CompTIA Study Materials
CompTIA A+
CompTIA Network+
CompTIA Security+
CompTIA CySA+
CompTIA Linux+
CompTIA PenTest+
CompTIA Cloud+
CompTIA ITF+AWS Study Materials
AWS Cloud PractitionerMicrosoft Study Materials
Microsoft Azure Fundamentals CompTIA Network+ CompTIA CySA+ CompTIA Linux+ CompTIA PenTest+ CompTIA Cloud+ CompTIA ITF+ AWS Cloud Practitioner Microsoft Azure FundamentalsPrepare for the CompTIA Security+ SY0-601 exam with our free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
Which of the following is a type of malware that disguises itself as or embeds itself within legitimate software with the intent to carry out malicious actions once executed on a host system?
Adware
Spyware
Firmware
Trojan
A Trojan is a type of malware that appears to be legitimate software or is hidden within legitimate software. It tricks users into loading and executing the malware on their systems. Once activated, Trojans can carry out the actions for which they were designed, such as data theft or installation of additional malicious software. Unlike viruses and worms, Trojans do not replicate themselves.
The MITRE ATT&CK framework includes a matrix that is exclusive to mobile device platforms, and does not contain any techniques related to desktop-based operating systems.
True
False
The MITRE ATT&CK framework is a comprehensive matrix that includes techniques for desktop operating systems, cloud, and mobile among others. There are specific matrices for enterprise systems that cover Windows, macOS, and Linux, whereas the mobile matrix covers iOS and Android. Therefore, it is not true that the framework is exclusive to mobile device platforms; it encompasses a broad range of tactics and techniques applicable to various platforms.
An attacker has setup a fraudulent wireless access point on a company’s network that mimics one of the network’s legitimate access points. Through this fraudulent access point the attacker can gain access to the sensitive information transmitted by those who unwittingly connect to it. This fraudulent access point is known as what?
Rouge access point
Evil twin
Disassociation
Jamming
A fraudulent access point that appears to be legitimate used by an attacker to gain access to network traffic is called an evil twin. The attacker can possibly can access to information such as passwords and PII.
An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam. This type of attack may be used to steal the passwords of unsuspecting users, either by monitoring their connections or by phishing, which involves setting up a fraudulent web site and luring people there.
Evil_twin_(wireless_networks) - Wikipedia, the free encyclopediaWhich of the following terms describes an attacker trying to steal personal or sensitive information using a VoIP system?
Phishing
VoIP takeover
Vishing
Wishing
Vishing or Voice-Phishing is the use of a telephone or VoIP system to conduct a phishing attack.
Voice phishing, or vishing, is the use of telephony (often Voice over IP telephony) to conduct phishing attacks. Landline telephone services have traditionally been trustworthy; terminated in physical locations known to the telephone company, and associated with a bill-payer. Now however, vishing fraudsters often use modern Voice over IP (VoIP) features such as caller ID spoofing and automated systems (IVR) to impede detection by law enforcement agencies. Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals. Usually, voice phishing attacks are conducted using automated text-to-speech systems that direct a victim to call a number controlled by the attacker, however some use live callers. Posing as an employee of a legitimate body such as the bank, police, telephone or internet provider, the fraudster attempts to obtain personal details and financial information regarding credit card, bank accounts (e.g. the PIN), as well as personal information of the victim. With the received information, the fraudster might be able to access and empty the account or commit identity fraud. Some fraudsters may also try to persuade the victim to transfer money to another bank account or withdraw cash to be given to them directly. Callers also often pose as law enforcement or as an Internal Revenue Service employee. Scammers often target immigrants and the elderly, who are coerced to wire hundreds to thousands of dollars in response to threats of arrest or deportation.Bank account data is not the only sensitive information being targeted. Fraudsters sometimes
Voice_phishing - Wikipedia, the free encyclopediaA company requires a network appliance at their branch office that exclusively serves the purpose of securely translating private IP addresses to public ones for outbound internet traffic, without incorporating any additional security or optimization services. Which device should be implemented to meet these specific needs with the least complexity?
Intrusion Detection System/Intrusion Prevention System (IDS/IPS)
Network Address Translation (NAT) gateway
Unified Threat Management (UTM) device
Load balancer
A Network Address Translation (NAT) gateway solely performs the function of translating private IP addresses into public IP addresses, which aligns with the company's requirements for the branch office. A Unified Threat Management (UTM) device, while capable of performing NAT, includes multiple other security features that the scenario deems unnecessary, adding complexity. An IDS/IPS focuses on intrusion detection and prevention and does not handle address translation. A load balancer is primarily used for distributing network or application traffic across multiple servers, which is irrelevant to the task of address translation.
