CompTIA Security+ (SY0-601) Certmaster

MadScientist

New Member
Jun 18, 2022
2
0
5
I found a new one, and I think the technically correct answer is not the one they want:
Which of the following protocols would secure a tunnel for credential exchange?
  1. LDAPS - should be right, CompTia says no
  2. SFTP
  3. FTPES
  4. DNSSEC
From their CertMaster lessons: LDAP Secure (LDAPS)—the server is installed with a digital certificate, which it uses to set up a secure tunnel for the user credential exchange. LDAPS uses port 636.

Now I have to try the whole 63 question test over again & again to guess what they want. And this was the only question I missed thanks to the questions guide from here. Weird thing is I missed only 1 (different) question before, so its almost like LDAP was right the first time but not the second...?
 

MadScientist

New Member
Jun 18, 2022
2
0
5
The answer was FTPES. Using the guide from this forum guide I recertified in about 8 hours after scoring ~60% on my own before that.
 

colokid

New Member
Jul 8, 2022
1
0
2
THE ANSWER IS LDAPS
DO NOT LISTEN TO THEM
I missed one question out of 63 because of this stupid discussion above that convinced me to change my mind to a counter-intuitive answer.
LDAPS
 

7aurelius

New Member
Jul 8, 2022
4
0
3
Which of the following is used to review application code for signatures of known issues before it is packaged as an executable?


A. Static code analysis
 

7aurelius

New Member
Jul 8, 2022
4
0
3
Question
A network administrator set up a basic packet filtering firewall using an open-source application running on a Linux virtual machine. The immediate benefit to this deployment is the quick configuration of basic firewall rules. What other functionality would influence a decision to deploy a stateless, rather than stateful, firewall? (Select all that apply.)

Block TCP ports

Allow network protocols
 

7aurelius

New Member
Jul 8, 2022
4
0
3
A support technician reviews a computer's boot integrity capabilities and discovers that the system supports a measured boot process. Which statement accurately describes this process? Measured boot will record the presence of unsigned kernel-level code.
 

7aurelius

New Member
Jul 8, 2022
4
0
3
A company with archived and encrypted data looks to archive the associated private keys needed for decryption. The keys should be externally archived and heavily guarded. Which option should the company use?

key escrow
 

kramz1989

New Member
Aug 11, 2022
1
0
3
Adding this updated answer:
An independent penetration testing company is invited to test a company's legacy banking application developed for Android phones. It uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. Penetration tests reveal the connections with clients were vulnerable to a Man-in-the-Middle (MITM) attack. How does the company prevent this from happening in the public Internet?

A.Use certificate transparency framework (correct)
B. Use only TLS (wrong)
C. Use extended validation (wrong)
D. Use certificate chaining (wrong)


And
THE ANSWER IS LDAPS
DO NOT LISTEN TO THEM
I missed one question out of 63 because of this stupid discussion above that convinced me to change my mind to a counter-intuitive answer.
LDAPS
LDAPS indeed is the correct answer to this.
 

VeryLazyDoos

New Member
Aug 19, 2022
1
0
6
An independent penetration testing company is invited to test a company's legacy banking application developed for Android phones. It uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. Penetration tests reveal the connections with clients were vulnerable to a Man-in-the-Middle (MITM) attack. How does the company prevent this from happening in the public Internet?

A. Use certificate transparency framework (Correct)

B. Use only TLS (wrong)

C. Use extended validation (wrong)

D. Use certificate chaining (wrong)

A company has a two-level certificate authority (CA) hierarchy. One of the CA servers is offline, while the others are online. Which statements are TRUE of online and offline CAs? (Select all that apply.)

A. An online root is required to add an intermediate CA. (Correct)

B. An offline CA is able to publish an up-to-date CRL. (wrong)

C. An online CA is needed in order to publish a CRL. (Correct)

D. An offline CA is a security measure that prevents MitM. (wrong)

Correct answers are A, C.

An organization moves its data to the cloud. Engineers utilize regional replication to protect data. Review the descriptions and conclude which ones apply to this configuration. (Select all that apply.)

A solution that is known as zone-redundant storage. (Correct)

Replicas are often located in separate fault domains. (wrong)

Access is available if a single data center is destroyed. (Correct)

Safeguards data within a single availability zone. (wrong)

Correct answers are A, C.


Which of the following protocols would secure a tunnel for credential exchange using port 636?

