Sec+ 501 Architecture and Design 15%

Buddy Armstrong
Quiz by Buddy Armstrong, updated 6 months ago


501 CompTIA Sec+ 501 Quiz on Sec+ 501 Architecture and Design 15%, created by Buddy Armstrong on 02/25/2019.

Resource summary

Question 1

In a corporation where compute utilization spikes several times a year, the Chief Information Officer (CIO) has requested a cost-effective architecture to handle the variable capacity demand. Which of the following characteristics BEST describes what the CIO has requested?
  • Elasticity
  • Scalability
  • High availability
  • Redundancy

Question 2

Which of the following is an important step to take BEFORE moving any installation packages from a test environment to production?
  • Roll back changes in the test environment
  • Verify the hashes of files
  • Archive and compress the files
  • Update the secure baseline

Question 3

A network administrator wants to implement a method of securing internal routing. Which of the following should the administrator implement?
  • DMZ
  • NAT
  • VPN
  • PAT

Question 4

Which of the following types of cloud Infrastructures would allow several organizations with similar structures and interests to realize shared storage and resources?
  • Private
  • Hybrid
  • Public
  • Community

Question 5

A company is developing a new secure technology and requires computers being used for development to be isolated. Which of the following should be implemented to provide the MOST secure environment?
  • A perimeter firewall and IDS
  • An air gapped compiler network
  • A honeypot residing in a DMZ
  • An ad hoc network with NAT
  • A bastion host

Question 6

A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed?
  • Removing the hard drive from its enclosure
  • Using software to repeatedly rewrite over the disk space
  • Using Blowfish encryption on the hard drives
  • Using magnetic fields to erase the data

Question 7

Ann, a security administrator, has been instructed to perform fuzz-based testing on the company's applications. Which of the following best describes what she will do?
  • Enter random or invalid data into the application in an attempt to cause it to fault
  • Work with the developers to eliminate horizontal privilege escalation opportunities
  • Test the applications for the existence of built-in- back doors left by the developers
  • Hash the application to verify it won't cause a false positive on the HIPS

Question 8

A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application’s full life cycle. Which of the following software development methodologies is the development team using?
  • Waterfall
  • Agile
  • Rapid
  • Extreme

Question 9

A security administrator is configuring a new network segment, which contains devices that will be accessed by external users, such as web and FTP server. Which of the following represents the MOST secure way to configure the new network segment?
  • The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic.
  • The segment should be placed in the existing internal VLAN to allow internal traffic only.
  • The segment should be placed on an intranet, and the firewall rules should be configured to allow external traffic.
  • The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.

Question 10

A security analyst wants to harden the company’s VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring?
  • Implement SRTP between the phones and the PBX.
  • Place the phones and PBX in their own VLAN.
  • Restrict the phone connections to the PBX.
  • Require SIPS on connections to the PBX.

Question 11

An organization is comparing and contrasting migration from its standard desktop configuration to the newest version of the platform. Before this can happen, the Chief Information Security Officer (CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. In which of the following principles of architecture and design is the CISO engaging?
  • Dynamic analysis
  • Change management
  • Baselining
  • Waterfalling

Question 12

A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate?
  • It can protect multiple domains
  • It provides extended site validation
  • It does not require a trusted certificate authority
  • It protects unlimited subdomains

Question 13

A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is expected to accommodate at most 14 physical hosts. Which of the following subnets would BEST meet the requirements?

Question 14

A company has a security policy that specifies all endpoint computing devices should be assigned a unique identifier that can be tracked via an inventory management system. Recent changes to airline security regulations have cause many executives in the company to travel with mini tablet devices instead of laptops. These tablet devices are difficult to tag and track. An RDP application is used from the tablet to connect into the company network. Which of the following should be implemented in order to meet the security policy requirements?
  • Virtual desktop infrastructure (IDI)
  • WS-security and geo-fencing
  • A hardware security module (HSM)
  • RFID tagging system
  • MDM software
  • Security Requirements Traceability Matrix (SRTM)

Question 15

The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers' names and credit card numbers with the PIN. Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data?
  • Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted
  • Create a user training program to identify the correct use of email and perform regular audits to ensure compliance
  • Implement a DLP solution on the email gateway to scan email and remove sensitive data or files
  • Classify all data according to its sensitivity and inform the users of data that is prohibited to share

Question 16

A security administrator has been assigned to review the security posture of the standard corporate system image for virtual machines. The security administrator conducts a thorough review of the system logs, installation procedures, and network configuration of the VM image. Upon reviewing the access logs and user accounts, the security administrator determines that several accounts will not be used in production. Which of the following would correct the deficiencies?
  • Mandatory access controls
  • Disable remote login
  • Host hardening
  • Disabling services

Question 17

Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field. Which of the following has the application programmer failed to implement?
  • Revision control system
  • Client side exception handling
  • Server side validation
  • Server hardening

Question 18

A security administrator returning from a short vacation receives an account lock-out message when attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine. Which of the following can be implemented to reduce the likelihood of this attack going undetected?
  • Password complexity rules
  • Continuous monitoring
  • User access reviews
  • Account lockout policies

Question 19

A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening. In order to implement a true separation of duties approach the bank could:
  • Require the use of two different passwords held by two different individuals to open an account
  • Administer account creation on a role based access control approach
  • Require all new accounts to be handled by someone else other than a teller since they have different duties
  • Administer account creation on a rule based access control approach

Question 20

A security administrator has been tasked with improving the overall security posture related to desktop machines on the network. An auditor has recently that several machines with confidential customer information displayed in the screens are left unattended during the course of the day. Which of the following could the security administrator implement to reduce the risk associated with the finding?
  • Implement a clean desk policy
  • Security training to prevent shoulder surfing
  • Enable group policy based screensaver timeouts
  • Install privacy screens on monitors

Question 21

Company policy requires the use if passphrases instead if passwords. Which of the following technical controls MUST be in place in order to promote the use of passphrases?
  • Reuse
  • Length
  • History
  • Complexity

Question 22

Technicians working with servers hosted at the company's datacenter are increasingly complaining of electric shocks when touching metal items which have been linked to hard drive failures. Which of the following should be implemented to correct this issue?
  • Decrease the room temperature
  • Increase humidity in the room
  • Utilize better hot/cold aisle configurations
  • Implement EMI shielding

Question 23

The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws. Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data?
  • Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers
  • Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location
  • Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations
  • Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end-to-end encryption between mobile applications and the cloud.

Question 24

A security engineer is faced with competing requirements from the networking group and database administrators. The database administrators would like ten application servers on the same subnet for ease of administration, whereas the networking group would like to segment all applications from one another. Which of the following should the security administrator do to rectify this issue?
  • Recommend performing a security assessment on each application, and only segment the applications with the most vulnerability
  • Recommend classifying each application into like security groups and segmenting the groups from one another
  • Recommend segmenting each application, as it is the most secure approach
  • Recommend that only applications with minimal security features should be segmented to protect them

Question 25

An organization relies heavily on an application that has a high frequency of security updates. At present, the security team only updates the application on the first Monday of each month, even though the security updates are released as often as twice a week. Which of the following would be the BEST method of updating this application?
  • Configure testing and automate patch management for the application.
  • Configure security control testing for the application.
  • Manually apply updates for the application when they are released.
  • Configure a sandbox for testing patches before the scheduled monthly update.

Question 26

A software development company needs to share information between two remote servers, using encryption to protect it. A programmer suggests developing a new encryption protocol, arguing that using an unknown protocol with secure, existing cryptographic algorithm libraries will provide strong encryption without being susceptible to attacks on other known protocols. Which of the following summarizes the BEST response to the programmer's proposal?
  • The newly developed protocol will only be as secure as the underlying cryptographic algorithms used.
  • New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries.
  • A programmer should have specialized training in protocol development before attempting to design a new encryption protocol.
  • The obscurity value of unproven protocols against attacks often outweighs the potential for introducing new vulnerabilities.

