Security+ Practice Questions Set 2

Security Tools

Attacks & Threats

Access Control & IAM

Security Concepts

Scenario / Mixed

100

Which of the following would be the best way to block unknown programs from executing?

A. Access control list

B. Application allow list

C. Host-based firewall

D. DLP solution

B: What is Application allow list

100

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device. Which of the following best describes the user’s activity?

A. Penetration testing

B. Phishing campaign

C. External audit

D. Insider threat

D: What is Insider Threat

100

The management team notices that new accounts that are set up manually do not always have correct access or permissions. Which of the following automation techniques should a systems administrator use to streamline account creation?

A. Guard rail script

B. Ticketing workflow

C. Escalation script

D. User provisioning script

D: What is User provisioning script

100

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

A. Private

B. Critical

C. Sensitive

D. Public

C: What is Sensitive

100

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

A. Enumeration

B. Sanitization

C. Destruction

D. Inventory

B: What is Sanitization

200

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?

A. SCAP

B. NetFlow

C. Antivirus

D. DLP

D: What is DLP

200

A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?

A. The user jsmith’s account has been locked out.

B. A keylogger is installed on jsmith’s workstation.

C. An attacker is attempting to brute force jsmith’s account.

D. Ransomware has been deployed in the domain.

C: What is An attacker is attempting to brute force jsmith’s account.

200

Which of the following is a primary security concern for a company setting up a BYOD program?

A. End of life

B. Buffer overflow

C. VM escape

D. Jailbreaking

D: What is Jailbreaking

200

Which of the following allows for the attribution of messages to individuals?

A. Adaptive identity

B. Non-repudiation

C. Authentication

D. Access logs

B: What is Non-repudiation

200

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

A. Conduct an audit.

B. Initiate a penetration test.

C. Rescan the network.

D. Submit a report.

C: What is Rescan the network

300

Which of the following can be used to identify potential attacker activities without affecting production servers?

A. Honeypot

B. Video surveillance

C. Zero Trust

D. Geofencing

A: What is Honeypot

300

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during nonbusiness hours. Which of the following is most likely occurring?

A. A worm is propagating across the network.

B. Data is being exfiltrated.

C. A logic bomb is deleting data.

D. Ransomware is encrypting files.

B: What is Data is being exfiltrated.

300

A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

A. Changing the remote desktop port to a non-standard number

B. Setting up a VPN and placing the jump server inside the firewall

C. Using a proxy for web connections from the remote desktop server

D. Connecting the remote server to the domain and increasing the password length

B: What is Setting up a VPN and placing the jump server inside the firewall

300

A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?

A. Corrective

B. Preventive

C. Detective

D. Deterrent

C: What is Detective

300

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

A. Compensating control

B. Network segmentation

C. Transfer of risk

D. SNMP traps

A: What is Compensating control

400

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

A. ACL

B. DLP

C. IDS

D. IPS

D: What is IPS

400

Which of the following involves an attempt to take advantage of database misconfigurations?

A. Buffer overflow

B. SQL injection

C. VM escape

D. Memory injection

B: What is SQL injection

400

A systems administrator is working on a solution with the following requirements:

• Provide a secure zone.

• Enforce a company-wide access control policy.

• Reduce the scope of threats.

Which of the following is the systems administrator setting up?

A. Zero Trust

B. AAA

C. Non-repudiation

D. CIA

A: What is Zero Trust

400

Which of the following describes the maximum allowance of accepted risk?

A. Risk indicator

B. Risk level

C. Risk score

D. Risk threshold

D: What is Risk threshold

400

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

A. Off-the-shelf software

B. Orchestration

C. Baseline

D. Policy enforcement

B: What is Orchestration

500

A security administrator needs a method to secure data in an environment that includes some form of checks so track any changes. Which of the following should the administrator set up to achieve this goal?

A. SPF

B. GPO

C. NAC

D. FIM

D: What is FIM

500

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity?

A. White

B. Purple

C. Blue

D. Red

D: What is Red

500

A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

A. Processor

B. Custodian

C. Subject

D. Owner

C: What is Subject

500

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?

A. MTTR

B. RTO

C. ARO

D. MTBF

C: What is ARO

500

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

A. Data in use

B. Data in transit

C. Geographic restrictions

D. Data sovereignty

B: What is Data in transit