Security+ (SY0-601) Test Your Readiness (75 Questions) Old

Employees in the Springfield Emergency Management department reported receiving a similar suspicious email. The email included a malicious link, but the employees recently completed training on malicious threats and none of them clicked on the link. Security investigators determined the link was malicious and would have downloaded ransomware if anyone clicked the link. Which of the following BEST describes the email?

Homer is complaining that his system began acting erratically after he visited the comptia.org web site. After checking the proxy server logs, you determine that he was visiting the comptai.org web site and this web site downloaded suspicious files to his computer. Which of the following is the MOST likely explanation for this activity?

An organization’s security policy requires employees to place all discarded paper documents in containers for temporary storage. These papers are later burned in an incinerator. Which of the following attacks are these actions MOST likely trying to prevent?

Lisa is a database administrator and received a phone call from someone identifying himself as a technician working with a known hardware vendor. He said he’s calling customers to inform them of a problem with database servers they’ve sold, but he said the problem only affects servers running a specific operating system version. He asks Lisa what operating system versions the company is running on their database servers. Which of the following choices is the BEST response from Lisa?

Homer has been looking for the newest version of a popular smartphone. However, he can’t find it in stock anywhere. Today, he received an email advertising the smartphone. After clicking the link, his system was infected with malware. Which of the following principles is the email sender employing?

A security administrator at a shopping mall discovered two wireless cameras pointing at an automatic teller machine. These cameras were not installed by mall personnel and are not authorized. What is the MOST likely goal of these cameras?

Marge reports that she keeps receiving unwanted emails inviting her to respond to surveys. What does this describe?

Bart’s supervisor told him to clean his desk to comply with the organization’s clean desk space policy. While doing so, he threw several papers containing PII into the recycle bin. Which type of attack can exploit this action?

Bart is in a break area outside the office. He told Lisa that he forgot his badge inside and asked Lisa to let him follow her when she goes back inside. Which of the following does this describe?

Lisa is a database administrator. She received a phone call from someone identifying himself as a representative from a known hardware vendor. He said he’s calling customers to inform them of a problem with database servers they’ve sold, but he said the problem only affects servers running a specific operating system version. He asks Lisa what operating system versions the company is running on their database servers. Which of the following BEST describes the tactic used by the caller in this scenario?

Your organization’s CFO recently received an email indicating the organization is being sued. More, the email names her specifically as a defendant in the lawsuit. It includes an attachment described as a subpoena and encourages her to open for more information. Which of the following BEST describes the social engineering principle used by the sender in this scenario?

A man in a maintenance uniform walked up to your organization’s receptionist desk. He said he was called by the CIO and asked to fix an issue with the phones and needed access to the wiring closet. The receptionist asked the man to show his building access badge and then she verified that he was on the list of approved personnel to access this secure area. What type of attack will the checks performed by the receptionist prevent?

Homer received a text message on his smart phone that appeared to come from Google. It indicated a problem with his account, said it will send him a verification code, and encouraged him to reply to the text with the code. It also stated that his account would be permanently locked if he didn’t provide the code. Which of the following BEST describes this activity?

Your SIEM system sent an alert related to many failed logins. Reviewing the logs, you notice login failures for about 100 different accounts. The logs then show the same accounts indicate login failures starting about three hours after the first login failure. Which of the following BEST describes this activity?

Dr. Bob installed code designed to run if he ever lost his job as a sidekick on a television show. The code will create a new account with credentials that only he knows three days after his original account is deleted. Which type of account does this code create?

Dr. Terwilliger installed code designed to enable his account automatically if he ever lost his job as a sidekick on a television show. The code is designed to reenable his account three days after it is disabled. Which of the following does this describe?

You are reviewing security controls and their usefulness. You notice that account lockout policies are in place. Which of the following attacks will these policies thwart? (Select TWO.)

Lisa completed an antivirus scan on a server and detected a Trojan. She removed the Trojan but was concerned that unauthorized personnel might still be able to access data on the server and decided to check the server further. Of the following choices, what is she MOST likely looking for on this server?

Employees at the Marvin Monroe Memorial Hospital are unable to access any computer data. Instead, they occasionally see a message indicating that attackers encrypted all the data and it would remain encrypted until the attackers received a hefty sum as payment. Which of the following BEST describes this attack?

After Bart logged onto his computer, he was unable to access any data. Instead, his screen displayed a message indicating that unless he made a payment, his hard drive would be formatted, and he’d permanently lose access to his data. What does this indicate?

Security administrators recently discovered suspicious activity within your network. After investigating the activity, they discovered malicious traffic from outside your network connecting to a server within your network. They determined that a malicious threat actor used this connection to install malware on the server and the malware is collecting data and sending it out of the network. Which of the following BEST describes the type of malware used by the threat actor?

Your SIEM system alerted on potential malicious activity from a system in your network. After investigating the alert, you determine it was generated after it detected suspicious activity generated through a PowerShell script. Additionally, you verified that the system is sending traffic to and from an unknown IP address in the Internet. Which of the following is the BEST description of this threat?

Bart downloaded and installed the nmap security scanner from https://passsecurityplus.com. After completing the install, he noticed that his browser’s home page and default search engine was changed. What is the MOST likely cause of the activity?

Homer complained of abnormal activity on his workstation. After investigating, an administer discovered his workstation is connecting to systems outside the organization’s internal network using uncommon ports. The administrator discovered the workstation is also running several hidden processes. Which of the following choices BEST describe this activity?

While reviewing logs on a web server hosted by your organization you notice multiple logon failures to an FTP account but they’re only happening about once every 30 minutes. You also see that the same password is being tried against the SSH account right after the FTP account logon failure. What BEST describes what is happening?

Maggie was on the programming team that developed an application used by your Human Resources department. Personnel use this application to store and manage employee data. Maggie programmed in the ability to access this application with a username and password that only she knows, so that she can perform remote maintenance on the application if necessary. Which of the following does this describe?

Recently, malware on a computer at the Monty Burns Casino destroyed several important files after it detected that Homer was no longer employed at the casino. Which of the following BEST identifies this malware?

Logs on a web server show that it is receiving a significant number of SYN packets from multiple sources on the Internet, but it isn’t receiving the corresponding ACK packets. Of the following choices, what is the MOST likely source of these packets?

An attacker has captured a database filled with hashes of randomly generated passwords. Which of the following attacks is MOST likely to crack the largest number of passwords in this database in the shortest amount of time?

While reviewing logs for a web application, a security analyst notices that it has crashed several times reporting a memory error. Shortly after it crashes, the logs show malicious code that isn’t part of a known application. Which of the following is MOST likely occurring?

Going through logs, you notice a suspicious script that includes phrases such as cn=SQL1, dc=gcga, dc=com. You suspect that it is part of an injection attack. Which of the following BEST identifies the type of injection attack this could be?

Web developers are implementing error handling in a database application accessed by a web server. Which of the following would be the BEST way to implement this?

Some protocols include sequence numbers and timestamps. Which of the following attacks are thwarted by using these components?

You are examining logs generated by an online web application. You notice that the following phrase is appearing in several queries
‘ or ‘1’=’1’ —
Which of the following is the MOST likely explanation for this?

An application on one of your database servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing, the database application is receiving a long series of x90 characters. What is MOST likely occurring?

You’re reviewing the logs for a web server and see several suspicious entries. You suspect that an attacker is attempting to write more data into a web application’s memory than it can handle. What does this describe?

Hacker Harry has an account on a website that he uses when posting comments. When he visits, he enters his username and password to log on and the site displays his username with any comments he makes. Today, he noticed that he could enter JavaScript code as part of his username. After entering the code, other users experienced unexpected results when hovering over his username. What does this describe?

Management recently mandated that computer monitors must be positioned so that they cannot be viewed from outside any windows. Additionally, users are directed to place screen filters over their monitors. What is the purpose of this policy?

Attackers recently sent some malicious emails to the CFO within your organization. These emails have forged From blocks and look like they are coming from the CEO of the organization. They include a PDF file that is described as an unpaid invoice. However, the PDF is infected with malware. Which of the following BEST describes the attack type in this scenario?

Users are complaining about intermittent connectivity with a web server. After examining the logs, you identify a large volume of connection attempts from public IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring?

A coffee shop recently stopped broadcasting the SSID (coffeewifi) for their wireless network. Instead, paying customers can view it on their receipt and use it to connect to the coffee shop’s wireless network. Today, Lisa turned on her laptop computer and saw the SSID coffewifi and connected to it. Which of the following is the MOST likely reason why?

Mobile users in your network report that they frequently lose connectivity with the wireless network on some days, but on other days they don’t have any problems. You suspect this is due to an attack. Which of the following is MOST likely an attack that could cause this problem?

Your SIEM sent an alert after detecting the following script was run on a system within your network.
invoke-command {
$a = net localgroup administrators |
where {$_ -AND $_ -notmatch “command completed”} |
select -skip 4 }
What BEST describes this script?

An IDS has sent multiple alerts in response to increased traffic. Upon investigation, you realize it is due to a spike in network traffic from several sources. Assuming this is malicious, which of the following is the MOST likely explanation?

The Marvin Monroe Memorial Hospital recently suffered a serious attack preventing employees from accessing any computer data. The attackers scattered ReadMe files throughout the network that appeared on user screens. They indicated that the attackers encrypted all the data and it would remain encrypted until the attackers received a hefty sum as payment. Which of the following identifies the MOST likely threat actor in this attack?

A tech company recently discovered an attack on its organization, resulting in a significant data breach of customer data. After investigating the attack, they realized it was very sophisticated and likely originated from a foreign country. Which of the following identifies the MOST likely threat actor in this attack?

Bart recently launched an attack on a company web site using scripts he found on the Internet. Which of the following BEST describes Bart as a threat actor?

An attacker purchased an exploit on the Internet. He then used it to modify the price of an item in an online shopping cart when during checkout. Which of the following BEST describes this attacker?

An attacker recently attacked a web server hosted by your company. After investigating the attack, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack?

Homer recently received a phishing email with a malicious attachment. He was curious so he opened it to see what it was. It installed malware on his system, and quickly spread to other systems in the network. Security investigators discovered that the malware exploited a vulnerability that wasn’t previously known by any trusted sources. Which of the following BEST describes this attack?

Your organization hosts an e-commerce web site used to sell digital products. You are tasked with evaluating all the elements used to support this web site. What are you performing?

Attackers recently exploited vulnerabilities in a web server hosted by your organization. Management has tasked administrators with checking the server and eliminating any weak configurations on it. Which of the following will meet this goal?

Gil Gunderson, a salesperson in your organization, received an email on his work computer that included a malicious link. After clicking the link, his computer was infected with malware. The malware was not detected by antivirus software installed on his computer, the organization’s email server, or the organization’s UTM appliance. After infecting his computer, the malware then searched the network and encrypted data in all the network shares that Gil could access. Which of the following BEST describes how this occurred?

A SQL database server was recently attacked. Cybersecurity investigators discovered the attack was self-propagating through the network. When it found the database server, it used well-known credentials to access the database. Which of the following would be the BEST action to prevent this from occurring again?

You want to identify all the services running on a server in your network. Which of the following tools is the BEST choice to meet this goal?

Your organization hired a cybersecurity expert to perform a security assessment. After running a vulnerability scan, she sees the following error on a web server:
– Host IP 192.168.1.10 OS Apache httpd 2.433 Vulnerable to mod_auth exploit

However, she verified that the mod_auth module has not been installed or enabled on the server. Which of the following BEST explains this scenario?

Lisa periodically runs vulnerability scans on the organization’s network. Lately, she has been receiving many false positives. Which of the following actions can help reduce the false positives?

Developers in your organization routinely use automated tools to identify vulnerabilities in source code. These tools occasionally identify vulnerabilities that do not exist. What does this describe?

You performed a vulnerability scan on a web application server and the scan reported that the server is missing some patches. However, after inspecting the server, you realize that the patches are for a protocol that you removed from the server. Which of the following is the BEST explanation for this disparity?

You suspect that a database server used by a web application is not up-to-date with current patches. Which of the following is the BEST action to take to verify the server has up-to-date patches?

Lisa is evaluating a web application hosted on a web server. She needs to identify potential misconfigurations and other risks on the server and the tool she uses must be non-intrusive. Which of the following is the BEST choice to meet her needs?

You recently completed a vulnerability scan on a database server. The scan didn’t report any issues. However, you know that it is missing a patch. The patch wasn’t applied because it causes problems with the database application. Which of the following BEST describes this?

You recently completed a vulnerability scan on your network. It reported that several servers are missing key operating system patches. However, after checking the servers, you’ve verified that the servers have these patches installed. Which of the following BEST describes this?

Ziffcorp is developing a new technology that they expect to become a huge success when it’s released. The CIO is concerned about someone stealing their company secrets related to this technology. Which of the following will help the CIO identify potential dangers related to the loss of this technology?

Which of the following elements are used as part of threat hunting? (Choose two.)

Security professionals are performing a penetration test on your network. After compromising a server, they use the compromised server to launch additional attacks within the network. Which of the following BEST describes this activity?

Your organization has hired outside penetration testers to identify internal network vulnerabilities. After successfully exploiting vulnerabilities in a single computer, the testers attempt to access other systems within the network. Which of the following BEST describes their current actions?

Your organization has a legacy server running a mission critical application. The application is not compatible with current operating system patches, so management has decided to let it remain unpatched. However, management wants to know if attackers can infiltrate the network, by first exploiting vulnerabilities on this server. Which of the following is the MOST appropriate action?

Your organization outsourced development of a software module to modify the functionality of an existing proprietary application. The developer completed the module and is now testing it with the entire application. What type of testing is the developer performing?

Bart, a database administrator in your organization, told you about recent attacks on the network and how they have been disrupting services and network connectivity. In response, he said he has been using Nmap to run vulnerability scans and identify vulnerabilities. Which of the following is wrong with this scenario?

Lisa has been hired as a penetration tester by your organization to test the security of a web server. She decides to start by footprinting the server. Which of the following tools will BEST help her in this phase?

The IT department at your organization recently created an isolated test network that mimics the DMZ. They then hired an outside company to perform a simulated cyber-attack on this isolated test network as part of a testing campaign. Which of the following BEST describes the role of personnel from the outside company?

Your organization regularly performs training in the form of a game mimicking an exercise. One team oversees the exercise, sets the rules, and identifies the rules of engagement. Another team uses known TTPs to exploit vulnerabilities within the rules of engagement. You are on a team dedicated to defending resources. Which of the following BEST describes your role?

Your IT department includes a subgroup of employees dedicated to cybersecurity testing. Each member of this group has knowledge of known TTPs and how to use them. Additionally, each member of this group has knowledge of security controls that would be implemented to protect network resources. Which of the following BEST describes members of this team?

Bart was in a coffee shop going through emails and messages on his smartphone. He then started receiving several text messages promoting a political party and encouraging him to visit websites. After he left the coffee shop, he didn’t receive any more messages. What does this describe?

A network administrator routinely tests the network looking for vulnerabilities. He recently discovered a new access point set to open. After connecting to it, he found he was able to access network resources. What is the BEST explanation of this device?

The Ninth National Bank of Springfield is considering an alternate location as part of its continuity of operations plan. It wants to identify a site resiliency solution that provides the shortest recovery time. Which of the following is the BEST choice?

Bart needs to send an email to his supervisor with an attachment that includes sensitive information. He wants to maintain the confidentiality of this information. Which of the following choices is the BEST choice to meet his needs?

As an administrator, you receive an antivirus alert from a server in your network indicating one of the files has a hash of known malware. The file was pushed to the server from the organization’s patch management system and is scheduled to be applied to the server early the next morning. The antivirus software indicates that the file and hash of the malware on the server is:
•        File: gcga_upgrade.exe
•        Hash: bd64571e26035d95e5e9232b4aff b915
Checking the logs of the patch management system you see the following information:
**Status           Update Name                Hash**
Pushed         gcga_upgrade.exe     b815571e26035d95e5e9232b4aff48db
Which of the following indicates what MOST likely occurred?

As a security administrator, you receive an antivirus alert from a server in your network indicating one of the files has a hash of known malware. The file was pushed to the server from the organization’s patch management system and is scheduled to be applied to the server early the next morning. The antivirus software indicates that the file and hash of the malware is:
•        File: gcga_upgrade.exe
•        Hash: 518b571e26035d95e5e9232b4affbd84
Checking the logs of the patch management system you see the following information:
**Status           Update Name                Hash**
Pushed         gcga_upgrade.exe    518b571e26035d95e5e9232b4affbd84
Which of the following indicates what MOST likely occurred?

Your organization hosts an e-commerce web site using a back-end database. The database stores product data and customer data, including credit card numbers. Which of the following is the BEST way to protect the credit card data?

Network administrators are considering adding an HSM to a server in your network. What functions will this add to the server?

Your organization plans to implement desktops via the cloud. Each desktop will include an operating system and a core group of applications needed by employees and the desktops will be managed by the cloud provider. Employees will be able to access these desktops from anywhere that has Internet access and from almost any device. Which of the following BEST identifies this service?

Maggie, the new CTO at your organization, wants to reduce costs by utilizing more cloud services. She has directed the use of a cloud service instead of purchasing all the hardware and software needed for an upcoming project. She also wants to ensure that the cloud provider maintains all the required hardware and software. Which of the following BEST describes the cloud computing service model that will meet these requirements?

The Springfield Nuclear Power Plant has created and maintains an online application used to teach the basics of nuclear physics. Only students and teachers in the Springfield Elementary School can access this application via the cloud. What type of cloud service model is this?

The Springfield school system stores some data in the cloud using its own resources. The Shelbyville Nuclear Power Plant also stores some data in the cloud using its own resources. Later, the two organizations decide to share some data in both clouds for educational purposes. Which of the following BEST describes the cloud created by these two organizations?

IT auditors have found several unmanaged VMs in a network. They discovered that these were created by administrators for testing but weren’t removed after testing was completed. Which of the following should be implemented to prevent this in the future?

Database administrators have created a database used by a web application. However, testing shows that application queries against the database take a significant amount of time. Which of the following actions is MOST likely to improve the overall performance of the database?

Your organization hosts an e-commerce web server. The server randomly experiences a high volume of sales and usage from mid-November to the end of December, causing spikes in resource usage. These spikes have resulted in outages during the past year. Which of the following should be implemented to prevent these outages?

Your organization hosts an e-commerce web server selling digital products. The server randomly experiences a high volume of sales and usage which causes spikes in resource usage. These spikes occasionally take the server down. Which of the following should be implemented to prevent these outages?

Several developers in your organization are working on a software development project. Recently, Bart made an unauthorized change to the code that effectively broke several modules. Unfortunately, there isn’t any record of who made the change or details of the change. Management wants to ensure it is easy to identify who makes any changes in the future. Which of the following provides the BEST solution for this need?

A web developer is adding input validation techniques to a web site application. Which of the following should the developer implement during this process?

Looking at logs for an online web application, you see that someone has entered the following phrase into several queries:
‘ or ‘1’=’1’ —
Which of the following provides the BEST protection against this attack?

Network administrators have identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer. You suspect the system is infected with malware. It periodically runs an application that attempts to run hping3 via remote websites. After comparing the computer with a list of applications from the master image, they verify this application is likely the problem. What allowed them to make this determination?

Management within your organization has decided to implement a biometric solution for authentication into the data center. They have stated that the biometric system needs to be highly accurate. Which of the following provides the BEST indication of accuracy with a biometric system?

Management within your organization wants to add 2FA security for users working from home. Additionally, management wants to ensure that 2FA passwords expire after 30 seconds. Which of the following choices BEST meets this requirement?

Your organization recently updated an online application that employees use to log on when working from home. Employees enter their username and password into the application from their smartphone and the application logs their location using GPS. Which type of authentication is being used?

The Marvin Monroe Memorial Hospital was recently sued after removing a kidney from the wrong patient. Hospital executives want to implement a method that will reduce medical errors related to misidentifying patients. They want to ensure medical personnel can identify a patient even if the patient is unconscious. Which of the following would be the BEST solution?

IT administrators created a VPN for employees to use while working from home. The VPN is configured to provide AAA services. Which of the following would be presented to the AAA system for identification?

You are comparing different types of authentication. Of the following choices, which one uses multifactor authentication?

Your organization’s backup policy for a file server dictates that the amount of time needed to restore backups should be minimized. Which of the following backup plans would BEST meet this need?

Management within your organization wants to increase data availability by adding redundancy to a database server. Unfortunately, they have a limited budget. Which of the following is the BEST choice to meet this requirement?

Your organization hosts e-commerce servers within the DMZ. These servers are attracting a significant increase in buyers recently, and this increased traffic has occasionally overloaded the servers, causing a temporary loss in service.  You need to identify a network design that will increase the availability of web-faced applications hosted on these servers. Which of the following choices provides the BEST solution?

Your database backup strategy includes full backups performed on Saturdays at 12:01 a.m. and differential backups performed daily at 12:01 a.m. If the database fails on Thursday afternoon, how many backups are required to restore it?

Administrators at your organization want to increase cybersecurity resilience of key servers by adding fault tolerance capabilities. However, they have a limited budget. Which of the following is the BEST choice to meet these needs?

Your organization hosts an e-commerce web site that has been receiving a significant increase in traffic. The CPU is handling the load, but the server is unable to process the bandwidth consistently. Which of the following is the BEST choice to solve this problem?

Your organization hosts several databases on two servers. Management wants to increase the redundancy of data storage for these servers.  Which of the following is the BEST choice to meet this requirement?

The backup policy for a database server states that the amount of time needed to perform backups should be minimized. Which of the following backup plans would BEST meet this need?

Compu-Global-Hyper-Mega-Net hosts a web site selling digital products. Marketing personnel have launched several successful sales. The server has been overwhelmed, resulting in slow responses from the server, and lost sales. Management wants to implement a solution that will provide cybersecurity resilience. Which of the following is the BEST choice?

Fileserver1 hosts several files accessed by users in your organization and it’s important that they can always access these files. Management wants to implement a solution to increase cybersecurity resilience. Which of the following is the LOWEST cost solution to meet this requirement?

Lisa needs to deploy a NAS server to store backups, but she has a limited budget. Which of the following is the BEST choice?

Engineers at your organization want to use embedded systems to monitor sensors in the processing plant. They can’t find any off the shelf products to meet their needs so they decide to purchase hardware that they can program. Management has given its approval but wants to limit the amount of work needed to deploy them and insists that they can be updated if needed. Which of the following will BEST meet this need?

A security professional needs to identify a physical security control that will identify individuals before allowing them to enter a secure area. Additionally, it should only allow a single person to enter at a time. Which of the following is the BEST solution?

You need to secure access to a data center. Which of the following choices provides the BEST physical security to meet this need? (Select THREE.)

Your company wants to control access to a restricted area of the building by adding an additional physical security control that includes facial recognition. Which of the following provides the BEST solution?

The Springfield Nuclear Power plant has several stand-alone computers used for monitoring. Employees log onto these computers using a local account to verify proper operation of various processes. The CIO of the organization has mandated that these computers cannot be connected to the organization’s network or have access to the Internet. Which of the following would BEST meet this requirement?

Your local library is planning to purchase new laptops that patrons can use for Internet research. However, management is concerned about possible theft. Which of the following is the BEST choice to prevent theft of these laptops?

Your organization recently landed a contract with the federal government. Developers are fine tuning an application that will process sensitive data. The contract mandates that all computers using this application must be isolated. Which of the following would BEST meet this need?

