Comptia Security+ Practice Test 2

Questions and Answers

PDF Questions PDF Answers

What type of program is a company creating if it compensates researchers for discovering vulnerabilities in its public application?

Bug bounty (correct)

Red team

Open-source intelligence

Penetration testing

Which method is most effective for preventing unknown programs from running on a system?

Application allow list (correct)

Access control list

Host-based firewall

DLP solution

What strategy is required by a bank to ensure its vendors prevent data loss on stolen laptops?

Permission restrictions

Data classification

Encryption at rest (correct)

Masking

In an IaaS cloud environment, who is responsible for securing the business's database according to the shared responsibility model?

Client

Which access management technique allows a systems administrator to restrict user data access based on responsibilities?

RBAC

What is the primary reason for conducting an audit in the banking sector?

Regulatory requirement - Compliance

What security principle is being implemented when only specific personnel are allowed access to critical system controls?

Least privilege

Which process involves a designated time frame for making changes to a system to ensure operational stability?

Scheduled downtime

What is the first step a security administrator should take when deploying a DLP solution to protect sensitive customer data?

Apply classifications to the data

Which type of security control does an acceptable use policy exemplify?

Preventive

Which method is most effective in preventing employees from inadvertently installing malware?

Application allow list

What aspect of data does a VPN primarily protect?

Data in transit

How should a database administrator access database servers if direct access is not permitted?

Jump server

What is the best way to improve situational awareness for employees returning to in-office work?

Modify the content of recurring training

Which vulnerability is typically exploited through malicious register overwriting?

Buffer overflow

Why should permissions on a human resources fileshare adhere to the principle of least privilege?

Confidentiality

What concept best describes the actions of disabling unneeded services and putting a firewall in front of a legacy system?

Compensating controls

What is the most appropriate way for a systems administrator to automate account creation to reduce errors?

Orchestration

What is indicated when a file integrity monitoring tool detects a hash change in cmd.exe without recent patches being applied?

A rootkit was deployed

What term best describes the policy requiring hard drives to be securely wiped before recycling?

Sanitization

Which threat actor is most likely to have large financial resources to attack foreign critical systems?

Nation-state

What activity describes the act of disregarding detected malicious behavior after assessment?

Tuning

Which type of penetration test involves some prior information about a specific device?

Partially known environment

What should an analyst prioritize to minimize the impact of a phishing attack after identifying a high user click-through rate?

Update EDR policies to block automatic execution

Which security concern is most relevant to a Bring Your Own Device (BYOD) program?

Jailbreaking

What type of reconnaissance is performed when a penetration tester conducts port and service scans?

Active

What does purchasing cyber insurance represent in terms of risk management?

Transfer

Which exercise is best suited for improving an organization’s incident response process?

Tabletop

Which type of malware infection can be identified by the presence of files with the .ryk extension?

Ransomware

What encryption technique provides the highest level of data protection on employee laptops?

Full disk encryption

What is the primary consideration before implementing a new policy in a production network?

Testing the policy in a non-production environment

What technique should be used to separate customer data from the main corporate network?

Segmentation

What document is most relevant for summarizing risks, responsible parties, and risk tolerance?

Risk register

What social engineering tactic is exemplified by a caller impersonating the Chief Financial Officer?

Social engineering

What must a systems administrator submit to demonstrate that a production system can be restored in the event of a performance issue?

Backout plan

What is a key reason to conduct root cause analysis during incident response?

To prevent future incidents

Which security concept is upheld when implementing measures to protect against DDoS attacks?

Availability

Which considerations are critical for implementing full disk encryption (FDE) on laptops? (Select two)

TPM presence

What describes a scenario where files on a database server were recently encrypted by a domain user?

Insider threat

Why did a security administrator remove default permissions from file shares and add specific user permissions?

Least privilege

What adds extra complexity to data prior to using a one-way data transformation algorithm?

Salting

What type of rules is a security engineer likely to configure in an NGFW to manage various traffic types during attacks?

Behavioral-based

Which data policy involves ensuring customer transaction information is archived for a specific time period?

Retention

What should be implemented to prevent incidents like MFA bypass due to social engineering?

Identity proofing

To restrict employee activities after hours, which strategy should a systems administrator utilize?

Time-of-day restrictions

What technique is used to enhance a password by adding a random string of characters to it?

Salting

Which category of data suffers the most impact when compromised?

Critical

To reduce operating systems while decommissioning servers, which security strategy should be adopted?

Containerization

What action should be taken to maintain network security when an IDS detects numerous SQL injection attacks?

Set the appliance to IPS mode

What security practice assisted a manager in identifying a phishing attack via an email link?

End user training

What classifies a resource as high availability in cloud environments?

Load balancer

What vulnerability is associated with applications using MD5 for data storage?

Cryptographic

Which factor most affects an administrator's capability to address CVEs on a server?

Patch availability

What strategy should a systems administrator implement for computers that should not access the internet?

Air gap

What is the best explanation for an internal system sending large amounts of unusual DNS queries during non-business hours?

Data is being exfiltrated.

Which team effectively combines both offensive and defensive security testing techniques?

Purple Team

What should a systems administrator do to rapidly implement a password policy update across all systems?

Push GPO update

Which method is most appropriate for ensuring sensitive data at rest is rendered unreadable?

Encryption

Which action would most likely prevent unauthorized use of the local administrator account for a VPN appliance?

Change the default password

What type of security control requires visitors to check in with photo ID?

Physical

Which of the following terms describes the maximum amount of accepted risk an organization is willing to take?

Risk threshold

What should a company consider for disaster recovery to ensure against total loss from a disaster?

Geographic dispersion

Which attack is characterized by phishing attempts via SMS messages?

Smishing

What document typically includes an estimate of hours required for a penetration testing engagement?

SOW

What is the first risk management strategy an enterprise should adopt for a critical legacy application with pending controls?

Mitigate

Which action is typically recommended when a new security manager assumes their role?

Review security policies

Which term describes the configuration of logging to an off-site location for reference?

Archiving

What security concept is implemented with a RADIUS server?

AAA

What access control type is likely preventing an engineer from accessing the shared folders in their new team?

Role-based

Which task is a key component of the Business Impact Analysis (BIA) process?

Estimating the recovery time of systems

Which risk can be effectively mitigated by using HTTP headers?

Cross-Site Scripting (XSS)

Which penetration testing team focuses solely on using an attacker's tactics to compromise an organization?

Red

What security control is likely implemented when a critical legacy server is isolated in a private network?

Compensating

What best characterizes the use of CCTV systems and warning signs regarding filming in a data center?

Deterrent

Which security measure effectively enhances the integrity of compiled binaries in a production environment?

Code signing

What does it mean when employees access company-related services without using the company VPN?

Shadow IT

Which concept is primarily upheld when implementing a product to protect against DDoS attacks?

Availability

What principle is being applied when a security administrator grants file share permissions only to users who require them for their job?

Least privilege

What type of rules should a security engineer implement on an NGFW to manage the impact of various traffic types during attacks?

Behavioral-based

Which method should be employed to prevent the issuance of MFA bypass codes to unauthorized individuals posing as employees?

Identity proofing

Which strategy should be implemented by a systems administrator to restrict employee access after hours?

Time-of-day restrictions

What does adding a random string of characters to a password best describe?

Salting

Which category of data is least impacted when it is lost?

Public

What approach should a company take to reduce the number of individual operating systems when decommissioning its physical servers?

Containerization

Which action would best maintain security when an IDS detects numerous SQL injection attempts?

Set the appliance to IPS mode and position it before the firewall.

What security practice aided a manager in recognizing a phishing attempt through an email link?

End user training

Which component is crucial for achieving high availability in a cloud environment?

Load balancer

Which vulnerability is present when an application uses MD5 for data storage?

Cryptographic

What is the main consideration for an administrator in addressing CVEs found on a server?

Patch availability

What is the best action to implement for computers that should not have internet access to prevent data leaks?

Air gap

Which steps should an administrator follow for server hardening before deployment? (Select two)

Remove unnecessary services

Study Notes

Bug Bounty

• Companies compensate researchers for reporting vulnerabilities
• Used to expand threat surface programs

Application Allow List

• Used to block unknown programs from executing

Encryption at Rest

• Data is protected while it is not being used

Client

• Responsible for securing data in an IaaS model

Role-Based Access Control (RBAC)

• Used to control access to resources based on roles
• Provides simplified access for users

Regulatory Requirement - Compliance

• Audits are conducted to meet regulatory expectations

Least Privilege

• Limiting user access to only necessary permissions

Scheduled Downtime

• Pre-planned time for critical systems to be unavailable
• Minimizes impact on business operations

SQL Injection

• Attackers exploit database misconfigurations

Partially Known Environment

• Penetration testers are provided with limited information

Update the EDR policies to block automatic execution of downloaded programs

• Prevents malicious code from running

Jailbreaking

• Major security concern for BYOD programs
• Can disable security controls

Active Reconnaissance

• Penetration testers actively scan the target environment

Transfer

• Using cyber insurance to reduce financial impact from risks

Tabletop Exercise

• Used to improve incident response processes
• Involves simulating incidents with the team

Ransomware

• Encryption of files, demanding payment for decryption

Full Disk Encryption

• Protects data on laptops

Testing the policy in a non-production environment before enabling the policy in the production network

• Prevents unintended consequences from security changes

Segmentation

• Isolating sensitive data on a separate network

Risk Register

• Document used to list risks, responsibilities, and risk tolerance

Social Engineering

• Using manipulation techniques to gain access to sensitive information
• Exploits human trust and naivety

Install endpoint management software on all systems

• Allows for monitoring and control of workstations and servers

To prevent future incidents of the same nature

• Root cause analysis helps understand the cause of incidents

Key Escrow

• Backup of encryption keys, allowing recovery of encrypted data

TPM presence

• Trusted Platform Module is used to secure encryption keys

Insider threat

• An employee with authorized access exploits vulnerabilities for malicious purposes

Salting

• Adding random data to a password before hashing
• Increases complexity and makes it harder to crack

Retention

• Policies that govern how long data is retained

Create classifications for the data

• First step to effective DLP implementation

Preventive

• AUPs are preventive measures to prevent security incidents

Application allow list

• Prevent malware installation by only allowing approved software

Data in Transit

• VPN protects communication between networks

Jump Server

• Securely access database servers without direct workstation access

Modify the content of recurring training

• Improves situational awareness for users

Buffer overflow

• Attackers overwrite memory with malicious addresses

Confidentiality

• Least privilege is essential to protect sensitive data

Compensating controls

• Implementing controls to compensate for weaknesses in other controls

Orchestration

• Automating repetitive tasks, including account creation

Rootkit

• Malware that hides from detection by altering system files

Sanitization

• Securely wiping hard drives to remove data before recycling

Nation-state

• Highly resourced attackers with malicious intentions

Tuning

• Adjusting security controls based on detected activity

Automation

• Consistent monitoring of security settings

Intellectual property

• Data protected in R&D departments

ALE

• Helps determine if risk transfer is cost-effective

WAF

• Protects against web application attacks, including buffer overflows

A thorough analysis of the supply chain

• Reduces risks associated with counterfeit hardware

Conduct a tabletop exercise with the team

• Test and refine incident response plans

A full inventory of all hardware and software

• Essential for assessing risk from new vulnerabilities

Data is being exfiltrated

• Unusual DNS queries may indicate data stealing activities

Purple

• Combines both offensive and defensive security testing techniques

Pushing GPO update

• Allows for quick implementation of password policy changes

Encryption

• Protects sensitive data at rest, rendering it unreadable

Changing the default password

• Prevents unauthorized logins

Physical

• Physical security controls, such as access control vestibules

Risk threshold

• The maximum acceptable level of risk

Geographic dispersion

• Storing backup data in geographically separate locations

Smishing

• Phishing attacks that use SMS messages

SOW

• Statement of Work outlines the scope, budget, and timeline for a penetration test

Mitigate

• Implementing controls to reduce the likelihood or impact of risk

Review security policies

• First step for a new security manager in a role

Archiving

• Logging data to an off-site location for future reference

AAA

• Authentication, Authorization, and Accounting

Role-based

• User access based on assigned roles

Estimating the recovery time of systems

• Part of business impact analysis

XSS

• Protecting against XSS attacks can be partly achieved through HTTP headers

Red

• Focused on attacking an organization like a real attacker

Compensating

• Network segmentation acts as a compensating control for legacy servers

Deterrent

• CCTV and warning signs act as deterrents for potential attackers

Detective

• CCTV and warning signs can help detect potential threats

Security Concepts

• Shadow IT: Occurs when departments use technology outside of the company's approved systems, potentially leading to security risks.
• Least Privilege: Principle of granting users only the minimum permissions necessary to perform their jobs, minimizing security risk.
• Availability: Ensuring that systems and data are accessible when needed.
• Data Exfiltration: Unauthorized removal of data from a system.
• Salting Adding a random string of characters to a password before hashing to increase security.

Security Technologies

• WAF (Web Application Firewall): Protects web applications from attacks by filtering malicious traffic.
• Load Balancer: Distributes incoming network traffic across multiple servers, increasing availability and performance.
• NGFW: A next-generation firewall that offers advanced security features beyond basic packet filtering, such as intrusion prevention and application control.
• Honeypot: A system designed to attract and trap attackers, providing insights into their techniques.
• Air gap: Physically isolating a system from the internet to prevent unauthorized access.

Security Practices

• Defense-in-Depth: Employing multiple layers of security controls to protect systems from different types of attacks.
• Time-of-Day Restrictions: Limiting access to systems based on the time of day, enforcing security policies outside business hours.
• Incident Response: A structured process for handling security incidents, including evidence preservation and analysis to determine the cause and impact of the incident.
• Chain of Custody: Documenting the handling of evidence to maintain its integrity and admissibility in legal proceedings.
• Server Hardening: Securing a server by disabling unnecessary services, removing default accounts, and configuring strong passwords.
• Input Validation: Examining inputs to ensure they are of the correct type and format, preventing malicious code injection.
• Code Signing: Using digital signatures to verify the authenticity and integrity of software code.

Security Vulnerabilities

• SQL Injection: A type of attack that exploits vulnerabilities in web applications to gain unauthorized access to databases.
• DDoS Attack: A denial-of-service attack that overwhelms a system with malicious traffic, making it inaccessible to legitimate users.
• MD5 Hashing: A cryptographic hash function that is considered weak and may be vulnerable to collisions.
• CVE: Common Vulnerabilities and Exposures, a publicly available database of security vulnerabilities.
• Cryptographic Vulnerabilities: Weaknesses in cryptographic algorithms or implementations that can be exploited to compromise data confidentiality or integrity.

Security Solutions

• Containerization: Packaging and running applications in isolated environments called containers, improving portability and resource utilization.
• Backout Plan: A plan for reverting to a previous working state in case a change causes performance issues.
• Identity Proofing: Verifying the identity of users before granting access to systems or services.
• Hashing: Using mathematical functions to create unique fingerprints of data, verifying the integrity of downloaded files.
• Microservices: Breaking down applications into smaller, independent services, improving scalability and maintainability.
• Infrastructure as Code: Managing infrastructure configurations through code, automating deployments and reducing errors.
• Static Analysis: Analyzing code without executing it to identify potential security vulnerabilities.

Access Control

• Role-based access control is likely the reason the engineer can’t access the new team's shared folders but can still access those from the former team. This is because the engineer's account was not moved into the new group's role, which grants access to those folders.

Business Impact Analysis

• During BIA, one of the tasks is to estimate the recovery time of systems following an outage. This helps determine the impact of a disruption, allowing for proper planning to minimize downtime.

HTTP Headers

• HTTP headers can be used to mitigate the impact of XSS attacks.

Penetration Testing

• Red teams are penetration testing teams focused on compromising an organization using actual attacker tactics. This lets organizations understand their security posture from a real-world attacker's view.

Compensating Security Controls

• Isolating a critical legacy server in a private network is a compensating control. This control is used to mitigate a weakness or deficiency in another security control.

Security Controls

• CCTV systems used to monitor a data center and signs warning about the possibility of being filmed are examples of deterrent controls. These controls aim to discourage malicious activity by raising the perceived risk of being caught.

