CompTIA Security+ SY0-201 Practice Questions: Assessment and Audits
- Practice Questions
- Quick-Check Answer Key
- Answers and Explanations
This chapter is from the book
This chapter is from the book
This chapter is from the book
To secure a network, it is important to identify the normal operating parameters so that you can recognize atypical variations from this baseline operational level. The first step toward minimizing the potential damage that may result from unauthorized access attempts is the detection and identification of an unauthorized intrusion. Intrusion detection requires a detailed understanding of all operational aspects of the network, along with a means to identify variations and bring these changes to the attention of the proper responsible parties. Auditing is done to protect the validity and reliability of organizational information and systems. As a security professional, you can audit a vast amount of data. Auditing can create a large repository of information that has to be filtered through. Monitoring can be as simple or complex as you want to make it. Many organizations monitor an extensive amount of information, whereas others may monitor little or nothing. As a prospective security professional, you should also take every opportunity you may find to expand your skill base beyond these basic foundational elements. The following list includes the key areas from Domain 4 that you need to master for the exam:
- Conduct risk assessments and implement risk mitigation.
- Carry out vulnerability assessments using common tools.
- Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.
- Use monitoring tools on systems and networks and detect security-related anomalies.
- Compare and contrast various types of monitoring methodologies.
- Execute proper logging procedures and evaluate the results.
- Conduct periodic audits of system security settings.
Practice Questions
Objective 4.1: Conduct risk assessments and implement risk mitigation.
| 1. |
Metrics for security baselines and hardening efforts rely on which of the following?
Quick Answer: 229 Detailed Answer: 232 |
||||||||||||
| 2. |
When the risk of equipment loss is covered by a full-replacement insurance policy, which of the following best describes the risk?
Quick Answer: 229 Detailed Answer: 232 |
||||||||||||
| 3. |
An organization removes legacy dial-up telephony modem devices to prevent war-dialing attacks. Which of the following best describes the risk?
Quick Answer: 229 Detailed Answer: 232 |
||||||||||||
| 4. |
When an organization installs a firewall to prevent attacks, which of the following best describes the risk?
Quick Answer: 229 Detailed Answer: 232 |
||||||||||||
| 5. |
When an organization decides the cost of an IDS is too expensive to implement, which of the following best describes the risk?
Quick Answer: 229 Detailed Answer: 232 |
||||||||||||
| 6. |
Which of the following best describes the primary purpose of a risk assessment?
Quick Answer: 229 Detailed Answer: 233 |
||||||||||||
| 7. |
Which of the following is the correct formula for calculating annual loss expectancy?
Quick Answer: 229 Detailed Answer: 233 |
||||||||||||
| 8. |
Which of the following best describes how single loss expectancy is calculated?
Quick Answer: 229 Detailed Answer: 233 |
||||||||||||
| 9. |
An organization has identified and reduced risk to a level that is comfortable and then implemented controls to maintain that level. Which of the following best describes this action?
Quick Answer: 229 Detailed Answer: 233 |
||||||||||||
| 10. |
An organization identified risks, estimated the impact of potential threats, and identified ways to reduce the risk without the cost of the prevention outweighing the risk. Which of the following best describes this action?
Quick Answer: 229 Detailed Answer: 233 |
||||||||||||
| 11. |
Which of the following best describes risk?
Quick Answer: 229 Detailed Answer: 233 |
||||||||||||
| 12. |
During the process of risk assessment, which of the following would be reviewed? (Select all correct answers.)
Quick Answer: 229 Detailed Answer: 234 |
||||||||||||
| 13. |
Which of the following best describes return on investment?
Quick Answer: 229 Detailed Answer: 234 |
||||||||||||
| 14. |
When the return on investment is calculated, if the result is a negative number, which of the following is true?
Quick Answer: 229 Detailed Answer: 234 |
||||||||||||
| 15. |
Which of the following best describes exposure factor or probability?
Quick Answer: 229 Detailed Answer: 234 |
Objective 4.2: Carry out vulnerability assessments using common tools.
| 1. |
Which of the following is a software utility that will scan a single machine or a range of IP addresses checking for a response on service connections?
Quick Answer: 229 Detailed Answer: 235 |
||||||||||||
| 2. |
Which of the following is a software utility that will scan a range of IP addresses testing for the present of known weaknesses in software configuration and accessible services?
Quick Answer: 229 Detailed Answer: 235 |
||||||||||||
| 3. |
Which of the following is a software utility that is used on a hub, a switch supervisory port, or in line with network connectivity to allow the analysis of network communications?
Quick Answer: 229 Detailed Answer: 235 |
||||||||||||
| 4. |
Which of the following is a software utility that is used to conduct network assessments over a range of IP addresses and compiles a listing of all systems, devices, and hardware present within a network segment?
Quick Answer: 229 Detailed Answer: 235 |
||||||||||||
| 5. |
Which of the following best describes the purpose of OVAL?
Quick Answer: 229 Detailed Answer: 235 |
||||||||||||
| 6. |
An administrator working in the Department of Homeland Security needs to document standards for the assessment process of systems. Which of the following would be most useful to the administrator?
Quick Answer: 229 Detailed Answer: 235 |
||||||||||||
| 7. |
An organization wants to select an assessment tool for creating an inventory of services hosted on networked systems. Which of the following should the organization choose?
Quick Answer: 229 Detailed Answer: 235 |
||||||||||||
| 8. |
An organization wants to select an assessment tool that will examine individual protocols and specific endpoints. Which of the following should the organization choose?
Quick Answer: 229 Detailed Answer: 236 |
||||||||||||
| 9. |
An organization wants to select an assessment tool for checking particular versions and patch levels of a service. Which of the following should the organization choose?
Quick Answer: 229 Detailed Answer: 236 |
||||||||||||
| 10. |
An organization wants to select an assessment tool that will create graphical details suitable for reporting on network configurations. Which of the following should the organization choose?
Quick Answer: 229 Detailed Answer: 236 |
||||||||||||
| 11. |
An organization wants to select an assessment tool that will directly test user logon password strength. Which of the following should the organization choose?
Quick Answer: 229 Detailed Answer: 236 |
||||||||||||
| 12. |
Which of the following best describes the difference between a port scanner and a vulnerability scanner?
Quick Answer: 229 Detailed Answer: 236 |
||||||||||||
| 13. |
When using a password cracker to test mandatory complexity guidelines, which of the following should the password cracker provide?
Quick Answer: 229 Detailed Answer: 237 |
||||||||||||
| 14. |
An organization wants to select an assessment tool that will report information used to identify single points of failure. Which of the following should the organization choose?
Quick Answer: 229 Detailed Answer: 237 |
||||||||||||
| 15. |
Which of the following tools is often referred to as a packet sniffer?
Quick Answer: 229 Detailed Answer: 237 |
Objective 4.3: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.
| 1. |
Which of the following is best described as a friendly attack against a network to test the security measures put into place?
Quick Answer: 229 Detailed Answer: 237 |
||||||||||||
| 2. |
Which of the following are the most serious downsides to conducting a penetration test? (Select all correct answers.)
Quick Answer: 229 Detailed Answer: 237 |
||||||||||||
| 3. |
Which of the following is true about inexperienced internal systems administrators performing penetration tests against the organizational network? (Select all correct answers.)
Quick Answer: 229 Detailed Answer: 238 |
||||||||||||
| 4. |
Which of the following is true about the relationship between vulnerability assessment and penetration testing?
Quick Answer: 229 Detailed Answer: 238 |
||||||||||||
| 5. |
Which of the following is the main security risk of penetration testing?
Quick Answer: 229 Detailed Answer: 238 |
Objective 4.4: Use monitoring tools on systems and networks and detect security-related anomalies.
| 1. |
Which of the following would most likely be used as a troubleshooting tool to tell whether a route is available to a host?
Quick Answer: 230 Detailed Answer: 238 |
||||||||||||
| 2. |
Which of the following would most likely be used as a troubleshooting tool in a Windows environment to test the connectivity path a packet takes to arrive at the destination?
Quick Answer: 230 Detailed Answer: 238 |
||||||||||||
| 3. |
Which of the following would most likely be used to troubleshoot a Domain Name System (DNS) server database?
Quick Answer: 230 Detailed Answer: 238 |
||||||||||||
| 4. |
Which of the following would most likely be used to display all the ports on which the computer is currently listening?
Quick Answer: 230 Detailed Answer: 239 |
||||||||||||
| 5. |
Which of the following is used in a Windows environment to verify the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration?
Quick Answer: 230 Detailed Answer: 239 |
||||||||||||
| 6. |
Which of the following is the most likely reason the ping command returns a time out when trying to contact an external host?
Quick Answer: 230 Detailed Answer: 239 |
||||||||||||
| 7. |
Which of the following best describes benchmarking?
Quick Answer: 230 Detailed Answer: 239 |
||||||||||||
| 8. |
Which of the following best describes a baseline?
Quick Answer: 230 Detailed Answer: 239 |
||||||||||||
| 9. |
Which of the following protocols is used by the ping utility?
Quick Answer: 230 Detailed Answer: 239 |
||||||||||||
| 10. |
Which of the following is used for tracking and viewing the utilization of operating system resources?
Quick Answer: 230 Detailed Answer: 239 |
||||||||||||
| 11. |
Which of the following is used for system monitoring by allowing an administrator to view actions that occur on the system?
Quick Answer: 230 Detailed Answer: 240 |
||||||||||||
| 12. |
Which of the following is Microsoft’s version of a protocol analyzer that comes with Windows Server operating systems?
Quick Answer: 230 Detailed Answer: 240 |
||||||||||||
| 13. |
Which of the following gives you an instant history view of CPU and memory usage?
Quick Answer: 230 Detailed Answer: 240 |
||||||||||||
| 14. |
The network administrator for the organization attempts to access the security log in Event Viewer on the file server, but the log file does not contain any entries. Which of the following is the most likely reason the security log is missing?
Quick Answer: 230 Detailed Answer: 240 |
||||||||||||
| 15. |
Which of the following is an application layer protocol used to collect statistics from TCP/IP devices?
Quick Answer: 230 Detailed Answer: 240 |
||||||||||||
| 16. |
At which of the following levels should the operating system be monitored to detect rootkits?
Quick Answer: 230 Detailed Answer: 240 |
||||||||||||
| 17. |
An organization is concerned about unauthorized users attempting to access network resources. Which of the following tools will the organization use to monitor user access activity?
Quick Answer: 230 Detailed Answer: 240 |
||||||||||||
| 18. |
An organization is concerned about high I/O and CPU usage on the servers. Which of the following tools will the organization use to monitor resource activity?
Quick Answer: 230 Detailed Answer: 241 |
||||||||||||
| 19. |
An organization is concerned about high memory and CPU usage on the local user machines. Which of the following tools will the organization use to spot check resource activity?
Quick Answer: 230 Detailed Answer: 241 |
||||||||||||
| 20. |
An organization is having internal network connectivity issues and would like to implement a packet sniffer. Which of the following tools will the organization use to conduct this activity?
Quick Answer: 230 Detailed Answer: 241 |
||||||||||||
| 21. |
Several users appear to be having internal network connectivity issues. The systems administrator is not exactly sure where the problem lies. Upon going to a workstation and opening a command prompt, which of the following commands would most likely be typed first?
Quick Answer: 230 Detailed Answer: 241 |
||||||||||||
| 22. |
The users appear to be having connectivity issues to a vendor’s web hosted application. The systems administrator is not exactly sure where the problem lies. Upon going to a workstation and opening a command prompt, which of the following commands would most likely be typed first?
Quick Answer: 230 Detailed Answer: 241 |
||||||||||||
| 23. |
No one seems to be able to contact the intranet using DNS names but the intranet can be contacted by using the IP address. After opening a command prompt, which of the following commands would most likely be typed first?
Quick Answer: 230 Detailed Answer: 241 |
||||||||||||
| 24. |
A user reports slowness and intermittent odd activity on their workstation. After opening a command prompt, which of the following commands would most likely be typed first?
Quick Answer: 230 Detailed Answer: 241 |
||||||||||||
| 25. |
Which of the following is true about baselines? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 242 |
Objective 4.5: Compare and contrast various types of monitoring methodologies.
| 1. |
Which of the following best describes behavior-based monitoring?
Quick Answer: 230 Detailed Answer: 242 |
||||||||||||
| 2. |
Which of the following best describes anomaly-based monitoring?
Quick Answer: 230 Detailed Answer: 242 |
||||||||||||
| 3. |
Which of the following best describes signature-based monitoring?
Quick Answer: 230 Detailed Answer: 242 |
||||||||||||
| 4. |
An organization is concerned about buffer overflow attacks. Which of the following monitoring methods will best suit the organization?
Quick Answer: 230 Detailed Answer: 243 |
||||||||||||
| 5. |
An organization is concerned about internal misuse. Which of the following monitoring methods will best suit the organization?
Quick Answer: 230 Detailed Answer: 243 |
||||||||||||
| 6. |
An organization is concerned about system compromises from older known attacks on unpatched systems. Which of the following monitoring methods will best suit the organization?
Quick Answer: 230 Detailed Answer: 243 |
||||||||||||
| 7. |
An organization wants to implement a monitoring solution that returns few false positives and does not use a lot of system resources. Which of the following monitoring methods will best suit the organization?
