Free CompTIA Security+ Practice Chapter 5

Ref: CompTIA Security Plus Get Certified Get Ahead SY0-701 Study Guide

CompTIA Security+ (SY0-701) – Chapter 5

1 / 171

Which of the following is a key function of a next-generation Secure Web Gateway (SWG)?

A. Provides cloud access security brokerage

B. Helps in network routing and optimization

C. Functions as a stateful firewall

D. Filters URLs and scans for malware

2 / 171

What kind of memory does the Arduino microcontroller board contain?

A. Volatile flash memory

B. Random-access memory (RAM) and read-only memory (ROM)

C. FPGA circuit

D. External processor memory

3 / 171

What is Bluetooth commonly used with in the context of mobile devices?

A. Personal Area Networks

B. Cellular Networks

C. Near Field Communication Networks

D. Radio Frequency Identification Networks

4 / 171

Which of the following describes a technique used by organizations to create a virtual geographic boundary using mobile device’s GPS capabilities?

A. Geolocation

B. Geofencing

C. GPS tagging

D. Context-aware authentication

5 / 171

Which of the following is not a common constraint of an embedded system?

A. Limited computing ability

B. Use of all cryptographic protocols

C. Limited power supply

D. Limited network configuration options

6 / 171

What is a potential benefit of hardening a system?

A. It can help make an operating system or application more secure from its default installation.

B. It enables additional services, protocols and applications.

C. It allows the system to be more susceptible to attack.

D. It guarantees the system is completely safe from any external threat.

7 / 171

What is a Trusted Platform Module (TPM)?

A. A software program that supports the secure boot process and remote attestation

B. A hardware chip on the computer’s motherboard that stores cryptographic keys used for encryption

C. An application within the operating system used to detect tampering

D. A unique RSA asymmetric key that provides a hardware root of trust

8 / 171

Which connection method is typically used by smartphones and tablets to connect to a high-speed digital transfer service that is provided by a cellular network?

A. Wi-Fi

B. Bluetooth

C. Cellular

D. Infrared

9 / 171

What does a customer have to do with a server provided via Infrastructure as a Service (IaaS)?

A. Perform hardware maintenance

B. Pay for the physical server’s cost

C. Configure the operating system based on their needs

D. House the data center

10 / 171

What is the primary difference between the traditional Corporate-owned model and the Corporate-owned, personally enabled (COPE) model?

A. In COPE, employees purchase and own the devices

B. In COPE, the organization does not permit personal use of devices

C. In COPE, employees can use organization-owned devices for personal activities

D. In COPE, there is no monitoring or management of devices

11 / 171

What are two benefits of deploying systems using a master image?

A. Reduces overall deployment costs and increases reliability

B. Improves system speed and increases storage capacity

C. Allows systems to operate independently without restrictions

D. Increases system complexity to strengthen system security

12 / 171

What is a System on a Chip (SoC) in the context of CompTIA Security+?

A. A device used for home automation

B. An integrated circuit that includes all the functionality of a computing system within the hardware

C. A device with specialized functionalities necessary for installing VoIP networks

D. A tool for implanting microchips in pets

13 / 171

What is a common use of an Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) in the manufacturing and industrial sector?

A. Monitoring the humidity in the facility

B. Monitoring the power generation within the plant

C. Monitoring every processing stage and reporting anomalies in real time

D. Monitoring processes within shipping facilities

14 / 171

Which of the following defines the ’Enforcing mode’ in the context of Security-Enhanced Linux (SELinux) used by the security-enhanced Android (SEAndroid) security model?

A. It is a mode where SELinux policy is not enforced but all activities are logged.

B. It is a mode where only certain components of SELinux policy are enforced.

C. It is a mode where the SELinux policy is enforced and all activities denied by policy are blocked and logged.

D. It is a mode used for testing the SELinux policies without enforcing them.

15 / 171

Which of the following describes the limitations of 5G communication method for embedded systems and IoT devices?

A. It requires a unique serial number for every device

B. It has a high data consumption

C. It has a limited range and can be blocked by physical barriers

D. It has low data rate

16 / 171

What is meant by ’High availability and high availability across zones’ in terms of cloud security controls?

A. It ensures all zones of the cloud provider are accessible at all times

B. It refers to a system or service that remains operational with negligible downtime

C. It is a policy to ensure that customers do not create more resources than their plan allows

D. It is related to passwords and encryption keys management

17 / 171

What type of wireless protocol do most mobile devices use to support the use of a Bluetooth headset for hands-free use?

A. Wi-Fi

B. NFC

C. Bluetooth

D. RFID

18 / 171

What are the primary issues associated with VM sprawl?

A. Unauthorized VMs consuming system resources and leaving VMs unpatched

B. VMs running outdated versions of Microsoft Windows Server

C. VMs running unauthorized software applications

D. VMs not having a suitable change management process

19 / 171

What actions does a data loss prevention (DLP) system perform in an organization?

A. Blocking the use of USB flash drives and controlling the use of removable media

B. Examining outgoing data and detecting all types of unauthorized data transfers

C. Searching for specific words or phrases in data traffic and taking action when it detects them

D. All of the above

20 / 171

What is the primary purpose of taking a snapshot of a virtual machine?

A. To test security controls without risks

B. To revert the VM to a known good state in case of problem

C. To operate multiple virtual servers on a single physical server

D. To protect from VM escape attacks

21 / 171

How does an organization typically protect the confidentiality of its data?

A. By using secure coding techniques

B. Through encryption and strong access controls

C. By writing clear policies

D. By frequently changing passwords

22 / 171

What does the term ’Narrow-band’ generally refer to in the context of communication methods for embedded systems and IoT devices?

A. A signal with a very narrow frequency range

B. A communication protocol designed for smaller networks

C. Mobile devices using SIM cards to connect with cellular providers

D. A wireless technology with high data transfer speed, but limited range

23 / 171

What is the risk associated with the use of third-party app stores?

A. They are more secure than Apple and Google’s app stores

B. Apps from third-party app stores undergo the same scrutiny as those on Google Play or Apple’s App Store.

C. Apps from third-party app stores do not undergo the same level of scrutiny and thus represent a higher risk

D. Third-party app stores are officially recommended by Apple and Google

24 / 171

What is the difference between the function of FPGA and Arduino in terms of configurability?

A. FPGA can change its function with the memory chip while Arduino requires a new firmware upgrade

B. Arduino configuration can be rewritten while FPGA can’t

C. Arduino uses a CPU while FPGA uses a field programmable gate array

D. FPGA can perform simple repetitive tasks while Arduino can’t

25 / 171

Which of the following does not accurately describe a constraint faced by embedded systems?

A. Embedded systems often have limited computing ability

B. All embedded systems have their own power supply

C. Embedded systems may have weak default security settings

D. Patching embedded systems may not always be possible

26 / 171

What is the purpose of content management in mobile device management (MDM)?

A. To isolate and encrypt the application and its data.

B. To restrict what applications can run on the device.

C. To ensure that all content from an organization source is stored in an encrypted segment.

D. To authenticate the user of the device based on multiple elements.

27 / 171

What does the term ’jailbreaking’ refer to?

A. Downloading apps from third-party app stores

B. Giving users root-level access to an Android device

C. Removing all software restrictions from an Apple device

D. Installing software on an Android device from a source other than an authorized store

28 / 171

What is the process of ’Remediation’ in the context of secure baselines?

A. Correcting detected baseline deviation manually by administrators.

B. Initial baseline configuration using various tools.

C. Automated tools monitoring the systems for baseline changes.

D. Automatically isolating or quarantining systems that deviate from the baseline.

29 / 171

What are the primary goals of configuration management practices in an organization?

A. To aid in the deployment of systems with secure configurations

B. To identify standard configurations using standard naming conventions

C. To modify configurations through decision-making processes

D. All of the above

30 / 171

Which of the following best describes the risks associated with using Short Message Service (SMS) and Multimedia Messag Service (MMS)?

A. Both services can lead to remote code execution privileges

B. SMS can send media and is prone to attacks

C. Both services send text in plaintext, potentially exposing the information to interception

D. MMS does not have encryption capabilities

31 / 171

What is the characteristic of Zigbee as a communication protocol?

A. Zigbee is specifically designed for large-scale networks.

B. Zigbee has a high data rate and high power consumption.

C. Zigbee is used for smaller networks and supports strong security, including data encryption.

D. Zigbee doesn’t support any form of security.

32 / 171

Which among the following embedded systems does not use an operating system, but uses firmware for functionality?

A. Field Programmable Gate Array (FPGA)

B. Wireless Multifunction Printer (MFP)

C. Arduino

D. Raspberry Pi

33 / 171

What is the role of transport level security in an API?

A. It authenticates the users of the API

B. It authorizes different levels of access to the API

C. It encrypts traffic transferred over the Internet

D. It tests the API for any potential vulnerabilities

34 / 171

Which of the following is NOT a way in which IoT (Internet of Things) technology is commonly used?

A. Remote monitoring of vaccine temperatures

B. Tracking maintenance on aircraft

C. Integrating systems in automobiles

D. Tracking international postal packages

35 / 171

What does patch management mainly include?

A. Writing and testing new lines of code

B. Finding exploits and vulnerabilities before they are being exploited

C. Identifying, downloading, testing, deploying, and verifying patches.

D. Making all software completely secure and bug-free

36 / 171

Which of the following statements best describes Rich Communication Services (RCS)?

A. RCS is a newer protocol that, unlike MMS or SMS, cannot transmit any multimedia.

B. RCS is a protocol that can offer encrypted text messaging.

C. RCS, when network does not support it, will not default to MMS or SMS.

D. RCS is a newer communication protocol designed to replace SMS, which can also transmit multimedia and default to MMS or SMS when the network doesn’t support RCS.

37 / 171

What can MDM tools do to control applications on mobile devices?

A. They can create a list of allowed applications

B. They can install new applications without user consent

C. They can delete any installed application

D. They can automatically update applications

38 / 171

What is the function of security groups within cloud-based resources according to CompTIA?

A. They are used to connect VPCs to an on-premises network

B. They maintain the confidentiality of data through keys and passwords

C. They assign permissions to a group and add users to the account

D. They dynamically allocate additional resources when needed

39 / 171

Which communication method is typically used when transferring data over a cable rather than over the air?

A. 5G

B. Narrow-band

C. Baseband radio

D. Zigbee

40 / 171

Which of the following explains a key security challenge specific to embedded systems?

A. Embedded systems vendors aggressively identify vulnerabilities and fix them

B. Regular users often check and apply patches to their embedded systems

C. Embedded systems are always deployed with custom configurations

D. The maintenance of embedded systems in terms of security fixes is often overlooked

41 / 171

What are two important benefits of using master images for baseline configurations?

A. Increased TCO and complicated troubleshooting

B. Reduced costs and secure starting point

C. Increased deployment time and complex configurations

D. High maintenance cost and diverse system environments

42 / 171

What is the purpose of Endpoint Detection and Response (EDR) tools in Endpoint Security?

A. They monitor traffic on the network and attempt to block malicious traffic.

B. They perform a deep investigation of all activity on endpoints.

C. They solely incorporate host-based intrusion detection systems (HIDSs).

D. They standardize the capabilities that all EDR platforms include.

43 / 171

Which of the following statements regarding SEAndroid security model is NOT correct?

A. SEAndroid uses SELinux to enforce access security.

B. SELinux supports two modes: Enforcing mode and Permissive mode.

C. When enabled, SELinux operates using a default allowance principle.

D. SEAndroid is primarily used on Android devices.

44 / 171

What does the ’remote wipe’ feature in Mobile Device Management (MDM) do?

A. It isolates and protects an organization’s data on a mobile device

B. It sends a remote signal to delete all data on a lost or stolen mobile device

C. It enables GPS features to locate a lost or stolen device

D. It creates a virtual fence or geographic boundary using geofencing technologies

45 / 171

What are some common uses of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems in the context of Energy?

A. Power generation and oil and gas processing

B. Creating a Virtual Local Area Network (VLAN)

C. Manufacturing products

D. Water treatment procedures

46 / 171

What is the primary use of NFC (near field communication) in mobile devices?

A. Remotely control televisions and other audiovisual equipment

B. Offer an ad hoc network for laptops

C. Act as a payment gateway at retail portals

D. Provide connections to cellular networks

47 / 171

What is the main purpose of a hypervisor in a virtualized system?

A. It refers to the ability to dynamically change resources assigned to the VM based on the load

B. It is the software that creates, runs, and manages the VMs

C. It refers to the ability to resize the computing capacity of the VM

D. It is the physical system hosting the VMs

48 / 171

What is a VM escape attack?

A. An attack that locks the virtual system.

B. An attack that allows an attacker to access the host system from within the virtual system.

C. An attack that crashes the hypervisor.

D. An attack that corrupts the virtual system’s data.

49 / 171

What is the purpose of storage segmentation in mobile device management?

A. To ensure that all content retrieved from an organization source is stored in an encrypted segment.

B. To locate a lost device using GPS.

C. To create a virtual fence or geographic boundary.

D. To protect a device by erasing all data if an incorrect passcode is entered multiple times.

50 / 171

What types of resources can access virtual desktop infrastructures (VDIs)?

A. Only traditional computers with keyboards, mice, and screens

B. Only thin clients located on-site

C. Both traditional computers and mobile devices

D. Only users with VPN access

51 / 171

What distinguishes the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM) from SP-800-53 Revision 5?

A. The CCM is a member-based organization while SP-800-53 is not.

B. The CCM focuses on security controls for all computing systems, while SP-800-53 focuses on cloud-based resources.

C. The CCM focuses on security controls related to cloud-based resources while SP-800-53 is for all computing systems.

D. The CCM does not include security control objectives unlike SP-800-53.

52 / 171

Which of the following is NOT true about Software as a Service (SaaS)?

A. SaaS includes any software or application provided to users over a network such as the Internet.

B. Web-based email is not an example of SaaS.

C. It usually doesn’t matter which web browser or operating system a SaaS customer uses.

D. Google Docs is an example of SaaS.

53 / 171

What is a point-to-multipoint connection?

A. A connection between two smartphones

B. A wireless connection via an AP

C. A connection creating an ad hoc network

D. A restriction on payment methods on COPE devices

54 / 171

What does encryption aid in when referring to Cloud Service Providers (CSPs)?

A. It assists in the replication of data.

B. It protects the confidentiality of data.

C. It manages the distribution of resources.

D. It aids in the segmentation of networks.

55 / 171

Which of the following is not considered a constraint of embedded systems based on the provided text?

A. Limited computing ability

B. Inability to apply cryptographic protocols

C. Ability to provide own power supply

D. Lack of ability to patch system

56 / 171

What can a cloud-based DLP policy be configured to do after detecting sensitive information?

A. Delete all the data in the cloud immediately

B. Change the passwords of all users

C. Send an alert to a security administrator, block attempts to save the data, and quarantine the data

D. Make the data publicly accessible for audit

57 / 171

What is the function of containerization in mobile device management?

A. It create a virtual fence or geographic boundary

B. It stores geographical data to files such as pictures

C. It runs an organization’s application in a container to isolate and protect the application and its data

D. It sends messages to mobile devices from apps

58 / 171

What is one of the primary risks associated with Multimedia Messaging Service (MMS) as stated in the text?

A. It does not support encryption

B. It allows users to send multimedia, which can increase data costs

C. It can be used to gain remote code execution privileges on a user’s phone

D. It is not supported by all mobile devices

59 / 171

What is a primary benefit of utilizing an off-premises cloud service provider (CSP) solution?

A. The organization knows exactly where data is stored

B. Cloud-based resources require more organization-side maintenance

C. Cloud provider becomes a trusted-party source pulling the service

D. CSP performs the maintenance and ensures the hardware is operational

60 / 171

What is the primary difference between a non-Opal-compliant SED and an Opal-compliant SED?

A. An Opal-compliant SED requires user intervention for encryption and decryption

B. A non-Opal-compliant SED includes encryption circuitry

C. An Opal-compliant SED requires user authentication to unlock the drive

D. A non-Opal-compliant SED can be installed in another system without access to data

61 / 171

In the context of mobile device management, what does ’context-aware authentication’ entail?

A. It only uses the user’s identity to authenticate a mobile device

B. It uses geolocation, time of day, type of device and verifies that the device is within a geofence to authenticate a user and a mobile device.

C. It uses the user’s fingerprint to authenticate the mobile device

D. It uses the user’s password to authenticate the mobile device

62 / 171

What is the function of the Permissive mode in the Security-Enhanced Linux (SELinux) policy?

A. It enforces the SELinux policy and logs all activity

B. It logs all activity that the policy would block without enforcing the policy

C. It allows all activities by default

D. It prevents the logging of any activities

63 / 171

What does it mean when a system or service is said to have high availability?

A. It indicates that the service often crashes.

B. It refers to a system or service that remains operational with almost zero downtime.

C. It refers to a service that is available for free.

D. It indicates a service that has a low latency.

64 / 171

According to the section ’Firewall Considerations’, which one is NOT a characteristic of cloud-based firewalls?

A. They operate on all seven layers of the OSI model

B. They can filter traffic on the application layer

C. They often are used in pairs to create a screened subnet

D. They are always free of charge

65 / 171

What is the potential security threat associated with GPS tagging?

A. It allows the administrator to keep track of every device.

B. It can detect when a device is within an organization’s property.

C. It provides a complete sanitization of the device by removing all valuable data.

D. The geographical information added to files, like pictures, can be exploited.

66 / 171

What is a characteristic of a non-persistent virtual desktop?

A. Each user can customize their own desktop image

B. Increases the amount of disk space required on the server

C. Allows changes to be made that revert back to the original snapshot when user log off

D. Saves any changes to the operating system on a USB drive

67 / 171

What are some methods to protect the confidentiality of data within a database?

A. Only encryption at database level

B. Strong access controls and database column encryption

C. Tokenization and storing passwords as plain texts

D. Network-level encryption only

68 / 171

Which of the following is a method to distribute updated version of firmware on Android devices?

A. Sideloading

B. Rooting

C. Over-the-air (OTA) updates

D. Jailbreaking

69 / 171

What differentiates an application approved list from an application block list?

A. An application approved list lists unauthorised software and prevents users from installing or running software that isn’t on the list, while an application block list lists authorised software, and prevents users from installing or running software on the list.

B. An application approved list lists authorised software and prevents users from installing or running software that isn’t on the list, while an application block list lists unauthorised software, and prevents users from installing or running software on the list.

C. Both lists are the same, they prevent users from installing or running software that isn’t on the list.

D. An application approved list is a list of software that needs to be updated, while an application block list lists outdated software that cannot be used.

70 / 171

According to NIST SP 800-124, which of the following characteristics are NOT found in mobile devices?

A. Accelerometers

B. GPS Services

C. Wireless network interface

D. Lower functioning operating system

71 / 171

What does strong authentication methods in APIs prevent?

A. Developers accessing the API

B. Websites interacting with the API

C. Unauthorized entities from using the API

D. Data leakages onto the Internet

72 / 171

What is the primary difference between edge computing and fog computing based on the given text?

A. Fog computing uses the cloud to process data, whereas edge computing doesn’t.

B. Edge computing uses a network close to the device with multiple nodes, whereas fog computing stores and processes data on individual nodes.

C. Fog computing uses a network close to the device and may have multiple nodes processing data, whereas edge computing stores and processes data on single nodes or appliances.

D. Edge computing responds to data changes faster than fog computing.

73 / 171

Which of the following features of Mobile Device Management (MDM) can be useful if a mobile phone is lost or stolen?

A. Push notifications

B. Content management

C. GPS tagging

D. Remote wipe

74 / 171

What is the major advantage of UEFI over BIOS?

A. UEFI can only boot from smaller disks

B. UEFI is dependent on CPU

C. UEFI includes software that executes code on the computer

D. UEFI can boot from larger disks and it is CPU-independent

75 / 171

What distinguishes Raspberry Pi from Arduino in terms of its functionality?

A. Raspberry Pi is a microprocessor-based mini-computer that uses Raspberry Pi OS to run and can also control systems such as HVAC systems.

B. Raspberry Pi is a programmable integrated circuit that starts off without any configuration or program.

C. Raspberry Pi only monitors and displays the temperature.

D. Raspberry Pi doesn’t need an operating system to run but instead uses firmware.

76 / 171

What is a field programmable gate array (FPGA) in the context of an embedded system?

A. A microprocessor-based mini-computer that controls HVAC systems

B. A microcontroller board without an operating system

C. A programmable integrated circuit installed on a circuit board

D. A dedicated wireless multifunction printer

77 / 171

What is the role of a hypervisor in a virtualization setup?

A. It is the physical system hosting the virtual machines.

B. It is the software that creates, runs, and manages the virtual machines.

C. It is the operating system running on the host system.

D. It refers to the ability to resize the computing capacity of the virtual machine.

78 / 171

Which communication method has a significantly lower range compared to 4G and can be blocked by physical barriers such as trees, walls, and glass?

A. Narrow-band

B. Baseband radio

C. 5G

D. Zigbee

79 / 171

What is the process of copying an application package in the Application Packet Kit (APK) format to the device and then activating it?

A. Jailbreaking

B. Rooting

C. Firmware updating

D. Sideloading

80 / 171

What is the purpose of a Virtual Private Cloud (VPC) endpoint within a virtual network?

A. To integrate security controls into cloud-based resources

B. To store and manage secrets like passwords and encryption keys

C. Used to connect Virtual Private Networks to an on-premises network

D. To allow users or services to connect and access other resources via the virtual network, reducing bandwidth needed to access resources directly

81 / 171

What does Infrastructure as code refer to?

A. Managing and provisioning data centers with code to define physical objects.

B. The process of creating virtual objects manually via the server.

C. Managing and provisioning data centers with code to define VMs and virtual networks.

D. The process of running a script to create physical objects.

82 / 171

What is the primary reason for an organization to potentially block the ability to switch carriers on a COPE device?

A. To limit the countries that the device can be used in

B. To prevent employees from switching to a more expensive plan

C. To reduce the risk of the device connecting to a untrusted network

D. To ensure that employees cannot use their personal SIM cards in the device

83 / 171

What is the main benefit of using cloud computing for heavily utilized systems and networks?

A. It is cheaper than traditional methods

B. It can handle increased loads

C. It provides faster network connections

D. It offers more storage space

84 / 171

What does full device encryption provide in terms of mobile device security?

A. It only protects the applications running on the device

B. It only allows authorized users to access the device

C. It provides application security, data security, and device security

D. It solely ensures corporate-owned devices have encryption

85 / 171

What does ’Instance awareness’ refer to in the context of cloud-based resources?

A. The ability to identify who can access the data.

B. The concept of creating a copy of data and storing it in a different location.

C. The ability of the CSP to know and report how many instances of cloud-based resources an organization is renting.

D. The practice of running services or applications within containers.

86 / 171

What potential risk does Universal Serial Bus On-The-Go (USB OTG) cables pose to an organization’s information security?

A. They allow to connect any device to a mobile device, including potential malware-contaminated external media

B. They interfere with the operation of MDM tools

C. They cause the mobile device to malfunction

D. They prevent the use of important mobile device features like cameras and microphones

87 / 171

What is the role of a transit gateway in a cloud-based network?

A. It governs who has access to data

B. It replicates data across different locations

C. It connects VPCs to an on-premises network

D. It manages secrets, including passwords and encryption keys

88 / 171

What is the main difference between Wi-Fi Direct and a wireless ad hoc network?

A. Wi-Fi Direct requires a wireless access point or router

B. Devices in a Wi-Fi Direct network can share an Internet connection

C. Wi-Fi Direct uses single radio hop communication and cannot share an Internet connection

D. Wireless ad hoc network allows for single hop wireless communications

89 / 171

What is the term for the process of modifying an Android device to give full administrative access to a user?

A. Sidelading

B. Jailbreaking

C. Rooting

D. Firmware OTA updating

90 / 171

In the context of cloud security controls, what does segmentation refer to?

A. The process of creating copies of data and storing it in a different location

B. The organization of security controls in a way that keeps the system operational with almost zero downtime

C. The system that stores and manages crucial information such as passwords and encryption keys

D. The method by which cloud-based networks can segment computers or networks the same way local networks do with VLANs and subnets

91 / 171

What is a key difference between a hardware security module (HSM) and a TPM?

