CompTIA A+ 1102 Security

Question 1

• contains a small RFID key
• contactless
• replaces a physical key
• utilizes proximity operationality

Answer 1

Key Fobs

Question 2

• provide certificate based authentication
• requires a smart card reader to authenticate

Answer 2

Smart Cards

Question 3

Does bio-metric authentication store an image of your unique bio-metric?

Answer 3

no, bio-metric authentication is usually stored as a mathematical representation.

Question 4

• metal detectors
• provides passive scanning

Answer 4

Magnometers

Question 5

MDM

Answer 5

Mobile Device Management (acronym)

Question 6

provides centralized management for company owned and user owned devices

Answer 6

MDM

Question 7

rights and permissions should be set to the bare minimum for both user accounts and applications.

Answer 7

Rule of Least Privilege

Question 8

ACL

Answer 8

Access Control Lists (acronym)

Question 9

• used to allow or deny traffic
• also used by operating systems
• commonly used on the ingress or egress of a routing interface

Answer 9

ACL

Question 10

Phishing

Answer 10

• social engineering with a touch of spoofing
• often delivered by email or over text

Question 11

Vishing

Answer 11

Voice Phishing (acronym)

Question 12

• phishing that occurs over the phone or through voicemail
• caller ID spoofing is common

Answer 12

Vishing

Question 13

Spear Phishing

Answer 13

targeted phishing, using insider information

Question 14

spear phishing the CEO of a company

Answer 14

Whaling

Question 15

• uses an authorized person to gain unauthorized access to a building
• the attacker does not have consent

Answer 15

Tailgating

Question 16

• uses an authorized person to gain unauthorized access to a building
• unlike tailgating, the attacker does have consent
• for example, the attacker is holding donuts and asks to have the office door held for them

Answer 16

Piggybacking

Question 17

• an attack type that exploits a vulnerability, known to the attackers, but unknown to the application’s/system’s/device’s vendor and support team are aware of it
• utilizes exploit code

Answer 17

Zero-Day Attacks

Question 18

• also known as a man-in-the-middle attack
• the attacker sits in between your system and the network, and redirects your traffic

Answer 18

On-Path Attacks

Question 19

ARP

Answer 19

Address Resolution Protocol (acronym)

Question 20

ARP Poisoning

Answer 20

• utilizes spoofing
• an on-path attack that occurs on the local IP subnet
• due to ARP’s lack of security features

Question 21

• the man-in-the-middle is on the local device, in the browser
• the attacker uses the advantage of encrypted traffic being so easy to proxy
• malware, often a trojan horse does all of the proxy work

Answer 21

On-Path Browser Attacks

Question 22

• represent data as a fixed-length string of test
• will likely not have a collision (match another hash)
• makes it impossible to recover an original message from the digest
• without knowing the hash, the hashing method, etc.
• SHA-256 is a common hashing method.
• different operating systems and applications use different hash algorithms.

Answer 22

Hashes and Hashing a Password

Question 23

Brute Force Attacks

Answer 23

• a form of password attack where attackers try every single possible password combination, until the password’s hash is matched
• time consuming
• also requires a large amount of computing power and resources

Question 24

• adding your own code into a data stream
• enabled due to bad programming
• many different data types

Answer 24

Code Injection

Question 25

Structured Query Language (acronym)

Answer 25

SQL

Question 26

SQL Injection

Answer 26

- a method of code injection where SQL requests are modified - if you can manipulate an SQL database, then you can control the application

Question 27

XSS

Answer 27

Cross-Site Scripting (acronym)

Question 28

Cross-Site Scripting

Answer 28

- we take information from one website and share it with another - utilizing browser security flaws - one of the most common web application development errors - by using malware that takes advantage of JavaScript

Question 29

Why is Cross-Site Scripting abbreviated as XSS?

Answer 29

though CSS seems like a better acronym for cross-site scripting, it is already utilized for a programming language, used in website design.

Question 30

What are some of the most common programming languages, used for developing websites and web applications? (list)

Answer 30

- JavaScript - provides the interactivity to websites and web applications - HTML - CSS (cascading style sheets) - used for describing the presentation of code, written in a term-30markup language, such as HTML - Java - not related to JavaScript - used to develop web applications, games, and software

Question 31

URL

Answer 31

Uniform Resource Locator (acronym)

Question 32

Non-Persistent (Reflected) Cross-Site Scripting Attacks (steps)

Answer 32

1. the website allows scripts to run inside of user input prompts and text boxes 2. to utilize this design flaw, the attacker emails a link 3. this link runs a script that sends credentials, session IDs, and cookies to the attacker 4. simultaneously, the script embedded in the URL executes in the victim's browser