Quick Answer: 230 Detailed Answer: 243 |
||||||||||||
| 8. |
An organization wants to implement a monitoring solution that can be used in a mixed operating system environment and not dependent on OS-specific mechanisms. Which of the following monitoring methods will best suit the organization?
Quick Answer: 230 Detailed Answer: 243 |
||||||||||||
| 9. |
An organization wants to implement a monitoring solution that includes video surveillance. Which of the following monitoring methods will best suit the organization?
Quick Answer: 230 Detailed Answer: 243 |
||||||||||||
| 10. |
An organization wants to implement a monitoring solution that does not require a lot of software updating and can be self-learning. Which of the following monitoring methods will best suit the organization?
Quick Answer: 230 Detailed Answer: 244 |
||||||||||||
| 11. |
An organization wants to implement a monitoring solution that returns a low number of false positives. Which of the following monitoring methods will best suit the organization?
Quick Answer: 230 Detailed Answer: 244 |
||||||||||||
| 12. |
An organization that issues credit cards requires spending profiles for their customers. Which of the following monitoring methods will best suit the organization?
Quick Answer: 230 Detailed Answer: 244 |
||||||||||||
| 13. |
An organization requires a monitoring solution that determines if program is malicious by inspecting the stream of system calls that the program issues to the operating system. Which of the following monitoring method will best suit the organization?
Quick Answer: 230 Detailed Answer: 244 |
||||||||||||
| 14. |
Which of the following are disadvantages of using a behavior-based monitoring solution? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 244 |
||||||||||||
| 15. |
Which of the following are disadvantages of using a signature-based monitoring solution? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 244 |
||||||||||||
| 16. |
Which of the following are advantages of using a behavior-based monitoring solution? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 245 |
||||||||||||
| 17. |
Which of the following are advantages of using a signature-based monitoring solution? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 245 |
||||||||||||
| 18. |
An organization requires a monitoring solution for a highly secure environment in which the individual use patterns for each user profile can be identified. Which of the following monitoring method will best suit the organization?
Quick Answer: 230 Detailed Answer: 245 |
||||||||||||
| 19. |
Which of the following types of attacks are anomaly-based monitoring solutions best at detecting? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 245 |
||||||||||||
| 20. |
Which of the following types of attacks are signature-based monitoring solutions best at detecting? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 245 |
Objective 4.6: Execute proper logging procedures and evaluate the results.
| 1. |
Which of the following best describes system logging?
Quick Answer: 230 Detailed Answer: 245 |
||||||||||||
| 2. |
To get an accurate view of a network, which of the following must precede logging?
Quick Answer: 230 Detailed Answer: 245 |
||||||||||||
| 3. |
Which of the following best describes the way logging should be implemented?
Quick Answer: 230 Detailed Answer: 245 |
||||||||||||
| 4. |
Which of the following would be considered a best practice for improved server performance when deciding where to store log files?
Quick Answer: 230 Detailed Answer: 246 |
||||||||||||
| 5. |
Which of the following would be considered a best security practice when deciding where to store log files?
Quick Answer: 230 Detailed Answer: 246 |
||||||||||||
| 6. |
An organization requires the implementation of an enterprise application logging strategy. Which of the following would be a critical analysis consideration when choosing a solution?
Quick Answer: 230 Detailed Answer: 246 |
||||||||||||
| 7. |
An organization chooses to implement a manual application logging strategy and desires to use a format that can readily be parsed. Which of the following formats will meet the organizational requirements?
Quick Answer: 230 Detailed Answer: 246 |
||||||||||||
| 8. |
Application logging standards should be implemented for the types of events the organization logs based on which of the following? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 246 |
||||||||||||
| 9. |
Which of the following is pertinent in addition to reading the log files?
Quick Answer: 230 Detailed Answer: 246 |
||||||||||||
| 10. |
Internet Information Services (IIS) logs can be used for which of the following purposes? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 246 |
||||||||||||
| 11. |
Which of the following most accurately describes best practice for using Microsoft DNS logging?
Quick Answer: 230 Detailed Answer: 246 |
||||||||||||
| 12. |
Which of the following would be the first place an administrator would look when troubleshooting Microsoft DNS-related issues?
Quick Answer: 230 Detailed Answer: 246 |
||||||||||||
| 13. |
Which of the following would be the first place an administrator would look when troubleshooting UNIX- or Linux-based systems?
Quick Answer: 230 Detailed Answer: 247 |
||||||||||||
| 14. |
Which of the following would be considered best practices for system logging? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 247 |
||||||||||||
| 15. |
Which of the following would an administrator use to end applications that get hung up without having to reboot the machine?
