CompTIA Security+ (SY0-601) Practice |\ |\ |\ |\
Exam 1 QUESTIONS WITH ANSWERS |\ |\ |\ |\
Dion Training wants to install a new accounting system
|\ |\ |\ |\ |\ |\ |\ |\ |\
and is considering moving to a cloud-based solution to
|\ |\ |\ |\ |\ |\ |\ |\ |\
reduce cost, reduce the information technology overhead
|\ |\ |\ |\ |\ |\ |\
costs, improve reliability, and improve availability. Your
|\ |\ |\ |\ |\ |\ |\
Chief Information Officer is supportive of this move since
|\ |\ |\ |\ |\ |\ |\ |\ |\
it will be more fiscally responsible. Still, the Chief Risk
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
Officer is concerned with housing all of the company's
|\ |\ |\ |\ |\ |\ |\ |\ |\
confidential financial data in a cloud provider's network |\ |\ |\ |\ |\ |\ |\ |\
that might be shared with other companies. Since the
|\ |\ |\ |\ |\ |\ |\ |\ |\
Chief Information Officer is determined to move to the
|\ |\ |\ |\ |\ |\ |\ |\ |\
cloud, what type of cloud-based solution would you
|\ |\ |\ |\ |\ |\ |\ |\
recommend to account for the Chief Risk Officer's |\ |\ |\ |\ |\ |\ |\ |\
concerns?
PaaS in a hybrid cloud|\ |\ |\ |\
SaaS in a private cloud
|\ |\ |\ |\
SaaS in a public cloud|\ |\ |\ |\
PaaS in a community cloud - CORRECT ANSWERS ✔✔SaaS
|\ |\ |\ |\ |\ |\ |\ |\
in a private cloud
|\ |\ |\ |\
A SaaS (Software as a Service) solution best describes an
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
accounting system or software used as part of a cloud |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
service. This meets the CIO's requirements. To mitigate
|\ |\ |\ |\ |\ |\ |\ |\
,the concerns of the Chief Risk Officer, you should use a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
private cloud solution. This type of solution ensures that
|\ |\ |\ |\ |\ |\ |\ |\ |\
the cloud provider does not comingle your data with other
|\ |\ |\ |\ |\ |\ |\ |\ |\
customers' data and providers dedicated servers and
|\ |\ |\ |\ |\ |\ |\ |\
resources for your company's use only. |\ |\ |\ |\ |\
You are developing a containment and remediation
|\ |\ |\ |\ |\ |\ |\
strategy to prevent the spread of an APT within your
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
network. Your plan suggests creating a mirror of the
|\ |\ |\ |\ |\ |\ |\ |\ |\
company's databases, routing all externally sourced |\ |\ |\ |\ |\ |\
network traffic to it, and gradually updating with pseudo-
|\ |\ |\ |\ |\ |\ |\ |\
realistic data to confuse and deceive the APT as they
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
attempt to exfiltrate the data. Once the attacker has
|\ |\ |\ |\ |\ |\ |\ |\ |\
downloaded the corrupted database, your company |\ |\ |\ |\ |\ |\
would then conduct remediation actions on the network
|\ |\ |\ |\ |\ |\ |\ |\
and restore the correct database information to the
|\ |\ |\ |\ |\ |\ |\ |\
production system. Which of the following types of |\ |\ |\ |\ |\ |\ |\ |\
containment strategies does the plan utilize? |\ |\ |\ |\ |\
Isolation-based containment by disconnecting the APT |\ |\ |\ |\ |\ |\
from the affected network
|\ |\ |\
Segmentation-based containment that deceives the |\ |\ |\ |\ |\
attack into believing their attack was successful
|\ |\ |\ |\ |\ |\
Segmentation-based containment disrupts the APT by |\ |\ |\ |\ |\ |\
using a hack-back approach
|\ |\ |\
Isolation-based containment by removing the affect - |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Segmentation-based containment |\ |\ |\
that deceives the attack into believing their attack was
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
successful
,There are two types of containment: segmentation and
|\ |\ |\ |\ |\ |\ |\ |\
isolation. This is an example of a segmentation-based
|\ |\ |\ |\ |\ |\ |\ |\
containment strategy that utilizes deception. |\ |\ |\ |\ |\
Segmentation-based containment is a means of achieving |\ |\ |\ |\ |\ |\
the isolation of a host or group of hosts using network
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
technologies and architecture. As opposed to completely |\ |\ |\ |\ |\ |\ |\
isolating the hosts, you might configure the protected
|\ |\ |\ |\ |\ |\ |\ |\
segment to deceive him or her into thinking the attack is
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
progressing successfully, such as in the database |\ |\ |\ |\ |\ |\ |\
modification example. The scenario is not a hack-back |\ |\ |\ |\ |\ |\ |\ |\
approach since the APT is not directly attacked, only |\ |\ |\ |\ |\ |\ |\ |\ |\
deceived. Isolation-based containment involves removing |\ |\ |\ |\ |\
an affected component from whatever larger environment
|\ |\ |\ |\ |\ |\
it is a part of. In this scenario, the original database was
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
never isolated from the network, nor were any other
|\ |\ |\ |\ |\ |\ |\ |\ |\
affected assets during the deception. |\ |\ |\ |\
Which of the following features is supported by Kerberos
|\ |\ |\ |\ |\ |\ |\ |\ |\
but not by RADIUS?
|\ |\ |\
XML for cross-platform interoperability
|\ |\ |\
Tickets used to identify authenticated users
|\ |\ |\ |\ |\
Single sign-on capability |\ |\
Services for authentication - CORRECT ANSWERS |\ |\ |\ |\ |\ |\
✔✔Tickets used to identify authenticated users |\ |\ |\ |\ |\
, Whether you learned the in-depth details of each of these
|\ |\ |\ |\ |\ |\ |\ |\ |\
protocols during your studies or not, you should be able
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to answer this question by remembering that Kerberos is
|\ |\ |\ |\ |\ |\ |\ |\ |\
all about 'tickets.' Kerberos uses a system of tickets to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
allow nodes to communicate over a non-secure network
|\ |\ |\ |\ |\ |\ |\ |\
and securely prove their identity. Kerberos is a computer
|\ |\ |\ |\ |\ |\ |\ |\ |\
network authentication protocol that works based on
|\ |\ |\ |\ |\ |\ |\
tickets to allow nodes communicating over a non-secure
|\ |\ |\ |\ |\ |\ |\ |\
network to prove their identity to one another in a secure
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
manner. Kerberos is used in Windows Active Directory
|\ |\ |\ |\ |\ |\ |\ |\
domains for authentication. Single sign-on (SSO) is a type
|\ |\ |\ |\ |\ |\ |\ |\
of mutual authentication for multiple services that can
|\ |\ |\ |\ |\ |\ |\ |\ |\
accept the credential from one domain or service as
|\ |\ |\ |\ |\ |\ |\ |\ |\
authentication for other services. The Remote |\ |\ |\ |\ |\ |\
Authentication Dial-in User Service (RADIUS) is used to |\ |\ |\ |\ |\ |\ |\ |\
manage remote and wireless authentication
|\ |\ |\ |\ |\
infrastructure. Users supply authentication information to |\ |\ |\ |\ |\ |\
RADIUS client devices, such as wireless access points.
|\ |\ |\ |\ |\ |\ |\ |\
The client device then passes the authentication data to
|\ |\ |\ |\ |\ |\ |\ |\ |\
an AAA (Authentication, Authorization, and Accounting)
|\ |\ |\ |\ |\ |\
server that processes the request.
