CompTIA Security + Mock Flashcards
Things To Study | Test 13-18
Which of the answers listed below refers to a protocol used to set up secure connections and exchange of cryptographic keys in IPsec VPNs?
SSL, IKE, ESP or DHE ?
IKE (Internet Key Exchange)
A protocol used to set up a secure VPN connection by negotiating and managing encryption keys.
Think of it as a digital handshake that agrees on how to lock and unlock data between two devices.
Which part of the IPsec protocol suite provides data integrity and authentication but not encryption?
CRC, AH, IKE or AES ?
AH (Authentication Header)
A protocol used in IPsec to provide data integrity, authentication, and anti-replay protection for network packets.
It ensures the data wasn’t tampered with in transit—like a tamper-proof seal on a package.
Which of the IPsec modes provides entire packet encryption?
A. Tunnel
B. Payload
C. Transport
D. Default
Tunnel (IPsec)
A secure, encrypted connection between two endpoints that protects data in transit by encapsulating it within IPsec protocols (AH/ESP).
Functions like a private underground passage for network traffic.
Which of the answers listed below refers to any type of information pertaining to an individual that can be used to uniquely identify that person?
PHI, Biometrics, ID or PII ?
PII (Personally Identifiable Information)
Any data that can identify an individual, either alone or combined with other information (e.g., name, SSN, biometrics, or even device IDs when linked to a person).
Encryption methods used to protect data at rest:
FDE SED and EFS
FDE (Full Disk Encryption)
Encrypts all data on a storage device (including OS/files). Protects against physical theft. Requires pre-boot authentication (e.g., BitLocker).
SED (Self-Encrypting Drive)
A hardware-based FDE solution where the drive itself handles encryption/decryption automatically. No performance overhead (e.g., TCG Opal drives).
EFS (Encrypting File System)
File/folder-level encryption built into NTFS (Windows). Uses user certificates for access control. Doesn’t encrypt system files.
Encryption methods used to protect data in transit:
VPN, TLS and IPsec
VPN (Virtual Private Network)
Creates a secure, encrypted tunnel between your device and a private network over the internet, hiding your data and location from outsiders.
TLS (Transport Layer Security)
A cryptographic protocol that ensures secure communication over a network by encrypting data between web browsers and servers (used in HTTPS).
IPsec (Internet Protocol Security)
A suite of protocols that secures internet communication by authenticating and encrypting each IP packet in a network connection (often used in VPNs).
Which of the following answers refer to data masking? (Select 2 answers)
Replaces sensitive data with fictitious or modified data while retaining its original format.
Allows for data manipulation in environments where the actual values are not needed.
Data Masking
A technique that obscures sensitive data (e.g., PII, financial info) in non-production environments to protect privacy while maintaining usability.
Which of the following modifies data or code to make it difficult to understand or reverse-engineer, but without necessarily encrypting or hiding the data?
A. Tokenisation
B. Encryption
C. Obfuscation
D. Hashing
Obfuscation
The deliberate act of making code, data, or communications difficult to understand or analyse, often used to hide malicious activity or protect intellectual property.
Hardware RAID Level 5 features:
A. Requires at least 2 drives to implement.
B. Continues to operate in case of failure of more than 1 drive.
C. Is also known as disk striping with double parity.
D. Requires at least 3 drives to implement.
E. Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives).
F. Requires at least 4 drives to implement
G. Is also known as disk striping with parity.
D. Requires at least 3 drives to implement.
E. Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives).
G. Is also known as disk striping with parity.
RAID (Redundant Array of Independent Disks)
A storage technology that combines multiple physical disks into a single logical unit for improved performance, redundancy, or both.
Hardware RAID Level 6 features:
A. Is also known as disk striping with parity.
B. Requires at least 4 drives to implement.
C. Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the array and lost data can be re-created by the remaining drives).
