CompTIA Security+ Certification SY0-601 Practice Exams, 4th Edition (2021)

Preview (31 of 544 Pages)

100%

Purchase to unlock

Loading page image...

PracticeSave10%onanyExamQuestionsCompTIAexamvoucher!Couponcodeinside.FourthEdition||r-OnlineContentIncludes:*Pre-assessmentexam=«Testenginethatprovidesfull-lengthpracticeexamsandcustomizedquizzesbychapterorbyexamdomain5|°T,CEHFI™SCNP™,CISS!«Interactiveperformance-basedqu1

Loading page image...

DownloadedfromStudyXY.com=—®+StudyXYSdYe.o>\|iF’prE\3SStudyAnythingThisContentHasbeenPostedOnStudyXY.comassupplementarylearningmaterial.StudyXYdoesnotendroseanyuniversity,collegeorpublisher.Allmaterialspostedareundertheliabilityofthecontributors.wv8)www.studyxy.com

Loading page image...

Security+)CertificationPracticeExams,.DanielLachanceGlenE.ClarkeMcGrawHillisanindependententityfromCompTIA®andisnotaffiliatedwithCompTIAinanymanner.ThispublicationandaccompanyingmediamaybeusedMcinassistingstudentstopreparefortheCompTIASecurity+exam.NeitherCompTIAnorMcGrawHillwarrantsthatuseofthispublicationandaccompanyingmediawillGrawensurepassinganyexam.CompTIAandCompTIASecurity+™aretrademarksorHillregisteredtrademarksofCompTIAintheUnitedStatesand/orothercountries.Allothertrademarksaretrademarksoftheirrespectiveowners.TheCompTIAMarksare).theproprietarytrademarksand/orservicemarksofCompTIAanditsaffiliatesusedASebaunderlicensefromCompTIA.MiliNewDelhiSingaporeSydneyTorontoStudy

Loading page image...

Copyright©2021byMcGraw-Hill.Allrightsreserved.ExceptaspermittedundertheUnitedStatesCopyrightActof1976,nopartofthispublicationmaybereproducedordistributedinanyformorbyanymeans,orstoredinadatabaseorretrievalsystem,withoutthepriorwrittenpermissionofthepublisher,withtheexceptionthattheprogramlistingsmaybeentered,stored,andexecutedinacomputersystem,buttheymaynotbereproducedforpublication.ISBN:978-1-26-046798-7MHID: 1-26-046798-8ThematerialinthiseBookalsoappearsintheprintversionofthistitle:ISBN:978-1-26-046797-0,MHID:1-26-046797-X.eBookconversionbycodeMantraVersion1.0Alltrademarksaretrademarksoftheirrespectiveowners.Ratherthanputatrademarksymbolaftereveryoccurrenceofatrademarkedname,weusenamesinaneditorialfashiononly,andtothebenefitofthetrademarkowner,withnointentionofinfringementofthetrademark.Wheresuchdesignationsappearinthisbook,theyhavebeenprintedwithinitialcaps.McGraw-HillEducationeBooksareavailableatspecialquantitydiscountstouseaspremiumsandsalespromotionsorforuseincorporatetrainingprograms.Tocontactarepresentative,pleasevisittheContactUspageatwww.mhprofessional.com.InformationhasbeenobtainedbyMcGraw-HillEducationfromsourcesbelievedtobereliable.However,becauseofthepossibilityofhumanormechanicalerrorbyoursources,McGraw-HillEducation,orothers,McGraw-HillEducationdoesnotguaranteetheaccuracy,adequacy,orcompletenessofanyinformationandisnotresponsibleforanyerrorsoromissionsortheresultsobtainedfromtheuseofsuchinformation.TERMSOFUSE

Loading page image...

ThisisacopyrightedworkandMcGraw-HillEducationanditslicensorsreserveallrightsinandtothework.Useofthisworkissubjecttotheseterms.ExceptaspermittedundertheCopyrightActof1976andtherighttostoreandretrieveonecopyofthework,youmaynotdecompile,disassemble,reverseengineer,reproduce,modify,createderivativeworksbasedupon,transmit,distribute,disseminate,sell,publishorsublicensetheworkoranypartofitwithoutMcGraw-HillEducation’spriorconsent.Youmayusetheworkforyourownnoncommercialandpersonaluse;anyotheruseoftheworkisstrictlyprohibited.Yourrighttousetheworkmaybeterminatedifyoufailtocomplywiththeseterms.THEWORKISPROVIDED“ASIS.”McGRAW-HILLEDUCATIONANDITSLICENSORSMAKENOGUARANTEESORWARRANTIESASTOTHEACCURACY,ADEQUACYORCOMPLETENESSOFORRESULTSTOBEOBTAINEDFROMUSINGTHEWORK,INCLUDINGANYINFORMATIONTHATCANBEACCESSEDTHROUGHTHEWORKVIAHYPERLINKOROTHERWISE,ANDEXPRESSLYDISCLAIMANYWARRANTY,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTOIMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE.McGraw-HillEducationanditslicensorsdonotwarrantorguaranteethatthefunctionscontainedintheworkwillmeetyourrequirementsorthatitsoperationwillbeuninterruptedorerrorfree.NeitherMcGraw-HillEducationnoritslicensorsshallbeliabletoyouoranyoneelseforanyinaccuracy,errororomission,regardlessofcause,intheworkorforanydamagesresultingtherefrom.McGraw-HillEducationhasnoresponsibilityforthecontentofanyinformationaccessedthroughthework.UndernocircumstancesshallMcGraw-HillEducationand/oritslicensorsbeliableforanyindirect,incidental,special,punitive,consequentialorsimilardamagesthatresultfromtheuseoforinabilitytousethework,evenifanyofthemhasbeenadvisedofthepossibilityofsuchdamages.Thislimitationofliabilityshallapplytoanyclaimorcausewhatsoeverwhethersuchclaimorcausearisesincontract,tortorotherwise.

Loading page image...

ForRomanandTrinity,whomakeafatherproudandenrichlifebeyondmeasure.—Dad

Loading page image...

ABOUTTHEAUTHORSDanielLachance,CompTIACloudEssentials,CompTIAServer+,CompTIAA+,CompTIANetwork+,CompTIASecurity+,MCT,MCSA,MCITP,MCTS,istheownerofLachanceITConsulting,Inc.,basedinHalifax,NovaScotia.DanhasdeliveredtechnicalITtrainingforawidevarietyofproductsformorethan20years.HehasrecordedITsupportvideosrelatedtosecurityandvariouscloud-computingplatforms.Danhasdevelopedcustomapplicationsandplanned,implemented,troubleshot,anddocumentedvariousnetworkconfigurationsandconductednetworksecurityaudits.HehasworkedasatechnicaleditoronanumberofcertificationtitlesandhasauthoredtitlesincludingCompTIAServer+CertificationAll-in-OneExamGuide(ExamSK0-004)andCompTIASecurity+CertificationPracticeExams,SecondEdition(ExamSY0-401).GlenE.Clarke,MCSE,MCSD,MCT,CCNA,CEH,CHFI,PenTest+,Security+,Network+,A+,isatechnicaltrainerandownerofDCAdvancedTechnologyTraining(DCATT),anITtrainingcompanybasedoutofAtlanticCanadathatdeliversliveinstructortrainingonlineandatthecustomer’ssite.GlenspendsmostofhistimedeliveringcoursesonCiscoCCNA,CompTIAA+,Network+,Security+,andPenTest+.HealsodeliverscertifiedtrainingonWindowsServer,SQLServer,SharePoint,Office365,ExchangeServer,VisualBasic.NET,andASP.NET.Glenteachesanumberofsecurity-relatedcoursescoveringtopicssuchasethicalhackingandcountermeasures,penetrationtesting,vulnerabilitytesting,firewalldesign,andpacketanalysis.GlenisauthoroftheCompTIASecurity+CertificationStudyGuide,CompTIANetwork+CertificationStudyGuide.HealsodesignedandcoauthoredtheCCT/CCNARoutingandSwitchingAll-In-OneExamGuide.

Loading page image...

AbouttheTechnicalEditorNickMitropoulosistheCEOofScarletDragonflyandhasmorethanadecadeofexperienceinsecuritytraining,cybersecurity,incidenthandling,vulnerabilitymanagement,securityoperations,threatintelligence,anddatalossprevention.Hehasworkedforavarietyofcompanies(includingtheGreekMinistryofEducation,AT&T,F5Networks,JPMorganChase,KPMG,andDeloitte)andhasprovidedcriticaladvicetomanyclientsregardingvariousaspectsoftheirsecurity.He’sSC/NATOsecuritycleared,acertified(ISC)?andEC-Councilinstructor,Ciscochampion,seniorIEEEmemberaswellasaGIACadvisoryboardmember,andhasanMSc(withdistinction)inAdvancedSecurityandDigitalForensicsfromEdinburghNapierUniversity.Heholdsmorethan25securitycertificationsincludingGCIH,GPEN,GWAPT,GISF,Security+,SSCP,CBE,CMO,CCNACyberOps,CCNASecurity,CCNARouting&Switching,CCDA,CEH,CEI,PaloAlto(ACE),Qualys(CertifiedSpecialistinAssetViewandThreatPROTECT,CloudAgent,PCICompliance,PolicyCompliance,VulnerabilityManagement,WebApplicationScanning),andSplunkCertifiedUser.Ifyouhaveanyquestionsorwanttoprovideanyfeedback,pleasefeelfreetoreachoutviafeedback@scarlet-dragonfly.com,LinkedIn(https://www.linkedin.com/in/nickmitropoulos)orTwitter(@MitropoulosNick).

Loading page image...