|\ |\ |\ |\
Which type of agreement between companies and
|\ |\ |\ |\ |\ |\ |\
employees is used as a legal basis for protecting |\ |\ |\ |\ |\ |\ |\ |\ |\
information assets? |\
ISA
NDA
SLA
Exam 1 QUESTIONS WITH ANSWERS |\ |\ |\ |\
Dion Training wants to install a new accounting system
|\ |\ |\ |\ |\ |\ |\ |\ |\
and is considering moving to a cloud-based solution to
|\ |\ |\ |\ |\ |\ |\ |\ |\
reduce cost, reduce the information technology overhead
|\ |\ |\ |\ |\ |\ |\
costs, improve reliability, and improve availability. Your
|\ |\ |\ |\ |\ |\ |\
Chief Information Officer is supportive of this move since
|\ |\ |\ |\ |\ |\ |\ |\ |\
it will be more fiscally responsible. Still, the Chief Risk
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
Officer is concerned with housing all of the company's
|\ |\ |\ |\ |\ |\ |\ |\ |\
confidential financial data in a cloud provider's network |\ |\ |\ |\ |\ |\ |\ |\
that might be shared with other companies. Since the
|\ |\ |\ |\ |\ |\ |\ |\ |\
Chief Information Officer is determined to move to the
|\ |\ |\ |\ |\ |\ |\ |\ |\
cloud, what type of cloud-based solution would you
|\ |\ |\ |\ |\ |\ |\ |\
recommend to account for the Chief Risk Officer's |\ |\ |\ |\ |\ |\ |\ |\
concerns?
PaaS in a hybrid cloud|\ |\ |\ |\
SaaS in a private cloud
|\ |\ |\ |\
SaaS in a public cloud|\ |\ |\ |\
PaaS in a community cloud - CORRECT ANSWERS ✔✔SaaS
|\ |\ |\ |\ |\ |\ |\ |\
in a private cloud
|\ |\ |\ |\
A SaaS (Software as a Service) solution best describes an
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
accounting system or software used as part of a cloud |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
service. This meets the CIO's requirements. To mitigate
|\ |\ |\ |\ |\ |\ |\ |\
,the concerns of the Chief Risk Officer, you should use a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
private cloud solution. This type of solution ensures that
|\ |\ |\ |\ |\ |\ |\ |\ |\
the cloud provider does not comingle your data with other
|\ |\ |\ |\ |\ |\ |\ |\ |\
customers' data and providers dedicated servers and
|\ |\ |\ |\ |\ |\ |\ |\
resources for your company's use only. |\ |\ |\ |\ |\
You are developing a containment and remediation
|\ |\ |\ |\ |\ |\ |\
strategy to prevent the spread of an APT within your
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
network. Your plan suggests creating a mirror of the
|\ |\ |\ |\ |\ |\ |\ |\ |\
company's databases, routing all externally sourced |\ |\ |\ |\ |\ |\
network traffic to it, and gradually updating with pseudo-
|\ |\ |\ |\ |\ |\ |\ |\
realistic data to confuse and deceive the APT as they
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
attempt to exfiltrate the data. Once the attacker has
|\ |\ |\ |\ |\ |\ |\ |\ |\
downloaded the corrupted database, your company |\ |\ |\ |\ |\ |\
would then conduct remediation actions on the network
|\ |\ |\ |\ |\ |\ |\ |\
and restore the correct database information to the
|\ |\ |\ |\ |\ |\ |\ |\
production system. Which of the following types of |\ |\ |\ |\ |\ |\ |\ |\
containment strategies does the plan utilize? |\ |\ |\ |\ |\
Isolation-based containment by disconnecting the APT |\ |\ |\ |\ |\ |\
from the affected network
|\ |\ |\
Segmentation-based containment that deceives the |\ |\ |\ |\ |\
attack into believing their attack was successful
|\ |\ |\ |\ |\ |\
Segmentation-based containment disrupts the APT by |\ |\ |\ |\ |\ |\
using a hack-back approach
|\ |\ |\
Isolation-based containment by removing the affect - |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Segmentation-based containment |\ |\ |\
that deceives the attack into believing their attack was