Question 27

A network operations manager has added a second row of server racks in the datacenter. These racks face the opposite direction of the first row of racks. Which of the following is the reason the manager installed the racks this way?
  • To lower energy consumption by sharing power outlets
  • To create environmental hot and cold isles
  • To eliminate the potential for electromagnetic interference
  • To maximize fire suppression capabilities

Question 28

New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority. In case of a fire where electricity is cut, which of the following should be taken into consideration when installing the new locks?
  • Fail safe
  • Fault tolerance
  • Fail secure
  • Redundancy

Question 29

Which of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deployment?
  • Cloud computing
  • Virtualization
  • Redundancy
  • Application control

Question 30

The data backup window has expanded into the morning hours and has begun to affect production users. The main bottleneck in the process is the time it takes to replicate the backups to separate severs at the offsite data center. Which of the following uses of deduplication could be implemented to reduce the backup window?
  • Implement deduplication at the network level between the two locations
  • Implement deduplication on the storage array to reduce the amount of drive space needed
  • Implement deduplication on the server storage to reduce the data backed up
  • Implement deduplication on both the local and remote servers

Question 31

Which of the following best describes the initial processing phase used in mobile device forensics?
  • The phone should be powered down and the battery removed to preserve the state of data on any internal or removable storage utilized by the mobile device
  • The removable data storage cards should be processed first to prevent data alteration when examining the mobile device
  • The mobile device should be examined first, then removable storage and lastly the phone without removable storage should be examined again
  • The phone and storage cards should be examined as a complete unit after examining the removable storage cards separately.

Question 32

The chief Security Officer (CSO) has reported a rise in data loss but no break ins have occurred. By doing which of the following is the CSO most likely to reduce the number of incidents?
  • Implement protected distribution
  • Empty additional firewalls
  • Conduct security awareness training
  • Install perimeter barricades

Question 33

Having adequate lighting on the outside of a building is an example of which of the following security controls?
  • Deterrent
  • Compensating
  • Detective
  • Preventative

Question 34

After correctly configuring a new wireless enabled thermostat to control the temperature of the company's meeting room, Joe, a network administrator determines that the thermostat is not connecting to the internet-based control system. Joe verifies that the thermostat received the expected network parameters and it is associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network are functioning properly. The network administrator verified that the thermostat works when tested at his residence. Which of the following is the MOST likely reason the thermostat is not connecting to the internet?
  • The company implements a captive portal
  • The thermostat is using the incorrect encryption algorithm
  • the WPA2 shared likely is incorrect
  • The company's DHCP server scope is full

Question 35

A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner ( Which of the following rules is preventing the CSO from accessing the site? Blocked sites: *, *, *.mars?
  • Rule 1: deny from inside to outside source any destination any service smtp
  • Rule 2: deny from inside to outside source any destination any service ping
  • Rule 3: deny from inside to outside source any destination {blocked sites} service http-https
  • Rule 4: deny from any to any source any destination any service any

Question 36

Which of the following can affect electrostatic discharge in a network operations center?
  • Fire suppression
  • Environmental monitoring
  • Proximity card access
  • Humidity controls

Question 37

A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated. Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network?
  • Put the VoIP network into a different VLAN than the existing data network.
  • Upgrade the edge switches from 10/100/1000 to improve network speed
  • Physically separate the VoIP phones from the data network
  • Implement flood guards on the data network

Question 38

A database backup schedule consists of weekly full backups performed on Saturday at 12:00 a.m. and daily differential backups also performed at 12:00 a.m. If the database is restored on Tuesday afternoon, which of the following is the number of individual backups that would need to be applied to complete the database recovery?
  • 1
  • 2
  • 3
  • 4
Show full summary Hide full summary


Sec+ 501 Identity and Access Management 16%
Buddy Armstrong
Sec+ 501 Risk Management 14%
Buddy Armstrong
Sec+ 501 Cryptography and PKI 12%
Buddy Armstrong
COMPTIA Sec+ 501
Kevin S
COMPTIA Sec+ 501
Jorge Diaz
COMPTIA Sec+ 501
Chris Thompson
COMPTIA Sec+ 501
Chris Thompson
All math revision
Macbeth - Charcters
Enzymes and Respiration
I Turner
Arrested by Police - 1976 Bail Act (Section 3 & 4)
Mark Hughes