B.3.2 Security+ SY0-601 Domain 2: Architecture and Design Flashcards
189 questions (plus some of my own)
Which Microsoft tool can be used to review a system’s security configuration against recommended settings?
Microsoft Security Compliance Toolkit
Which of the following describes a configuration baseline?
A list of common security settings that a group or all devices share
What should you consider security baselines?
Dynamic
You would like to get a feel for the amount of bandwidth you are using in your network. What is the first thing you should do?
Establish a baseline
Which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization?
Data loss prevention
DLP can be implemented as a software or hardware solution that analyzes traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization’s security policies.
Which of the following DLP implementations analyzes traffic for data containing such things as financial documents, social security numbers, or key words used in proprietary intellectual property?
Network DLP
What does DLP mean?
Data Loss Prevention
Travis is sending a highly confidential email to Craig that contains sensitive data. Which of the following should Travis implement to ensure that only Craig is able to read the email?
Encryption
Which form of cryptography is best suited for bulk encryption because it is so fast?
Symmetric key cryptography
Which of the following security solutions would prevent a user from reading a file that she did not create?
Encrypted File System (EFS)
What is an EFS?
A Windows file encryption option that encrypts individual files so that only the user who created the file can open it
You’ve used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you’ve used an external USB flash drive to store the BitLocker startup key.
You use EFS to encrypt the C:\Secrets folder and its contents.
Which of the following is true in this scenario? (Select two.)
If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state.
By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it.
Which of the following database encryption methods encrypts the entire database and all backups?
Transparent Data Encryption (TDE)
Which of the following cloud storage access services acts as a gatekeeper, extending an organization’s security policies into the cloud storage infrastructure?
A cloud-access security broker
What is the on-premises, cloud-based software tool that sits between an organization and a cloud service provider called?
Cloud-access security broker
Which of the following can provide the most specific protection and monitoring capabilities?
Cloud-access security broker
You are purchasing a hard disk from an online retailer over the internet. What does your browser use to ensure that others cannot see your credit card number on the internet?
Secure Sockets Layer (SSL)
Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)
Transport Layer Security (TLS)
SSL
Which of the following protocols can TLS use for key exchange? (Select two.)
Diffie-Hellman
Rivest-Shamir-Adleman (RSA)
Which protocol does HTTPS use to offer greater security in web transactions?
SSL
SSL (Secure Sockets Layer) operates at which layer of the OSI model?
Session
When using SSL authentication, what does the client verify first when checking a server’s identity?
The current date and time must fall within the server’s certificate-validity period
You want to allow traveling users to connect to your private network through the internet. Users connect from various locations, including airports, hotels, and public access points like coffee shops and libraries. As such, you won’t be able to configure the firewalls that might be controlling access to the internet in these locations.
Which of the following protocols would MOST likely be allowed through the widest number of firewalls?
SSL
Which method can you use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?
Hashing