CompTIA Security+ SY0-501 Questions & Answers Set 2

What is used to determine potential monetary costs related to a threat?


Options are :

  • Impact assessment (Correct)
  • Risk mitigation
  • Risk management
  • Residual risk

Answer : Impact assessment

What type of DLP runs on every server and computer on the network to avoid data leakage from each system?


Options are :

  • Server
  • Storage
  • Endpoint (Correct)
  • Network

Answer : Endpoint

What type of attack is used to trick users into thinking that they are downloading from an official site, when they accidentally misspell a domain name?


Options are :

  • Cybersquatting
  • Domain redirection
  • Domain squatting
  • Typosquatting (Correct)

Answer : Typosquatting

What attack is used to obtain information directly from an employee's computer screen?


Options are :

  • Eavesdropping
  • Shoulder surfing (Correct)
  • Baiting
  • Dumpster diving

Answer : Shoulder surfing

What wireless attack occurs when an attacker is able to decipher data by observing the operation of different keys?


Options are :

  • IV attack (Correct)
  • War chalking
  • SQL injection
  • War driving

Answer : IV attack

What type of risk assessment attempts to assign a cost (monetary value) to the elements of risk assessment and to the assets and threats of a risk analysis?


Options are :

  • Overflow
  • Increased
  • Qualitative
  • Quantitative (Correct)

Answer : Quantitative

What type of testing sends random data to a website to test for vulnerabilities?


Options are :

  • Fuzz testing (Correct)
  • Sandboxing
  • Black-box testing
  • White-box testing

Answer : Fuzz testing

What is used to connect storage directly to the network with RAID 1 mirroring?


Options are :

  • HDD
  • SSD
  • NAS (Correct)
  • USB

Answer : NAS

What class of fire extinguisher is used for combustible metal fires?


Options are :

  • D (Correct)
  • C
  • B
  • A

Answer : D

What class of fire extinguisher is used on flammable liquids like gasoline?


Options are :

  • A
  • B (Correct)
  • C
  • D

Answer : B

In cryptography, what is the summary of a file or message?


Options are :

  • Hash (Correct)
  • Function
  • Syslog
  • Rainbow table

Answer : Hash

What type of access control can be added to a user or group for security reasons?


Options are :

  • Workstations
  • Objects
  • Servers
  • Permissions (Correct)

Answer : Permissions

What type of virus changes every time it runs to avoid antivirus detection?


Options are :

  • Boot sector
  • Polymorphic (Correct)
  • Stealth
  • Armored

Answer : Polymorphic

What type of attack is used to gain access to files and their content?


Options are :

  • Cross-site scripting
  • Directory traversal (Correct)
  • SQL injection
  • Zero day

Answer : Directory traversal

What type of data loss prevention system is software-based and identifies whether confidential data has made it to long-term storage such as data centers?


Options are :

  • Endpoint-based DLP
  • Network-based DLP
  • Storage-based DLP (Correct)
  • Hard drive DLP

Answer : Storage-based DLP

What type of phishing attack targets specific high-authority personnel?


Options are :

  • Vishing
  • Spear phishing
  • Whaling (Correct)
  • Pretexting

Answer : Whaling

What is the fifth step in incident response procedure?


Options are :

  • Identification
  • Containment
  • Eradication
  • Recovery (Correct)

Answer : Recovery

What internal tool in Windows can be used for baselining?


Options are :

  • Performance Monitor (Correct)
  • Nmap
  • Nessus
  • LANsurveyor

Answer : Performance Monitor

What type of piggybacking is used without the employee's consent?


Options are :

  • Tailgating (Correct)
  • Baiting
  • Dumpster dropping
  • Mantrapping

Answer : Tailgating

What is the entity that issues certificates to users?


Options are :

  • Certificate distributor
  • Certificate authority (Correct)
  • Certified server
  • Signature authority

Answer : Certificate authority

You are training a new resource in your organization and are currently explaining security. The new resource asks about methods and best practices for protecting and securing an organization. When working in IT security, what is one rule of thumb that can help protect your company from hackers?


Options are :

  • You must be able to think like a hacker (Correct)
  • You should have a honeypot ready for hackers
  • Perform hacking exercises to breach data, so you can better understand hacking methods
  • Penetration testing will always find vulnerabilities

Answer : You must be able to think like a hacker

A SysOps manager is looking to determine the measure of a system's reliability to present to the executives. The aim is to probe critical systems for this measure and predict potential outages before they occur. Which of the following figures would the manager use?


Options are :

  • RTO
  • RPO
  • MTTR
  • MTBF (Correct)

Answer : MTBF

A network penetration tester is beginning his footprinting and scanning of the network. He wants to identify all the hosts on the network with a quick scan. Which of the following scans would be the most appropriate?


Options are :

  • Port scan
  • Syn stealth scan
  • Ping scan (Correct)
  • Service scan

Answer : Ping scan

At Smith Consulting, the server administrators work closely with the software developers to continue application development and maintain operations. Which of the following is an Agile-aligned software development process that includes extensive collaboration between developers and operations personnel?


Options are :

  • Scrum
  • Waterfall
  • Secure DevOps (Correct)
  • SDLC

Answer : Secure DevOps

A new software service is being deployed in an organization. The executives are concerned about the risk it may pose and want the risk level to be defined. What is used to define the risk level to a system or other technology element?


Options are :

  • Security posture (Correct)
  • Risk baseline
  • Baseline
  • Risk assessment

Answer : Security posture

An administrator is trying to track the outbound connections for an application from a workstation to the internet. They are trying to determine what port will be used. What dynamically assigns an outbound port from the client?


Options are :

  • The host server
  • The network card
  • The operating system (Correct)
  • The router

Answer : The operating system

An administrator is concerned about the level of access users may have over their workstations, specifically that the web browsers may become compromised if users are allowed to control configuration settings and potentially install plug-ins and toolbars. What can be used to control Internet Explorer security?


Options are :

  • Windows Firewall
  • Group Policy Editor (Correct)
  • Internet Explorer security manager
  • Windows Defender

Answer : Group Policy Editor

What list is provided by the MITRE Corporation to give security administrators up-to-date information on vulnerabilities?


Options are :

  • Common Vulnerabilities and Exposures (Correct)
  • Common Hacks and Vulnerabilities
  • A list of the latest hacks
  • A list of wanted hackers

Answer : Common Vulnerabilities and Exposures

After some research, a network pen tester has determined that ICMP requests have been disabled in the environment. They need a method to easily determine which hosts are up and active on the network. Which of the following scans should be used?


Options are :

  • Ping
  • ARP ping (Correct)
  • Syn stealth
  • Service

Answer : ARP ping

An attacker is attempting to negatively impact a convention through an attack on the wireless network. The attacker is spoofing the MAC addresses of the various connected devices on the network and sending a special frame to the AP in order to have the wireless AP deallocate all of the memory it was using for the connection to the hosts. Many users are complaining about the network access and are unable to perform necessary meeting functions. Which of the following is happening in this scenario?


Options are :

  • Disassociation attack (Correct)
  • Rogue AP
  • WPS attack
  • IV attack

Answer : Disassociation attack

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions