CompTIA SY0-501 Security+ Take Ten Challenge #2

Last modified on June 7th, 2020 at 9:12 am

2-1: Which of the following would best describe data in-use?
A switch forwards a frame to a router
A point of sale terminal encrypts a credit card number
Customer information is transmitted across an IPsec tunnel
Encrypted data is stored in a SQL database
A laptop drive is configured for whole disk encryption

Correct!

Wrong!

2-2: An attacker has determined that they can intentionally overwrite an area of memory to perform an exploit. Which of these would best describe this exploitation method?
Man in the middle
Data injection
Cross-site request forgery
Buffer overflow
Driver manipulation

Correct!

Wrong!

2-3: A security administrator would like to limit internal users from directly communicating to external web sites. Which of these security technologies would be the best choice for this objective?
Firewall
IPS
Proxy
Load balancer
VPN concentrator

Correct!

Wrong!

2-4: Which of these best describes TPM functionality?
Hardware root of trust
EMI prevention
Reverse proxy
EAL4
Application blacklisting

Correct!

Wrong!

2-5: Which of the following would be a disadvantage to using PAP during authentication?
The password hash is easy to brute force
The credentials are passed in the clear
Only operates over dial-up lines
The passwords are stored as a salted hash
Must be used with a third-party trust

Correct!

Wrong!

2-6: Which data label would be most associated with patient records from a medical doctor?
PII
NDA
PCI
PHI
DSS

Correct!

Wrong!

2-7: Which of the following would NOT commonly be associated with a server's certificate chain?
Server certificate
Private key
Root CA certificate
Intermediate certificates
Root CA certificate hash

Correct!

Wrong!

2-8: An attacker has infected a government healthcare reporting web site with malware in an effort to gain access to a hospital network. When the hospital visits the government site, the malware will attempt to infect the hospital computer. Which of the following would best describe this attack type?
Watering hole
Man-in-the-middle
Hoax
Data injection
Cross-site request forgery

Correct!

Wrong!

2-9: During a scheduled event, a security administrator was able to exploit a known vulnerability on a server to gain root access. Which of the following would best describe this event?
Penetration test
Man-in-the-middle
Vulnerability scan
DoS
Spoofing

Correct!

Wrong!

2-10: A security administrator needs to create a report each day that shows the number of invalid login attempts across all of their servers. Which of these would be the best way to provide this information?
Proxy
NAC
DLP
Firewall
SIEM

Correct!

Wrong!

Share the quiz to show your results !

Subscribe to see your results

SY0-501 Take Ten Challenge #2

I got %%score%% of %%total%% right

%%description%%

%%description%%

Loading...

Category: SY0-501 Take Ten Challenges

Comments are closed.

X
My Network+ Study Group is live right now! Click here to join us
My free Live Network+ Study Group is Wednesday. Click here to register!