Prepare for the CompTIA Security+ SY0-601 exam with our free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
You receive a call and the caller ID indicates that it is from your bank. You answer and are told that your account has been compromised. The person on the phone says that before they can proceed you need to verify your account number and security pin. What term best describes this type of social engineering attack?
Vishing
Spear phishing
Phishing
Whaling
Smishing
Vishing (also called voice phishing) is conducting phishing attacks using telephony. This often involves using VoIP features such as caller ID spoofing to avoid detection.
Voice phishing, or vishing, is the use of telephony (often Voice over IP telephony) to conduct phishing attacks. Landline telephone services have traditionally been trustworthy; terminated in physical locations known to the telephone company, and associated with a bill-payer. Now however, vishing fraudsters often use modern Voice over IP (VoIP) features such as caller ID spoofing and automated systems (IVR) to impede detection by law enforcement agencies. Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals. Usually, voice phishing attacks are conducted using automated text-to-speech systems that direct a victim to call a number controlled by the attacker, however some use live callers. Posing as an employee of a legitimate body such as the bank, police, telephone or internet provider, the fraudster attempts to obtain personal details and financial information regarding credit card, bank accounts (e.g. the PIN), as well as personal information of the victim. With the received information, the fraudster might be able to access and empty the account or commit identity fraud. Some fraudsters may also try to persuade the victim to transfer money to another bank account or withdraw cash to be given to them directly. Callers also often pose as law enforcement or as an Internal Revenue Service employee. Scammers often target immigrants and the elderly, who are coerced to wire hundreds to thousands of dollars in response to threats of arrest or deportation.Bank account data is not the only sensitive information being targeted. Fraudsters sometimes
Voice_phishing - Wikipedia, the free encyclopediaWhich feature of MDM allows for the logical separation of work and personal tasks/storage on an employee's personal device?
Containerization
Application management
Content management
Storage segmentation
Containerization allows for the use of containers to virtually segment a device into separate computing environments. These environments are functionally completely different systems that cannot interact with each other or share resources.
In software engineering, containerization is operating system-level virtualization or application-level virtualization over multiple network resources so that software applications can run in isolated user spaces called containers in any cloud or non-cloud environment, regardless of type or vendor.
Containerization_(computing) - Wikipedia, the free encyclopediaYour organization is facing litigation, and as part of the legal process, you are required to produce relevant digital documents and emails within a strict timeframe. You must ensure the integrity and authenticity of the evidence is maintained throughout the process. What is the most important initial step in the e-discovery process when responding to this legal request?
Issuing a legal hold to prevent the deletion of relevant data
Interviewing potential witnesses to gain more context about the incident
Beginning the metadata analysis of documents to locate pertinent information
Acquiring a forensic image of devices and systems involved
Issuing a legal hold is the correct first step in the e-discovery process. A legal hold is a directive to preserve all forms of relevant information when litigation is reasonably anticipated. The preservation of this information is critical to prevent data tampering, deletion, or any other actions that could compromise the integrity of the evidence. Although all other options listed are essential parts of the process, they follow the initial preservation step ensured by a legal hold.
At Acme Corp, a policy requires all employees to take at least five consecutive business days of vacation each year. What is the primary security benefit of this policy?
It enables the detection of fraud or policy violations that might be covered by the absent employee.
It decreases the organization's reliance on any single employee by ensuring cross-training.
It reduces the cost of personnel by encouraging employees to use their vacation days.
It ensures that no employee becomes a bottleneck to productivity due to their absences.
Mandatory vacation policies are principally designed to act as a preventative and detective control. When employees are away from their duties, others must fill in and handle their responsibilities, potentially revealing any irregularities, fraud, or unauthorized activities that the absent employee may have been concealing. It's an opportunity for the organization to audit and verify the integrity of the employee's work. Answer A is correct because it directly addresses the primary security benefit of detecting fraudulent activities or policy violations that might otherwise go unnoticed. Answer B is incorrect as it misleads by focusing on productivity, which isn't directly related to the security aspect of the mandatory vacation. Answer C is incorrect because decreasing reliance on a single employee does not directly relate to revealing fraud or misconduct, it generally addresses continuity and operational dependency. Answer D is incorrect because it diverts attention to cost-reduction, which is not a primary security concern associated with mandatory vacation policies.
Proper configuration of HVAC systems can minimize the risk of hardware failure due to static electricity buildup.
False
True
The assertion is incorrect because HVAC systems are primarily responsible for regulating temperature and airflow to prevent hardware overheating but do not directly control static electricity buildup. Static electricity is typically managed through proper grounding and the use of antistatic mats, wristbands, and other ESD (electrostatic discharge) controls.
A government agency is designing a secure communication room where highly confidential conversations can take place without risk of electronic eavesdropping through radio frequency (RF) signals. Which of the following would most effectively ensure that RF signals cannot enter or leave the room?
Installing a Faraday cage around the room
Soundproofing the room with acoustic foam
Using TEMPEST shielding for all computers and phones inside the room
Building the walls of the room with reinforced concrete
A Faraday cage is specifically designed to block external static and non-static electric fields by channeling electricity throughout the cage's conducting material, thus protecting the contents inside from electric charges and electromagnetic radiation. It is used in secure facilities to prevent electronic eavesdropping and unintended RF communication. Tempest shielding, while related to blocking external signals, is more about mitigating emanations from electronic equipment rather than creating a physical barrier. On the other hand, a soundproof room and a reinforced concrete wall may provide certain levels of protection against eavesdropping and RF signals, but neither is specifically designed to prevent RF signal leakage like a Faraday cage.
When conducing digital forensics, order of volatility is an important consideration during the collection of data after an incident. With order of volatility in mind, which type of memory should evidence be collected from first?
Cache
Pagefile
Hard drive
RAM
The order of volatility states that cache memory is the most volatile and should be collected first. Being volatile means that when power is removed from the system the contents of that memory will be lost.
In computing, a cache ( KASH) is a hardware or software component that stores data so that future requests for that data can be served faster; the data stored in a cache might be the result of an earlier computation or a copy of data stored elsewhere. A cache hit occurs when the requested data can be found in a cache, while a cache miss occurs when it cannot. Cache hits are served by reading data from the cache, which is faster than recomputing a result or reading from a slower data store; thus, the more requests that can be served from the cache, the faster the system performs.To be cost-effective, caches must be relatively small. Nevertheless, caches are effective in many areas of computing because typical computer applications access data with a high degree of locality of reference. Such access patterns exhibit temporal locality, where data is requested that has been recently requested, and spatial locality, where data is requested that is stored near data that has already been requested.
Cache_(computing) - Wikipedia, the free encyclopediaA company has a strict policy against unauthorized recording of conversations during confidential meetings. To adhere to this policy when using mobile devices issued to employees, which of the following is the BEST solution to prevent unauthorized use of the microphone during these meetings?
Geofencing to disable microphones in secure areas
Installing a mobile antivirus with audio protection features
Physical removal of the microphone from mobile devices
Disallow all applications from requesting microphone access
Mandatory use of headphones without a built-in microphone
Geofencing is the correct answer as it enables the organization to enforce policies based on the physical location of the device. By using geofencing, the organization can automatically disable the microphone on corporate mobile devices within the defined geographic boundaries of confidential meeting areas, thereby preventing unauthorized recordings without impeding the microphone usage outside of these areas.
You want to limit the company losses/downtime in the event that there is data loss so you institute a data backup and recovery strategy. Which control type is being used?
Detective
Preventive
Deterrent
Compensating
Corrective
Corrective controls are controls that are designed to “correct” damages caused by an incident. A data backup and recovery strategy is intended to correct damages that result from data loss.
Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information. Systems of controls can be referred to as frameworks or standards. Frameworks can enable an organization to manage security controls across different types of assets with consistency.
Security_controls - Wikipedia, the free encyclopediaA medium-sized organization wants to improve its security posture by updating the way security training is delivered to its employees. They have decided to switch from in-person training sessions to an online platform that allows employees to complete security training modules at their own pace. What type of security awareness initiative does this represent?
Role-based training
Mandatory vacation
Computer-based training (CBT)
Web-based seminars
The correct answer is Computer-based training (CBT) because it describes a type of training that is delivered through an electronic platform, often online, allowing self-paced learning. This type of training is scalable for medium to large organizations and can be updated easily to reflect new threats or compliance requirements. Web-based seminars are incorrect as they are usually live or pre-recorded presentations delivered online at scheduled times, not self-paced. Role-based training and Mandatory vacation do not fit the description; role-based training is specifically tailored to the role of the individual within the company, and mandatory vacation is a policy used to help discover fraud or other indiscretions within the organization when an employee is away from work, unrelated to the training method.
You are in the discovery/reconnaissance phase of a penetration test. You decided to use automated scanning software to gather recon data on the network under test before you attempt to penetrate. Which of the following could you use to preform this task?
Sn1per
Cuckoo
curl
theHarvester
Sn1per is an automated scanner that can be used to automate the process of collecting data for exploration and penetration testing.
You are responsible for network security within your employer's network architecture team. Your team is implementing a new network that can allow unauthenticated WiFi users access to the internet without allowing them access to any internal systems. What type of WiFi network is this?
Guest
DMZ
Extranet
NAT
This type of WiFi network is called Guest WiFi. Guest WiFi's are intended for external users like subcontractors or 3rd party partners. It could also be permitted for employees personnel devices. In some cases the Guest WiFi may also allow restricted access to internal resources, but this needs to be properly secured to ensure access is limited as much as possible.
When reviewing a security assessment report, analysts notice that several security incidents coincide with outgoing traffic spikes at regular intervals. What is the most likely explanation for these observations?
Command and Control (C2) server communication is likely causing the traffic spikes and related security incidents.
An internal user is downloading large files periodically, which aligns with the traffic spikes.
The organization is experiencing normal traffic burst due to scheduled backups.
The web server is performing automatic updates at set intervals, causing the observed traffic.
Regular intervals of outgoing traffic spikes associated with security incidents are indicative of a Command and Control (C2) server communication from compromised internal hosts, as this pattern suggests that the hosts are potentially part of a botnet receiving instructions from an external control server. Incorrect options revolve around red herrings that describe plausible scenarios but do not fit the provided pattern as closely as the C2 server communication does.
A developer is designing a web application and wants to ensure that detailed error messages do not expose sensitive system information to potential attackers. Which approach should the developer take when implementing error handling for the web application to enhance security?
Display a generic error message to the user and log the details of the error internally for review by developers.
Customize HTTP response codes to indicate the specific type of error that occurred.
Redirect the user to the home page whenever an error occurs without displaying any message.
Provide detailed error messages including system architecture and software version numbers.
Displaying a generic error message without details about the system architecture or software versions is the correct approach because it prevents attackers from gaining insights into the underlying system, which could assist in crafting targeted attacks. Providing excessive details can inadvertently supply attackers with valuable information. Logging the error internally is useful for debugging but does not directly address the concern of exposing details to the user. Redirecting to the home page could create usability concerns and may not address the root issue of sensitive error disclosures. Customizing HTTP response codes is not a sufficient method for obscuring sensitive error information because these codes could still reveal system characteristics.
What is the primary purpose of utilizing a hash function on a set of data?
To transform the data into a lower-case format for normalized comparison.
To compress the data into a smaller format for efficient storage.
To produce a fixed-size output that uniquely represents the data.
To obfuscate the data to protect sensitive information from being accessed.
The correct answer is 'To produce a fixed-size output that uniquely represents the data.' Hash functions are designed to take an input (or 'message') and return a fixed-size string of bytes. The output, called the hash value (or 'digest'), typically looks much different from the input and is unique to the original piece of data. This uniqueness property makes hashing useful for data integrity checks since any change to the data will result in a different hash value. The incorrect options either do not accurately describe the primary purpose of hashing or describe attributes of other security mechanisms (e.g., encryption, tokenization).
Looks like thats it! You can go back and review your answers or click the button below to grade your test.
Join premium for unlimited access and more features