RC0-501無料問題集「CompTIA Security+ Recertification」

質問 1

A company hired a third-party firm to conduct as assessment of vulnerabilities exposed to the Internet. The firm informs the company that an exploit exists for an FTP server that has a version installed from eight years ago. The company has decided to keep the system online anyway, as no upgrade exists from the vendor. Which of the following BEST describes the reason why the vulnerability exists?

（A）Default configuration

（B）Zero-day threats

（C）End-of-life

（D）Weak cipher suite

正解：C 解答を投票する

質問 2

An auditor wants to test the security posture of an organization by running a tool that will display the following:

Which of the following commands should be used?

（A）ipconfig

（B）nbtstat

（C）nc

（D）arp

正解：B 解答を投票する

質問 3

The compute resource center issued smartphones to all first-level and above managers.
The managers have the ability to install mobile tools. Which of the following tools should be implemented to control the types of tools the managers install?

（A）Download manager

（B）Segmentation manager

（C）Application manager

（D）Content manager

正解：C 解答を投票する

質問 4

Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the OS?

（A）Pivoting

（B）Privilege escalation

（C）Process affinity

（D）Buffer overflow

正解：B 解答を投票する

質問 5

A security analyst wants to harden the company's VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring?

（A）Place the phones and PBX in their own VLAN.

（B）Implement SRTP between the phones and the PBX.

（C）Restrict the phone connections to the PBX.

（D）Require SIPS on connections to the PBX.

正解：D 解答を投票する

質問 6

A system administrator is reviewing the following information from a compromised server.

Given the above information, which of the following processes was MOST likely exploited via remote buffer overflow attack?

（A）MySQL

（B）Apache

（C）TFTP

（D）LSASS

正解：C 解答を投票する

質問 7

Which of the following would meet the requirements for multifactor authentication?

（A）Fingerprint and password

（B）Voice recognition and retina scan

（C）Smart card and hardware token

（D）Username, PIN, and employee ID number

正解：A 解答を投票する

質問 8

A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords. The security administrator has elected to use SAML to support authentication. In this scenario, which of the following will occur when users try to authenticate to the portal? (Select two.)

（A）The portal will request an authentication ticket from each network that is transitively trusted.

（B）The portal will function as an identity provider and issue an authentication assertion.

（C）The back-end networks will function as an identity provider and issue an authentication assertion.

（D）The portal will function as a service provider and request an authentication assertion.

（E）The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store.

（F）The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.

正解：B、D 解答を投票する

質問 9

A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred?

（A）The hacker used a pass-the-hash attack.

（B）The hacker exploited weak switch configuration.

（C）The hacker-exploited importer key management.

（D）The hacker used a race condition.

正解：B 解答を投票する

質問 10

DRAG DROP
You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan-Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simul- ation, please select the Done button to submit.

正解：

Explanation:

Cable locks - Adding a cable lock between a laptop and a desk prevents someone from picking it up and walking away Proximity badge + reader Safe is a hardware/physical security measure
Mantrap can be used to control access to sensitive areas.
CCTV can be used as video surveillance.
Biometric reader can be used to control and prevent unauthorized access.
Locking cabinets can be used to protect backup media, documentation and other physical artefacts.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 369

RC0-501 無料問題集「CompTIA Security+ Recertification」

弊社を連絡する

関連リンク

トップ試験