Your organization is planning to expand its cloud-based services offered to the public. In preparation, they expanded the datacenter space. It currently has one row of racks for servers, but they plan to add at least one more row of racks for servers. Engineers calculated the power and HVAC requirements and said the best way to reduce utility costs is by ensuring the two server rows are faced in the opposite direction. What is primary reason for this configuration?

Thieves recently rammed a truck through the entrance of one of your organization’s buildings in the middle of the night. They then proceeded to steal a significant amount of IT equipment. Which of the following choices can prevent this from happening again?

After performing a security audit, a security professional reported an increase in the number of tailgating violations into a secure data center. Which of the following can prevent this?

Management within your organization wants to create a small network used by executives only. They want to ensure that this network is completely isolated from the main network. Which of the following choices BEST meets this need?

Employees access the data center by entering a cipher code at the door. However, everyone uses the same code, so it does not identify individuals. After a recent security incident, management has decided to implement a key card system that will identify individuals who enter and exit this secure area. However, the installation might take six months or longer. Which of the following choices can the organization install immediately to identify individuals who enter or exit the secure area?

An online application requires users to log on with their email address and a password. The application encrypts the passwords in a hashed format. Which of the following can be added to decrease the likelihood that attackers can discover these passwords?

What is the primary difference between a block cipher and a stream cipher?

GCGA, a software development company, occasionally updates its software with major updates and minor patches. Administrators load these updates to the company web site along with a hash associated with each update. Which of the following BEST describes the purpose of the hash?

Your organization maintains a data center to store data. Management has decided to move a large amount of financial data into cloud storage to reduce costs with the data center. This data is regularly accessed and sometimes manipulated by employees, customers, and vendors around the world. Management has mandated that the data always needs to be encrypted while in the cloud. Which of the following is the BEST choice to meet these requirements?

Management has mandated the use of digital signatures by all personnel within your organization. Which of the following use cases does this support?

Lisa needs to transmit PII via email and she wants to maintain its confidentiality. Which of the following choices is the BEST solution?

An application requires users to log on with passwords. The application developers want to store the passwords in such a way that it will thwart rainbow table attacks. Which of the following is the BEST solution?

Your organization recently updated the security policy and mandated that emails sent between upper-level executives must be checked to ensure they arrive without any changes. The IT department is tasked with implementing technical controls to meet this need. Which security goal does this policy address?

Management within your organization has defined a use case to support confidentiality of data stored in a database. Which of the following solutions will BEST meet this need?

A DLP system detected confidential data being sent out via email from Bart’s account. However, he denied sending the email. Management wants to implement a method that would prevent Bart from denying accountability in the future. Which of the following are they trying to enforce?

Your organization recently updated the security policy and mandated that emails sent between upper-level executives must be encrypted to prevent any unauthorized disclosure. Which security goal does this policy address?

Lisa and Bart need to exchange emails over the Internet using a nonsecure channel. These emails need to provide non-repudiation. They decide to use certificates on each of their computers. What would they use to sign their emails?

Your organization recently updated the security policy and mandated that emails sent by all upper-level executives include a digital signature. Which security goal does this policy address?

Tony hid several plaintext documents within an image file. He then sent the image file to Louie. Which of the following BEST describes the purpose of his actions?

Apu manages network devices in his store and maintains copies of the configuration files for all the managed routers and switches. On a weekly basis, he creates hashes for these files and compares them with hashes he created on the same files the previous week. Which of the following use case is he MOST likely supporting?

Bart recently sent out confidential data via email to potential competitors. Management suspects he did so accidentally, but Bart denied sending the data. Management wants to implement a method that would prevent Bart from denying accountability in the future. Which of the following are they trying to enforce?

An organization requested bids for a contract and asked companies to submit their bids via email. After winning the bid, Bizzfad realized it couldn’t meet the requirements of the contract. Bizzfad instead stated that it never submitted the bid. Which of the following would provide proof to the organization that Bizzfad did submit the bid, if it was used?

Employees in your organization recently received an email that appeared to come from your organization’s CEO. The email mentioned that IT personnel were troubleshooting an authentication issue and needed employees to reply to the email with their credentials. Several employees responded with their credentials. This was a phishing campaign created for user training and it spoofed the CEOs email. Executives want to ensure that employees have proof that any emails that appear to be coming from the executives, did come from them. Which of the following should be implemented?

Users in your organization sign their emails with digital signatures. Which of the following provides integrity for these digital signatures?

A developer is creating an application that will encrypt and decrypt data on mobile devices. These devices don’t have a lot of processing power. Which of the following cryptographic methods has the LEAST overhead and can provide encryption for these mobile devices?

You are tasked with enabling NTP on some servers within your organization’s DMZ. Which of the following use cases are you MOST likely supporting with this action?

