Free CompTIA Security+ Practice Chapter 7

Ref: CompTIA Security Plus Get Certified Get Ahead SY0-701 Study Guide

CompTIA Security+ (SY0-701) – Chapter 7

1 / 143

What is the primary purpose of the ’Staging’ stage in a secure development environment?

A. It is used for late-stage testing and simulates a full production environment.

B. It provides a platform for software developers to create the application.

C. It is an ongoing process used throughout the project lifetime to maintain quality.

D. It is where the application goes live as the final product.

2 / 143

What is the purpose of Manual code review in testing applications?

A. It is used to send random data to an application

B. It is used to test applications within an isolated area

C. It goes through the code line by line to discover vulnerabilities

D. It checks the code while it is running

3 / 143

What aids ISPs in determining the likelihood of an email being legitimate or malicious?

A. Message Integrity Codes

B. Certificates

C. Domain reputation

D. Secure Hash Algorithm

4 / 143

What is the purpose of a primary key in a database as described in the first normal form (1NF) criteria?

A. To repeat data in multiple columns

B. To identify each unique row within a table

C. To enable data to be stored in multiple tables

D. To contain related data in the same table

5 / 143

What is the purpose of normalization in a database?

A. To increase redundant data and improve overall database performance

B. To organize the columns and reduce redundant data

C. To improve overall database performance without changing any data

D. To decrease the overall database performance and reduce redundant data

6 / 143

What is the primary reason for encouraging code reuse in application development?

A. To generate dead code

B. To help prevent introduction of new bugs and save time

C. To ensure that all components of a module are used

D. To create logic errors

7 / 143

What is the purpose of Implementing boundary or range checking in input validation?

A. It allows the insertion of malicious codes

B. It verifies that HTML codes are being used correctly

C. It ensures that values are within expected boundaries or ranges

D. It allows the use of certain characters like dashes, apostrophes, and equal signs

8 / 143

What describes static code analysis in application security?

A. It checks the code while it is running.

B. It tests applications within an isolated area.

C. It examines the code without executing it.

D. It uses a computer program to send random data to an application.

9 / 143

What describes the reason behind not including repeating groups in the columns while creating a database in first normal form (1NF)?

A. It increases the chance for errors as similar information has to be entered multiple times

B. It prevents the need to change the same data multiple times if it needs to be updated

C. It ensures that each row within a table remains unique and is identified with a primary key

D. It violates the rule of 1NF and makes it more difficult to access only one part of the repeating group

10 / 143

What is the final step in the intrusion kill chain as defined by scientists at Lockheed-Martin?

A. Command and Control (C2)

B. Reconnaissance

C. Actions on Objectives

D. Exploitation

11 / 143

Which of the following is NOT a common indicator of a malware infection?

A. A system runs slower than normal.

B. Your browser home page or default search engine changes.

C. Centralized logging systems can detect scripts automatically.

D. Internet traffic increases on its own.

12 / 143

Which of these is the correct sequence of steps in the intrusion kill chain as identified by scientists at Lockheed-Martin?

A. Reconnaissance, Weaponization, Delivery, Exploitation, Installation, C2, Actions

B. Reconnaissance, Delivery, Weaponization, Exploitation, Installation, C2, Actions

C. Reconnaissance, Weaponization, Exploitation, Delivery, Installation, C2, Actions

D. Reconnaissance, Weaponization, Delivery, Installation, Exploitation, C2, Actions

13 / 143

What are the four key components of every intrusion event according to the Diamond Model of Intrusion Analysis?

A. Adversary, Capabilities, Infrastructure, and Victim

B. Cyber kill chain, Adversary, Victim, and Malware

C. Phishing, Adversary, Infrastructure, and Exploit

D. Adversary, Malware, IP addresses, and Advanced Persistent Threats

14 / 143

What is OpenSSL primarily used for today given SSL’s vulnerabilities?

A. Implementing SSL protocols

B. Implementing TLS protocols

C. Creating CSRs

D. Exporting public keys

15 / 143

What is a Server-Side Request Forgery (SSRF) attack?

A. A type of attack where a server is forced to reboot

B. An exploit in which a server processes external information that potentially allows an attacker to inject malicious code

C. An attack on server’s physical infrastructure

D. False requests sent from a client side application

16 / 143

What is one of the vulnerabilities related to databases?

A. Brute force attacks

B. DDoS attacks

C. SQL injection attacks

D. Malware attacks

17 / 143

What is the purpose of the Get-Command cmdlet in Windows Powershell?

A. It adds a new command to the PowerShell environment.

B. It tests whether a command is valid or not in PowerShell.

C. It provides a list of all PowerShell commands.

D. It removes a command from the PowerShell environment.

18 / 143

How do you execute a bash script named ’mytest.sh’ in a Unix-like environment?

A. Simply type ’mytest.sh’ and press enter

B. Enter ’mytest.sh’ followed by the full path of file

C. Use the command: bash mytest.sh or sh mytest.sh

D. Use the command: exec mytest.sh

19 / 143

What is the purpose of using frameworks like MITRE ATT&CK and Pre-ATT&CK by the Cybersecurity and Infrastructure Security Agency (CISA)?

A. To identify software vulnerabilities

B. To identify attackers

C. To establish communication with threat actors

D. To deploy cyber attacks

20 / 143

In the Diamond Model of Intrusion Analysis, what does the ’Infrastructure’ component refer to?

A. The malware, exploits, and other hacker tools used in the intrusion.

B. The idea that every intrusion event has an adversary that uses a capability across an infrastructure against a victim.

C. The Internet domain names, email addresses, and IP addresses used by the adversary.

D. The identifiers used to identify adversaries.

21 / 143

What is a common method used in IP spoofing?

A. Changing the sender email address

B. Changing the destination IP address

C. Changing the source IP address

D. Changing the MAC address

22 / 143

What are some security concerns organizations should consider when outsourcing code development?

A. Ensuring the code works as expected

B. Discovering malicious code within the software

C. The possibility of lack of updates for the code

D. All of the above

23 / 143

What is the main goal of studying numerous well-known attacks, as stated in the section ’Identifying Network Attacks’?

A. To actively defeat the attackers

B. To comprehend the improved attacks and the enhanced countermeasures

C. To publicize common attacks

D. To invent new countermeasures

24 / 143

What is the purpose of the X-Frame-Options in HTTP headers?

A. It forces the browser to display the page only if it is sent as HTTPS

B. It defines multiple sources of acceptable content

C. It informs the browser if X-frames are allowed

D. It includes information about the browser and encoding that the client browser may accept

25 / 143

What is the primary purpose of automated software diversity methods according to the text?

A. To convert code written in a programming language into a binary executable file

B. To add a level of randomness to the code allowing the same program to behave differently on different systems

C. To mimic the compilers of multiple languages

D. To develop a report of items that developers might want to check

26 / 143

Why would someone use MAC cloning as described in the provided text?

A. To avoid detection by a network administrator

B. To fool an ISP into recognising a different network device as the same device

C. To get a new IP address for the router

D. To increase the speed of the Internet connection

27 / 143

What does the continuous monitoring process in a DevOps model do?

A. It detects code changes that may cause compliance and security issues

B. It automates courses of action after any code changes

C. It revalidates code after every change

D. It merges code changes into a version control repository regularly

28 / 143

In the context of CompTIA Security+, what is a directory traversal attack?

A. An attack that overrides system permissions to access directories

B. A malware program that encrypts files in specific directories

C. A type of injection attack that attempts to access a file by traversing the directory structure or including the full directory path

D. A type of phishing attack that manipulates users to divulge their directory login credentials

29 / 143

What is the indicator of a successful URL redirection attack?

A. The website’s performance slows down

B. You are redirected to another website

C. The website’s interface changes

D. The website asks for a password change

30 / 143

What is the method to detect a PowerShell cmdlet?

A. Checking for errors in the code

B. Analyzing the behavior of the script

C. Using anti-malware software

D. Viewing logs and looking for PowerShell cmdlets

31 / 143

What is the function of a reverse lookup in DNS?

A. It resolves IPs to hostnames

B. It resolves hostnames to IPs

C. It checks if a website is secure

D. It validates a website’s SSL certificate

32 / 143

Which of the following is a potential consequence of poor memory management techniques?

A. Memory leak or overflow issues

B. The CPU performance decreases

C. Application runs faster

D. The size of the hard disk drive increases

33 / 143

What is a replay attack and how can it be prevented?

A. A replay attack involves an attacker rerouting network data to a different destination; it can be prevented by using encryption.

B. A replay attack involves an attacker replaying data from a previous communication session, trying to impersonate a client; it can be prevented by using timestamps and sequence numbers.

C. A replay attack involves an attacker overloading a server with requests; it can be prevented by using rate limiting.

D. A replay attack involves an attacker infecting a system with malware; it can be prevented by using anti-virus software.

34 / 143

What is one key difference between third-party libraries and software development kits (SDKs)?

A. Third-party libraries are usually tied to a single vendor while SDKs are not

B. Third-party libraries include APIs while SDKs do not

C. SDKs usually include debugging tools while third-party libraries do not

D. Third-party libraries can be used online while SDKs cannot

35 / 143

In reference to the intrusion kill chain, what does the ’delivery’ element involve?

A. Selecting targets for the attack.

B. Embedding a remote access Trojan within a deliverable payload.

C. Transmitting the payload to the target, often through a phishing email attachment.

D. Extracting and encrypting data from the infected environment.

36 / 143

What is a primary indicator of XML injection as described in the passage?

A. The creation of duplicate tags

B. The dropping of a user account

C. The creation of unwanted accounts

D. Data loss

37 / 143

How can an attacker use ARP poisoning in a DoS attack?

A. By sending an ARP reply with a bogus MAC address for the default gateway

B. By blocking all ARP replies within the network

C. By deleting the ARP cache on all computers

D. By changing the IP address of the default gateway on all computers

38 / 143

What is an indicator of tainted data being used in an AI or ML system according to the given text?

A. If the system starts displaying inconsistent results.

B. If a game player starts to show a high percentage of wins.

C. If a behaviour-based NIPS has not raised any alerts for several days.

D. If a behaviour-based NIPS starts to give false positives.

39 / 143

What is dynamic code analysis?

A. It’s a type of code analysis that executes the code while checking it.

B. It’s a type of code analysis that checks the code without running it.

C. It’s a type of code analysis that uses sandboxing for testing the code.

D. It’s a manual review of the code done by the developer, looking at each line for vulnerabilities.

40 / 143

What is a typical indicator of a successful pharming attack on a client computer?

A. The user experiences slow internet speed

B. The computer keeps restarting

C. The user tries to go to one website but is taken to a different website

D. The hosts file on the computer is empty

41 / 143

In the context of the cyber kill chain, what happens during the ’Installation’ step?

A. The payload is transmitted to the target

B. The weapon is delivered and activates the exploit

C. The exploit installs a remote access Trojan or a backdoor on the attacked system

D. Infected systems send out a beacon to an Internet-based server

42 / 143

Which is NOT a method to prevent cross-site scripting (XSS) attacks mentioned in the text?

A. Sophisticated input validation techniques

B. Use of a security encoding library

C. Disable HTML code

D. Avoid any methods that allow the webpage to display untrusted data

43 / 143

What is the main difference between artificial intelligence (AI) and machine learning (ML)?

A. AI refers to technologies that help computer systems improve with experience, while ML is a broader concept.

B. Machine learning is a part of AI, but AI is much broader.

C. AI is a part of machine learning, and ML is much broader.

D. Both AI and ML mean the same thing.

44 / 143

What happens in a SYN flood attack?

A. The attacker completes the handshake by sending the ACK packet.

B. The attacker sends a barrage of ACK packets, leaving the server with multiple half-open connections.

C. The client does not send a SYN (synchronize) packet to the server.

D. The attacker sends a barrage of SYN packets, leaving the server with multiple half-open connections.

45 / 143

What is the primary difference between continuous deployment and continuous delivery within the DevOps model?

A. Continuous delivery refers to the practice of merging code changes into a version control repository.

B. Continuous deployment deploys the changes directly to a production environment.

C. Continuous delivery is about revalidating code after every change.

D. Both continuous delivery and deployment refer to automated responses to code changes.

46 / 143

What is the primary purpose of a ’shim’ in the context of operating system drivers?

A. It’s a type of encryption used to secure data.

B. It’s a malicious tool used by hackers to exploit vulnerabilities.

C. It’s additional code that can run instead of the original driver to provide compatibility with older drivers.

D. It’s a process to debug and test drivers.

47 / 143

What is an important step to follow in terms of error reporting according to the given text?

A. Detailed errors should be shown to users

B. All errors should be ignored

C. Errors should not be logged for future reference

D. Generic error messages should be shown to users, but detailed information should be logged

48 / 143

What are the usual extensions for Python script files and their compiled versions?

A. .java and .py

B. .py and .cs

C. .py and .pyc

D. .c++ and .java

49 / 143

What tasks can an effective Secure Orchestration, Automation, and Response (SOAR) platform handle in the context of automated courses of action?

A. Many simple administrative and cybersecurity tasks

B. Monitoring code changes to detect compliance issues and security threats

C. Revalidating code after every change

D. Merging code changes into a version control repository regularly

50 / 143

Which of the following is NOT a step in the cyber kill chain as presented in the text?

A. Reconnaissance

B. Weaponization

C. Command and Control (C2)

D. Decryption

51 / 143

What is the primary difference between reflected XSS and stored XSS attacks?

A. In reflected XSS, malicious code is stored in a server, while in stored XSS, it is directly sent to the user

B. In reflected XSS, an administrator is targeted, while in stored XSS, a general user is targeted

C. In reflected XSS, the malicious code is sent to the server as an HTTP request, while in stored XSS, it is stored on a trusted location and later retrieved

D. In reflected XSS, an encoding library is used, while in stored XSS, sophisticated input validation techniques are used

52 / 143

What is OpenSSH as described in Chapter 3?

A. It is a shell environment similar to PowerShell, Python and OpenSSL.

B. It is a specific command used in the Linux terminal to launch SSH.

C. It is a suite of tools that simplify the use of SSH.

D. It is a tool that administers passwordless SSH logins by itself.

53 / 143

Why is it important for applications to provide general rather than detailed error messages to users?

A. To make error messages easier to understand

B. To prevent providing attackers with useful information

C. To ensure that errors are only seen by developers

D. To avoid causing confusion to users

54 / 143

What is ’Dead code’?

A. Code that is constantly in use

B. Code that has many bugs

C. Code that is never executed or used

D. Code that is newly created

55 / 143

What does continuous validation stage in the DevOps model depict?

A. It is the practice of merging code changes into a version control repository regularly.

B. It is the process where code changes are released automatically to a testing or staging environment.

C. It revalidates code after every change.

D. It is the process where code changes are deployed automatically to the production environment.

56 / 143

What is a race condition in the context of application design?

A. It is a condition where two or more applications race to complete their processing

B. It is a situation where two or more applications or modules of an application try to access a resource at the same time causing a conflict

C. It is a competition between two or more functions within a module

D. It refers to the speed at which an application runs

57 / 143

What identifies a zero-day attack?

A. The vendor has released a patch.

B. The vulnerability is well documented and known to the public.

C. There is constant, unusual behavior on the system being attacked.

D. The vulnerability is not known and undocumented.

58 / 143

What is the first step in the intrusion ’kill chain’ as identified by scientists at Lockheed-Martin?

A. Weaponization

B. Delivery

C. Command and Control (C2)

D. Reconnaissance

59 / 143

Which of the following statements best describes a Secure Cookie?

A. A cookie that is only transmitted over secure channels.

B. A cookie that is encrypted and unreadable by attackers.

C. A cookie that is only set when the user visits a secure website.

D. A cookie that stores the user’s personal information securely.

60 / 143

Which of the following best describes the role of Quality Assurance (QA) in a secure development environment?

A. QA is only involved in the production stage of development

B. QA is limited to discovering bugs in the software

C. QA helps ensure an application maintains a high level of quality and meets the original requirements

D. QA stages are completed in non-production environments only

61 / 143

What is the purpose of blocking HTML code in input validation?

A. To customize user interface

B. To prevent malicious attacks that embed HTML code

C. To assure the input data is in alphabetical order

D. To increase webpage loading speed

62 / 143

What is a memory leak in a computer application?

A. It is when an application reserves memory for short-term use but fails to release it.

B. It is a physical damage on the computer’s memory unit.

C. It is a type of malware that extracts information from a computer’s memory.

D. It is a safety feature that lets memory overflow into external storage to prevent data loss.

63 / 143

Which types of injection attacks are described as beyond SQL injection attacks?

A. Dynamic link library injection, Lightweight Directory Access Protocol (LDAP) injection and Extensible Markup Language (XML) injection

B. SQL injection, Cross-site scripting (XSS) and Directory traversal

C. Digital certificate forgery, phishing and password cracking

D. Man in the Middle (MitM), Distributed Denial of Service (DDoS) and SYN flood

64 / 143

Which of the following stages in a secure development environment aims to simulate the production environment for late-stage testing?

A. Development

B. Test

C. Staging

D. Quality Assurance

65 / 143

What can be an indication that a macro may have been modified by an attacker?

A. The macro takes longer than usual to run.

B. The application using the macro crashes unexpectedly.

C. The macro no longer works or works differently.

D. The macro uses a different language than VBA.

66 / 143

What is the primary objective of both DoS and DDoS attacks?

A. To cause resource exhaustion on the target system

B. To gain unauthorized access to the target system

C. To insert malicious code in the target system

D. To obtain sensitive data from the target system

67 / 143

What is one of the main functions of a stored procedure in a web application?

A. It checks if the SQL statement is executable.

B. It creates a database.

C. It handles user input to prevent SQL injection attacks.

D. It searches for all books authored by a specific author.

68 / 143

What are the criteria that a database must meet to be in first normal form (1NF)?

A. Each row within a table is unique and identified with a primary key, related data is contained in a separate table, and none of the columns include repeating groups.

B. Each row within a table includes duplicate data, related data is contained in the same table, and all columns include repeating groups.

C. There is no unique identification for each row within a table, related data is mixed within different tables, and there are repeating groups in the columns.

D. The table does not include a primary key, related data is combined in one table, and columns are allowed to contain repeating groups.

69 / 143

What are the specific security concerns that organizations should address while outsourcing code development?

A. Ensure the code works as expected

B. Risk of having vulnerable code

C. Possibility of insertion of malicious code

D. All of the above

70 / 143

What information is contained within DNS log files?

A. Only the hostname that is requested

B. System that sent the request and the IP address

C. Only IP addresses of requested hostnames

D. Only potentially malicious websites

71 / 143

What is a likely indicator of an on-path attack taking place?

A. There is a delay in traffic due to the on-path computer decrypting and encrypting data

B. There is an increase in the speed of network connections

C. The firewall is deactivated

D. The DNS server is non-responsive

72 / 143

What does integrity measurement refer to in the context of software development?

A. The length of time it took to develop the code

B. The degree to which the code follows the design specifications

C. The quality of the code based on its test coverage throughout the development cycle

D. The complexity of the code based on its size and use of advanced programming techniques

73 / 143

What happens when an integer overflow occurs in an application?

A. The application will increase the memory location size,

B. The application will give inaccurate results

C. The application will stop working

D. The application will delete the received numeric value

74 / 143

Why are macros, including VBA macros, disabled by default in Microsoft Office applications?

A. To prevent users from creating their own secure macros

B. Because macros and VBA code can easily be created by attackers

C. To ensure that the applications run more efficiently

D. Because VBA code can slow down the operation of the computer

75 / 143

What is the term for code that is brought into a new application but never executed or used?

A. Reused Code

B. Dead Code

C. Duplicate Code

D. Logic Error Code

76 / 143

What best defines the process of manual code review?

A. It is a dynamic code analysis where code is checked while running

B. It involves sending random strings of data to applications to find vulnerabilities

C. It is performed by the programmer who wrote the code

D. It is a static code analysis where someone other than the programmer reviews the code line by line

77 / 143

Which of the following best describes a method of input validation to increase application security as discussed in the text?

A. Allow only letters and numbers for all input data

B. Block the use of certain characters associated with specific types of attacks

C. Input validation is not necessary as long as boundary or range checking is implemented

D. All HTML code embedded within the input should be allowed

78 / 143

What is one of the primary protocols at the Data Link layer (Layer 2) of the OSI model that can be exploited by attackers?

A. HTTP

B. ARP

C. FTP

D. ICMP

79 / 143

What is a primary indication of an ongoing Secure Sockets Layer (SSL) stripping (or TLS stripping) attack?

A. The browser displays an error message about an invalid SSL certificate

B. The browser’s URL bar shows ’Not secure’ or includes HTTP instead of HTTPS

C. The webpage takes an unusually long time to load

D. The user is prompted to enter their password repeatedly

80 / 143

What is the purpose of input validation in the context of web security?

A. To make sure the syle and color of the input fields match the rest of the website

B. To ensure the user enters data correctly in order to make the user experience as smooth as possible

C. To collect user data through the input fields for market research and customer profiles

D. To check data for validity and discard or sanitize malicious code to prevent various types of attacks

81 / 143

What is the correct way to run a bash script called mytest.sh in a Unix or Unix-like operating system?

A. Just type mytest.sh

B. Use a Command-Verb structure, such as Invoke-mytest.sh

C. Use the command bash mytest.sh or sh mytest.sh

D. Use the command bin/mytest.sh

82 / 143

What is the purpose of input validation in developing secure web applications?

A. To enhance user experience

B. To ensure only proper characters are used in an application

C. To reject invalid data and prevent potential attacks

D. To speed up the performance of a webpage

83 / 143

Why is it important to treat machine learning algorithms as proprietary data?

A. To keep the algorithms confidential and prevent unauthorized disclosure.

B. To increase the cost of the machine learning system.

C. To make the system more efficient.

D. To make the algorithms more complex.

84 / 143

What are the main steps carried out by an attacker during a domain hijacking attack?

A. The attacker hacks into the domain registrar’s database and changes the ownership

B. The attacker gathers information about the domain owner, gains unauthorized access to their email, and then uses it to take ownership of the domain

C. The attacker physically infiltrates the domain owner’s home or office to gain access

D. The attacker sends a phishing email to the domain owner to encourage them to click on a malicious link

85 / 143

Why is it a security concern if the contract for outsourced code development does not mention updates?

A. Developers will not follow best practices

B. Developers could insert malicious code

C. Security vulnerabilities are common on code, difficult to get updates if not mentioned in contract

D. The code may not work as expected

86 / 143

In the Diamond Model of Intrusion Analysis, how are victims identified?

A. By their physical fingerprints

B. By their names, email addresses, or network identifiers

C. By the malware or hacker tools they have fallen victim to

D. By the Internet domain names they use

87 / 143

What is the function of Command and Control (C2) in the intrusion kill chain?

A. Malware is embedded within a deliverable payload

B. A potential target is identified and selected

C. Infected systems send out a beacon to an Internet-based server to establish a channel for attackers

D. The weapon is activated and the exploit is triggered

88 / 143

Who should understand secure application development and deployment concepts?

A. Application developers only

B. IT security managers only

C. Both application developers and IT security managers

D. Neither application developers nor IT security managers

89 / 143

What is the purpose of the Production stage in a secure development environment?

A. It is an isolated environment where developers create the application

B. It is used for early testing and discovering any bugs or errors

C. It is where the application goes live as the final product

D. It is an ongoing process used to ensure that an application maintains a high level of quality

90 / 143

What is a primary indicator of a DNS poisoning attack?

A. The IP address associated with a website is changed to a different one

B. Users cannot access any websites

C. A website asks users for additional security information

D. Users enter the URL of one website but are taken to a different website

91 / 143

What does the HTTP Strict-Transport-Security header in an HTTP response indicate?

A. It specifies multiple sources of acceptable content.

B. It tells the browser if X-frames are allowed.

C. It gives information about the body of the message.

D. It tells the browser to display the page only if it is sent as HTTP Secure (HTTPS).

92 / 143

What does the SQL clause ’WHERE ‘1’=’1’’ do in a SQL injection attack?

A. It prevents the system from returning a record.

B. It forces the system to return a generic error.

C. It ensures that the system will return all records from the specific table.

D. It causes the system to format all data as if it were written in SQL.

93 / 143

What is the function of the continuous integration process in a DevOps model?

A. It merges code changes into a version control repository regularly

B. It detects compliance issues and security threats

C. It revalidates code after every change

D. It refers to the practice of deploying code changes automatically to the production environment

94 / 143

What are the attack frameworks used for in cybersecurity?

A. To identify tactics, techniques, and procedures used by attackers

B. To mitigate current ongoing attacks

C. To conduct penetration testing

D. To design new cybersecurity technologies

95 / 143

What is the best practice for error handling and why?

A. Applications should show detailed error messages to the users and log those details.

B. Applications should not catch errors as this can confuse users.

C. Applications should show generic error messages to users but log detailed information.

D. Applications should not log error information as this can be used by attackers.

96 / 143

What is the primary differentiation between continuous deployment and continuous delivery in the context of DevOps automation?

A. Continuous deployment includes continuous validation, while continuous delivery does not.

B. Continuous deployment refers to the automatic release of code changes to a testing environment, while continuous delivery refers to the automatic release of code changes to a production environment.

C. Continuous deployment automatically deploys the code changes to a production environment, while continuous delivery automatically releases the code changes to a testing or staging environment.

D. Continuous deployment involves manual approval, while continuous delivery is entirely automated.

97 / 143

What does the HTTP Strict-Transport-Security header tell the browser to do?

A. Display the page only if it is sent as HTTPS

B. Define multiple sources of acceptable content

C. Tell the browser if X-frames are allowed

D. Provide information about the body of the message

98 / 143

What is the common consequence of setting an object to null and trying to use it in run time in C++ and C#?

A. Causes a NullPointerException error

B. Causes a memory leak

C. Causes the program to compile

D. Allows the garbage collection process to free up memory

99 / 143

What criteria is required for a database to be considered in Second Normal Form (2NF)?

A. The database is in 1NF and non-primary key attributes are completely dependent on the individual keys of the composite primary key.

B. The database is in 1NF and non-primary key attributes are completely dependent on the composite primary key.

C. The database is in 1NF and non-primary key attributes are partially dependent on the composite primary key.

D. The database is in 1NF and non-primary key attributes are completely dependent on secondary keys.

100 / 143

What does the SQL injection attack command ’;–’ do in the SQL statement?

A. It indicates the end of the SQL line and marks the following as an ignored comment

B. It permits the database to accept another command

C. It retrieves data from the database

D. It confirms the data accuracy

101 / 143

What is the primary function of the Open Web Application Security Project (OWASP)?

A. It is focused on networking security

B. It is focused on improving the security of software

C. It is a for-profit corporation that sells security software

D. It focuses on physical security of IT infrastructure

102 / 143

What is the primary difference between continuous deployment and continuous delivery in a DevOps model?

A. Continuous deployment releases code changes to a staging environment, while continuous delivery releases them to a production environment.

B. Continuous delivery releases code changes to a testing environment, while continuous deployment releases them to a staging environment.

C. Continuous delivery releases code changes to a testing or staging environment and require manual approval for deployment to production environment, while continuous deployment deploys the changes automatically to a production environment.

D. Continuous deployment and continuous delivery release code changes to the same environment and there is no difference between them.

103 / 143

What is the primary function of Software Version Control?

A. It tracks the versions of software as it is updated

B. It changes the code of the software

C. It prevents developers from making changes

D. It causes unintended problems

104 / 143

What does the bash or sh command denote when it comes to running a script file in a Linux terminal?

A. It signifies the end of a sequence of commands

B. It prefixes a sequence of files in the terminal

C. It invokes or runs the script file

D. It hides the script file from being executed

105 / 143

What is DLL injection as described in regards to application security?

A. It is a protective measure where a DLL is inserted into an application’s code to prevent attacks.

B. It is a compilation of code that an application uses to function.

C. It is an attack that inserts a DLL into a system’s memory and causes it to run.

D. It is a specific kind of malware that corrupts a system’s DLL files.

106 / 143

What is sandboxing in application testing?

A. It is a dynamic code analysis method to test running code.

B. It tests applications within an isolated area specifically created for testing.

C. It is a method by which random data is sent to an application.

D. It is a method by which the tester manually reviews the code.

107 / 143

What is the most common method an attacker uses to perform client-side request forgeries?

A. Modifying server-side codes

B. Completing transactions on behalf of the user

C. Modifying existing cookies that the web application reads on the client

D. Hacking into user’s account

108 / 143

What are the potential outcomes of an ARP on-path attack?

A. The attacker can only redirect network traffic

B. The attacker can eavesdrop, redirect network traffic and insert malicious code

C. The attacker can only insert malicious code

D. The attacker can only eavesdrop

109 / 143

What is the purpose of using a series of NOP or x90 instructions in a buffer overflow attack?

A. To speed up the execution of the malicious code

B. To confuse the system security measures

C. To provide a ’slide’ that the system will follow, leading to the execution of malicious code

D. To slow down the system processing time, allowing other malicious activities

110 / 143

What are other input validation techniques used to prevent web application attacks?

A. Sanitizing HTML code using ASCII replacement characters

B. Not inserting any data into webpages

C. Removing all HTML coding from webpages

D. Replacing all HTML code with XML code

111 / 143

Which of the following is a common way applications use to protect data at rest and data in transit?

A. They use antivirus software

B. They use DDoS prevention

C. They use encryption

D. They use file permissions

112 / 143

What is one major security concern when outsourcing code development?

A. The code may not work as expected

B. The developers may not follow best practices for secure code, potentially leading to vulnerabilities

C. Developers could insert malicious code such as backdoors or logic bombs

D. The contract may not include code updates

113 / 143

What does it indicate if logs show that bash or sh is being invoked to run scripts?

A. The system is out of memory

B. The system is crashing

C. It may be a potential indicator of an attack

D. The system is running perfectly

114 / 143

What is a vulnerability of ARP that can result in an ARP poisoning attack?

A. It does not use any type of encryption.

B. It believes any ARP reply packet.

C. It cannot validate the IP address.

D. It stores MAC address in a public memory area.

115 / 143

Which of the following best describes Cross-site scripting (XSS)?

A. An encryption algorithm to ensure data safety

B. A network protocol vulnerability allowing unauthorized access to network resources

C. A web application vulnerability allowing attackers to inject scripts into web pages

D. A password cracking technique based on guessing

116 / 143

In the context of the cyber kill chain, what does ’Weaponization’ involve?

A. It involves identifying and selecting targets

B. It is the process of embedding malware within a deliverable payload

C. It includes the transmission of the payload to the target

D. It is the process of accessing and maintaining persistence inside the exploited environment

117 / 143

What is SQL commonly used for?

A. To write computer programs

B. To design websites

C. To communicate with databases

D. To build computer hardware

118 / 143

What does it mean for a database to be in third normal form (3NF)?

A. It has unnecessary redundancies within the database

B. All columns are dependent on non-primary key attributes

C. All columns that aren’t primary keys are only dependent on the primary key

D. It is not in 2NF, thus it is neither in 1NF

119 / 143

What is a major vulnerability of the ARP reply?

A. It does not cache the MAC address

B. It does not use the IP address

C. It cannot be spoofed

D. It is very trusting and will believe any ARP reply packet

120 / 143

In the Diamond Model of Intrusion Analysis, what are the identities used to identify an adversary?

A. network identifiers and email addresses

B. email addresses and online forum handles

C. IP addresses and domain names

D. malware and other hacker tools

121 / 143

Why is related data contained in a separate table in a database in first normal form (1NF)?

A. To add complexity to the database

B. To increase repetition and redundancy

C. To decrease the chance for errors and redundancy

D. To allow easier access to repeating groups

122 / 143

What is the best way to prevent LDAP injection attacks as described in the text?

A. Limit user access to applications

B. Update all software and hardware regularly

C. Validate user input before using it

D. Use a different protocol besides LDAP

123 / 143

Which types of attacks are web servers particularly susceptible to?

A. Denial of Service and Phishing

B. Buffer Overflow and SQL Injection

C. Password Cracking and Eavesdropping

D. Malware and Social Engineering

124 / 143

What is the primary purpose of the staging phase in a secure software development environment?

A. To create an isolated environment for the initial software creation

B. To put the application through its paces and discover bugs

C. To simulate the production environment and discover any bugs that might impact the live environment

D. To deploy the final product live for customers

125 / 143

What happens during a MAC flooding attack when a switch enters a fail-open state?

A. The switch operates as a router.

B. The switch functions as a simple hub.

C. The switch returns to its default settings.

D. The switch blocks all incoming traffic.

126 / 143

What is the process of provisioning an application typically refer to in secure application development and deployment concepts?

A. Assigning proper access and rights to apps.

B. Preparing and configuring the application to launch on different devices and to use different application services.

C. Removing access to resources of an application.

D. Deleting user accounts.

127 / 143

What are the two benefits of using the code signing process for software codes, as described in Chapter 10?

A. It allows the code to be run on any machine, and it provides a digital signature for the code

B. It identifies the author and verifies the code has not been modified

C. It encrypts the code and verifies that the code has not been corrupted

D. It provides a digital signature for the code and allows it to be run without any compatibility issues

128 / 143

In the context of the Diamond Model of Intrusion Analysis, what does ’Capabilities’ refer to?

A. The vulnerabilities present in the victim’s system

B. The identified adversary

C. The malware, exploits, and other hacker tools used in the intrusion

D. The internet domain names, email addresses, and IP addresses used by the adversary

129 / 143

In a secure development environment, which stage is provided as a complete but independent copy of a production environment for the purposes of late-stage testing?

A. Development

B. Test

C. Staging

D. Production

130 / 143

What is the process of refactoring code?

A. The process of creating a driver shim to provide compatibility with older drivers.

B. The process of rewriting the driver entirely.

C. The process of rewriting the internal processing of the code without changing its external behavior.

D. The process of manipulating a driver for malicious purposes.

131 / 143

Which of the following is a method used to protect against Cross-Site Request Forgery (XSRF)?

A. Using clear-text password

B. Storing user credentials in cookies

C. Using CAPTCHA

D. Avoiding the usage of HTML links

132 / 143

What type of information can typically be found in web server logs?

A. The IP addresses of the site’s visitors

B. The instances of certain phrases, such as `’ or ’1’=’1’`

C. The content of private emails sent from the server

D. The passwords of the users who accessed the server

133 / 143

Which of the following is NOT a tactic listed in the MITRE ATT&CK matrix?

A. Defense evasion

B. Credential access

C. Data Encryption

D. Command and Control

134 / 143

What does ’Content-Security-Policy’ in HTTP headers do?

A. It specifies various sources of content allowed to load on a web page.

B. It instructs the browser to only allow the page to be displayed if sent over HTTPS.

C. It lets the browser know if X-frames are allowed or not.

D. It contains information about the client’s browser and language.

135 / 143

What is the primary purpose of a DNS sinkhole?

A. To direct users to incorrect websites for fun

B. To disrupt botnets and malware

C. To reverse engineer malware

D. To redirect traffic to specific websites for marketing purposes

136 / 143

What is a benefit of using parameterized stored procedures in web applications?

A. They increase the speed of data entry

B. They allow users to directly interact with the database

C. They can help prevent SQL injection attacks

D. They allow for the dynamic generation of webpages

137 / 143

What is the purpose of Adversarial Artificial Intelligence?

A. To enhance the capabilities of existing AI models

B. To provide AI models with additional data for training

C. To fool AI models by supplying them with deceptive inputs

D. To improve the accuracy of AI models’ predictions

138 / 143

Client-side input validation in a web application…

A. Runs on the web server

B. Is entirely secure against data manipulation attacks

C. Allows Homer to purchase more than three Scrabbleships

D. Gives Homer an error message when he attempts to purchase more than four Scrabbleships

139 / 143

What does code obfuscation or code camouflage do?

A. Makes the code easier to copy

B. Oversimplifies the code

C. Renames variables and replaces numbers with expressions

D. Makes the code to run faster

140 / 143

What is a driver shim and what does it help to achieve?

A. A driver shim is a type of hardware device that allows the operating system to interact with older drivers.

B. A driver shim is additional code that is run instead of the original driver to provide compatibility with older drivers.

C. The driver shim is a code used to fix intermittent problems with the device or software component that the driver services.

D. A driver shim is another name for rewritten driver code targeting to correct software design.

141 / 143

What is the role of AI and ML in Cybersecurity?

A. It uses algorithms to infiltrate systems

B. It determines what is normal activity for a network and uses this as a baseline to detect anomalies

C. It helps in the composition of spam emails

D. It assists the hackers in launching attacks on a network by predicting potential vulnerabilities

142 / 143

Which two primary messages does ARP use in its operation?

A. ARP send and ARP receive

B. ARP query and ARP acknowledgment

C. ARP request and ARP reply

D. ARP transmit and ARP echo

143 / 143

What is a key vulnerability that organizations should consider when outsourcing code development?

A. The code may not work as expected

B. The code may contain undetectable backdoors or logic bombs

C. The code may not be updateable to fix vulnerabilities

D. The code may not be maintainable

Your score is

Dowload the FREE OFFLINE Version of this Test Bank

Boost your cybersecurity skills! Click to download the CompTIA Security+ Practice Anki deck.

Boost your IT skills with our free CompTIA Security+ practice test focusing on Chapter 07: Protecting Against Advanced Attacks. Whether you’re entering the IT industry or advancing in cyber security, our resources are here to help you succeed in the CompTIA Exam.

Why Choose Our CompTIA Security+ Practice Test?

Skill Enhancement:

Covers essential techniques for protecting against advanced attacks crucial for the CompTIA Exam.

Career Advancement:

Passing the CompTIA Security+ exam can open doors to new job opportunities and significant career changes in the IT industry.

Vulnerability Management:

Master the art of protecting against advanced attacks, a key skill in cyber security.

Free Anki Deck Download

Download our free Anki Deck, reviewed by industry expert Josh Madakor, who has extensive experience in IT and cyber security, including work with Microsoft and government sectors. Learn more about Anki on the official site.

Get Started with Your IT Career Change Today!

Visit the CompTIA Security+ official site and the CompTIA Network+ official site for more information.

Chapter 07 – Protecting Against Advanced Attacks

Dowload the FREE OFFLINE Version of this Test Bank

Why Choose Our CompTIA Security+ Practice Test?

Skill Enhancement:

Career Advancement:

Vulnerability Management:

Free Anki Deck Download

Explore our other free practice tests:

Related Posts

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

The Affordable, Hands-On Cyber Security that gets Results!

JOIN OUR

NEWSLETTER