A. An HSM cannot generate RSA keys while a TPM can.

B. A TPM is a removable, external device while an HSM is embedded into the motherboard.

C. An HSM is a removable, external device while a TPM is embedded into the motherboard.

D. An HSM and a TPM are identical in terms of form and function.

92 / 171

What network security mechanism is typically used to block unwanted traffic from reaching a SCADA system or an ICS, that is connected to the corporate network?

A. Firewall

B. Network intrusion prevention system (NIPS)

C. Antivirus software

D. Secure Sockets Layer (SSL)

93 / 171

Which type of cloud deployment model is provided by third-party companies and is available to anyone willing to pay for the services?

A. Private cloud

B. Public cloud

C. Community cloud

D. Hybrid cloud

94 / 171

Why might designers skip authentication when designing embedded systems?

A. To reduce power consumption

B. Due to the extra requirements

C. To lower the cost

D. Because they believe most users trust that embedded systems are secure

95 / 171

What is the difference between public and private subnets in a cloud-based network?

A. Public subnets have private IP addresses and are accessible via the internet, whereas private subnets have public IP addresses and are not directly accessible via the internet.

B. Public subnets have public IP addresses and are not directly accessible via the internet, whereas private subnets have private IP addresses and are accessible via the internet.

C. Public subnets have public IP addresses and are accessible via the internet, whereas private subnets have private IP addresses and aren’t directly accessible via the internet.

D. There is no difference between public and private subnets.

96 / 171

What is the benefit of adding Software-defined visibility (SDV) to an organization’s network?

A. It allows traffic to bypass security devices.

B. It ensures that cloud-based resources are used.

C. It ensures all network traffic is viewable and can be analyzed.

D. It reduces the amount of network traffic.

97 / 171

What is the main concept of Platform as a Service (PaaS)?

A. Customers have to manage their own hardware and applications

B. Cloud providers only manage the hardware, customers have to maintain all applications and the operating system

C. Customers are offered a fully managed platform including hardware, operating systems, and limited applications

D. All software and hardware solutions are user-managed, the vendor only provides the physical server

98 / 171

What does the use of a USB data blocker in the context of a security policy generally serve to prevent?

A. Transfer of music files to personal devices

B. Unauthorized copy or print of confidential files

C. Providing additional storage space

D. Delivery of malware via removable media

99 / 171

What is the primary purpose of boot integrity processes implemented by many organizations?

A. To allow the user to interact with the system during the boot process.

B. To prevent the user from interacting with the system during the boot process.

C. To verify the integrity of the operating system and boot loading systems.

D. To ensure that the system boots regardless of integrity checks.

100 / 171

What distinguishes a microservices API from a web services-based API in terms of its business tie-in?

A. A microservices API is tied to a specific business

B. A web services-based API is not tied to any specific business

C. A microservices API isn’t tied to any specific business

D. Both are tied to specific businesses

101 / 171

What is one key difference between a Managed Security Service Provider (MSSP) and a Managed Service Provider (MSP)?

A. An MSP focuses only on providing security services, while an MSSP provides any IT services.

B. An MSSP is a third-party vendor that provides security services, whereas an MSP provides a wider range of IT services.

C. An MSSP and an MSP offer exactly the same services and there is no difference.

D. An MSP provides security services only for larger organizations, whereas an MSSP services smaller companies.

102 / 171

Why might an organization want to limit a mobile device’s ability to tether or use Wi-Fi Direct?

A. To allow employees to bypass content filters and security measures

B. To connect to other devices without a wireless access point

C. To enable single radio hop communication

D. To prevent bypassing of network controls and potential security risks

103 / 171

Why is using a master image beneficial for system deployments?

A. It allows for a secure starting point and reduced costs

B. It allows for quicker system failures

C. It allows for unsecure starting points but low costs

D. It allows for each system to have a unique configuration

104 / 171

Which of the following correctly describes a USB (Universal Serial Bus) in the context of mobile devices?

A. It is a near field communication technology used for making payments.

B. It is a wireless connection between two smartphones.

C. It is a cable-based connection method that allows mobile devices to connect to a desktop or laptop.

D. It is a point-to-point wireless connection technology.

105 / 171

What is a characteristic of Container Virtualization?

A. Each container hosts an entire operating system

B. The host’s operating system and kernel do not run the service or app within each of the containers

C. Services or applications in a container can interfere with those in other containers

D. Services or applications run within isolated containers or application cells

106 / 171

What is the purpose of a CSP integrating auditing methods into the cloud-based resources?

A. To help customers identify the effectiveness of security controls at protecting the confidentiality, integrity, and availability of cloud-based resources.

B. To enable customers to create more resources than their plan allows.

C. To manage passwords and encryption keys of the users.

D. To increase the bandwidth required to access resources directly.

107 / 171

Why is encrypting data considered a primary way to prevent the loss of confidentiality?

A. Because encrypted data is more difficult for an attacker to view than unencrypted data

B. Because it allows you to configure permissions within access control lists (ACLs)

C. Because encrypted data can be accessed easily with administrator privileges

D. Because encryption is effective only on data at rest

108 / 171

What is a point-to-point connection in mobile devices?

A. Connection between a smartphone and a cellular network.

B. Connection between a mobile device and a wireless network.

C. Connection between two smartphones using wireless technology.

D. Connection between a mobile device and a desktop PC via USB.

109 / 171

What is meant by ’hardware root of trust’ in the context of TPM?

A. It refers to the private key burned into the TPM for asymmetric encryption.

B. It refers to the ability of the TPM to provide full disk encryption.

C. It refers to the process of secure boot attestation.

D. It refers to the ability to use a smart card, password or PIN for authentication.

110 / 171

What are the main characteristics of an on-premises cloud solution according to the text?

A. The organization has no control over cloud-based resources

B. Authorization and authentication controls cannot be implemented

C. Maintenance is carried out by a third-party service

D. The organization retains full control over cloud resources, implements security measures, and takes responsibility for maintenance

111 / 171

What are the functions of a network-based Data Loss Prevention (DLP) system in preventing data exfiltration?

A. Monitor incoming data streams for malicious code

B. Scan outgoing data for sensitive information specified by an administrator

C. Block the use of USB devices to prevent data loss

D. All of the above

112 / 171

What is an embedded system as defined by the CompTIA Security+ objectives?