Which of the following best describes the strategy an organization should implement to actively reduce the potential impact of a security breach?
Implementing stronger access controls
Transferring risk to a cyber insurance company
Choosing not to act on a known risk
Accepting the potential impact of a security breach
Risk mitigation involves measures to decrease either the likelihood or impact of a threat, thus moving towards lower risk levels. Implementing stronger access controls can reduce the potential for unauthorized access, thereby lessening the impact of a potential breach.
A network administrator needs to ensure that a lost corporate smartphone does not pose a risk to company data. Which solution is primarily used to remotely wipe sensitive information from mobile devices that are registered to the organization?
Intrusion Detection System (IDS)
Data Loss Prevention (DLP) Software
Unified Threat Management (UTM) Appliance
Mobile Device Management (MDM) Solution
MDM, or Mobile Device Management, solutions provide the capability to remotely manage and secure mobile devices, including the remote wipe feature which is essential for ensuring sensitive data is not compromised when a device is lost or stolen. The remote wipe feature ensures that data can be erased remotely to prevent unauthorized access.
You just started at a new company and you are going through documentation to see what plans and policies are already in place. One of the things that you noticed is the company is not prepared with a plan to continue operations in the event of a disaster or an unplanned event. What type of plan do you need to develop for the company to be better prepared?
DRP
RTO
RTP
Communication plan
BCP
The business continuity plan (BCP) is the plan for the continued operation of critical business processes in the event of a disruption/unplanned event. The other choices are components of a BCP.
Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning (or business continuity and resiliency planning) is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery. Business continuity is the intended outcome of proper execution of both business continuity planning and disaster recovery. Several business continuity standards have been published by various standards bodies to assist in checklisting ongoing planning tasks.An organization's resistance to failure is "the ability ... to withstand changes in its environment and still function". Often called resilience, it is a capability that enables organizations to either endure environmental changes without having to permanently adapt, or the organization is forced to adapt a new way of working that better suits the new environmental conditions.
Business_continuity_planning - Wikipedia, the free encyclopediaA company’s employees frequently communicate sensitive data through their company-issued mobile devices. Which of the following security measures would be BEST to implement to enhance the confidentiality and integrity of sensitive communications?
Implement a VPN solution for mobile devices.
Install antivirus software on all mobile devices.
Enable end-to-end encryption for all text-based communication.
Require device passwords on all mobile devices.
Encryption is crucial when dealing with sensitive data as it ensures that if the data is intercepted, it cannot be easily understood or altered by unauthorized parties. End-to-end encryption means only the communicating users can read the messages. While enabling passwords, antivirus, and utilizing a VPN also provide security benefits, they do not protect message content as directly as end-to-end encryption. Passwords prevent unauthorized access to the device, antivirus protects against malware, and a VPN secures the data in transit but does not specifically encrypt the content of messages like end-to-end encryption does.
During an investigation, discovery of application logs indicating unusual patterns of behavior, temporary files with suspicious content, and abnormal registry key entries can be considered as examples of artifacts.
False
True
Artifacts in digital forensics refer to the data that provide evidence of the actions that have occurred on a system or network. These artifacts could be any form of data such as logs, temporary files, or registry entries that are left behind by the operating system, applications, or users. Unusual patterns in application logs, suspicious temporary files, and abnormal registry entries specifically suggest the presence of artifacts that could signify a security incident.
Your company has given you the responsibility to implement an appropriate access control scheme. The company wants to control access and permissions for employees based on job function. Which of the following should you use?
MAC
RuBAC
DAC
RBAC
Role based access control (RBAC) is an access control scheme that controls access and permissions by assigning them based on roles. Individuals are assigned roles which grants them the permissions and access assigned to that role(s).
In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users, and to implementing mandatory access control (MAC) or discretionary access control (DAC). Role-based access control is a policy-neutral access control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. A study by NIST has demonstrated that RBAC addresses many needs of commercial and government organizations. RBAC can be used to facilitate administration of security in large organizations with hundreds of users and thousands of permissions. Although RBAC is different from MAC and DAC access control frameworks, it can enforce these policies without any complication.
Role-based_access_control - Wikipedia, the free encyclopediaYour coworker identified a vulnerability for a 3rd party software solution hosted on premise. The coworker is out sick today and has asked you remediate this issue as quickly as possible. You have identified a patch to fix the security vulnerability from the vendor's official website. What step should you take NEXT?