Quick Answer: 230 Detailed Answer: 247 |
||||||||||||
| 16. |
Which of the following would provide information for troubleshooting remote-access policy issues?
Quick Answer: 230 Detailed Answer: 247 |
||||||||||||
| 17. |
Which of the following are events in the firewall log that require additional examination? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 247 |
||||||||||||
| 18. |
The organizational firewall log shows repeated traffic to port 53. This could be an indication of which of the following types of attacks? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 247 |
||||||||||||
| 19. |
Which of the following types of logging events are most commonly found in antivirus software? (Select all correct answers.)
Quick Answer: 230 Detailed Answer: 247 |
||||||||||||
| 20. |
An organization primarily contracts workers and is concerned about remote-access usage and remote authentication attempts. Which of the following would the organization implement to track this type of activity?
Quick Answer: 230 Detailed Answer: 247 |
Objective 4.7: Conduct periodic audits of system security settings.
| 1. |
Which of the following best describes auditing?
Quick Answer: 231 Detailed Answer: 248 |
||||||||||||
| 2. |
Which of the following are unintended consequences when auditing is not clear-cut or built around the organizational goals and policies? (Select all correct answers.)
Quick Answer: 231 Detailed Answer: 248 |
||||||||||||
| 3. |
A systems administrator is tasked with auditing user privileges. Which of the following steps must be taken? (Select two correct answers.)
Quick Answer: 231 Detailed Answer: 248 |
||||||||||||
| 4. |
An organization has primarily contract workers and is concerned about unauthorized and unintentional access on these accounts. Which of the following would the organization audit to track this type of activity?
Quick Answer: 231 Detailed Answer: 248 |
||||||||||||
| 5. |
Which of the following are user rights used by processes? (Select all correct answers.)
Quick Answer: 231 Detailed Answer: 248 |
||||||||||||
| 6. |
Which of the following is true about the auditing of failed logon events and successful login events?
Quick Answer: 231 Detailed Answer: 248 |
||||||||||||
| 7. |
Which of the following best describes the activity that involves collecting information used for monitoring and reviewing purposes?
Quick Answer: 231 Detailed Answer: 248 |
||||||||||||
| 8. |
Which of the following best describes the unintended consequence of turning on all auditing counters for all objects?
Quick Answer: 231 Detailed Answer: 248 |
||||||||||||
| 9. |
Which of the following would an organization include in its retention and disposal policies? (Select all correct answers.)
Quick Answer: 231 Detailed Answer: 249 |
||||||||||||
| 10. |
Which of the following most accurately describes the maintenance of data-retention and storage polices?
Quick Answer: 231 Detailed Answer: 249 |
||||||||||||
| 11. |
An organization does not have a data-retention policy in place when it becomes involved in a lawsuit. Many of the employees have kept emails for a period of up to ten years. As a general rule, which of the following is true about the discovery of these emails?
Quick Answer: 231 Detailed Answer: 249 |
||||||||||||
| 12. |
Which of the following are pertinent for an organization to review before formulating data-retention policy? (Select all correct answers.)
Quick Answer: 231 Detailed Answer: 249 |
||||||||||||
| 13. |
Which of the following best describes how settings will actually be applied to an object in a group policy?
Quick Answer: 231 Detailed Answer: 249 |
||||||||||||
| 14. |
An administrator is attempting to resolve some issue with multiple group policies on several computers. Which of the following tools would be used to script GPO troubleshooting of multiple computers?
Quick Answer: 231 Detailed Answer: 249 |
||||||||||||
| 15. |
Which of the following tools is used to review the effects of Group Policy settings on a particular computer?
Quick Answer: 231 Detailed Answer: 249 |
||||||||||||
| 16. |
An organization is concerned with knowing about any unusual activity that would indicate modification to the local security authority (LSA). Which of the following event categories should be audited?
Quick Answer: 231 Detailed Answer: 250 |
||||||||||||
| 17. |
An organization is concerned with unusual activity indicating that an intruder is attempting to gain access to the network. Which of the following event categories should be audited?
Quick Answer: 231 Detailed Answer: 250 |
||||||||||||
| 18. |
An organization wants to verify changes that are made to user account and group properties. Which of the following event categories should be audited?
Quick Answer: 231 Detailed Answer: 250 |
||||||||||||
| 19. |
An organization wants a record of when each user logs on to or logs off from any computer. Which of the following event categories should be audited?
Quick Answer: 231 Detailed Answer: 250 |
||||||||||||
| 20. |
An organization wants to verify when users log on to or log off from the domain. Which of the following event categories should be audited?
Quick Answer: 231 Detailed Answer: 250 |