freefiles

CompTIA SK0-005 Exam Dumps & Practice Test Questions

Question No 1:

Despite having antivirus, anti-malware, and firewall solutions in place, which of the following remains the most probable vulnerability that could still be exploited in the system?

A. Insider threat
B. Worms
C. Ransomware
D. Open ports
E. Two-person integrity

Correct Answer: D

Explanation:

Even when a system is protected by antivirus, anti-malware, and firewalls, vulnerabilities can still exist — particularly if open ports are not properly managed. Open ports act as doorways that allow external systems to communicate with services on a host machine. While some ports are necessary for legitimate services (like HTTP or SSH), any port that is left open unnecessarily can become a target for attackers.

If these ports are not properly secured or monitored, they can provide a backdoor for malicious actors. Port scanning, a common reconnaissance technique, is often used by attackers to discover which ports are accessible. Once found, they may attempt to exploit known vulnerabilities in services listening on those ports.

In contrast, antivirus and anti-malware tools are designed to detect and remove known threats, and firewalls help regulate incoming and outgoing traffic based on predefined rules. However, neither can fully prevent an attacker from connecting through an open and vulnerable port, especially if legitimate services are misconfigured or outdated.

The other options are less likely in this specific scenario:

  • A. Insider threat requires internal access and is unrelated to the state of technical tools.

  • B. Worms and C. Ransomware are typically blocked by the existing security solutions if they are up to date.

  • E. Two-person integrity is a procedural control, not a technical vulnerability, and does not address system access through network services.

Therefore, open ports remain the most likely vulnerability in a system that is otherwise well-defended.

Question No 2:

A security analyst suspects that a remote server might be running vulnerable applications. Without administrative access, which tool would be the most useful in identifying potential security risks on the server?

A. User account control
B. Anti-malware
C. A sniffer
D. A port scanner

Correct Answer: D

Explanation:

When a security analyst does not have direct access to a server but wants to evaluate which services might be vulnerable, a port scanner is the most effective tool. Port scanners are used to probe a system's network interfaces and identify which ports are open and what services are potentially running on them.

Each service typically operates on a specific port number — for instance, port 80 for HTTP, port 443 for HTTPS, and port 22 for SSH. By scanning these ports, the analyst can gain insight into what kinds of software or services are available and assess whether any of them may be outdated or misconfigured.

Other tools mentioned are not suitable for this task:

  • A. User account control is a Windows feature that restricts changes requiring elevated permissions. It does not help with network reconnaissance or remote analysis.

  • B. Anti-malware detects and removes malicious code but needs to be installed on the system to work, and doesn't assist in identifying network-level vulnerabilities remotely.

  • C. A sniffer (like Wireshark) can capture and analyze traffic on a network, but unless the analyst is on the same network segment as the server, it won't be practical or revealing in this context.

A port scanner provides a clear view of what services are exposed externally, making it an essential tool for identifying potential vulnerabilities without needing internal access.

Question No 3:

An enterprise server is suffering from performance degradation, and users are experiencing connection issues with its hosted application. Upon investigation, the administrator finds several unauthorized services that are communicating with external systems. 

Which two of the following are the most probable causes of the issue? 

A. Adware is installed on the users’ devices
B. The firewall rule for the server is misconfigured
C. The server is infected with a virus
D. Intrusion detection is enabled on the network
E. Unnecessary services are disabled on the server
F. SELinux is enabled on the server

Correct Answers: B, C

Explanation:

The presence of unauthorized services actively communicating with external servers strongly indicates that the system's integrity has been compromised. There are two highly likely root causes in this situation:

  • C. The server is infected with a virus: Malware, particularly remote access trojans (RATs) or botnet agents, can silently install additional services on a system to enable data exfiltration or command-and-control communication with attackers. These unauthorized services consume system resources, which can degrade performance, and their outbound connections may bypass normal security mechanisms if not properly contained.

  • B. The firewall rule for the server is misconfigured: If firewall settings are too permissive or incorrectly defined, they might allow unauthorized inbound or outbound traffic. This can enable malware to establish a foothold or communicate freely with external threat actors. A misconfigured firewall can also fail to block malicious services from initiating or maintaining external connections, worsening both the security and performance issues.

The remaining options are less relevant:

  • A. Adware affects end-user devices, not server performance or unauthorized server communications.

  • D. Intrusion detection systems (IDS) monitor traffic but do not generate traffic or cause performance issues; in fact, they might help detect the current issue.

  • E. Disabling unnecessary services is a security best practice and would reduce potential vulnerabilities rather than cause problems.

  • F. SELinux, if properly configured, enhances security. While misconfiguration could restrict legitimate operations, it would not account for external unauthorized services or explain the current symptoms without additional context.

In summary, the most plausible explanation for the unauthorized activity and degraded server performance is a virus infection paired with a firewall misconfiguration, both of which undermine the system’s integrity and protection.

Question No 4:

A server technician is setting a static IP address for a newly installed server. The network configuration requires the server to use the IP address 10.20.10.15 with a default gateway of 10.20.10.254. 

Which subnet mask would best fit this setup?

A. 255.255.255.0
B. 255.255.255.128
C. 255.255.255.240
D. 255.255.255.254

Correct Answer:  A

Explanation:

Selecting the correct subnet mask is critical when configuring IP addresses, as it determines which devices can communicate directly within the same local network. Given the IP address 10.20.10.15 and the default gateway 10.20.10.254, we need a subnet mask that ensures both fall within the same subnet.

Let’s evaluate the options:

  • Option A (255.255.255.0)
    This subnet mask defines a Class C network, meaning the first three octets (10.20.10) represent the network portion and the last octet identifies the hosts. With this mask, the valid IP address range is 10.20.10.1 to 10.20.10.254, providing 254 usable host addresses. Both the server’s IP (10.20.10.15) and the gateway (10.20.10.254) fall within this range. This makes it the most appropriate and commonly used subnet mask for small to medium-sized networks.

  • Option B (255.255.255.128)
    This mask splits the address range into two subnets of 126 usable hosts each. While technically functional, it adds unnecessary complexity unless subnetting is explicitly required. It’s not the best fit for general configurations like this one.

  • Option C (255.255.255.240)
    This is a much smaller subnet, offering only 14 usable host addresses. The range wouldn't accommodate an address as high as 10.20.10.254, so it would exclude the gateway.

  • Option D (255.255.255.254)
    This allows only two IP addresses, which are typically used for point-to-point links. It is unsuitable for any network needing multiple hosts, including servers and gateways.

The best subnet mask to ensure the server and default gateway are part of the same network with sufficient room for growth is 255.255.255.0 (Option A). It balances simplicity, compatibility, and sufficient host capacity for most basic network environments.

Question No 5:

After replacing a failed hard drive in a storage array, a storage administrator notices the logical volume is still not functioning properly. What action should be taken next to fully restore the volume?

A. Initialize the volume
B. Format the volume
C. Replace the volume
D. Rebuild the volume

Correct Answer:  D

Explanation:

In storage environments, especially those using RAID (Redundant Array of Independent Disks), data redundancy allows the system to withstand the failure of one or more drives without losing data. However, after physically replacing a failed drive, the system must still synchronize the new disk with the rest of the array to restore redundancy and integrity.

  • Why “Rebuild the volume” is correct:
     Once a failed drive is swapped out, the array enters a degraded state. The newly inserted disk contains no data, so the system must rebuild the missing data onto this new drive using parity (in RAID 5/6) or mirrored data (in RAID 1/10) from the remaining drives. This rebuild process is crucial for returning the array to full operational status and safeguarding against additional failures.

  • What happens during a rebuild:
     The RAID controller calculates what data was stored on the failed drive and reconstructs it on the replacement. This ensures the logical volume regains redundancy and stability, and no data is lost in the process.

Let’s break down the incorrect choices:

  • Option A (Initialize the volume):
     Initialization typically refers to preparing a new volume or wiping an existing one. It would erase all data, which defeats the purpose of RAID redundancy. It is not a suitable response in this scenario.

  • Option B (Format the volume):
     Formatting also results in data loss, as it prepares the volume for new use, not recovery. This is inappropriate when you’re trying to retain and restore existing data.

  • Option C (Replace the volume):
     Replacing the entire volume implies deleting or abandoning the existing configuration and starting from scratch. This is unnecessarily destructive and not required just because a single disk was replaced.

The only appropriate step after replacing a failed drive in a RAID-configured storage array is to rebuild the volume (Option D). This ensures the new drive is fully integrated, the array is no longer in a degraded state, and all data redundancy is restored.

Question No 6:

A system administrator reviewing server logs notices an unusually high volume of incoming connections on port 80, despite the server not being configured as a web server.

Which of the following actions should be taken immediately to reduce the risk of unauthorized access?

A. Audit all group privileges and permissions
B. Run a checksum utility on all server files
C. Stop unnecessary services and close ports using the firewall
D. Conduct a port scan to detect open network ports
E. Enable port forwarding for port 80
F. Deploy a Network Intrusion Detection System (NIDS) on the server

Correct Answer: C, D

Explanation:

When a server that is not designated to function as a web server receives numerous connections on port 80 (commonly used for HTTP traffic), it strongly suggests possible misconfiguration or malicious probing. Immediate steps should be taken to contain any potential compromise.