CONTENTSIntroductionExamReadinessChecklist1NetworkingBasicsandTerminologyQuestionsQuickAnswerKeyIn-DepthAnswers2IntroductiontoSecurityTerminologyQuestionsQuickAnswerKeyIn-DepthAnswers3SecurityPoliciesandStandardsQuestionsQuickAnswerKeyIn-DepthAnswers4TypesofAttacksQuestionsQuickAnswerKeyIn-DepthAnswers5VulnerabilitiesandThreatsQuestionsQuickAnswerKey

Loading page image...

In-DepthAnswers6MitigatingSecurityThreatsQuestionsQuickAnswerKeyIn-DepthAnswers7ImplementingHost-basedSecurityQuestionsQuickAnswerKeyIn-DepthAnswers8SecuringtheNetworkInfrastructureQuestionsQuickAnswerKeyIn-DepthAnswers9WirelessNetworkingandSecurityQuestionsQuickAnswerKeyIn-DepthAnswers10AuthenticationQuestionsQuickAnswerKeyIn-DepthAnswers11AuthorizationandAccessControlQuestionsQuickAnswerKeyIn-DepthAnswers12IntroductiontoCryptography

Loading page image...

QuestionsQuickAnswerKeyIn-DepthAnswers13ManagingaPublicKeyInfrastructureQuestionsQuickAnswerKeyIn-DepthAnswers14PhysicalSecurityQuestionsQuickAnswerKeyIn-DepthAnswers15ApplicationAttacksandSecurityQuestionsQuickAnswerKeyIn-DepthAnswers16VirtualizationandCloudSecurityQuestionsQuickAnswerKeyIn-DepthAnswers17RiskAnalysisQuestionsQuickAnswerKeyIn-DepthAnswers18DisasterRecoveryandBusinessContinuityQuestionsQuickAnswerKeyIn-DepthAnswers

Loading page image...

19UnderstandingMonitoringandAuditingQuestionsQuickAnswerKeyIn-DepthAnswers20SecurityAssessmentsandAuditsQuestionsQuickAnswerKeyIn-DepthAnswers21IncidentResponseandComputerForensicsQuestionsQuickAnswerKeyIn-DepthAnswersAPre-assessmentExamQuestionsQuickAnswerKeyIn-DepthAnswersBAbouttheOnlineContentSystemRequirementsYourTotalSeminarsTrainingHubAccountSingleUserLicenseTermsandConditionsTotalTesterOnlineOtherBookResourcesTechnicalSupport

Loading page image...

INTRODUCTIONelcometoCompTIASecurity+CertificationPracticeExams,FourthEdition!ThisbookservesasapreparationtoolfortheCompTIASecurity+certificationexam(SY0-601)aswellasforyourworkintheITsecurityfield.Afteryou'vegonethroughtheCompTIASecurity+CertificationStudyGuide,FourthEditionthoroughly,youcantestyourknowledgeusingthispracticeexamsbook.TheCompTIASecurity+Exam(ExamTheCompTIASecurity+certificationexamisavendor-neutralexamthatvalidatesyourskillsinriskidentificationandmanagement,theapplicationofphysicalanddigitalsecuritycontrolsfordevicesandnetworks,disasterrecovery,theadherencetorulessetforthbylegalandregulatorybodies,aswellascloudcomputing.ThiscertificationisaimedatindividualswhohaveaminimumoftwoyearsofexperienceinITadministration,focusingonsecurity.TheCompTIASecurity+examconsistsoffivedomains(categories).CompTIArepresentstherelativeimportanceofeachdomainwithinthebodyofknowledgerequiredforanentry-levelITprofessionaltakingthisexam.1.0Attacks,Threats,andVulnerabilities24percent2.0ArchitectureandDesign21percent3.0Implementation25percent4.0OperationsandIncidentResponse16percent

Loading page image...

5.0Governance,Risk,andCompliance14percentYourCompTIASecurity+certificationisvalidforthreeyearsfromthedateyouarecertified,afterwhichtimeyoumusttakethemostcurrentversionoftheexamtokeepyourcertification.DetailedinformationregardingtheCompTIASecurity+certificationandexamisavailableatwww.comptia.org.InThisBookTheobjectiveofthisbookistoprepareyoufortheCompTIASecurity+exambyfamiliarizingyouwiththetechnologyandbodyofknowledgetestedontheexam.Becausetheprimaryfocusofthisbookistohelpyoupassthetest,wedon’talwayscovereveryaspectoftherelatedtechnology.Someaspectsofthetechnologyarecoveredonlytotheextentnecessarytohelpyouunderstandwhatyouneedtoknowtopasstheexam,butwehopethisbookwillserveyouasavaluableprofessionalresourceafteryourexamaswell.CompTIASecurity+CertificationPracticeExams,FourthEdition(ExamSY0-601),providesabatteryofpracticetestquestionsorganizedbytheofficialexamobjectives.The21chapterscontainmorethan600questionsthatcoveralltheobjectivesfortheSY0-601exam.Additionally,theaccompanyingmediacontains300questionsinacustomizabletestenginethatenablesyoutotakethreefullpracticeexamsinasimulatedtestingenvironmentorcustomizedexamsbychapterorexamdomain.ThisbookwasdevelopedandwritteninconjunctionwiththeCompTIASecurity+CertificationStudyGuide,FourthEdition(ExamSY0-601),byGlenE.Clarke.Theorderinwhichtheobjectivesarepresentedisidentical,asarethechaptertitles.Thesebooksweredesignedtoworktogetherasacomprehensiveprogramforself-study.Pre-assessmentExamThisbookfeaturesapre-assessmentexaminAppendixA.Thepre-assessmentexamwillgaugeyourareasofstrengthandweaknesssoyoucantailoryourstudiesbasedonyourneeds.Werecommendthatyoutakethepre-assessmenttestbeforestartingthequestionsinChapter1.

Loading page image...

InEveryChapterThisbookisorganizedinsuchawayastoserveasanin-depthreviewfortheCompTIASecurity+examforbothexperiencedITsecurityprofessionalsandnewcomerstosecuritytechnologies.Eachchaptercoversamajoraspectoftheexam,withpracticequestionstotestyourknowledgeofspecificexamobjectives.TheSY0-601examwillpresentyouwithsomeperformance-basedquestionsthatwilltestyourabilitytocarryoutatasktosolveaproblem.Thiscouldbeintheformoftypinginacommand,placingnetworkdevicesinthecorrectpositionsonanetworkmap,ormatchingtermswithdefinitions.Eachchaptercontainscomponentsthatcallyourattentiontoimportantitemsandreinforcesalientpoints.Takealookatwhatyou’llfindineverychapter:mEverychapterbeginswithcertificationobjectives,alistoftheofficialCompTIAexamobjectivescoveredinthatchapter.mPracticequestions,similartothosefoundontheactualexam,areincludedineverychapter.Byansweringthesequestions,you’lltestyourknowledgewhilebecomingfamiliarwiththestructureoftheexamquestions.mTheQuickAnswerKeysectionfollowsthequestionsandenablesyoueasilytocheckyouranswers.=mIn-DepthAnswersattheendofeverychapterincludeexplanationsforthecorrectandincorrectanswerchoicesandprovideanopportunityforreviewingtheexamtopics..PracticeExamsInadditiontothemorethan600questionsincludedinthisbook,300questionsareincludedinthecustomizabletestengineontheaccompanyingmedia.Youcancreatepracticeexamsbyobjectiveorbychapter,oryoucantakefull-lengthpracticeexams.Likethequestionsinthechapters,thesepracticeexamsalsoincludedetailedexplanationsforthecorrectandincorrectanswerchoices.Formoreinformationabouttheaccompanyingmedia,pleaseseeAppendixB.

Loading page image...

StrategiesforUseYoucanusethisbookavarietyofways,whethersimultaneouslywiththeCompTIASecurity+CertificationStudyGuide,FourthEdition,orasastand-alonetestpreptool.mWiththeStudyGuideTakingachapter-by-chapterapproach,youcanopttoreadaStudyGuidechapterandthenpracticewhatyouhavelearnedwiththequestionsinthecorrespondingPracticeExamschapter,alternatingbetweenbooksthroughoutyourcourseofstudy.mThePracticeExamsbookaloneUsingthePracticeExamsbookafteryouhavereadtheStudyGuide,orasastand-alonetestpreptool,youcanworkthroughthebookcovertocoverandtakethethreepracticeexamsasthefinalstepinyourpreparation.Alternatively,bymeansofthe“ExamReadinessChecklist”inthenextsection,youcangaugeyourlevelofexpertiseanddeterminewhichobjectivestofocusonandthenworkthroughthebookbyobjectives.Thechecklistnoteswhichquestionspertaintowhichobjectives,enablingyoutotailoryourreview.

Loading page image...

ExamReadinessChecklistThis“ExamReadinessChecklist”hasbeenconstructedtoenableyoutoreferencetheofficialCompTIASecurity+objectivesandrefertotheorderinwhichtheseobjectivesarecoveredinthisbook.Youcancheckyourprogressandensurethatyouspendthetimeyouneedonmoredifficultorunfamiliarsections.TheobjectivesarelistedasCompTIAhaspresentedthemwiththecorrespondingbookchapternumber.ExamReadinessChecklistChapterOfficialObjectiveNumber1.0Threats,Attacks,andVulnerabilities1.1Compareandcontrastdifferenttypesofsocialengineering4techniques.1.2Givenascenario,analyzepotentialindicatorstodeterminethe4,5typeofattack.1.3Givenascenario,analyzepotentialindicatorsassociatedwith15applicationattacks.1.4Givenascenario,analyzepotentialindicatorsassociatedwith4,9networkattacks.1.5Explaindifferentthreatactors,vectors,andintelligence2,5sources.1.6Explainthesecurityconcernsassociatedwithvarioustypesof5vulnerabilities.1.7Summarizethetechniquesusedinsecurityassessments.19,201.8Explainthetechniquesusedinpenetrationtesting.20

Loading page image...

2.0ArchitectureandDesign2.1Explaintheimportanceofsecurityconceptsinanenterprise~~8,16environment.2.2Summarizevirtualizationandcloudcomputingconcepts.162.3Summarizesecureapplicationdevelopment,deployment,and15automationconcepts.2.4Summarizeauthenticationandauthorizationdesignconcepts.102.5Givenascenario,implementcybersecurityresilience.5,182.6Explainthesecurityimplicationsofembeddedandspecialized5systems.2.7Explaintheimportanceofphysicalsecuritycontrols142.8Summarizethebasicsofcryptographicconcepts123.0Implementation3.1Givenascenario,implementsecureprotocols.123.2Givenascenario,implementhostorapplicationsecurity6,7,15solutions.3.3Givenascenario,implementsecurenetworkdesigns.1,83.4Givenascenario,installandconfigurewirelesssecurity9settings.3.5Givenascenario,implementsecuremobilesolutions.73.6Givenascenario,applycybersecuritysolutionstothecloud.163.7Givenascenario,implementidentityandaccount11managementcontrols.3.8Givenascenario,implementauthenticationandauthorization10,11solutions.3.9Givenascenario,implementpublickeyinfrastructure.134.0OperationsandIncidentResponse4.1Givenascenario,usetheappropriatetooltoassess20,21organizationalsecurity.

Loading page image...

4.2Summarizetheimportanceofpolicies,processes,and21procedureforincidentresponse.4.3Givenanincident,utilizeappropriatedatasourcestosupport21aninvestigation.4.4Givenanincident,applymitigationtechniquesorcontrolsto21secureanenvironment.4.5Explainthekeyaspectsofdigitalforensics.215.0Governance,Risk,andCompliance5.1Compareandcontrastvarioustypesofcontrols.115.2Explaintheimportanceofapplicableregulations,standards,or3frameworksthatimpactorganizationalsecurityposture.5.3Explaintheimportanceofpoliciestoorganizationalsecurity.35.4Summarizeriskmanagementprocessesandconcepts.17,185.5Explainprivacyandsensitivedataconceptsinrelationto2,3security.ChapterOverviewThefollowinglistprovidesageneraloverviewofwhatyoucanexpectfromeachofthe21chaptersinthisbook.mChapter1:NetworkingBasicsandTerminologyYou’llexplorehowtoconfigureIPv4andIPv6environmentsproperly,howloadbalancingprovidesapplicationhighavailabilityandimprovedperformance,andhowtoconfigureloadbalancing,includingactive/activeandactive/passive.mChapter2:IntroductiontoSecurityTerminologyYou'llexplorevariousthreatactortypesandtheirmotivations,sourcesofcybersecuritythreatintelligence,anddatarolesandresponsibilities.mChapter3:SecurityPoliciesandStandardsYou’llexplorehowdataprivacyindustrystandardsandregulationsinfluencehowdataisclassifiedandprotectedinaccordancewithorganizationalsecurity

Loading page image...

policies.umChapter4:TypesofAttacksYou'llexplorehowsocialengineeringcancompromisesystemsandentirenetworks;howvariousattackssuchaspassword,cryptographic,andphysicalattackscanbeexecuted;andhowmaliciouscodecanbetriggered.mChapter5:VulnerabilitiesandThreatsYou’llexplorevarioustypesofmalwaresuchasspywareandransomware,systemconfigurationvulnerabilities,andthreatsrelatedtoIoTdevices,industrialcontrolsystems,andembeddeddevices.mChapter6:MitigatingSecurityThreatsYou'llexplorehowtohardennetworkdevicesandhoststoreducetheattacksurfaceusingmethodssuchasdiskencryptionandpatchmanagement.mChapter7:ImplementingHost-basedSecurityYou’llexplorehowtosecureendpointdevicesbyhardeningdatabases,enablingTPM,preventingdataloss,andusingMDMtoolstosecuremobiledeviceswithremotewipeandstoragesegmentationconfigurations.mChapter8:SecuringtheNetworkInfrastructureYou’llexplorehownetworksecuritycanbeachievedusingHSMs,TLS,honeypots,andhoneynets;howdatasovereigntyinfluencesdataprivacypractices;andhowtousenetworksecuritysolutionssuchasNAC,VPNs,andVLAN:Stocontrolandsecurenetworkaccess.mChapter9:WirelessNetworkingandSecurityYou’llexplorehowtoinstallandconfiguresecurewirelessnetworksusingsolutionssuchasEAP,WPA3,andIEEE802.1xtomitigatewirelessnetworkthreatssuchasbluesnarfingandradio-frequencyjamming.mChapter10:AuthenticationYou’llexploreauthenticationprotocolssuchasCHAPand802.1x,authenticationmethodsincludingone-timepasswordsandtokenkeys,andhowmultifactorauthenticationenhancesusersign-insecurity.mChapter11:AuthorizationandAccessControlYou'llexplorevarioustypesofsecuritycontrolssuchasdetectiveandcompensatingcontrols,therolethatidentityprovidersplayinauthorizingresourceaccess,andhowtograntresourcepermissionsandhardenuseraccounts.mChapter12:IntroductiontoCryptographyYou'llexplorecryptographicconceptsrelatedtokeys,encryptionandhashing,and

