100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Security+ 200 Test Bank $17.53   Add to cart

Exam (elaborations)

Security+ 200 Test Bank

 2 views  0 purchase
  • Course
  • Institution

QUESTION 1 An employee in the finance department receives an email, which appears to come from the Chief Financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (Choos...

[Show more]

Preview 4 out of 32  pages

  • February 15, 2024
  • 32
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
Security+ 200 Test Bank
QUESTION 1
An employee in the finance department receives an email, which appears to come from the Chief
Financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor.
Which of the following BEST describes the principles of social engineering used? (Choose two.)

A. Familiarity
B. Scarcity
C. Urgency
D. Authority
E. Consensus

CD

QUESTION 2
A security administrator has replaced the firewall and notices a number of dropped connections. After
looking at the data the security administrator sees the following information that was flagged as a
possible issue:



Which of the following can the security administrator determine from this?

A. An SQL injection attack is being attempted
B. Legitimate connections are being dropped
C. A network scan is being done on the system
D. An XSS attack is being attempted

A




QUESTION 3
A penetration testing team deploys a specifically crafted payload to a web server, which results in
opening a new session as the web server daemon. This session has full read/write access to the file
system and the admin console. Which of the following BEST describes the attack?

A. Domain hijacking

,B. Injection
C. Buffer overflow
D. Privilege escalation

D

QUESTION 4
A corporation is concerned that, if a mobile device is lost, any sensitive information on the device could
be accessed by third parties. Which of the following would BEST prevent this from happening?

A. Initiate remote wiping on lost mobile devices
B. Use FDE and require PINs on all mobile devices
C. Use geolocation to track lost devices
D. Require biometric logins on all mobile devices

A

QUESTION 5
Ann, a security analyst, wants to implement a secure exchange of email. Which of the following is the
BEST option for Ann to implement?

A. PGP
B. HTTPS
C. WPA
D. TLS

A

QUESTION 6
After a security assessment was performed on the enterprise network, it was discovered that:
Configuration changes have been made by users without the consent of IT.
Network congestion has increased due to the use of social media.
Users are accessing file folders and network shares that are beyond the scope of their need to know.
Which of the following BEST describe the vulnerabilities that exist in this environment? (Choose two.)
A. Poorly trained users
B. Misconfigured WAP settings
C. Undocumented assets
D. Improperly configured accounts
E. Vulnerable business processes

AD

QUESTION 7
A security administrator wants to determine if a company's web servers have the latest operating

,system and application patches installed. Which of the following types of vulnerability scans should be
conducted?

A. Non-credentialed
B. Passive
C. Port
D. Credentialed
E. Red team
F. Active

D

QUESTION 8
During a recent audit, several undocumented and unpatched devices were discovered on the internal
network. Which of the following can be done to prevent similar occurrences?

A. Run weekly vulnerability scans and remediate any missing patches on all company devices
B. Implement rogue system detection and configure automated alerts for new devices
C. Install DLP controls and prevent the use of USB drives on devices
D. Configure the WAPs to use NAC and refuse connections that do not pass the health check

A

QUESTION 9
A company needs to implement a system that only lets a visitor use the company's network
infrastructure if the visitor accepts the AUP. Which of the following should the company use?

A. WiFi-protected setup
B. Password authentication protocol
C. Captive portal
D. RADIUS

C

QUESTION 10
An analyst is currently looking at the following output:




Which of the following security issues has been discovered based on the output?

A. Insider threat
B. License compliance violation

, C. Unauthorized software
D. Misconfigured admin permissions

B




QUESTION 11
A company has purchased a new SaaS application and is in the process of configuring it to meet the
company's needs. The director of security has requested that the SaaS application be integrated into the
company's IAM processes. Which of the following configurations should the security administrator set
up in order to complete this request?

A. LDAP
B. RADIUS
C. SAML
D. NTLM

C

QUESTION 12
An organization wants to implement a method to correct risks at the system/application layer. Which of
the following is the BEST method to accomplish this goal?

A. IDS/IPS
B. IP tunneling
C. Web application firewall
D. Patch management

C

QUESTION 13
A company recently updated its website to increase sales. The new website uses PHP forms for leads
and provides a directory with sales staff and their phone numbers. A systems administrator is concerned
with the new website and provides the following log to support the concern:

Which of the following is the systems administrator MOST likely to suggest to the Chief Information
Security Officer (CISO) based on the above?

A. Changing the account standard naming convention

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller jessyqueen. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $17.53. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

77254 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$17.53
  • (0)
  Add to cart