CompTIA Security+ 701 Practice Exams

In a corporate office, employees are required to use their access cards to enter different sections of the building. What type of control is being implemented in this scenario?

Detective control

Preventive control

Physical control

Corrective control

Physical control

- The use of access cards to enter different sections of the building is an example of physical control, as it restricts and controls physical access to specific areas.

Detective controls

Help to identify and respond to security incidents after they have occurred.

- ex. security cameras

Preventive controls

Aim to stop security incidents before they occur.

Corrective controls

Implemented in response to identified security incidents.

A financial institution implements encryption for all sensitive data transmitted between its branches to ensure confidentiality. What type of control is being applied here?

Technical control

Administrative control

Physical control

Operational control

Technical control

- Encryption is a technical control that involves the use of technology to protect sensitive data during transmission, ensuring its confidentiality.

Administrative controls

involve policies, procedures, and training to shape behavior.

Physical controls

Restrict access to physical areas and assets.

Operational control

Focus on day-to-day processes and procedures to ensure the security of information systems.

A company encrypts sensitive customer data to prevent unauthorized access. What security principle does this primarily address?

Confidentiality

Integrity

Availability

Accountability

Confidentiality

- Encrypting sensitive customer data helps maintain confidentiality by protecting it from unauthorized access.

Integrity

Ensures that data remains accurate and unaltered.

Availability

Focuses on ensuring that resources are accessible when needed.

Accountability

Is about tracking actions and identifying responsible parties.

A system administrator implements regular backups to ensure that critical data can be restored in the event of a hardware failure. Which security principle does this align with?

Confidentiality

Integrity

Availability

Non-repudiation

Availability

- Regular backups contribute to the ability of critical data by ensuring it can be stores in case of a hardware failure or data loss.

Confidentiality

Is about preventing unauthorized access to sensitive information.

Non-repudiation

Focuses on ensuring that a party cannot deny its actions.

A security mechanism is implemented to verify that data remains unchanged during transmission over a network. Which security principle is being emphasized?

Confidentiality

Integrity

Availability

Authentication

Integrity

- Verifying data integrity ensures that it remains unchanged during transmission, guarding against unauthorized alterations.

In a network environment, what AAA component is responsible for tracking the activities of users and monitoring resource usage?

Authentication

Authorization

Accounting

Auditing

Accounting

- Involves tracking user activities and resource usage for the purpose of billing, auditing, and security monitoring.

Auditing

Involves the analysis of logs and records to ensure compliance and detect security incidents.

Authorization

Determines the user's access rights and permissions after successful authentication.

Authentication

Involves verifying the identity of a user.

In a multi-factor authentication system, which of the following is an example of something you know?

Fingerprint scan

One-time password

Smart card

Retina scan

One-time password

- Something you know refers to knowledge-based factors, such as a password or PIN, and a one-time password is an example of this.

Something you are

A biometric factor

- ex. fingerprint scan, retina scan

Something you have

A possession-based factor

- ex. smart card

What is a common outcome of a gap analysis process in the context of cybersecurity?

A) Development of a risk management plan

B) Implementation of compensating controls

C) Creation of a security policy

D) Establishment of a remediation plan

Establishment of a remediation plan

- A common outcome of gap analysis is the identification of security gaps and the development of a remediation plan to address these gaps.

Incorrect Answers Explanation:

A) While gap analysis contributes to risk assessment, developing a risk management plan is a broader process.

B) Compensating controls may be part of the remediation plan but are not the primary outcome of a gap analysis.

C) A security policy may be reviewed during gap analysis, but creating one is not a direct outcome.

A company has recently implemented a new cybersecurity policy and wants to assess its current security posture. What specific steps might they take in a gap analysis process to identify areas for improvement?

A) Conducting penetration testing to identify vulnerabilities.

B) Reviewing existing security controls, policies, and procedures against the new policy.

C) Assessing the organization's compliance with industry standards.

D) Implementing new security measures without analysis.

Reviewing existing security controls, policies, and procedures against the new policy.

- Gap analysis involves comparing the current state against desired goals. In this scenario, reviewing existing security controls, policies, and procedures against the new policy helps identify gaps and areas for improvement.

