CompTIA Security+ Final Assessment (real) ALL SOLUTION LATEST UPDATED 2024 GUARANTEED GRADE A+

Analyze the following scenarios and determine which attacker used piggy backing. A. On the way to a meeting in a restricted area of a government facility, a contractor holds open a gate for a person in a military uniform, who approaches the entry point at a jog, flashing a badge just outside of the readable range. Analyze and select the statements that accurately describe both worms and Trojans. (Select all that apply.) B. Both worms and Trojans can provide a backdoor. D. A worm is self-contained while a Trojan is concealed within an application package. A dissatisfied employee has discreetly begun exfiltrating company secrets to sell to a competitor. The employee sets up a malware script that will run in the event of the employee's firing and account deletion. Analyze the attack and determine what type of attack the employee has emplaced. B. Logic bomb A hacker gains access to a database of usernames for a target company and then begins combining common, weak passwords with each username to attempt authentication. The hacker conducts what type of attack? A. Password spraying A retail establishment experiences an attack where whole number values have been exploited. As a result, some credit values are manipulated from positive values to negative values. Which type of attack is the establishment dealing with? A. Integer overflow A user at a realtor's office contacts their IT department to report that they are not able to copy contract files to a USB flash drive to take home. Which explanation does the IT representative share with the user? A. Data loss prevention prevents file copying. An unauthorized person gains access to a restricted area by claiming to be a member of upper management and bullying past the door guard's verbal attempts to stop the unauthorized visitor. What type of policy could help mitigate this type of social engineering attack? B. ID badge policy Identify the type of attack where malware forces a legitimate process to load a malicious link library. A. DLL injection What type of attack replays a cookie? D. Session hijacking A security engineer implements a secure wireless network. In doing so, the engineer decides to use EAP with Flexible Authentication via Secure Tunneling (EAP-FAST). Which authentication approach does the engineer implement? A. Protected Access Credential (PAC) instead of a certificate A hacker places a false name:IP address mapping in an operating system's HOSTS file, redirecting traffic from a legitimate IP address to a malicious IP address. What type of attack did the hacker perform? B. Domain name system client cache (DNS) poisoning IT staff reviews security alerts received for a monitoring system and discovers that uncommon firewall ports on several Windows workstations and a server have been opened and are being accessed by a malicious process. What does the staff determine the issue to be? D. Lateral movement A security analytics team is threat hunting on a Windows network. What type of activity is most likely to alert the team to an insider attack? A. A user without privileged access executes PowerShell Invoke-Command cmdlet. Which statement describes a key distinction between an intentional and unintentional threat actor? B. An intentional threat actor has intent and motivation to attack; whereas, an unintentional threat actor acts out of negligence. A junior engineer suspects there is a breached system based on an alert received from a software monitor. The use of the alert provides which information to the engineer? C. IoC An engineer routinely provides data to a source that compiles threat intelligence information. The engineer focuses on behavioral threat research. Which information does the engineer provide? B. Descriptions of example attacks Sal, an IT specialist for a large tech firm, pays for a subscription to a threat data feed to stay updated on the latest blogs, white papers, and webinars in his field. What term(s) best describes this type of feed? (Select all that apply.) A. Closed B. Proprietary Evaluate which of the following solutions would most effectively mitigate vulnerabilities that might arise when outsourcing code development. A. Have one vendor develop the code, and a different vendor perform vulnerability and penetration testing. A security team uses passive scanning to gather information and data related to a suspected rogue system on a network. By using passive scanning, what type of information does the team gather? B. Indirect evidence An organization hires a pen tester. The tester achieves a connection to a perimeter server. Which technique allows the tester to bypass a network boundary from this advantage? C. Pivoting An organization requires that a file transfer occurs on a nightly basis from an internal system to a third-party server. IT for both organizations agree on using FTPS. Which configurations does IT need to put in place for proper file transfers? (Select all that apply.) A. Configure the use of port 990 C. Negotiate a tunnel prior to any exchanged commands A banking institution considers cloud computing options for use across multiple locations. Comparing cloud deployment models, which implementation is most likely to suit the company's needs? C. Private Consider an abstract model of network functions for an infrastructure as code (IaC) implementation and determine which plane describes how traffic is prioritized. C. Control Simulate the installation of a bare metal virtual platform. A. A type 1 hypervisor is installed directly onto a host machine and manages access to the host hardware directly. After a company moves on-premise systems to the cloud, engineers devise to use a serverless approach in a future deployment. What type of architecture will engineers provision in this deployment? (Select all that apply.) C. Containers D. Microservices A web server receives data from an application. It appears that passing this data causes an issue that evolves into an overflow at the destination. What process on the receiving server should be investigated? D. Input validation Examine the differences between authentication factors and authentication attributes and select the statement that most effectively summarizes the differences between authentication factors and authentication attributes. B. Authentication factors verify an account holder's credentials, while authentication attributes are either non-unique or cannot independently authenticate a user's credentials. A guard station deploys a new security device to use to access a classified data station. The installation technician tests the device's sensitivity to speed and pressure. Which type of behavioral technology is the technician testing for? D. Signature recognition Several businesses operating on a federated network allow access to each other's resources through enterprise connections. When this type of federated network employs Security Assertion Markup Language (SAML), how are authorization tokens secured? A. SAML tokens are signed with an eXtensible Markup Language (XML) digital signature. An administrator plans a backup and recovery implementation for a server. The goal is to have a full backup every Sunday followed by backups that only include changes every other day of the week. In the event of a catastrophe, the restore time needs to be as quick as possible. Which scheme does the administrator use? Full followed by differentials Which statement draws a true comparison between full, differential, and incremental backups? (Select all that apply.) If a system performs backups every day, an incremental backup includes only files changed that day, while a differential backup includes all files changed since the last full backup. Compared to a differential backup, both full backups and incremental backups clear the archive attribute. A company deploys an active defense strategy designed to detect insider malpractice. To record the malicious insider's actions, the security team creates a convincing, yet fake, data file with a tracker that records any data exfiltration attempts. Analyze the security tool and determine what method the security team employed. Honeyfile Which scenario best illustrates effective use of industrial camouflage as a security control? Entry control measures for a secure facility begin inside a main entry point, rather than outside the building. A defense contractor must configure a new server in a site where several other companies maintain server equipment. The contractor's security requirements specify that other companies' personnel cannot gain access to the contractor's servers, and the area must be impervious to eavesdropping from electromagnetic leaks. What site security configuration will best meet the contractor's requirements? Locked Faraday cage A security engineer configures a passcode to a data center by using a cipher. The engineer uses a substitution cipher on the string hocuspocus. Which result does the engineer produce with this cipher type? The string: krfxvsrfxv Systems administrators configure an application suite that uses a collection of single hash functions and symmetric ciphers to protect sensitive communication. While the suite uses these security features collectively, how is each instance recognized? As a cryptographic primitive Which of the following statements most accurately describes the function of key stretching? Key stretching adds entropy to a user-generated password. An engineer implements a security solution to protect a domain. The engineer decides on DNS Security Extensions (DNSSEC) to prevent spoofing. Which features does the engineer rely on for protection? (Select all that apply.) Zone Signing Key RRset package Key Signing Key Which statement correctly differentiates between file transfer protocol (FTP), secure shell file transfer protocol (SFTP), and file transfer protocol over secure socket layer (FTPS)? FTP has no encryption. FTPS adds transport layer security (TLS), and SFTP is an entirely different protocol based on the network protocol SSH (secure shell). After news of a breach at a competitor, IT at a manufacturer looks to harden server systems. Which system properties should IT disable if they are not in use? (Select all that apply.) Network interfaces System services Service ports A security manager configures an access control list (ACL) to enumerate permissions to data resources. Evaluate the control measure and determine to what state of data the control applies. Data at rest Apply knowledge of load balancing technologies to select the statement that best explains an advantage of a layer 7 load balancer over a layer 4 load balancer. Layer 4 load balancers can only check connectivity, while layer 7 load balancers can test an application's state. An engineer configures a proxy to control access to online content for all users in an organization. Which proxy type does the engineer implement by using an inline network appliance? (Select all that apply.) Transparent Intercepting A systems engineer looks to monitor a network for security purposes. The engineer places sensors throughout the building in appropriate places. Fortunately, the engineer thought ahead and purchased appropriate network switches. Which sensor type does the engineer use? (Select all that apply.) SPAN Mirror Analyze the following security information and event management (SIEM) functions and determine which event is NOT conducted during data aggregation. Link observables into a meaningful indicator of risk, or Indicator of Compromise (IOC). An organization installs embedded systems throughout a manufacturing plant. When planning the install, engineers had to consider system constraints related to identification. As a result, which areas of the main systems are impacted? (Select all that apply.) Crypto Authentication Identify the true statements about supervisory control and data acquisition (SCADA) systems. (Select all that apply.) SCADA systems typically run as software on ordinary computers, gathering data from and managing field devices. SCADA systems serve primarily industrial, manufacturing, utility, and logistics sectors. Which statements describe why devices on an enterprise network should disable Wi-Fi tethering? (Select all that apply.) Wi-Fi tethering functionality can circumvent data loss prevention measures. Wi-Fi tethering functionality can circumvent web content filtering policies. What exploitation method targets near field communication (NFC) devices? Skimming A company follows a bring your own device (BYOD) mobile implementation. What is an ideal solution the company can use to overcome some of the security risks involved with employee-supplied devices? Virtual desktop infrastructure (VDI) A company located in the western United States that uses cloud computing relies on redundant systems in adjacent availability zones for data backup and storage. Analyze the configuration and determine which level of high availability service the company utilizes. Regional replication A company tells the IT department that user access needs to be changed so privileges are only granted when needed, then revoked as soon as the task is finished or the need has passed. Based on Account Management practices, what is the company asking the IT department to implement? Privilege bracketing A company's IT department pushes system updates and configures user permissions from the same shared account. Which statement best describes how this practice is problematic? This practice breaks non-repudiation. A user attempts to use a smart card for Kerberos authentication. If the user is successfully authenticated, how does the authentication server respond? A session key is issued Which of the following defines key usage with regard to standard extensions? The purpose for which a certificate was issued Which statement best describes how a hierarchical certificate authority (CA) trust model mitigates the weakness in a single CA model and guards against the compromise of the root CA? The hierarchical CA model still uses a single root CA, but delegates certificate granting authority to intermediate CAs, so the root CA may go offline in a secure configuration. A security engineer configures a digital key to encrypt sensitive data. There is an overall fear of losing the key. Which methods might the engineer consider as a backup management solution? (Select all that apply.) Escrow M-of-N control Which of the following key storage solutions exercises M-of-N control? While four administrators have access to the system, it takes two administrators to access the system at any given time. A junior engineer investigates a systems breach. While documenting network information, the engineer uses the arp command. What useful information will this command provide? The MAC address of systems the host has communicated with. Which command can help a security professional conducting an organizational security assessment identify a spoofing attack? arp Management looks to IT for a solution to identify successful and failed login attempts. Which solution will IT provide to management? Logs An engineer configures hosts on a network to use IPSEC for secure communications. The engineer decides between Encapsulation Security Payload (ESP) or Authentication Header (AH). If the engineer chooses transport mode over tunnel mode, which specifics of operation should be expected? (Select all that apply.) With ESP the IP header for each packet is not encrypted AH can provide integrity for the IP header During weekly scans, a system administrator identifies a system that has software installed that goes against security policy. The system administrator removes the system from the network in an attempt to limit the effect of the incident on the remainder of the network. After the system administrator removes the unauthorized software and completes additional scans, the system administrator places the system back on the network. Applying information from the Computer Security Incident Handling Guide, determine the next step the system administrator should take to mitigate the effects of the incident and restore the network to optimal functionality. The system administrator should determine how the unauthorized software was installed and identify what security to modify to prevent future incidents, then fully document the incident. In the containment phase of incident response, the Cyber Incident Response Team (CIRT) faces complex issues that need to be addressed quickly. During this phase, a member of the CIRT would be concerned about all EXCEPT which of the following issues? Which password policy will prevent this in the future? Management at a financial firm assembles an incident response team. This team is responsible for handling certain aspects of recovery and remediation following a security incident. Which roles are appropriate to include on the team? (Select all that apply.) Legal HR PR A threat actor infiltrates a company's server. Engineers fail while trying to stop the attacker from stealing data. The attacker achieves which final phase of the Lockheed Martin kill chain? Actions on objectives During a cyber incident response exercise, a blue team takes steps to ensure the company and its affiliates can still use network systems while managing a simulated threat in real-time. Based on knowledge of incident response procedures, what stage of the incident response process is the blue team practicing? Containment A security information and event management (SIEM) handler's dashboard provides graphical representations of user profile trends. The graphic contrasts standard user activity with administrative user activity and flags activity that deviates from these clusters. This graphical representation utilizes which trend analysis methodology? Statistical deviation analysis Examine each of the following attack scenarios to determine which vulnerabilities can be mitigated by changing firewall configurations. An attacker used a domain name server (DNS) lookup from a network host. A technology firm suffers a large-scale data breach, and the company suspects a disgruntled former IT staff member orchestrated the breach to exfiltrate proprietary data. During the forensic investigation, a hard disk was not signed out when handled. Examine the scenario and determine what issue this oversight is most likely to cause in the investigative process. The chain of custody is under question. Which of the following sequences properly orders forensic data acquisition by volatility priority? 1. System memory caches 2. Data on mass storage devices 3. Remote monitoring data 4. Archival media Which type of workplace surveillance includes recording employees' movement, location, and behavior within the workplace? Physical The IT director at a financial institution grants account permissions using an access control list (ACL). This illustrates what type of security control? Preventative After a break-in at a government laboratory, some proprietary information was stolen and leaked. Which statement best summarizes how the laboratory can implement security controls to prevent future breaches? The laboratory needs to take corrective action and should implement both physical and preventative controls in the future. The Human Resources department issues a policy at an organization to govern the use of company owned computer equipment. Which behavior type does this policy address? Acceptable use An IT engineer looks to practice very rigid configuration management. The primary goal is to ensure very little deviation from an initial install of systems. Which method does the engineer utilize to accomplish this? Baselines An organization prepares for an audit of all systems security. While doing so, staff perform a risk management exercise. Which phase does the staff consider first? Identify essential functions While preparing a disaster recovery plan, management at a company considers how far back it can allow for the loss of data. Which metric does management use to describe this business essential data in terms of recovery? Recovery point objective A new IT administrator accidently causes a fire in the IT closet at a small company. Consider the disaster types and conclude which types this event might classify as. (Select all that apply.) Man-made Internal When a company first installed its computer infrastructure, IT implemented robust security controls. As the equipment ages, however, those controls no longer effectively mitigate new risks. Which statement best summarizes the company's risk posture? The company's aging infrastructure constitutes a control risk. A power outage disrupts a medium-sized business, and the company must restore systems from backups. If the business can resume normal operations from a backup made two days ago, what metric does this scenario represent? Recovery Point Objective (RPO) A national intelligence agency maintains data on threat actors. If someone intercepted this data, it would cause exceptionally grave damage to national security. Analyze the risk of exposure and determine which classification this data most likely holds. Top secret The U.S. Department of Defense (DoD) awards an IT contract to a tech company to perform server maintenance. The servers are colocated at a third-party storage facility. The DoD and the tech company enter into what type of agreement which commits the tech company to implement the agreed upon security controls? Interconnection security agreement (ISA) When monitoring API usage on a system, an engineer notices a very high error rate. The application's latency and thresholds appear to be normal. What does the engineer determine to be the cause? (Select all that apply.) A. Overloaded system B. Security issues Users at a company report that web browsing to their own website is not working. Upon further investigation, it is found that HTTP sessions are being hijacked. Any requests to replace a resource during a TCP connection are being altered. Which HTTP method is not working properly? B. PUT The IT staff at a large company review numerous security logs and discover that the SAM database on Windows workstations is being accessed by a malicious process. What does the staff determine the issue to be? C. Credential dumping Security solutions providers and academics conduct primary research to produce outputs on threat intelligence that takes three main forms. Which of these selections is NOT one of the three main outputs? Information Sharing and Analysis Centers (ISACs) A penetration tester directs test packets to the host using a variety of default passwords against service and device accounts, gaining a view of the vulnerabilities the network exposes to unprivileged users. Given this situation, what type of test did the penetration tester use? A non-credentialed scan Examine the features of different virtual platform implementations and select the statement that best describes the difference between a Type I and a Type II hypervisor. A Type II hypervisor installs on a host OS, that manages virtual machines. A Type I (or "bare metal") hypervisor interfaces directly with the host hardware. Select the correct simulation of a Virtual Desktop Infrastructure (VDI) deployment. A company replaces all desktop computers with thin clients the employees use to log into VMs stored on the company server. Examine the use of software diversity in infrastructure development and assess which statement describes the advantages of using a diverse range of development tools and application vendors over a monoculture environment. A diverse environment can provide security by diversity, making attack strategies more difficult to research and implement. A large data facility just experienced a disaster-level event, and the IT team is in the process of reconstituting systems. Which statement illustrates the appropriate first step the team should take in this process? First, the team should enable and test power delivery systems, including grid power, power distribution units (PDUs), uninterruptible power supplies (UPS), and secondary generators. Two companies enter into an agreement that if one data center suffers a disaster-level event, it can failover to the other company's data center with minimal disruption in service. Which statement most accurately describes the companies' site resiliency postures? The companies have a reciprocal arrangement for mutual hot site support. A server administrator configures symmetric encryption for client-server communications. The administrator configured it this way to utilize which mechanism? The same secret key is used to perform both encryption and decryption. An engineer considers blockchain as a solution for record-keeping. During planning, which properties of blockchain does the engineer document for implementation? (Select all that apply.) Using a peer-to-peer network Using cryptographic linking Which features distinguish a next-generation endpoint detection and response (EDR) product from traditional EDR solutions? (Select all that apply.) Next-generation endpoint agents use cloud management, rather than reporting to an on-premises server. Next-generation endpoint detection systems use artificial intelligence (AI) and machine learning to perform user and entity behavior analysis (UEBA). A new systems administrator at an organization has a difficult time understanding some of the configurations from the previous IT staff. It appears many shortcuts were taken to keep systems running and users happy. Which weakness does the administrator report this configuration as? Availability over confidentiality and integrity A network administrator needs to implement a firewall between nodes on the same subnet, without reconfiguring subnets and reassigning IP addresses across the network. Considering firewall configurations, which implementation is the best choice? Transparent firewall An intrusion prevention system (IPS) generates an incident report for some suspicious user activity, which prompts a system administrator to investigate a possible insider attack. Analyze the scenario and determine what type of IPS profile led to this discovery. Behavioral-based detection CONTINUED...