D. Requires at least 3 drives to implement.
E. Is also known as disk striping with double parity .
F. Continues to operate in case of failure of more than 2 drives.
G. Requires at least 5 drives to implement.
B. Requires at least 4 drives to implement.
C. Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the array and lost data can be re-created by the remaining drives).
E. Is also known as disk striping with double parity.
RAID (Redundant Array of Independent Disks)
A storage technology that combines multiple physical disks into a single logical unit for improved performance, redundancy, or both.
Which of the answers listed below refers to the primary function of load balancing?
A. Maintains identical copies of data across multiple servers to enhance data availability and reliability.
B. Distributes workload across multiple servers for improved performance.
C. Groups servers together to provide high availability and fault tolerance.
D. Distributes content geographically across multiple servers to improve performance, reduce latency, and handle high volumes of traffic.
B. Distributes workload across multiple servers for improved performance.
Load Balancing
The distribution of network traffic across multiple servers or resources to optimise efficiency, reliability, and performance.
Which alternate site allows for the fastest disaster recovery?
A. Cold site
B. Hot site
C. Mobile site
D. Warm site
Hot Site
A fully operational, ready-to-use disaster recovery facility with all necessary hardware, software, and data to immediately resume business operations after a failure.
Which of the solutions listed below provides redundancy and fault tolerance by dividing tasks into smaller subtasks and distributing them across multiple systems to be executed simultaneously?
A. Load balancing
B. Multitasking
C. Clustering
D. Parallel processing
Parallel Processing
A computing method where multiple tasks are executed simultaneously across multiple processors or cores to speed up performance.
A file-based representation of the state of a virtual machine at a given point in time is referred to as:
A. Restore point
B. Shadow copy
C. Snapshot
D. System image
Snapshot
A point-in-time copy of a system, file, or dataset, preserving its state for backup, recovery, or analysis.
Key Traits:
- Static Backup: Captures exact state at a specific moment.
- Quick Restoration: Enables rollback to the snapshot’s state.
- Use Cases: VM backups, database versioning, forensic analysis.
What type of backups are commonly used with virtual machines?
A. Incremental backups
B. Snapshot backups
C. Tape backups
D. Differential backups
Snapshot Backups
A backup method that captures the exact state of a system, file, or dataset at a specific point in time, allowing for quick restoration if needed.
Which of the terms listed below is used to describe a foundational level of security configurations and settings required to safeguard a system?
A. Logical segmentation
B. Secure baseline
C. Access control levels
D. Principle of least privilege
Secure Baseline
A predefined set of security configurations applied to systems or software to ensure they meet minimum protection standards.
Key Traits:
- Standardisation: Uniform settings across all devices (e.g., firewalls, password policies).
- Hardening: Disables risky defaults (guest accounts, unused ports).
- Compliance: Aligns with frameworks like CIS Benchmarks or NIST guidelines.
Which of the following answers refers to a mobile security solution that enables separate controls over the user and enterprise data?
A. Resource provisioning
B. Content management
C. Storage segmentation
D. Just-in-time permissions
Storage Segmentation
The practice of dividing storage systems into isolated sections to limit access and reduce risk of unauthorised data exposure.
Key Traits:
- Isolation: Separates data by type, sensitivity, or user (e.g., HR vs. public files).
- Access Control: Enforces strict permissions per segment (role-based rules).
- Use Cases: PCI DSS (payment data), HIPAA (medical records), multi-tenant clouds.
In the context of MDM, the isolation of corporate applications and data from other parts of the mobile device is referred to as:
A. Containerisation
B. Storage segmentation
C. Virtualisation
D. Content management
Containerisation
A lightweight virtualisation method that packages applications and their dependencies into isolated, portable units (containers) running on a shared OS kernel.
Key Traits:
- Efficiency: Uses fewer resources than VMs (no full OS per instance).
- Portability: Runs consistently across environments (dev, test, prod).
Isolation: Processes are segregated, though less secure than VMs.
Which of the answers listed below refer to workstation hardening techniques? (Select 3 answers)
- Hiding administrator accounts.
- Regularly applying security patches and updates to the OS and installed software.
- Disabling all internet access.
- Removing or disabling unnecessary drivers, services, software, and network protocols.
- Limiting unauthorised or unauthenticated user access.
Regularly applying security patches and updates to the OS and installed software.
Removing or disabling unnecessary drivers, services, software, and network protocols.
Limiting unauthorised or unauthenticated user access.
Workstation Hardening
The process of securing a computer (desktop/laptop) by reducing vulnerabilities through configuration changes, patches, and access controls.
Which type of software enables centralised administration of mobile devices?
MFA, MMC, MDM or MFD ?
MDM (Mobile Device Management)
A centralised system for managing and securing mobile devices (smartphones, tablets) used within an organisation.
Key Traits:
Remote Control: Enforces policies (passcodes, encryption), wipes lost devices.
App Management: Approves/blocks apps, pushes updates.
BYOD Support: Separates work/personal data on employee-owned devices.
Which of the following acronyms refers to a client authentication method used in WPA3 Personal mode?
SAE, IKE, PSK, or AES ?
SAE (Simultaneous Authentication of Equals)
A secure key exchange protocol used in WPA3 to replace the older PSK (Pre-Shared Key) method, providing stronger protection against brute-force attacks.
Key Traits:
- Forward Secrecy: Generates unique session keys per connection.
- Resilience: Resists offline dictionary attacks.
- Usage: Mandatory in WPA3 for Wi-Fi security.
What are the characteristics of TACACS+? (Select 3 answers)
A. Encrypts only the password in the access-request packet.
B. Combines authentication and authorisation.
C. Encrypts the entire payload of the access-request packet.
D. Primarily used for device administration.
E. Separates authentication and authorisation.
F. Primarily used for network access.
C. Encrypts the entire payload of the access-request packet.
D. Primarily used for device administration.
E. Separates authentication and authorisation.
TACACS+ (Terminal Access Controller Access Control System Plus)
A Cisco-developed AAA protocol for granular device administration (e.g., routers, switches).
What are the characteristic features of RADIUS? (Select 3 answers)
A. Primarily used for network access.
B. Encrypts the entire payload of the access-request packet.
C. Combines authentication and authorisation.
D. Encrypts only the password in the access-request packet.
E. Primarily used for device administration.
F. Separates authentication and authorisation.
A. Primarily used for network access.
C. Combines authentication and authorisation.
D. Encrypts only the password in the access-request packet.
RADIUS (Remote Authentication Dial-In User Service)
A centralised AAA (Authentication, Authorisation, Accounting) protocol for managing network access, often used for VPNs, Wi-Fi, and ISP logins.
Dynamic code analysis:
- Typically used later in the software development lifecycle.
- Analyses runtime properties like memory usage, performance, and error handling to identify issues such as memory leaks, performance bottlenecks, and runtime errors.
- Involves executing the code and analysing its behaviour at runtime.
Dynamic Code Analysis
The process of testing software by executing it in real-time to identify vulnerabilities, runtime errors, or malicious behaviour.
Key Traits:
1. Runtime Testing: Analyses code while it runs (vs. static analysis).
- Finds Live Issues: Detects memory leaks, zero-day exploits, or insecure dependencies.
- Tools: Fuzzers, debuggers, or sandboxed environments.
Which of the terms listed below refers to tracking and managing software application components, such as third-party libraries and other dependencies?
A. Version control
B. Package monitoring
C. Configuration enforcement
D. Application hardening
Package Monitoring
The continuous tracking and analysis of software packages (libraries, dependencies) to detect vulnerabilities, outdated versions, or malicious code.
Key Traits:
- Dependency Checks: Flags insecure or deprecated packages (e.g., via npm, pip).
- Automated Alerts: Notifies developers of CVEs or license risks.
- Tools: Snyk, Dependabot, OWASP Dependency-Track.
Which of the terms listed below refers to a US government initiative for real-time sharing of cyber threat indicators?
A. AIS
B. STIX
C. TTP
D. CVSS
AIS (Automated Indicator Sharing)
A system that enables real-time exchange of cybersecurity threat data (e.g., malware signatures, malicious IPs) between organisations and government entities.
Key Traits:
- Standardised Formats: Uses STIX/TAXII for machine-readable data.
- Collaborative Defence: Speeds up threat response across sectors.
- Managed by: DHS CISA in the U.S. (e.g., US-CERT).
Which of the following provides insights into the methods and tools used by cybercriminals to carry out attacks?
A. CVE
B. IoC
C. AIS
D. TTP
TTP (Tactics, Techniques, and Procedures)
A framework used to describe the behavioUr of cyber attackers, including their methods (techniques), strategies (tactics), and specific tools/processes (procedures).
Key Traits:
Threat Analysis: Helps identify and defend against attack patterns (e.g., MITRE ATT&CK framework).
Defensive Use: Guides security teams in detecting and mitigating threats.
Examples: Phishing (technique), lateral movement (tactic), custom malware (procedure).
A responsible disclosure program is a formal process established by an organisation to encourage security researchers and ethical hackers to report vulnerabilities they discover in the organisation’s systems or software. A bug bounty program is a specific type of responsible disclosure program that offers financial rewards to security researchers for reporting valid vulnerabilities.
True or False?
True!
Responsible Disclosure Program
A formal process that allows security researchers to report vulnerabilities to an organisation privately, giving them time to fix the issue before public disclosure.
Key Traits:
Safe Reporting: Provides a secure channel (e.g., encrypted email, bug bounty platforms).
Timeframe: Sets a deadline for fixes (e.g., 90 days) before public release.
Benefits: Avoids exploitation while crediting researchers.
An antivirus software identifying non-malicious file as a virus due to faulty virus signature file is an example of:
A. Fault tolerance
B. False positive error
C. Quarantine feature
D. False negative error
False positive error
A false positive error occurs when a test or experiment incorrectly indicates the presence of a condition when it is actually absent.
Which of the answers listed below refers to a situation where no alarm is raised when an attack has taken place?
A. False negative
B. True positive
C. False positive
D. True negative
False negative
A false negative error occurs when a test or experiment fails to detect a condition that is actually present.
What is Exposure Factor (EF) in vulnerability analysis?
The degree of loss that a realised threat would have on a specific asset.
The Exposure Factor (EF)
Represents the percentage of loss or damage to an asset if a specific threat or vulnerability is exploited. It is a key component in risk assessment, helping quantify potential impact.
Which of the statements listed below does not refer to a vulnerability response and remediation technique?
A. Applying updates or fixes provided by software vendors to address the vulnerability (patching).
B. Ensuring financial recovery from the costs associated with a successful cyberattack (insurance).
C. Dividing a network into smaller, isolated zones to limit the potential impact of a vulnerability (segmentation).
D. Mitigating the risk associated with a vulnerability that cannot be immediately patched by implementing alternative security measures (compensating controls).
E. Delaying or forgoing a patch for a specific system, e.g., when applying a patch may not be feasible due to compatibility issues or potential disruptions to critical systems (exceptions and exemptions).
F. All of the above answers are examples of vulnerability response and remediation techniques.
F. All of the above answers are examples of vulnerability response and remediation techniques.
Vulnerability Remediation
The process of identifying, prioritising, and mitigating security weaknesses to reduce risk.
The practice of isolating potentially malicious or suspicious entities to prevent them from causing harm to the rest of the network or system is known as:
A. Sandboxing
B. Containerisation
C. Quarantine
D. Segmentation
C. Quarantine
Quarantine is an isolation technique used to separate and restrict potentially malicious files, devices, or network segments from the rest of the system to prevent further damage while investigation and remediation occur.
The following refer to SCAP
A collection of standards developed by NIST.
Provides a common language for communicating security information.
Allows different security tools to share data and work together more effectively.
SCAP (Security Content Automation Protocol)
A standardised framework for automating vulnerability management, compliance checking, and security configuration.
Key Traits:
Components: Includes CVE (vulnerabilities), CCE (configurations), and CVSS (scoring).
Automation: Enables tools to scan/compare systems against benchmarks (e.g., NIST baselines).
Use Cases: Government (FISMA), enterprises (continuous monitoring).
The listed below refer to SIEM
Designed to provide a centralised user interface for accessing collected data.
Enables real-time threat detection, incident response, and compliance monitoring.
A type of security system designed to collect logs and events from various sources.
SIEM (Security Information and Event Management)
A system that collects, analyses, and correlates security event data from across an organisation’s network to detect and respond to threats.
Which of the following acronyms refers to software or hardware-based security solutions designed to detect and prevent unauthorised use and transmission of confidential information?
A. PS
B. DLP
C. IDS
D. DEP
DLP (Data Loss Prevention)
A set of tools and policies designed to prevent unauthorised access, leakage, or theft of sensitive data.
An SNMP-compliant device includes a virtual database containing information about configuration and state of the device that can be queried by an SNMP management station. This type of data repository is referred to as:
A. MIB
B. DCS
C. NMS
D. SIEM
A. MIB (Management Information Base)
A hierarchical database used by network management protocols (like SNMP) to store and organise information about network devices (e.g., routers, switches).
SNMP (Simple Network Management Protocol)
A protocol used to monitor and manage network devices (routers, servers, printers) by collecting and organising their performance data.
Which of the answers listed below refers to a network protocol developed by Cisco for collecting information about IP traffic flowing across network devices like routers, switches, and firewalls?
A. OpenVAS
B. iPerf
C. pfSense
D. NetFlow
NetFlow
A network protocol developed by Cisco for collecting and monitoring traffic flow data, helping analyse bandwidth usage, detect anomalies, and troubleshoot issues.
Which of the following refers to a set of rules defining how a firewall manages network traffic?
A. MAC
B. ACL
C. NAC
D. DLP
ACL (Access Control List)
A set of rules that defines permissions for network traffic or file system access, specifying which users or systems are allowed or denied access to resources.
A lightly protected subnet (a.k.a. DMZ) consisting of publicly available servers placed on the outside of the company’s firewall is known as:
A. Captive portal
B. Quarantine network
C. Extranet
D. Screened subnet
Screened Subnet (DMZ 2.0)
A secured network segment sandwiched between two firewalls, isolating publicly accessible services (e.g., web servers) from internal networks.
A type of IDS/IPS that compares current network traffic against a database of known attack patterns is called:
A. Heuristic
B. Anomaly-based
C. Behavioural
D. Signature-based
D. Signature-based detection
A method used by Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to identify known threats by comparing network traffic, files, or system activity against a database of predefined attack patterns (signatures).
Agent-based web filtering:
Requires installing software on each device that needs to be monitored.
Provides flexibility and granular control over web activity at the device level.
Involves increased management overhead and system resource consumption.
Agent-based web filtering
A security approach where a local software agent (installed on endpoints) monitors and controls web traffic, enforcing access policies regardless of network location (unlike network-based filtering).
Web filtering via centralised proxy:
Does not require software to be installed on each individual device.
Simplifies administration and ensures consistent enforcement of web filtering policies across the network.
Requires a functioning central server for web filtering to operate.
Centralised proxy-based web filtering uses a dedicated server (proxy) as an intermediary between users and the internet. All web traffic is routed through the proxy, which enforces security policies, blocks malicious sites, and logs activity.
Filtering techniques that can allow or block access to a site based on its web address:
URL Scanning
The process of analysing web links in real-time to detect malicious or suspicious content before users access them.
DNS Filtering
A security technique that blocks access to malicious or unwanted websites by intercepting DNS queries and preventing resolution of harmful domains.
In Windows Active Directory environment, this feature enables centralised management and configuration of operating systems, applications, and user account settings.
A. Local Users and Groups
B. Resource Monitor
C. Group Policy
D. User Account Control
Group Policy
A centralised management feature in Windows Active Directory that allows administrators to enforce security settings, software deployments, and system configurations across multiple domain-joined computers and users.
Which of the following protocols allow(s) for secure file transfer? (Select all that apply)
A. FTPS
B. TFTP
C. FTP
D. SFTP
A. FTPS (File Transfer Protocol Secure)
An extension of FTP that adds support for encryption (SSL/TLS) to protect data during file transfers.
D. SFTP (SSH File Transfer Protocol)
A secure file transfer protocol that encrypts both commands and data over a single SSH connection (port 22).
FTPS is an extension to the SSH protocol and runs by default on TCP port 22.
True or False ?
False!!
FTPS (File Transfer Protocol Secure)
A secure version of FTP that adds SSL/TLS encryption to protect data in transit, Negotiates encryption via AUTH TLS on port 21.
Which of the answers listed below refers to a secure replacement for Telnet?
A. RSH
B. IPsec
C. SSH
D. RTPS
C. SSH (Secure Shell)
A cryptographic network protocol that securely replaces Telnet by providing encrypted remote access, command execution, and file transfers over untrusted networks.
Which of the following answers refers to a deprecated protocol designed as a secure way to send emails from a client to a mail server and between mail servers?
A. IMAPS
B. SFTP
C. POP3S
D. SMTPS
D. SMTPS (Simple Mail Transfer Protocol Secure)
A secure version of SMTP that encrypts email transmissions using SSL/TLS to prevent eavesdropping or tampering.
Which of the protocols listed below enable secure retrieval of emails from a mail server to an email client? (Select 2 answers)
A. FTPS
B. IMAPS
C. POP3S
D. STARTTLS
E. SMTPS
IMAPS (Internet Message Access Protocol Secure)
This is the secure version of IMAP, which retrieves emails over an encrypted connection (typically port 993).
POP3S (Post Office Protocol 3 Secure)
A secure version of POP3 that encrypts email retrieval using SSL/TLS, protecting login credentials and message content.
Which of the following protocols enables secure access and management of emails on a mail server from an email client?
A. POP3S
B. SMTPS
C. IMAPS
D. S/MIME
IMAPS (Internet Message Access Protocol Secure)
A secure version of IMAP that encrypts email synchronisation between clients and servers using SSL/TLS.
Which of the answers listed below refers to a secure network protocol used to provide encryption, authentication, and integrity for real-time multimedia communication?
A. IPsec
B. SIP
C. VoIP
D. SRTP
D. SRTP (Secure Real-time Transport Protocol)
An encrypted version of RTP that secures voice/video streaming (e.g., VoIP calls) with AES encryption and authentication.
UDP is a connection-oriented protocol using a three-way handshake which is a set of initial steps required for establishing network connection. UDP supports retransmission of lost packets, flow control (managing the amount of data that is being sent), and sequencing (rearranging packets that arrived out of order). Example applications of UDP include transmission of text and image data.
True or False ?
False!
UDP (User Datagram Protocol)
A connectionless transport-layer protocol that prioritises speed over reliability, used for time-sensitive applications.
TCP is an example of a connectionless protocol. Because TCP does not support three-way handshake while establishing a network connection, it is referred to as unreliable or best-effort protocol. Example applications of TCP include transmission of video and audio streaming data.
True or False ?
False!
TCP (Transmission Control Protocol)
A connection-oriented transport-layer protocol that ensures reliable, ordered, and error-checked data delivery between applications.