Your organization’s security policy requires that confidential data transferred over the internal network must be encrypted. Which of the following protocols would BEST meet this requirement?

Your organization wants to increase security for VoIP and video teleconferencing applications used within the network. Which of the following protocols will BEST support this goal?

Maggie needs to collect network device configuration information and network statistics from devices on the network. She wants to protect the confidentiality of credentials used to connect to these devices. Which of the following protocols would BEST meet this need?

An outside consultant performed an audit of the Municipal House of Pancakes network. She identified a legacy protocol being used to access browser-based interfaces on switches and routers within the network. She recommended replacing the legacy protocol with a secure protocol to access these network devices using the same interface. Which of the following protocols should be implemented?

Your organization plans to deploy a server in the DMZ that will perform the following functions:
•        Identify mail servers
•        Provide data integrity
•        Prevent poisoning attacks
•        Respond to requests for A and AAAA records
Which of the following will BEST meet these requirements?

Administrators are configuring a server within your organization’s DMZ. This server will have the following capabilities when it is fully configured:
•        It will use RRSIG.
•        It will perform authenticated requests for A records.
•        It will perform authenticated requests for AAAA records.
What BEST identifies the capabilities of this server?

Network administrators manage network devices remotely. However, a recent security audit discovered they are using a protocol that allows them to send credentials over the network in cleartext. Which of the following methods should be adopted to eliminate this vulnerability?

Lisa is responsible for managing and monitoring network devices, such as routers and switches, in your network. Which of the following protocols is she MOST likely to use?

Your organization is preparing to deploy a web-based application, which will accept user input. Which of the following will BEST test the reliability of this application to maintain availability and data integrity?

Your organization has a segmented network used to process highly classified material. Management wants to prevent users from copying documents to USB flash drives from any computer in this network. Which of the following can be used to meet this goal?

Your company hosts an e-commerce site that sells renewable subscriptions for services. Customers can choose to automatically renew their subscription monthly or annually. However, management doesn’t want to store customer credit card information on any system managed by the company. Which of the following can be used instead?

Managers within your organization want to implement a secure boot process for some key computers. During the boot process, each computer should send data to a remote system to check the computer’s configuration. Which of the following will meet this goal?

The Bizzfad organization develops and sells software. Occasionally they update the software to fix security vulnerabilities and/or add additional features. However, before releasing these updates to customers, they test it in different environments. Which of the following solutions provides the BEST method to test the updates?

Developers in the YCDA organization have created an application that users can download and install on their computers. Management wants to provide users with a reliable method of verifying that the application has not been modified after it was released by YCDA. Which of the following methods provides the BEST solution?

Your organization hosts a web application selling digital products. Customers can also post comments related to their purchases. Management suspects attackers are looking for vulnerabilities that they can exploit. Which of the following will BEST test the cybersecurity resilience of this application?

Your organization recently experienced a significant data breach. After an investigation, cybersecurity professionals found that the initial attack originated from an internally developed application. Normally users can only access the application by logging on. However, the application allowed the attacker access to the application without requiring the attacker to log on. Which of the following would have the BEST chance of preventing this attack?

Bart recently hooked up a switch incorrectly causing a switching loop problem, which took down part of an organization’s network. Management wants to implement a solution that will prevent this from occurring in the future.  Which of the following is the BEST choice to meet this need?

Several servers in your organization’s DMZ were recently attacked. After analyzing the logs, you discover that many of these attacks used TCP, but the packets were not part of an established TCP session. Which of the following devices would provide the BEST solution to prevent these attacks in the future?

Your organization recently implemented two servers in an active/passive load balancing configuration. What security goal does this support?

Your organization wants to combine some of the security controls used to control incoming and outgoing network traffic. At a minimum, the solution should include stateless inspection, malware inspection, and a content filter. Which of the following BEST meets this goal?

You are preparing to deploy a heuristic-based detection system to monitor network activity. Which of the following would you create first?

Your organization is allowing more employees to work from home, and they want to upgrade their VPN. Management wants to ensure that after a VPN client connects to the VPN server, all traffic from the VPN client is encrypted. Which of the following would BEST meet this goal?

You have added another router in your network. This router provides a path to a limited access network which isn’t advertised. However, a network administrator needs to access this network regularly. Which of the following could he do to configure his computer to access this limited network?

A large city is using a SCADA system to manage a water treatment plant. City managers have asked IT personnel to implement security controls to reduce the risk of cybersecurity attacks against ICSs controlled by the SCADA system. Which of the following security controls would be MOST relevant to protect this system?

Flancrest Enterprises recently set up a web site utilizing several web servers in a web farm. The web servers access back-end databases on two servers, DB1 and DB2. During normal operation, each web server accesses DB1 for product data and DB2 for customer data. However, both DB1 and DB2 maintain an up-to-date copy of both databases that they can host at any time. Which of the following BEST describes the configuration of the database servers?

