Question 1

A director of IR is reviewing a report regarding several recent breaches. The director compiles the following statistic's -Initial IR engagement time frame -Length of time before an executive management notice went out -Average IR phase completion The director wants to use the data to shorten the response time. Which of the following would accomplish this?

Accepted Answer

Tabletop exercises can help identify gaps and improve the efficiency of incident response processes, thereby potentially shortening response times.

Question 2

The Chief Technology Officer (CTO) of a company, Ann, is putting together a hardware budget for the next 10 years. She is asking for the average lifespan of each hardware device so that she is able to calculate when she will have to replace each device. Which of the following categories BEST describes what she is looking for?

Accepted Answer

The answer of The Chief Technology Officer (CTO) of a...

Question 3

After a routine audit, a company discovers that engineering documents have been leaving the network on a particular port. The company must allow outbound traffic on this port, as it has a legitimate business use. Blocking the port would cause an outage. Which of the following technology controls should the company implement?

Accepted Answer

Data Loss Prevention (DLP) can monitor and control the data leaving the network, ensuring sensitive information does not leave through the port while allowing legitimate business traffic.

Question 4

Which of the following cryptographic algorithms is irreversible?

Accepted Answer

SHA-256 is a one-way hash function, which means that it is irreversible.

Question 5

A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred?

Accepted Answer

The answer of A workstation puts out a network request...

Question 6

A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to modify the contents of a confidential database, as well as other managerial permissions. On Monday morning, the database administrator reported that log files indicated that several records were missing from the database. Which of the following risk mitigation strategies should have been implemented when the supervisor was demoted?

Accepted Answer

When the supervisor was demoted, their access rights should have been reviewed and adjusted immediately to prevent unauthorized access. Monthly user rights reviews would help ensure that permissions are updated in a timely manner following changes in roles or responsibilities.

Question 7

A security administrator is configuring a new network segment, which contains devices that will be accessed by external users, such as web and FTP server. Which of the following represents the MOST secure way to configure the new network segment?

Accepted Answer

The most secure way to configure the network segment for devices accessed by external users is to place it on a separate VLAN and configure firewall rules to allow only the necessary external traffic. This isolates the segment from the internal network, reducing the risk of unauthorized access to internal resources.

Question 8

A network technician is setting up a segmented network that will utilize a separate ISP to provide wireless access to the public area for a company. Which of the following wireless security methods should the technician implement to provide basic accountability for access to the public network?

Accepted Answer

A captive portal is used to provide basic accountability by requiring users to authenticate or agree to terms before accessing the network, which is suitable for public access.

Question 9

Which of the following types of attacks precedes the installation of a rootkit on a server?

Accepted Answer

Privilege escalation is often used to gain the necessary access to install a rootkit on a server.

Question 10

An organization is comparing and contrasting migration from its standard desktop configuration to the newest version of the platform. Before this can happen, the Chief Information Security Officer (CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. In which of the following principles of architecture and design is the CISO engaging?

Accepted Answer

The answer of An organization is comparing and contrasting migration...

Question 11

Joe is exchanging encrypted email with another party. Joe encrypts the initial email with a key. When Joe receives a response, he is unable to decrypt the response with the same key he used initially. Which of the following would explain the situation?

Accepted Answer

Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes.

Question 12

Phishing emails frequently take advantage of high-profile catastrophes reported in the news. Which of the following principles BEST describes the weakness being exploited?

Accepted Answer

Phishing emails exploiting high-profile catastrophes often rely on social proof, as they leverage the widespread attention and concern these events generate to trick individuals into believing the legitimacy of the email.

Question 13

A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Select two.)

Accepted Answer

The answer of A security administrator suspects a MITM attack...

Question 14

An employee uses RDP to connect back to the office network. If RDP is misconfigured, which of the following security exposures would this lead to?

Accepted Answer

If RDP is misconfigured, it could be vulnerable to a man-in-the-middle attack, where an attacker intercepts the communication and captures the employee's username and password.

Question 15

An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented?

Accepted Answer

Multifactor authentication requires two or more different types of factors. Fingerprints are a biometric factor, so adding a signature, which is a knowledge-based factor, provides multifactor authentication. Other biometric options like facial recognition, palm geometry, or iris recognition do not add a different factor type.

Question 16

A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the Internet. Which of the following should be used in the code? (Select TWO.)

Accepted Answer

The answer of A software developer wants to ensure that...

Question 17

Audit logs from a small company's vulnerability scanning software show the following findings: Destinations scanned: -Server001- Internal human resources payroll server -Server101-Internet-facing web server -Server201- SQL server for Server101 -Server301-Jumpbox used by systems administrators accessible from the internal network Validated vulnerabilities found: -Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software -Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software -Server201-OS updates not fully current -Server301- Accessible from internal network without the use of jumpbox -Server301-Vulnerable to highly publicized exploit that can elevate user privileges Assuming external attackers who are gaining unauthorized information are of the highest concern, which of the following servers should be addressed FIRST?

Accepted Answer

Server101 is an internet-facing web server and is vulnerable to a buffer overflow exploit that may allow attackers to install software. This poses a significant risk as it is exposed to external threats, making it the highest priority to address.

Question 18

Joe, the security administrator, sees this in a vulnerability scan report: "The server 10.1.2.232 is running Apache 2.2.20 which may be vulnerable to a mod_cgi exploit." Joe verifies that the mod_cgi module is not enabled on 10.1.2.232. This message is an example of:

Accepted Answer

The message is a false positive because the vulnerability scan reports a potential issue that does not actually exist, as the mod_cgi module is not enabled on the server.

Question 19

A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test. Which of the following has the administrator been tasked to perform?

Accepted Answer

A vulnerability assessment identifies and reports on actual flaws and weaknesses in the infrastructure without exploiting them, ensuring no damage to the system, which aligns with the requirements stated.

Question 20

Which of the following is the GREATEST risk to a company by allowing employees to physically bring their personal smartphones to work?

Accepted Answer

Allowing employees to bring personal smartphones increases the risk of unauthorized photography of sensitive information and equipment, which can lead to data breaches or intellectual property theft.

Exam 15: CompTIA Security+