CompTIA Security+ Certification SYO-701 Exam Questions

Question 1

What principle of social engineering is the natural gas utility seeking to utilize by sending messages, similar to the one provided, to encourage customers to reduce their energy consumption?

A: Consensus

B: Familiarity

C: Intimidation

D: Authority

Answer 1

** Answer: Consensus **

Consensus in security is a process that uses automated verification to establish agreement, trust, and security across a network. It’s used in blockchains, cryptocurrencies, and distributed ledgers.

Question 2

An attacker captures a legitimate user’s request to an application and then sends it multiple times. What type of application security threat does this scenario represent?

A: Memory leak
B: Replay attack
C: Integer overflow
D: Request forgeries

Answer 2

** Answer: Replay Attack **

It is a malicious act where a hacker intercepts a legitimate data transmission and then re-transmits it at a later time, essentially “replaying” the data to trick a system into performing an unauthorized action, like granting access or processing a transaction, as if the original request was being made again; this exploits a lack of proper authentication mechanisms in the communication protocol involved.

A replay attack is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a spoofing attack by IP packet substitution.

Question 2

While modifying security protocols to adapt to evolving threats, what control category best characterizes the network firewall Bob is managing?

A: Corrective

B: Preventative

C: Deterrent

D: Detective

Answer 2

** Answer: B: Preventative **

Examples of preventative security:

Firewalls: Filter network traffic to prevent unauthorized access
Encryption: Secures data during storage and transmission
Antivirus software: Scans for malicious software and protects devices from infection
Software updates: Keeps software up to date to fix vulnerabilities
System hardening: Strengthens systems to make them more difficult to attack
User access controls: Limits who can access systems and data
Network access controls: Limits who can access networks
Security awareness training: Educates users on how to identify and avoid security threats
Policies and procedures: Establishes guidelines for how to respond to security threats

Question 3

Within a PKI system, a Registration Authority (RA) plays a vital role. What’s the main responsibility of an RA?

A: Conducting encryption operations
B: Establishing secure connections
C: Managing certificate registrations
D: Issuing root certificates

Answer 3

** Answer: Managing certificate registrations**

A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it.

Question 4

Some attacks aim to gain higher privileges on a mobile device. Which of the following options is an example of such a privilege escalation attack?

A: Jailbreaking
B: Tethering
C: Man-in-the-middle
D: Sideloading

Answer 4

** Answer: Jailbreaking **

Jailbreaking is a technique that bypasses restrictions on a device or application to gain more control or access to unauthorized software. It can be used on mobile devices, AI models, and other applications.

Question 5

Amanda wants to create a secure connection between two company offices using IPsec-based VPN concentrators. Which IPsec mode is BEST suited for this site-to-site VPN setup?

A: Split tunnel
B: TLS
C: Transport model
D: Tunnel model

Answer 5

** Answer: Tunnel Model **

For a site-to-site VPN setup using IPsec concentrators, the best mode is “Tunnel Mode” as it encapsulates the entire original packet, providing the most secure and reliable connection between the two offices.

Question 6

A military base recently deployed large, loud dogs that bark fiercely at any movement. What type of security control does this represent?

A: Detective
B: Compensating
C: Preventive
D: Deterrent

Answer 6

** Answer: Deterrent **

A deterrent control refers to a security measure designed to discourage individuals from violating security controls. It can take various forms, such as signs indicating video monitoring or yard signs with alarm company logos, which signal the presence of other security measures.

Question 7

When assessing a vendor, what is the main goal of penetration testing?

A: To identify vulnerabilities in the vendor’s systems and applications
B: To evaluate the vendor’s marketing strategies
C: To evaluate the vendor’s financial stability
D: To assess the physical security of the vendor’s premises

Answer 7

** Answer: A **

The primary goal of penetration testing in security is to proactively identify vulnerabilities within a system or network that malicious actors could exploit, allowing organizations to address weaknesses and improve their overall security posture before a real attack occurs; essentially, it’s a simulated attack to discover potential security flaws

Question 8

Imagine you need to connect to your company’s network remotely and manage files or applications securely. Which protocol facilitates this secure remote access?