A HIDS reported a vulnerability on a system based on a known attack. After researching the alert from the HIDS, you identify the recommended solution and begin applying it. What type of HIDS is in use?

Lenny noticed a significant number of logon failures for administrator accounts on the organization’s public web site. After investigating it further, he notices that most of these attempts are from IP addresses assigned to foreign countries. He wants to implement a solution that will detect and prevent similar attacks. Which of the following is the BEST choice?

An organization is hosting a VPN that employees are using while working from home. Management wants to ensure that all VPN clients are using up-to-date operating systems and antivirus software. Which of the following would BEST meet this need?

Your organization hosts a web server accessed from employees within the network, and via the Internet. Management wants to increase its security. You are tasked with separating all web-facing traffic from internal network traffic. Which of the following provides the BEST solution?

Management within your organization wants employees to be able to access internal network resources from remote locations, including from their home. Which of the following is the BEST choice to meet this need?

Which of the following devices would MOST likely have the following entries used to define its operation?

permit IP any any eq 80
permit IP any any eq 443
deny IP any any

Developers recently configured a new service on a server called GCGA1. GCGA1 is in a DMZ and accessed by employees in the internal network, and by others via the Internet. Network administrators modified firewall rules to access the service. Testing shows the service works when accessed from internal systems. However, it does not work when accessed from the Internet. Which of the following is MOST likely configured incorrectly?

Bart incorrectly wired a switch in your organization’s network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. Which of the following should be done to prevent this situation in the future?

Attackers have recently launched several attacks against servers in your organization’s DMZ. You are tasked with identifying a solution that will have the best chance at preventing these attacks in the future. Which of the following is the BEST choice?

Your organization recently implemented a BYOD policy. However, management wants to ensure that mobile devices meet minimum standards for security before they can access any network resources. Which of the following would the NAC MOST likely use?

Your organization plans to implement a connection between the main site and a remote office giving remote employees on-demand access to resources at headquarters. The chief information officer (CIO) wants to use the Internet for this connection. Which of the following solutions will BEST support this requirement?

Administrators are designing a site-to-site VPN between offices in two different cities. Management mandated the use of certificates for mutual authentication. Additionally, they want to ensure that internal IP addresses are not revealed. Which of the following choices BEST meets these requirements?

Your organization is planning to deploy a new e-commerce web site. Management anticipates heavy processing requirements for a back-end application used by the web site. The current design will use one web server and multiple application servers. Additionally, when a user begins a session, they will connect to an application server and remain connected to the same application server for the entire session. Which of the following BEST describes the configuration of the application servers?

Administrators are deploying a new Linux server in the DMZ. After it is installed, they want to manage it from their desktop computers located within the organization’s private network. Which of the following would be the BEST choice to meet this need?

Your organization has several switches in use throughout the internal network. Management wants to implement a security control to prevent unauthorized access to these switches within the network. Which of the following choices would BEST meet this need?

Your organization has a dedicated classroom used for teaching computer topics. Students include internal employees and visiting guests. Security administrators recently discovered that students were unplugging the network cable from some classroom computers and plugging the network cable into their laptop computers, giving them access to network resources. Which of the following is the BEST solution to prevent this activity?

Your organization is planning to upgrade the wireless network used by employees. It will provide encrypted authentication of wireless users over TLS. Which of the following protocols are they MOST likely implementing?

You are assisting a small business owner in setting up a public wireless hot spot for her customers. She wants to allow customers to access the hot spot without entering a password. Which of the following is MOST appropriate for this hot spot?

Your organization is planning to implement a wireless network using WPA2 Enterprise. Of the following choices, what is required?

Management at the Goody New Shoes retail chain decided to allow employees to connect to the internal network using their personal mobile devices. However, the organization is having problems with these devices including the following:
•        Employees do not keep their devices updated.
•        There is no standardization among the devices.
•        The organization doesn’t have adequate control over the devices.
Management wants to implement a mobile device deployment model to overcome these problems, while still allowing employees to use their own devices. Which of the following is the BEST choice?

Personnel should be able to run the Bizz Fadd app from their mobile devices. However, certain features should only be operational when users are within the company’s property. When user’s leave the property, access to these features should be blocked. Which of the following answers provides the BEST solution to meet this goal?

Bart is showing Wendell a new app that he downloaded from a third party onto his iPhone. Wendell has the same model of smartphone, but when he searches for the app, he is unable to find it. Of the following choices, what is the MOST likely explanation for this?

Bart is showing Wendell a new app that he downloaded from a third party onto his smartphone. Wendell has the same model of smartphone, but when he searches for the app on the official app store, he is unable to find it. Of the following choices, what is the MOST likely explanation for this?

Your organization is planning to implement a CYOD deployment model. You’re asked to provide input for the new policy. Which of the following concepts are appropriate for this policy?