CompTIA Security+ Cert. (SY0-501): Practice Tests 2019 Set 3

Lisa needs to identify if a risk exists within a web application and identify potential misconfigurations on the server. However, she should passively test the security controls. Which of the following is the BEST choice to meet her needs?



Options are :

  • C. Perform a vulnerability scan. (Correct)
  • D. Perform traffic analysis with a sniffer.
  • A. Perform a penetration test.
  • B. Perform a port scan.

Answer : C. Perform a vulnerability scan.

Security personnel confiscated a userís workstation after a security incident. Administrators removed the hard drive for forensic analysis, but left it unattended for several hours before capturing an image. Which of the following could prevent the company from taking the employee to court over this incident?



Options are :

  • A. Witnesses were not identified.
  • D. A hard drive analysis was not complete.
  • C. An order of volatility was not maintained.
  • B. A chain of custody was not maintained. (Correct)

Answer : B. A chain of custody was not maintained.

An application developer is working on the cryptographic elements of an application. She needs to implement an encryption algorithm that provides both confidentiality and data authenticity. Which of the following cipher modes supports these goals?



Options are :

  • A. CTM
  • C. ECB
  • D. GCM (Correct)
  • B. CBC

Answer : D. GCM

You are helping your organization create a security policy for incident response. Which of the following choices is the BEST choice to include when an incident requires confiscation of a physical asset?



Options are :

  • D. Keep a record of everyone who took possession of the physical asset. (Correct)
  • A. Ensure hashes are taken first.
  • B. Ensure witnesses sign an AUP.
  • C. Maintain the order of volatility.

Answer : D. Keep a record of everyone who took possession of the physical asset.

A security technician runs an automated script every night designed to detect changes in files. Of the following choices, what are the MOST LIKELY protocols used in this script?



Options are :

  • D. SHA and HMAC (Correct)
  • A. PGP and SHA
  • C. AES and Twofish
  • B. ECC and HMAC

Answer : D. SHA and HMAC

Your organization has implemented a system that stores user credentials in a central database. Users log on once with their credentials. They can then access other systems in the organization without logging on again. Which of the following does this describe?



Options are :

  • D. Biometrics
  • C. Single sign-on (Correct)
  • B. SAML
  • A. Federation

Answer : C. Single sign-on

A security professional needs to identify a physical security control that will identify and authenticate individuals before allowing them to pass, and restrict passage to only a single person at a time. Which of the following should the professional recommend?



Options are :

  • D. Mantrap (Correct)
  • C. Biometrics
  • B. Smart cards
  • A. Tailgating

Answer : D. Mantrap

Your organization is planning to deploy a new e-commerce web site. Management anticipates heavy processing requirements for a back-end application. The current design will use one web server and multiple application servers. Which of the following BEST describes the application servers?



Options are :

  • B. Clustering
  • A. Load balancing (Correct)
  • D. Affinity scheduling
  • C. RAID

Answer : A. Load balancing

You are modifying a configuration file used to authenticate Linux accounts against an external server. The file includes phrases such as DC=Server1 and DC=Com. Which authentication service is the external server MOST likely using?



Options are :

  • D. SAML
  • C. LDAP (Correct)
  • B. RADIUS
  • A. Diameter

Answer : C. LDAP

A security expert is identifying and implementing several different physical deterrent controls to protect an organizationís server room. Which of the following choices would BEST meet this objective?



Options are :

  • B. Utilizing data encryption
  • A. Using hardware locks (Correct)
  • D. Training users
  • C. Performing a vulnerability assessment

Answer : A. Using hardware locks

The BizzFad company decides to partner with Costingtonís to bid on a contract. Management in both companies realize that they need to share proprietary data. However, they want to ensure that distribution of this data is limited within each of the companies. Which of the following will BEST meet this need?



Options are :

  • A. MOU
  • B. BPA
  • C. NDA (Correct)
  • D. ISA

Answer : C. NDA

A security auditor discovered that several employees in the Accounting department can print and sign checks. In her final report, she recommended restricting the number of people who can print checks and the number of people who can sign them. She also recommended that no one should be authorized to print and sign checks. Which security policy does this describe?



Options are :

  • B. Rule-based access control
  • C. Separation of duties (Correct)
  • D. Job rotation
  • A. Discretionary access control

Answer : C. Separation of duties

Users within an organization frequently access publicweb servers using HTTPS. Management wants to ensure that users can verify that certificates are valid even if the public CAs are temporarily unavailable. Which of the following should be implemented to meet this need?



Options are :

  • C. Private CA
  • A. OCSP
  • D. CSR
  • B. CRL (Correct)

Answer : B. CRL

Your organization has a strict policy requiring administrators to disable user accounts during the exit interview. This provides several security benefits. Which of the following choices BEST identifies a security benefit of this practice?



Options are :

  • B. Ensures that user files are retained
  • C. Ensures that the account can be enabled again if the employee returns
  • A. Ensures that user security keys are retained (Correct)
  • D. Ensures that users cannot log on remotely

Answer : A. Ensures that user security keys are retained

Homer needs to send an email to his supervisor with an attachment that includes proprietary data. He wants to maintain the confidentiality of this data. Which of the following choices is the BEST choice to meet his needs?