A: Simple Network Management Protocol (SNMP)
B: Secure Shell (SSH)
C: Simple Mail Transfer Protocol (SMTP)
D: File Transfer Protocol (FTP)

Answer 8

** Answer: Secure Shell (SSH) **

Question 9

Amanda is building an incident response team. Who, among the following, should HOLD ultimate responsibility and authority over the team’s actions?

A: Chief Financial Officer (CFO)
B: Chief Information Officer (CIO)
C: Chief Executive Officer (CEO)
D: Chief Information Security Officer (CISO)

Answer 9

** Answer: Chief Information Security Officer (CISO) **

CISO security is the role of a Chief Information Security Officer (CISO) in protecting an organization’s information and technology assets. CISOs are senior executives who work with IT managers, business leaders, and security teams to ensure the security of an organization’s systems, applications, and data.

Question 10

What security tool acts as a gatekeeper, inspecting and filtering incoming and outgoing network traffic based on defined security policies to block unauthorized access?

A: Virtual Private Network (VPN)
B: Intrusion Detection System (IDS)
C: Network Address Translation (NAT)
D: Access Control Lists (ACL)

Answer 10

** Answer: Access Control Lists (ACL) **

An access control list (ACL) is a set of rules that control who can access a network or computer system. ACLs are a key component of network security, and are used to protect sensitive data and resources.

Question 11

In cryptography, Kerckhoff’s principle focuses on the importance of secrecy for which element?

A: Public disclosure of encryption methods
B: Keeping the key confidential
C: Regularly changing encryption algorithms
D: Keeping the algorithm secret

Answer 11

** Answer: Keeping the key confidential **

Kerckhoff’s Principle is a fundamental concept in cryptography that states that a system’s security should rely on the secrecy of its keys, not the secrecy of the system itself.

Kerckhoffs’ principle is a fundamental concept in cryptography. It states that the security of a cryptographic system shouldn’t rely on the secrecy of the algorithm. Instead, it should be based on the secrecy of the cryptographic key. A good cryptographic system should remain secure even if the algorithm used is known.

Question 12

Amanda wants to prevent employees from stealing confidential data. Which control would be LEAST helpful?

A: Implementing data loss prevention systems
B: Blocking the use of personal email accounts
C: Building least privilege access controls
D: Encrypting data in transit

Answer 12

** Answer: Encrypting data in transit **

Question 13

What ethical hacking practice led to Bob receiving a $10,000 payout from Microsoft for identifying a security flaw in their NET platform?

A: Red-team
B: Black Hat
C: Bug bounty
D: OSINT

Answer 13

** Answer: OSINT **

Open Source Intelligence (OSINT) is the process of collecting and analyzing publicly available information to support security and intelligence operations. In the context of security, OSINT can be used to identify potential threats and vulnerabilities.

Question 14

Which technology is used to combat malware and phishing attacks propagated through email platforms?

A:Intrusion Prevention System (IPS)
B: Email gateway
C: Virtual Private Network (VPN)
D: Secure Sockets Layer (SSL)

Answer 14

** Answer: Email gateway **

It refers to a dedicated server that acts as a checkpoint for all incoming and outgoing emails, inspecting them for potential threats like malware, spam, phishing attempts, and other malicious content before delivering them to the intended recipient, essentially acting as a security filter to protect an organization’s email system; a “secure email gateway” (SEG) specifically indicates a system designed to perform this function with advanced threat detection capabilities.

Question 15

Which approach to access control determines permissions based on established policies rather than individual user identities?

A: Implicit Trust Zones
B: Policy-driven Access Control
C: Zero Trust
D: Adaptive Identity

Answer 15

** Answer: Policy-driven Access Control **

“Policy-driven Access Control” in security refers to a method of managing user access to systems and resources based on predefined policies, where access decisions are made by evaluating a user’s attributes against these policies, allowing for more granular control and dynamic adjustments compared to simpler role-based access control (RBAC) models; essentially, it means users can only access information or perform actions that are explicitly permitted by the established policies within the system.

Question 16

Bob wants to deploy a Cloud Access Security Broker (CASB) for his organization. To ensure compatibility with most cloud applications, what approach should he prioritize?

A: Forward proxy
B: Firewall
C: Extensive Reporting Functionalities
D: API

Answer 16

** Answer: Forward proxy **

Forward proxies add an extra layer of security between your network and the Internet. They can be configured to block access to malicious websites, reducing the risk of malware infections.

A proxy server, sometimes referred to as a forward proxy, is a server that routes traffic between client(s) and another system, usually external to the network. By doing so, it can regulate traffic according to preset policies, convert and mask client IP addresses, enforce security protocols, and block unknown traffic

Question 17

In order to protect her SMTP email exchanges from eavesdropping during transmission, what solutions can Stephani implement?

A: SPF
B: DKIM
C: EXIF
D: TLS

Answer 17

** Answer: TLS **

TLS (Transport Layer Security) protects SMTP emails by encrypting the communication between email servers during transmission, ensuring that the content of the email remains confidential and cannot be intercepted or read by unauthorized parties while it travels across the internet; essentially making email transmission more secure by preventing eavesdropping on the data exchanged between servers.

Question 18

The Chief Information Security Officer aims to guarantee the validation and integrity verification of zone transfers within the organization. Which solution among the following is the most appropriate?

A: LDAPS
B: DNSSEC
C: DLP
D: NGFW

Answer 18

** Answer: DNSSEC **

Domain Name System Security Extensions (DNSSEC) is a set of protocols that use cryptography to improve the security of the Domain Name System (DNS). DNSSEC helps protect users from receiving incorrect or tampered data, and it can help prevent cyber attacks.

Question 19

Amanda is beginning a penetration test against a client and would like to begin with passive reconnaissance. Which one of the following tools may be used for passive reconnaissance?

A: Social engineering tools
B: Metasploit
C: Nslookup
D: Nessus

Answer 19

** Answer: Nslookup **

Nslookup is a command-line tool that can be used to investigate security breaches and troubleshoot network issues. It can be used on Windows and Unix operating systems.

Security uses
– Phishing detection: Nslookup can help detect phishing attacks by identifying IP addresses associated with malicious domains.
– DDoS attack tracking: Nslookup can help identify the IP addresses of attackers in a DDoS attack.
– Cache poisoning defense: Nslookup can help detect cache poisoning attacks, where attackers distribute fraudulent data to DNS servers.

Question 20

Which type of card would be the most suitable choice for Bob’s facility, given his primary concern about authentication speed in a card-based access control system?

A: Magnetic stripe card
B: Proximity card
C: Photo ID card
D: Smart card

Answer 20

** Answer: B: Proximity card **

A proximity card is a contactless card or key fob which is used to access secure areas. They are a key part of modern access control systems.

Question 21

Among the following options, which certificate format is likely employed in the displayed certificate?

A: P12
B: PEM
C: DER
D: PFX

Answer 21

** Answer: B: PEM **

PEM can refer to Preemptive Exposure Management, Privileged Entitlements Management, or Privacy Enhanced Mail, which are all cybersecurity-related terms.

– A proactive cybersecurity strategy that identifies and fixes security vulnerabilities before they can be exploited.
– Uses technologies like automated security control assessments and breach and attack simulation.

Question 22

Which algorithm did the US federal government sanction for digital signature creation as per the Digital Signature Standard (DSS)?

A: DSA
B: 3DES
C: RSA
D: AES

Answer 22

** Answer: A: DSA **

Digital Signature Algorithm (DSA)
– A public-key cryptosystem that uses a mathematical concept to create digital signatures.
– The DSA was proposed by the National Institute of Standards and Technology (NIST) in 1991 and adopted by the Federal Information Processing Standard (FIPS) in 1993.
– A DSA certificate makes it easier to keep up with government standards.

Question 23

Which subnet would be most suitable for a security administrator to create on a corporate firewall interface for establishing a DMZ, with the capacity to host up to 14 physical hosts?

