CompTIA CompTIA Security+ SY0-501 Questions & Answers

• Question 1411:

  For each of the given items, select the appropriate authentication category from the drop down choices.

  

  Select the appropriate authentication type for the following items:

  Hot Area:

  

  Correct Answer:

  

  Biometrics refers to a collection of physical attributes of the human body that can be used as identification or an authentication factor. Fingerprints and retinas are physical attributes of the human body.

  Two types of tokens exist, Time-based one-time password (TOTP) tokens and HMACbased one-time password (HOTP). TOTP tokens generate passwords at fixed time intervals, whereas HOTP tokens generate passwords not based on fixed

  time intervals but instead based on a non-repeating one-way function, such as a hash or HMAC operation.

  Smart cards can have Multi-factor and proximity authentication embedded into it.

  PAP allows for two entities to share a password in advance and use the password as the basis of authentication. The same goes for PIN numbers.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 282, 285

  http://en.wikipedia.org/wiki/Password_authentication_protocol#Working_cycle

  http://en.wikipedia.org/wiki/Smart_card#Security

• Question 1412:

  SIMULATION

  You have just received some room and WiFi access control recommendations from a security consulting company. Click on each building to bring up available security controls. Please implement the following requirements:

  The Chief Executive Officer's (CEO) office had multiple redundant security measures installed on the door to the office. Remove unnecessary redundancies to deploy three-factor authentication, while retaining the expensive iris render.

  The Public Cafe has wireless available to customers. You need to secure the WAP with WPA and place a passphrase on the customer receipts.

  In the Data Center you need to include authentication from the "something you know" category and take advantage of the existing smartcard reader on the door.

  In the Help Desk Office, you need to require single factor authentication through the use of physical tokens given to guests by the receptionist.

  The PII Office has redundant security measures in place. You need to eliminate the redundancy while maintaining three-factor authentication and retaining the more expensive controls.

  

  Instructions: The original security controls for each office can be reset at any time by selecting the Reset button. Once you have met the above requirements for each office, select the Save button. When you have completed the entire simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

  

  Correct Answer:

  See the solution below.

  

• Question 1413:

  A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them.

  Select and Place:

  

  Correct Answer:

  

  When dealing with multiple issues, address them in order of volatility (OOV); always deal with the most volatile first. Volatility can be thought of as the amount of time that you have to collect certain data before a window of opportunity is gone.

  Naturally, in an investigation you want to collect everything, but some data will exist longer than others, and you cannot possibly collect all of it once. As an example, the OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and

  printouts.

  Order of volatility: Capture system images as a snapshot of what exists, look at network traffic and logs, capture any relevant video/screenshots/hashes, record time offset on the systems, talk to witnesses, and track total man-hours and

  expenses associated with the investigation.

• Question 1414:

  DRAG DROP

  An attack has occurred against a company.

  INSTRUCTIONS

  You have been tasked to do the following:

  Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output. (Answer Area 1)

  Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server. (Answer area 2) All objects will be used, but not all placeholders may be

  filled. Objects may only be used once. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  Select and Place:

  

  Correct Answer:

  

• Question 1415:

  HOTSPOT

  A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

  INSTRUCTIONS

  Please click on the below items on the network diagram and configure them accordingly:

  1.

  WAP

  2.

  DHCP Server

  3.

  AAA Server

  4.

  Wireless Controller

  5.

  LDAP Server

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  Hot Area:

  

  Correct Answer:

  

  Wireless Access Point:

  1.

  Network Mode - G only

  2.

  Wireless Channel - 11

  3.

  Wireless SSID Broadcast - disable

  4.

  Security settings - WPA2 Personal

• Question 1416:

  DRAG DROP

  A security auditor is reviewing the following output from file integrity monitoring software installed on a very busy server at a large service provider. The server has not been updates since it was installed. Drag and drop the log entry that identifies the first instance of server compromise.

  Hot Area:

  

  Correct Answer:

  

  

• Question 1417:

  DRAG DROP

  A security administrator has been tasked with implementing controls that meet management goals. Drag and drop the appropriate control used to accomplish the account management goal. Options may be used once or not at all.

  Select and Place:

  

  Correct Answer:

  

• Question 1418:

  HOTSPOT

  Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

  INSTRUCTIONS

  Not all attacks and remediation actions will be used. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Select and Place:

  

  Correct Answer:

  

  

• Question 1419:

  DRAG DROP

  A security engineer is setting up passwordless authentication for the first time.

  INSTRUCTIONS

  Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Select and Place:

  

  Correct Answer:

  

• Question 1420:

  SIMULATION

  A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

  

  INSTRUCTIONS

  Click on each firewall to do the following:

  1.

  Deny cleartext web traffic

  2.

  Ensure secure management protocols are used.

  3.

  Resolve issues at the DR site.

  The ruleset order cannot be modified due to outside constraints. Hat any time you would like to bring back the initial state of the simulation, please dick the Reset All button.

  

  Correct Answer:

  Check the answer in below In Firewall 1, HTTP inbound Action should be DENY. As shown below

  

  In Firewall 2, Management Service should be DNS, As shown below.

  

  In Firewall 3, HTTP Inbound Action should be DENY, as shown below