Install the patch immediately and inform affected users
Begin monitoring for related incidients
Start the incident response process
Submit a change request based on the companies change management processes
Changes, even urgent ones, should be documented and approved based on company policy. This is typically called something like a "Change Request" or CR, or a "Request For Change" or RFC. This is the first step in deploying updates, configuration changes, etc.
Change management (CM) is a collective term for all approaches to prepare, support, and help individuals, teams, and organizations in making organizational change. It includes methods that redirect or redefine the use of resources, business process, budget allocations, or other modes of operation that significantly change a company or organization. Organizational change management (OCM) considers the full organization and what needs to change, while change management may be used solely to refer to how people and teams are affected by such organizational transition. It deals with many different disciplines, from behavioral and social sciences to information technology and business solutions. As change management becomes more necessary in the business cycle of organizations, it is beginning to be taught as its own academic discipline at universities. There are a growing number of universities with research units dedicated to the study of organizational change. One common type of organizational change may be aimed at reducing outgoing costs while maintaining financial performance, in an attempt to secure future profit margins. In a project-management context, the term "change management" may be used as an alternative to change control processes wherein formal or informal changes to a project are formally introduced and approved.Drivers of change may include the ongoing evolution of technology, internal reviews of processes, crisis response, customer demand changes, competitive pressure, modifications in legislation, acquisitions and mergers, and organizational restructuring.
Change_management - Wikipedia, the free encyclopediaWhich feature of MDM allows for the logical separation of work and personal tasks/storage on an employee's personal device?
Content management
Application management
Containerization
Storage segmentation
Containerization allows for the use of containers to virtually segment a device into separate computing environments. These environments are functionally completely different systems that cannot interact with each other or share resources.
In software engineering, containerization is operating system-level virtualization or application-level virtualization over multiple network resources so that software applications can run in isolated user spaces called containers in any cloud or non-cloud environment, regardless of type or vendor.
Containerization_(computing) - Wikipedia, the free encyclopediaYou work from home and realized you only really do about 20 hours of actual work. So to fill the other 20 hours of time you installed Steam and a few of your favorite games. Your boss, the Security Team Manager, asks you to ensure no one is able to install any games or gaming platforms on their work computer. You think he's probably trying to send you a message. What could you do to prevent yourself and other employees from installing things like Steam and video games on their PCs or work phones?
Implement a VPN with IPSec traffic tunneling
Implement a HTTP Proxy Firewall to block non-approved websites
Configure Host Based Firewalls on all devices
Implement application blacklisting
A blacklist is a list of things that are not allowed and should be blocked. So an application blacklist is a list of applications that are blocked from being installed or run. Blocking commonly used applications that are not work-appropriate would be a good start to solving this issue and ensuring your boss doesn't fire you. How to implement application blacklist depends in on the devices and operating systems used in your organization but is generally possible on most common operating systems or with 3rd party device management solutions.
In computing, a blacklist, disallowlist, blocklist, or denylist is a basic access control mechanism that allows through all elements (email addresses, users, passwords, URLs, IP addresses, domain names, file hashes, etc.), except those explicitly mentioned. Those items on the list are denied access. The opposite is a whitelist, allowlist, or passlist, in which only items on the list are let through whatever gate is being used. A greylist contains items that are temporarily blocked (or temporarily allowed) until an additional step is performed. Blacklists can be applied at various points in a security architecture, such as a host, web proxy, DNS servers, email server, firewall, directory servers or application authentication gateways. The type of element blocked is influenced by the access control location. DNS servers may be well-suited to block domain names, for example, but not URLs. A firewall is well-suited for blocking IP addresses, but less so for blocking malicious files or passwords. Example uses include a company that might prevent a list of software from running on its network, a school that might prevent access to a list of websites from its computers, or a business that wants to ensure their computer users are not choosing easily guessed, poor passwords.
Blacklist_(computing) - Wikipedia, the free encyclopediaA smaller online retailer is experiencing huge numbers of requests on their websites. They are not running any major marketing campaigns and while seeing a lot of traffic are not seeing a rise in sales or logins. Eventually their web servers become overloaded and users are unable to load pages on the website. What type of attack most likely occurred?
Replay
DDOS
Jamming
Overflood
Most likely this was a Distributed Denial of Service (DDOS) attack using bots to create large amounts of malicious web requests. With enough requests the web server's capacity will be exhausted and no one will be able to access the website.
In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. More sophisticated strategies are required to mitigate this type of attack; simply attempting to block a single source is insufficient as there are multiple sources.A DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade and losing the business money. Criminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and hacktivism can motivate these attacks.
Denial-of-service_attack - Wikipedia, the free encyclopediaLooks like thats it! You can go back and review your answers or click the button below to grade your test.