CompTIA Security+ (SY0-601) DION
PRACTICE Exam 2024
Which protocol relies on mutual authentication of the client and the server for its
security?
CHAP
LDAPS
Two-factor authentication
RADIUS - LDAPS
Explanation
OBJ-3.1: The Lightweight Directory Access Protocol (LDAP) uses a client-server
model for mutual authentication. LDAP is used to enable access to a directory of
resources (workstations, users, information, etc.). TLS provides mutual
authentication between clients and servers. Since Secure LDAP (LDAPS) uses TLS,
it provides mutual authentication.
You have just completed identifying, analyzing, and containing an incident. You
have verified that the company uses self-encrypting drives as part of its default
configuration. As you begin the eradication and recovery phase, you must sanitize
the storage devices' data before restoring the data from known-good backups.
Which of the following methods would be the most efficient to use to sanitize the
affected hard drives?
,CompTIA Security+ (SY0-601) DION
PRACTICE Exam 2024
Incinerate and replace the storage devices
Perform a cryptographic erase (CE) on the storage devices
Conduct zero-fill on the storage devices
Use a secure erase (SE) utility on the storage devices - Perform a cryptographic
erase (CE) on the storage devices
Explanation
OBJ-2.7: Sanitizing a hard drive can be done using cryptographic erase (CE), secure
erase (SE), zero-fill, or physical destruction. In this case, the hard drives already
used data at rest. Therefore, the most efficient method would be to choose CE.
The cryptographic erase (CE) method sanitizes a self-encrypting drive by erasing
the media encryption key and then reimaging the drive. A secure erase (SE) is
used to perform the sanitization of flash-based devices (such as SSDs or USB
devices) when cryptographic erase is not available. The zero-fill method relies on
overwriting a storage device by setting all bits to the value of zero (0), but this is
not effective on SSDs or hybrid drives, and it takes much longer than the CE
method. The final option is to conduct physical destruction, but since the scenario
states that the storage device will be reused, this is not a valid technique. Physical
destruction occurs by mechanical shredding, incineration, or degaussing magnetic
hard drives.
,CompTIA Security+ (SY0-601) DION
PRACTICE Exam 2024
Which of the following types of data breaches would require that the US
Department of Health and Human Services and the media be notified if more than
500 individuals are affected by a data breach?
Personally identifiable information
Trade secret information
Protected health information
Credit card information - Protected health information
Explanation
OBJ-4.5: Protected health information (PHI) is defined as any information that
identifies someone as the subject of medical and insurance records, plus their
associated hospital and laboratory test results. This type of data is protected by
the Health Insurance Portability and Accountability Act (HIPAA). It requires
notification of the individual, the Secretary of the US Department of Health and
Human Services (HHS), and the media (if more than 500 individuals are affected)
in the case of a data breach. Personally identifiable information (PII) is any data
that can be used to identify, contact, or impersonate an individual. Credit card
information is protected under the PCI DSS information security standard. Trade
secret information is protected by the organization that owns those secrets.
, CompTIA Security+ (SY0-601) DION
PRACTICE Exam 2024
A user has reported that their workstation is running very slowly. A technician
begins to investigate the issue and notices a lot of unknown processes running in
the background. The technician determines that the user has recently
downloaded a new application from the internet and may have become infected
with malware. Which of the following types of infections does the workstation
MOST likely have?
Ransomware
Rootkit
Keylogger
Trojan - Trojan
Explanation
OBJ-1.2: A trojan is a type of malware that looks legitimate but can take control of
your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict
some other harmful action on your data or network. The most common form of a
trojan is a Remote Access Trojan (RAT), which allows an attacker to control a
workstation or steal information remotely. To operate, a trojan will create
numerous processes that run in the background of the system. Ransomware is a
type of malware designed to deny access to a computer system or data until a
PRACTICE Exam 2024
Which protocol relies on mutual authentication of the client and the server for its
security?
CHAP
LDAPS
Two-factor authentication
RADIUS - LDAPS
Explanation
OBJ-3.1: The Lightweight Directory Access Protocol (LDAP) uses a client-server
model for mutual authentication. LDAP is used to enable access to a directory of
resources (workstations, users, information, etc.). TLS provides mutual
authentication between clients and servers. Since Secure LDAP (LDAPS) uses TLS,
it provides mutual authentication.
You have just completed identifying, analyzing, and containing an incident. You
have verified that the company uses self-encrypting drives as part of its default
configuration. As you begin the eradication and recovery phase, you must sanitize
the storage devices' data before restoring the data from known-good backups.
Which of the following methods would be the most efficient to use to sanitize the
affected hard drives?
,CompTIA Security+ (SY0-601) DION
PRACTICE Exam 2024
Incinerate and replace the storage devices
Perform a cryptographic erase (CE) on the storage devices
Conduct zero-fill on the storage devices
Use a secure erase (SE) utility on the storage devices - Perform a cryptographic
erase (CE) on the storage devices
Explanation
OBJ-2.7: Sanitizing a hard drive can be done using cryptographic erase (CE), secure
erase (SE), zero-fill, or physical destruction. In this case, the hard drives already
used data at rest. Therefore, the most efficient method would be to choose CE.
The cryptographic erase (CE) method sanitizes a self-encrypting drive by erasing
the media encryption key and then reimaging the drive. A secure erase (SE) is
used to perform the sanitization of flash-based devices (such as SSDs or USB
devices) when cryptographic erase is not available. The zero-fill method relies on
overwriting a storage device by setting all bits to the value of zero (0), but this is
not effective on SSDs or hybrid drives, and it takes much longer than the CE
method. The final option is to conduct physical destruction, but since the scenario
states that the storage device will be reused, this is not a valid technique. Physical
destruction occurs by mechanical shredding, incineration, or degaussing magnetic
hard drives.
,CompTIA Security+ (SY0-601) DION
PRACTICE Exam 2024
Which of the following types of data breaches would require that the US
Department of Health and Human Services and the media be notified if more than
500 individuals are affected by a data breach?
Personally identifiable information
Trade secret information
Protected health information
Credit card information - Protected health information
Explanation
OBJ-4.5: Protected health information (PHI) is defined as any information that
identifies someone as the subject of medical and insurance records, plus their
associated hospital and laboratory test results. This type of data is protected by
the Health Insurance Portability and Accountability Act (HIPAA). It requires
notification of the individual, the Secretary of the US Department of Health and
Human Services (HHS), and the media (if more than 500 individuals are affected)
in the case of a data breach. Personally identifiable information (PII) is any data
that can be used to identify, contact, or impersonate an individual. Credit card
information is protected under the PCI DSS information security standard. Trade
secret information is protected by the organization that owns those secrets.
, CompTIA Security+ (SY0-601) DION
PRACTICE Exam 2024
A user has reported that their workstation is running very slowly. A technician
begins to investigate the issue and notices a lot of unknown processes running in
the background. The technician determines that the user has recently
downloaded a new application from the internet and may have become infected
with malware. Which of the following types of infections does the workstation
MOST likely have?
Ransomware
Rootkit
Keylogger
Trojan - Trojan
Explanation
OBJ-1.2: A trojan is a type of malware that looks legitimate but can take control of
your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict
some other harmful action on your data or network. The most common form of a
trojan is a Remote Access Trojan (RAT), which allows an attacker to control a
workstation or steal information remotely. To operate, a trojan will create
numerous processes that run in the background of the system. Ransomware is a
type of malware designed to deny access to a computer system or data until a
