Security+ Practice Exam 1 Flashcards

Questions and Answers

Which of these best describes two-factor authentication?

The door to a building requires a fingerprint scan

An application requires a TOTP code (correct)

A Windows Domain requires a username, password, and smart card

A printer uses a password and a PIN

Which of the following deployment models would address concerns regarding managing mobile devices?

BYOD

Corporate-owned

COPE

VDI (correct)

Which of the following would BEST describe a UPS installation in a data center?

Administrative

Detective

Compensating

Preventive (correct)

Which of the following technologies would be the BEST choice to track parts on an assembly line?

Blockchain

In which order should volatile data be collected in a security breach?

Memory, CPU registers, temporary files, remote monitoring data

What does the SHA256 hash value ensure when downloading an ISO?

Verifies that the file was not corrupted during the file transfer

Which of the following would be the BEST way to provide a requirement for login access only within the same building as the server?

Biometric scanner

Which of these vulnerabilities is MOST associated with a database being open for anyone to query?

Open permissions

Which of the following would BEST describe an email asking for Windows Domain credentials?

Phishing

Which risk management strategy includes the purchase and installation of an NGFW?

Mitigation

How can one confirm the secure baseline of a deployed application instance?

Perform an integrity measurement

What would have prevented a financial transfer delay if a team member was out of the office?

Job rotation

What does the log information suggest when multiple sessions are from a single IP address with a TTL equal to zero?

Someone is performing a traceroute to the DMZ server

Which type of attack allows the execution of arbitrary code through unexpected input in an API call?

Buffer overflow

Which keys should an organization place into escrow for encrypted materials?

Private

What authentication process should a security administrator design to only need credentials in the morning?

Kerberos

What is the BEST choice for network segmentation without additional hardware?

Create separate VLANs for the corporate network and the manufacturing floor

Why can't a home user print to their local printer while connected to corporate VPN?

The VPN tunnel is configured for full tunnel

Why would a data center manager build a Faraday cage?

Protect the servers against any unwanted electromagnetic fields

What action should be taken to prevent the reoccurrence of a vulnerability that was reintroduced after a patch?

Continuous monitoring

What method should be used to ensure unique hashes in a password login process?

Salting

What cryptographic method adds trust to a digital certificate?

Digital signature

Which items should be included in server room design for redundancy? (Select TWO)

Dual power supplies

Who is responsible for managing access rights to a customer information database?

Data owner

Why was a new classification type of 'PII' added to a CMS?

Expanded privacy compliance

What is the BEST way to securely store private keys across web servers?

Use an HSM

What can be deduced from the IPS security log regarding Cross-Site Scripting?

The alert was generated from an embedded script

Which option describes a monetary loss if one event occurs?

SLE

What best describes a SQL injection when a user inputs a search query that reveals all database records?

SQL injection

What is the MOST likely cause of poor system performance after opening a spreadsheet from a vendor?

RAT

Which standard is required for maintaining payment information?

PCI DSS

What is the MOST likely reason for intermittent external IP traffic to workstations?

Backdoor

Which of the following was the MOST likely source of an alert message about credit card numbers transmitted via email?

DLP

What is the MOST likely reason for a virtual machine having a guest login with no password?

The server is a honeypot for attracting potential attackers

What is the BEST way to implement email encryption without changing existing server settings?

Require the use of S/MIME

What is the BEST way to deploy applications securely without installing a virtual machine?

Containerization

What is the BEST way to determine if a new application server is secure before production rollout?

Penetration test

Which of the following would BEST describe the approach of gathering information about your company's servers without direct access to the internal network?

Passive footprinting

Which of these protocols use TLS to provide secure communication? (Select TWO)

HTTPS

Which of these threat actors would be MOST likely to attack systems for direct financial gain?

Organized crime

Which of the following data sources should be gathered to address file storage volatility? (Select TWO)

Temporary file systems

Which category would BEST describe all-in-one printers that have a vulnerability allowing remote control?

MFD

Which of the following standards provides information on privacy and managing PII?

ISO 27701

What would be the BEST way to prevent data exfiltration using external storage drives?

Create an operating system security policy to prevent the use of removable media

Which of the following would assist a CISO in decreasing response time when addressing security incidents with a limited budget?

SOAR

Which of the following should be implemented to handle data breaches based on the given policies? (Select THREE)

Enable time-of-day restrictions on the authentication server

What can be observed from this firewall log indicating a Trojan was blocked?

A download was blocked from a web server

Which attack would be the MOST likely reason for receiving an invalid connection message?

On-path

Which method would be the BEST way to provide a website login using existing credentials from a third-party site?

Federation

Which term BEST describes the expected frequency of firewall hardware failures between repairs?

MTBF

Which kind of attack is best described by a phone call to reset a password while pretending to be a company director?

Social engineering

Which of the following authentication protocols would meet the network team's requirements for an encrypted tunnel?

EAP-TTLS

Which of the following would be commonly provided by a CASB? (Select TWO)

List of applications in use

What issue is described by a time clock appliance resetting its file system following an error?

Race condition

What would correct the lack of restrictions in password policies? (Select TWO)

Password expiration

What kind of security control is associated with a login banner?

Deterrent

What should be expected on a non-credentialed vulnerability scan report?

The version of web server software in use

Which of these describes a set of steps for processing orders during an Internet connection failure?

Continuity of operations

What is the BEST way to protect against data exfiltration via malicious phone charging stations?

USB data blocker

What would be the BEST choice for protecting data stored on laptops used in the field?

SED

How many backup sets are required for a full recovery of the file server on Thursday afternoon?

4

Which of the following would be the BEST way to establish mobile device security policies?

MDM

What best describes the situation where expected vulnerabilities are not found during a scan?

False negative

Which additional authentication controls should be added by the security administrator? (Select TWO)

Smart Card

What should be configured on wireless access points to require usernames and passwords from users?

802.1X

Which tools should be used to identify all references to a Javascript file in a web page? (Select TWO)

curl

Which access control model describes assigning rights and permissions to a file?

DAC

What best describes the message requesting VPN login details via text?

Smishing

Which store policy provides separation of duties for gift certificate transactions?

Require an approval PIN for the cashier and a separate approval PIN for the manager

Which statements about rainbow tables are true? (Select TWO)

A rainbow table won't be useful if the passwords are salted

What attack is best described by redirecting users to a different IP address for a bank's website?

DNS poisoning

Which cloud deployment model shares resources between a private data center and cloud services?

Hybrid

What is the BEST way for an administrator to verify that systems cannot be accessed by former employees?

Validate the processes and procedures for all outgoing employees

What security feature was MOST likely enabled if devices cannot connect to an access point?

MAC filtering

What tool is used for creating detailed network connection information?

netstat

What kind of attack is described by sending crafted packets from remote devices to crash a server?

DDoS

In the context of incident response, which part best describes rebuilding and restoring services?

Reconstitution

What is the BEST way to manage security policies for a PaaS service?

CASB

What issue is presented if a firewall vulnerability is identified with no plans for a patch?

Lack of vendor support

What type of exercise simulates a disaster scenario and discusses resolutions?

Tabletop exercise

What is the BEST way to identify systems infected with malware?

DNS sinkhole

What incident response step involves isolating a suspected malware infection?

Containment

What approach ensures all data on a mobile device is unrecoverable if lost?

Remote wipe

Which log file provides information regarding server memory contents during a ransomware infection?

Dump

Which part of the PC startup process verifies the digital signature of the OS kernel?

Measured Boot

Study Notes

Third-Party Information Gathering

• Passive footprinting describes the approach where a third-party gathers information without direct access to the internal network.

Secure Communication Protocols

• TLS is utilized by protocols like HTTPS and FTPS for secure communication.

Threat Actors

• Organized crime is the primary threat actor motivated by direct financial gain.

Security Incident Data Sources

• Key data sources for addressing file storage volatility include partition data and temporary file systems.

Vulnerability in IoT Devices

• Multi-Function Devices (MFD) are identified as vulnerable IoT devices that can be remotely controlled.

Privacy Standards

• ISO 27701 focuses on privacy management and handling Personally Identifiable Information (PII).

Preventing Data Exfiltration

• An effective strategy to mitigate data exfiltration through external storage drives is to create an operating system security policy prohibiting removable media usage.

Incident Response Efficiency

• Implementation of SOAR (Security Orchestration, Automation and Response) can enhance incident response without additional hiring.

Data Breach Policy Implementation

• To meet data breach policies, implement IP/GPS access restrictions, consolidate logs on a SIEM, and enable time-of-day restrictions.

Firewall Log Analysis

• A firewall log indicates that a download was blocked from a web server due to potential malware.

Connection Security Issues

• A message stating "Your connection is not private" suggests an on-path attack could be the cause.

Third-Party Site Access

• Utilizing Federation provides the best method for website logins using existing credentials from another site.

Firewall Hardware Reliability

• Mean Time Between Failures (MTBF) is the concept that describes expected hardware failure rates.

Social Engineering Attacks

• Impersonating an internal employee over the phone signifies a social engineering attack.

Wireless Authentication Protocols

• EAP-TTLS is suitable for supporting additional authentication protocols in an encrypted tunnel.

Cloud Access Security Broker (CASB) Services

• CASBs typically offer a list of applications in use and verification of encrypted data transfers.

Time Clock Appliance Issues

• A race condition occurs if a device constantly reboots due to file system errors.

Password Policy Corrections

• Password expiration and implementing a password lockout policy are essential corrections to existing password policies.

Nature of Login Banners

• A login banner serves as a deterrent security control.

Vulnerability Scan Expectations

• Non-credentialed vulnerability scans usually reveal the version of web server software in use, rather than detailed file lists.

Disaster Recovery Planning

• A continuity of operations plan details steps for processing orders if the primary Internet connection fails.

Protection Against Malicious Charging Stations

• A USB data blocker best protects against threats from malicious phone charging stations.

Data Protection on Laptops

• Self-Encrypting Drives (SED) are the best option for protecting data on field laptops.

Recovery Backup Process

• A full recovery on Thursday afternoon after scheduled backups requires referencing three backup sets (one full and two incremental).

Mobile Device Security Policies

• Implement Mobile Device Management (MDM) to establish security policies for mobile devices used by remote sales teams.

Vulnerability Scan Discrepancies

• The lack of vulnerabilities reported despite an announced flaw indicates a false negative.

Additional Authentication Controls

• Implementing TOTP and smart card authentication adds extra security layers.

Wireless Network Setup

• Configuring 802.1X on access points mandates personal authentication for wireless connections.

Source Code Visibility

• To identify specific JavaScript files in web pages, tools like grep and curl should be used.

Access Control Model

• The user-defined access control mechanism is categorized as Discretionary Access Control (DAC).

SMS Phishing (Smishing)

• A text message soliciting VPN login details is classified as smishing, a form of social engineering.

Separation of Duties for Transaction Approval

• Requiring distinct approval PINs for cashiers and managers enforces separation of duties in processing transactions.

Rainbow Table Characteristics

• Rainbow tables are susceptible to ineffectiveness if passwords are salted and require specific tables for different hashing methods.

DNS Poisoning Attacks

• Attackers redirect users from a legitimate website to a fraudulent one through DNS poisoning.

Hybrid Cloud Model

• Hybrid cloud combines private data centers with external cloud services for shared resources.

Validation of Access Control for Departed Employees

• Validating exit processes for employees ensures unauthorized access can be prevented.

Wireless Connection Issues

• MAC filtering could explain connectivity issues if devices can detect the access point but cannot connect.

Network Connection Statistics Tool

• Netstat is used to display current TCP/IP network connections and their statuses.

Denial of Service Threats

• Sending crafted packets to overload a server constitutes a DDoS (Distributed Denial of Service) attack.

Incident Recovery Phases

• Building new systems post-data breach aligns with the reconstitution phase in incident response.

Cloud Service Security Management

• Utilizing a Cloud Access Security Broker (CASB) is optimal for managing security policies in a PaaS environment.

Vendor Support Issues

• The absence of a planned patch from a firewall company indicates lack of vendor support for vulnerabilities.

Disaster Recovery Discussion Framework

• Conducting a tabletop exercise during an annual meeting simulates disaster responses among company leaders.

Identifying Infected Systems

• Implementing a DNS sinkhole to identify all computers on the network infected with malware is effective.

Incident Containment Steps

• The process of removing a potentially infected device from a network is part of containment in incident response.

Ensuring Mobile Data Security

• A remote wipe feature guarantees unrecoverable data on a mobile device if lost or stolen.

Memory Dump Investigation

• Accessing dump files provides insights into the memory contents during a ransomware investigation.

OS Kernel Signature Verification

• Trusted Boot verifies the digital signature of the operating system kernel during startup.

Characteristics of Two-Factor Authentication

• Two-factor authentication is confirmed by requiring both a password and a smart card for access.

Addressing Diverse Mobile Device Risks

• A Virtual Desktop Infrastructure (VDI) model effectively manages a variety of devices used in the field.### Cybersecurity Concepts
• SHA256 hash value verifies file integrity to ensure the downloaded ISO is not corrupted.
• A security policy requiring physical presence for login access is best achieved with biometric scanners.
• Open permissions vulnerability allows authentication-less access to a database.
• Phishing describe attacks where an email prompts users to enter credentials on an external link.
• Risk mitigation strategies include the purchase and installation of Next-Generation Firewalls (NGFW).
• Performing an integrity measurement confirms the secure baseline of a deployed application instance.
• Job rotation minimizes delays caused by an employee's absence, ensuring continuity.

Logging and Attacks

• TTL equal to zero with sessions from the same IP indicates a potential traceroute or network scan.
• Buffer overflow attacks exploit input handling vulnerabilities to execute arbitrary code.
• Key escrow entails storing private keys as a recovery option for encrypted materials.
• Kerberos is an authentication process that requests user credentials once daily, minimizing repeated prompts.

Network Segmentation and VPNs

• VLANs offer the best solution for segmenting networks on the same physical switch without new hardware.
• Full tunnel VPN configuration can disrupt local network resources like printers when connected.

Security Measures

• A Faraday cage protects equipment from electromagnetic interference and external attacks.
• Continuous monitoring helps identify reintroduced vulnerabilities after patches are applied.
• Salting is a technique used to add random data to password hashes for increased security.
• Digital signatures enhance trust in digital certificates by proving authenticity.

Redundancy and Access Control

• RAID arrays and dual power supplies are essential for redundancy in a server room design.
• Data custodians manage access rights to sensitive information within an organization.

Compliance and Encryption

• PII classification enhances compliance with privacy regulations.
• Hardware Security Modules (HSMs) are the best choice for securely storing private encryption keys.
• Standards like PCI DSS are crucial for organizations handling credit card information.

Detecting Threats

• Alerts generated from malformed requests or unauthorized transmissions of sensitive information indicate potential security incidents.
• An external connection pattern suggests the presence of a backdoor on the network.

Secure Remote Access

• A honeypot server is intentionally left vulnerable to attract and study potential attackers.
• Implementing S/MIME allows encrypted communication between email clients without altering the server configuration.

Application Deployment

• Containerization simplifies application deployment and resource management without the overhead of virtual machines.
• Penetration testing provides insight into system vulnerabilities before production rollout, ensuring robust security measures.

Description

Test your knowledge with these flashcards based on Professor Messer's Security+ practice exam. Each card covers essential concepts relevant to cybersecurity, such as passive footprinting and network security protocols. Perfect for reinforcing your understanding before the exam.