Question 1

A company wants to ensure users are only logging into the system from their laptops when they are on site. Which of the following would assist with this?

Accepted Answer

Geofencing can be used to create a virtual boundary around a specific location, ensuring that users can only log in when they are physically on site.

Question 2

A developer has incorporated routines into the source code for controlling the length of the input passed to the program. Which of the following types of vulnerabilities is the developer protecting the code against?

Accepted Answer

The developer is protecting against buffer overflow vulnerabilities, which occur when input data exceeds the allocated buffer size, potentially leading to code execution or crashes.

Question 3

Joe, an employee, asks a coworker how long ago Ann started working at the help desk. The coworker expresses surprise since nobody named Ann works at the help desk. Joe mentions that Ann called several people in the customer service department to help reset their passwords over the phone due to unspecified "server issues". Which of the following has occurred?

Accepted Answer

Joe's interaction suggests a social engineering attack, where someone impersonates an employee to gain sensitive information or access, in this case, by pretending to be Ann to reset passwords.

Question 4

An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential incidents in the company. The vertical axis indicates the likelihood of an incident, while the horizontal axis indicates the impact.  Which of the following is this table an example of?

Accepted Answer

The answer of An analyst generates the following color-coded table...

Question 5

After reports of slow internet connectivity, a technician reviews the following logs from a server's host-based firewall:  Which of the following can the technician conclude after reviewing the above logs?

Accepted Answer

The answer of After reports of slow internet connectivity, a...

Question 6

A technician has discovered a crypto-virus infection on a workstation that has access to sensitive remote resources. Which of the following is the immediate NEXT step the technician should take?

Accepted Answer

Disabling the network connections immediately helps prevent the virus from spreading to other systems and accessing sensitive remote resources.

Question 7

A company has just completed a vulnerability scan of its servers. A legacy application that monitors the HVAC system in the datacenter presents several challenges, as the application vendor is no longer in business. Which of the following secure network architecture concepts would BEST protect the other company servers if the legacy server were to be exploited?

Accepted Answer

An air gap is a physical separation between networks, which would prevent the spread of an attack from the legacy server to other company servers.

Question 8

A security engineer implements multiple technical measures to secure an enterprise network. The engineer also works with the Chief Information Officer (CIO) to implement policies to govern user behavior. Which of the following strategies is the security engineer executing?

Accepted Answer

Control diversity involves using multiple types of controls, such as technical measures and policies, to enhance security.

Question 9

A network technician is designing a network for a small company. The network technician needs to implement an email server and web server that will be accessed by both internal employees and external customers. Which of the following would BEST secure the internal network and allow access to the needed servers?

Accepted Answer

A DMZ (Demilitarized Zone) segment allows external users to access the email and web servers while keeping the internal network secure from external threats.

Question 10

Datacenter employees have been battling alarms in a datacenter that has been experiencing hotter than normal temperatures. The server racks are designed so all 48 rack units are in use, and servers are installed in any manner in which the technician can get them installed. Which of the following practices would BEST alleviate the heat issues and keep costs low?

Accepted Answer

Using hot and cold aisles is a cost-effective method to manage airflow and reduce heat by separating the intake and exhaust air paths, improving cooling efficiency without additional equipment costs.

Question 11

An office recently completed digitizing all its paper records. Joe, the data custodian, has been tasked with the disposal of the paper files, which include: Intellectual property Payroll records Financial information Drug screening results Which of the following is the BEST way to dispose of these items?

Accepted Answer

The answer of An office recently completed digitizing all its...

Question 12

A systems administrator needs to integrate multiple IoT and small embedded devices into the company's wireless network securely. Which of the following should the administrator implement to ensure low-power and legacy devices can connect to the wireless network?

Accepted Answer

The answer of A systems administrator needs to integrate multiple...

Question 13

The Chief Executive Officer (CEO) received an email from the Chief Financial Officer (CFO), asking the CEO to send financial details. The CEO thought it was strange that the CFO would ask for the financial details via email. The email address was correct in the "From" section of the email. The CEO clicked the form and sent the financial information as requested. Which of the following caused the incident?

Accepted Answer

The incident was likely caused by the lack of SPF (Sender Policy Framework) being enabled, which would allow email spoofing to occur. This means that an attacker could send an email that appears to come from a legitimate address, such as the CFO's, leading the CEO to believe the request was genuine.

Question 14

Two companies are enabling TLS on their respective email gateways to secure communications over the Internet. Which of the following cryptography concepts is being implemented?

Accepted Answer

TLS is used to secure data in transit by encrypting the communication between email gateways over the Internet.

Question 15

A water utility company has seen a dramatic increase in the number of water pumps burning out. A malicious actor was attacking the company and is responsible for the increase. Which of the following systems has the attacker compromised?

Accepted Answer

SCADA (Supervisory Control and Data Acquisition) systems are used to control and monitor industrial processes, such as water utility operations. Compromising SCADA systems can lead to the malfunctioning of equipment like water pumps.

Question 16

A security, who is analyzing the security of the company's web server, receives the following output:  Which of the following is the issue?

Accepted Answer

The answer of A security, who is analyzing the security...

Question 17

A user needs to transmit confidential information to a third party. Which of the following should be used to encrypt the message?

Accepted Answer

The answer of A user needs to transmit confidential information...

Question 18

Which of the following control types would a backup of server data provide in case of a system issue?

Accepted Answer

A backup of server data is a corrective control because it helps to restore data and systems to their original state after an issue has occurred.

Question 19

A security analyst identified an SQL injection attack. Which of the following is the FIRST step in remediating the vulnerability?

Accepted Answer

Implementing input validations is the first step in remediating an SQL injection vulnerability, as it ensures that only properly formatted data is processed by the application, preventing malicious input from being executed.

Question 20

A security analyst believes an employee's workstation has been compromised. The analyst reviews the system logs, but does not find any attempted logins. The analyst then runs the diff command, comparing the C:\Windows\System32 directory and the installed cache directory. The analyst finds a series of files that look suspicious. One of the files contains the following commands:  Which of the following types of malware was used?

Accepted Answer

The answer of A security analyst believes an employee's workstation...

Exam 15: CompTIA Security+