Question 1

A new intern in the purchasing department requires read access to shared documents. Permissions are normally controlled through a group called "Purchasing", however, the purchasing group permissions allow write access. Which of the following would be the BEST course of action?

Accepted Answer

Creating a new group with read-only permissions ensures the intern has the necessary access without granting unnecessary write permissions.

Question 2

A security guard has informed the Chief Information Security Officer that a person with a tablet has been walking around the building. The guard also noticed strange white markings in different areas of the parking lot. The person is attempting which of the following types of attacks?

Accepted Answer

War chalking involves marking areas to indicate the presence of wireless networks, which aligns with the description of strange white markings in the parking lot.

Question 3

A penetration testing is preparing for a client engagement in which the tester must provide data that proves and validates the scanning tools' results. Which of the following is the best method for collecting this information?

Accepted Answer

Using a protocol analyzer to log all pertinent network traffic is the best method for collecting detailed information that can validate the scanning tools' results, as it captures all the data packets and interactions on the network.

Question 4

A system administrator needs to implement 802.1x whereby when a user logs into the network, the authentication server communicates to the network switch and assigns the user to the proper VLAN. Which of the following protocols should be used?

Accepted Answer

RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service. It is commonly used with 802.1x to assign users to the proper VLAN after authentication.

Question 5

A security program manager wants to actively test the security posture of a system.  The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?

Accepted Answer

A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities.

Question 6

An auditor has identified an access control system that can incorrectly accept an access attempt from an unauthorized user. Which of the following authentication systems has the auditor reviewed?

Accepted Answer

Biometric-based systems can have false acceptance rates (FAR), where unauthorized users are incorrectly accepted due to similarities in biometric data.

Question 7

Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain. Which of the following tools would aid her to decipher the network traffic?

Accepted Answer

The answer of Ann a security analyst is monitoring the...

Question 8

A company wants to host a publicly available server that performs the following functions: Evaluates MX record lookup Can perform authenticated requests for A and AAA records Uses RRSIG Which of the following should the company use to fulfill the above requirements?

Accepted Answer

DNS Security Extensions (DNSSEC) provides, among other things, cryptographic authenticity of responses using Resource Record Signatures (RRSIG) and authenticated denial of existence using Next-Secure (NSEC) and Hashed-NSEC records (NSEC3).

Question 9

A system administrator is configuring a site-to-site VPN tunnel. Which of the following should be configured on the VPN concentrator during the IKE phase?

Accepted Answer

Diffie-Hellman is used during the IKE phase to securely exchange cryptographic keys over a public channel, which is essential for establishing a secure VPN tunnel.

Question 10

A network operations manager has added a second row of server racks in the datacenter. These racks face the opposite direction of the first row of racks. Which of the following is the reason the manager installed the racks this way?

Accepted Answer

This configuration is known as "hot aisle/cold aisle" and is used to improve cooling efficiency by separating hot and cold air flows, thus optimizing the cooling system and reducing energy consumption.

Question 11

A security team wants to establish an Incident Response plan. The team has never experienced an incident. Which of the following would BEST help them establish plans and procedures?

Accepted Answer

Tabletop exercises are simulations of incident response scenarios that help teams practice and develop their response plans and procedures in a controlled environment, making them ideal for teams with no prior incident experience.

Question 12

A computer on a company network was infected with a zero-day exploit after an employee accidently opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidently opened it. Which of the following should be done to prevent this scenario from occurring again in the future?

Accepted Answer

Setting the email program default to open messages in plain text can help prevent malicious content from executing automatically when an email is opened, reducing the risk of zero-day exploits.

Question 13

An organization is moving its human resources system to a cloud services provider. The company plans to continue using internal usernames and passwords with the service provider, but the security manager does not want the service provider to have a company of the passwords. Which of the following options meets all of these requirements?

Accepted Answer

Federated authentication allows the organization to use its internal usernames and passwords without sharing them with the service provider, as it relies on a trust relationship between the organization and the provider.

Question 14

Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home. Joe is concerned that another patron of the coffee shop may be trying to access his laptop. Which of the following is an appropriate control to use to prevent the other patron from accessing Joe's laptop directly?

Accepted Answer

A host-based firewall can help prevent unauthorized access to Joe's laptop by controlling incoming and outgoing network traffic based on predetermined security rules.

Question 15

Which of the following should be used to implement voice encryption?

Accepted Answer

SRTP (Secure Real-time Transport Protocol) is specifically designed to provide encryption, message authentication, and integrity for voice and video traffic over IP networks, making it suitable for voice encryption.

Question 16

A security administrator receives notice that a third-party certificate authority has been compromised, and new certificates will need to be issued. Which of the following should the administrator submit to receive a new certificate?

Accepted Answer

A Certificate Signing Request (CSR) is submitted to a Certificate Authority (CA) to request the issuance of a new certificate.

Question 17

Anne, the Chief Executive Officer (CEO), has reported that she is getting multiple telephone calls from someone claiming to be from the helpdesk. The caller is asking to verify her network authentication credentials because her computer is broadcasting across the network. This is MOST likely which of the following types of attacks?

Accepted Answer

This scenario describes a vishing attack, which involves a fraudulent phone call attempting to obtain sensitive information by pretending to be a legitimate entity.

Question 18

A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the Internet. Which of the following should be used in the code? (Choose two.)

Accepted Answer

The answer of A software developer wants to ensure that...

Question 19

A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage. Which of the following should be implemented?

Accepted Answer

A CRL (Certificate Revocation List) can be downloaded and cached locally, allowing the server to check the validity of certificates even if there is an internet outage.

Question 20

The SSID broadcast for a wireless router has been disabled but a network administrator notices that unauthorized users are accessing the wireless network. The administer has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled. Which of the following would further obscure the presence of the wireless network?

Accepted Answer

Disabling responses to a broadcast probe request would prevent the wireless network from responding to devices that are scanning for available networks, making it harder for unauthorized users to detect the network.

Exam 15: CompTIA Security+