Stopping unused services and blocking unused ports (Option C) is a critical first step. Any non-essential services, particularly those listening on port 80, should be promptly disabled to reduce the system's attack surface. In addition, using the firewall to block access to unnecessary ports further hardens the server against intrusion attempts.

Performing a port scan (Option D) allows administrators to identify all currently open ports, providing insight into which services are exposed. This step is foundational for closing vulnerabilities and ensuring only essential services remain reachable.

Why the other options are less appropriate immediately:

  • A (Audit privileges) is important for long-term access control, but it does not directly mitigate immediate network-level threats stemming from open ports.

  • B (Run checksums) helps detect integrity issues or tampering after an incident but does not stop ongoing unauthorized access.

  • E (Enable port forwarding) increases exposure and is dangerous in this context, especially if the server shouldn’t be handling HTTP traffic.

  • F (Install NIDS) is beneficial for ongoing monitoring but takes time to configure and does not instantly block active threats.

To contain the potential breach and reinforce security, the administrator should first eliminate unnecessary services and block risky ports (C) and then perform a port scan to assess the server’s exposure (D).

Question No 7:

During a routine vulnerability scan, a file server is found to be running an application with a known security flaw. What is the most effective course of action to address this issue?

A. Upgrade the application to the latest version
B. Strengthen firewall rules
C. Deploy antivirus software
D. Apply operating system patches

Correct Answer: A

Explanation:

When a known vulnerability is identified in an application, the most direct and effective response is to eliminate the vulnerability at its source—by upgrading the application to a secure, updated version (Option A). Vendors frequently release updated versions specifically to patch known flaws, and applying these updates ensures the system is protected from exploits targeting the outdated software.

This approach is especially crucial if the vulnerability affects how the application interacts with files, network resources, or users—common traits in server-based software.

Why the other options are insufficient in this context:

  • B (Tighten firewall rules): While this could reduce the chances of an exploit reaching the server, it does not remove the vulnerability from the application itself.

  • C (Install antivirus software): Antivirus programs detect and block known malware, not application-specific vulnerabilities, especially those that may be exploited remotely or through user input.

  • D (Patch the OS): Patching the operating system is always good practice, but it won’t fix vulnerabilities within individual applications unless explicitly included in the patch.

To mitigate the identified risk effectively, the best solution is to upgrade the vulnerable application (A) to its most recent version, ensuring that the flaw is patched and the system is no longer exposed.

Question No 8:

A system administrator checks the status of a dual-core server using the top command and sees the following output:
top - 14:32:27, 364 days, 14 users, load average: 60.5, 12.4, 13.6
What should the administrator do to address the excessive load average?

A. Force a server reboot
B. Wait for the load average to return to normal
C. Investigate to find and control runaway processes
D. Ask users to log off the server

Answer: C

Explanation:

The load average values shown—60.5, 12.4, and 13.6 over 1, 5, and 15 minutes—are extremely high, especially for a dual-core system, which is ideally expected to maintain a load average near 2.0 or below. These values indicate that a large number of processes are competing for CPU time, resulting in system strain.

The most effective way to resolve this issue is to identify the processes that are consuming excessive resources (Option C). By using commands like top or ps, administrators can pinpoint which processes are overloading the server and take corrective action—such as stopping runaway processes or adjusting service configurations.

Why the other actions are not optimal:

  • A (Reboot the server): Restarting may temporarily relieve pressure, but it doesn't address the underlying issue. The problematic process may restart and cause the same overload.

  • B (Wait it out): If the system is overwhelmed, it may not recover on its own, and waiting could worsen performance or even lead to a crash.

  • D (Request logouts): While user activity can contribute to load, such a drastic load average is more likely caused by system or application processes. Logging users off would have minimal impact unless they are directly tied to the problematic processes.

To restore system stability and avoid recurring issues, the administrator should investigate and control the processes causing the excessive CPU load (C) rather than applying surface-level or temporary fixes.

Question No 9:

A server administrator is tasked with configuring a RAID setup on a server to ensure both performance and data redundancy. The administrator wants to use a setup that provides striping and mirroring, but without losing any data in case of a single disk failure. 

Which of the following RAID configurations should the administrator choose?

A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10

Correct Answer: D

Explanation:

RAID (Redundant Array of Independent Disks) configurations are designed to balance the needs for performance, data redundancy, and cost-efficiency. Let's break down each option in the question:

A. RAID 0

RAID 0 provides striping, which means data is split evenly across two or more disks to improve performance. However, it does not provide any redundancy. If one disk fails in a RAID 0 setup, all data is lost, making it unsuitable for scenarios where data protection is important. This option would be ideal for performance needs but not for redundancy, which is the opposite of what is required here.

