CompTIA Security+ Cert. (SY0-501): Practice Tests 2019 Set 7

Your organization hosts a web site used only by employees. The web site uses a certificate issued by a private CA and the network downloads a CRL from the CA once a week. However, after a recent compromise, security administrators want to use a real-time alternative to the CRL. Which of the following will BEST meet this need?



Options are :

  • D. OCSP (Correct)
  • A. DSA
  • C. CSR
  • B. HMAC

Answer : D. OCSP

Thieves recently rammed a truck through the entrance of your companys main building. During the chaos, their partners proceeded to steal a significant amount of IT equipment. Which of the following choices can you use to prevent this from happening again?



Options are :

  • A. Bollards (Correct)
  • B. Guards
  • D. Mantrap
  • C. CCTV

Answer : A. Bollards

Management within your organization wants to ensure that switches are not susceptible to switching loop problems. Which of the following protocols is the BEST choice to meet this need?



Options are :

  • C. SRTP
  • B. SNMPv3
  • D. RSTP (Correct)
  • A. Flood guard

Answer : D. RSTP

A security professional has reported an increase in the number of tailgating violations into a secure data center. Which of the following can prevent this?



Options are :

  • C. Proximity card
  • B. Mantrap (Correct)
  • D. Cipher lock
  • A. CCTV

Answer : B. Mantrap

You want to implement the STRONGEST level of security on a wireless network. Which of the following supports this goal?



Options are :

  • A. Implementing WPA with TKIP
  • B. Disabling SSID broadcast
  • D. Implementing WPA2 with CCMP (Correct)
  • C. Enabling MAC filtering

Answer : D. Implementing WPA2 with CCMP

An application stores user passwords in a hashed format. Which of the following can decrease the likelihood that attackers can discover these passwords?



Options are :

  • C. Salt (Correct)
  • A. Rainbow tables
  • D. Input validation
  • B. MD5

Answer : C. Salt

Your organizations security policy states that administrators should follow the principle of least privilege. Which of the following tools can ensure that administrators are following the policy?



Options are :

  • B. Risk assessment
  • A. Permission auditing review (Correct)
  • D. Threat assessment
  • C. Vulnerability assessment

Answer : A. Permission auditing review

Your coworker tells you how recent attacks on the network have been disrupting services and network connectivity. He suggests that you use Nmap to run a vulnerability scan on the network and identify vulnerabilities. Which of the following should you do FIRST?



Options are :

  • C. Obtain an administrative account to run a credentialed scan.
  • D. Obtain authorization. (Correct)
  • A. Create a network map.
  • B. Locate a network map.

Answer : D. Obtain authorization.

Network administrators in your organization need to administer firewalls, security appliances, and other network devices. These devices are protected with strong passwords, and the passwords are stored in a file listing these passwords. Which of the following is the BEST choice to protect this password list?



Options are :

  • D. Whole disk encryption
  • B. Database field encryption
  • C. Full database encryption
  • A. File encryption (Correct)

Answer : A. File encryption

You need to request a certificate for a web server. Which of the following would you MOST likely use?



Options are :

  • B. CRL
  • D. OCSP
  • A. CA
  • C. CSR (Correct)

Answer : C. CSR

Security personnel recently released an online training module advising employees not to share specific personal information on social media web sites that they visit. Which of the following is this advice MOST likely trying to prevent?



Options are :

  • A. Spending time on non-work-related sites
  • D. Rainbow table attack
  • B. Phishing attack
  • C. Cognitive password attacks (Correct)

Answer : C. Cognitive password attacks

Attackers have recently launched several attacks against servers in your organizations DMZ. You are tasked with identifying a solution that will have the best chance at preventing these attacks in the future. Which of the following is the BEST choice?



Options are :

  • A. An out-of-band IPS
  • C. A passive IDS
  • B. An in-band IPS (Correct)
  • D. An out-of-band IDS

Answer : B. An in-band IPS

Your organization wants to prevent damage from malware. Which of the following phases of common incident response procedures is the BEST phase to address this?



Options are :

  • A. Preparation (Correct)
  • D. Lessons learned
  • B. Identification
  • C. Containment

Answer : A. Preparation

Martin is performing a risk assessment on an e-commerce web server. While doing so, he created a document showing all the known risks to this server, along with the risk score for each risk. What is the name of this document?



Options are :

  • C. Residual risk
  • A. Quantitative risk assessment
  • D. Risk register (Correct)
  • B. Qualitative risk assessment

Answer : D. Risk register

Which of the following BEST describes a false negative?



Options are :

  • D. An IDS does not detect a buffer overflow attack. (Correct)
  • A. An IDS falsely indicates a buffer overflow attack occurred.
  • C. A heuristic-based IDS detects a previously unknown attack.
  • B. Antivirus software reports that a valid application is malware.

Answer : D. An IDS does not detect a buffer overflow attack.

Your backup policy for a database server dictates that the amount of time needed to restore backups should be minimized. Which of the following backup plans would BEST meet this need?



Options are :

  • B. Full backups on Sunday and differential backups on the other six days of the week (Correct)
  • D. Differential backups on Sunday and incremental backups on the other six days of the week
  • A. Full backups on Sunday and incremental backups on the other six days of the week
  • C. Incremental backups on Sunday and differential backups on the other six days of the week

Answer : B. Full backups on Sunday and differential backups on the other six days of the week

Your organization has decided to implement a biometric solution for authentication. One of the goals is to ensure that the biometric system is highly accurate. Which of the following provides the BEST indication of accuracy with the biometric system?



Options are :

  • C. The lowest possible CER (Correct)
  • A. The lowest possible FRR
  • B. The highest possible FAR
  • D. The highest possible CER

Answer : C. The lowest possible CER

Lisa is enabling NTP on some servers within the DMZ. Which of the following use cases is she MOST likely supporting with this action?



Options are :

  • A. Support voice and video transmissions
  • C. Enable email usage
  • B. Provide time synchronization (Correct)
  • D. Encrypt data-in-transit

Answer : B. Provide time synchronization

An organization is considering an alternate location as part of its continuity of operations plan. It wants to identify a solution that provides the shortest recovery time. Which of the following is the BEST choice?



Options are :

  • D. Off-site backups
  • A. Cold site
  • C. Hot site (Correct)
  • B. Warm site

Answer : C. Hot site

Developers recently configured a new service on ServerA. ServerA is in a DMZ and accessed by internal users and via the Internet. Network administrators modified firewall rules to access the service. Testing shows the service works when accessed from internal systems. However, it does not work when accessed from the Internet. Which of the following is MOST likely configured incorrectly?



Options are :

  • B. An ACL (Correct)
  • A. The new service
  • C. ServerA
  • D. The VLAN

Answer : B. An ACL

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions