CompTIA SY0-501 Security+ Take Ten Challenge #2Step 1 of 1010%2-1: Which of the following would best describe data in-use?A point of sale terminal encrypts a credit card numberA laptop drive is configured for whole disk encryptionCustomer information is transmitted across an IPsec tunnelEncrypted data is stored in a SQL databaseA switch forwards a frame to a router2-2: An attacker has determined that they can intentionally overwrite an area of memory to perform an exploit. Which of these would best describe this exploitation method?Cross-site request forgeryBuffer overflowMan in the middleData injectionDriver manipulation2-3: A security administrator would like to limit internal users from directly communicating to external web sites. Which of these security technologies would be the best choice for this objective?IPSFirewallVPN concentratorLoad balancerProxy2-4: Which of these best describes TPM functionality?Hardware root of trustEMI preventionEAL4Application blacklistingReverse proxy2-5: Which of the following would be a disadvantage to using PAP during authentication?The password hash is easy to brute forceThe credentials are passed in the clearOnly operates over dial-up linesThe passwords are stored as a salted hashMust be used with a third-party trust2-6: Which data label would be most associated with patient records from a medical doctor?PIINDAPCIDSSPHI2-7: Which of the following would NOT commonly be associated with a server's certificate chain?Private keyRoot CA certificate hashServer certificateRoot CA certificateIntermediate certificates2-8: An attacker has infected a government healthcare reporting web site with malware in an effort to gain access to a hospital network. When the hospital visits the government site, the malware will attempt to infect the hospital computer. Which of the following would best describe this attack type?Cross-site request forgeryHoaxMan-in-the-middleWatering holeData injection2-9: During a scheduled event, a security administrator was able to exploit a known vulnerability on a server to gain root access. Which of the following would best describe this event?DoSPenetration testMan-in-the-middleSpoofingVulnerability scan2-10: A security administrator needs to create a report each day that shows the number of invalid login attempts across all of their servers. Which of these would be the best way to provide this information?ProxyDLPNACSIEMFirewall Take Ten Challenge #2 companion video with detailed answers:
