Question 1

A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?

Accepted Answer

Network sniffer mode allows the hacker to passively capture data packets without actively interacting with the network, making it more covert than other active scanning methods.

Question 2

A company's AUP requires: Passwords must meet complexity requirements. Passwords are changed at least once every six months. Passwords must be at least eight characters long. An auditor is reviewing the following report:  Which of the following controls should the auditor recommend to enforce the AUP?

Accepted Answer

The answer of A company's AUP requires: Passwords must meet...

Question 3

An administrator is configuring access to information located on a network file server named "Bowman". The files are located in a folder named "BalkFiles". The files are only for use by the "Matthews" division and should be read-only. The security policy requires permissions for shares to be managed at the file system layer and also requires those permissions to be set according to a least privilege model. Security policy for this data type also dictates that administrator-level accounts on the system have full access to the files. The administrator configures the file share according to the following table:  Which of the following rows has been misconfigured?

Accepted Answer

The answer of An administrator is configuring access to information...

Question 4

To reduce disk consumption, an organization's legal department has recently approved a new policy setting the data retention period for sent email at six months. Which of the following is the BEST way to ensure this goal is met?

Accepted Answer

Configuring the email server to delete emails older than six months directly addresses the goal of reducing disk consumption by ensuring that emails are not retained beyond the approved period.

Question 5

An in-house penetration tester is using a packet capture device to listen in on network communications. This is an example of:

Accepted Answer

Passive reconnaissance involves gathering information without interacting with the target, such as listening to network communications using a packet capture device.

Question 6

A company is developing a new system that will unlock a computer automatically when an authorized user sits in front of it, and then lock the computer when the user leaves. The user does not have to perform any action for this process to occur. Which of the following technologies provides this capability?

Accepted Answer

Facial recognition technology can automatically identify and verify a user based on their facial features when they sit in front of the computer, enabling the system to unlock and lock without any user action.

Question 7

Which of the following AES modes of operation provide authentication? (Choose two.)

Accepted Answer

CCM and GCM provide authentication by including a message authentication code (MAC) in the ciphertext.

Question 8

A security engineer is configuring a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords. Which of the following authentication protocols MUST the security engineer select?

Accepted Answer

PEAP (Protected Extensible Authentication Protocol) supports mutual authentication and uses a secure tunnel to protect the exchange of authentication information, allowing for username and password-based authentication.

Question 9

A copy of a highly confidential salary report was recently found on a printer in the IT department. The human resources department does not have this specific printer mapped to its devices, and it is suspected that an employee in the IT department browsed to the share where the report was located and printed it without authorization. Which of the following technical controls would be the BEST choice to immediately prevent this from happening again?

Accepted Answer

Restricting access to the share where the report resides to only human resources employees and enabling auditing would directly prevent unauthorized access and printing by IT staff.

Question 10

A security analyst receives an alert from a WAF with the following payload: var data= "" ++ <../../../../../../etc/passwd>" Which of the following types of attacks is this?

Accepted Answer

The answer of A security analyst receives an alert from...

Question 11

An organization's primary datacenter is experiencing a two-day outage due to an HVAC malfunction. The node located in the datacenter has lost power and is no longer operational, impacting the ability of all users to connect to the alternate datacenter. Which of the following BIA concepts BEST represents the risk described in this scenario?

Accepted Answer

The scenario describes a Single Point of Failure (SPoF), where the failure of the primary datacenter node affects the entire system's operation, preventing users from connecting to the alternate datacenter.

Question 12

A security analyst wants to harden the company's VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring?

Accepted Answer

The answer of A security analyst wants to harden the...

Question 13

Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the following should Joe do to ensure the document is protected from eavesdropping?

Accepted Answer

Encrypting the document with Ann's public key ensures that only Ann, who has the corresponding private key, can decrypt and read the document, thus protecting it from eavesdropping.

Question 14

An employee receives an email, which appears to be from the Chief Executive Officer (CEO), asking for a report of security credentials for all users. Which of the following types of attack is MOST likely occurring?

Accepted Answer

The answer of An employee receives an email, which appears...

Question 15

A user is presented with the following items during the new-hire onboarding process: -Laptop -Secure USB drive -Hardware OTP token -External high-capacity HDD -Password complexity policy -Acceptable use policy -HASP key -Cable lock Which of the following is one component of multifactor authentication?

Accepted Answer

A hardware OTP (One-Time Password) token is a device used for multifactor authentication, providing a dynamic password that changes at regular intervals, adding an extra layer of security.

Question 16

A system's administrator has finished configuring firewall ACL to allow access to a new web server.  The security administrator confirms form the following packet capture that there is network traffic from the internet to the web server:  The company's internal auditor issues a security finding and requests that immediate action be taken. With which of the following is the auditor MOST concerned?

Accepted Answer

The answer of A system's administrator has finished configuring firewall...

Question 17

A Chief Executive Officer (CEO) suspects someone in the lab testing environment is stealing confidential information after working hours when no one else is around. Which of the following actions can help to prevent this specific threat?

Accepted Answer

The answer of A Chief Executive Officer (CEO) suspects someone...

Question 18

A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Choose two.)

Accepted Answer

The answer of A security administrator suspects a MITM attack...

Question 19

A security analyst notices anomalous activity coming from several workstations in the organizations. Upon identifying and containing the issue, which of the following should the security analyst do NEXT?

Accepted Answer

After identifying and containing the issue, the next step is to document findings and processes in an after-action and lessons learned report to ensure proper documentation and to improve future incident response.

Question 20

An audit takes place after company-wide restricting, in which several employees changed roles. The following deficiencies are found during the audit regarding access to confidential data:  Which of the following would be the BEST method to prevent similar audit findings in the future?

Accepted Answer

The answer of An audit takes place after company-wide restricting,...

Exam 15: CompTIA Security+