Question 1

An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following actions will help detect attacker attempts to further alter log files?

Accepted Answer

Implementing remote syslog will send log data to a separate server, making it harder for attackers to alter logs without detection.

Question 2

Which of the following would enhance the security of accessing data stored in the cloud? (Select TWO)

Accepted Answer

SAML authentication enhances security by enabling single sign-on and secure identity federation. Multifactor authentication adds an additional layer of security by requiring multiple forms of verification before granting access.

Question 3

During a third-party audit, it is determined that a member of the firewall team can request, approve, and implement a new rule-set on the firewall. Which of the following will the audit team most l likely recommend during the audit out brief?

Accepted Answer

The audit team will likely recommend a separation of duties policy to prevent a single individual from having the ability to request, approve, and implement changes, which can lead to security risks.

Question 4

An audit has revealed that database administrators are also responsible for auditing database changes and backup logs. Which of the following access control methodologies would BEST mitigate this concern?

Accepted Answer

Separation of duties ensures that no single individual has control over all aspects of any critical process, reducing the risk of errors or fraud. In this case, it would prevent database administrators from auditing their own work.

Question 5

When generating a request for a new x.509 certificate for securing a website, which of the following is the MOST appropriate hashing algorithm?

Accepted Answer

SHA (Secure Hash Algorithm) is the most appropriate hashing algorithm for generating a request for a new x.509 certificate due to its strong security properties and widespread acceptance in the industry.

Question 6

A global gaming console manufacturer is launching a new gaming platform to its customers. Which of the following controls reduces the risk created by malicious gaming customers attempting to circumvent control by way of modifying consoles?

Accepted Answer

Firmware version control and automatic updates help prevent malicious gaming customers from circumventing control by modifying consoles. Firmware version control ensures that all consoles are running the latest version of the firmware, which includes security patches and updates. Automatic updates ensure that consoles are updated automatically, without user intervention, which helps to prevent malicious customers from exploiting vulnerabilities in older versions of the firmware.

Question 7

Six months into development, the core team assigned to implement a new internal piece of software must convene to discuss a new requirement with the stake holders. A stakeholder identified a missing feature critical to the organization, which must be implemented. The team needs to validate the feasibility of the newly introduced requirement and ensure it does not introduce new vulnerabilities to the software and other applications that will integrate with it. Which of the following BEST describes what the company?

Accepted Answer

The system analysis phase of the Software Development Life Cycle (SDLC) involves gathering and analyzing requirements, including validating new requirements for feasibility and potential impacts, such as vulnerabilities.

Question 8

Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate- based authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned about the confidentiality of the mutual authentication. Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication?

Accepted Answer

The answer of Company XYZ has decided to make use...

Question 9

A remote user (User1) is unable to reach a newly provisioned corporate windows workstation. The system administrator has been given the following log files from the VPN, corporate firewall and workstation host.  Which of the following is preventing the remote user from being able to access the workstation?

Accepted Answer

The answer of A remote user (User1) is unable to...

Question 10

A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated. Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network?

Accepted Answer

VLANs allow for the logical separation of traffic on a network, which can help to improve performance and availability. By placing the VoIP traffic on a separate VLAN, it can be isolated from the rest of the data network traffic, which can help to prevent interference.

Question 11

A company is investigating a data compromise where data exfiltration occurred. Prior to the investigation, the supervisor terminates an employee as a result of the suspected data loss. During the investigation, the supervisor is absent for the interview, and little evidence can be provided form the role-based authentication system in use by the company. The situation can be identified for future mitigation as which of the following?

Accepted Answer

The answer of A company is investigating a data compromise...

Question 12

Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for internal users?

Accepted Answer

A DMZ (Demilitarized Zone) is a network structure that provides a buffer zone between the internal network and the external network, allowing external clients to access certain services while still protecting the internal network.

Question 13

A datacenter manager has been asked to prioritize critical system recovery priorities. Which of the following is the MOST critical for immediate recovery?

Accepted Answer

The operating system software is the most critical for immediate recovery as it is essential for running all other applications and services on the system. Without it, other software cannot function.

Question 14

When designing a web based client server application with single application server and database cluster backend, input validation should be performed:

Accepted Answer

Input validation should be performed on the application server to ensure security and integrity before processing or storing data, as client-side validation can be bypassed.

Question 15

A security analyst has set up a network tap to monitor network traffic for vulnerabilities. Which of the following techniques would BEST describe the approach the analyst has taken?

Accepted Answer

The answer of A security analyst has set up a...

Question 16

A company's loss control department identifies theft as a recurring loss type over the past year. Based on the department's report, the Chief Information Officer (CIO) wants to detect theft of datacenter equipment. Which of the following controls should be implemented?

Accepted Answer

Cameras can help monitor and record activities in the datacenter, providing evidence and deterrence against theft.

Question 17

Which of the following can be used to control specific commands that can be executed on a network infrastructure device?

Accepted Answer

TACACS+ (Terminal Access Controller Access-Control System Plus) is a protocol used to control and manage access to network devices, allowing for specific command authorization and accounting.

Question 18

Which of the following techniques can be bypass a user or computer's web browser privacy settings? (Choose two.)

Accepted Answer

The answer of Which of the following techniques can be...

Question 19

Due to regulatory requirements, a security analyst must implement full drive encryption on a Windows file server. Which of the following should the analyst implement on the system to BEST meet this requirement? (Choose two.)

Accepted Answer

To implement full drive encryption on a Windows file server, the analyst should ensure the hardware supports TPM (Trusted Platform Module) and enable it in the BIOS, as TPM is used by BitLocker to securely store encryption keys. Additionally, enabling and configuring BitLocker on the drives will provide full drive encryption, meeting the regulatory requirements.

Question 20

Ann, a college professor, was recently reprimanded for posting disparaging remarks re-grading her coworkers on a web site. Ann stated that she was not aware that the public was able to view her remakes. Which of the following security-related trainings could have made Ann aware of the repercussions of her actions?

Accepted Answer

Training on the use of social networking would inform Ann about the public nature of online posts and the potential consequences of sharing inappropriate content.

Exam 15: CompTIA Security+