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
successful
,There are two types of containment: segmentation and
|\ |\ |\ |\ |\ |\ |\ |\
isolation. This is an example of a segmentation-based
|\ |\ |\ |\ |\ |\ |\ |\
containment strategy that utilizes deception. |\ |\ |\ |\ |\
Segmentation-based containment is a means of achieving |\ |\ |\ |\ |\ |\
the isolation of a host or group of hosts using network
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
technologies and architecture. As opposed to completely |\ |\ |\ |\ |\ |\ |\
isolating the hosts, you might configure the protected
|\ |\ |\ |\ |\ |\ |\ |\
segment to deceive him or her into thinking the attack is
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
progressing successfully, such as in the database |\ |\ |\ |\ |\ |\ |\
modification example. The scenario is not a hack-back |\ |\ |\ |\ |\ |\ |\ |\
approach since the APT is not directly attacked, only |\ |\ |\ |\ |\ |\ |\ |\ |\
deceived. Isolation-based containment involves removing |\ |\ |\ |\ |\
an affected component from whatever larger environment
|\ |\ |\ |\ |\ |\
it is a part of. In this scenario, the original database was
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
never isolated from the network, nor were any other
|\ |\ |\ |\ |\ |\ |\ |\ |\
affected assets during the deception. |\ |\ |\ |\
Which of the following features is supported by Kerberos
|\ |\ |\ |\ |\ |\ |\ |\ |\
but not by RADIUS?
|\ |\ |\
XML for cross-platform interoperability
|\ |\ |\
Tickets used to identify authenticated users
|\ |\ |\ |\ |\
Single sign-on capability |\ |\
Services for authentication - CORRECT ANSWERS |\ |\ |\ |\ |\ |\
✔✔Tickets used to identify authenticated users |\ |\ |\ |\ |\
, Whether you learned the in-depth details of each of these
|\ |\ |\ |\ |\ |\ |\ |\ |\
protocols during your studies or not, you should be able
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to answer this question by remembering that Kerberos is
|\ |\ |\ |\ |\ |\ |\ |\ |\
all about 'tickets.' Kerberos uses a system of tickets to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
allow nodes to communicate over a non-secure network
|\ |\ |\ |\ |\ |\ |\ |\
and securely prove their identity. Kerberos is a computer
|\ |\ |\ |\ |\ |\ |\ |\ |\
network authentication protocol that works based on
|\ |\ |\ |\ |\ |\ |\
tickets to allow nodes communicating over a non-secure
|\ |\ |\ |\ |\ |\ |\ |\
network to prove their identity to one another in a secure
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
manner. Kerberos is used in Windows Active Directory
|\ |\ |\ |\ |\ |\ |\ |\
domains for authentication. Single sign-on (SSO) is a type
|\ |\ |\ |\ |\ |\ |\ |\
of mutual authentication for multiple services that can
|\ |\ |\ |\ |\ |\ |\ |\ |\
accept the credential from one domain or service as
|\ |\ |\ |\ |\ |\ |\ |\ |\
authentication for other services. The Remote |\ |\ |\ |\ |\ |\
Authentication Dial-in User Service (RADIUS) is used to |\ |\ |\ |\ |\ |\ |\ |\
manage remote and wireless authentication
|\ |\ |\ |\ |\
infrastructure. Users supply authentication information to |\ |\ |\ |\ |\ |\
RADIUS client devices, such as wireless access points.
|\ |\ |\ |\ |\ |\ |\ |\
The client device then passes the authentication data to
|\ |\ |\ |\ |\ |\ |\ |\ |\
an AAA (Authentication, Authorization, and Accounting)
|\ |\ |\ |\ |\ |\
server that processes the request.
|\ |\ |\ |\
Which type of agreement between companies and
|\ |\ |\ |\ |\ |\ |\
employees is used as a legal basis for protecting |\ |\ |\ |\ |\ |\ |\ |\ |\
information assets? |\
ISA
NDA
SLA