Loading page image...

steganography,andhownetworksecurityprotocolssuchasDNSSECandHTTPSareimplemented.mChapter13:ManagingaPublicKeyInfrastructureYou'llexplorePKIconceptsincludingcertificateauthoritiesandcertificatesigningrequests,thecertificatelifecycle,andvarioustypesofcertificatesandhowtheyareissuedandused.umChapter14:PhysicalSecurityYou’llexplorevarioustypesofphysicalcontrolssuchassecurityguards,cablelocks,andUSBdatablockers,aswellassecuredatadestructiontechniquesincludingshreddinganddegaussing.mChapter15:ApplicationAttacksandSecurityYou’llexplorecommonapplicationattackssuchasSQLinjectionandintegeroverflows,automatedcodetestingforefficientqualityassurance,andcommonapplicationthreatmitigationtechniquessuchasblocklistsandsecurecodingtechniques.mChapter16:VirtualizationandCloudSecurityYou’llexploretherelationshipbetweenvirtualizationandcloudcomputing,howtosecuretheuseofcloudcomputingservicesusingoptionssuchassecuritygroupsandreplication,andhowtosecuretheuseofvirtualmachines.mChapter17:RiskAnalysisYou’llexploreriskmanagementstrategiessuchasriskacceptanceandrisktransfer,howtoestablishariskregister,andhowtocalculatethecostofrealizedthreatsandcomparethemagainstthecostofsecuritycontrols.mChapter18:DisasterRecoveryandBusinessContinuityYou’llexplorehowtoensurebusinesscontinuitythroughredundancyoptionssuchasRAIDanddatareplication;usingdatabackupson-premisesandinthecloud;aswellasdetermininghownegativeincidentsmayaffecttheorganizationthroughabusinessimpactanalysis.mChapter19:UnderstandingMonitoringandAuditingYou’llexplorehowtoconfigureloggingforvarioustypesofdevicesandhosts,howtocentrallymonitorforsecurityincidentsusingSIEM,andhowtoautomateincidentresponseusingSOAR.mChapter20:SecurityAssessmentsandAuditsYou'llexploretheimportanceofperiodichostandnetworksecurityaudits;thedifferentbetweenreconnaissance,vulnerabilityscanning,andpenetrationtesting;andsomeofthetechniquesusedwhenconductingsecurity

Loading page image...

assessments.mChapter21:IncidentResponseandComputerForensicsYou'llexploredigitalforensics,includinghowtogather,store,andanalyzeevidenceinaccordancewithevidencestandardssuchaschainofcustody;andyou’llexaminetheimportanceofincidentresponseplanningandexecution.

Loading page image...

Chapter1NetworkingBasicsandTerminologyCERTIFICATIONOBJECTIVES1.01ConfiguringLoadBalancers1.02ManagingIPv41.03ManagingIPv6Disruptionofconnectivitytoapplicationspresentsariskforbothon-premisesandcloud-basedapps.AppperformancecaninfluencetheeffectivenessofITsolutionsusedtoaddressbusinessneeds.Loadbalancingaddressesbothapplicationreachabilityandperformanceneeds.Aloadbalanceracceptsclientapprequestsandroutesthemtoapoolofbackendservers,wheretheleastbusyserverservicestherequest.Becausetherearemultipleserversservinguptheapp,abackendserverfailuredoesnotdisruptuserconnectionstoapps;instead,theloadbalancerdoesnotrouteclientrequeststotheunresponsivehost.InternetProtocolversion4(IPv4)andthenewerIPv6aretheprotocolfoundationsonwhichnetworkservicesareavailable.IPv6usesa128-bithexadecimaladdressingschemeaswellasdevicediscoveryand

Loading page image...

communicationtechniquesthatdifferfromIPv4.1.Whichofthefollowingbenefitsarerealizedfromimplementingaloadbalancer?(Choosetwo.)A.ImprovedappperformanceB.IncreasedappsecurityC.IncreasedappregulatorycomplianceD.Increasedappavailability2.AbusywebsitehasnotbeenrespondingwellbecauseofthelargevolumeofHTTPrequestssenttothewebserver.Whichsolutionwouldbethemostoptimaltoimprovecurrentandfuturewebserverperformance?A.AddmoreRAMtothewebserver.B.Usetwowebservershostingthesamecontent.ConfigurealoadbalancertodistributeincomingHTTPconnectionsbetweenthetwowebservers.C.PlacearouterbetweenthewebserverandtheInternettothrottleincomingHTTPconnections.D.EnableSSLonthewebserver.3.Youwouldliketopreventclientrequestsfrombeingservicedbybusybackendservershostingusersessions.Whichloadbalancerschedulingalgorithmshouldyouconfigure?A.RoundrobinB.WeightedroundrobinC.RandomD.Leastconnections4.DuringanITmeeting,yourcolleagueTrinitysuggeststhatthereisasinglepointoffailureinthesingleloadbalancerinplaceforthecompanywebsiteorderingsystem.Shesuggestshavingtwoloadbalancersconfigured,withonlyoneinserviceatagiventime.WhattypeofloadbalancingconfigurationhasTrinitydescribed?A.RoundrobinB.Active-activeC.Active-passive

Loading page image...

D.Leastconnections5.Anactive-passiveloadbalancersolutionisconfiguredonyournetwork.Whenthestandbyloadbalancerdeterminesthattheprimaryloadbalancerisdown,whatattributedoesittakecontrolof?A.LoadbalancerMACaddressB.LoadbalancerIPaddressC.FirstbackendserverMACaddressD.FirstbackendserverIPaddress6.Yourpubliccloud-basedloadbalancerusesLinuxbackendserverstohostawebapplication.EachbackendLinuxhostisconfiguredwithonlyasingleprivateIPv4address.YouneedtobeabletomanageeachLinuxbackendhostremotelyfromyouron-premisesnetworkwithoutexposingeachbackendserverdirectlytotheInternet.Whichoptionsshouldyouconsider?(Choosetwo.)A.AssignapublicIPaddresstoeachbackendLinuxinstance.B.AssignanIPv6addresstoeachbackendLinuxinstance.C.ConfigureinboundNATrulesontheloadbalancer.D.Configureajumpboxsolution.7.Toimproveapplicationperformanceforapublic-facingwebapplication,youwanttoreducetheamountofprocessingforeachbackendWindowsserverconfiguredinaloadbalancerbackendserverpool.HTTPSiscurrentlyconfiguredoneachserver.HTTPSisrequiredtoprotecttrafficwebapplicationtraffic.Whatshouldyoudo?A.EnableSSL/TLSpass-throughontheloadbalancer.B.ConfigureIPSecontheloadbalancer.C.ConfigureSSL/TLSterminationattheloadbalancer.D.GenerateanewcertificatefortheloadbalancerDNSname.8.HowdoesanOSIlayer7loadbalancerdifferfromalayer4loadbalancer?A.Layer7loadbalancerscaninspectIPaddressestomakeloadbalancingdecisions.B.Layer7loadbalancerscaninspectURLstomakeloadbalancingdecisions.

Loading page image...

C.Layer7loadbalancerscanexamineMACaddressestomakeloadbalancingdecisions.D.Layer7loadbalancerscanexamineportnumberstomakeloadbalancingdecisions.9.RefertoFigure1-1.Whichtypeofloadbalancingisbeingdepicted?A.FixedweightedB.SourceIPhashC.LeastconnectionD.Roundrobin

Loading page image...

|Server14:1Request4TSRequest1————|Server?2ERequest2—Request3——EK|Loadbalancer3Server3BackendLinuxserversFIGURE1-1Loadbalancerconnections10.Whatistheprimarypurposeofaloadbalancerhealthprobeconfiguration?A.TocheckInternetconnectivityB.TocheckloadbalancerresponsivenessC.Tocheckbackendserverresponsiveness

Loading page image...

D.Tocompareperformancebaselinestocurrentmetrics11.Whiletestingacustomloadbalancedapplication,youdeterminethattheappdependsonclientdevicesbeingconnectedtothesamebackendserverthroughoutasession.Whichloadbalanceroptionshouldyouenabletosupportthiskindofbehavior?A.SourceIPaffinityB.HealthprobeC.RoundrobinD.Fixedweight12.IPv6addressesconsistofhowmanybits?A.8B.16C.32D.12813.YouneedtotesttodeterminewhetheralocalIPv6stackisfunctioningonaWindows10host.Whichcommandshouldyouissue?A.ping127.0.0.1B.ipconfig—test127.0.0.1C.ping0:0:0:0:0:0:0:1D.ipconfig—test0:0:0:0:0:0:0:114.AnITtechnicianissuestheWindowsipconfigcommandandisconcernedafternoticinganaddresswithanFE80prefix.Whatshouldyoutellthetechnician?A.IPv6hostsalwayshavealink-localunicastaddressbeginningwithFE80.B.IPv6hostswithanFE80addressareunabletocommunicateontheInternet.C.FEB80issimilartoanIPv4169.254prefix;itmeansthehostcouldnotreachaDHCPserver.D.TheIPv4FE80prefixisthelocalloopbackaddress.15.WhichIPv6protocolisprimarilyresponsibleforerrorandstatusinformation?A.TCP

Loading page image...

