- (Exam Topic 1)
A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

1. A. openssl
2. B. hping
3. C. netcat
4. D. tcpdump

Correct Answer: A
To verify that a client-server (non-web) application is sending encrypted traffic, a security analyst can use
OpenSSL. OpenSSL is a software library that provides cryptographic functions, including encryption and decryption, in support of various security protocols, including SSL/TLS. It can be used to check whether a client-server application is using encryption to protect traffic. References:
CompTIA Security+ Certification Exam Objectives - Exam SY0-601

- (Exam Topic 1)
The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again. Which of the following is MOST capable of accomplishing both tasks?

1. A. HIDS
2. B. Allow list
3. C. TPM
4. D. NGFW

Correct Answer: D
Next-Generation Firewalls (NGFWs) are designed to provide advanced threat protection by combining traditional firewall capabilities with intrusion prevention, application control, and other security features. NGFWs can detect and block unauthorized access attempts, malware infections, and other suspicious activity. They can also be used to monitor file access and detect unauthorized copying or distribution of copyrighted material.
A next-generation firewall (NGFW) can be used to detect and prevent copyright infringement by analyzing network traffic and blocking unauthorized transfers of copyrighted material. Additionally, NGFWs can be configured to enforce access control policies that prevent unauthorized access to sensitive resources. References:
CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 6

- (Exam Topic 3)
A user reports constant lag and performance issues with the wireless network when working at a local coffee shop A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output:

Which of the following attacks does the analyst most likely see in this packet capture?

1. A. Session replay
2. B. Evil twin
3. C. Bluejacking
4. D. ARP poisoning

Correct Answer: B
An evil twin is a type of wireless network attack that involves setting up a rogue access point that mimics a legitimate one. It can trick users into connecting to the rogue access point instead of the real one, and then intercept or modify their traffic, steal their credentials, launch phishing pages, etc. In this packet capture, the analyst can see that there are two access points with the same SSID (CoffeeShop) but different MAC addresses (00:0c:41:82:9c:4f and 00:0c:41:82:9c:4e). This indicates that one of them is an evil twin that is trying to impersonate the other one.

- (Exam Topic 4)
A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would most likely have prevented this breach?

1. A. A firewall
2. B. A device pin
3. C. A USB data blocker
4. D. Biometrics

Correct Answer: C
A USB data blocker is a device that prevents data transfer between a USB device and a host computer, while still allowing charging. This can prevent data breaches caused by malicious USB chargers or devices that may attempt to access or infect the phone’s data.

- (Exam Topic 3)
Two organizations are discussing a possible merger Both Organizations Chief Fi-nancial Officers would like to safely share payroll data with each Other to de-termine if the pay scales for different roles are similar at both organizations Which Of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

1. A. Pseudo-anonymization
2. B. Tokenization
3. C. Data masking
4. D. Encryption

Correct Answer: A
Pseudo-anonymization is a technique of replacing sensitive data with artificial identifiers or pseudonyms that preserve some characteristics or attributes of the original data. It can protect employee data while allowing the companies to successfully share this information by removing direct identifiers such as names, addresses, etc., but retaining indirect identifiers such as job roles, pay scales, etc., that are relevant for the comparison.