Question 1

A security analyst is emailing PII in a spreadsheet file to an audit validator for after-actions related to a security assessment. The analyst must make sure the PII data is protected with the following minimum requirements: Ensure confidentiality at rest. Ensure the integrity of the original email message. Which of the following controls would ensure these data security requirements are carried out?

Accepted Answer

Encrypting and signing the email using S/MIME ensures confidentiality at rest through encryption and integrity of the original email message through digital signing.

Question 2

A security administrator is investigating a possible account compromise. The administrator logs onto a desktop computer, executes the command notepad.exe c:\Temp\qkakforlkgfkja.1og , and reviews the following: Lee,\rI have completed the task that was assigned to me\rrespectfully\rJohn\r https://www.portal.com \rjohnuser\rilovemycat2 Given the above output, which of the following is the MOST likely cause of this compromise?

Accepted Answer

The presence of a log file with sensitive information such as a username and password suggests that a keylogger was used to capture this data.

Question 3

A security administrator needs to conduct a full inventory of all encryption protocols and cipher suites. Which of the following tools will the security administrator use to conduct this inventory MOST efficiently?

Accepted Answer

The answer of A security administrator needs to conduct a...

Question 4

Which of the following BEST describes the purpose of authorization?

Accepted Answer

Authorization is the process of granting or denying specific permissions to a resource, and it occurs after authentication, which verifies the identity of a user.

Question 5

A penetration tester is checking to see if an internal system is vulnerable to an attack using a remote listener. Which of the following commands should the penetration tester use to verify if this vulnerability exists? (Choose two.)

Accepted Answer

The penetration tester can use "nc" (netcat) to establish a connection to a remote listener and "nmap" to scan for open ports and services that might be vulnerable to such an attack.

Question 6

While reviewing system logs, a security analyst notices that a large number of end users are changing their passwords four times on the day the passwords are set to expire. The analyst suspects they are cycling their passwords to circumvent current password controls. Which of the following would provide a technical control to prevent this activity from occurring?

Accepted Answer

Set password aging requirements would prevent users from changing their passwords multiple times on the day they are set to expire.

Question 7

A manager makes an unannounced visit to the marketing department and performs a walk-through of the office. The manager observes unclaimed documents on printers. A closer look at these documents reveals employee names, addresses, ages, birth dates, marital/dependent statuses, and favorite ice cream flavors. The manager brings this to the attention of the marketing department head. The manager believes this information to be PII, but the marketing head does not agree. Having reached a stalemate, which of the following is the MOST appropriate action to take NEXT?

Accepted Answer

The privacy officer is responsible for handling issues related to personal information and can provide an authoritative decision on whether the information is considered PII and how to address the situation.

Question 8

The network information for a workstation is as follows:  When the workstation's user attempts to access www. example .com , the URL that actually opens is notexample . The user successfully connects to several other legitimate URLs. Which of the following have MOST likely occurred? (Choose two.)

Accepted Answer

The answer of The network information for a workstation is...

Question 9

A systems administrator has installed a new UTM that is capable of inspecting SSL/TLS traffic for malicious payloads. All inbound network traffic coming from the Internet and terminating on the company's secure web servers must be inspected. Which of the following configurations would BEST support this requirement?

Accepted Answer

The web servers' CA full certificate chain must be installed on the UTM to allow it to decrypt and inspect the SSL/TLS traffic properly.

Question 10

Which of the following is an example of federated access management?

Accepted Answer

Federated access management involves using a single set of credentials to access multiple systems or applications, often through a trusted third-party service, such as using a popular website login to access another website.

Question 11

Which of the following provides PFS?

Accepted Answer

DHE (Diffie-Hellman Ephemeral) provides Perfect Forward Secrecy (PFS) by using temporary, ephemeral keys for each session.

Question 12

An organization's policy requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol. This policy is enforced with technical controls, which also prevents users from using any of their previous 12 passwords. The quantization does not use single sign-on, nor does it centralize storage of passwords. The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has been detected for that separate system. Account login has been detected for users who are on vacation. Which of the following BEST describes what is happening?

Accepted Answer

The answer of An organization's policy requires users to create...

Question 13

A systems administrator is increasing the security settings on a virtual host to ensure users on one VM cannot access information from another VM. Which of the following is the administrator protecting against?

Accepted Answer

The administrator is protecting against VM escape, which is a security issue where a user or malware on one VM can access the host or other VMs.

Question 14

A security administrator is implementing a secure method that allows developers to place files or objects onto a Linux server. Developers are required to log in using a username, password, and asymmetric key. Which of the following protocols should be implemented?

Accepted Answer

SFTP (SSH File Transfer Protocol) uses SSH to provide secure file transfer and requires authentication methods such as username, password, and asymmetric keys, making it suitable for the scenario described.

Question 15

A security administrator receives alerts from the perimeter UTM. Upon checking the logs, the administrator finds the following output: Time: 12/25 0300 From Zone: Untrust To Zone: DMZ Attacker: externalip.com Victim: 172.16.0.20 To Port: 80 Action: Alert Severity: Critical When examining the PCAP associated with the event, the security administrator finds the following information: Which of the following actions should the security administrator take?

Accepted Answer

The <script> data in the PCAP file contains malicious code that can be used to exploit a cross-site scripting (XSS) vulnerability. By manually copying the <script> data from the PCAP file and generating a blocking signature in the HIDS, the security administrator can block future events of this type from occurring.

Question 16

A technician is required to configure updates on a guest operating system while maintaining the ability to quickly revert the changes that were made while testing the updates. Which of the following should the technician implement?

Accepted Answer

Snapshots allow the technician to capture the current state of the virtual machine, including the guest operating system, before making changes. This enables quick reversion to the pre-update state if needed.

Question 17

Which of the following is a security consideration for IoT devices?

Accepted Answer

IoT devices often come with built-in accounts that are rarely accessed or changed by users, making them vulnerable to unauthorized access if default credentials are not changed.

Question 18

A company is experiencing an increasing number of systems that are locking up on Windows startup. The security analyst clones a machine, enters into safe mode, and discovers a file in the startup process that runs Wstart.bat. @echo off :asdhbawdhbasdhbawdhb start notepad.exe start calculator.exe goto asdhbawdhbasdhbawdhb Given the file contents and the system's issues, which of the following types of malware is present?

Accepted Answer

The batch file is designed to repeatedly open Notepad and Calculator, which is a behavior typical of a logic bomb, as it triggers a specific action under certain conditions.

Question 19

A Chief Information Officer (CIO) is concerned that encryption keys might be exfiltrated by a contractor. The CIO wants to keep control over key visibility and management. Which of the following would be the BEST solution for the CIO to implement?"

Accepted Answer

A Hardware Security Module (HSM) is a physical device that provides secure generation, storage, and management of encryption keys, ensuring that the keys are protected from unauthorized access and exfiltration.

Question 20

An organization wishes to allow its users to select devices for business use but does not want to overwhelm the service desk with requests for too many different device types and models. Which of the following deployment models should the organization use to BEST meet these requirements?

Accepted Answer

The Choose Your Own Device (CYOD) model allows users to select from a pre-approved list of devices, which helps manage the variety of devices and reduces the burden on the service desk.

Exam 15: CompTIA Security+