Prepare for the CompTIA Security+ SY0-601 exam with our free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
You are a super 1337 hacker who just discovered a vulnerability in an operating system. You do some research and find nothing online regarding this exploit and believe you are the first to find it. What option would be the correct classification of this vulnerability?
Zero day
Denial of Service
North/South
East/West
Spoof
Brute force
OBJ-1.6: A zero-day attack happens once that flaw, or software/hardware vulnerability, is exploited, and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability, hence the term zero-day.
A zero-day (also known as a 0-day) is a vulnerability in a computer system that was previously unknown to its developers or anyone capable of mitigating it. Until the vulnerability is mitigated, threat actors can exploit it. An exploit taking advantage of a zero-day is called a zero-day exploit, or zero-day attack. The term "zero-day" originally referred to the number of days since a new piece of software was released to the public, so "zero-day software" was obtained by hacking into a developer's computer before release. Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them. Vendors who discover the vulnerability may create patches or advise workarounds to mitigate it. Still users need to deploy the mitigation to eliminate the vulnerability in their systems. Zero-day attacks are severe threats.
Zero-day_(computing) - Wikipedia, the free encyclopediaWhat type of backup is a copy of the entire state of a system and it can be used to restore that system and other similar systems to that exact state/configuration?
Image
Full
Differential
Incremental
A system image is a copy of the entire state of a system. That image can be used as a way to restore the system it came from to that exact state or it can be copied onto other similar system to bring them all to a uniform state.
In computing, a system image is a serialized copy of the entire state of a computer system stored in some non-volatile form such as a file. A system is said to be capable of using system images if it can be shut down and later restored to exactly the same state. In such cases, system images can be used for backup. Hibernation is an example that uses an image of the entire machine's RAM.
System_image - Wikipedia, the free encyclopediaYour employer has a large team of software developers with constantly changing codebases for dozens of internal applications. As a part of change control any code changes go through an automated vulnerability scanning process which checks for known vulnerabilities in frameworks, programming languages, dependencies and the code itself. Due to business pressure these scans have been largely ignored and there are currently over a thousand issues found by the automated scanning. You are tasked with working with the developers and remedying 100% of the issues. What should you do next?
Identify any false positives to reduce the number of items to remediate
Implement an approval step for all code changes that requires no security issues prior to updates
Stop all deployments, code changes and updates until the vulnerabilities are fixed
Organize the vulnerabilities by criticality and begin planning for solutions for the most critical vulnerabilities first
In this scenario the best option for next steps is to organize the vulnerabilities by criticality. Some may be very important and represent significant risk, while others may be false positive or very minor issues. Most scanning solutions will have this information readily available. There is no way to identify false positives without going through each and every one, and halting all code changes would likely cause major disruptions to the business. The logical next step is to begin planning and focus on the worst issues first.
Data integrity is the concept that you can trust that a piece of data is complete and has not been altered or tampered with. Which of the following technologies can be used to ensure the integrity of data?
Authentication
Checksum
Confidentiality
Encryption
A checksum is a sequence of numbers generated by a checksum algorithm (such as check digits and parity bits) used to validate the integrity of data by comparing a calculated checksum to a previously calculated checksum value. Matching values indicate that the data has not been changed.
A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. By themselves, checksums are often used to verify data integrity but are not relied upon to verify data authenticity.The procedure which generates this checksum is called a checksum function or checksum algorithm. Depending on its design goals, a good checksum algorithm usually outputs a significantly different value, even for small changes made to the input. This is especially true of cryptographic hash functions, which may be used to detect many data corruption errors and verify overall data integrity; if the computed checksum for the current data input matches the stored value of a previously computed checksum, there is a very high probability the data has not been accidentally altered or corrupted. Checksum functions are related to hash functions, fingerprints, randomization functions, and cryptographic hash functions. However, each of those concepts has different applications and therefore different design goals. For instance, a function returning the start of a string can provide a hash appropriate for some applications but will never be a suitable checksum. Checksums are used as cryptographic primitives in larger authentication algorithms. For cryptographic systems with these two specific design goals, see HMAC. Check digits and parity bits are special cases of checksums, appropriate for small blocks of data (such as Social Security numbers, bank account numbers, computer words, single bytes, etc.). Some error-correcting codes are based
Checksum - Wikipedia, the free encyclopediaThe software section of the security team has been asked to review the source code for a program being developed. They are being asked to look for any coding errors or possible security vulnerabilities. This is what type of application security review?
Fuzzing
Static code analysis
Secure coding
Dynamic code analysis
Static code analysis is the analysis of software code without executing the software. Reviewing the lines of a program’s/software’s source code is a type of static code analysis. Dynamic code analysis is performed while it is being executed.
In computer science, static program analysis (or static analysis) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution.The term is usually applied to analysis performed by an automated tool, with human analysis typically being called "program understanding", program comprehension, or code review. In the last of these, software inspection and software walkthroughs are also used. In most cases the analysis is performed on some version of a program's source code, and, in other cases, on some form of its object code.
Static_program_analysis - Wikipedia, the free encyclopediaYou want to limit the company losses/downtime in the event that there is data loss so you institute a data backup and recovery strategy. Which control type is being used?
Compensating
Corrective
Preventive
Detective
Deterrent
Corrective controls are controls that are designed to “correct” damages caused by an incident. A data backup and recovery strategy is intended to correct damages that result from data loss.
Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information. Systems of controls can be referred to as frameworks or standards. Frameworks can enable an organization to manage security controls across different types of assets with consistency.
Security_controls - Wikipedia, the free encyclopediaYour employer has decided to move part of their operations to the cloud. The goal of this move is to free the company from having to maintain onsite data centers to run their software on. Which cloud model would the company want to utilize?
PaaS
SaaS
XaaS
IaaS
Infrastructure as a service (IaaS) is a cloud model where a company leases infrastructure services ( server, networking, storage, virtualization..) from a service provider while maintaining control of the software that runs on those resources. In software as a service (SaaS), the service provider provides a software solution for the company to use, example being Google Docs. In platform as a service (PaaS), the service provider provides a platform for development. Everything as a service (XaaS) is an umbrella term for all of the service offering.
Infrastructure as a service (IaaS) is a cloud computing service model by means of which computing resources are supplied by a cloud services provider. The IaaS vendor provides the storage, network, servers, and virtualization (which mostly refers, in this case, to emulating computer hardware). This service enables users to free themselves from maintaining an on-premises data center. The IaaS provider is hosting these resources in either the public cloud (meaning users share the same hardware, storage, and network devices with other users), the private cloud (meaning users do not share these resources), or the hybrid cloud (combination of both).It provides the customer with high-level APIs used to dereference various low-level details of underlying network infrastructure like backup, data partitioning, scaling, security, physical computing resources, etc. A hypervisor, such as Xen, Oracle VirtualBox, Oracle VM, KVM, VMware ESX/ESXi, or Hyper-V runs the virtual machines as guests. Pools of hypervisors within the cloud operational system can support large numbers of virtual machines as well as the ability to scale services up and down according to customers' varying requirements.
Infrastructure_as_a_service - Wikipedia, the free encyclopediaYou are the resident IT within your family. While relaxing and enjoying a family Thanksgiving dinner your sweet old Grandmother mentions that Microsoft called her cell phone and helped her with a virus on her computer. You explain to her that Microsoft does not call people directly to help with computer issues and that she was likely targeted by a malicious attacker. You scan her computer for viruses and find several. Your poor sweet old Grandmother was a victim of what type of attack?
phonejacking
Tailgaiting
Spear phishing
Vishing
Gran' was a victim of a voice phishing or vishing attack. This is the term used when an attacker contacts the victim via phone and attempts to steal personal information or by tricking the user to install malware on their computer. They may claim to be from a valid tech support company or vendor such as Microsoft or as a bill collector from a local utility company or anything in between.
Voice phishing, or vishing, is the use of telephony (often Voice over IP telephony) to conduct phishing attacks. Landline telephone services have traditionally been trustworthy; terminated in physical locations known to the telephone company, and associated with a bill-payer. Now however, vishing fraudsters often use modern Voice over IP (VoIP) features such as caller ID spoofing and automated systems (IVR) to impede detection by law enforcement agencies. Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals. Usually, voice phishing attacks are conducted using automated text-to-speech systems that direct a victim to call a number controlled by the attacker, however some use live callers. Posing as an employee of a legitimate body such as the bank, police, telephone or internet provider, the fraudster attempts to obtain personal details and financial information regarding credit card, bank accounts (e.g. the PIN), as well as personal information of the victim. With the received information, the fraudster might be able to access and empty the account or commit identity fraud. Some fraudsters may also try to persuade the victim to transfer money to another bank account or withdraw cash to be given to them directly. Callers also often pose as law enforcement or as an Internal Revenue Service employee. Scammers often target immigrants and the elderly, who are coerced to wire hundreds to thousands of dollars in response to threats of arrest or deportation.Bank account data is not the only sensitive information being targeted. Fraudsters sometimes
Voice_phishing - Wikipedia, the free encyclopediaThis is the point when a piece of equipment or software is no longer supported by the manufacturer, no further maintenance is provided or updates.
EOL
BPA
EOSL
SLA
End-of service-life (EOSL) is the point in the life of equipment or software when the manufacturer no longer provides support. This differs from end-of-life (EOL) since at EOL the equipment or software my no longer be sold but is usually still supported.
Crucial Technologies wants to make sure that they can get back up as fast as possible in the event that they need to relocate after a natural disaster. For the highest level of resiliency, which of the following sites should the company standup?
Warm site
Hot site
Cold site
Lukewarm site
A hot site is a backup site that is a near mirror of the primary site. In the event of a disruption to the primary site, a hot site can be ready and operating within hours. A cold site can be up within weeks. While a warm site can be up within days.
A backup site or work area recovery site is a location where an organization can relocate following a disaster, such as fire, flood, terrorist threat, or other disruptive event. This is an integral part of the disaster recovery plan and wider business continuity planning of an organization.A backup, or alternate, site can be another data center location which is either operated by the organization, or contracted via a company that specializes in disaster recovery services. In some cases, one organization will have an agreement with a second organization to operate a joint backup site. In addition, an organization may have a reciprocal agreement with another organization to set up a site at each of their data centers. Sites are generally classified based on how prepared they are and the speed with which they can be brought into operation: "cold" (facility is prepared), "warm" (equipment is in place), "hot" (operational data is loaded) –- with increasing cost to implement and maintain with increasing "temperature".
Backup_site - Wikipedia, the free encyclopediaYou just got a new Microsoft Windows laptop. The laptop includes a biometric fingerprint scanner to log into the laptop in addition to your unique username. What type of multi-factor authentication is your fingerprint?
Something you have
Something you are
Something you can do
Something you know
“Something you are” is some physical characteristic of the user. This can be a fingerprint, eye iris, voice, etc. These characteristics are referred to as biometrics.
Multi-factor authentication (MFA; two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password. A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication.
Multi-factor_authentication - Wikipedia, the free encyclopediaYou work for a startup as a founding member and run their newly formed IT department. You are setting up the first office which will be the primary location for all employees. You have been requested to setup an internet connection for the office as soon as possible, but feel that this is too risky without waiting until the firewall equipment you ordered has arrived. After the firewall is in place you feel the risks of an internet connection for the office are acceptable. What term describes the willingness to tolerate risk such as in this scenario?
Risk Deferral
Risk Appetite
Risk Analysis
Risk Mitigation
An organization's Risk Appetite determine's its willingness to take on risks. Any decision a business makes has risks (particularly in IT). Connecting to the internet is a risk because malicious actors could use the internet to access internal systems or phish users. Without a firewall the organization may not be willing to accept this risk, despite the benefits to the business. With the firewall however the risk is lowered and becomes acceptable. Every organizations Risk Appetite will be different.
Risk appetite is the level of risk that an organization is prepared to accept in pursuit of its objectives, before action is deemed necessary to reduce the risk. It represents a balance between the potential benefits of innovation and the threats that change inevitably brings. The ISO 31000 risk management standard refers to risk appetite as the "Amount and type of risk that an organization is prepared to pursue, retain or take". This concept helps guide an organization's approach to risk and risk management.
Risk_appetite - Wikipedia, the free encyclopediaA new company policy requires hardware encryption for certain highly confidential systems. These existing systems do not already have a hardware component that can provide this functionality. What is the easiest way to implement this new policy?
PKI
RADIUS
Trusted Platform Module
Hardware Security Module
For existing systems the best option to add additional hardware based encryption functionalities is using a Hardware Security Module (HSM). HSM's are usually stand alone devices that can be used by other systems or expansion cards that can be added. Trusted Platform Module could provide similar functionalities but are permanently embedded into a system, so to use a TPM the systems falling under this new policy would need to be replaced with new hardware that has a TPM.
Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard. One of Windows 11's system requirements is TPM 2.0. Microsoft has stated that this is to help increase security against firmware attacks.
Trusted_Platform_Module - Wikipedia, the free encyclopediaMalicious activity has been affecting various systems on your network. You want to put a system in place that can monitor network traffic and attempt to take defensive action when network intrusions are detected. Which of the following should you use?
NIDS
NIPS
HIPS
HIDS
A network intrusion prevention system (NIPS) is the only one of the choices that you can place to monitor your entire network for intrusions while at the same time attempting to prevent the intrusion. HIPS and HIDs are only for a single host, while NIDS will only detect an intrusion.
An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.IDS types range in scope from single computers to large networks. The most common classifications are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). A system that monitors important operating system files is an example of an HIDS, while a system that analyzes incoming network traffic is an example of an NIDS. It is also possible to classify IDS by detection approach. The most well-known variants are signature-based detection (recognizing bad patterns, such as malware) and anomaly-based detection (detecting deviations from a model of "good" traffic, which often relies on machine learning). Another common variant is reputation-based detection (recognizing the potential threat according to the reputation scores). Some IDS products have the ability to respond to detected intrusions. Systems with response capabilities are typically referred to as an intrusion prevention system. Intrusion detection systems can also serve specific purposes by augmenting them with custom tools, such as using a honeypot to attract and characterize malicious traffic.
Intrusion_detection_system - Wikipedia, the free encyclopediaYou are a security analyst and have networking monitoring solutions in place to detect strange or potentially malicious traffic. One of these solutions has sent an alert saying it detected outgoing network traffic from the company's network that was routing to a well-known malicious endpoint. Of the following options which is the most likely to be the cause of this traffic?
A colleague on your team is conducting a pentest
An infected server or user machine is attempting to contact a command-and-control server
A hacker is probing the company network from the outside
A user has attached confidential materials to an outgoing email
Some Malware will attempt to contact a Command-and-Control (C2) server or network to let the creators of the malware know it has infected a target. The malware will then be given commands remotely from the C2 server to steal data, infect more hosts or begin monitoring the infected device. The act of calling a C2 server is also called a beacon. The communication with known C2 addresses is a common sign that an infection has occurred within a network. One common use of this type of Malware is for a botnet. The C2 server may for example then send a command to all infected devices to initiate a Distributed Denial of Service (DDOS) attack (this is just one example).
Your bank has contacted you and informed you they recognized an unusual login with your username and password on their website. As a precaution they have locked your account and stated the login came from a foreign country. You run a security scan on your PC which finds malware. The description of the malware states that it intercepts normal web traffic from your browser executable. What type of attack best describes this?
Consensus attack
Domain hijacking
Amplification
Man-in-the-browser
A Man in the Browser (MitB is a type of man in the middle (MitM) attack using a Trojan Horse to infect the victim's computer. Once installed the trojan will use attempt to use known vulnerabilities in a browser's executable to intercept or modify web traffic. A successful MiTB can occur even with SSL/TLS and without the web application being aware of the attack.
Man-in-the-browser (MITB, MitB, MIB, MiB), a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a covert fashion invisible to both the user and host web application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or two- or three-factor authentication solutions are in place. A MitB attack may be countered by using out-of-band transaction verification, although SMS verification can be defeated by man-in-the-mobile (MitMo) malware infection on the mobile phone. Trojans may be detected and removed by antivirus software;, but a 2011 report concluded that additional measures on top of antivirus software were needed.A related, simpler attack is the boy-in-the-browser (BitB, BITB). The majority of financial service professionals in a 2014 survey considered MitB to be the greatest threat to online banking.
Man-in-the-browser - Wikipedia, the free encyclopediaYou have purchased brand new Cisco network routers and switches from your companies infrastructure supplier, Expert Infra, Inc. While working with the networking team to unbox them and begin setting them up you notice several of them look slightly different despite being the same make and model. What step should you take next?
Update the older looking models to the latest firmware from Cisco
Verify all the serial numbers with the manufacturer
Reject the different models and return them to Expert Infra, Inc.
Install the networking equipment
The slight difference in appearance between the devices is an indicator that some devices may be counterfeit. It is also possible the manufacture simply made small changes to the devices and you have received two versions. You should take the serial numbers and verify their authenticity with Cisco and then return them if they are indeed counterfeit.
Counterfeit electronic components are electronic parts whose origin or quality is deliberately misrepresented. Counterfeiting of electronic components can infringe the legitimate producer's trademark rights. Because counterfeit parts often have inferior specifications and/or quality, they may represent a hazard if incorporated into critical systems such as aircraft navigation, life support, military equipment, or space vehicles. The marketing of electronic components has been commoditized, making it easier for the counterfeiter to introduce substandard and counterfeit devices into the supply chain.
Counterfeit_electronic_components - Wikipedia, the free encyclopediaA shipping company wants to ensure that its organizational security policies prevent employees from approving a purchase and then being able to also make that purchase. What type of control should be within those policies to mitigate against that happening
Least Privilege
Background checks
Job rotation
Separation of duties
Mandatory vacation
Separation of duties (SoD) is a preventive control that requires certain tasks have to need more than one person to complete. One common example is a policy where the individual that is authorized to write a check isn't also authorized to cash that check.
Separation of duties (SoD), also known as segregation of duties, is the concept of having more than one person required to complete a task. It is an administrative control used by organisations to prevent fraud, sabotage, theft, misuse of information, and other security compromises. In the political realm, it is known as the separation of powers, as can be seen in democracies where the government is separated into three independent branches: a legislature, an executive, and a judiciary.
Separation_of_duties - Wikipedia, the free encyclopediaTo save money, Crucial Technologies has decided to set up MDM so employees can use personal devices for their work devices. What type of device deployment model is being used?
VDI
CYOD
BYOD
COPE
Bring your own device (BYOD) refers to a policy of permitting employees to bring personally owned devices (laptops, tablets, smartphones, etc.) to work, and to use those devices to access privileged company information and applications.
Bring your own device (BYOD )—also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own personal computer (BYOPC)—refers to being allowed to use one's personally owned device, rather than being required to use an officially provided device. There are two major contexts in which this term is used. One is in the mobile phone industry, where it refers to carriers allowing customers to activate their existing phone (or other cellular device) on the network, rather than being forced to buy a new device from the carrier.The other, and the main focus of this article, is in the workplace, where it refers to a policy of permitting employees to bring personally owned devices (laptops, tablets, smartphones, etc.) to work, and to use those devices to access privileged company information and applications. This phenomenon is commonly referred to as IT consumerization.BYOD is making significant inroads in the business world, with about 75% of employees in high-growth markets such as Brazil and Russia and 44% in developed markets already using their own technology at work. Surveys have indicated that businesses are unable to stop employees from bringing personal devices into the workplace. Research is divided on benefits. One survey shows around 95% of employees stating they use at least one personal device for work.
Bring_your_own_device - Wikipedia, the free encyclopediaYou receive a call and the caller ID indicates that it is from your bank. You answer and are told that your account has been compromised. The person on the phone says that before they can proceed you need to verify your account number and security pin. What term best describes this type of social engineering attack?
Vishing
Smishing
Whaling
Spear phishing
Phishing
Vishing (also called voice phishing) is conducting phishing attacks using telephony. This often involves using VoIP features such as caller ID spoofing to avoid detection.
Voice phishing, or vishing, is the use of telephony (often Voice over IP telephony) to conduct phishing attacks. Landline telephone services have traditionally been trustworthy; terminated in physical locations known to the telephone company, and associated with a bill-payer. Now however, vishing fraudsters often use modern Voice over IP (VoIP) features such as caller ID spoofing and automated systems (IVR) to impede detection by law enforcement agencies. Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals. Usually, voice phishing attacks are conducted using automated text-to-speech systems that direct a victim to call a number controlled by the attacker, however some use live callers. Posing as an employee of a legitimate body such as the bank, police, telephone or internet provider, the fraudster attempts to obtain personal details and financial information regarding credit card, bank accounts (e.g. the PIN), as well as personal information of the victim. With the received information, the fraudster might be able to access and empty the account or commit identity fraud. Some fraudsters may also try to persuade the victim to transfer money to another bank account or withdraw cash to be given to them directly. Callers also often pose as law enforcement or as an Internal Revenue Service employee. Scammers often target immigrants and the elderly, who are coerced to wire hundreds to thousands of dollars in response to threats of arrest or deportation.Bank account data is not the only sensitive information being targeted. Fraudsters sometimes
Voice_phishing - Wikipedia, the free encyclopediaLooks like thats it! You can go back and review your answers or click the button below to grade your test.