Question 1

A security auditor is testing perimeter security in a building that is protected by badge readers. Which of the following types of attacks would MOST likely gain access?

Accepted Answer

Tailgating involves an unauthorized person following an authorized person into a secure area, bypassing security measures like badge readers.

Question 2

Which of the following methods minimizes the system interaction when gathering information to conduct a vulnerability assessment of a router?

Accepted Answer

Downloading the configuration minimizes system interaction as it involves accessing existing data without actively probing or scanning the router, thus reducing the risk of impacting its operation.

Question 3

A bank is experiencing a DoS attack against an application designed to handle 500 IP-based sessions. in addition, the perimeter router can only handle 1Gbps of traffic. Which of the following should be implemented to prevent a DoS attacks in the future?

Accepted Answer

The answer of A bank is experiencing a DoS attack...

Question 4

When sending messages using symmetric encryption, which of the following must happen FIRST?

Accepted Answer

Before exchanging keys or establishing digital signatures, both parties must first agree on the encryption method to ensure compatibility and security.

Question 5

A bank uses a wireless network to transmit credit card purchases to a billing system. Which of the following would be MOST appropriate to protect credit card information from being accessed by unauthorized individuals outside of the premises?

Accepted Answer

A Faraday cage is designed to block electromagnetic fields, which can prevent unauthorized access to wireless network transmissions, thereby protecting sensitive information like credit card data.

Question 6

Which of the following authentication concepts is a gait analysis MOST closely associated?

Accepted Answer

Gait analysis is related to "Something you do" as it involves analyzing the way a person walks, which is a behavioral characteristic.

Question 7

A security administrator suspects that a DDoS attack is affecting the DNS server. The administrator accesses a workstation with the hostname of workstation01 on the network and obtains the following output from the ipconfig command:  The administrator successfully pings the DNS server from the workstation. Which of the following commands should be issued from the workstation to verify the DDoS attack is no longer occuring?

Accepted Answer

The answer of A security administrator suspects that a DDoS...

Question 8

An external attacker can modify the ARP cache of an internal computer. Which of the following types of attacks is described?

Accepted Answer

This describes an ARP spoofing attack, where an attacker sends falsified ARP messages to a local network to associate their MAC address with the IP address of another device, allowing them to intercept, modify, or block data intended for that IP address.

Question 9

A group of developers is collaborating to write software for a company. The developers need to work in subgroups and control who has access to their modules. Which of the following access control methods is considered user-centric?

Accepted Answer

Discretionary Access Control (DAC) is user-centric because it allows the owner of the resource to decide who can access it, giving users control over their own data and resources.

Question 10

A business sector is highly competitive, and safeguarding trade secrets and critical information is paramount. On a seasonal basis, an organization employs temporary hires and contractor personnel to accomplish its mission objectives. The temporary and contract personnel require access to network resources only when on the clock. Which of the following account management practices are the BEST ways to manage these accounts?

Accepted Answer

Employing time-of-day restrictions ensures that temporary and contract personnel only have access to network resources when they are on the clock, which helps to safeguard trade secrets and critical information.

Question 11

A company stores highly sensitive data files used by the accounting system on a server file share. The accounting system uses a service account named accounting-svc to access the file share. The data is protected will a full disk encryption, and the permissions are set as follows: File system permissions: Users = Read Only Share permission: accounting-svc = Read Only Given the listed protections are in place and unchanged, to which of the following risks is the data still subject?

Accepted Answer

The answer of A company stores highly sensitive data files...

Question 12

A security administrator installed a new network scanner that identifies new host systems on the network. Which of the following did the security administrator install?

Accepted Answer

Rogue system detection is used to identify unauthorized or new host systems on a network, which matches the description of the installed network scanner.

Question 13

A technician is configuring a load balancer for the application team to accelerate the network performance of their applications. The applications are hosted on multiple servers and must be redundant. Given this scenario, which of the following would be the BEST method of configuring the load balancer?

Accepted Answer

The answer of A technician is configuring a load balancer...

Question 14

Which of the following is a compensating control that will BEST reduce the risk of weak passwords?

Accepted Answer

Requiring the use of one-time tokens is a compensating control that can significantly reduce the risk of weak passwords by adding an additional layer of security through multi-factor authentication.

Question 15

Every morning, a systems administrator monitors failed login attempts on the company's log management server. The administrator notices the DBAdmin account has five failed username and/or password alerts during a ten-minute window. The systems administrator determines the user account is a dummy account used to attract attackers. Which of the following techniques should the systems administrator implement?

Accepted Answer

A honeypot is a security mechanism set to detect, deflect, or counteract attempts at unauthorized use of information systems, which aligns with the use of a dummy account to attract attackers.

Question 16

A systems administrator has isolated an infected system from the network and terminated the malicious process from executing. Which of the following should the administrator do NEXT according to the incident response process?

Accepted Answer

The answer of A systems administrator has isolated an infected...

Question 17

A security analyst receives a notification from the IDS after working hours, indicating a spike in network traffic. Which of the following BEST describes this type of IDS?

Accepted Answer

An anomaly-based IDS detects unusual patterns or spikes in network traffic that deviate from the normal behavior, which is why it would alert the analyst about a spike in traffic.

Question 18

Several workstations on a network are found to be on OS versions that are vulnerable to a specific attack. Which of the following is considered to be a corrective action to combat this vulnerability?

Accepted Answer

Installing a vendor-supplied patch is a corrective action that directly addresses and fixes the vulnerability in the OS versions.

Question 19

Which of the following scenarios BEST describes an implementation of non-repudiation?

Accepted Answer

Non-repudiation ensures that a sender cannot deny having sent a message. A digitally signed email provides proof of the sender's identity and the integrity of the message, thus implementing non-repudiation.

Question 20

A procedure differs from a policy in that it:

Accepted Answer

A procedure provides detailed, step-by-step instructions for performing specific tasks, whereas a policy is a high-level statement that outlines the company's position on a topic.

Exam 15: CompTIA Security+