B. RAID 1

RAID 1 is a mirroring configuration. It duplicates the same data on two separate disks, ensuring that if one disk fails, the data remains available on the other disk. While it offers redundancy, it does not provide striping (i.e., no performance boost), which was specified in the question. RAID 1 is primarily focused on data protection through duplication.

C. RAID 5

RAID 5 combines both striping (performance enhancement) and parity (data redundancy). It requires a minimum of three disks and distributes data and parity information across all disks. This setup ensures that if one disk fails, the data can still be recovered using the parity information. While RAID 5 offers both performance and redundancy, it does not provide the mirroring feature specifically requested in the question.

D. RAID 10 (RAID 1+0)

RAID 10 is a combination of RAID 1 and RAID 0. It provides both mirroring and striping, which means data is both mirrored (for redundancy) and striped (for performance). RAID 10 requires a minimum of four disks. If a single disk fails, the mirrored copy ensures data is not lost, and striping enhances read/write performance. This makes RAID 10 the best choice for both performance and data redundancy, fulfilling the requirements in the question.

The best option for providing both striping (performance) and mirroring (redundancy) is RAID 10. It offers the best of both worlds by combining the benefits of RAID 1 and RAID 0, ensuring both fast data access and protection against a single disk failure.

This question tests your understanding of RAID configurations, which is an essential part of server management. If you'd like more practice questions on server administration topics or another area within the CompTIA SK0-005 exam, feel free to ask!

Question No 10:

A system administrator needs to enhance the security of a server that hosts sensitive data. 

Which of the following actions would MOST improve the security of the server while minimizing administrative overhead?

A. Enable full disk encryption and require complex passwords for all users.
B. Configure an intrusion detection system (IDS) to monitor the network traffic of the server.
C. Implement a software firewall and disable unnecessary services on the server.
D. Create multiple administrative accounts with different levels of privileges to ensure better access control.

Correct Answer: C

Explanation:

The goal here is to improve the security of the server while minimizing the administrative overhead. Let’s go through the options:

  • A. Enable full disk encryption and require complex passwords for all users:

    • Incorrect Answer: While full disk encryption and requiring complex passwords can certainly enhance security, they may also introduce additional administrative complexity. Full disk encryption requires key management and may add overhead in terms of system performance, especially if not properly optimized. Additionally, managing complex passwords for all users requires strong password policies and frequent changes, which could become burdensome. Therefore, while effective, these measures don’t provide the most balanced approach in terms of minimizing administrative overhead.

  • B. Configure an intrusion detection system (IDS) to monitor the network traffic of the server:

    • Incorrect Answer: IDS can be an important security tool, but it typically involves a lot of monitoring and configuration to be effective. Implementing an IDS requires constant updates, fine-tuning, and a dedicated monitoring team to review alerts. This would add significant administrative overhead and could lead to false positives, which would require extra time to investigate. Therefore, while IDS is valuable for detecting suspicious activities, it does not offer the most practical solution for improving security while minimizing ongoing maintenance.

  • C. Implement a software firewall and disable unnecessary services on the server:

    • Correct Answer: This is the most efficient and effective approach for enhancing server security while minimizing administrative effort. By implementing a software firewall, you can control incoming and outgoing traffic to protect the server from unauthorized access. In addition, disabling unnecessary services reduces the attack surface, limiting potential entry points for attackers. Both of these actions are relatively easy to manage, automate, and monitor, making them practical for ongoing security maintenance without significant administrative overhead. Disabling unused services also minimizes the risk of vulnerabilities being exploited in those services, while a software firewall is lightweight and can be configured with predefined rules that require little intervention once set up.

  • D. Create multiple administrative accounts with different levels of privileges to ensure better access control:

    • Incorrect Answer: Although role-based access control (RBAC) and the principle of least privilege are critical to securing a server, creating multiple administrative accounts adds complexity to managing the server. Each account would need to be maintained, and permissions would need to be carefully assigned and reviewed. This could increase administrative overhead significantly, especially when dealing with a large server infrastructure or frequent user changes. It's important, but it doesn’t directly address the server’s core security needs as efficiently as other options.

Key Points to Remember:

  • Software firewalls provide a cost-effective and low-maintenance way to enhance security by controlling network traffic.

  • Disabling unnecessary services is a crucial step in reducing the attack surface of the server and improving security with minimal administrative overhead.

  • Complex security measures, such as disk encryption or intrusion detection systems, are valuable but come with higher administrative costs and complexity.

  • Managing user privileges is important, but creating too many administrative accounts could lead to excessive complexity in access management.