A. It is the computer network forces that control the operation of a device

B. It is a system that restricts access to a network

C. Any device that has a dedicated function and uses a computer system to perform that function

D. It is a network of interconnected devices, such as smartphones, computers and servers

113 / 171

What is likely to happen if the cost of an embedded system device is minimized by the manufacturer?

A. The device will have fewer vulnerabilities.

B. The device’s range will be greatly increased.

C. The device will have stronger computing ability.

D. The device may sacrifice security features.

114 / 171

What does ’Host Scalability’ refer to in the context of virtual machines?

A. The ability to dynamically change resources assigned to the VM based on the load.

B. The software that creates, runs and manages the VMs.

C. Operating systems running on the host system.

D. The ability to resize the computing capacity of the VM by assigning it more memory, processors, disk space, or network bandwidth.

115 / 171

What does the term ’On-premises’ refer to in relation to organization’s resources?

A. Resources owned and maintained by the organization’s employees remotely

B. Resources that are rented from a cloud service provider (CSP)

C. Resources that are owned, operated, and maintained within the organization’s properties

D. Resources that are hosted and maintained by a cloud service provider off-premises

116 / 171

What does dynamic resource allocation in cloud-based resources mean?

A. It refers to the ability of the CSP to know and report how many instances of cloud-based resources an organization is renting.

B. It refers to the CSP’s ability to dynamically allocate additional resources, such as more processors, more memory, or more disk space to a cloud-based resource when it’s needed and remove them when they are no longer required.

C. It refers to a virtual device within a virtual network through which users or services can connect and access other resources.

D. It refers to the process of creating a copy of data and storing it in a different location.

117 / 171

What does the term ’Guest’ refer to in the context of VMs and virtualization?

A. It refers to the physical system that hosts the VMs

B. It refers to the software that creates, runs, and manages the VMs

C. It refers to the ability to dynamically change resources assigned to the VM

D. It refers to the operating systems running on the host system

118 / 171

Which of the following methods is commonly used as a payment gateway allowing you to make payments simply by waving your phone in front of a reader at a retailer?

A. Point-to-point

B. Wi-Fi

C. NFC (near field communication)

D. USB (Universal Serial Bus)

119 / 171

What are the primary risks associated with text messaging services such as Short Message Service (SMS) and Multimedia Messaging Service (MMS)?

A. Unencrypted plaintext and potential for remote code execution attacks

B. Invasion of privacy and data leakage

C. High costs and slow transmission speeds

D. Limited capacity and lack of multimedia support

120 / 171

Why do embedded systems often have weak defaults?

A. Designers always prioritize cost over security.

B. Designers lack the knowledge to create strong defaults.

C. Security is often an afterthought in the design process.

D. Embedded systems cannot handle strong defaults due to limited processing power.

121 / 171

What is the purpose of using push notifications in Mobile Device Management (MDM)?

A. To replace antivirus software on the device

B. To locate a lost or stolen device using GPS

C. To send messages to mobile devices from apps regarding security settings or compliance with security policies

D. To prevent unapproved applications from being installed

122 / 171

What is a community cloud in terms of cloud deployment models?

A. A cloud service provided by third-party companies available to anyone

B. A cloud infrastructure set up for specific organizations

C. A cloud shared by communities with common concerns such as shared goals, security requirements, or compliance considerations

D. A combination of two or more clouds keeping separate identities

123 / 171

What is the function of a real-time operating system (RTOS) in the context of embedded systems?

A. It enables devices to connect to the internet

B. It regulates HVAC systems

C. It reacts to input within a specific time

D. It allows smartphones to interact with Voice over IP (VoIP) networks

124 / 171

What function does geofencing perform in the context of mobile device security?

A. It adds geographical information to files such as pictures when posting them to social media websites.

B. It sends messages to mobile devices from apps.

C. It creates a virtual fence or geographical boundary, which can restrict the usage of certain mobile apps or wireless networks to within the defined boundary.

D. It uses multiple elements to authenticate a user and a mobile device.

125 / 171

What are the consequences of implied trust in embedded systems?

A. The ability of the system to calculate is limited

B. These devices use power from the parent device

C. Many devices have vulnerabilities that are not known or widely reported

D. The devices often use weak default settings

126 / 171

Why is it often not possible to patch embedded systems?

A. Vendors always include methods to patch devices but don’t always write and release patches in a timely manner

B. Embedded systems are too expensive to patch

C. Users trust that embedded systems are secure and hence do not require patches

D. Vendors don’t always include methods to patch devices, and even if they do, they don’t always write and release patches in a timely manner

127 / 171

What does ’instance awareness’ in cloud security controls refer to?

A. The ability of the CSP to encrypt and protect data

B. The peculiarity of the CSP’s virtual networks

C. The ability of the CSP to know and report the number of instances of the cloud-based resources an organization is renting

D. The policy of the CSP concerning data replication

128 / 171

What type of wireless technology is Infrared and how is it used?

A. It is a sound-based wireless technology used for cellular networks.

B. It is a line-of-sight wireless technology used by mobile devices primarily for audovisual remote controls and file transfer.

C. It is a radio frequency wireless technology used for near field communication.

D. It is a wireless technology that uses electric fields for data transmission.

129 / 171

What is the purpose of using secure baselines as a part of an organization’s security strategy?

A. To automate the detection and correction of security issues

B. To improve the overall security posture of systems

C. To provide a way to monitor the systems for baseline changes

D. All of the above

130 / 171

What does ’Range’ constraint in embedded systems refer to?

A. The maximum distance the system can wirelessly connect to other devices

B. The number of users that can access the system

C. The cost of the embedded system

D. The scope of functionalities the system can perform

131 / 171

What does resource policies control in a cloud-based system?

A. They manage passwords and encryption keys

B. They ensure customers don’t create more resources than their plan allows

C. They deal with data replication process

D. They are concerned with the allocation of additional resources

132 / 171

What is the purpose of data replication in cloud data security as mentioned in the CompTIA Security+ SY0-701 syllabus?

A. To encrypt data for confidentiality

B. To create a copy of data and store it in a different location

C. To assign permissions to data

D. To create virtual networks

133 / 171

What is a hybrid cloud in the context of cloud deployment models?

A. A cloud service provided by a third-party company to anyone willing to pay.

B. A cloud service setup for a specific organization only.

C. A cloud service shared among communities with shared concerns.

D. A combination of two or more clouds (public, private, community, or a combination) that retain their separate identities, but are bridged together.

134 / 171

What does the term ’Anything as a Service’ (XaaS) refer to?

A. It refers to only those cloud services provided by SaaS, PaaS, and IaaS

B. It refers to all cloud-based services other than SaaS, PaaS, and IaaS including communications, databases, desktops, storage, security, etc.

C. It refers to a hardware self-managed platform

D. It refers to a physical infrastructure provided by a cloud service provider.

135 / 171

What are the limitations of mobile devices when it comes to the use of passwords or personal identification numbers (PINs) in the context of Mobile Device Management (MDM) systems?

A. Some mobile devices only support passwords, while others support both passwords and PINs.

B. All mobile devices support both PINs and passwords without any limitations.

C. Some mobile devices only support PINs, while others support either passwords or PINs.

D. All mobile devices only support PINs but don’t support passwords.

136 / 171

How is replication beneficial for a virtual machine?

A. It allows a physical server to be rebuilt in minutes.

B. It helps measure the amount of time taken to backup the VM.

C. It enables easy restoration of a failed virtual server.

D. It decreases the complexity of the VM files.

137 / 171

Which of the following is NOT true about Change Management Policy in IT?

A. Change management ensures that all system modifications and upgrades are processed systematically

B. Change management aims to reduce risks related to unintended outages and provide documentation for all changes

C. A attribute of change management is that administrators can make configuration changes immediately before submitting for review and approval

D. In a change management process, experts review change requests and can either approve or postpone them

138 / 171

What is the role of authorization in the context of APIs?

A. It is used to secure access to the API.

B. It is used for testing the API for security and usability.

C. It is used to encrypt the traffic transferred over the Internet.

D. It is used to identify potential API attacks.

139 / 171

What is the main challenge that organizations face when implementing a BYOD (bring your own device) policy?

A. Monitoring and managing a variety of devices

B. Purchasing a variety of devices for employees

C. Enabling employees to use devices for personal reasons

D. Creating a list of acceptable devices for employees to purchase

140 / 171

What is monitored by SCADA systems in water treatment facilities?

A. Operations of manufacturing plants

B. Shipping processes

C. The temperature and humidity

D. Oil and gas processing

141 / 171

What is the primary function of permissions in a cloud service provider’s system?

A. Permissions are used to allocate additional resources, such as more processors, memory, or disk space.

B. Permissions are used to identify who can access data in the system.

C. Permissions refer to passwords and encryption keys that users create.

D. Permissions are used to create and run a variety of solutions from single websites to full virtual networks.

142 / 171

What is the role of a Cloud Access Security Broker (CASB)?

A. It provides a method of hosting cloud-based resources.

B. It modifies internet traffic to reduce the risk of cyber attacks.

C. It monitors traffic and enforces security policies between an organization’s network and the cloud provider.

D. It helps in redirecting all internet traffic to the cloud-based solution.

143 / 171

What is an example of the harm that can be caused by faults in the Industrial Control Systems (ICS)?

A. Overpressurization in gas mains leading to explosions and fires.

B. Destruction of thousands of computing systems.

C. Electrical power outages across entire countries.

D. Disruption of internet services worldwide.

144 / 171

Which of the following are NOT common considerations developers should address to ensure APIs aren’t vulnerable to common exploits?

A. Authentication

B. Authorization

C. Data Transmission

D. External Advertising

145 / 171

Management within an organization might want to limit a mobile device’s connections to prevent certain security threats. What could be a potential threat if employees use tethering within the organization?

A. Employees may be able to access geo-restricted content

B. The company’s bandwidth may be used up quicker

C. Employees could bypass company firewalls and other security measures

D. The mobile device’s battery life may be drained quicker

146 / 171

Which cloud deployment model is only available for one specific organization?

A. Public Cloud

B. Private Cloud

C. Community Cloud

D. Hybrid Cloud

147 / 171

What does ’Host elasticity’ in terms of virtual machines (VM) mean?

A. It refers to the ability to resize the computing capacity of the VM by assigning it more memory, processors, disk space, or network bandwidth

B. It refers to the software that creates, runs, and manages the VMs

C. It refers to the ability to dynamically change resources assigned to the VM based on the load without requiring a reboot

D. It refers to operating systems running on the host system

148 / 171

What are the three steps in the use of secure baselines in organizations?

A. Initial baseline configuration, Regular monitoring for changes, Follow-up action for detected changes

B. Installation of secure systems, Continuous validation of security measures, Periodic resetting of the system

C. Creation of a secure network, Periodical scanning for vulnerabilities, Automatic adjustment of security configurations

D. Process initiation, Continuous implementation, Final assessment and validation

149 / 171

What is the function of RFID systems in mobile devices?

A. They establish a point-to-point connection between two devices

B. They can be used as a payment gateway

C. They transmit data over the air using RF signals

D. They connect to cellular networks for internet access

150 / 171

What does MDM tools do when the organization owns the device?

A. MDM tools monitor them for compliance

B. MDM tools block access to the network

C. MDM tools download and install all required applications

D. MDM tools work with NAC technologies

151 / 171

Which of the following deployment models for mobile devices allows employees to use their corporate-owned devices for personal activities?

A. Corporate-owned

B. COPE (corporate-owned, personally enabled)

C. BYOD (bring your own device)

D. CYOD (choose your own device)

152 / 171

What does ’secrets management’ refers to in the context of cloud security controls?

A. Process of managing and distributing encryption keys and passwords

B. Management of Cloud Service Provider’s (CSP) proprietary methods

C. Security procedure for managing user access to the cloud

D. System for managing the cloud resources an organization is renting

153 / 171

What are Subscriber identity module (SIM) cards typically used for in the context of embedded systems and IoT devices?

A. They are used to connect with a cellular provider via a unique serial number

B. They are used for creating a common communication channel like in walkie-talkies

C. They are used for communication in smaller networks, such as within homes

D. They are used for transferring data over cables rather than over the air

154 / 171

What does the term ’Rights Management’ primarily refer to?

A. The laws to protect against cybercriminal activities

B. The rights of criminals to distribute intellectual works

C. The use of technologies to provide copyright protection for copyrighted works

D. How criminal activities are managed

155 / 171

What does high availability across zones indicate in the context of cloud security controls?

A. The nodes are located in different cloud locations

B. The nodes are all hosted on a single server

C. The nodes are only placed in one geographic location

D. The nodes can be accessed only via the Internet

156 / 171

What is a constraint of power in embedded systems?

A. They do not have their own power supplies and instead use power from the parent device

B. They have their own power supplies

C. Power does not affect their computing capabilities

D. They use power from an external power supply

157 / 171

Which of the following represents a potential risk associated with hardware features on mobile devices, and how MDM tools can be tailored to mitigate such risks?

A. Users exchanging music files through Bluetooth, which can be controlled by limiting file sharing permissions.

B. Certain apps may contain malicious codes allowing attackers to remotely access the device’s hardware features, like camera and microphone, which can be controlled by disabling these features using MDM tools.

C. Mobile devices running out of power quickly due to unnecessary applications running in the background, which can be controlled by closely monitoring the battery usage.

D. Mobile devices are prone to physical damages, which can be mitigated by physical protection measures like phone covering cases.

158 / 171

What is a private cloud?

A. A cloud available to the general public

B. A cloud set up for specific organizations

C. A cloud shared by communities with shared concerns

D. A cloud that is a combination of two or more clouds

159 / 171

Which of the following limitations of embedded systems could potentially lead to security vulnerabilities?

A. Limited computational power

B. Dependence on the power supply of the parent device

C. Impossible to patch

D. All of the above

160 / 171

What is the main difference between COPE (corporate-owned, personally enabled) and CYOD (choose your own device) deployment models?

A. In COPE model, the organization provides the device while in CYOD, employees select the device from an approved list.

B. In COPE model, employees bring their own device while in CYOD, the company provides it.

C. COPE model is more secure than the CYOD model.

D. COPE involves the company monitoring the device while CYOD doesn’t.

161 / 171

What is the main difference between Corporate-owned, personally enabled (COPE) model and the traditional corporate-owned model?

A. The organization purchases devices in both models, but in the COPE model, employees are free to use the device for their personal activities.

B. In the COPE model, employees purchase their own devices.

C. The corporate-owned model does not allow any personal use.

D. In the COPE model, the organization does not have the ability to monitor and manage the devices.

162 / 171

Which of the following best describes the main point regarding ’Implementing Secure Systems?’

A. Systems always start in a secure state.

B. Administrators don’t need to secure systems before deployment.

C. Systems need to be secured before deployment and kept secure after.

D. Only network devices need to be secured.

163 / 171

What is the role of integrity measurements in baseline deviations?

A. They are used to deploy systems consistently in a secure state.

B. They use automated tools to monitor the systems for any baseline changes.

C. They communicate policy changes to employees.

D. They detect changes to baseline settings and automatically isolate or quarantine systems.

164 / 171

What is the role of a host in the context of virtualization?

A. It is the software that creates, runs, and manages the VMs.

B. It refers to the operating systems running on a system.

C. It is the physical system that hosts the VMs.

D. It is the process by which one physically manages the VMs.

165 / 171

Which of the following is a common use of the supervisory control and data acquisition (SCADA) systems and ICS?

A. For video-game development

B. For online shopping

C. For monitoring processes within shipping facilities

D. For preparing meal recipes

166 / 171

Which type of network depends on the cellular provider and the device in use?

A. Wi-Fi

B. Cellular

C. RFID

D. NFC

167 / 171

What method of authentication discussed in chapter 2 does mobile device management (MDM) support?

A. Biometric authentication

B. Card reader authentication

C. Signature-based authentication

D. Voice-based authentication

168 / 171

What is the purpose of the screen-locking feature supported by most mobile devices?

A. It automatically erases data after the device hasn’t been used for a certain period of time.

B. It enables GPS features when the device is asleep.

C. It prevents easy access to the device and its data by locking the device after a specified number of minutes of inactivity.

D. It enforces the use of biometrics for authentication.

169 / 171

Which of the following practices increases the security risk to a mobile device?

A. Installing apps obtained from Apple’s App Store

B. Updating the firmware using over-the-air (OTA) updates

C. Installing apps from third-party app stores

D. Setting the device to disallow apps from Unknown Sources

170 / 171

What is a key difference in traffic routing between a software-defined network (SDN) and traditional hardware routers?

A. SDN uses complex ACL rules for routing, while hardware routers use plain language policies

B. SDN uses specific hardware routers for routing, while traditional routers use virtualization technologies

C. SDN uses virtualization technologies and software for routing, while hardware routers use rules within an ACL

D. Both SDN and traditional routers use the same method for routing traffic

171 / 171

What are the shared responsibilities between a cloud service provider and a customer in IaaS, PaaS, SaaS models?

A. Only security responsibilities

B. Only maintenance responsibilities

C. Both security and maintenance responsibilities

D. Neither security nor maintenance responsibilities

Your score is

Dowload the FREE OFFLINE Version of this Test Bank

Boost your cybersecurity skills! Click to download the CompTIA Security+ Practice Anki deck.

Boost your IT skills with our free CompTIA Security+ practice test focusing on Chapter 05: Securing Hosts and Data. Whether you’re entering the IT industry or advancing in cyber security, our resources are here to help you succeed in the CompTIA Exam.

Why Choose Our CompTIA Security+ Practice Test?

Skill Enhancement:
Covers essential techniques for securing hosts and data crucial for the CompTIA Exam.
Career Advancement:
Passing the CompTIA Security+ exam can open doors to new job opportunities and significant career changes in the IT industry.
Vulnerability Management:
Master the art of securing hosts and data, a key skill in cyber security.

Free Anki Deck Download

Download our free Anki Deck, reviewed by industry expert Josh Madakor, who has extensive experience in IT and cyber security, including work with Microsoft and government sectors. Learn more about Anki on the official site.

Get Started with Your IT Career Change Today!

Visit the CompTIA Security+ official site and the CompTIA Network+ official site for more information.

Chapter 05 – Security Hosts and Data

Dowload the FREE OFFLINE Version of this Test Bank

Why Choose Our CompTIA Security+ Practice Test?

Skill Enhancement:

Career Advancement:

Vulnerability Management:

Free Anki Deck Download

Explore our other free practice tests:

Related Posts

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

The Affordable, Hands-On Cyber Security that gets Results!

JOIN OUR

NEWSLETTER