CompTIA SY0-501 Security+ Take Ten Challenge #2Step 1 of 1010%2-1: Which of the following would best describe data in-use? A switch forwards a frame to a router Encrypted data is stored in a SQL database Customer information is transmitted across an IPsec tunnel A point of sale terminal encrypts a credit card number A laptop drive is configured for whole disk encryption 2-2: An attacker has determined that they can intentionally overwrite an area of memory to perform an exploit. Which of these would best describe this exploitation method? Man in the middle Data injection Cross-site request forgery Buffer overflow Driver manipulation 2-3: A security administrator would like to limit internal users from directly communicating to external web sites. Which of these security technologies would be the best choice for this objective? IPS VPN concentrator Firewall Proxy Load balancer 2-4: Which of these best describes TPM functionality? Reverse proxy EMI prevention EAL4 Application blacklisting Hardware root of trust 2-5: Which of the following would be a disadvantage to using PAP during authentication? Must be used with a third-party trust Only operates over dial-up lines The password hash is easy to brute force The passwords are stored as a salted hash The credentials are passed in the clear 2-6: Which data label would be most associated with patient records from a medical doctor? DSS NDA PHI PII PCI 2-7: Which of the following would NOT commonly be associated with a server's certificate chain? Root CA certificate hash Root CA certificate Intermediate certificates Private key Server certificate 2-8: An attacker has infected a government healthcare reporting web site with malware in an effort to gain access to a hospital network. When the hospital visits the government site, the malware will attempt to infect the hospital computer. Which of the following would best describe this attack type? Hoax Cross-site request forgery Data injection Watering hole Man-in-the-middle 2-9: During a scheduled event, a security administrator was able to exploit a known vulnerability on a server to gain root access. Which of the following would best describe this event? Man-in-the-middle Spoofing Penetration test Vulnerability scan DoS 2-10: A security administrator needs to create a report each day that shows the number of invalid login attempts across all of their servers. Which of these would be the best way to provide this information? Firewall NAC Proxy SIEM DLP Take Ten Challenge #2 companion video with detailed answers:
