Quiz CompTIA Security+

Organized crime is a type of threat actor that is motivated by financial gain and often operates across
national borders. Organized crime groups may be hired by foreign governments to conduct
cyberattacks on critical systems located in other countries, such as power grids, military networks, or
financial institutions. Organized crime groups have the resources, skills, and connections to carry out
sophisticated and persistent attacks that can cause significant damage and
disruption12. Reference = 1: Threat Actors - CompTIA Security+ SY0-701 - 2.1 2: CompTIA Security+
SY0-701 Certification Study Guide

Salting is the process of adding extra random data to a password or other data before applying a one-
way data transformation algorithm, such as a hash function. Salting increases the complexity and
randomness of the input data, making it harder for attackers to guess or crack the original data using
precomputed tables or brute force methods. Salting also helps prevent identical passwords from
producing identical hash values, which could reveal the passwords to attackers who have access to
the hashed data. Salting is commonly used to protect passwords stored in databases or transmitted
over networks. Reference =
Passwords technical overview
Encryption, hashing, salting – what’s the difference?
Salt (cryptography)

Phishing is a type of social engineering attack that involves sending fraudulent emails that appear to
be from legitimate sources, such as payment websites, banks, or other trusted entities. The goal of
phishing is to trick the recipients into clicking on malicious links, opening malicious attachments, or
providing sensitive information, such as log-in credentials, personal data, or financial details. In this
scenario, the employee received an email from a payment website that asked the employee to
update contact information. The email contained a link that directed the employee to a fake website
that mimicked the appearance of the real one. The employee entered the log-in information, but
received a “page not found” error message. This indicates that the employee fell victim to a phishing
attack, and the attacker may have captured the employee’s credentials for the payment
website. Reference = Other Social Engineering Attacks – CompTIA Security+ SY0-701 – 2.2, CompTIA
Security+: Social Engineering Techniques & Other Attack … - NICCS, [CompTIA Security+ Study Guide
with over 500 Practice Test Questions: Exam SY0-701, 9th Edition]

The correct answer is D because it allows only the device with the IP address 10.50.10.25 to send
outbound DNS requests on port 53, and denies all other devices from doing so. The other options are
incorrect because they either allow all devices to send outbound DNS requests (A and C), or they
allow no devices to send outbound DNS requests (B). Reference = You can learn more about firewall
ACLs and DNS in the following resources:
CompTIA Security+ SY0-701 Certification Study Guide, Chapter 4: Network Security1
Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 3.2: Firewall Rules2
TOTAL: CompTIA Security+ Cert (SY0-701) | Udemy, Section 6: Network Security, Lecture 28: Firewall
Rules3

SSO stands for single sign-on, which is a method of authentication that allows users to access
multiple applications or services with one set of credentials. SSO reduces the number of credentials
employees need to maintain and simplifies the login process. SSO can also improve security by
reducing the risk of password reuse, phishing, and credential theft. SSO can be implemented using
various protocols, such as SAML, OAuth, OpenID Connect, and Kerberos, that enable the exchange of
authentication information between different domains or systems. SSO is commonly used for
accessing SaaS applications, such as Office 365, Google Workspace, Salesforce, and others, using
domain credentials123.
B) LEAP stands for Lightweight Extensible Authentication Protocol, which is a Cisco proprietary
protocol that provides authentication for wireless networks. LEAP is not related to SaaS applications
or domain credentials4.
C) MFA stands for multi-factor authentication, which is a method of authentication that requires
users to provide two or more pieces of evidence to prove their identity. MFA can enhance security by
adding an extra layer of protection beyond passwords, such as tokens, biometrics, or codes. MFA is
not related to SaaS applications or domain credentials, but it can be used in conjunction with SSO.
D) PEAP stands for Protected Extensible Authentication Protocol, which is a protocol that provides
secure authentication for wireless networks. PEAP uses TLS to create an encrypted tunnel between
the client and the server, and then uses another authentication method, such as MS-CHAPv2 or EAP-
GTC, to verify the user’s identity. PEAP is not related to SaaS applications or domain credentials.
Reference = 1: Security+ (SY0-701) Certification Study Guide | CompTIA IT Certifications 2: What is
Single Sign-On (SSO)? - Definition from WhatIs.com 3: Single sign-on - Wikipedia 4: Lightweight
Extensible Authentication Protocol - Wikipedia : What is Multi-Factor Authentication (MFA)? -
Definition from WhatIs.com : Protected Extensible Authentication Protocol - Wikipedia