Gap analysis

Involves comparing the current state against desired goals.

Penetration testing

Specific to identifying vulnerabilities

A multinational corporation adopts a Zero Trust security model to enhance its cybersecurity posture. How might the organization implement Zero Trust principles to secure its network infrastructure?

A) Relying on a traditional perimeter firewall for network security.

B) Implementing micro-segmentation, multifactor authentication, and continuous monitoring.

C) Allowing unrestricted access based on network location.

D) Trusting users based on job titles without continuous verification.

Implementing micro-segmentation, multifactor authentication, and continuous monitoring.

Zero Trust

Involves implementing measures like micro-segmentation, multifactor authentication, and continuous monitoring to enhance security.

- Advocates for internal segmentation and continuous verification.

- Rejects the idea of implicit trust based on network location.

- Emphasizes continuous verification for all users and devices rather than trusting job titles.

A global corporation is implementing "Policy-Driven Access Control" as part of its Zero Trust strategy. How might the organization practically enforce access policies based on contextual factors?

A) Allowing access based on static roles and permissions.

B) Dynamically adjusting access based on user behavior, device health, and location.

C) Trusting all entities within a specific subnet.

D) Conducting annual security audits.

Dynamically adjusting access based on user behavior, device health, and location.

- The organization might dynamically adjust access based on contextual factors such as user behavior, device health, and location to enforce policies.

Policy-Driven Access Control

Involves dynamic enforcement based on contextual factors.

A healthcare organization is implementing Zero Trust principles to safeguard patient data. How might the organization practically leverage "Adaptive Identity" to enhance access controls?

A) Issuing static access credentials to all employees.

B) Dynamically adjusting access based on changing conditions such as user behavior.

C) Trusting all devices within a specific subnet.

D) Conducting annual cybersecurity training sessions.

Dynamically adjusting access based on changing conditions such as user behavior.

- The healthcare organization might implement Adaptive Identity by dynamically adjusting access based on changing conditions such as user behavior, improving access controls.

Which control type involves implementing measures to prevent unauthorized access to systems and data?

Detective controls

Corrective controls

Preventive controls

Compensating controls

Preventive controls

- Aims to stop security incidents before they occur, such as implementing firewalls and access controls.

Compensating controls

Alternative measures implemented to compensate for the lack of a primary control.

A large retail company is implementing a Zero Trust model to secure its online customer data. How might the organization apply the principle of "Threat Scope Reduction" to protect customer information?

A) Granting unrestricted access to all employees.

B) Utilizing encryption for data in transit.

C) Segmenting the network to isolate sensitive customer databases.

D) Trusting devices solely based on their location.

Segmenting the network to isolate sensitive customer databases.

- The organization might reduce the threat scope by segmenting the network to isolate sensitive customer databases, limiting potential exposure in case of a security incident.

Threat Scope Reduction

Sees to restrict access

- Limit the users' access to only what they need for their work tasks because this drastically reduces the network's potential attack surface.

In a city center, where there is a potential threat of vehicle attacks, how might bollards strategically placed around public spaces enhance security?

A) Guiding pedestrians to designated entry points.

B) Enhancing the aesthetics of the surroundings.

C) Restricting vehicle access and preventing ramming attacks.

D) Providing seating areas for outdoor events.

Restricting vehicle access and preventing ramming attacks.

- Bollards strategically placed around public spaces enhance security by restricting vehicle access and preventing ramming attacks, mitigating the potential threat of vehicles being used as weapons.

Why is change management considered crucial for maintaining a secure IT environment?

A) To accelerate the deployment of new technologies for enhanced security.

B) To ensure that changes are thoroughly planned, tested, and approved to prevent security vulnerabilities.

C) To minimize the involvement of security teams in the implementation of new systems.

D) To prioritize speed over accuracy in adapting to evolving security threats.

To ensure that changes are thoroughly planned, tested, and approved to prevent security vulnerabilities.

- Change management is crucial for maintaining a secure IT environment as it ensures that changes are thoroughly planned, tested, and approved, reducing the risk of introducing security vulnerabilities.

Change management

Crucial for maintaining a secure IT environment as it ensures that changes are thoroughly planned, tested, and approved, reducing the risk of introducing security vulnerabilities.

Which of the following best describes the purpose of conducting an impact analysis in change management operations?

A) To expedite changes without considering their impact.

B) To identify potential security vulnerabilities.

C) To understand the consequences of proposed changes on security.

D) To limit the scope of the approval process.

To understand the consequences of proposed changes on security.

- Conducting an impact analysis in the context of security operations is crucial to understand the potential consequences of proposed changes on security. It helps in assessing risks, identifying vulnerabilities, and making informed decisions to mitigate potential negative impacts.

A manufacturing plant installs security cameras at entry points and critical areas to monitor and record activities. What type of control is this?

Detective control

Deterrent control

Corrective control

Preventive control

Detective control

- Security cameras, in this case, serve as detective controls by monitoring and recording activities for later review, helping to identify and respond to security incidents.

Deterrent control

Designed to discourage potential attackers.

Why is identifying stakeholders important in change management operations?

A) Stakeholders are only concerned with non-security aspects of business processes.

B) Identifying stakeholders ensures that security teams have sole responsibility for decision-making.

C) Stakeholders may have vested interests and influence in security-related decisions.

D) Stakeholders are not relevant in the approval process.

Stakeholders may have vested interests and influence in security-related decisions.

- Identifying stakeholders is important in security operations because stakeholders may have vested interests and influence in security-related decisions. Involving relevant stakeholders ensures a comprehensive and well-informed decision-making process.

What is the purpose of an approval process in change management, and how does it contribute to security operations?

A) Ensures that all stakeholders are notified of the change.

B) Verifies that the change aligns with organizational security policies.

C) Speeds up the change implementation process.

D) Assigns ownership to the change.

Verifies that the change aligns with organizational security policies.

- An approval process in change management is designed to verify that proposed changes align with organizational policies and standards, ensuring that they meet security requirements.

Identify and describe the primary stakeholders involved in the approval of a security change. How do their roles differ, and why is their involvement crucial?

A) Only IT personnel are stakeholders; their role is to approve or reject changes.

B) Stakeholders include anyone in the organization; their roles may vary from approvers to implementers.

C) Stakeholders are limited to the security team; their role is to analyze the impact of changes.

D) Stakeholders are external entities; their role is to audit the change process.

Stakeholders include anyone in the organization; their roles may vary from approvers to implementers.

- Stakeholders in change management can include a range of individuals within the organization, with roles varying from those who approve changes to those who implement them. Their involvement is crucial for a well-rounded decision-making process.

What is the primary purpose of the approval process in change management?

A) To document every change made in the organization.

B) To ensure that proposed changes are reviewed and authorized.

C) To assign blame in case of a security incident.

D) To expedite the implementation of changes without thorough assessment.

To ensure that proposed changes are reviewed and authorized.

- The approval process in change management is designed to ensure that proposed changes are thoroughly reviewed and authorized before implementation. This helps prevent unauthorized or potentially harmful changes that could impact security.

Which control type focuses on minimizing the impact of a security incident and restoring normal operations quickly?

Preventive controls

Detective controls

Corrective controls

Deterrent controls

Corrective controls

- Corrective controls are implemented to mitigate the impact of security incidents and restore systems to normal operations.

How do allow lists and deny lists contribute to security in an organization's network?

A) Allow lists ensure unrestricted access, while deny lists restrict access to authorized entities.

B) Allow lists specify authorized entities, while deny lists specify entities to be blocked.

C) Allow lists and deny lists are interchangeable terms for the same security concept.

D) Allow lists and deny lists are not relevant to network security.

Allow lists specify authorized entities, while deny lists specify entities to be blocked.

- Allow lists explicitly specify entities that are granted access, while deny lists specify entities that should be blocked. This approach helps enhance security by explicitly defining what is allowed and disallowing anything not explicitly permitted.

Why is restarting a service a common practice in response to security incidents?

A) To permanently disable the service and prevent future incidents.

B) To erase logs and hide evidence of the incident.

C) To apply security updates and patches.

D) To expedite the resolution of the incident without investigation.

To apply security updates and patches.

- Restarting a service can apply security updates and patches, ensuring that the service runs with the latest security fixes. It helps address vulnerabilities and improve the overall security posture.

A security incident response team is investigating a data breach in which sensitive customer information may have been compromised. What is the most critical aspect of documentation during this incident response process?

A) Documenting the steps taken during the investigation and remediation.

B) Providing detailed information on the team members' personal experiences.

C) Recording personal opinions about the cause of the data breach.

D) Omitting details to avoid potential legal consequences.

Documenting the steps taken during the investigation and remediation.

- The most critical aspect of documentation during an incident response process is to document the steps taken during the investigation and remediation. This documentation is crucial for understanding the incident, communicating with stakeholders, and improving future response efforts.

A company is transitioning its email infrastructure from an on-premises solution to a cloud-based service. What are the primary technical implications of this transition?

A) Reduced reliance on internet connectivity.

B) Enhanced control over physical infrastructure.

C) Increased scalability and accessibility.

D) Decreased reliance on third-party providers.

Increased scalability and accessibility.

- The primary technical implications of transitioning to a cloud-based email service include increased scalability and accessibility, allowing for easier expansion of resources and improved access from various locations.

Incorrect Answers Explanations:

A) Cloud-based services often rely on internet connectivity, and the transition may increase dependence on it.

B) Cloud services typically involve relinquishing control over physical infrastructure in favor of the cloud provider's infrastructure.

D) Transitioning to a cloud-based service typically increases reliance on third-party cloud providers rather than decreasing it.

An organization is concerned about potential information leakage and wants to ensure the confidentiality of sensitive data transmitted over the network. What application of steganography would address this concern?

A) Hiding a confidential document within a seemingly unrelated image file.

B) Replacing credit card numbers with tokens for secure storage.

C) Scrambling personally identifiable information (PII) in a database.

D) Encrypting sensitive emails before transmission.

Hiding a confidential document within a seemingly unrelated image file.

- Hiding a confidential document within a seemingly unrelated image file using steganography can address concerns about information leakage by concealing the sensitive data during transmission.

Incorrect Answers Explanations:

B) This is an application of tokenization, not steganography, and focuses on secure storage, not transmission.

C) This is an application of data masking, not steganography, and focuses on securing data at rest.

D) This is an application of encryption, not steganography, and involves transforming the data to make it unreadable without the proper key.

An organization is planning to implement a Public Key Infrastructure (PKI) for securing its communication channels and authenticating users. What are the key components of a PKI that the organization should consider?

A) Only digital certificates.

B) Only public keys.

C) Digital certificates, public and private key pairs, and a Certificate Authority (CA).

D) Private keys and Certificate Revocation Lists (CRLs) only.

Digital certificates, public and private key pairs, and a Certificate Authority (CA).

- A PKI comprises digital certificates, public and private key pairs, and a Certificate Authority (CA). Digital certificates bind public keys to entities, and the CA verifies their authenticity.

A company has implemented a PKI for its internal network, and employees use digital certificates for secure access. One employee loses their smart card containing the private key. What is the appropriate action to take in this scenario?

A) Ignore the incident since the smart card is likely to be found.

B) Reissue the same digital certificate with the existing private key.

C) Revoke the compromised certificate and issue a new one with a new key pair.

D) Reissue the digital certificate with the same private key but update the employee's name.

Revoke the compromised certificate and issue a new one with a new key pair.

- In the event of a lost or compromised private key, the appropriate action is to revoke the compromised certificate and issue a new one with a new key pair to maintain security.

A development team is working on a critical software application. They are using version control to manage the source code. Why is version control essential in this scenario?

A) To ensure that only one person can work on the code at a time.

B) To track changes, maintain a history of revisions, and enable collaboration.

C) To limit access to the source code and protect intellectual property.

D) To increase the size of the codebase by storing redundant copies.

To track changes, maintain a history of revisions, and enable collaboration.

- Version control is essential in software development to track changes, maintain a history of revisions, and enable collaboration among team members. It allows for efficient management of code changes, identification of issues, and collaborative development.

A government agency is implementing a PKI for secure communications. The agency is concerned about potential loss of access to encrypted data if an employee leaves or loses their private key. What PKI concept addresses this concern?

Certificate Revocation Lists (CRLs).

Key Escrow.

Certificate Signing Request (CSR).

Online Certificate Status Protocol (OCSP).

Key Escrow

- Key Escrow is a PKI concept that involves storing a copy of a user's private key in a secure location, addressing concerns about potential data loss if access to the private key is lost.

Certificate Revocation Lists (CRLs).

Used to revoke compromised certificates.

- Updated periodically

Certificate Signing Request (CSR).

A request for a digital certificate.

Online Certificate Status Protocol (OCSP).

Used to check the status of a certificate.

- Provides real-time status

An organization is implementing a PKI and is considering methods for checking the revocation status of digital certificates. Which statement accurately describes the difference between Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRLs)?

A) OCSP provides real-time certificate status, while CRLs are only updated periodically.

B) CRLs provide real-time certificate status, while OCSP is only updated periodically.

C) OCSP and CRLs both provide real-time certificate status.

D) Neither OCSP nor CRLs provide information about certificate revocation.

OCSP provides real-time certificate status, while CRLs are only updated periodically.

- OCSP allows for real-time checking of a certificate's revocation status, whereas CRLs are typically updated periodically, and clients must download and check the list at intervals.

An organization is implementing encryption for securing its sensitive data. The team is debating whether to use symmetric or asymmetric encryption. What is a key consideration when deciding between symmetric and asymmetric encryption?

A) Symmetric encryption is more secure than asymmetric encryption.

B) Asymmetric encryption is faster than symmetric encryption.

C) Symmetric encryption requires the exchange of secret keys.

D) Asymmetric encryption uses a single key for both encryption and decryption.

Symmetric encryption requires the exchange of secret keys.

- In symmetric encryption, a key must be shared between parties, posing a key exchange challenge. Asymmetric encryption, on the other hand, uses key pairs, eliminating the need to share a secret key.

Symmetric encryption

A key must be shared between parties, posing a key exchange challenge.

- Faster depending on the specific requirements

Asymmetric encryption

Uses key pairs, eliminating the need to share a secret key.

- One key for encryption and another for decryption

An e-commerce website is implementing TLS to secure the transmission of customer data during online transactions. What is the primary purpose of TLS in this context?

A) Encrypting stored customer data in the database.

B) Ensuring the integrity of customer data during transmission.

C) Simplifying user authentication processes.

D) Reducing the website's operational costs.

Ensuring the integrity of customer data during transmission.

- TLS (Transport Layer Security) ensures the integrity and confidentiality of data during transmission over the network, making it a crucial technology for securing online transactions.

An organization is implementing encryption to secure sensitive data, and they are considering using the Advanced Encryption Standard (AES). What key lengths are commonly used with AES for secure encryption?

64-bit keys.

128-bit keys.

256-bit keys.

512-bit keys.

128-bit keys

- AES commonly uses key lengths of 128 bits, which provides a high level of security. While AES supports other key lengths like 192 bits and 256 bits, 128 bits is widely adopted and considered secure for most applications.

An organization is implementing a security strategy for its devices and wants to ensure the integrity of the system boot process. Which cryptographic tool is designed to provide a secure root of trust for the system and help protect against attacks such as firmware tampering?

Hardware Security Module (HSM).

Key Management System.

Trusted Platform Module (TPM).

Secure Enclave.

Trusted Platform Module (TPM).

- TPM is designed to provide a secure root of trust for the system by ensuring the integrity of the boot process and protecting against attacks such as firmware tampering.

Hardware Security Module (HSM)

Used for secure key storage and cryptographic operations. Provide dedicated hardware-based protection for keys.

Key Management System

Focuses on the secure management of cryptographic keys.

Secure Enclave

A separate, isolated area within a processor designed to protect sensitive information during runtime.

A financial institution is implementing a system to securely store and manage cryptographic keys used in its payment processing application. Which cryptographic tool is best suited for this purpose, providing a dedicated hardware-based solution for key protection?

Key Management System.

Trusted Platform Module (TPM).

Hardware Security Module (HSM).

Secure Enclave.

Hardware Security Module (HSM)

- HSMs are dedicated hardware devices designed to provide secure key storage and cryptographic operations. They are commonly used in financial and other security-critical applications.

Trusted Platform Module (TPM)

Focused on ensuring the integrity of the system and securing the boot process

A mobile device manufacturer is implementing a security feature to protect sensitive user data, such as biometric information and device-specific keys. What cryptographic tool is commonly used to create a secure, isolated environment within the device's processor?

Trusted Platform Module (TPM).

Hardware Security Module (HSM).

Key Management System.

Secure Enclave.

Secure Enclave.

- A Secure Enclave is a secure, isolated area within a processor that is designed to protect sensitive information, such as biometric data and cryptographic keys, during runtime.

A cybersecurity analyst discovers an image file shared online, suspecting that it may contain hidden information. What technique might be employed to hide sensitive data within the image while maintaining the image's appearance?

Encryption

Steganography

Tokenization

Data Masking

Steganography

- Steganography is the practice of concealing information within another medium, such as hiding data within an image, without affecting the image's apparent structure.

A financial institution wants to enhance the security of its payment processing system by reducing the storage of sensitive cardholder information. What technique can the institution use to replace the actual credit card numbers with unique tokens for storage and transaction processing?

Encryption

Steganography

Tokenization

Data Masking

Tokenization

- Tokenization involves replacing sensitive data with unique tokens, which can be used for transaction processing while reducing the storage of actual sensitive information.

A healthcare organization is preparing a dataset for research purposes while ensuring that the personally identifiable information (PII) of patients remains confidential. What technique could the organization use to replace actual names and addresses with fictitious or generalized information?

Encryption

Steganography

Tokenization

Data Masking

Data Masking

- Data masking involves the process of replacing or scrambling sensitive information with fictitious or generalized data to protect confidentiality while maintaining the overall structure of the dataset.

A database administrator is implementing a password storage mechanism to enhance security. What is the primary purpose of using a random salt for each user's password?

A) To make passwords more memorable for users.

B) To prevent rainbow table attacks.

C) To reduce the computational overhead of password hashing.

D) To simplify password recovery processes.

To prevent rainbow table attacks.

- Salting involves adding a unique random value (salt) to each user's password before hashing. This helps prevent rainbow table attacks by ensuring that the same password will have different hash values for different users.

An organization is implementing a system to verify the authenticity and integrity of digitally signed documents. What is the primary purpose of using digital signatures in this context?

A) To encrypt the entire document for confidentiality.

B) To provide a timestamp for the document.

C) To verify the identity of the document's sender.

D) To ensure the document has not been altered.

To ensure the document has not been altered.

- Digital signatures are used to ensure the authenticity and integrity of a document by providing a way to verify that the document has not been altered since the signature was applied.

Digital signatures

Primary purpose is to verify the integrity and authenticity of a document.

An organization is planning to implement a blockchain-based system for secure and transparent record-keeping. What are two key security features associated with blockchain technology?

A) Centralized control and single-point-of-failure protection.

B) Data encryption and decentralized consensus.

C) Closed ledger and data obfuscation.

D) Single sign-on and access control lists.

Data encryption and decentralized consensus.

- Two key security features associated with blockchain technology are data encryption, which helps protect the confidentiality of information, and decentralized consensus, which enhances the integrity and availability of the data.

Blockchain

Known for its decentralized nature, and centralized control. Helps mitigate single points of failure, it does so through decentralization. Typically open and transparent.

A company is considering using a blockchain with an open public ledger for its supply chain management. What privacy concerns should the company address when utilizing an open public ledger?

A) Centralized control of data.

B) Limited accessibility of transaction history.

C) Data transparency and immutability.

D) Protection of proprietary information.

Protection of proprietary information.

- When using an open public ledger, protecting proprietary information becomes a privacy concern. Companies must ensure that sensitive business details are not exposed to unauthorized parties.

