SY0-401 CompTIA Security+ Certification Practice Exam Set 1

A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner.  Which of the following is the BEST solution to meet the business needs and protect confidential information?  


Options are :

  • Automatically encrypt impacted incoming emails
  • Automatically encrypt impacted outgoing emails (Correct)
  • Prevent impacted outgoing emails
  • Monitor impacted outgoing emails

Answer : Automatically encrypt impacted outgoing emails

A user has received an email from an external source which asks for details on the company’s new product line set for release in one month. The user has a detailed spec sheet but it is marked "Internal Proprietary Information".   Which of the following should the user do NEXT?  


Options are :

  • Reply back to the requestor to gain their contact information and call them
  • Contact the help desk and/or incident response team to determine next steps (Correct)
  • Contact their manager and request guidance on how to best move forward
  • Provide the requestor with the email information since it will be released soon anyway

Answer : Contact the help desk and/or incident response team to determine next steps

Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Choose two.)  
A. Scanning printing of documents. 
B. Scanning of outbound IM (Instance Messaging). 
C. Scanning copying of documents to USB. 
D. Scanning of SharePoint document library. 
E. Scanning of shared drives. 
F. Scanning of HTTP user traffic. 


Options are :

  • C,E
  • B,F (Correct)
  • A,B
  • C,F

Answer : B,F

A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created.   In the event of a court case, which of the following is likely to be an issue with this incident?  


Options are :

  • Expert Witness
  • Eye Witness
  • Chain of custody (Correct)
  • Data Analysis of the hard drive

Answer : Chain of custody

Requiring technicians to report spyware infections is a step in which of the following? 



Options are :

  • Change management
  • Routine audits
  • Clean desk policy
  • Incident management (Correct)

Answer : Incident management

Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed.  Which of the following would be the BEST control to implement?  


Options are :

  • Printer hardening
  • Data loss prevention (Correct)
  • Clean desk policies
  • File encryption

Answer : Data loss prevention

A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents.  Which of the following would be the BEST technology control to use in this scenario?  


Options are :

  • DLP (Correct)
  • IDS
  • Content filtering
  • Audit logs

Answer : DLP

An internal auditor is concerned with privilege creep that is associated with transfers inside the company.   Which mitigation measure would detect and correct this?  


Options are :

  • Least privilege and job rotation
  • User rights reviews (Correct)
  • Change Control
  • Change management

Answer : User rights reviews

An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence?  


Options are :

  • Mounting the drive in read-only mode (Correct)
  • Using a software file recovery disc
  • Hashing the image after capture
  • Imaging based on order of volatility

Answer : Mounting the drive in read-only mode

A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information.   Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?  


Options are :

  • Incident management (Correct)
  • Chain of custody management
  • Change management
  • Procedure and policy management

Answer : Incident management

Which of the following is the MOST important step for preserving evidence during forensic procedures?  


Options are :

  • Record the time of the incident
  • Involve law enforcement
  • Chain of custody (Correct)
  • Report within one hour of discovery

Answer : Chain of custody

Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?  


Options are :

  • Account disablement
  • Time of day restriction
  • Internal account audits (Correct)
  • Password complexity

Answer : Internal account audits

During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?  
 


Options are :

  • Lessons Learned
  • Preparation (Correct)
  • Identification
  • Eradication

Answer : Preparation

A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction.   Which of the following types of controls is being used?  
 


Options are :

  • Corrective (Correct)
  • Deterrent
  • Detective
  • Preventive

Answer : Corrective

Which of the following assets is MOST likely considered for DLP?  
 


Options are :

  • Application server content
  • Reverse proxy
  • USB mass storage devices (Correct)
  • Print server

Answer : USB mass storage devices

A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network.   Which of the following is a problem that the incident response team will likely encounter during their assessment?  
 