Options are :

  • A. Digital signature
  • D. Hashing
  • C. Steganography
  • B. Encryption (Correct)

Answer : B. Encryption

Your organization is considering storage of sensitive data with a cloud provider. Your organization wants to ensure the data is encrypted while at rest and while in transit. Which type of interoperability agreement can your organization use to ensure the data is encrypted while in transit?



Options are :

  • D. ISA (Correct)
  • C. MOU
  • A. SLA
  • B. BPA

Answer : D. ISA

You are performing a risk assessment and you need to calculate the average expected loss of an incident. Which of the following value combinations would you MOST likely use?



Options are :

  • C. SLE and ARO
  • A. ALE and ARO (Correct)
  • D. ARO and ROI
  • B. ALE and SLE

Answer : A. ALE and ARO

An incident response team is following typical incident response procedures. Which of the following phases is the BEST choice for analyzing an incident with a goal of identifying steps to prevent a reoccurrence of the incident?



Options are :

  • D. Lessons learned (Correct)
  • C. Eradication
  • A. Preparation
  • B. Identification

Answer : D. Lessons learned

Which of the following is the LOWEST cost solution for fault tolerance?



Options are :

  • D. Warm site
  • B. Round-robin scheduling
  • C. RAID (Correct)
  • A. Load balancing

Answer : C. RAID

You want to identify all the services running on a server in your network. Which of the following tools is the BEST choice to meet this goal?



Options are :

  • A. Penetration test
  • C. Sniffer
  • B. Protocol analyzer
  • D. Port scanner (Correct)

Answer : D. Port scanner

An organization has decided to increase the amount of customer data it maintains and use it for targeted sales. The privacy officer has determined that this data is PII. Which type of assessment should be completed to ensure the organization is complying with applicable laws and regulations related to this data?



Options are :

  • D. Supply chain assessment
  • C. Threat assessment
  • A. Privacy impact assessment (Correct)
  • B. Privacy threshold assessment

Answer : A. Privacy impact assessment

An organization has a large network with dozens of servers. Administrators are finding it difficult to review and analyze the logs from all the network devices. They are looking for a solution to aggregate and correlate the logs. Which of the following choices BEST meets this need?



Options are :

  • B. Netcat
  • D. SIEM (Correct)
  • C. Wireshark
  • A. Nmap

Answer : D. SIEM

Which of the following accurately identifies primary security control types?



Options are :

  • C. Confidentiality and availability
  • A. Role-based and discretionary
  • B. Technical and administrative (Correct)
  • D. Encryption and hashing

Answer : B. Technical and administrative

An organization hosts several web servers in a web farm used for ecommerce. Due to recent attacks, management is concerned that attackers might try to redirect web site traffic, allowing the attackers to impersonate their e-commerce site. Which of the following methods will address this issue?



Options are :

  • D. Key stretching
  • B. Perfect forward secrecy
  • C. Pinning (Correct)
  • A. Stapling

Answer : C. Pinning

A supply company has several legacy systems connected within a warehouse. An external security audit discovered the company is using DES for data-at-rest. It mandated the company upgrade DES to meet minimum security requirements. The company plans to replace the legacy systems next year, but needs to meet the requirements from the audit.

Which of the following is MOST likely to be the simplest upgrade for these systems?



Options are :

  • C. 3DES (Correct)
  • A. S/MIME
  • B. HMAC
  • D. TLS

Answer : C. 3DES

You are the security administrator in your organization. You want to ensure that a file maintains integrity. Which of the following choices is the BEST solution to meet your goal?



Options are :

  • B. Encryption
  • D. AES
  • C. Hash (Correct)
  • A. Steganography

Answer : C. Hash

Employees access a secure area by entering a cipher code, but this code does not identify individuals. After a recent security incident, management has decided to implement a key card system that will identify individuals who enter and exit this secure area. However, the installation might take six months or longer. Which of the following choices can the organization install immediately to identify individuals who enter or exit the secure area?



Options are :

  • A. Mantrap
  • D. Bollards
  • B. Access list
  • C. CCTV (Correct)

Answer : C. CCTV

Your organization includes a software development division within the IT department. One developer writes and maintains applications for the Sales and Marketing departments. A second developer writes and maintains applications for the Payroll department. Once a year, they have to switch roles for at least a month. What is the purpose of this practice?



Options are :

  • D. To enforce an acceptable use policy
  • C. To enforce a job rotation policy (Correct)
  • A. To enforce a separation of duties policy
  • B. To enforce a mandatory vacation policy

Answer : C. To enforce a job rotation policy

A network administrator needs to identify the type of traffic and packet flags used in traffic sent from a specific IP address. Which of the following is the BEST tool to meet this need?



Options are :

  • A. SIEM
  • D. Vulnerability scan
  • B. Netcat
  • C. Protocol analyzer (Correct)

Answer : C. Protocol analyzer

An application developer is working on the cryptographic elements of an application. She needs to implement an encryption algorithm that provides both confidentiality and data authenticity. Which of the following cipher modes supports these goals?



Options are :

  • B. CBC
  • D. GCM (Correct)
  • C. ECB
  • A. CTM

Answer : D. GCM

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions