Question 1

A user is unable to obtain an IP address from the corporate DHCP server. Which of the following is MOST likely the cause?

Accepted Answer

Resource exhaustion is the most likely cause of a user being unable to obtain an IP address from the corporate DHCP server. When the DHCP server runs out of available IP addresses to assign, it will stop responding to DHCP requests.

Question 2

An information security specialist is reviewing the following output from a Linux server.  Based on the above information, which of the following types of malware was installed on the server? /local/

Accepted Answer

The answer of An information security specialist is reviewing the...

Question 3

A junior systems administrator noticed that one of two hard drives in a server room had a red error notification. The administrator removed the hard drive to replace it but was unaware that the server was configured in an array. Which of the following configurations would ensure no data is lost?

Accepted Answer

RAID 1 is a mirroring configuration where data is duplicated across two drives. If one drive fails, the data is still available on the other drive, ensuring no data is lost.

Question 4

An organization uses SSO authentication for employee access to network resources. When an employee resigns, as per the organization's security policy, the employee's access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action?

Accepted Answer

The organization's policy is to terminate access immediately upon resignation. Resetting the password would violate this policy and potentially give access to all network resources, not just the HR server.

Question 5

An organization wants to separate permissions for individuals who perform system changes from individuals who perform auditing of those system changes. Which of the following access control approaches is BEST suited for this?

Accepted Answer

Separating administrators and auditors into different groups with specific permissions ensures that auditors can only read system logs, maintaining the integrity of the audit process without the ability to alter system changes.

Question 6

A system in the network is used to store proprietary secrets and needs the highest level of security possible. Which of the following should a security administrator implement to ensure the system cannot be reached from the Internet?

Accepted Answer

An air gap is a security measure that physically isolates a system from any network, including the Internet, ensuring it cannot be accessed remotely.

Question 7

The concept of connecting a user account across the systems of multiple enterprises is BEST known as:

Accepted Answer

Federation refers to the linking of a user's identity across multiple systems and organizations, allowing for seamless access and authentication across different enterprises.

Question 8

A security analyst observes the following events in the logs of an employee workstation:  Given the information provided, which of the following MOST likely occurred on the workstation?

Accepted Answer

The answer of A security analyst observes the following events...

Question 9

A security analyst runs a monthly file integrity check on the main web server. When analyzing the logs, the analyst observed the following entry:  No OS patches were applied to this server during this period. Considering the log output, which of the following is the BEST conclusion?

Accepted Answer

The answer of A security analyst runs a monthly file...

Question 10

A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company's executives. Which of the following intelligence sources should the security analyst review?

Accepted Answer

Industry information-sharing and collaboration groups provide insights into the latest threats and attack vectors targeting specific industries, including those that may target company executives.

Question 11

An auditor is reviewing the following output from a password-cracking tool:  Which of the following methods did the author MOST likely use?

Accepted Answer

The answer of An auditor is reviewing the following output...

Question 12

After a user reports slow computer performance, a system administrator detects a suspicious file, which was installed as part of a freeware software package. The systems administrator reviews the output below:  Based on the above information, which of the following types of malware was installed on the user's computer?

Accepted Answer

The answer of After a user reports slow computer performance,...

Question 13

A security analyst is implementing mobile device security for a company. To save money, management has decided on a BYOD model. The company is most concerned with ensuring company data will not be exposed if a phone is lost or stolen. Which of the following techniques BEST accomplish this goal? (Choose two.)

Accepted Answer

Full device encryption ensures that all data on the device is encrypted, protecting it if the device is lost or stolen. Remote wipe allows the company to erase all data on the device remotely, ensuring that sensitive information is not exposed.

Question 14

An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the incident could have been prevented?

Accepted Answer

The answer of An analyst has determined that a server...

Question 15

During an audit, the auditor requests to see a copy of the identified mission-critical applications as well as their disaster recovery plans. The company being audited has an SLA around the applications it hosts. With which of the following is the auditor MOST likely concerned?

Accepted Answer

The auditor is most likely concerned with the Recovery Time Objective (RTO) and Recovery Point Objective (RPO), which are key components of disaster recovery plans and are critical for ensuring that mission-critical applications can be restored within acceptable timeframes and data loss limits.

Question 16

A system's administrator has finished configuring firewall ACL to allow access to a new web answer.  The security administrator confirms form the following packet capture that there is network traffic from the internet to the web server:  The company's internal auditor issues a security finding and requests that immediate action be taken. With which of the following is the auditor MOST concerned?

Accepted Answer

The answer of A system's administrator has finished configuring firewall...

Question 17

A black hat hacker is enumerating a network and wants to remain convert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being convert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?

Accepted Answer

Network sniffer mode allows the hacker to passively capture data packets without actively interacting with the network, making it more covert.

Question 18

An attacker is attempting to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:  Which of the following should the analyst recommend be enabled?

Accepted Answer

The answer of An attacker is attempting to harvest user...

Question 19

A systems administrator wants to implement a secure wireless network requiring wireless clients to pre-register with the company and install a PKI client certificate prior to being able to connect to the wireless network. Which of the following should the systems administrator configure?

Accepted Answer

EAP-TLS requires clients to have a client-side certificate, which aligns with the requirement for wireless clients to pre-register and install a PKI client certificate.

Question 20

Which of the following impacts are associated with vulnerabilities in embedded systems? (Choose two.)

Accepted Answer

The answer of Which of the following impacts are associated...

Exam 15: CompTIA Security+