Question 1

An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operations in a:

Accepted Answer

A disaster recovery plan specifically addresses the restoration of IT operations after a disaster, such as a flood, making it the most relevant document for this concern.

Question 2

A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the Internet. While reviewing logs and tool output, the analyst sees the following:  Which of the following attacks has occurred?

Accepted Answer

The answer of A security analyst is investigating an incident...

Question 3

A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization's vulnerabilities. Which of the following would BEST meet this need?

Accepted Answer

CVSS (Common Vulnerability Scoring System) is designed to convey the severity of vulnerabilities, making it ideal for communicating risk levels to leadership.

Question 4

A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a protected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability?

Accepted Answer

Application whitelisting would be most effective as it restricts the execution of unauthorized software, thereby preventing malicious users from installing and executing unwanted software on the terminal.

Question 5

A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?

Accepted Answer

RAID 10 combines RAID 1 (mirroring) and RAID 0 (striping), providing both high read speeds and fault tolerance.

Question 6

A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?

Accepted Answer

The answer of A software developer needs to perform code-execution...

Question 7

When selecting a technical solution for identity management, an architect chooses to go from an in-house solution to a third-party SaaS provider. Which of the following risk management strategies is this an example of?

Accepted Answer

Transference involves shifting the risk to a third party, such as using a SaaS provider to handle identity management instead of managing it in-house.

Question 8

An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns , but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server?

Accepted Answer

The answer of An organization's help desk is flooded with...

Question 9

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy?

Accepted Answer

Mobile device management (MDM) is the best solution as it allows the company to manage, secure, and enforce policies on user devices, ensuring company information is protected.

Question 10

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?

Accepted Answer

The answer of A company recently experienced a data breach...

Question 11

A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two-drive failure for better fault tolerance. Which of the following RAID levels should the administrator select?

Accepted Answer

The answer of A cybersecurity administrator needs to add disk...

Question 12

After a ransomware attack, a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?

Accepted Answer

The answer of After a ransomware attack, a forensics company...

Question 13

A security analyst discovers that a company's username and password database was posted on an Internet forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Accepted Answer

Implementing salting and hashing ensures that even if the database is exfiltrated, the passwords are not stored in plain text, making it difficult for attackers to use them.

Question 14

A systems administrator needs to implement an access control scheme that will allow an object's access policy to be determined by its owner. Which of the following access control schemes BEST fits the requirements?

Accepted Answer

Discretionary Access Control (DAC) allows the owner of the resource to determine who can access it, fitting the requirement of allowing an object's access policy to be determined by its owner.

Question 15

An analyst visits an Internet forum looking for information about a tool. The analyst finds a thread that appears to contain relevant information. One of the posts says the following:  Which of the following BEST describes the attack that was attempted against the forum readers?

Accepted Answer

The answer of An analyst visits an Internet forum looking...

Question 16

A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the Internet all day. Which of the following would MOST likely show where the malware originated?

Accepted Answer

DNS logs would most likely show where the malware originated because they can provide information about the domain names that were resolved during Joe's internet browsing, potentially identifying malicious sites that were accessed.

Question 17

A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?

Accepted Answer

An air gap is the best solution as it physically isolates the system from any network, ensuring that sensitive designs are not accessible via corporate networks or the Internet.

Question 18

Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?

Accepted Answer

Data masking is a technique used to create a version of data that looks real but is not, allowing it to be used safely in testing and training environments without exposing sensitive information.

Question 19

A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicate a directory-traversal attack has occurred. Which of the following is the analyst MOST likely seeing?

Accepted Answer

Directory-traversal attacks involve accessing files and directories outside the web root folder by using sequences like "../". The URL in option B shows such a pattern.

Question 20

Which of the following BEST explains the difference between a data owner and a data custodian?

Accepted Answer

The data owner determines how data can be used and is responsible for its governance, while the data custodian implements security measures and manages the data's technical environment.

Exam 16: CompTIA Security+ 2021