Options are :

  • Chain of custody
  • Record time offset (Correct)
  • Capture video traffic
  • Tracking man hours

Answer : Record time offset

Joe, a security administrator, is concerned with users tailgating into the restricted areas.   Given a limited budget, which of the following would BEST assist Joe with detecting this activity?  
 


Options are :

  • Revoke all proximity badge access to make users justify access.
  • Place a full-time guard at the entrance to confirm user identity.
  • Install a camera and DVR at the entrance to monitor access. (Correct)
  • Install a motion detector near the entrance

Answer : Install a camera and DVR at the entrance to monitor access.

After an audit, it was discovered that the security group memberships were not properly adjusted for employees’ accounts when they moved from one role to another.   
Which of the following has the organization failed to properly implement? (Choose two.)  
A. Mandatory access control enforcement. 
B. User rights and permission reviews. 
C. Technical controls over account management. 
D. Account termination procedures. 
E. Management controls over account management. 
F. Incident management and response plan


Options are :

  • B,D
  • A,C
  • B,E (Correct)
  • C,F
  • A,F

Answer : B,E

Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time.  
Which of the following does this illustrate?  

 


Options are :

  • System image capture
  • Chain of custody (Correct)
  • Record time offset
  • Order of volatility

Answer : Chain of custody

Which of the following is a best practice when a mistake is made during a forensics examination? 


Options are :

  • The examiner should document the mistake and workaround the problem. (Correct)
  • The examiner should disclose the mistake and assess another area of the disc.
  • The examiner should verify the tools before, during, and after an examination.
  • The examiner should attempt to hide the mistake during cross-examination.

Answer : The examiner should document the mistake and workaround the problem.

The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?  


Options are :

  • Change management
  • Routine auditing (Correct)
  • User permissions reviews
  • Incident response team

Answer : Routine auditing

A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel.   
Which of the following should be in place to meet these two goals? (Choose two.)  
A. Patch Audit Policy 
B. Change Control Policy 
C. Incident Management Policy 
D. Regression Testing Policy 
E. Escalation Policy 
F. Application Audit Policy


Options are :

  • A,F
  • C,E
  • C,D
  • A,B
  • B,D (Correct)

Answer : B,D

A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that:  



Options are :

  • time offset can be calculated. (Correct)
  • HDD hashes are accurate.
  • the NTP server works properly.
  • chain of custody is preserved.

Answer : time offset can be calculated.

 To ensure proper evidence collection, which of the following steps should be performed FIRST?  


Options are :

  • Review logs
  • Take hashes from the live system
  • Copy all compromised files
  • Capture the system image (Correct)

Answer : Capture the system image

A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?  


Options are :

  • Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.
  • Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned. (Correct)
  • Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.
  • Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.

Answer : Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.

The security manager received a report that an employee was involved in illegal activity and has saved data to a workstation’s hard drive. During the investigation, local law enforcement’s criminal division confiscates the hard drive as evidence.   Which of the following forensic procedures is involved?  
 


Options are :

  • Take hashes
  • System image
  • Chain of custody (Correct)
  • Order of volatility

Answer : Chain of custody

Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?  
 


Options are :

  • Database fingerprinting
  • Endpoint protection (Correct)
  • Content discovery
  • Email scanning

Answer : Endpoint protection

Developers currently have access to update production servers without going through an approval process.  Which of the following strategies would BEST mitigate this risk?  


Options are :

  • Clean desk policy
  • Incident management
  • Change management (Correct)
  • Routine audits

Answer : Change management

Who should be contacted FIRST in the event of a security breach?  


Options are :

  • Software vendors
  • Incident response team (Correct)
  • Forensics analysis team
  • Internal auditors

Answer : Incident response team

Which of the following is the BEST approach to perform risk mitigation of user access control rights?  
 


Options are :

  • Perform routine user permission reviews. (Correct)
  • Conduct surveys and rank the results.
  • Implement periodic vulnerability scanning.
  • Disable user accounts that have not been used within the last two weeks.

Answer : Perform routine user permission reviews.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions