Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Cybersecurity Concepts and Practices, Exams of Computer Science

A wide range of cybersecurity topics, including authentication methods, security controls, risk analysis, network security, cryptography, and secure coding practices. It provides an overview of various security concepts and techniques that are commonly used in the field of information security. Likely intended for individuals interested in or studying cybersecurity, such as students, it professionals, or security analysts. It could be useful as a reference or study material for understanding the fundamental principles and best practices in cybersecurity.

Typology: Exams

2024/2025

Available from 09/28/2024

premium-essay
premium-essay 🇺🇸

5

(2)

992 documents

Partial preview of the text

Download Cybersecurity Concepts and Practices and more Exams Computer Science in PDF only on Docsity! Sec+ 401 Graded questions with answers Designed for Success in Every Exam Expert-Verified Questions and Answers Guaranteed to Improve Your Academic Performance A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following? A. Dual-factor authentication B. Multifactor authentication C. Single factor authentication D. Biometric authentication - -correct ans- -Answer: C Which of the following can result in significant administrative overhead from incorrect reporting? A. Job rotation B. Acceptable usage policies C. False positives D. Mandatory vacations - -correct ans- -Answer: C A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system? A. Penetration test B. Vulnerability scan C. Load testing D. Port scanner - -correct ans- -Answer: B Which of the following risk concepts requires an organization to determine the number of failures per year? A. SLE B. ALE C. MTBF D. Quantitative analysis - -correct ans- -Answer: B Three of the primary security control types that can be implemented are. A. supervisory, subordinate, and peer. B. personal, procedural, and legal. C. operational, technical, and management. D. mandatory, discretionary, and permanent. - -correct ans- -Answer: C A company is trying to implement physical deterrent controls to improve the overall security posture of their data center. Which of the following BEST meets their goal? A. Visitor logs B. Firewall C. Hardware locks D. Environmental monitoring - -correct ans- -Answer: C sending the server's drives to be destroyed by a contracted company, the Chief Security Officer (CSO) wants to be certain that the data will not be accessed. Which of the following, if implemented, would BEST reassure the CSO? (Select TWO). A. Disk hashing procedures B. Full disk encryption C. Data retention policies D. Disk wiping procedures E. Removable media encryption - -correct ans- -Answer: BD During the analysis of a PCAP file, a security analyst noticed several communications with a remote server on port 53. Which of the following protocol types is observed in this traffic? A. FTP B. DNS C. Email D. NetBIOS - -correct ans- -Answer: B Users can authenticate to a company's web applications using their credentials from a popular social media site. Which of the following poses the greatest risk with this integration? A. Malicious users can exploit local corporate credentials with their social media credentials B. Changes to passwords on the social media site can be delayed from replicating to the company C. Data loss from the corporate servers can create legal liabilities with the social media site D. Password breaches to the social media site affect the company application as well - - correct ans- -Answer: D A security team has established a security awareness program. Which of the following would BEST prove the success of the program? A. Policies B. Procedures C. Metrics D. Standards - -correct ans- -Answer: C A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO). A. SSH B. TFTP C. NTLM D. TKIP E. SMTP F. PGP/GPG - -correct ans- -Answer: AF An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal? A. Unified Threat Management B. Virtual Private Network C. Single sign on D. Role-based management - -correct ans- -Answer: A An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented? A. Cluster tip wiping B. Individual file encryption C. Full disk encryption D. Storage retention - -correct ans- -Answer: A A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to affect the business on a day- to-day basis? A. Insufficient encryption methods B. Large scale natural disasters C. Corporate espionage D. Lack of antivirus software - -correct ans- -Answer: D Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential customer information in a recycle bin without shredding it first. This is MOST likely to increase the risk of loss from which of the following attacks? A. Shoulder surfing D. PPTP - -correct ans- -Answer: A Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks? A. 802.1x B. Data encryption C. Password strength D. BGP - -correct ans- -Answer: A A recent computer breach has resulted in the incident response team needing to perform a forensics examination. Upon examination, the forensics examiner determines that they cannot tell which captured hard drive was from the device in question. Which of the following would have prevented the confusion experienced during this examination? A. Perform