Question 1

Which of the following should a security analyst perform FIRST to determine the vulnerabilities of a legacy system?

Accepted Answer

A passive scan is the least intrusive method to identify vulnerabilities, making it suitable for legacy systems that may be sensitive to more aggressive scanning techniques.

Question 2

A systems administrator wants to generate a self-signed certificate for an internal website. Which of the following steps should the systems administrator complete prior to installing the certificate on the server?

Accepted Answer

The answer of A systems administrator wants to generate a...

Question 3

Which of the following is the BEST reason to run an untested application is a sandbox?

Accepted Answer

Running an untested application in a sandbox isolates it from the host system, preventing it from acquiring escalated privileges and accessing or potentially harming the host system.

Question 4

A hacker has a packet capture that contains:  Which of the following tools will the hacker use against this type of capture?

Accepted Answer

The answer of A hacker has a packet capture that...

Question 5

Ann is the IS manager for several new systems in which the classifications of the systems' data are being decided. She is trying to determine the sensitivity level of the data being processed. Which of the following people should she consult to determine the data classification?

Accepted Answer

The data owner is responsible for determining the classification level of the data, as they understand the data's value and sensitivity.

Question 6

Which of the following solutions should an administrator use to reduce the risk from an unknown vulnerability in a third-party software application?

Accepted Answer

Sandboxing isolates the application in a controlled environment, reducing the risk of unknown vulnerabilities affecting the rest of the system.

Question 7

A user typically works remotely over the holidays using a web-based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. Which of the following is MOST likely the cause?

Accepted Answer

The most likely cause of untrusted host errors when using a web-based VPN is an expired certificate, as this would prevent the establishment of a secure connection.

Question 8

An organization plans to implement multifactor authentication techniques within the enterprise network architecture. Each authentication factor is expected to be a unique control. Which of the following BEST describes the proper employment of multifactor authentication?

Accepted Answer

Multifactor authentication requires using two or more different types of factors: something you know (e.g., PIN), something you have (e.g., proximity card), and something you are (e.g., fingerprint scanner). Option A uses all three types.

Question 9

A network administrator needs to allocate a new network for the R&D group. The network must not be accessible from the Internet regardless of the network firewall or other external misconfigurations. Which of the following settings should the network administrator implement to accomplish this?

Accepted Answer

Configure the OS default TTL to 1 will prevent packets from reaching the Internet because the TTL will expire before they reach their destination.

Question 10

A user downloads and installs an MP3 converter, and runs the application. Upon running the application, the antivirus detects a new port in a listening state. Which of the following has the user MOST likely executed?

Accepted Answer

The user has most likely executed a RAT (Remote Access Trojan), which often opens a new port to allow remote access to the infected system.

Question 11

An attacker exploited a vulnerability on a mail server using the code below.  Which of the following BEST explains what the attacker is doing?

Accepted Answer

The answer of An attacker exploited a vulnerability on a...

Question 12

A security analyst is acquiring data from a potential network incident. Which of the following evidence is the analyst MOST likely to obtain to determine the incident?

Accepted Answer

Traffic and logs are most likely to provide information about network incidents, as they contain records of network activity and can help identify suspicious behavior.

Question 13

A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port. Upon investigation, the origin host that initiated the socket shows this output:  Given the above output, which of the following commands would have established the questionable socket?

Accepted Answer

The answer of A cybersecurity analyst is looking into the...

Question 14

Which of the following describes the key difference between vishing and phishing attacks?

Accepted Answer

Vishing attacks are specifically conducted using telephony services, such as phone calls, whereas phishing typically involves email or other online communication methods.

Question 15

Which of the following components of printers and MFDs are MOST likely to be used as vectors of compromise if they are improperly configured?

Accepted Answer

Embedded web servers in printers and MFDs can be accessed remotely and, if improperly configured, can be exploited by attackers to gain unauthorized access or control over the device.

Question 16

Attackers have been using revoked certificates for MITM attacks to steal credentials from employees of Company.com. Which of the following options should Company.com implement to mitigate these attacks?

Accepted Answer

OCSP stapling helps mitigate MITM attacks by allowing the server to provide a time-stamped OCSP response, ensuring the client that the certificate is still valid without having to contact the certificate authority directly.

Question 17

Which of the following is used to validate the integrity of data?

Accepted Answer

MD5 is a cryptographic hash function used to verify data integrity by producing a fixed-size hash value from input data.

Question 18

A technician receives a device with the following anomalies: Frequent pop-up ads Show response-time switching between active programs Unresponsive peripherals The technician reviews the following log file entries: File Name Source MD5 Target MD5 Status antivirus.exe F794F21CD33E4F57890DDEA5CF267ED2 F794F21CD33E4F57890DDEA5CF267ED2 Automatic iexplore.exe 7FAAF21CD33E4F57890DDEA5CF29CCEA AA87F21CD33E4F57890DDEAEE2197333 Automatic service.exe 77FF390CD33E4F57890DDEA5CF28881F 77FF390CD33E4F57890DDEA5CF28881F Manual USB.exe E289F21CD33E4F57890DDEA5CF28EDC0 E289F21CD33E4F57890DDEA5CF28EDC0 Stopped Based on the above output, which of the following should be reviewed?

Accepted Answer

The target MD5 for iexplore.exe does not match the source MD5, indicating a potential file integrity issue.

Question 19

Which of the following controls allows a security guard to perform a post-incident review?

Accepted Answer

Corrective controls allow for a post-incident review to identify and address the root cause of an incident and prevent similar incidents from occurring in the future.

Question 20

When it comes to cloud computing, if one of the requirements for a project is to have the most control over the systems in the cloud, which of the following is a service model that would be BEST suited for this goal?

Accepted Answer

Infrastructure as a Service (IaaS) provides the most control over the systems in the cloud, as it allows users to manage virtual machines, storage, and networks, giving them control over the operating systems and applications.

Exam 15: CompTIA Security+