CompTIA Security + Mock Flashcards
Things to study | Tests (1-12)
Physical Security Controls
- Lighting
- Fencing/Bollards/Barricades
- Access control vestibules
- Security guards
Detective Security Controls
- Log monitoring
- Security audits
- Vulnerability scanning
- CCTV
- IDS
Compensating Security Controls
- Backup power systems
- Application sandboxing
- MFA
- Network segmentation
Non-Repudiation
“The term ‘non-repudiation’ describes the inability to deny responsibility for performing a specific action. In the context of data security, non-repudiation provides proof of data origin and integrity, ensuring that a sender cannot later deny having sent a message or taken an action. However, it does not directly ensure data confidentiality—that is the role of encryption.”
2 components within the AAA Functionality
- TACACS+
- RADIUS
Which of the answers listed below refers to a Zero Trust Control Plane security approach that takes into account user identity, device security, network conditions, and other contextual information to enable dynamic access decisions?
Implicit trust, Adaptive identity or Monitoring and logging ?
Adaptive Identity
A security approach that adjusts authentication requirements (like passwords or multi-factor checks) based on risk factors such as user behaviour, location, or device. It provides stronger security for suspicious logins while reducing friction for normal access.
Analogy: Adaptive Identity is like a bouncer who only checks your ID if you act suspicious—otherwise, you walk right in.
A hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates is known as:
PKI, CA or RA ?
PKI (Public Key Infrastructure)
A system that manages digital certificates and public-key encryption to securely exchange data over networks. It verifies identities (like websites or users) and ensures encrypted communication.
Analogy: PKI is like a digital passport office—it issues IDs (certificates) and checks them to confirm who’s trustworthy.
What is the typical use of a public key?
Data decryption, User/device authentication or Data encryption ?
Data Encryption
The process of converting readable data (plaintext) into scrambled code (cipher-text) to protect it from unauthorised access, ensuring only those with the correct key can decrypt and read it.
Analogy: Data encryption is like a secret language only people with the right “decoder ring” (key) can understand the message.
Key Escrow
Key Escrow
A system where encryption keys are securely stored with a trusted third party (like a government or company) to allow authorised recovery of encrypted data if needed, such as for legal investigations.
Analogy: Key escrow is like leaving your house keys with a trusted neighbour—only used in emergencies when you can’t access your home (data) yourself.
EFS
EFS (Encrypting File System)
A Windows feature that provides file-level encryption to protect sensitive data on NTFS drives, allowing only authorised users to access the encrypted files.
Analogy: EFS is like a personal safe built into your desk—only you have the key to open and view its contents, even if someone gains access to your computer.
Which of the following software application tools are specifically designed for implementing encryption algorithms to secure data communication and storage? (Select 2 answers)
VPN, GPG, SSH, IPsec or PGP ?
GPG (GNU Privacy Guard)
A free and open-source encryption tool that uses public-key cryptography to secure emails, files, and digital signatures, ensuring privacy and authenticity. It’s the open-source version of PGP, following the same standards.
Analogy: GPG is like a community-built lockbox—anyone can use it for free, and it works just as well as the brand-name version (PGP).
PGP (Pretty Good Privacy)
A widely-used encryption program for securing emails and files by combining symmetric and asymmetric encryption, along with digital signatures for verification. Originally proprietary, now owned by Symantec.
Analogy: PGP is like the original patented lockbox—it set the standard, but you might pay for extra features.
Which of the answers listed below refers to a deprecated TLS-based method for secure transmission of email messages?
S/MIME, STARTTLS, DKIM or SMTPS ?
SMTPS (Simple Mail Transfer Protocol Secure)
A secure version of SMTP that encrypts email transmissions using SSL/TLS, preventing eavesdropping or tampering during delivery. It ensures emails are sent safely over the internet.
Analogy: SMTPS is like sending a letter in a locked armored truck instead of a clear envelope—no one can peek at it in transit.
Which of the following answers refers to an obsolete protocol used for secure data transfer over the web?
SMTPS, SRTP, SHTTP, S/MIME ?
SHTTP (Secure Hypertext Transfer Protocol)
An older protocol designed to encrypt HTTP web traffic individually for each page or transaction, unlike HTTPS which secures the entire connection. It provided granular security but is now obsolete.
Analogy: SHTTP is like sealing only specific letters in an envelope—while HTTPS wraps the entire package in tamper-proof tape.
Which protocol enables secure, real-time delivery of audio and video over an IP network?
S/MIME, RTP, SIP or SRTP ?
SRTP (Secure Real-time Transport Protocol)
A security extension for RTP (Real-time Transport Protocol) that encrypts voice/video data (e.g., VoIP calls) to prevent eavesdropping, tampering, or replay attacks.
Analogy: SRTP is like a scrambled satellite feed—only authorised receivers (with the right decryption key) can watch the broadcast clearly.
A security protocol designed to improve the security of existing WEP implementations is known as:
WPA2, RC4, CCMP or TKIP ?
TKIP (Temporal Key Integrity Protocol)
A security protocol created to replace WEP encryption in Wi-Fi networks, providing stronger encryption (via dynamic keys) and protection against attacks like packet forgery.
Analogy: TKIP is like a constantly changing lock on your Wi-Fi door—hackers can’t pick it because the key resets every few minutes.
Which of the following answers refer(s) to deprecated/insecure encryption protocols and cryptographic hash functions? (Select all that apply)
DES, AES-256, MD5, ECC, SHA-1, SSL or RC4 ?
- DES (Data Encryption Standard)
- MD5 (Message Digest Algorithm 5)
- SHA1 (Secure Hash Algorithm 1)
- SSL (Secure Sockets Layer)
- RC4 (Rivest Cipher 4)
Symmetric Ciphers
AES (Advanced Encryption Standard)
DES (Data Encryption Standard)
IDEA (International Data Encryption Algorithm)
RC4 (Rivest Cipher 4)
Asymmetric Encryption
DHE (Diffie-Hellman Ephemeral)
ECC (Elliptic Curve Cryptography)
RSA (Rivest-Shamir-Adleman)
Which of the answers listed below refers to a shared secret authentication method used in WPA, WPA2, and EAP?
PSK, 802.1X, SAE or TKIP ?
PSK (Pre-Shared Key)
A symmetric encryption method where a secret key is shared between parties in advance to authenticate and secure communications (e.g., Wi-Fi passwords, VPNs). Simple but lacks forward secrecy.
Analogy: PSK is like a secret club password—everyone uses the same one, and if it leaks, the whole group is compromised.
Which of the answers listed below refers to a solution designed to strengthen the security of session keys?
ECB, PFS, EFS or PFX ?
PFS (Perfect Forward Secrecy)
A security feature that ensures session keys are temporary and not derived from a long-term master key, so even if a server’s private key is compromised, past communications remain secure.
Analogy: PFS is like using self-destructing messages—each conversation has its own unique lock, and throwing away the key afterward means no one can decrypt old chats, even if they hack you later.
Which of the following answers refers to a public-key cryptosystem used for digital signatures, secure key exchange, and encryption?
ECC, RSA, PKI, or DSA ?
RSA (Rivest-Shamir-Adleman)
A widely-used public-key cryptosystem for encryption and digital signatures, relying on the mathematical difficulty of factoring large prime numbers. It’s the backbone of SSL/TLS, SSH, and PGP.
Analogy: RSA is like a heavyweight safe—it’s trusted and durable, but requires more muscle (computing power) to lock/unlock compared to modern alternatives.
Which of the cryptographic algorithms listed below is the least vulnerable to attacks?
AES, DES, RC4, or 3DES ?
AES (Advanced Encryption Standard)
A symmetric encryption algorithm adopted by the U.S. government and used worldwide to secure classified and sensitive data. It operates on fixed block sizes (128 bits) and supports key lengths of 128, 192, or 256 bits.
Analogy: AES is like a bank vault—virtually impenetrable when properly configured, trusted by everyone from corporations to governments.
Which of the answers listed below refers to a deprecated stream cipher used in some legacy applications, such as WEP?
RSA, DES, SSL or RC4 ?
RC4 (Rivest Cipher 4)
A stream cipher once widely used in WEP (Wi-Fi), SSL/TLS, and Microsoft products, now deprecated due to critical vulnerabilities that leak plaintext data.
Analogy: RC4 is like a broken faucet—no matter how you adjust it, secrets drip out.
Which of the following answers refers to an embedded microcontroller used for secure boot, disk encryption, and system integrity verification?
TPM, SoC, UEFI or HSM ?
TPM (Trusted Platform Module)
A dedicated hardware chip (or firmware) that securely stores cryptographic keys, passwords, and certificates to verify system integrity and enable features like disk encryption (BitLocker) or secure boot.
Analogy: TPM is like a vault built into your computer’s motherboard—only it can unlock critical security features, making theft or tampering futile.