routine audit B. Chain of custody C. Evidence labeling D. Hashing the evidence - -correct ans- -Answer: C An IT staff member was entering the datacenter when another person tried to piggyback into the datacenter as the door was opened. While the IT staff member attempted to question the other individual by politely asking to see their badge, the individual refused and ran off into the datacenter. Which of the following should the IT staff member do NEXT? A. Call the police while tracking the individual on the closed circuit television system B. Contact the forensics team for further analysis C. Chase the individual to determine where they are going and what they are doing D. Contact the onsite physical security team with a description of the individual - -correct ans- -Answer: D During a recent user awareness and training session, a new staff member asks the Chief Information Security Officer (CISO) why the company does not allow personally owned devices into the company facilities. Which of the following represents how the CISO should respond? A. Company A views personally owned devices as creating an unacceptable risk to the organizational IT systems. B. Company A has begun to see zero-day attacks against personally owned devices disconnected from the network. C. Company A believes that staff members should be focused on their work while in the company's facilities. D. Company A has seen social engineering attacks against personally owned devices and does not allow their use. - -correct ans- -Answer: A A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address? A. Identification B. Authorization C. Access control D. Authentication - -correct ans- -Answer: A Which of the following is designed to ensure high availability of web based applications? A. Proxies B. Load balancers C. URL filtering D. Routers - -correct ans- -Answer: B After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation? A. Information Security Awareness B. Social Media and BYOD C. Data Handling and Disposal D. Acceptable Use of IT Systems - -correct ans- -Answer: A The administrator would like to implement hardware assisted full disk encryption on laptops. Which of the following would MOST likely be used to meet this goal? A. TPM B. USB Drive C. Key Escrow D. PKI - -correct ans- -Answer: A Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application? A. Protocol analyzer B. Vulnerability scan C. Penetration test D. Port scanner - -correct ans- -Answer: B To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation? A. Management B. Administrative C. Technical D. Operational - -correct ans- -Answer: C Pete, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic? A. Connect the WAP to a different switch. B. Create a voice VLAN. C. Create a DMZ. D. Set the switch ports to 802.1q mode. - -correct ans- -Answer: B QUESTION 421 The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware? A. TwoFish B. SHA-512 C. Fuzzy hashes D. HMAC - -correct ans- -Answer: C QUESTION 422 The security administrator installed a newly generated SSL certificate onto the company web server. Due to a mis-configuration of the website, a downloadable file containing one of the pieces of the key was available to the public. It was verified that the disclosure did not require a reissue of the certificate. Which of the following was MOST likely compromised? A. The file containing the recovery agent's keys. B. The file containing the public key. C. The file containing the private key. D. The file containing the server's encrypted passwords. - -correct ans- -Answer: B After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of? A. Privilege escalation B. Advanced persistent threat C. Malicious insider threat D. Spear phishing - -correct ans- -Answer: B Which of the following was launched against a company based on the following IDS log? 122.41.15.252 - - [21/May/2012:00:17:20 +1200] "GET /index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AA AAA HTTP/1.1" 200 2731 "http://www.company.com/cgibin/ forum/commentary.pl/noframes/read/209" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)" A. SQL injection B. Buffer overflow attack C. XSS attack D. Online password crack - -correct ans- -Answer: B The security administrator is analyzing a user's history file on a Unix server to determine if the An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which of the following describes how this private key should be stored so that it is protected from theft? A. Implement full disk encryption B. Store on encrypted removable media C. Utilize a hardware security module D. Store on web proxy file system - -correct ans- -Answer: C An insurance company requires an account recovery process so that information created by an employee can be accessed after that employee is no longer with the firm. Which of the following is the BEST approach to implement this process? A. Employee is required to share their password with authorized staff prior to leaving the firm B. Passwords are stored in a reversible form so that they can be recovered when needed C. Authorized employees have the ability to reset passwords so that the data is accessible D. All employee data is exported and imported by the employee prior to them leaving the firm - -correct ans- -Answer: C A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access. Which of the following is the BEST approach to implement this process? A. Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site. B. Require the customer to physically come into the company's main office so that the customer can be authenticated prior to their password being reset. C. Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password. D. Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login. - -correct ans- -Answer: D A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data? A. AES B. 3DES C. RC4 D. WPA2 - -correct ans- -Answer: B A new MPLS network link has been established between a company and its business partner. The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link? A. MPLS should be run in IPVPN mode. B. SSL/TLS for all application flows. C. IPSec VPN tunnels on top of the MPLS link. D. HTTPS and SSH for all application flows. - -correct ans- -Answer: C Which of the following authentication services should be replaced with a more secure alternative? A. RADIUS B. TACACS C. TACACS+ D. XTACACS - -correct ans- -Answer: B A financial company requires a new private network link with a business partner to cater for realtime and batched data flows. Which of the following activities should be performed by the IT security staff member prior to establishing the link? A. Baseline reporting B. Design review C. Code review D. SLA reporting - -correct ans- -Answer: B Which device monitors network traffic in a passive manner? A. Sniffer B. IDS C. Firewall D. Web browser - -correct ans- -Answer: A encryption used? A. RC4 B. DES C. 3DES D. AES - -correct ans- -Answer: D Which of the following is used to verify data integrity? A. SHA B. 3DES C. AES D. RSA - -correct ans- -Answer: A Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following? A. Root Kit B. Spyware C. Logic Bomb D. Backdoor - -correct ans- -Answer: D Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks. Which of the following concepts would enforce this process? A. Separation of Duties B. Mandatory Vacations C. Discretionary Access Control D. Job Rotation - -correct ans- -Answer: A The security department has implemented a new laptop encryption product in the environment. The product requires one user name and password at the time of boot up and also another password after the operating system has finished loading. This setup is using which of the following authentication types? A. Two-factor authentication B. Single sign-on C. Multifactor authentication D. Single factor authentication - -correct ans- -Answer: D The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder? A. Remove the staff group from the payroll folder B. Implicit deny on the payroll folder for the staff group C. Implicit deny on the payroll folder for the managers group D. Remove inheritance from the payroll folder - -correct ans- -Answer: B QUESTION 452 The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank's certificates are still valid? A. Bank's CRL B. Bank's private key C. Bank's key escrow D. Bank's recovery agent - -correct ans- -Answer: A QUESTION 453 Which of the following are examples of network segmentation? (Select TWO). A. IDS B. IaaS C. DMZ D. Subnet E. IPS - -correct ans- -Answer: CD QUESTION 454 Which of the following provides the strongest authentication security on a wireless network? certificate *.comptia.com, and now wishes to implement SSL on srv5.comptia.com. Which of the following files should be copied from srv4 to accomplish this? A. certificate, private key, and intermediate certificate chain B. certificate, intermediate certificate chain, and root certificate C. certificate, root certificate, and certificate signing request D. certificate, public key, and certificate signing request - -correct ans- -Answer: A QUESTION 461 When reviewing security logs, an administrator sees requests for the AAAA record of www.comptia.com. Which of the following BEST describes this type of record? A. DNSSEC record B. IPv4 DNS record C. IPSEC DNS record D. IPv6 DNS record - -correct ans- -Answer: D QUESTION 462 Which of the following practices reduces the management burden of access management? A. Password complexity policies B. User account audit C. Log analysis and review D. Group based privileges - -correct ans- -Answer: D QUESTION 463 Which of the following helps to apply the proper security controls to information? A. Data classification B. Deduplication C. Clean desk policy D. Encryption - -correct ans- -Answer: A QUESTION 464 Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash? A. Input validation B. Exception handling C. Application hardening D. Fuzzing - -correct ans- -Answer: D QUESTION 465 Which of the following types of security services are used to support authentication for remote users and devices? A. Biometrics B. HSM C. RADIUS D. TACACS - -correct ans- -Answer: C QUESTION 466 A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement? A. SaaS B. MaaS C. IaaS D. PaaS - -correct ans- -Answer: B QUESTION 467 A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements? A. OCSP B. PKI C. CA D. CRL - -correct ans- -Answer: D QUESTION 468 A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future? A. Procedure and policy management B. Chain of custody management C. Change management D. Incident management - -correct ans- -Answer: D