Question 33

- google.com is an example of a fully qualified domain name. - as seen above, a domain name does not include the protocol, and any subdomains, paths, or file names. - a website URL includes all of these components. - https://www.google.com/search?q=domain+name&sxsrf=ALiCzsYV67... is an example of a URL, and includes the domain name, "google.com", as well as the: - protocol (HTTPS) - subdomain (www) - path (/search?q=domain+name&sxsrf=ALiCzsYV67/) - always ends with "/" - in this example, the URL is shortened due to space constraints (shown by the "..." at the end of the shown URL" - as our web search did not lead us into viewing or opening a file, no file path is included. - an example of a URL with a file path, however, is https://www.google.com/search/file.html - (note that this URL is made-up) - this example's file path is "file.html" ** (note that miranda, the creator of this Quizlet set is currently unsure if the file path of a URL includes the backslashes, or not. however, extensive URL knowlege is not listed in the exam objetives, and therefore, is very unlikely to be on the CompTIA A+ 220-1102 A+ Exam. in the future (after i pass my exam), though, i'll try to remember to further research this, and will edit this term's definition, accordingly :)) ** ** insert image of miranda peace signing for time-keeping purposes, i'm typing this the evening of 8/6/22, with my test scheduled for 8/9/22; let's see how long my update takes! **

Answer 33

URL vs Domain Name (example)

Question 34

URL

Answer 34

a complete web address

Question 35

- malicious code is placed on a centralized server, such as a social media website - inside of a comment, for example - everybody who visits the page or who views the comment gets attacked - no specific target

Answer 35

Persistent (Stored) Cross-Site Scripting Attacks

Question 36

Will disabling JavaScript protect against Cross-Site Scripting attacks?

Answer 36

yes, however, it's not a practical solution

Question 37

SOE

Answer 37

Standard Operating Environment (acronym)

Question 38

- a set of tested and approved hardware/software systems - often a standalone OS image

Answer 38

Standard Operating Environments

Question 39

When does Microsoft release Window's patches?

Answer 39

the second tuesday of every month at 10:00am PST

Question 40

Patch Management (steps)

Answer 40

1. test 2. prioritize 3. deploy

Question 41

- manufacturer stops selling an OS - may continue supporting it, though

Answer 41

EOL Operating Systems

Question 42

EOSL

Answer 42

End of Service Life (acronym)

Question 43

- similar to EOD, but support is no longer available - a costly, premium support option may exist, though

Answer 43

EOSL

Question 44

Windows Defender Antivirus

Answer 44

- built into Windows 10 and Windows 11 - included in the Windows security application - operates in real-time - virus & threat protection settings > manage settings > real-time protection

Question 45

Windows Firewall Exception Rule Types (list)

Answer 45

- program - port - predefined - custom

Question 46

Windows Authentication

Answer 46

- log in using a local account or a Microsoft account or a domain account - Windows domain credentials are SSO

Question 47

NTFS Permissions

Answer 47

- apply from local and network connections - inherited from the parent

Question 48

Share Permissions

Answer 48

- only apply to connections over the network - the most restrictive setting wins

Question 49

Explicit Permissions

Answer 49

- set by us - take precedence over inherited permissions

Question 50

UAC

Answer 50

User Account Control (acronym)

Question 51

- pop-up approval screen - limits user capabilities - secure desktop

Answer 51

User Account Control

Question 52

BitLocker

Answer 52

- encrypts an entire volume - all data, including the OS - not included in Windows Home editions

Question 53

BitLocker To Go

Answer 53

- BitLocker FDE for USB drives - not included in Windows Home editions

Question 54

- encrypt at the file system level - requires NTFS - uses a username and password to encrypt the key - administrative password resets cause EFS files to be inaccessible

Answer 54

EFS

Question 55

- settings > bluetooth & devices > Autoplay - AutoRun on older Windows operating systems

Answer 55

Autoplay

Question 56

Verifying Certificate Details (list)

Answer 56

verify - not expired - domain name - properly signed - date and time

Question 57

locally stored browser data

Answer 57

Cache

Question 58

Unable to Access The Network (Troubleshooting)

Answer 58

- may be due to malware - symptoms: - slow performance and lock up - internet connectivity issues - OS update failures - use malware cleaner or reload from a known good backup

Question 59

- indicates malware - remove or reload from a known good backup

Answer 59

Altered System or Personal Files (Troubleshooting)

Question 60

- malware is the most common cause - best practice is to restore from a known good backup

Answer 60

Browser Redirection (Troubleshooting)