SY0-401 CompTIA Security+ Certification Practice Exam Set 2

In which of the following steps of incident response does a team analyze the incident and
determine steps to prevent a future occurrence?


Options are :

  • Preparation
  • Lessons learned (Correct)
  • Identification
  • Mitigation

Answer : Lessons learned

A customer service department has a business need to send high volumes of confidential
information to customers electronically. All emails go through a DLP scanner.
Which of the following is the BEST solution to meet the business needs and protect confidential
information?


Options are :

  • Monitor impacted outgoing emails
  • Automatically encrypt impacted incoming emails
  • Prevent impacted outgoing emails
  • Automatically encrypt impacted outgoing emails (Correct)

Answer : Automatically encrypt impacted outgoing emails

A system administrator is responding to a legal order to turn over all logs from all company
servers. The system administrator records the system time of all servers to ensure that:


Options are :

  • the NTP server works properly.
  • time offset can be calculated. (Correct)
  • HDD hashes are accurate.
  • chain of custody is preserved.

Answer : time offset can be calculated.

Which of the following are Data Loss Prevention (DLP) strategies that address data in transit
issues? (Choose two.)
A.
Scanning printing of documents.
B.
Scanning of outbound IM (Instance Messaging).
C.
Scanning copying of documents to USB.
D.
Scanning of SharePoint document library.
E.
Scanning of shared drives.
F.
Scanning of HTTP user traffic.


Options are :

  • D,F
  • E,F
  • C,F
  • B,F (Correct)

Answer : B,F

The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT)
to develop and update all Internal Operating Procedures and Standard Operating Procedures
documentation in order to successfully respond to future incidents.
Which of the following stages of the Incident Handling process is the team working on?


Options are :

  • Eradication
  • Lessons Learned
  • Preparation (Correct)
  • Recovery

Answer : Preparation

A user has received an email from an external source which asks for details on the company’s
new product line set for release in one month. The user has a detailed spec sheet but it is marked
"Internal Proprietary Information".
Which of the following should the user do NEXT?


Options are :

  • Provide the requestor with the email information since it will be released soon anyway
  • Contact the help desk and/or incident response team to determine next steps (Correct)
  • Contact their manager and request guidance on how to best move forward
  • Reply back to the requestor to gain their contact information and call them

Answer : Contact the help desk and/or incident response team to determine next steps

A security technician wishes to gather and analyze all Web traffic during a particular time period.
Which of the following represents the BEST approach to gathering the required data?


Options are :

  • Configure a proxy server to log all traffic destined for ports 80 and 443. (Correct)
  • Configure a switch to log all traffic destined for ports 80 and 443.
  • Configure a NIDS to log all traffic destined for ports 80 and 443.
  • Configure a VPN concentrator to log all traffic destined for ports 80 and 443.

Answer : Configure a proxy server to log all traffic destined for ports 80 and 443.

A security engineer is given new application extensions each month that need to be secured prior
to implementation. They do not want the new extensions to invalidate or interfere with existing
application security. Additionally, the engineer wants to ensure that the new requirements are
approved by the appropriate personnel.
Which of the following should be in place to meet these two goals? (Choose two.)

A.
Patch Audit Policy

B.
Change Control Policy
C.
Incident Management Policy
D.
Regression Testing Policy
E.
Escalation Policy
F.
Application Audit Policy



Options are :

  • E,F
  • D,E
  • A,B
  • B,D (Correct)

Answer : B,D

Matt, a security analyst, needs to implement encryption for company data and also prevent theft of
company data.
Where and how should Matt meet this requirement?


Options are :

  • Matt should install Truecrypt and encrypt the company server.
  • Matt should install TPMs and encrypt the company database.
  • Matt should implement access control lists and turn on EFS.
  • Matt should implement DLP and encrypt the company database. (Correct)

Answer : Matt should implement DLP and encrypt the company database.

The system administrator has deployed updated security controls for the network to limit risk of
attack. The security manager is concerned that controls continue to function as intended to
maintain appropriate security posture.
Which of the following risk mitigation strategies is MOST important to the security manager?


Options are :

  • Policy enforcement
  • Change management
  • User permissions
  • Routine audits (Correct)

Answer : Routine audits

To ensure proper evidence collection, which of the following steps should be performed FIRST?


Options are :

  • Capture the system image (Correct)
  • Review logs
  • Copy all compromised files
  • Take hashes from the live system

Answer : Capture the system image

Which of the following should Jane, a security administrator, perform before a hard drive is
analyzed with forensics tools?


Options are :

  • Capture system image (Correct)
  • Interview witnesses
  • Identify user habits
  • Disconnect system from network

Answer : Capture system image

Requiring technicians to report spyware infections is a step in which of the following?


Options are :

  • Incident management (Correct)
  • Clean desk policy
  • Routine audits
  • Change management

Answer : Incident management

An incident response team member needs to perform a forensics examination but does not have
the required hardware.
Which of the following will allow the team member to perform the examination with minimal impacta
to the potential evidence?


Options are :

  • Imaging based on order of volatility
  • Using a software file recovery disc
  • Mounting the drive in read-only mode (Correct)
  • Hashing the image after capture

Answer : Mounting the drive in read-only mode

Various network outages have occurred recently due to unapproved changes to network and
security devices. All changes were made using various system credentials. The security analyst
has been tasked to update the security policy.
Which of the following risk mitigation strategies would also need to be implemented to reduce the
number of network outages due to unauthorized changes?


Options are :

  • Implement security controls on Layer 3 devices
  • User rights and permissions review (Correct)
  • Configuration management
  • Incident management

Answer : User rights and permissions review

Which of the following is the BEST approach to perform risk mitigation of user access control
rights?


Options are :

  • Disable user accounts that have not been used within the last two weeks.
  • Conduct surveys and rank the results
  • Perform routine user permission reviews (Correct)
  • Implement periodic vulnerability scanning.

Answer : Perform routine user permission reviews

After an audit, it was discovered that the security group memberships were not properly adjusted
for employees’ accounts when they moved from one role to another.
Which of the following has the organization failed to properly implement? (Choose two.)
A.
Mandatory access control enforcement.
B.
User rights and permission reviews.
C.
Technical controls over account management.
D.
Account termination procedures.
E.
Management controls over account management.
F.
Incident management and response plan.


Options are :

  • B,F
  • A,B
  • E,F
  • B,E (Correct)

Answer : B,E

Which of the following is BEST carried out immediately after a security breach is discovered?


Options are :

  • Risk transference
  • Incident management (Correct)
  • Change management
  • Access control revalidation

Answer : Incident management

Computer evidence at a crime is preserved by making an exact copy of the hard disk.
Which of the following does this illustrate?


Options are :

  • Chain of custody
  • Taking screenshots
  • Order of volatility
  • System image capture (Correct)

Answer : System image capture

The network administrator is responsible for promoting code to applications on a DMZ web server.
Which of the following processes is being followed to ensure application integrity?


Options are :

  • Application patch management
  • Application hardening
  • Application change management (Correct)
  • Application firewall review

Answer : Application change management

Which of the following wireless security technologies continuously supplies new keys for WEP?


Options are :

  • WPA2
  • WPA
  • TKIP (Correct)
  • Mac filtering

Answer : TKIP

Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to
connect to that AP and gain unauthorized access.
Which of the following would be the BEST way to mitigate this issue and still provide coverage
where needed? (Choose two.)
A.
Disable the wired ports
B.
Use channels 1, 4 and 7 only
C.
Enable MAC filtering
D.
Disable SSID broadcast

E.
Switch from 802.11a to 802.11b



Options are :

  • C,D (Correct)
  • A,B
  • B,C
  • D,E

Answer : C,D

A server is configured to communicate on both VLAN 1 and VLAN 12. VLAN 1 communication
works fine, but VLAN 12 does not.
Which of the following MUST happen before the server can communicate on VLAN 12?


Options are :

  • The server's network switch port must be enabled for 802.11x on VLAN 12.
  • The server's network switch port must be 802.1q tagged for VLAN 12. (Correct)
  • The server's network switch port must use VLAN Q-in-Q for VLAN 12.
  • The server's network switch port must be 802.1q untagged for VLAN 12.

Answer : The server's network switch port must be 802.1q tagged for VLAN 12.

Signed digital certificates used to secure communication with a web server are MOST commonly
associated with the following ports:


Options are :

  • 143
  • 443 (Correct)
  • 53
  • 25

Answer : 443

If you don’t know the MAC address of a Linux-based machine, what command-line utility can you
use to ascertain it?


Options are :

  • config
  • macconfig
  • ipconfig
  • ifconfig (Correct)

Answer : ifconfig

Ann, the Chief Information Officer (CIO) of a company, sees cloud computing as a way to save
money while providing valuable services. She is looking for a cost-effective solution to assist in
capacity planning as well as visibility into the performance of the network.
Which of the following cloud technologies should she look into?


Options are :

  • IaaS
  • SaaS
  • MaaS (Correct)
  • PaaS

Answer : MaaS

After entering the following information into a SOHO wireless router, a mobile device’s user
reports being unable to connect to the network:

PERMIT 0A: D1: FA. B1: 03: 37
DENY 01: 33: 7F: AB: 10: AB

Which of the following is preventing the device from connecting?


Options are :

  • Hardware address filtering is blocking the device. (Correct)
  • IP address filtering has disabled the device from connecting.
  • TCP/IP Port filtering has been implemented on the SOHO router.
  • WPA2-PSK requires a supplicant on the mobile device.

Answer : Hardware address filtering is blocking the device.

Matt, a systems security engineer, is determining which credential-type authentication to use
within a planned 802.1x deployment. He is looking for a method that does not require a client
certificate, has a server side certificate, and uses TLS tunnels for encryption.
Which credential type authentication method BEST fits these requirements?


Options are :

  • EAP-FAST
  • PEAP-CHAP
  • PEAP-MSCHAPv2 (Correct)
  • EAP-TLS

Answer : PEAP-MSCHAPv2

The security administrator has been tasked to update all the access points to provide a more
secure connection. All access points currently use WPA TKIP for encryption.
Which of the following would be configured to provide more secure connections?


Options are :

  • Disable SSID broadcast and increase power levels
  • WEP
  • MAC filtering
  • WPA2 CCMP (Correct)

Answer : WPA2 CCMP

An organization does not want the wireless network name to be easily discovered.
Which of the following software features should be configured on the access points?


Options are :

  • SSID broadcast (Correct)
  • Antenna placement
  • MAC filter
  • WPA2

Answer : SSID broadcast

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions