CompTIA Security+ (SY0-601) Exam Questions

Page 4 of 50

61.

Which of the following situations is an example of a reflected DDoS attack?

  • An attacker spoofs IP addresses of legitimate web servers to send traffic toward a vulnerable target

  • An attacker sends a small query to a server that results in a large response

  • An attacker replays credentials they have captured in order to gain unauthorized access to a system

  • An attacker gains access to directories outside of a web server's public folder

Correct answer: An attacker spoofs IP addresses of legitimate web servers to send traffic toward a vulnerable target

In a reflected DDoS attack, the attacker uses spoofed IP addresses to make requests appear to come from legitimate sources. Combined with amplification techniques, this can be disruptive to a service.

An amplification DDoS involves an attacker sending a small query that results in a large response. A credential replay involves an attacker replaying credentials they have captured in order to gain unauthorized access to a system. Directory traversal involves an attacker gaining access to directories outside of a web server's public folder.

62.

Which type of testing looks at an application without running it?

  • Static analysis

  • Dynamic analysis

  • Fuzzing

  • Stress

Correct answer: Static analysis

Static analysis is a type of application testing that looks at the code without running the program. It is useful for understanding how the application is written and for detecting logic issues.

Dynamic analysis is performed when the application is running. Fuzzing is testing that sends malformed data to an application. Stress testing involves seeing how an application behaves under extreme conditions.

63.

Testing an application for vulnerabilities after each code update falls under which of the following?

  • Continuous validation

  • Continuous integration

  • Continuous monitoring

  • Continuous deployment

Correct answer: Continuous validation

DevOps automates parts of the software development and deployment process, including:

  • Continuous monitoring monitors a production application for attacks, errors, or other issues.
  • Continuous validation ensures that code is operating properly.
  • Continuous integration validates that components of a system work together properly.
  • Continuous delivery automates the process of sending the latest version of code to the customer.
  • Continuous deployment enables continuous delivery by automatically building release versions of software based on new updates.

64.

Which of the following is an advantage for an organization using a multi-cloud system?

  • Avoiding vendor lock-in

  • Lowering the attack surface

  • Reducing the risk of VM escape

  • Removing the complexity of resource management

Correct answer: Avoiding vendor lock-in

Vendor lock-in refers to being reliant on one cloud server for operations. Using a multi-cloud system rather than relying on a single cloud can give the organization more independence, let them shop for cheaper services, and can be used to increase resilience.

Using more cloud service providers can increase the total attack surface. VM escape is a risk in any virtualized environment. Using multiple cloud service providers will increase complexity.

65.

Which wireless communication type allows for mobile devices to transmit information only when they are within inches of each other?

  • NFC

  • Bluetooth

  • Infrared

  • Wi-Fi

Correct answer: NFC

Near Field Communication (NFC) is a very short-range protocol that is often used to share contact information between phones or to purchase items in a store. Because it is short-range and also uses basic encryption, it is relatively safe.

Bluetooth has a typical range of 30 meters. Infrared uses line-of-sight. Wi-Fi can have a range of up to around 100 meters.

66.

Which type of target requires extensive physical security measures to prevent tampering or sabotage that could disable critical infrastructure?

  • ICS/SCADA

  • RTOS

  • IoT

  • CCTV

Correct answer: ICS/SCADA

Industrial control systems (ICS) and supervisory control and data acquisition (SCADA) are used in industrial settings such as power plants or factories. Physical security measures such as a secure facility design and environmental controls need to be implemented to protect against serious damage.

A real-time operating system (RTOS) works with embedded devices that are used with various types of devices. Internet of things (IoT) devices do not often implement strong physical controls. CCTV is a detective control with individual cameras that typically are not overly protected.

67.

An organization has several users who do not necessarily need to be in the office and wants to allow them remote access to the company network. Which of the following is used to create a secure connection between a client computer and a remote network over an insecure medium?

  • VPN

  • DHCP

  • STP

  • NAC

Correct answer: VPN

The virtual private network (VPN) was developed to enable quick and secure remote connections using the inherent capacity of the internet. It's used to take advantage of fast connections such as cable and DSL to connect to a remote network.

DHCP is used to assign IP addresses to hosts. STP is used to prevent loops in switches. NAC is used to determine if systems should be allowed to connect to a network.

68.

For a large company with complex compliance requirements, what can they use to improve efficiency and reduce human error?

  • Automation

  • Due diligence

  • Attestation

  • External audit

Correct answer: Automation

Automation involves using comprehensive software for streamlining compliance assessments. Automation increases efficiency and reduces the chances of human error.

Due diligence involves vetting a third party before doing business with them. Attestation is the process of verifying an organization's compliance. An external audit is a thorough audit of a company done by a third party.

69.

During a routine audit, a company discovers a vulnerability in a mission-critical application. The vulnerability is determined to be unlikely to be exploited because it involves physical access to the system. Senior management is formally consulted, and they decide to leave the mission-critical system running while a control is being developed. They agree to address the topic again one month later.

What type of response is the organization taking?

  • Exemption

  • Exception

  • Segmentation

  • Insurance

Correct answer: Exemption

An exemption involves the formal acknowledgment of a vulnerability and a decision to not address the issue until a later time. It differs from an exception in that it is more formal and longer term.

An exception is case-by-case and less formal acceptance of a risk. Segmentation involves moving a compromised system into a separate subnet. Insurance involves obtaining financial compensation in case an incident occurs.

70.

Which of the following components manages security in SDN?

  • Controller

  • Management plane

  • SASE

  • Data plane

Correct answer: Controller

An SDN controller operates in the control plane and makes high-level decisions about network policies. It allows for networks to be dynamically tuned based on metrics and other settings.

The management plane monitors network traffic. A software access service edge (SASE) integrates network security solutions with cloud-based architecture. The data plane uses network devices to forward packets based on the control plane.

71.

A company wants to connect two private virtual clouds without the traffic leaving the cloud provider's secure network. What feature of cloud computing can they use to achieve this?

  • VPC endpoint

  • Transit gateway

  • Security group

  • Virtual machine

Correct answer: VPC endpoint

A VPC provides a private network within the cloud that allows access to endpoints using private addresses via a VPC endpoint. It allows traffic to not traverse the public Internet, which increases security.

A transit gateway connects VPCs to on-premises networks for hybrid implementations. Security groups filter traffic in a VPC. A virtual machine is an emulation of a physical computer hosted on another system.

72.

During the course of an attack, the attacker placed backdoor remote viewing software on the hacked server. After some time, the attacker returns, using the backdoor to continue the attack and obtain more sensitive information. 

Which of the following terms BEST fits this scenario?

  • Persistence

  • Initial exploitation

  • Horizontal movement

  • Active reconnaissance

Correct answer: Persistence 

A common technique used by attackers to maintain persistence is a backdoor that enables them to return to the compromised system to continue their attack efforts and potentially steal more information or cause more damage. The attacker can stay connected for weeks, months, or even years if their backdoor, or hidden service like SSH, goes unnoticed.

Initial exploitation is the start of an attack that involves exploiting a weakness. Horizontal movement involves moving from one compromised system in a network to another. Active reconnaissance involves directly scanning targets for vulnerabilities.

73.

A major retail company wants to outsource its payment processing to a third party but wants to be sure the vendor implements adequate security practices. Before making an agreement, what should they request from the vendor?

  • Independent assessment

  • Parallel processing

  • Identity proofing

  • Mandatory access control

Correct answer: Independent assessment

A customer can request an independent assessment of a vendor by an auditor in order to gain assurance that they follow adequate security practices. 

Parallel processing refers to a security testing technique. Identity proofing involves confirming that a user is who they claim they are. Mandatory access control is a type of access control that restricts access based on security classifications assigned to users and resources.

74.

A web portal with credentials of admin:admin is an example of which of the following configuration issues?

  • Default settings

  • Unsecured protocols

  • Error

  • Open ports and services

Correct answer: Default settings

The use of default settings can include default configuration options, default account credentials (such as admin:admin), or keeping unnecessary software enabled by default.

The use of unsecured protocols refers to the use of HTTP instead of HTTPS, Telnet instead of SSH, and similar use of unencrypted protocols. An error is an oversight that leaves a system vulnerable, such as allowing zone transfers on a DNS server. Open ports and services vulnerabilities refer to running unnecessary services on a system, like a web server on a user workstation.

75.

An administrator wants to run regular vulnerability scans with the help of small software programs installed on the target systems. What type of scan should they implement for this?

  • Agent-based

  • Server-based

  • Static

  • Dynamic

Correct answer: Agent-based

An agent-based security scan works by having small agent programs running on the systems that need to be scanned. These agents can give more detailed information than an external scan.

A server-based scan is performed from a central server. A static analysis is a type of application test done without running the application. A dynamic analysis is a type of application test done while running the application.

76.

Which of the following policies should a company create so individuals with an interest in a company are adequately informed during an incident response?

  • Stakeholder management plan

  • Business continuity plan

  • Communication plan

  • Disaster recovery plan

Correct answer: Stakeholder management plan

Some of the key policies and procedures for incident management include:

  • Retention policies: Policies that state how long certain types of data should be stored by the organization, including offsite storage and backups. This can be relevant to an organization's ability to detect, investigate, or recover from an incident.
  • Stakeholder management plan: Understand who the stakeholders are, and their roles and goals in the incident response process. This plan is necessary to ensure that the IR plans meet the needs of the business.
  • Communication plan: Know how to reach all key stakeholders (IR team, management, etc.), including backups if the main communications lines are down.
  • Disaster recovery plan: Strategy for restoring the organization to normal operations after an incident.
  • Business continuity plan: Strategy for maintaining operations as an incident is occurring, including failover plans and an analysis of potential risks and how to manage them. A continuity of operations (COOP) plan is related to this and ensures that an organization can maintain all critical functions during an incident.

77.

Before authenticating a user, an organization checks the user's location and device to understand the context of the authentication request. What aspect of a zero trust cybersecurity approach is the organization following?

  • Adaptive identity

  • Threat scope reduction

  • Policy-driven access control

  • Implicit trust zones

Correct answer: Adaptive identity

Adaptive identity takes context into account when granting access rights. It considers factors such as where the user is logging in from, what device they are using, and whether their device meets security standards. 

Threat scope reduction refers to limiting the attack surface that can be exploited in a breach. Policy-driven access control refers to the automation of enforcing security policies. Implicit trust zones are areas where explicit verification is not required.

78.

Acme Manufacturing is working on a new web portal that will provide customers with an intuitive and easy-to-use application. The developer is working on implementing input validation to the username and password fields to ensure security. 

Of the following, what should the developer do for this to be effective?

  • Perform server-side validation

  • Perform client-side validation

  • Only validate passwords

  • Only validate usernames

Correct answer: Perform server-side validation

When configuring input validation, it is important to note that server-side validation should be the default because client-side validation can be modified. Server-side validation should always be used, but it can be coupled with client-side validation. Using both client-side and server-side validation does have benefits; it can provide a quicker response and more security. The client-side validation prevents round-trip communications to the server, and the server-side validation acts as the final check before the server uses the data.

Applications should not use client-side validation alone, as it can be bypassed. All fields should be validated.

79.

Which of the following access control methods is the default for most operating systems?

  • DAC

  • MAC

  • RBAC

  • ABAC

Correct answer: DAC

Discretionary access control (DAC) is when the owner of a particular resource configures access controls for it. This is the default access control model for most operating systems.

Mandatory access control (MAC) is when every resource is given a classification label, and every entity is assigned a certain clearance level. This is the form of access control used by the government and military (e.g., Classified, Secret, and Top Secret). Role-based access control (RBAC) defines roles for different entities and assigns permissions to a role. A user's permissions are then determined when they are assigned a role. Rule-based access control (RuBAC) defines access control lists (ACLs) such as allowlists or blocklists that specifically allow or block certain actions. Attribute-based access control (ABAC) manages access by assigning attributes to entities and defining rules using these attributes to manage access.

80.

Which of the following threat vectors is MOST commonly exploited?

  • Email

  • Removable devices

  • Voice call

  • Supply chain

Correct answer: Email

Attackers can easily send email, spam, and phishing messages to mailing lists. If only a few users fall for the attack, they can gain login credentials to start their attacks.

Removable device attacks include distributing injected USB drives. Voice call attacks can be used to conduct vishing. Supply chain attacks are sophisticated, indirect attacks.