A: 192.168.0.16/28
B: 192.168.0.16 - 255.25.255.248
C: 192.168.1.50 - 255.255.25.240
D: 192.168.2.32/27

Answer 23

** Answer: A: 192.168.0.16/28 **

A DMZ subnet typically hosts servers that need to be accessible from the public internet, like web servers, email servers, DNS servers, FTP servers, VPN gateways, proxy servers, firewalls, load balancers, application servers, database servers (if publicly accessible), content management systems (CMS), e-commerce platforms, remote access servers, and public-facing collaboration tools; all of which should be carefully configured and monitored due to their exposure to external threat

Question 24

A large financial institution is evaluating the security of procedures related to customer data handling by seeking assistance from an external organization. Which security protocol is being implemented in this scenario? A: Internal audit B: Compliance check C: Self-assessment D: Third-party audit

Answer 24

** Answer: D: Third-party audit ** A third-party security audit is an independent evaluation of an organization's security practices and procedures. Third-party audits can help identify potential risks, ensure compliance with regulations, and recommend improvements.

Question 25

Which RAID level would Lori select to support fault tolerance for her database server, ensuring recovery from the failure of any single drive, while utilizing distributed parity bits? A: RAID 3 B: RAID 1 C: RAID 5 D: RAID O

Answer 25

** Answer: C: RAID 5 ** RAID 5 is a redundant array of independent disk configurations that uses disk striping with parity. Data and parity are striped evenly across all of the disks, so no single disk is a bottleneck. Striping also enables users to reconstruct data in case of a disk failure.

Question 26

Which security control category includes measures like visitor registration, badging, and escorting for visitor control? A: Operational B: Physical C: Managerial D: Technical

Answer 26

** Answer: A: Operational ** Operational controls in security are policies, procedures, and standards that help an organization prevent, detect, and respond to security incidents. These controls focus on the day-to-day operations of an organization.

Question 27

What is the objective of conducting a network security assessment? A: To monitor network activity B: To prevent data breaches C: To identify vulnerabilities and weaknesses in the network D: To improve network speed

Answer 27

** Answer: C: To identify vulnerabilities and weaknesses in the network ** A network security assessment involves evaluating a computer network's security posture by identifying vulnerabilities, weaknesses, and potential threats.

Question 28

Bob calculated a unique identifier for three separate log files on his computer. Each file contains entries from distinct days. What function did Bob likely use? A: Use of a secure hash function B: Collision C: Syntax error D: Decryption

Answer 28

** Answer: A: Use of a secure hash function ** A secure hash function in security is a cryptographic algorithm that takes input data of any size and produces a fixed-length output, called a hash value or digest, which is designed to be computationally difficult to reverse engineer, ensuring data integrity and authenticity by making it nearly impossible to find two different inputs that generate the same hash value; commonly used examples include SHA-256 and SHA-1.

Question 29

What are the benefits of DomainKeys Identified Mail (DKIM) in improving email security? A: By storing emails on a gateway B: By filtering DNS requests C: By blocking or allowing access to specific websites D: By providing a digital signature to authenticate email content and its sender

Answer 29

** Answer: D: By providing a digital signature to authenticate email content and its sender ** DKIM (DomainKeys Identified Mail) is a protocol that allows an organization to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify. DKIM record verification is made possible through cryptographic authentication. DomainKeys Identified Mail (DKIM) is an email security standard that verifies the authenticity of messages. DKIM uses cryptography to sign emails and protect against spoofing, phishing, and spam.

Question 30

What term describes the new technique recently implemented by Steve's company to secure remote access for BYOD mobile device users, where users connect to corporate systems through a dedicated application with no corporate data accessible outside of it? A: Full device encryption B: Storage segmentation C: Sideloading D: Containerization

Answer 30

** Answer: C: Sideloading ** Sideloading is the installation of an application on a mobile device without using the device's official application distribution method. These days, most users acquire their applications through a sanctioned app store, such as Google Play, Microsoft Store, Samsung Galaxy Store or Apple's App Store.

Question 31

If a company replaces a user's Social Security Number with a random string of characters for processing, but retains a secure mapping to the original number, which method are they using? A: Tokenization B: Hashing C: Masking D: Encryption

Answer 31

** Answer: A: Tokenization ** Tokenization is a data security method that protects sensitive information by replacing it with a non-sensitive substitute called a token. Tokens are unique identifiers that are linked to the original data but cannot be deciphered.

Question 32

What aspect of security does the Metasploit Framework primarily concentrate on? A: Network mapping B: Exploiting discovered vulnerabilities C: Vulnerability scanning D: Post-compromise analysis

Answer 32

** Answer: B: Exploiting discovered vulnerabilities ** The Metasploit framework is a very powerful tool, which can be used by cybercriminals as well as ethical hackers to probe systematic vulnerabilities on networks and servers. Because it's an open-source framework, it can be easily customized and used with most operating systems.

Question 33

When an administrator adjusts hashed passwords to include randomization, ensuring that identical inputs lead to varied outputs, what term applies to this modification? A: Key stretching B: Salting C: IPSec D: Hashing

Answer 33

** Answer: B: Salting ** Salting is a security technique that adds a random string of characters to a password before it's hashed. This makes it harder for attackers to crack passwords. Salting: Adds random data to passwords before hashing, making them harder to crack using methods like rainbow tables. Unique Functions: Encryption secures data, hashing ensures integrity, and salting makes password protection stronger.

Question 34

A detailed agreement between a client and a vendor describing the work to be performed on a project is referred to as: MSA SLA WO SOW

Answer 34

** Answer: SOW ** A Statement of Work (SOW) in security is a document that outlines the tasks, deliverables, and timeline for a security project. It's a formal agreement that defines the work to be done and the expectations for the project.

Question 35

Which of the following answers refers to an analog telephone service providing basic voice communication over copper telephone lines? PSTN ISDN PBX POTS

Answer 35

** Answer: ROTS ** POTS may refer to Plain Old Telephone Service, which is an outdated technology that was once used for alarm signals. In cybersecurity, a honeypot is a decoy system that attracts malicious software or cyberattacks. Honeypots are used to gather information about attacks so that security teams can improve their systems.

Question 36

A protocol designed to improve the security of existing WEP implementations is known as: SRTP TKIP CCMP WPA2

Answer 36

** Answer: TKIP ** Temporal Key Integrity Protocol (TKIP) is a security protocol that encrypts data packets in wireless local area networks (WLANs). It was created to improve on the security of Wired Equivalent Privacy (WEP), an earlier encryption protocol. TKIP is a component of Wi-Fi Protected Access (WPA), which replaced WEP

Question 37

Which of the acronyms listed below refers to a technology used in cameras and surveillance systems that enables remote control of camera functions? RDP CCTV PTZ TCP/IP

Answer 37

** Answer: PTZ ** PTZ (Pan-Tilt-Zoom) Security Cameras can move their lens horizontally, vertically, and zoom in and out. This provides 360° surveillance and detailed close-ups, ideal for securing large commercial and business areas like parking lots, warehouses, and perimeters.

Question 38

Which of the following provides granular control over user access to specific network segments and resources based on their assigned roles and permissions? IAM SSO PAM MFA

Answer 38

** Answer: IAM ** Identity and access management (IAM) is a security framework that controls who can access an organization's digital resources. IAM is a set of policies, processes, and technologies that use unique user identities to manage access to applications, devices, networks, and more.

Question 39

A security solution designed to detect anomalies in the log and event data collected from multiple network devices is called: SNMP PCAP HIPS SIEM

Answer 39

** Answer: SIEM ** SIEM stands for security information and event management. It's a security management system that monitors, analyzes, and responds to IT events. SIEM tools help detect threats and incidents and can automate responses.

Question 40

Which of the answers listed below refers to a smart card used in mobile phones to identify the phone user? IMSI SoC IMEI SIM

Answer 40

** Answer: SIM ** "Subscriber Identity Module," refers to the small chip within a mobile phone that stores crucial identifying information like your phone number, allowing you to connect to a cellular network, and is considered a vital component for mobile security as it plays a key role in user authentication and preventing unauthorized access to your accounts linked to your phone number; essentially, a compromised SIM card can lead to significant security risks like SIM swapping scams where attackers gain control of your phone number and access to sensitive accounts linked to it.

Question 41

Which of the following devices would be used for connecting a router to a T1 line? CSU IDF NIC EDR

Answer 41

** Answer: CSU ** a "Channel Service Unit" used to connect a network device (like a router) to a T1 line, which is a high-speed digital leased line often used for reliable data transmission, particularly in scenarios where robust security is required due to the sensitive nature of the information being transferred; essentially, the CSU acts as a bridge between the local network and the T1 carrier network, ensuring proper data signal conversion and transmission while providing a secure connection to the wider network.

Question 42

What are the applications of PGP? (Select 3 answers) Compressing data Encrypting and decrypting data ( Your answer) Signing and verifying digital signatures ( Your answer) Managing public and private keys ( Your answer) Securing website traffic

Answer 42

** Answer: b, c, d ** - Encrypting and decrypting data - Signing and verifying digital signatures - Managing public and private keys Pretty Good Privacy, a security program that enables users to communicate securely by decrypting and encrypting messages, authenticating messages through digital signatures, and encrypting files.

Question 43

A field in an SSL/TLS certificate that allows the certificate to be used for multiple domain names or IP addresses is referred to as: CNAME SAN MX PTR

Answer 43

** Answer: SAN ** SAN security refers to the protection of a Storage Area Network (SAN) and the data it stores. SANs are high-speed networks that connect servers to storage devices. They are often used for business-critical applications.

Question 44

Your answer to this question is incorrect or incomplete. Which of the answers listed below refers to a tunneling protocol commonly used in creating VPNs? VRRP GRE RTSP BGP

Answer 44

** Answer: GRE ** Generic Routing Encapsulation (GRE) is a communication protocol that can be used to create secure connections between networks. However, GRE tunnels can also be used by hackers to launch attacks. It is a protocol for wrapping data packets inside secondary data packets to set up a direct point-to-point network connection.

Question 45

Which of the following answers refers to a professional that oversees the management and maintenance of an information repository? CTO PM DBA CIO

Answer 45

** Answer: DBA **

Question 46

Which of the terms listed below refers to a US government initiative for real-time sharing of cyber threat indicators? NVD AIS TTP CVSS

Answer 46

** Answer: AIS ** Automated Indicator Sharing (AIS) is a service the Cybersecurity and Infrastructure Security Agency (CISA) provides to enable real-time exchange of machine-readable cyber threat indicators and defensive measures between public and private-sector organizations

Question 47

A type of OS characterized by low delay between the execution of tasks required in specific applications, such as in military missile guidance systems or in automotive braking systems, is known as: UNIX Windows NT POSIX RTOS

Answer 47

** Answer: RTOS ** Real-Time Operating Systems (RTOS) can be used to secure embedded systems and the Internet of Things (IoT). RTOS can help prevent attacks at entry points, like networks and physical devices. It is an operating system with two key features: predictability and determinism. In an RTOS, repeated tasks are performed within a tight time boundary, while in a general-purpose operating system, this is not necessarily so.

Question 48

Which of the following block cipher modes is the simplest/weakest and therefore not recommended for use? CBC GCM ECB CTR

Answer 48

** Answer: ECB ** CB stands for Electronic Code Book, a mode of operation for encrypting and decrypting data. It's a simple and fast algorithm that's commonly used in cybersecurity. However, ECB is not recommended for use in cryptographic protocols because it doesn't hide data patterns well.

Question 49

Which communication method supports real-time text-based messaging, multimedia sharing, group chats, and video calls? SMS MMS IM RTC

Answer 49

** Answer: IM ** "Instant Messenger" generally refers to a communication platform that can be considered not inherently secure due to the potential for transmitting sensitive information in unencrypted form, making it vulnerable to interception by unauthorized parties; therefore, caution is advised when using IM for sensitive data, and utilizing features like end-to-end encryption is crucial for enhanced security when necessary.

Question 50

Which senior executive position assumes the responsibility for protecting assets, data, and people from potential threats? CEO CIO CSO CTO

Answer 50

** Answer: CSO **

Question 51

Which cybersecurity role is primarily responsible for hands-on implementation and oversight of security measures for specific systems and networks? CSO CTO DPO ISSO

Answer 51

** Answer: ISSO ** An Information Systems Security Officer (ISSO) is a cybersecurity professional who protects an organization's IT infrastructure. They are responsible for maintaining the security of systems, networks, and databases.

Question 52

A company or organization that offers cloud computing services over the Internet is called: ISP MSSP CSP MSP

Answer 52

** Answer: CSP ** Content Security Policy, a security measure that helps protect websites from attacks like cross-site scripting (XSS). CSP is a set of instructions that a website sends to a browser to limit what resources can be loaded.

Question 53

Which of the terms listed below refers to a global community focused on the development of engineering standards? ANSI NIST CERT IEEE

Answer 53

** Answer: IEEE **

Question 54

Which of the following answers refers to a device designed to supply (and monitor the quality of) electric power to multiple outlets? PSU MDF PDU IDF

Answer 54

** Answer: PDU ** PDUs can incorporate security features such as encryption, authentication, and access control mechanisms in their headers to protect data confidentiality, integrity, and availability. These security measures help safeguard against unauthorized access, data manipulation, and other security threats.

Question 55

Which of the answers listed below refers to a global standard development organization composed of different national standards bodies? NIST ISO IEEE ANSI

Answer 55

** Answer: ISO ** ISO stands for International Organization for Standardization, and ISO/IEC 27001 is an international standard for information security management. ISO standards help organizations improve their security, safety, and risk management.

Question 56

Which of the following acronyms refers to the process of identifying and preparing for potential disruptions or unexpected events to ensure business continuity? BIA ( Your answer) SLE CP ( Missed) BPA

Answer 56

** Answer: ECB **

Question 57

A dedicated local network consisting of devices providing data access is referred to as: SDN NAS iSCSI SAN

Answer 57

** Answer: SAN ** SAN can refer to Security Assistance Network or Storage Area Network, both of which have security implications.

Question 58

Which senior executive is responsible for managing an organization's IT strategy and systems? CEO CIO CSO CTO

Answer 58

** Answer: CIO **

Question 59

Which of the answers listed below refers to a framework used on Unix-like OSs to manage authentication-related tasks? PAM SSO MFA OAuth

Answer 59

** Answer: PAM ** Privileged Access Management (PAM) is a cybersecurity strategy that protects sensitive data and systems by controlling who can access them. PAM helps organizations prevent cyber threats and data breaches.

Question 60

Which of the following answers refers to a network protocol for delivering audio and video over IP networks? RDP VoIP RTP UDP

Answer 60

** Answer: RTP ** Real-time Transport Protocol (RTP) is a network protocol that can be vulnerable to security breaches, so the Secure Real-time Transport Protocol (SRTP) was developed to protect it. SRTP uses encryption and authentication to protect voice and video communications.

Question 61

Which of the terms listed below refers to a specialized suite of software tools used for developing applications for a specific platform? GUI SDLC API SDK

Answer 61

** Answer: SDK ** SDK security refers to the practices and measures taken to ensure that Software Development Kits (SDKs) used in mobile application development are secure, do not introduce vulnerabilities, and protect user data and the integrity of the application.

Question 62

A type of software that serves as an intermediary between users and the hardware, allowing users to interact with the computer and run applications is known as: ROM BIOS OS RAM

Answer 62

** Answer: OS ** Operating system (OS) security is the protection of a computer's operating system from unauthorized access and other threats. The goal is to keep data and systems secure.

Question 63

Which of the following answers refers to an encryption protocol primarily used in Wi-Fi networks implementing the WPA2 security standard? TKIP CCMP SSL HMAC

Answer 63

** Answer: CCMP ** Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.S. federal government's Advanced Encryption Standard (AES) algorithm and uses the Counter Mode with CBC-MAC (CCM) mode of operation.

Question 64

In telecommunications, a type of main hub connecting internal networks with outside cabling is called: MDF ICS MDI IDF

Answer 64

** Answer: MDF ** A Main Distribution Frame (MDF) is a central hub for telecommunications wiring that's important for network security. MDFs are a key part of a building's telecommunications infrastructure and are often located on the first floor.

