CompTIA SY0-701 CompTIA Security+ Online Training

Question #11

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO).

The message stated:

“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.”

Which of the following are the best responses to this situation? (Choose two).

A . Cancel current employee recognition gift cards.
B . Add a smishing exercise to the annual company training.
C . Issue a general email warning to the company.
D . Have the CEO change phone numbers.
E . Conduct a forensic investigation on the CEO’s phone.
F . Implement mobile device management.

Reveal Solution Hide Solution

Question #12

A company is required to use certified hardware when building networks.

Which of the following best addresses the risks associated with procuring counterfeit hardware?

A . A thorough analysis of the supply chain
B . A legally enforceable corporate acquisition policy
C . A right to audit clause in vendor contracts and SOWs
D . An in-depth penetration test of all suppliers and vendors

Reveal Solution Hide Solution

Question #13

Which of the following provides the details about the terms of a test with a third-party penetration tester?

A . Rules of engagement
B . Supply chain analysis
C . Right to audit clause
D . Due diligence

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Rules of engagement are the detailed guidelines and constraints regarding the execution of information security testing, such as penetration testing. They define the scope, objectives, methods, and boundaries of the test, as well as the roles and responsibilities of the testers and the clients. Rules of engagement help to ensure that the test is conducted in a legal, ethical, and professional manner, and that the results are accurate and reliable. Rules of engagement typically include the following elements:

The type and scope of the test, such as black box, white box, or gray box, and the target systems, networks, applications, or data.

The client contact details and the communication channels for reporting issues, incidents, or emergencies during the test.

The testing team credentials and the authorized tools and techniques that they can use.

The sensitive data handling and encryption requirements, such as how to store, transmit, or dispose of any data obtained during the test.

The status meeting and report schedules, formats, and recipients, as well as the confidentiality and non-disclosure agreements for the test results.

The timeline and duration of the test, and the hours of operation and testing windows.

The professional and ethical behavior expectations for the testers, such as avoiding unnecessary damage, disruption, or disclosure of information.

Supply chain analysis, right to audit clause, and due diligence are not related to the terms of a test with a third-party penetration tester. Supply chain analysis is the process of evaluating the security and risk posture of the suppliers and partners in a business network. Right to audit clause is a provision in a contract that gives one party the right to audit another party to verify their compliance with the contract terms and conditions. Due diligence is the process of identifying and addressing the cyber risks that a potential vendor or partner brings to an organization.

Reference = https://www.yeahhub.com/every-penetration-tester-you-should-know-about-this-rules-of-engagement/

https://bing.com/search?q=rules+of+engagement+penetration+testing

Question #14

A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement.

Which of the following reconnaissance types is the tester performing?

A . Active
B . Passive
C . Defensive
D . Offensive

Reveal Solution Hide Solution

Question #15

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

A . IRP
B . DRP
C . RPO
D . SDLC

Reveal Solution Hide Solution

Question #16

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

A . Jailbreaking
B . Memory injection
C . Resource reuse
D . Side loading

Reveal Solution Hide Solution

Question #17

A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?

A . Password spraying
B . Account forgery
C . Pass-t he-hash
D . Brute-force

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Password spraying is a type of brute force attack that tries common passwords across several accounts to find a match. It is a mass trial-and-error approach that can bypass account lockout protocols. It can give hackers access to personal or business accounts and information. It is not a targeted attack, but a high-volume attack tactic that uses a dictionary or a list of popular or weak passwords12.

The logs show that the attacker is using the same password ("password123") to attempt to log in to different accounts ("admin", "user1", "user2", etc.) on the same web server. This is a typical pattern of password spraying, as the attacker is hoping that at least one of the accounts has a weak password that matches the one they are trying. The attacker is also using a tool called Hydra, which is one of the most popular brute force tools, often used in cracking passwords for network authentication3.

Account forgery is not the correct answer, because it involves creating fake accounts or credentials to impersonate legitimate users or entities. There is no evidence of account forgery in the logs, as the attacker is not creating any new accounts or using forged credentials.

Pass-the-hash is not the correct answer, because it involves stealing a hashed user credential and using it to create a new authenticated session on the same network. Pass-the-hash does not require the attacker to know or crack the password, as they use the stored version of the password to initiate a new session4. The logs show that the attacker is using plain text passwords, not hashes, to try to log in to the web server.

Brute-force is not the correct answer, because it is a broader term that encompasses different types of attacks that involve trying different variations of symbols or words until the correct password is found. Password spraying is a specific type of brute force attack that uses a single common password against multiple accounts5. The logs show that the attacker is using password spraying, not brute force in general, to try to gain access to the web server.

Reference = 1: Password spraying: An overview of password spraying attacks … – Norton, 2: Security: Credential Stuffing vs. Password Spraying – Baeldung, 3: Brute Force Attack: A definition + 6 types to know | Norton, 4: What is a Pass-the-Hash Attack? – CrowdStrike, 5: What is a Brute Force Attack? | Definition, Types & How It Works – Fortinet

Question #18

An analyst is evaluating the implementation of Zero Trust principles within the data plane.

Which of the following would be most relevant for the analyst to evaluate?

A . Secured zones
B . Subject role
C . Adaptive identity
D . Threat scope reduction

Reveal Solution Hide Solution

Question #19

An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources.

Which of the following would be the best solution?

A . RDP server
B . Jump server
C . Proxy server
D . Hypervisor

Reveal Solution Hide Solution

Question #20

A company’s web filter is configured to scan the URL for strings and deny access when matches are found.

Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

A . encryption=off
B . http://
C . www.*.com
D . :443

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

A web filter is a device or software that can monitor, block, or allow web traffic based on predefined rules or policies. One of the common methods of web filtering is to scan the URL for strings and deny access when matches are found. For example, a web filter can block access to websites that contain the words “gambling”, “porn”, or “malware” in their URLs. A URL is a uniform resource locator that identifies the location and protocol of a web resource.

A URL typically consists of the following components: protocol://domain:port/path?query#fragment. The protocol specifies the communication method used to access the web resource, such as HTTP, HTTPS, FTP, or SMTP. The domain is the name of the web server that hosts the web resource, such as www.google.com or www.bing.com. The port is an optional number that identifies the specific service or application running on the web server, such as 80 for HTTP or 443 for HTTPS. The path is the specific folder or file name of the web resource, such as /index.html or /images/logo.png. The query is an optional string that contains additional information or parameters for the web resource, such as ?q=security or ?lang=en. The fragment is an optional string that identifies a specific part or section of the web resource, such as #introduction or #summary.

To prohibit access to non-encrypted websites, an analyst should employ a search string that matches the protocol of non-encrypted web traffic, which is HTTP. HTTP stands for hypertext transfer protocol, and it is a standard protocol for transferring data between web servers and web browsers. However, HTTP does not provide any encryption or security for the data, which means that anyone who intercepts the web traffic can read or modify the data. Therefore, non-encrypted websites are vulnerable to eavesdropping, tampering, or spoofing attacks. To access a non-encrypted website, the URL usually starts with http://, followed by the domain name and optionally the port number. For example, http://www.example.com or http://www.example.com:80. By scanning the URL for the string http://, the web filter can identify and block non-encrypted websites.

The other options are not correct because they do not match the protocol of non-encrypted web traffic. Encryption=off is a possible query string that indicates the encryption status of the web resource, but it is not a standard or mandatory parameter. Https:// is the protocol of encrypted web traffic, which uses hypertext transfer protocol secure (HTTPS) to provide encryption and security for the data. Www.*.com is a possible domain name that matches any website that starts with www and ends with .com, but it does not specify the protocol. :443 is the port number of HTTPS, which is the protocol of encrypted web traffic.

Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 2: Securing Networks, page 69. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 2.1: Network Devices and Technologies, video: Web Filter (5:16).