A website is storing user passwords and wants to enhance security by using a hash function. What is a crucial property of a secure hash function?

A) Reversibility, allowing the recreation of the original password.

B) Collision resistance, preventing different inputs from producing the same hash.

C) Slow computation to deter attackers.

D) Generating the same hash for similar passwords.

Collision resistance, preventing different inputs from producing the same hash.

- A secure hash function should be collision-resistant, meaning it should be challenging for different inputs to produce the same hash value.

An organization is using legacy applications critical to its business operations. What is a primary security concern associated with legacy applications?

A) They are typically cloud-native.

B) They may have unpatched vulnerabilities.

C) They use modern cryptographic algorithms.

D0 They provide automatic updates.

They may have unpatched vulnerabilities.

- Legacy applications often pose a security concern because they may have unpatched vulnerabilities. These applications may not receive updates or support, making them susceptible to exploitation.

An organization is implementing a secure communication system and wants to ensure that participants cannot deny their involvement in the communication. What security concept addresses this concern?

Confidentiality

Non-repudiation

Availability

Integrity

Non-repudiation

- Non-repudiation ensures that a participant cannot deny their involvement in a communication or transaction. It provides evidence of the origin or delivery of data.

A network administrator is configuring a system to use a secure authentication protocol for remote access. What is a commonly used protocol for authenticating systems in this context?

HTTP

LDAP

SNMP

RADIUS

RADIUS

- RADIUS (Remote Authentication Dial-In User Service) is commonly used for authenticating systems, especially in the context of remote access. It provides a centralized authentication and authorization service.

HTTP

Hyper Transfer Protocol

- A web protocol

LDAP

Lightweight Directory Access Protocol

- Used for directory services

SNMP

Simple Network Management Protocol

- Used for network management and monitoring

Which of the following terms best describes a type of software that disguises itself as legitimate software but contains malicious code that can compromise the security of a system?

Malware

Ransomware

Adware

Firewall

Malware

- Malware, short for malicious software, is software designed to infiltrate or damage computer systems while often appearing as legitimate software. It includes various types such as viruses, trojans, and spyware.

Ransomware

A specific type of malware that encrypts files and demands a ransom.

Adware

Unwanted software that displays advertisements.

Firewall

A security device used to control incoming and outgoing network traffic.

Which of the following best describes the concept of a "zero-day vulnerability"?

A) A vulnerability that has been in existence for zero days.

B) A vulnerability that has been exploited for zero days.

C) A vulnerability that is unknown to the software vendor and has no available patch.

D) A vulnerability that is at the lowest risk level.

A vulnerability that is unknown to the software vendor and has no available patch.

What is the primary goal of a "honeypot" in a network security?

A) A device used to capture and analyze network traffic for security purposes.

B) A deceptive system designed to attract and monitor malicious activity.

C) A secure storage location for sensitive data.

D) A type of firewall used to filter incoming and outgoing traffic.

A deceptive system designed to attract and monitor malicious activity.

Honeypot

A security mechanism that lures potential attackers into a controlled environment where their activities can be monitored and analyzed without posing a real threat to the production network.

Sniffer

Network Analyzer

- term for capturing and analyzing network traffic

What is a common characteristic of a "man-in-the-middle" (MitM) attack?

A) The attacker intercepts and alters data between two parties without their knowledge.

B) The attacker floods a network with excessive traffic to overwhelm it.

C) The attacker disguises malicious code as legitimate software.

D) The attacker gains unauthorized access to a system using stolen credentials.

The attacker intercepts and alters data between two parties without their knowledge.

DoS Attack

Denial of Service

- flooding a network with excessive traffic

- involves overwhelming a network or server with traffic from various sources

A security administrator has noticed several unauthorized access attempts to the organization's internal systems. These attempts are often based on trying common username and password combinations. Which type of attack does this scenario most likely describe?

SQL injection attack

Brute-force attack

DDoS attack

Cross-site scripting (XSS) attack

Brute-force attack

- The scenario describes a brute-force attack where an attacker attempts to gain access by trying many possible username and password combinations. This is a common method used to crack passwords.

SQL Injection attack

Involve manipulating a database's queries.