Scroll down to see your responses and detailed results
Prepare for the CompTIA Security+ SY0-601 exam with this free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
An application developer is concerned about safeguarding his application against unauthorized code execution via third-party libraries. Which of the following methods would BEST mitigate the risk of an unauthorized Dynamic-link library (DLL) being injected and executed by the application?
Require all dynamic libraries to include a valid digital certificate.
Run the application within a restricted sandbox environment.
Restrict administrative privileges for all application users.
Enforce code signing of the third-party libraries.
Using code signing ensures that any third-party libraries or DLLs are signed by a trusted source before they are loaded by the application. This method helps mitigate the risk of DLL injection by ensuring the integrity and origin of the code being executed. DLL injection attacks typically involve the introduction of an unauthorized DLL into the application's process space. Code signing does not prevent the presence of third-party DLLs but verifies their legitimacy. Digital certificates are used in conjunction with code signing, but they do not directly prevent DLL injection; they are part of the broader code signing validation process. Restricting admin privileges prevents unauthorized changes to system files and configurations but does not specifically target the risk of loading malicious DLLs. Sandboxing isolates the application but does not specifically verify the integrity of loaded DLLs.
You have ordered a penetration test on the companies website from a 3rd party IT Security consultant. Your web administration team has created a stand-alone test network to ensure the penetration tests do not cause issues on the live website. Other than the IP address of the web server you have not provided the penetration testers with any information. What type of test best describes this scenario?
Stand alone
White box
Integration
Black box
This type of penetration test is known as a black box test. In this scenario the tests have little to no information on how the website works. For example they are not given the type of web server or access to the source code. Instead the 'attackers' will have to gather information and test different attack methods to see what works and what doesn't.
Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied virtually to every level of software testing: unit, integration, system and acceptance. It is sometimes referred to as specification-based testing.
Black-box_testing - Wikipedia, the free encyclopediaDuring digital forensics investigation procedures, what is the primary purpose of conducting interviews with relevant personnel?
To gather information and insights that complement digital evidence
To configure forensic software and hardware tools for data acquisition
To conduct performance evaluations of the IT staff's security practices
To install monitoring software on employees' workstations as a deterrent
To provide technical training to personnel on digital forensics tools
The primary purpose of conducting interviews is to gather additional information and insights that may not be evident from digital evidence alone. Interviews can provide context to the digital artifacts, identify potential witnesses, understand user behavior, and offer leads that can be followed up during the investigation. They are part of the information-gathering process that is vital for building a comprehensive understanding of the incident.
Which containment technique would be the best response when a system is believed to be infected with malware?
Immediately segment the network into the smallest possible groups
Isolate the affected systems
Propagation
Determine the attack vector and disable it
Containment techniques are options for limiting the spread of malware after it has been discovered on a network. The best response is to isolate any systems that are infected or believed to be infected so they cannot propagate the malware to other systems. From the security and IT teams can begin determining the impact and remediation options.
A network administrator suspects that an attacker is attempting to redirect traffic from a target workstation to the attacker's machine. Which of the following best describes an attack that can achieve this by exploiting the resolution of IP addresses to MAC addresses?
IV attack
URL redirection
ARP poisoning
DNS poisoning
The correct answer is ARP poisoning. ARP poisoning is an attack where the attacker sends false ARP messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. Once the attacker's MAC address is associated with an IP address, the attacker will begin receiving any data that is intended for that IP address, enabling interception and possible modification of the data. The other options, such as DNS poisoning and URL redirection would not be conducted on Layer 2, and do not deal directly with the resolution of IP addresses to MAC addresses.
A cybersecurity team is evaluating Security orchestration, automation, and response (SOAR) platforms to improve their incident response times. Which of the following BEST describes a key benefit of implementing a SOAR solution?
Automating repetitive tasks and workflows to allow analysts to concentrate on high-level incident analysis and decision-making.
Streamlining communication channels between the cybersecurity team and the organization's upper management.
Integrating all threat intelligence feeds into a single platform for easier access.
Providing a centralized location for the storage and aggregation of all security logs.
Implementing a SOAR solution primarily benefits cybersecurity teams by automating repetitive tasks associated with incident response. This efficiency allows analysts to focus on more complex tasks that require human judgment. While streamlined communication is a component of incident management, it is not the main purpose of SOAR. Integrated threat intelligence is often a feature of SOAR solutions, but not the core benefit. Providing a centralized location for log aggregation is a feature more closely associated with SIEM systems than with SOAR.
An organization is preparing to deploy a new server running a popular open-source operating system. To enhance the security of this server, which of the following would be the BEST resource to consult for hardening the system according to industry best practices?
A platform/vendor-specific guide for the operating system
National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
Company-wide Acceptable Use Policy (AUP)
General Data Protection Regulation (GDPR) documentation
Platform/vendor-specific guides are tailored to provide detailed hardening instructions for specific systems and software. Consulting a guide for the specific open-source operating system in the Deploying phase ensures that the server is configured securely before it becomes part of the production environment. The effective use of such guides facilitates a defense-in-depth approach and aligns with the concept of secure baselines.
What deployment model is characterized by the company providing employees with devices that are fully managed and controlled by the company, but also allows for limited personal use?
Bring your own device (BYOD)
Corporate-owned, personally enabled (COPE)
Choose your own device (CYOD)
Virtual desktop infrastructure (VDI)
Corporate-owned, personally enabled (COPE) is the model where the organization provides the mobile devices, retains full control and management of the devices, but allows employees to use them for personal purposes. This model strikes a balance between corporate control and employee satisfaction. BYOD implies employees are using their own personal devices for work, which are not owned by the organization. CYOD offers a range of company-approved devices for employees to choose from and does not necessarily imply personal use. VDI involves accessing a desktop environment over a network and does not pertain to the physical provision of mobile devices.
Your company is in the process of rapid expansion. As they bring on more employees you look at the current security posture and come to the realization that the company needs to enhance its protection of sensitive information. Which of the following should you suggest for the company?
DLP
Antivirus
HIDS
HIPS
Data Loss Prevention (DLP) is a term used to describe all of the means used to protect data from loss or leakage. This includes the policies, procedures, software, etc…
Data loss prevention (DLP) software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use (endpoint actions), in motion (network traffic), and at rest (data storage).The terms "data loss" and "data leak" are related and are often used interchangeably. Data loss incidents turn into data leak incidents in cases where media containing sensitive information is lost and subsequently acquired by an unauthorized party. However, a data leak is possible without losing the data on the originating side. Other terms associated with data leakage prevention are information leak detection and prevention (ILDP), information leak prevention (ILP), content monitoring and filtering (CMF), information protection and control (IPC) and extrusion prevention system (EPS), as opposed to intrusion prevention system.
Data_loss_prevention_software - Wikipedia, the free encyclopediaWhich of the following firewall types is BEST suited for environments requiring simple filtering rules that are not dependent on the understanding of the connection state?
Web application firewall (WAF)
Network-based intrusion prevention system (NIPS)
Unified threat management (UTM) firewall
Stateless firewall
A stateless firewall filters traffic based on static values such as source and destination IP addresses, port numbers, and protocols. It does not have the ability to understand or determine the state of network connections, which differentiates it from stateful firewalls that can monitor the full state of active connections and make decisions based on the context of the traffic. Stateless firewalls are faster and less complex, but they are not as secure as stateful firewalls because they cannot understand the state of the network connections. A web application firewall (WAF) is designed to protect web applications by filtering and monitoring HTTP traffic, while a unified threat management (UTM) firewall is an advanced firewall that combines multiple security features into a single device. Network-based intrusion prevention systems (NIPS) monitor the network for malicious activities, which is not directly related to basic filtering rules based on static values.
Your organization is facing litigation, and as part of the legal process, you are required to produce relevant digital documents and emails within a strict timeframe. You must ensure the integrity and authenticity of the evidence is maintained throughout the process. What is the most important initial step in the e-discovery process when responding to this legal request?
Issuing a legal hold to prevent the deletion of relevant data
Interviewing potential witnesses to gain more context about the incident
Acquiring a forensic image of devices and systems involved
Beginning the metadata analysis of documents to locate pertinent information
Issuing a legal hold is the correct first step in the e-discovery process. A legal hold is a directive to preserve all forms of relevant information when litigation is reasonably anticipated. The preservation of this information is critical to prevent data tampering, deletion, or any other actions that could compromise the integrity of the evidence. Although all other options listed are essential parts of the process, they follow the initial preservation step ensured by a legal hold.
You are taking a walk around the neighborhood. You see a sign in one of your neighbor’s unfenced yards that reads “No trespassing!” in large red letters. The sign is what type of control?
Compensating
Deterrent
Preventive
Detective
Corrective
A deterrent control is a control that simply deters from taking an action. The control in no way prevents the action from being taken but is only there to persuade not to. The other choices are other types of controls that serve other purposes.
Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information. Systems of controls can be referred to as frameworks or standards. Frameworks can enable an organization to manage security controls across different types of assets with consistency.
Security_controls - Wikipedia, the free encyclopediaDuring a regular security scan of the network you find that several user laptops are infected with the same malware. After cross-referencing the laptop users with the reverse proxy logs you find that they all accessed a industry news website the day before. You believe your organization may have been specifically targeted for this malware. What type of attack would best describe this theory?
Watering hole
Spoofing
SQL injection
SYN Flood
In a watering hole attack the attacker infects a website that is known to be commonly used by an organisation or industry. For example a specific industry news site to attack a business in that industry or the entire industry in general. With the knowledge that users frequent the website the attackers are able to target them with malware and if the attack is successful to install malicious software.
Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes.One of the most significant dangers of watering hole attacks is that they are executed via legitimate websites that are unable to be easily blacklisted. Also, the scripts and malware used in these attacks are often meticulously created, making it challenging for an antivirus software to identify them as threats.
Watering_hole_attack - Wikipedia, the free encyclopediaYour team has identified an unauthorized individual attempting to exploit a known software vulnerability before a security patch is deployed company-wide. The intruder is systematically scanning for susceptible systems and seems to have in-depth knowledge of the vulnerable software. Which type of hacker best fits the characteristics of the intruder in this scenario?
Script Kiddies
Authorized Hackers
Unauthorized Hackers
Competitors
The correct answer is 'Authorized Hackers' typically do not seek to exploit vulnerabilities, as their hacking activities are done with permission for testing and improvement purposes. 'Script Kiddies' might exploit known vulnerabilities but often lack the in-depth knowledge to perform systematic scans. A 'Competitor' would have motives to harm the company's business but would not typically be involved in hands-on technical exploitation. Thus, 'Unauthorized Hackers' is the correct answer, as they are individuals who access computer systems without permission, exploiting known vulnerabilities with the intent to cause harm or steal data.
During an audit it is identified that a host being used for FTP has additional unused ports open. The server is listening on 21, 20, 43, 80 and 3389. Your boss has tasked you to close the unused ports. Which ports should remain open?
43
43, 80
80
20, 3389
20, 21
3389
FTP uses ports 20 and 21, so those should be left open and the others should be closed. Note: The question asks which should REMAIN open, not which should be closed.
The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data connections between the client and the server. FTP users may authenticate themselves with a plain-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP). The first FTP client applications were command-line programs developed before operating systems had graphical user interfaces, and are still shipped with most Windows, Unix, and Linux operating systems. Many dedicated FTP clients and automation utilities have since been developed for desktops, servers, mobile devices, and hardware, and FTP has been incorporated into productivity applications such as HTML editors and file managers. An FTP client used to be commonly integrated in web browsers, where file servers are browsed with the URI prefix "ftp://". In 2021, FTP support was dropped by Google Chrome and Firefox, two major web browser vendors, due to it being superseded by the more secure SFTP and FTPS; although neither of them have implemented the newer protocols.
File_Transfer_Protocol - Wikipedia, the free encyclopediaLooks like that's it! You can go back and review your answers or click the button below to grade your test.
Join premium for unlimited access and more features