remained dormant is updated when the underlying host operating system is updated. A software-defined network virtualizes parts of the physical network to be more quickly and easily reconfigured. What is virtual desktop infrastructure? a. It is the process of running a user desktop inside a VM residing on a server. b. It is the process of virtualizing hardware for different uses. c. It is the process of using a virtual network to access the cloud. IEEE 802.1x Which attack creates false deauthentication management frames that appear to come from another client device, which causes the client to disconnect from AP? a. Bluesnarfing b. Disassociation c. Injecting malware d. Jamming Disassociation Which configuration of WLANs has the following flaws? The last PIN character is only a checksum. The PIN is divided into two shorter values. There is no lockout limit for entering PINs. a. WEP b. WPS c. MAC d. WPA WPS Which wireless probe is designed exclusively to monitor the airwaves for RF transmissions? a. Access point probe b. Dedicated probes c. Desktop probe d. Wireless device probe Dedicated probes Which of the following best describes password spraying? a. Cracking the password of a user by trying all possible alphanumeric combinations b. Trying a common password on different user accounts c. Creating a wordlist using stolen passwords d. Creating a unique password using uppercase, lowercase, numerals, and special symbols Trying a common password on different user accounts Which of the following is the safest authentication method? a. Authentication using an SMS OTP b. Authentication using a smartphone c. Authentication using security keys d. Authentication using a smart card Authentication using security keys Ricky entered a restricted lab by scanning his finger on the fingerprint scanner outside the door. Which type of authentication credential allowed Ricky to enter the lab? a. Someone you know. b. Something you have. c. Something you are. d. Something you can do. Something you are. You want to use different passwords for different accounts by remembering just one password. Which of the following tools fits your need? a. Hardware module b. Password vault c. Windowed token d. PDKF2 Password vault Which of the following is a valid biometric authentication method? a. Gait recognition b. Weight recognition c. Height recognition d. Speech recognition Gait recognition You want to install a non-biometric authentication method to reduce overall costs. Which of the following is the best fit? c. metadata d. journalctl metadata Which of the following best describes artifacts? a. Methods followed by attackers b. Temporary files stored in the RAM c. Technology devices that may contain evidence d. Permanent files stored on hard disks Technology devices that may contain evidence Which of the following recovery sites is more expensive to maintain? a. Hot site b. Cold site c. Warm site d. Onsite Hot site For which of the following systems is resilience through redundancy the least important? a. Desktops b. Servers c. Data d. Networks Desktops The mean time to recovery (MTTR) of a system is zero. What does this imply? a. The system is not resilient to distractions. b. The system cannot be recovered. c. The system is highly resilient. d. The system cannot be recovered quickly. The system is highly resilient. Which of the following can be used to enforce strong credential policies for an organization? a. Acceptable Use Policy b. Windows Active Directory c. Windows Defender d. Windows Firewall Windows Defender?? (wrong)Acceptable Use Policy Which of the following classifications of data is least important? a. Private b. Proprietary c. Confidential d. Sensitive Proprietary Which policy restricts the introduction of malicious programs into an enterprise network or server? a. Asset management b. Onboarding and offboarding c. Data governance d. Acceptable use Data governance?? (wrong) Onboarding and offboarding An enterprise's annual financial statement reported an overall profit when there was actually a loss. Which of the following risks has occurred? a. Inherent risk b. Residual risk c. Control risk d. Internal risk Control risk