FTPES (wrong)

SFTP (wrong)

LDAPS (Correct)

DNSSEC (wrong)

Correct answer is C.
 

sjax

New Member
Aug 25, 2022
1
0
5
I updated the PDF with the newest version (as of 29Aug22). This greatly helped me with the onsie twosie questions I kept missing. Thank you so much for the collective effort!
 

Attachments

  • QA_Assessment_Security_Plus.pdf
    151.5 KB · Views: 96

SHANULI2000

New Member
Aug 29, 2022
1
0
2
An independent penetration testing company is invited to test a company's legacy banking application developed for Android phones. It uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. Penetration tests reveal the connections with clients were vulnerable to a Man-in-the-Middle (MITM) attack. How does the company prevent this from happening in the public Internet?

A. Use certificate transparency framework (Correct)

B. Use only TLS (wrong)

C. Use extended validation (wrong)

D. Use certificate chaining (wrong)

A company has a two-level certificate authority (CA) hierarchy. One of the CA servers is offline, while the others are online. Which statements are TRUE of online and offline CAs? (Select all that apply.)

A. An online root is required to add an intermediate CA. (Correct)

B. An offline CA is able to publish an up-to-date CRL. (wrong)

C. An online CA is needed in order to publish a CRL. (Correct)

D. An offline CA is a security measure that prevents MitM. (wrong)

Correct answers are A, C.

An organization moves its data to the cloud. Engineers utilize regional replication to protect data. Review the descriptions and conclude which ones apply to this configuration. (Select all that apply.)

A solution that is known as zone-redundant storage. (Correct)

Replicas are often located in separate fault domains. (wrong)

Access is available if a single data center is destroyed. (Correct)

Safeguards data within a single availability zone. (wrong)

Correct answers are A, C.


Which of the following protocols would secure a tunnel for credential exchange using port 636?

FTPES (wrong)

SFTP (wrong)

LDAPS (Correct)

DNSSEC (wrong)

Correct answer is C.
What's the answer to this Qs. Got this one wrong twice.
Which of the following conditions are results of a SYN (synchronize) flood attack? (Select all that apply.)

  1. A.Packet filtering
  2. B.Resource exhaustion
  3. C.Denial of service (DoS)
  4. D.Open connections
should be DOS and Resource exhaustion. But need one more, old one has amplification
 

Chinny

New Member
Aug 31, 2022
1
1
3
What's the answer to this Qs. Got this one wrong twice.
Which of the following conditions are results of a SYN (synchronize) flood attack? (Select all that apply.)

  1. A.Packet filtering
  2. B.Resource exhaustion
  3. C.Denial of service (DoS)
  4. D.Open connections
should be DOS and Resource exhaustion. But need one more, old one has amplification
Which of the following conditions are results of a SYN (synchronize) flood attack? (Select all that apply.)

  1. A.Packet filtering (NO)
  2. B.Resource exhaustion (YES)
  3. C.Denial of service (DoS) (YES)
  4. D.Open connections (YES)
I had trouble with this as well, and just now passed this domain choosing the three above (Resource Exhaustion, Denail of Service (DoS), and Open Connections)
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
Which of the following conditions are results of a SYN (synchronize) flood attack? (Select all that apply.)

  1. A.Packet filtering (NO)
  2. B.Resource exhaustion (YES)
  3. C.Denial of service (DoS) (YES)
  4. D.Open connections (YES)
I had trouble with this as well, and just now passed this domain choosing the three above (Resource Exhaustion, Denail of Service (DoS), and Open Connections)
I just wanted to share my appreciation for keeping this thread alive with fresh Sec+ content. If anyone here would like to take the PDF and update it with all the latest material I’ll happily give a nice big shoutout to them. Only if they/you want? Not needed but I’m sure that could help some people :)
 

magpiper

New Member
Oct 3, 2022
1
1
8
THE ANSWER IS LDAPS
DO NOT LISTEN TO THEM
I missed one question out of 63 because of this stupid discussion above that convinced me to change my mind to a counter-intuitive answer.
LDAPS
Discussion above was correct. COMPTIA had the answer wrong and I filed a complaint. It was changed to LDAPS to their acknowledgement back in June.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
This is hilarious, so ultimately the back and forth is from a switched “correct answer,” this all makes sense. I thought someone was trolling - great stuff
 
Top