B.ICMPC.UDPD.IP16.RefertoFigure1-2.Whatiswrongwiththelistedconfiguration?(Choosetwo.)A.Theloadbalancerisusingalink-localIPv6addressinsteadofapublicIPv6address.B.IPv6addressescanusedoublecolonnotationonlyoncewithinanIPv6address.C.LoadbalancerbackendserverscannotbeconfiguredwithIPv6addresses.D.LoadbalancerpublicIPaddressesmustbeIPv4,notIPv6.Loadbalancername:LB1PublicIPaddress:FE80:E85D:94BF:30D3I——IN||f|FE80::E85D:94BF:40D3FE80:E85:D3FE80:E85D:94BF:50D3FIGURE1-2Loadbalanceraddressing

Loading page image...

17.OnebackendservernamedHOST2isusedbyaloadbalancerinabackendpool.HOST2hasmoreRAMandCPUprocessingpowerthanothersinthesamebackendpool.Youneedtoensurethatmoreclientrequestsareservicedbythispowerfulserver.Whatshouldyoudo?A.AssignalowerpriorityweightvaluetoHOST2.B.Assignalowpriorityweightvaluetotheloadbalancer.C.Assignahighpriorityweightvaluetotheloadbalancer.D.AssignahigherpriorityweightvaluetoHOST2.18.Whichloadbalancingschedulingalgorithmtreatsallbackendserversequallywhenitcomestoclientrequestprocessingcapabilities?A.RoundrobinB.WeightedroundrobinC.RandomD.Leastconnections19.Whichofthefollowingtermsisthemostcloselyrelatedtoaloadbalancer?A.ReverseproxyB.ForwardproxyC.JumpboxD.Contentdeliverynetwork20.Whichofthefollowingloadbalancingsolutionsisbestsuitedforroutingincomingvideo-streamingrequeststospecificbackendserversoptimizedforstreaming?A.Layer4loadbalancerB.RoundrobinC.FixedweightD.Layer7loadbalancer21.YouareconfiguringaloadbalancertosupportabackendpoolofFTPserversusingstandardportnumbers.WhichTCPportsshouldtheloadbalanceracceptFTPrequestson?A.20,21B.21,23

Loading page image...

C.21,80D.80,44322.Userscomplainthatwhentheyaccessaloadbalancedshoppingwebsite,periodicallythecontentsoftheirshoppingcartislost.Whatshouldyouconfigureintheloadbalancertoalleviatetheissue?A.Active-passiveB.VirtualIPC.PersistenceD.Active-active23.YouareconfiguringloadbalancersupportforanHTTPScustomwebapplication.Whichofthefollowingstatementsregardingthisscenarioarecorrect?(Choosetwo.)A.Backendserverscanlistenonanyportnumber.B.Trafficbetweentheloadbalancerandbackendserversdoesnothavetobeencrypted.C.ThebackendserverportnumbermustbethesameastheloadbalancerVIPportnumber.D.HTTPSrequiresanactive-activeloadbalancerconfiguration.24.Youaredesigningaloadbalancingstrategyforamulti-tieredwebappnamedAPP1thatusesfrontendpubliclyaccessiblewebservers,applicationservers,anddatabaseservers.APP1experiencesalargenumberofrequestseachday.Youneedtoensurethattheperformanceofeachwebapptierisoptimized.Whatshouldyoudo?A.Configureaninternalloadbalancerinfrontofthewebservers,aninternalloadbalancerbetweenwebserversandappservers,andapublicloadbalancerbetweenappserversanddatabaseservers.B.Configureapublicloadbalancerinfrontofthewebservers,aninternalloadbalancerbetweenwebserversandappservers,andanotherinternalloadbalancerbetweenappserversanddatabaseServers.C.Createaloadbalanceractive-activeconfiguration.D.Createaloadbalanceractive-passiveconfiguration.25.RefertoFigure1-3.Toensureproperloadbalancedwebappfunctionality,whatshouldbeconfiguredwhereaquestionmark

Preview Mode

This document has 544 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

CompTIA CySA+ Study Guide, 3rd Edition (2023)

CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide (Exam CS0-003) (2024)

CompTIA DataX Study Guide: Exam DY0-001 (2024)

CompTIA CySA+ Practice Tests: Exam CS0-003 (2023)

CompTIA Tech+ CertMike Exam FC0-U71 (2024)

CompTIA Security+ Practice Tests: Exam SY0-701 (2024)

CompTIA Network+ Study Guide: Exam N10-009 (2024)

CompTIA Network+ Practice Tests: Exam N10-009 (2024)

CompTIA DataSys+ Study Guide : Exam DS0-001 (2023)

CompTIA Security+ Study Guide with over 500 Practice Test Questions : Exam SY0-701 (2023)

Company

Explore

Study Tools