A business email compromise (BEC) attack is a type of phishing attack that targets employees who
have access to company funds or sensitive information. The attacker impersonates a trusted person,
such as an executive, a vendor, or a client, and requests a fraudulent payment, a wire transfer, or
confidential data. The attacker often uses social engineering techniques, such as urgency, pressure,
or familiarity, to convince the victim to comply with the request12.
In this scenario, option A describes a possible BEC attack, where an employee receives a gift card
request in an email that has an executive’s name in the display field of the email. The email may look
like it is coming from the executive, but the actual email address may be spoofed or compromised.
The attacker may claim that the gift cards are needed for a business purpose, such as rewarding
employees or clients, and ask the employee to purchase them and send the codes. This is a common
tactic used by BEC attackers to steal money from unsuspecting victims34.
Option B describes a possible ransomware attack, where malicious software encrypts the files on a
device and demands a ransom for the decryption key. Option C describes a possible credential
harvesting attack, where an attacker tries to obtain the login information of a privileged account by
posing as a legitimate authority. Option D describes a possible phishing attack, where an attacker
tries to lure the victim to a fake website that mimics the company’s email portal and capture their
credentials. These are all types of cyberattacks, but they are not examples of BEC
attacks. Reference = 1: Business Email Compromise - CompTIA Security+ SY0-701 - 2.2 2: CompTIA
Security+ SY0-701 Certification Study Guide 3: Business Email Compromise: The 12 Billion Dollar
Scam 4: TOTAL: CompTIA Security+ Cert (SY0-701) | Udemy

A jump server is a device or virtual machine that acts as an intermediary between a user’s
workstation and a remote network segment. A jump server can be used to securely access servers or
devices that are not directly reachable from the user’s workstation, such as database servers. A jump
server can also provide audit logs and access control for the remote connections. A jump server is
also known as a jump box or a jump host12.
RADIUS is a protocol for authentication, authorization, and accounting of network access. RADIUS is
not a device or a method to access remote servers, but rather a way to verify the identity and
permissions of users or devices that request network access34.
HSM is an acronym for Hardware Security Module, which is a physical device that provides secure
storage and generation of cryptographic keys. HSMs are used to protect sensitive data and
applications, such as digital signatures, encryption, and authentication. HSMs are not used to access
remote servers, but rather to enhance the security of the data and applications that reside on
them5 .
A load balancer is a device or software that distributes network traffic across multiple servers or
devices, based on criteria such as availability, performance, or capacity. A load balancer can improve
the scalability, reliability, and efficiency of network services, such as web servers, application servers,
or database servers. A load balancer is not used to access remote servers, but rather to optimize the
delivery of the services that run on them . Reference =
How to access a remote server using a jump host
Jump server
RADIUS
Remote Authentication Dial-In User Service (RADIUS)
Hardware Security Module (HSM)
[What is an HSM?]
[Load balancing (computing)]
[What is Load Balancing?]

A buffer overflow is a type of software vulnerability that occurs when an application writes more
data to a memory buffer than it can hold, causing the excess data to overwrite adjacent memory
locations. This can lead to unexpected behavior, such as crashes, errors, or code execution. A buffer
overflow can be exploited by an attacker to inject malicious code or commands into the application,
which can compromise the security and functionality of the system. An organization’s internet-facing
website was compromised when an attacker exploited a buffer overflow. To best protect against
similar attacks in the future, the organization should deploy a web application firewall (WAF). A WAF
is a type of firewall that monitors and filters the traffic between a web application and the internet. A
WAF can detect and block common web attacks, such as buffer overflows, SQL injections, cross-site
scripting (XSS), and more. A WAF can also enforce security policies and rules, such as input
validation, output encoding, and encryption. A WAF can provide a layer of protection for the web
application, preventing attackers from exploiting its vulnerabilities and compromising its
data. Reference = Buffer Overflows – CompTIA Security+ SY0-701 – 2.3, Web Application Firewalls –
CompTIA Security+ SY0-701 – 2.4, [CompTIA Security+ Study Guide with over 500 Practice Test
Questions: Exam SY0-701, 9th Edition]

The correct answer is A because multifactor authentication (MFA) is a method of verifying a user’s
identity by requiring more than one factor, such as something the user knows (e.g., password),
something the user has (e.g., token), or something the user is (e.g., biometric). MFA can prevent
unauthorized access even if the user’s password is compromised, as the attacker would need to
provide another factor to log in. The other options are incorrect because they do not address the root
cause of the attack, which is weak authentication. Permissions assignment (B) is the process of
granting or denying access to resources based on the user’s role or identity. Access management © is
the process of controlling who can access what and under what conditions. Password complexity (D)
is the requirement of using strong passwords that are hard to guess or crack, but it does not prevent
an attacker from using a stolen password. Reference = You can learn more about multifactor
authentication and other security concepts in the following resources:
CompTIA Security+ SY0-701 Certification Study Guide, Chapter 1: General Security Concepts1
Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 1.2: Security Concepts2
Multi-factor Authentication – SY0-601 CompTIA Security+ : 2.43
TOTAL: CompTIA Security+ Cert (SY0-701) | Udemy, Section 3: Identity and Access Management,
Lecture 15: Multifactor Authentication4
CompTIA Security+ Certification SY0-601: The Total Course [Video], Chapter 3: Identity and Account
Management, Section 2: Enabling Multifactor Authentication5

Smishing is a type of social engineering technique that uses text messages (SMS) to trick victims into
revealing sensitive information, clicking malicious links, or downloading malware. Smishing
messages often appear to come from legitimate sources, such as banks, government agencies, or
service providers, and use urgent or threatening language to persuade the recipients to take
action12. In this scenario, the text message that claims to be from the payroll department is an
example of smishing.
Impersonation is a type of social engineering technique that involves pretending to be someone else,
such as an authority figure, a trusted person, or a colleague, to gain the trust or cooperation of the
target. Impersonation can be done through various channels, such as phone calls, emails, text
messages, or in-person visits, and can be used to obtain information, access, or money from the
victim34. In this scenario, the text message that pretends to be from the payroll department is an
example of impersonation.
A) Typosquatting is a type of cyberattack that involves registering domain names that are similar to
popular or well-known websites, but with intentional spelling errors or different
extensions. Typosquatting aims to exploit the common mistakes that users make when typing web
addresses, and redirect them to malicious or fraudulent sites that may steal their information, install
malware, or display ads56. Typosquatting is not related to text messages or credential verification.
B) Phishing is a type of social engineering technique that uses fraudulent emails to trick recipients
into revealing sensitive information, clicking malicious links, or downloading malware. Phishing
emails often mimic the appearance and tone of legitimate organizations, such as banks, retailers, or
service providers, and use deceptive or urgent language to persuade the recipients to take action78.
Phishing is not related to text messages or credential verification.
D) Vishing is a type of social engineering technique that uses voice calls to trick victims into revealing
sensitive information, such as passwords, credit card numbers, or bank account details. Vishing calls
often appear to come from legitimate sources, such as law enforcement, government agencies, or
technical support, and use scare tactics or false promises to persuade the recipients to comply9 .
Vishing is not related to text messages or credential verification.
F. Misinformation is a type of social engineering technique that involves spreading false or
misleading information to influence the beliefs, opinions, or actions of the target. Misinformation
can be used to manipulate public perception, create confusion, damage reputation, or promote an
agenda . Misinformation is not related to text messages or credential verification.
Reference = 1: What is Smishing? | Definition and Examples | Kaspersky 2: Smishing - Wikipedia 3:
Impersonation Attacks: What Are They and How Do You Protect Against Them? 4: Impersonation -
Wikipedia 5: What is Typosquatting? | Definition and Examples | Kaspersky 6: Typosquatting -
Wikipedia 7: What is Phishing? | Definition and Examples | Kaspersky 8: Phishing -
Wikipedia 9: What is Vishing? | Definition and Examples | Kaspersky : Vishing - Wikipedia : What is
Misinformation? | Definition and Examples | Britannica : Misinformation - Wikipedia