David Seidl - CompTIA Security+ Practice Tests_ Exam SY0-701-Sybex (2024).pdf
Document Details
Uploaded by AchievableJackalope
2024
CompTIA
Tags
Full Transcript
CompTIA ® Security+ ® Practice Tests Exam SY0-701 Third Edition David Seidl Copyright © 2024 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada and the United Kingdom...
CompTIA ® Security+ ® Practice Tests Exam SY0-701 Third Edition David Seidl Copyright © 2024 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada and the United Kingdom. ISBNs: 9781394211388 (Paperback), 9781394211401 (ePDF), 9781394211395 (ePub) No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per‐copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750‐8400, fax (978) 750‐4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748‐6011, fax (201) 748‐6008, or online at www.wiley.com/go/permission. Trademarks: WILEY, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CompTIA and Security+ are registered trademarks of CompTIA, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762‐2974, outside the United States at (317) 572‐3993 or fax (317) 572‐4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com. Library of Congress Control Number: 2023943511 Cover image: © Jeremy Woodhouse/Getty Images, Inc. Cover design: Wiley This book is dedicated to Mike Chapple, who helped me get my start in the writing field. After most of a decade writing together, this was my first entirely solo project. Mike, as always, thank you for helping me get my start almost a decade ago, for encouraging me along the way, and for continuing to challenge me to do more each time we take on another book. —David Acknowledgments Books like this involve work from many people who put countless hours of time and effort into producing them from concept to final printed and electronic copies. The hard work and dedication of the team at Wiley always shows. I especially want to acknowledge and thank senior acquisitions editor, Kenyon Brown, who continues to be a wonderful person to work with on book after book. I also greatly appreciate the editing and production team for the book, including Lily Miller, the project editor, who is not only an absolute pleasure to work with, but who also brings deep expertise to all aspects of the effort; Chris Crayton, the technical editor, who provided insightful advice and gave wonderful feedback throughout the book; and Archana Pragash, the production editor, who guided me through layouts, formatting, and final cleanup to produce a great book. I would also like to thank the many behind‐the‐scenes con- tributors, including the graphics, production, and technical teams who make the book and companion materials into a finished product. My agent, Carole Jelen of Waterside Productions, continues to provide me with wonderful opportunities, advice, and assistance throughout our writing careers. Finally, I want to thank my friends and family, who have supported me through the late evenings, busy weekends, and long hours that a book like this requires to write, edit, and get to press. About the Author David Seidl is vice president for information technology and CIO at Miami University, where he is responsible for IT across the institution. During his IT career, he has served in a variety of technical and information security roles, including serving as the senior director for Campus Technology Services at the University of Notre Dame, where he co‐led Notre Dame’s move to the cloud and oversaw cloud operations, ERP, databases, identity management, and a broad range of other technologies and service. Prior to his senior lead- ership roles at Notre Dame, he served as Notre Dame’s director of information security and led Notre Dame’s information security program. He taught information security and networking undergraduate courses as an instructor for Notre Dame’s Mendoza College of Business and has written 21 books on security certification and cyberwarfare, including coauthoring CISSP (ISC)2 Official Practice Tests (Sybex, 2021) as well as the current and previous editions of the CompTIA CySA+ Study Guide: Exam CS0‐003 (Wiley, 2023, Chapple/Seidl) and CompTIA CySA+ Practice Tests: Exam CS0‐003 (Wiley, 2023, Chapple/Seidl). David holds a bachelor’s degree in communication technology and a master’s degree in information security from Eastern Michigan University, as well as CISSP, CySA+, Pentest+, GPEN, and GCIH certifications. About the Technical Editor Chris Crayton, MCSE, CISSP, CASP+, CySA+, Cloud+, S+, N+, A+, is a technical consul- tant, trainer, author, and industry‐leading technical editor. He has worked as a computer technology and networking instructor, information security director, network administrator, network engineer, and PC specialist. Chris has served as technical editor and content con- tributor on numerous technical titles for several of the leading publishing companies. He has also been recognized with many professional and teaching awards. Contents Introduction xi Chapter 1 Domain 1.0: General Security Concepts 1 Chapter 2 Domain 2.0: Threats, Vulnerabilities, and Mitigations 29 Chapter 3 Domain 3.0: Security Architecture 69 Chapter 4 Domain 4.0: Security Operations 115 Chapter 5 Domain 5.0: Security Program Management and Oversight 169 Appendix Answers to Review Questions 217 Chapter 1: Domain 1.0: General Security Concepts 218 Chapter 2: Domain 2.0: Threats, Vulnerabilities, and Mitigations 233 Chapter 3: Domain 3.0: Security Architecture 255 Chapter 4: Domain 4.0: Security Operations 283 Chapter 5: Domain 5.0: Security Program Management and Oversight 309 Index 337 Introduction CompTIA® Security+® Practice Tests: Exam SY0-701, Third Edition is the perfect companion volume to the CompTIA® Security+® Study Guide: Exam SY0-701, Ninth Edition (Wiley, 2023, Chapple/Seidl). If you’re looking to test your knowledge before you take the Security+ exam, this book will help you by providing a combination of over 1,000 questions that cover the Security+ domains along with easy-to-understand explanations of both right and wrong answers. If you’re just starting to prepare for the Security+ exam, we highly recommend that you use the CompTIA Security+ Study Guide, Ninth Edition to help you learn about each of the domains covered by the Security+ exam. Once you’re ready to test your knowledge, use this book to help find places where you may need to study more or to practice for the exam itself. Since this is a companion to the Security+ Study Guide, this book is designed to be similar to taking the Security+ exam. The book itself is broken up into five domain-centric chapters with questions about each domain. If you can answer 90 percent or more of the questions for a domain correctly, you can feel safe moving on to the next chapter. If you’re unable to answer that many correctly, reread the chapter and try the questions again. Your score should improve. Don’t just study the questions and answers! The questions on the actual exam will be different from the practice questions included in this book. The exam is designed to test your knowledge of a concept or objective, so use this book to learn the objectives behind the questions. The Security+ Exam The Security+ exam is designed to be a vendor-neutral certification for cybersecurity pro- fessionals and those seeking to enter the field. CompTIA recommends this certification for those currently working, or aspiring to work, in roles, including: Systems administrator Security administrator Tier II support technician IT support manager Cybersecurity analyst Business analyst xii Introduction The exam covers five major domains: Domain 1.0 General Security Concepts Domain 2.0 Threats, Vulnerabilities, and Mitigations Domain 3.0 Security Architecture Domain 4.0 Security Operations Domain 5.0 Security Program Management and Oversight These five areas include a range of topics, from firewall design to incident response and forensics, while focusing heavily on scenario-based learning. That’s why CompTIA recom- mends that those attempting the exam have both the CompTIA Network+ certification and at least two years of hands-on work experience, although many individuals pass the exam before moving into their first cybersecurity role. The Security+ exam is conducted in a format that CompTIA calls “performance-based assessment.” This means that the exam combines standard multiple-choice questions with other, interactive question formats. Your exam may include multiple types of questions, such as multiple-choice, fill-in-the-blank, multiple-response, drag-and-drop, and image-based problems. The exam costs $392 in the United States, with roughly equivalent prices in other loca- tions around the globe. More details about the Security+ exam and how to take it can be found here: www.comptia.org/certifications/security If you’re a student, note that CompTIA provides a student discount if you can provide a valid student ID and an.edu email address. This book includes a discount code for the Security+ exam—make sure you use it! You’ll have 90 minutes to take the exam and will be asked to answer up to 90 questions during that time period. Your exam will be scored on a scale ranging from 100 to 900, with a passing score of 750. You should also know that CompTIA is notorious for including vague questions on all of its exams. You might see a question for which two of the possible four answers are correct— but you can choose only one. Use your knowledge, logic, and intuition to choose the best answer and then move on. Sometimes, the questions are worded in ways that would make English majors cringe—a typo here, an incorrect verb there. Don’t let this frustrate you; answer the question and move on to the next one. Introduction xiii CompTIA frequently does what is called item seeding, which is the prac- tice of including unscored questions on exams. It does so to gather psy- chometric data, which is then used when developing new versions of the exam. Before you take the exam, you will be told that your exam may include these unscored questions. So, if you come across a question that does not appear to map to any of the exam objectives—or for that matter, does not appear to belong in the exam—it is likely a seeded question. You never know whether or not a question is seeded, however, so always make your best effort to answer every question. Taking the Exam Once you are fully prepared to take the exam, you can visit the CompTIA website to pur- chase your exam voucher: www.comptia.org/testing/exam-vouchers/buy-exam CompTIA offers both on-site proctored exams and online exams. Online exams are available 24/7 using remote proctoring. If you opt for the online exam, you’ll want to make sure your system meets the technical requirements described by Pearson VUE, run a system test, ensure you have a distraction-free test location, and make sure you have appropriate ID ready. Things can go wrong during an exam, including technical failures and other issues. If something does go wrong, your best bet is to follow up directly with Pearson VUE to determine what can be done to resolve the problem. CompTIA partners with Pearson VUE’s testing centers for in-person exams, so if you intend to take one your next step will be to locate a testing center near you. In the United States, you can do this based on your address or your ZIP code, whereas non-U.S. test takers may find it easier to enter their city and country. You can search for a test center near you at the Pearson Vue website, where you will need to navigate to “Find a Test Center.” www.pearsonvue.com/comptia Once you know where you’d like to take the exam, you’ll need to create a CompTIA single sign-on account. Once you’ve done so, you’ll be able to follow the link to sched- uling exams via Pearson VUE. If you already have an account, you can visit Pearson VUE directly at: http://home.pearsonvue.com/comptia/onvue On the day of the test, take two forms of identification that meet the identification requirements found on the Pearson VUE site, and make sure to show up with plenty of time before the exam starts. Remember that you will not be able to take your notes, electronic xiv Introduction devices (including smartphones and watches), or other materials in with you, and that other requirements may exist for the test. Make sure you review those requirements before the day of your test so you’re fully prepared for both the test itself, as well as the testing process and facility rules. After the Security+ Exam Once you have taken the exam, you will be notified of your score immediately, so you’ll know if you passed the test right away. You should keep track of your score report with your exam registration records and the email address you used to register for the exam. Maintaining Your Certification CompTIA certifications must be renewed on a periodic basis. To renew your certification, you can pass the most current version of the exam, earn a qualifying higher-level Comp- TIA or industry certification, complete the CompTIA CertMaster CE course, or complete sufficient continuing education activities to earn enough continuing education units (CEUs) to renew it. CompTIA provides information on renewals via their website at: www.comptia.org/continuing-education Information about the CertMaster CE course can be found at: www.comptia.org/continuing-education/choose/ renew-with-a-single-activity/complete-a-comptia-certmaster-ce-course When you sign up to renew your certification, you will be asked to agree to the CE pro- gram’s Candidate Agreement, to pay a renewal fee, and to submit the materials required for your chosen renewal method. A full list of the industry certifications you can use to acquire CEUs toward renewing the Security+ certification can be found at: www.comptia.org/continuing-education/choose/ renew-with-a-single-activity/earn-a-higher-level-comptia-certification Using This Book to Practice This book is composed of seven chapters with over 1,100 practice test questions. Each of the first five chapters covers a domain, with a variety of questions that can help you test your knowledge of real-world, scenario, and best practices–based security knowledge. The final two chapters are complete practice exams that can serve as timed practice tests to help deter- mine whether you’re ready for the Security+ exam. We recommend taking the first practice exam to help identify where you may need to spend more study time and then using the domain-specific chapters to test your domain Introduction xv knowledge where it is weak. Once you’re ready, take the second practice exam to make sure you’ve covered all the material and are ready to attempt the Security+ exam. As you work through questions in this book, you will encounter tools and technology that you may not be familiar with. If you find that you are facing a consistent gap or that a domain is particularly challenging, we recommend spending some time with books and materials that tackle that domain in depth. This approach can help you fill in gaps and help you be more prepared for the exam. To access our interactive test bank and online learning environment, simply visit www.wiley.com/go/sybextestprep, register to receive your unique PIN, and instantly gain one year of free access after activation to the interactive test bank with two practice exams and hun- dreds of domain-by-domain questions. Over 1,100 questions total! Like all exams, the Security+® certification is updated periodically and may eventually be retired or replaced. At some point after CompTIA® is no longer offering this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired or are attempting to register in the Sybex online learning environ- ment after the exam was retired, please know that we make no guaran- tees that this exam’s online Sybex tools will be available once the exam is no longer available. Exam SY0-701 Exam Objectives CompTIA goes to great lengths to ensure that its certification programs accurately reflect the IT industry’s best practices. They do this by establishing committees for each of its exam programs. Each committee consists of a small group of IT professionals, training providers, and publishers who are responsible for establishing the exam’s baseline competency level and who determine the appropriate target-audience level. Once these factors are determined, CompTIA shares this information with a group of hand-selected subject matter experts (SMEs). These folks are the true brainpower behind the certification program. The SMEs review the committee’s findings, refine them, and shape them into the objectives that follow this section. CompTIA calls this process a job-task anal- ysis (JTA). Finally, CompTIA conducts a survey to ensure that the objectives and weightings truly reflect job requirements. Only then can the SMEs go to work writing the hundreds of ques- tions needed for the exam. Even so, they have to go back to the drawing board for further refinements in many cases before the exam is ready to go live in its final state. Rest assured that the content you’re about to learn will serve you long after you take the exam. xvi Introduction CompTIA also publishes relative weightings for each of the exam’s objectives. The fol- lowing table lists the five Security+ objective domains and the extent to which they are repre- sented on the exam. Domain % of Exam 1.0 General Security Concepts 12% 2.0 Threats, Vulnerabilities, and Mitigations 22% 3.0 Security Architecture 18% 4.0 Security Operations 28% 5.0 Security Program Management and Oversight 20% SY0-701 Certification Exam Objective Map Objective Chapters 1.0 General Security Concepts 1.1 Compare and contrast various types of security controls. 1 1.2 Summarize fundamental security concepts. 1 1.3 Explain the importance of change management processes 1 and the impact to security. 1.4 Explain the importance of using appropriate cryptographic 1 solutions. 2.0 Threats, Vulnerabilities, and Mitigations 2.1 Compare and contrast common threat actors and motivations. 2 2.2 Explain common threat vectors and attack surfaces. 2 2.3 Explain various types of vulnerabilities. 2 2.4 Given a scenario, analyze indicators of malicious activity. 2 2.5 Explain the purpose of mitigation techniques used to secure the 2 enterprise. 3.0 Security Architecture 3.1 Compare and contrast security implications of different 3 architecture models. Introduction xvii Objective Chapters 3.2 Given a scenario, apply security principles to secure enterprise 3 infrastructure. 3.3 Compare and contrast concepts and strategies to protect data. 3 3.4 Explain the importance of resilience and recovery in security architecture. 3 4.0 Security Operations 4.1 Given a scenario, apply common security techniques to 4 computing resources. 4.2 Explain the security implications of proper hardware, software, 4 and data asset management. 4.3 Explain various activities associated with vulnerability 4 management. 4.4 Explain security alerting and monitoring concepts and tools. 4 4.5 Given a scenario, modify enterprise capabilities to enhance 4 security. 4.6 Given a scenario, implement and maintain identity and access 4 management. 4.7 Explain the importance of automation and orchestration related 4 to secure operations. 4.8 Explain appropriate incident response activities. 4 4.9 Given a scenario, use data sources to support an investigation. 4 5.0 Security Program Management and Oversight 5.1 Summarize elements of effective security governance. 5 5.2 Explain elements of the risk management process. 5 5.3 Explain the processes associated with third-party risk assessment 5 and management. 5.4 Summarize elements of effective security compliance. 5 5.5 Explain types and purposes of audits and 5 assessments. xviii Introduction Exam objectives are subject to change at any time without prior notice and at CompTIA’s discretion. Please visit CompTIA’s website (www.comptia.org) for the most current listing of exam objectives. How to Contact the Publisher If you believe you have found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accu- rate content, but even with our best efforts an error may occur. In order to submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.” Chapter Domain 1.0: General 1 Security Concepts THE COMPTIA SECURITY+ EXAM SY0-701 TOPICS COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING: ✓✓ Domain 1.0: General Security Concepts 1.1 Compare and contrast various types of security controls Categories (Technical, Managerial, Operational, Physical) Control types (Preventive, Deterrent, Detective, Corrective, Compensating, Directive) 1.2 Summarize fundamental security concepts Confidentiality, Integrity, and Availability (CIA) Non-repudiation Authentication, Authorization, and Accounting (AAA) (Authenticating people, authenticating systems, authorization models) Gap analysis Zero trust (control plane, data plane) Physical security (bollards, access control vestibule, fencing, video surveillance, security guard, access badge, lighting, sensors) Deception and disruption technology (honeypot, honeynet, honeyfile, honeytoken) 1.3 Explain the importance of change management processes and the impact to security Business processes impacting security operations (approval process, ownership, stakeholders, impact analysis, test results, backout plan, maintenance window, standard operating procedure) Technical implications (allow lists/deny lists, restricted activities, downtime, service restart, application restart, legacy applications, dependencies) Documentation (updating diagrams, updating policies/procedures) Version control 1.4 Explain the importance of using appropriate cryp- tographic solutions Public key infrastructure (PKI) (Public key, private, key, key escrow) Encryption (Level, transport/communication, asymmetric, symmetric, key exchange, algo- rithms, key length) Tools (Trusted Platform Module [TPM], Hardware security module [HSM], key management systems, secure enclave) Obfuscation (Steganography, tokenization, data masking) Hashing Salting Digital Signatures Key stretching Blockchain Open public ledger Certificates (certificate authorities, certificate revocation lists [CRLs], Online Certificate Status Protocol [OCSP], self-signed, third-party, root of trust, certificate signing request [CSR] generation, wildcard) Chapter 1 Domain 1.0: General Security Concepts 3 1. Felicia wants to deploy an encryption solution that will protect files in motion as they are copied between file shares as well as at rest, and also needs it to support granular, per-user security. What type of solution should she select? A. Partition encryption B. File encryption C. Full-disk encryption D. Record-level encryption 2. Valerie wants to use a certificate to handle multiple subdomains for her website, including the sales.example.com and support.example.com subdomains. What type of certifi- cate should she use? A. A self-signed certificate B. A root of trust certificate C. A CRL certificate D. A wildcard certificate 3. What information is analyzed during a gap analysis? A. Control objectives and controls intended to meet the objectives B. Physically separate networks and their potential connection points C. Compensating controls and the controls they are replacing D. Security procedures and the policies they are designed to support 4. Susan’s team has recommended an application restart for a production, customer-facing application as part of an urgent patch due to a security update. What technical implication is the most common concern when conducting an application restart? A. Application configuration changes caused by the restart B. Whether the patch will properly apply C. Lack of security controls during the restart D. The downtime during the restart 5. Using a tool like git is most frequently associated with what critical change management process? A. Having a backout plan B. Stakeholder analysis C. Version control D. Standard operating procedures (SOPs) 6. Jacob is concerned that the password used for one of his organization’s services is weak, and he wants to make it harder to crack by making it harder to test possible keys during a brute- force attack. What is this technique called? A. Master keying B. Key stretching C. Key rotation D. Passphrase armoring 4 Chapter 1 Domain 1.0: General Security Concepts 7. Log monitoring is an example of what control category? A. Technical B. Managerial C. Operational D. Physical 8. Rick wants to make offline brute-force attacks against his password file very difficult for attackers. Which of the following is not a common technique to make passwords harder to crack? A. Use of a salt B. Use of a pepper C. Use of a purpose-built password hashing algorithm D. Encrypting password plain text using symmetric encryption 9. Diffie–Hellman and RSA are both examples of what important encryption-related solution? A. Rekeying B. Certificate revocation protocols C. Key exchange algorithms D. Key generation algorithms 10. Sally wants to ensure that her change management process includes a procedure for what to do if the change fails. What should she create to handle this possibility? A. An impact analysis B. A backout plan C. A regression test D. A maintenance window 11. Theresa is concerned that her scheduled maintenance window may extend beyond the allocated time due to an unexpected issue. What element from the CIA triad is she concerned about? A. Criticality B. Accessibility C. Integrity D. Availability 12. Alaina is concerned about vehicles that might impact her organization’s backup generator. What should she install to prevent both inadvertent and purposeful vehicle impacts on a gen- erator installed outside her building near a parking lot? A. A speed bump B. An access control vestibule C. Bollards D. A chain-link fence Chapter 1 Domain 1.0: General Security Concepts 5 13. Ben has deployed a data loss prevention (DLP) tool that inspects data and flags specific data types for review before emails containing it are sent outside the organization. What control type best describes this type of solution? A. Managerial B. Detective C. Corrective D. Preventive 14. What type of control is a policy or procedure? A. Directive B. Corrective C. Detective D. Preventive 15. Murali has deployed a file integrity monitoring tool and has configured alerts to notify him if files are modified. What control type best describes this solution? A. Preventive B. Deterrent C. Directive D. Detective 16. Charles wants to reduce the threat scope of compromised credentials. What type of the fol- lowing security controls is best suited to meeting this need? A. Single sign-on B. Federation C. Zero trust D. Multifactor authentication (MFA) 17. Carol wants to obfuscate data that is contained in her database. She wants to be able to refer to the data elements without having the actual data exposed. What type of obfuscation option should she select? A. Tokenization B. Encryption C. Data masking D. Data randomization 18. What key is used to decrypt information sent by another individual between two people using public key encryption? A. The recipient’s private key B. The recipient’s public key C. The sender’s private key D. The sender’s public key 6 Chapter 1 Domain 1.0: General Security Concepts 19. Selah’s organization has recently experienced a breach and the private keys for her organiza- tion’s certificates were exposed. What should she immediately do? A. Reissue the certificates with changed hostnames and other details. B. Replace the certificates with self-signed certificates until they can be replaced by the vendor. C. Revoke the certificates and place them on a certificate revocation list. D. Replace the certificates with wildcard certificates. 20. Which of the following is not a major concern related to downtime caused by patching and system updates? A. Attackers compromising the system or service while it is offline B. Security systems or functions being offline during restart or shutdown processes C. Unexpected extended downtime D. Dependencies between systems or services related to downtime 21. Joanna wants to ensure that the most current version of each component in her application is deployed. What change management process will help the most with this requirement? A. Dependency mapping B. Version control C. Impact analysis D. Allow and deny lists 22. Greg wants to implement a version control system to ensure that changes are made in ways that will not cause problems for his organization’s critical software. Which of the following is not a common feature of version control systems designed for software source code? A. Atomic operations B. File locking C. Regression testing D. Tagging and labeling 23. Christina wants to implement a physical security control that has the greatest flexibility in how it is applied because she knows that exceptions to security practices may be required at times. Which of the following solutions has the greatest flexibility? A. Video surveillance B. Security guards C. Access badges D. Access control vestibules 24. Lisa wants to ensure that theft of a device will not lead to exposure of the data contained on the device if the device is locked or turned off. What type of encryption should she select to best ensure this? A. Volume-level encryption B. Full-disk encryption C. File-level encryption D. Partition-level encryption Chapter 1 Domain 1.0: General Security Concepts 7 25. Mahmoud has been asked to implement an allow list for websites that users at his company can visit. What concern should he bring up to management due to this request? A. Allow lists cannot be used for websites. B. Allow lists are overly permissive and are likely to allow unwanted sites to be visited. C. Using an allow list for websites will take a lot of time to maintain. D. Using an allow list for websites is easily bypassed. 26. Which of the following change management processes does not commonly directly involve stakeholders outside of the IT organization? A. Impact analysis B. Building the backout plan C. The change approval process D. Determining the maintenance window 27. What hardware component is used to generate, store, and manage cryptographic keys? A. A CPU B. A NSA C. A TPM D. A CCA 28. Chris wants to check to see if a certificate has been revoked. What protocol can he use to validate the current status of a certificate? A. TLS B. OCRS C. SSL D. OCSP 29. Brian’s organization uses a process where a secure module boots systems, then monitors them as each boot stage proceeds. It validates each signed boot stage and reports on whether the boot process was correct or not when complete. What is the secure module used to verify these stages called? A. A secure initiation manager B. A root of trust C. A boot hash D. A cryptographic boot manager 30. A vulnerability scan shows that an embedded device that Alice is responsible for has a vul- nerability. She knows the vendor is no longer in business and that there is no updated firm- ware or software update for the device. To resolve the issue, Alice places a firewall between the device and the rest of the network and creates rules that prevent the vulnerable service from being available to other devices. What type of control has Alice deployed? A. A directive control B. A compensating control C. A detective control D. A procedural control 8 Chapter 1 Domain 1.0: General Security Concepts 31. Jason knows that his Apple system uses a separate portion of its SoC (system on chip) to store keys and biometric information. What is this specialized component called? A. A TPM B. A HSM C. A secure enclave D. A screened subnet 32. What change management term is used to describe the processes that an organization uses for each change that is made to ensure that a consistent process is used? A. Standard operating procedures B. A change plan C. Fixed operating procedures D. A backout plan 33. Jack knows that there are three common types of database encryption. Which of the follow- ing is not a common type of database encryption? A. Sensitivity-based encryption B. Transparent data encryption C. Field-level encryption D. Column-level encryption 34. Ujamaa wants to conduct a gap analysis as part of his security efforts. Which of the follow- ing best describes what he will analyze? A. Which services are not configured properly B. Whether current patches are installed on all systems C. The security program as implemented versus best practices D. Legal requirements versus the security program 35. Brandon wants to deploy a detective control that will help him with physical security threats. Which of the following fits his needs? A. Fencing B. Lighting C. Video surveillance D. Bollards 36. Jack has deployed a system that appears to attackers to be a vulnerable system. The system is specifically designed to capture information and data from attacks to allow for later analysis. What type of tool has Jack deployed? A. A tarpit B. A honeypot C. A beehive D. An intrusion detection system Chapter 1 Domain 1.0: General Security Concepts 9 37. Renee wants to ensure that her logs support nonrepudiation. What should she do to ensure this? A. Encrypt, then hash the logs. B. Hash the logs and then digitally sign them. C. Digitally sign the log file, then encrypt it. D. Hash, then encrypt the logs. 38. Isaac wants to deploy sensors to detect intruders in a facility, but he is concerned about the sensors being overly sensitive. What type of sensor is best suited to detecting intruders in an open office environment without significant expense or issues with sensitivity? A. Infrared B. Pressure C. Microwave D. Ultrasonic 39. Wayne wants to allow systems to claim identities as part of his AAA process. Which of the following is most commonly used to identify both individuals and systems? A. Tokens B. Smartcards C. Certificates D. Usernames 40. What are considerations like database and network connectivity, authentication system access, and network time availability considered in the context of change management processes? A. Allowed services B. Standard operating procedures C. Denied services D. Dependencies 41. What role does the policy engine play in a zero-trust environment? A. It creates new administrative policies based on user behavior. B. It grants access based on policies created by administrators and based on security sys- tems data. C. It enforces policies by monitoring connections between clients and servers. D. It suggests new administrative policies based on usage patterns for adoption by the organization. 42. Which of the following is not a common post-change activity found in change management practices? A. Updating diagrams B. Updating procedures C. Updating policies D. Updating contracts 10 Chapter 1 Domain 1.0: General Security Concepts 43. Which of the following activities should Alaina not restrict as part of her preparation for a change window? A. Patching B. Scaling clustered systems up or down C. Changing hostnames D. Modifying database configurations 44. What two key features define blockchain ledgers? A. They are immutable and nontransferable. B. They are shared and can be modified by a vote among all participants. C. They are unique to each participant and are atomic. D. They are shared and immutable. 45. Damian issues the following command on his Linux server: openssl req - new - newkey rsa:2048 - nodes - keyout exampleserver. key - out exampleserver.csr What has he done? A. Created a certificate signing request B. Created a certificate revocation request C. Signed a certificate signing request D. Updated the OCSP record for a certificate 46. Nick’s organization sets aside Saturday nights from 2 a.m. to 4 a.m. for scheduled mainte- nance. What is this type of reserved time typically called? A. Allocated downtime B. A maintenance window C. An unscheduled outage D. An allowed outage 47. Megan wants to assess the impact of a change as part of her change management process. Which of the following is most likely to help her assess impact? A. A backout plan B. An estimate of the downtime expected C. A list of stakeholders D. A list of dependencies for impacted systems 48. Jared wants to estimate the downtime that will result as part of a planned change. Which of the following methods will most effectively help him estimate downtime? A. Average the downtime from other recent changes. B. Contact the vendor for time estimates for the change. C. Perform the change in a test environment. D. Use a fixed maintenance window. Chapter 1 Domain 1.0: General Security Concepts 11 49. An encryption method in which all participants have the same key is known as which of the following types of encryption? A. Shared hashing B. Asymmetric encryption C. Symmetric encryption D. Universal encryption 50. What important encryption challenge does asymmetric encryption help with by using public keys? A. Evil twins B. Collision resistance C. Key length D. Key exchange 51. Rick’s cloud provider offers a dedicated hardware security module. Which of the following capabilities is it unlikely to offer? A. Validating secure boot processes B. Key generation C. Encrypting and decrypting data D. Creating digital signatures 52. Michelle believes that an image she has discovered in an attacker’s directory of files contains additional information that has been hidden in it. What is this type of obfuscation called? A. Steganography B. Image hashing C. PNG warping D. Image blocking 53. Which of the following is not a common transport encryption protocol? A. TLS B. IPSec C. SAML D. SSH 54. What technology is record-level encryption most commonly associated with? A. Stored audio files B. Databases C. Physical disks D. Removable storage 12 Chapter 1 Domain 1.0: General Security Concepts 55. Yasmine submits the Windows BitLocker key to a central repository after she encryptions the machine. The central repository allows files to be uploaded, but not read, and is protected with access requiring special permissions. What type of solution is Yasmine’s company using? A. A hardware security module B. Perfect forward secrecy C. Key escrow D. Private keys 56. Valerie wants to authenticate her systems using her AAA system. Which of the following options is best suited to system authentication? A. Asymmetric authentication B. Certificate-based authentication C. Symmetric authentication D. PIN-based authentication 57. Valentine wants to detect if an intruder has accessed a secured file server. Which of the following techniques will work best with a data loss prevention tool to identify data exfiltration? A. A honeypot B. A honeynet C. A honeyfile D. A honeytoken 58. Jason has recommended that additional lighting be put in place on the exterior of his building as part of a security upgrade. What type of control is lighting? A. Operational B. Deterrent C. Corrective D. Technical 59. Which of the following controls is typically the most expensive to implement? A. Bollards B. Access control vestibules C. Security guards D. Access badges 60. Frankie wants to validate the integrity of a file by comparing it against an original copy. Which of the following solutions both fulfills this requirement and avoids known secu- rity issues? A. Hash the original file and the current file using MD5 and compare the hashes. B. Hash the original file and the current file using SHA-1 and compare the hashes. C. Hash the original file and the current file using SHA-256 and compare the hashes. D. Hash the original file and the current file using AES and compare the hashes. Chapter 1 Domain 1.0: General Security Concepts 13 61. Joanna’s organization has a policy that requires a user’s password to be immediately reset to lock accounts if the account is determined to have been successfully phished. What type of control is this? A. A detective control B. A directive control C. A compensating control D. A preventive control 62. Jackie wants to implement an AAA system for her network. What AAA protocol is com- monly used for network devices? A. OpenID B. SAML C. RADIUS D. TANGENT 63. Scott wants to automate policy creation in his zero-trust environment’s policy engine. Which of the following is not a typical component for automated data and event-driven policy management? A. A SIEM B. Threat feeds C. Infrared sensor data D. EDR tools 64. Valerie’s organization has deployed a zero-trust solution, and Valerie receives an authentica- tion prompt when she is attempting to access a file server. What component of the zero-trust architecture is she interacting with? A. A policy enforcement point B. A policy administrator C. The policy engine D. The trust manager 65. Matt is assessing his organization’s zero-trust model against the NIST Zero Trust Maturity Model. Which of the following is not a common element of zero-trust systems that would be assessed as part of the model? A. Identity B. Business model C. Networks D. Devices 66. Quentin wants to deploy a single sign-on system to allow his users to log in to cloud services. Which of the following technologies is he most likely to deploy? A. OpenID B. Kerberos C. LDAP D. TACACS+ 14 Chapter 1 Domain 1.0: General Security Concepts 67. Marty wants to deploy a corrective control to deal with a recently compromised system. Which of the following would be considered a corrective control? A. Patching the vulnerability that allowed the compromise to occur B. Deploying full-disk encryption C. Deploying an endpoint detection and response (EDR) tool D. Enabling logging and sending logs to a SIEM 68. What important encryption feature is not supported by symmetric encryption? A. Confidentiality B. Integrity C. Nonrepudiation D. Authentication 69. Theresa wants to use a cloud-hosted security solution that will allow her to safely store and manage secrets. What type of solution should she select? A. A TPM B. A CA C. A KMS D. A CSR 70. Joanna is reviewing her account information on an e-commerce website and sees her credit card number displayed as XXXX-XXXX-XXXX-1234. What type of data obfuscation is in use? A. Hashing B. Data masking C. Field encryption D. Tokenization 71. Amanda’s organization wants to use a decentralized blockchain to store data. Which of the following is true about a decentralized blockchain? A. No individual or group controls the blockchain. B. Only cryptocurrency-related data can be stored in a blockchain. C. Blockchain data can be changed after being stored by the original submitter. D. Blockchain ledgers are stored on central servers chosen by regular elections among blockchain participants. 72. What role does a subordinate CA have in a CA hierarchy? A. Subordinate CAs issue certificates based on subdomains. B. Subordinate CAs provide control over certificate issuance while avoiding the cost of being a root CA. C. Subordinate CAs validate root CA activities to ensure auditability. D. Subordinate CAs review certificate signing requests before forwarding them to the root CA. Chapter 1 Domain 1.0: General Security Concepts 15 73. Which of the following sensor types is commonly used to detect footsteps? A. Infrared B. Pressure C. Microwave D. Ultrasonic 74. Which of the following is not a managerial control? A. Risk assessments B. Including security in change management processes C. Security planning exercises D. Implementing firewalls 75. What purpose do third-party certificates serve for customers of cloud services? A. They reduce costs by using bring-your-own certificates. B. They allow certificates for domains other than the service provider’s domain. C. They provide control over cryptographic security for the customer. D. They allow more flexibility in TLS version selection. 76. Which of the following is not a common control focused on availability? A. Uninterruptible power systems B. Redundant Internet connectivity C. Disk encryption D. Load balancers 77. What term describes a collection of honeypots on a network intended to capture information about cybersecurity threats? A. A honeyfarm B. A honeynet C. A honeycluster D. A darknet 78. Skip wants to implement a deterrent control to prevent physical security issues for his organi- zation. Which of the following controls should he select? A. A fence B. A generator C. Access badges D. A camera system 79. What holds the position of the root of trust in a certificate chain? A. A hardened hardware device B. A TPM C. A root certificate D. A wildcard certificate 16 Chapter 1 Domain 1.0: General Security Concepts 80. Jill needs to explain the concept of open public ledgers to her organization as management wants to adopt a blockchain-based system. What should she tell them about access to the ledger? A. Members must be added by a vote of all current members. B. Anyone can join at any time. C. Members must be added by a vote of more than 51 percent of current members. D. Ledgers are public but membership is private and controlled by the creator of the ledger. 81. Olivia wants to use a self-signed certificate in her test environment for her organization’s services to save money on commercial certificates. What warning should her team give her about the use of self-signed certificates in a test environment? A. Certificate root of trust validation attempts will fail if implemented. B. Self-signed certificates cannot be used for external users to support SSL. C. Self-signed certificates cannot be used for internal users to support SSL. D. Browsers will not allow self-signed certificates to be used when browsing sites. 82. Amanda is concerned about issues with dependencies that may be found during her pending change. What practice should she implement to help ensure unexpected dependency issues are not encountered? A. Update organizational policies and procedures before the change. B. Update functional diagrams before the change. C. Validate the change in a test environment. D. Document legacy applications that may create dependencies. 83. Lucca has implemented an authentication scheme that relies on ticket-granting tickets as part of the authentication process. What common authentication service has he implemented? A. TACACS+ B. Kerberos C. MS-CHAP D. EAP 84. Jocelyn wants to select a modern encryption algorithm for use in her organization. Which of the following is a currently recommended encryption algorithm? A. AES-256 B. SHA1 C. DES D. Blowfish 85. Elizabeth wants to classify the following controls by their category. What category best describes lighting, fences, bollards, and access control vestibules? A. Technical B. Managerial C. Operational D. Physical Chapter 1 Domain 1.0: General Security Concepts 17 86. Jack wants to ensure the integrity of a file that he is sending to a third party via email. How can he provide the integrity of a file to an organization that he has not done business with before? A. Encrypt the file and send it to them. B. Digitally sign the file. C. Send a hash of the file in a separate email. D. Email the file size and original name in a separate email. 87. Annie notices that her browser shows that the certificate for the site she is visiting is not valid. After performing some checks, she sees that the certificate is on the CA’s certificate revocation list. Which of the following is not a reason for a certificate to be on a CRL? A. The CA is compromised. B. The certificate’s private key was compromised. C. The certificate was signed with a stolen key. D. The certificate expired. 88. Mohinder wants to use modern, secure hashing algorithms to validate files against known good originals. Which of the following hashing algorithms should he select? A. MD5 B. SHA-1 C. AES-256 D. SHA-256 89. Derrick wants to validate an encrypted and digitally signed message sent using asymmetric encryption. What does he need from the sender to validate the message? A. The sender’s private key B. Derrick’s private key C. The sender’s public key D. Derrick’s public key 90. The major patch release that Susan’s team installed has failed, resulting in a nonworking ser- vice. What should her team do according to change management best practices? A. Declare an outage. B. Follow the documented backout plan. C. Restore from backups to the previous version. D. Uninstall the patch and validate service function. 91. The web server that Angela’s organization manages was recently compromised and the SSL certificate’s private key was accessed by attackers. Angela’s team has completed remediation and has created a new CSR, including a new private key that they have secured. What type of control type best describes the creation of a new key and certificate in this circumstance? A. Corrective B. Compensating C. Deterrent D. Detective 18 Chapter 1 Domain 1.0: General Security Concepts 92. Mikayla’s zero-trust system has received a request for access with an identity, and the basic criteria for access have been met. What should the system do next before providing access to the resource requested? A. Check the remote system’s security status. B. Require reauthentication using MFA. C. Check the user’s rights to ensure they can access the resource. D. Determine its level of confidence in the request. 93. Charles sets up an RDP server on an isolated network segment and places a file on it called passwords.xlsx. He then configures his IPS and DLP systems to monitor for that file exiting the network segment. What type of tool has Charles deployed? A. A honeyfile B. A SQL trap C. A red flag D. A trigger file 94. Lucca is using precomputed rainbow tables to attempt to crack hashed passwords from a data breach. He knows that two users have the same password, but the hashes do not match. What password hash security technique has Lucca most likely encountered? A. Password encryption B. Salting C. Hash rotation D. Password mismatching 95. What operating system is commonly associated with secure enclaves? A. Windows B. iOS C. Linux D. Android 96. Isaac is concerned that the passwords that his users are creating are too short and can be easily brute-forced if their hashes were compromised. Rather than make his users remember longer passwords, he would like to implement a technical solution to help make the hashes more resistant to cracking. What solution can he use to help with this? A. Implement pass-the-hash algorithms. B. Use a collision-resistant hashing algorithm. C. Implement key stretching techniques. D. Encrypt passwords rather than hashing them. Chapter 1 Domain 1.0: General Security Concepts 19 97. Christina wants to implement access badges printed with picture IDs for her organization, but she wants to use a wireless reader. What access badge technology is commonly imple- mented in scenarios like this? A. Wi-Fi-enabled access badges B. RFID access badges C. Bluetooth-enabled access badges D. NFC access badges 98. Kendra’s vulnerability management team has discovered that Internet of Things (IoT) devices deployed a few years ago to monitor temperatures for critical refrigerated equip- ment are vulnerable to a new attack. After reviewing the issue, her team has discovered that the devices are no longer supported and that the manufacturer has gone out of business. They suggest moving the devices to an isolated network to help protect them. What type of control has Kendra’s team suggested? A. A corrective control B. A compensating control C. A confidentiality control D. A coordinated control 99. Which of the following is not a common factor in adaptive authentication for zero trust? A. Where the user is logging in from B. Whether the user has logged in recently from another device C. What device the user is logging in from D. If the device is configured correctly 100. Juan’s organization is designing their zero-trust model. Which of the following statements is true for network security zones? A. All communication is secured, regardless of the network security zone it occurs in. B. Communication receives additional security in low-trust zones. C. Communication receives less security in high-trust zones. D. All zero-trust networks are considered secured zones. 101. What advantage do microwave sensors have over infrared sensors? A. They can detect heat signatures. B. They are cheaper than infrared sensors. C. They can penetrate some types of walls. D. They do not interfere with sensitive equipment. 20 Chapter 1 Domain 1.0: General Security Concepts 102. Isaac is conducting a physical penetration test and wants to bypass an access control vestibule. What must he accomplish? A. He needs to persuade an individual to allow him to follow them through a single door. B. He needs to acquire an individual’s access card. C. He needs to persuade an individual to allow him to follow them through two doors in a row. D. He needs to acquire the individual’s access PIN. 103. Rachel wants to select an obfuscation method that will allow her customer service represen- tatives to validate customer identities without providing full access to customer data. What should she select? A. Tokenization B. Data masking C. Steganography D. Hashing 104. Valerie’s manager has informed her that version control must be implemented for her development team’s work. Which of the following is not a common, security-related reason for version control? A. To help with patching B. To track each contributor’s workload C. To ensure the proper version is deployed D. To help with change management 105. Jackie’s change management process involves reporting functional validation test results to stakeholders. Which of the following is not a common stakeholder or stakeholder group for an application upgrade? A. Application administrators B. Service owners C. System administrators D. Auditors 106. How many keypairs are required for four individuals to communicate securely using asymmetric encryption? A. 1 B. 4 C. 8 D. 12 Chapter 1 Domain 1.0: General Security Concepts 21 107. Michelle wants to store secrets for her organization in a cloud service. She wants to ensure the greatest level of security for her organization, and she is willing to spend more money to provide that security. What solution should she look for? A. A shared cloud TPM B. A shared cloud HSM C. A dedicated hardware cloud TPM D. A dedicated hardware cloud HSM 108. Murali wants to digitally sign a file. What key does he need to sign it? A. The recipient’s private key B. His private key C. The recipient’s public key D. His public key 109. What information is necessary for a certificate to be identified properly in an OCSP request? A. The domain name B. The original requestor’s name C. The certificate’s serial number D. The identifier for the open public ledger entry 110. Rick checks the certificate for the site he is viewing and sees that it reads *.example.com. What type of certificate is this, and why is it in use? A. It is a self-signed certificate, and it is used for testing purposes. B. It is a wildcard certificate and is used for testing purposes. C. It is a wildcard certificate and is used for multiple subdomains. D. It is a self-signed certificate and is used for multiple subdomains. 111. John wants to write a procedure that addresses what to do if an employee inadvertently dis- closes their password due to a phishing attempt. What type of control is John considering? A. A directive control B. A proactive control C. A deterrent control D. A preventive control 112. Adam has been asked to implement an allow list for websites that his servers can visit. What concern should he raise about the implementation of allow lists? A. Allow lists can be difficult to manage and cause failures if sites that are needed are not added. B. Allow lists do not prevent sites from being visited if they are not on the allow list. C. Allow lists cannot be configured to allow entire domains to be visited, creating significant overhead. D. Allow lists are prone to error, allowing unwanted sites to be added. 22 Chapter 1 Domain 1.0: General Security Concepts 113. Jim wants to implement an authentication framework for his wireless network. Which of the following is most commonly used for wireless network authentication? A. EAP B. MS-CHAP C. Kerberos D. LDAP 114. Gary is preparing change management documentation for an application restart after patching. What step should immediately follow the application restart? A. Validation testing B. Documenting the change occurred C. Updating version control D. Vulnerability scanning 115. Anna has been told that her organization has deployed microwave sensors in the organiza- tion’s warehouses. What are microwave sensors most frequently used to detect? A. Motion B. Glass break C. Heat signatures D. Pressure 116. When is data on a drive that uses full-disk encryption at the greatest risk? A. During the system boot process B. When the system is off C. When the system is logged in and in use D. When the system is being shut down 117. Alex has configured full-disk encryption for laptops that his organization issues to employees. What cybersecurity objective does this primarily support? A. Confidentiality B. Availability C. Authenticity D. Integrity 118. What process reviews control objectives for an organization, system, or service to determine if controls do not meet the control objectives? A. A penetration test B. A gap analysis C. A Boolean analysis D. A risk analysis Chapter 1 Domain 1.0: General Security Concepts 23 119. Frank configures an access control list to ensure that only specific IP addresses are able to connect to a service. What type of control has he deployed? A. Managerial B. Physical C. Technical D. Operational 120. Annie has recently implemented a video surveillance system for her organization. What is the largest driver for new ongoing costs for an unmonitored video surveillance system? A. Camera maintenance B. The ongoing cost of storage C. Security guards D. Licensing 121. Henry’s organization has recently experienced a ransomware attack and is restoring backups from a secure backup system. What type of security control is Henry using? A. A preventive control B. A directive control C. A compensating control D. A corrective control 122. What data obfuscation technique relies on a lookup table that allows you to match the data you want to secure to a randomly generated value to ensure that the actual value is not easily accessible? A. Hashing B. Tokenization C. Randomization D. Masking 123. What challenge drives the need for key exchange mechanisms? A. The number of keys required for symmetric encryption B. The need to determine if a key is public C. The need to exchange keys in a way that prevents others from obtaining a copy D. The need to securely return keys to their owner after they are traded 124. Jackie is performing an impact analysis prior to a large-scale change her team is preparing to implement. Which of the following groups is not typically part of the impact analysis? A. Stakeholders B. System administrators C. Service owners D. Legal counsel 24 Chapter 1 Domain 1.0: General Security Concepts 125. Ilya wants to create a certificate signing request. Which of the following is not a typical part of a CSR? A. The common name of the server B. The organization’s legal name C. A contact email address D. The organization’s phone number 126. Before Tony stores a password hash, he appends a string of characters that is unique to each password generated using an algorithm he created. What technique is Tony using to help protect his password hashes? A. Tokenization B. Steganography C. Salting D. Key stretching 127. Which of the following is not a step taken when a transaction is entered in a blockchain? A. The value of the block is determined. B. The transaction is sent to a peer-to-peer network of computers. C. The transaction is validated using equations. D. A transaction history is maintained as part of the blockchain. 128. Kent wants to encrypt network traffic in transit. What cryptographic protocol is most fre- quently used to add encryption to existing protocols? A. S/MIME B. TLS C. MPLS D. SSH 129. Which of the following is not a common concern in change management processes related to legacy applications? A. Lack of vendor support B. Lack of patches and updates C. Ongoing licensing costs D. Availability of third-party or consultant expertise 130. Elaine wants to document the technical concerns that dependencies create as part of her change management process. Which of the following concerns is the most common when dependencies are encountered as part of change management? A. Documenting the dependencies to ensure they are addressed B. Removing the dependencies as part of the change C. Patching the dependencies in addition to the main application D. Updating diagrams related to the dependencies Chapter 1 Domain 1.0: General Security Concepts 25 131. Gary has implemented record-level encryption for his database. How many keys will he use in a typical implementation of record-level encryption? A. One key per record B. One key per column C. One key per table D. One key per database 132. Justin’s laptop is part of his organization’s zero-trust architecture. What term is used to refer to a device like a laptop, desktop, or mobile device in a zero-trust design? A. A subject B. A policy engine C. A service provider D. A policy application point 133. Susan’s organization has deployed a zero-trust architecture. Which of the following zero- trust control plane components uses rules to determine who can access a service based on the security status of their system, threat data, and similar information? A. Adaptive authorization B. Threat scope reduction C. Policy-driven access control D. Secured zones 134. Scott wants to implement OCSP as part of an application he is creating. What will he implement? A. A corrective control security process B. Certificate status checking C. Transport encryption D. Full-disk encryption 135. Which of the following is not a common reason to implement key escrow? A. Regulatory compliance B. Providing access to encrypted data for administrative reasons C. Providing access to encrypted data in emergencies D. Preventing the need for key rotation after a user leaves 136. Yariv discovers that he has exposed his private key to other users in his organization by sending it via email instead of his public key. What should he do? A. Ask the other users to delete any copies of his private key that they may have. B. Immediately add his key to a CRL and reissue the key. C. Create a new keypair and notify others that he has replaced his keypair. D. Continue to operate as normal as long as the private key was not used maliciously. 26 Chapter 1 Domain 1.0: General Security Concepts 137. What happens if a mistake is made and an incorrect transaction is entered into the open public ledger in a blockchain? A. The transaction is reversed once it is discovered, and the original transaction is removed from the record. B. A new transaction must be processed, and both transactions remain in the record. C. The original transaction is updated and becomes the new record. D. An error block must be mined and labeled with the transaction number and error details. 138. Which of the following activities will not typically result in a need to update policies and procedures? A. Deploying a new application B. Installing patches for an existing application C. Conducting a lessons learned exercise after an incident D. Changes in regulations 139. Hrant’s organization wants to ensure that staff members use both something they know and something they have as part of their physical access control scheme. Which of the fol- lowing solutions meets that requirement? A. Security guards and access badges B. Keys and access control vestibules C. Access badges and PINs D. Security guards and access control vestibules 140. Julia wants to detect if an intruder enters a space using a sensor system. Which of the fol- lowing is not typically used to detect intruders? A. Infrared sensors B. Pressure sensors C. Microwave sensors D. Ultrasonic sensors 141. Which of the following is not true for a secure cryptographic hash system? A. Hashes are a one-way function. B. Hashes generate a fixed length output. C. Hashes may generate the same output for multiple inputs. D. Hashes are commonly used to verify the integrity of files. 142. Casey wants to prevent tailgating attacks on her datacenter. What type of physical security solution should she put in place? A. Video surveillance B. Bollards C. An access control vestibule D. Access badges Chapter 1 Domain 1.0: General Security Concepts 27 143. As Casey continues to work to secure her datacenter, she decides to deploy access badges. What technique will provide the greatest assurance that a stolen or cloned access badge will not allow an attacker access? A. Use barcode-based badges. B. Require a PIN along with the badge. C. Use RFID-based badges. D. Include a picture of the user on the badge. 144. What term describes the function of digital signatures related to proving that the signature was provided by the owner of a given private key? A. Ledger-based validation B. Nonrepudiation C. Key stretching D. Authentication 145. John wants to send his public key to another user. What steps are necessary to do so? A. The key must be sent using Diffie–Hellman. B. The key can simply be sent via email or other means. C. The key must be sent using RSA. D. The key must be signed, then sent via email or other means. 146. Tracy wants to use the most secure salting solution she can. Which of the following options will provide the most secure salt? A. Set a salt value and store it in a database. B. Set a salt value and store it in the program code. C. Generate a unique salt for each hashed entry. D. Generate a unique salt value every time a value is used. 147. Bob conducts a periodic risk assessment of his organization. What category of security control is this? A. Technical B. Managerial C. Operational D. Physical 148. After a breach, Jackie removes malicious software from a server that she is responsible for. What control type should she classify this as? A. Preventive B. Corrective C. Compensating D. Deterrent 28 Chapter 1 Domain 1.0: General Security Concepts 149. What can a root SSL (TLS) certificate do? A. Remove a certificate from a CRL B. Generate a signing key and use it to sign a new certificate C. Authorize new CA users D. Allow key stretching 150. Christina wants to authenticate individuals as part of her AAA implementation. What will she need to do to authenticate users? A. Match users to roles and ensure that rights are assigned. B. Conduct biometric enrollments for every user. C. Use identity proofing for each user she creates. D. Ensure that users provide an identity and one or more authentication factors. Chapter Domain 2.0: Threats, 2 Vulnerabilities, and Mitigations THE COMPTIA SECURITY+ EXAM SY0-701 TOPICS COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING: ✓✓ Domain 2.0: Threats, Vulnerabilities, and Mitigations 2.1 Compare and contrast common threat actors and motivations Threat actors (Nation-state, Unskilled attacker, Hacktivist, Insider threat, Organized crime, Shadow IT) Attributes of actors (Internal/external, Resources/funding, Level of sophistication/capability) Motivations (Data exfiltration, Espionage, Service dis- ruption, Blackmail, Financial gain, Philosophical/political beliefs, Ethical, Revenge, Disruption/chaos, War) 2.2 Explain common threat vectors and attack surfaces Message-based (Email, Short Message Service [SMS], Instant messaging [IM]) Image-based File-based Voice call Removable device Vulnerable software (Client-based vs. agentless) Unsupported systems and applications Unsecure networks (Wireless, Wired, Bluetooth) Open service ports Default credentials Supply chain (Managed service providers [MSPs], Vendors, Suppliers) Human vectors/social engineering (Phishing, Vishing, Smishing, Misinformation/disinforma- tion, Impersonation, Business email compromise, Pretexting, Watering hole, Brand impersonation, Typo squatting) 2.3 Explain various types of vulnerabilities Application (Memory injection, Buffer over- flow, Race conditions, Time-of-check [TOC], Target of evaluation [TOE], Time-of-use [TOU], Malicious update) Operating system (OS)-based Web-based (Structured Query Language injection [SQLi], Cross-site scripting [XSS]) Hardware (Firmware, End-of-life, Legacy) Virtualization (Virtual machine [VM] escape, Resource reuse) Cloud-specific Supply chain (Service provider, Hardware pro- vider, Software provider) Cryptographic Misconfiguration Mobile device (Side loading, Jailbreaking) Zero-day 2.4 Given a scenario, analyze indicators of malicious activity Malware attacks (Ransomware, Trojan, Worm, Spyware, Bloatware, Virus, Keylogger, Logic bomb, Rootkit) Physical attacks (Brute force, Radio frequency identification [RFID] cloning, Environmental) Network attacks (Distributed denial-of-service [DDoS], Amplified, Reflected, Domain Name System [DNS] attacks, Wireless, On-path, Creden- tial replay, Malicious code) Application attacks (Injection, Buffer overflow, Replay, Privilege escalation, Forgery, Directory traversal) Cryptographic attacks (Downgrade, Collision, Birthday) Password attacks (Spraying, Brute force) Indicators (Account lockout, Concurrent session usage, Blocked content, Impossible travel, Resource consumption, Resource inaccessibility, Out-of-cycle logging, Published/documented, Missing logs) 2.5 Explain the purpose of mitigation techniques used to secure the enterprise Segmentation Access control (Access control list [ACL], Permissions) Application allow list Isolation Patching Encryption Monitoring Least privilege Configuration enforcement Decommissioning Hardening techniques (Encryption, Installation of endpoint protection, Host-based firewall, Host- based intrusion prevention system [HIPS], Dis- abling ports/protocols, Default password changes, Removal of unnecessary software) 32 Chapter 2 Domain 2.0: Threats, Vulnerabilities, and Mitigations 1. Brent’s organization is profiling threat actors that may target their infrastructure and systems. Which of the following is most likely a motivation for a nation-state actor? A. Financial gain B. Blackmail C. Espionage D. Blackmail 2. Ahmed is a sales manager with a major insurance company. He has received an email that is encouraging him to click on a link and fill out a survey. He is suspicious of the email, but it does mention a major insurance association, and that makes him think it might be legitimate. Which of the following best describes this attack? A. Phishing B. Social engineering C. Spear phishing D. Trojan horse 3. You are a security administrator for a medium-sized bank. You have discovered a piece of software on your bank’s database server that is not supposed to be there. It appears that the software will begin deleting database files if a specific employee is terminated. What best describes this? A. Worm B. Logic bomb C. Trojan horse D. Rootkit 4. The company that Yarif works for uses a third-party IT support company to manage their cloud-hosted web application infrastructure. How can Yarif best address concerns about potential threat vectors via the managed service provider (MSP)? A. Conduct regular vulnerability scans. B. Use shared incident response exercises to prepare. C. Ensure appropriate contractual coverage for issues. D. Require the MSP to have an annual pentest. 5. Jill’s organization has received an advisory about a flaw that could allow software running on a virtual machine to execute code on the system that is running the VM hypervisor. What type of vulnerability is this? A. A resource reuse issue B. A VM escape issue C. A jailbreaking issue D. A sideloading issue Chapter 2 Domain 2.0: Threats, Vulnerabilities, and Mitigations 33 6. Helen is concerned about ransomware attacks against workstations that she is responsible for. Which of the following hardening options is best suited to protecting her organization from ransomware? A. Installing host-based firewalls B. Installing endpoint protection software C. Installing a host-based IPS software D. Removing unnecessary software 7. The company that Gary works for has deployed a wireless network. Which of the following network options is the most secure? A. WPA-2 Personal B. WPA-3 C. WPA-2 Enterprise D. WPA-4 8. What type of attack depends on the attacker entering JavaScript into a text area that is intended for users to enter text that will be viewed by other users? A. SQL injection B. Clickjacking C. Cross-site scripting D. Bluejacking 9. Unusual outbound network traffic, geographical irregularities, and increases in database read volumes are all examples of what key element of threat intelligence? A. Predictive analysis B. OSINT C. Indicators of compromise D. Threat maps 10. Julie wants to conduct a replay attack. What type of attack is most commonly associated with successful replay attacks? A. SQL injection B. An on-path attack C. Brute force D. A DDoS 11. Valerie is investigating a recent incident and checks /var/log on a Linux system. She finds the audit.log file empty despite the system uptime showing over a month of uptime. What has she most likely encountered? A. A wiped log B. A recent reboot C. A system error D. Incorrect permissions to view the log 34 Chapter 2 Domain 2.0: Threats, Vulnerabilities, and Mitigations 12. Jack purchases ads on a site that staff members of his target organization frequently visit in preparation for a penetration test. Once his ads start to display, he replaces the underlying code with attack code that redirects visitors to a login page that matches the organization’s own internal website. What type of attack has Jack attempted? A. A misinformation attack B. A watering hole attack C. A disinformation attack D. A business website compromise attack 13. Which of the following is not a common concern related to the hardware vendor supply chain? A. Malware preinstalled on hardware B. Lack of availability of hardware C. Third-party hardware modifications D. Malicious firmware modifications 14. Ben wants to conduct a credential replay attack. What should he do first to enable the attack? A. Create a phishing email. B. Conduct an on-path attack. C. Use a brute-force password attack. D. Conduct an injection attack. 15. Nick is assessing internal threat actors and considering what motivations are likely to drive them. Which of the following is the most likely motivation for an internal threat actor? A. Espionage B. Blackmail C. War D. Political beliefs 16. Yasmine is reviewing the software installed on a client’s computer and notices that multiple browser toolbars, weather applications, and social media applications were preinstalled. What term is most commonly used to describe this software? A. MSPs B. Bloatware C. Ransomware D. Rootware Chapter 2 Domain 2.0: Threats, Vulnerabilities, and Mitigations 35 17. Ilya is reviewing logs and notices that one of his staff has logged in from his home location in China at 2 p.m., and then logged in from the United Kingdom an hour later. What indicator of compromise should he flag this as? A. Concurrent session usage B. Resource inaccessibility C. Impossible travel D. Segmentation 18. Adam’s organization has deployed RFID badges as part of their access control system. Adam is required to enter a 6-digit PIN when he uses his RFID badge and dislikes the additional step. What type of attack is the PIN intended to stop? A. Piggybacking B. On-path C. Concurrent access D. Badge cloning 19. Jen recently received an email that appeared to be from one of her vendors asking for a change in the method of payment to another account. She normally works with mike_ [email protected], but noticed that the email was from [email protected] on further review. What type of social engineering attack is this? A. Vishing B. Business email compromise C. Smishing D. Pretexting 20. What is the primary concern for security professionals about legacy hardware? A. Its likelihood of failure B. Lack of patches and updates C. Lack of vendor support D. Inability to support modern protocols 21. Coleen is the web security administrator for an online auction website. A small number of users are complaining that when they visit the website it does not appear to be the correct site. Coleen checks and she can visit the site without any problem, even from computers outside the network. She also checks the web server log and there is no record of those users ever connecting. Which of the following might best explain this? A. Typo squatting B. SQL injection C. Cross-site scripting D. Cross-site request forgery 36 Chapter 2 Domain 2.0: Threats, Vulnerabilities, and Mitigations 22. The organization that Mike works in finds that one of their domains is directing traffic to a competitor’s website. When Mike checks, the domain information has been changed, including the contact and other administrative details for the domain. If the domain had not expired, what has most likely occurred? A. DNS hijacking B. An on-path attack C. Domain hijacking D. A zero-day attack 23. Lucia’s organization has adopted open source software provided by a third-party vendor as part of their web application. What concern should she express about her software supply chain? A. Lack of vendor support B. Lack of code auditability C. Lack of control over open source dependencies D. Lack of updates 24. Alice wants to prevent server-side request forgery (SSRF) attacks. Which of the following will not be helpful for preventing them? A. Removing all SQL code from submitted HTTP queries B. Blocking hostnames like 127.0.01 and localhost C. Blocking sensitive URLs like /admin D. Applying allow list–based input filters 25. Tracy wants to protect desktop and laptop systems in her organization from network attacks. She wants to deploy a tool that can actively stop attacks based on signatures, heuristics, and anomalies. What type of tool should she deploy? A. A firewall B. Antimalware C. HIDS D. HIPS 26. Mahmoud is responsible for managing security at a large university. He has just performed a threat analysis for the network, and based on past incidents and studies of similar networks, he has determined that the most prevalent threat to his network are attackers who wish to breach the system, simply to prove they can or for some low-level crime, such as changing a grade. Which term best describes this type of attacker? A. Hacktivist B. Nation-state C. Insider D. Unskilled attacker Chapter 2 Domain 2.0: Threats, Vulnerabilities, and Mitigations 37 27. How is phishing different from general spam? A. It is sent only to specific targeted individuals. B. It is intended to acquire credentials or other data. C. It is sent via SMS. D. It includes malware in the message. 28. Selah includes a question in her procurement request-for-proposal process that asks how long the vendor has been in business and how many existing clients the vendor has. What common issue is this practice intended to help prevent? A. Supply chain security issues B. Lack of vendor support C. Outsourced code development issues D. System integration problems 29. Frank is a network administrator for a small college. He discovers that several machines on his network are infected with malware. That malware is sending a flood of packets to a target external to the network. What best describes this attack? A. SYN flood B. DDoS C. Botnet D. Backdoor 30. A sales manager at your company is complaining about slow performance on his computer. When you thoroughly investigate the issue, you find spyware on his computer. He insists that the only thing he has downloaded recently was a freeware stock trading application. What would best explain this situation? A. Logic bomb B. Trojan C. Rootkit D. Macro virus 31. What threat actor is most likely to be motivated by political beliefs? A. Hacktivists B. Organized crime C. Unskilled attackers D. Insider threats 32. What type of threat actors are most likely to have a profit motive for their malicious activities? A. State actors B. Hacktivists C. Unskilled attackers D. Organized crime 38 Chapter 2 Domain 2.0: Threats, Vulnerabilities, and Mitigations 33. You have noticed that when in a crowded area, you sometimes get a stream of unwanted text messages. The messages end when you leave the area. What describes this attack? A. Bluejacking B. Bluesnarfing C. Evil twin D. Rogue access point 34. Dennis uses an on-path attack to cause a system to send traffic to his system and then for- wards it to the actual server the traffic is intended for. What information will be visible from his system as it passed through it? A. All traffic meant for remote systems B. All traffic meant for local systems C. Only unencrypted traffic D. Only unencrypted traffic meant for his system 35. Andrea recently received a phone call claiming to be from her bank. The caller asked for information including her account number and Social Security number to validate her iden- tity. What type of social engineering attack was Andrea the target of? A. Smishing B. Brand impersonation C. A watering hole attack D. A business email compromise attack 36. Jake’s vulnerability scanner reports that the software his organization is running is vulner- able to a cryptographic downgrade attack. What concern should Jake have about this poten- tial issue? A. Attackers may be able to force use of a weaker encryption algorithm, making data easier to access. B. Attackers may be able to force use of weaker hashing, making it easier to recover passwords. C. Attackers may be able to force use of older versions of the software, including previously patched vulnerabilities. D. Attackers may be able to force encryption to be turned off, causing information to be sent in plain text. 37. Rick has three major categories of data and applications in use in his virtualization environ- ment: highly sensitive; business sensitive; and unclassified, or public information. He wants to ensure that data and applications of different sensitivity are not compromised in the event of a breach. What mitigation technique is best suited to this type of requirement? A. Application allow lists B. Monitoring C. Least privilege D. Segmentation Chapter 2 Domain 2.0: Threats, Vulnerabilities, and Mitigations 39 38. Users in your company report someone has been calling their extension and claiming to be doing a survey for a large vendor. Based on the questions asked in the survey, you sus- pect that this is a scam to elicit information from your company’s employees. What best describes this? A. Spear phishing B. Vishing C. War dialing D. Robocalling 39. As part of a zero-trust environment, Quentin is given rights that he needs only when he needs them through a checkout process and they are then removed when he is done. What mitiga- tion technique best describes this solution? A. Segmentation B. Isolation C. Least privilege D. Configuration enforcement 40. While performing a scan for wireless networks, Lisa discovers a network that does not use WPA-2 or WPA-3. What network traffic information can she recover from devices using this network? A. All network traffic B. Network packet headers, but not packet data C. Network packet data, but not headers D. DNS and DHCP queries, but not network packet data 41. Jared is responsible for network security at his company. He has discovered behavior on one computer that certainly appears to be a virus. He has even identified a file he thinks might be the virus. However, using three separate antivirus programs, he finds that none can detect the file. Which of the following is most likely to be occurring? A. The computer has a RAT. B. The computer has a zero-day exploit. C. The computer has a worm. D. The computer has a rootkit. 42. John has discovered that an attacker is trying to get network passwords by using software that attempts a series of passwords with a minor change each time the password is tried. What type of attack is this? A. Dictionary B. Rainbow table C. Brute force D. Session hijacking 40