• They also act as detective controls because they detect potential security incidents or breaches.

Code Signing

• To ensure the integrity of compiled binaries in a production environment, code signing is an effective security measure. This digitally signs software to verify its authenticity and protect against tampering.

Shadow IT

• Employing a company-related service outside of the company's approved VPN, is an example of Shadow IT.

Backout Plans

• A backout plan allows an administrator to demonstrate the ability to revert a production system to a working state in the event of a performance issue. It's critical to have a plan to reverse changes to the system that may cause problems.

Availability

• Implementing protection against DDoS attacks is designed to maintain the availability of systems. DDoS attacks aim to disrupt service or make a system unavailable to legitimate users.

Least Privilege

• Removing default permissions and only adding permissions for users who need to access file shares is an example of applying the principle of least privilege. This minimizes access and helps prevent unauthorized actions.

Behavioral-based Rules

• Configuring an Next Generation Firewall (NGFW) with behavioral-based rules can minimize the impact of various traffic types during attacks. These rules are used to identify attacks based on patterns of behavior instead of specific signatures.

Identity Proofing

• Identity proofing helps prevent incidents like compromised credentials accessed by attackers posing as employees. It involves verifying the identity of users who claim to be someone else.

Time-of-day Restrictions

• Time-of-day restrictions can be used to limit access for employees during off-hours. This can help mitigate unauthorized access and data breaches during periods when access is not required.

Salting

• Adding a random string of characters to a password to protect it from cracking is called salting. This makes it much harder to crack passwords by preventing rainbow table attacks and brute-force attempts.

Critical Data

• Critical data is the category that is most impacted when lost. This is because critical data is essential to an organization's operations and its loss could lead to severe consequences.

Containerization

• Containerization is a good strategy to reduce the number of individual operating systems within an architecture. This involves packaging applications and their dependencies into containers that can run on any platform, decreasing the need for multiple operating systems.

IPS Mode

• To reduce traffic to the perimeter firewall and improve security, the security appliance can be set to IPS mode and be placed in front of the firewall. IPS mode allows the appliance to monitor traffic and block attacks to ensure that only legitimate traffic is allowed.

End User Training

• Identifying a suspicious email link by noticing that the URL is pointing to a different domain is a clear example of end user training being effective. This means the end-user is properly trained to identify potential threats.

Load Balancer

• Load balancers are essential to ensure high availability in a cloud environment. They distribute traffic among multiple servers, helping to ensure continuous service even if one server fails.

Cryptographic Vulnerability

• When an application stores data using MD5, it is likely vulnerable because MD5 is a cryptographic hash function that has been shown to have weaknesses. This means that there are known ways to create collisions for MD5, meaning two different inputs could produce the same hash, compromising data integrity.

Patch Availability

• The most significant factor impacting an administrator's ability to address CVEs (Common Vulnerabilities and Exploits) on a server is the availability of patches. Without suitable patches, security vulnerabilities cannot be fixed, leaving the system open to exploitation.

Honeypots

• Honeypots are used to obtain and analyze attacker behavior and techniques. This is because honeypots are intentionally vulnerable systems designed to attract attackers and monitor their actions.

Air Gap

• Implementing an air gap is the best solution to prevent information from being leaked to an online forum. An air gap isolates a system completely from external networks, ensuring that no data can be transferred outside the secure environment.

Server Hardening

• Disabling default accounts and removing unnecessary services are two steps involved in server hardening before deployment. These steps reduce the attack surface by removing unnecessary elements that attackers could exploit.

Hashes

• To allow users to verify the integrity of downloaded files, the developer should provide hashes of the application files on the website. Users can compare the hash of the downloaded files to the ones provided on the website to ensure that no changes have been made to the files during the download process.

Chain of Custody

• The "Chain of custody" ensures evidence is properly handled during a security incident response. This means that all actions taken with the evidence, from collection to analysis, must be documented to ensure its integrity and admissibility as evidence.

Description

Test your knowledge on key cybersecurity concepts including bug bounties, application allow lists, and role-based access control. This quiz covers essential topics related to data protection, security compliance, and vulnerability management. Perfect for those looking to deepen their understanding of cybersecurity fundamentals.