Question 65

Which of the acronyms listed below refers to a protocol used in network management systems for monitoring network-attached devices? SSH VNC SNMP RDP

Answer 65

** Answer: SNMP ** Simple Network Management Protocol (SNMP) is an internet standard that can be vulnerable to security breaches. To secure SNMP, you can use access control lists (ACLs), encryption, and other best practices.

Question 66

Which of the following answers refers to a routing protocol? RTP BGP RDP EAP

Answer 66

** Answer: BGP ** BGP security protects the Border Gateway Protocol (BGP) from attacks by verifying the authenticity of routing information. BGP is a protocol that exchanges routing information between networks.

Question 67

A specific URI type most commonly used to identify web pages is referred to as: DOI ISBN OUI URL

Answer 67

** Answer: URL **

Question 68

Which of the answers listed below refers to a solution that simplifies web browser configurations by using predefined rules or scripts to make server selection decisions for specific web traffic? PAC DDNS PAM NAT

Answer 68

** Answer: PAC ** PAC stands for Physical Access Control System, which is a security system that controls who can enter a building or facility. PACS can use a variety of methods to authenticate users, including PINs, biometrics, and mobile credentials.

Question 69

Which of the following terms refers to a network of physical devices, vehicles, buildings, and other items embedded with sensors, software, and other technologies that connect and exchange data with other devices and systems over the Internet? SoC PAN IoT WMN

Answer 69

** Answer: IoT ** Internet of Things (IoT) security is the protection of devices and networks connected to the internet. It's a subset of cybersecurity. ** IoT security goals ** -- Protect user privacy and data confidentiality -- Ensure the security of devices and infrastructure -- Allow the IoT ecosystem to function smoothly

Question 70

Which of the answers listed below refers to a unique 32-bit identifier embedded in older mobile phones and used by network operators to identify and authenticate the device on the cellular network? MAC ESN IP OID

Answer 70

** Answer: ESN ** The full form of ESN is Electronic Serial Number. An ESN is a unique identification number that the manufacturers embed on a microchip used in wireless phones.

Question 71

Which of the following answers refers to a software-based solution that allows users to access and interact with a virtual OS from anywhere using any device with an Internet connection? VDU VTC VDE VNC

Answer 71

** Answer: VDE ** VDE standards are technical regulations that define safety requirements, test procedures, and other specific criteria for products and systems in the field of electrical engineering, electronics, and information technology.

Question 72

GPG is used for: (Select all that apply) Securing website traffic Managing public and private keys ( Your answer) Signing and verifying digital signatures ( Your answer) Compressing data Encrypting and decrypting data ( Your answer)

Answer 72

** Answer: GPG ** GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's cryptographic software suite PGP. The software is compliant with the now obsoleted RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable with GnuPG and other OpenPGP v4-compliant systems. -- Managing public and private keys -- Signing and verifying digital signatures -- Encrypting and decrypting data

Question 73

A software system that integrates and manages various business processes and functions across an organization is known as: BCP CMS ERP BIA

Answer 73

** Answer: ERP ** Enterprise Resource Planning (ERP) security is the protection of a company's ERP systems from cyber threats. ERP systems are software platforms that integrate business processes, including finance, human resources, and supply chain management. They store sensitive data, making them attractive targets for cybercriminals.

Question 74

What is RIPEMD? Block cipher encryption mode Digital signature algorithm Family of cryptographic hash functions Symmetric encryption algorithm

Answer 74

** Answer: C. Family of cryptographic hash functions ** RIPEMD is a cryptographic hash function used to verify data integrity and detect tampering. It's used in cybersecurity and in Bitcoin and other cryptocurrencies.

Question 75

Which of the following acronyms refers to a dedicated facility responsible for monitoring, detecting, investigating, and responding to cybersecurity incidents? NOC C2 ISAC SOC

Answer 75

** Answer: SOC ** "Security Operations Center," which is a centralized unit within an organization responsible for continuously monitoring, detecting, analyzing, and responding to potential cyber threats across the company's network and systems, aiming to prevent and minimize damage from cyber attacks.