Question 1

A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring?

Accepted Answer

Configure the perimeter firewall to deny inbound external connections to SMB ports.

Question 2

The IT department at a university is concerned about professors placing servers on the university network in an attempt to bypass security controls. Which of the following BEST represents this type of threat?

Accepted Answer

Shadow IT refers to the use of IT systems, devices, software, applications, and services without explicit IT department approval, which aligns with professors placing unauthorized servers on the network.

Question 3

A user contacts the help desk to report the following: Two days ago, a pop-up browser window prompted the user for a name and password after connecting to the corporate wireless SSID. This had never happened before, but the user entered the information as requested. The user was able to access the Internet but had trouble accessing the department share until the next day. The user is now getting notifications from the bank about unauthorized transactions. Which of the following attack vectors was MOST likely used in this scenario?

Accepted Answer

The answer of A user contacts the help desk to...

Question 4

A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing?

Accepted Answer

The analyst is proactively searching through historical logs for indicators of compromise or specific activities mentioned in the advisory, which is a form of threat hunting.

Question 5

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable?

Accepted Answer

Self-Encrypting Drives (SED) provide encryption at the hardware level, protecting data on the drive without impacting user experience, making it suitable for organizations with low tolerance for user inconvenience.

Question 6

An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?

Accepted Answer

Chain of custody is crucial in forensic investigations to ensure that evidence is preserved, documented, and handled properly to maintain its admissibility in court.

Question 7

An analyst needs to identify the applications a user was running and the files that were open before the user's computer was shut off by holding down the power button. Which of the following would MOST likely contain that information?

Accepted Answer

The pagefile is a hidden file on a computer's hard drive that is used to store data that does not fit in the computer's RAM. When a computer is shut down by holding down the power button, the data in RAM is lost. However, the data in the pagefile is not lost, so it can be used to identify the applications that were running and the files that were open before the computer was shut down.

Question 8

A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected. Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads. Which of the following BEST describe this type of attack? (Choose two.)

Accepted Answer

DoS (Denial of Service) attacks are designed to overwhelm a system with excessive traffic, causing it to become unavailable to legitimate users. In this case, the attacker exploited a vulnerability in the SIP protocol handling on the edge routers, leading to resource exhaustion and system reloads, resulting in repeated outages.Race conditions occur when multiple threads or processes attempt to access the same resource at the same time, potentially leading to unexpected or incorrect results. In this case, the attacker may have exploited a race condition in the SIP protocol handling, causing the system to reload repeatedly.

Question 9

Which of the following is the purpose of a risk register?

Accepted Answer

A risk register is a tool used to identify risks, assign ownership, and outline measures to manage or mitigate those risks.

Question 10

An organization is developing a plan in the event of a complete loss of critical systems and data. Which of the following plans is the organization MOST likely developing?

Accepted Answer

The organization is most likely developing a Disaster Recovery plan, which is specifically designed to address the recovery and continuation of critical systems and data after a catastrophic event.

Question 11

A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?

Accepted Answer

Certain devices may have different security capabilities and vulnerabilities, requiring compensatory controls to ensure consistent security across all devices.

Question 12

To secure an application after a large data breach, an e-commerce site will be resetting all users' credentials. Which of the following will BEST ensure the site's users are not compromised after the reset?

Accepted Answer

Encrypting credentials in transit ensures that user data is protected from interception during the reset process, which is crucial after a data breach.

Question 13

Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe's identity before sending him the prize. Which of the following BEST describes this type of email?

Accepted Answer

This type of email is best described as phishing, which is a fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity in electronic communication.

Question 14

A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson's laptop. The sales department has a higher-than-average rate of lost equipment. Which of the following recommendations would BEST address the CSO's concern?

Accepted Answer

Implementing managed Full Disk Encryption (FDE) ensures that all data on the laptops is encrypted, protecting the PII even if the laptops are lost or stolen.

Question 15

In which of the following common use cases would steganography be employed?

Accepted Answer

Steganography is primarily used for obfuscation, as it involves hiding information within other non-secret data to prevent detection.

Question 16

A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

Accepted Answer

The Payment Card Industry Data Security Standard (PCI DSS) is the security standard that companies must comply with when accepting credit card payments to ensure secure handling of cardholder information.

Question 17

An organization wants to implement a third factor to an existing multifactor authentication. The organization already uses a smart card and password. Which of the following would meet the organization's needs for a third factor?

Accepted Answer

Fingerprints are a biometric factor, which is a different category from the existing factors (something you have - smart card, and something you know - password). This makes it a suitable third factor for multifactor authentication.

Question 18

Which of the following refers to applications and systems that are used within an organization without consent or approval?

Accepted Answer

Shadow IT refers to applications and systems that are used within an organization without consent or approval.

Question 19

In which of the following situations would it be BEST to use a detective control type for mitigation?

Accepted Answer

A detective control is used to identify and alert on potential security incidents. In this case, the IPS system is used to monitor traffic, which is a detective control function.

Question 20

Which of the following would MOST likely support the integrity of a voting machine?

Accepted Answer

The answer of Which of the following would MOST likely...

Exam 16: CompTIA Security+ 2021