CompTIA Security+ Quiz 3

Question 1

A less formal document outlining mutual goals and cooperation established between two or more parties is referred to as:

A) MOA
B) SOW
C) MOU
D) MSA

Answer 1

C) MOU

Question 2

Which of the following answers refers to a global standard development organization composed of different national standards bodies?

A) NIST
B) ISO
C) IEEE
D) ANSI

Answer 2

B) ISO

Question 3

The term “SD-WAN” refers to a network technology that uses software to manage and optimize network connections that extend over large geographic areas.

A) True
B) False

Answer 3

A) True

Question 4

Which of the answers listed below refers to a dedicated programming language used in database management?

A) PHP
B) C
C) SQL
D) JS

Answer 4

C) SQL

Question 5

Which of the following devices fall(s) into the category of PEDs? (Select all that apply)

A) Smartphone
B) Tablet
C) Desktop
D) Mainframe

Answer 5

A) Smartphone
B) Tablet

Question 6

Which of the terms listed below is used to describe an average time required to repair a failed component or device?

A) MTTF
B) RPO
C) MTTR
D) MTBF

Answer 6

C) MTTR

Question 7

Which of the following answers refers to a firewall type that improves upon first- and second-generation firewalls by offering additional features, such as more in-depth inspection of network traffic and application-level inspection?

A) IDS
B) Packet filter
C) NGFW
D) Stateful firewall

Answer 7

C) NGFW

Question 8

Which protocol enables secure, real-time delivery of audio and video over an IP network?

A) S/MIME
B) RTP
C) SIP
D) SRTP

Answer 8

D) SRTP

Question 9

Which of the answers listed below refers to a network security technology designed to monitor, detect, and mitigate unauthorized access, security threats, and suspicious activities in WLANs?

A) WIPS
B) NIDS
C) NIPS
D) WIDS

Answer 9

A) WIPS

Question 10

Which of the following answers refers to a method for creating and verifying digital signatures?

A) DHE
B) AES
C) DSA
D) SHA

Answer 10

C) DSA

Question 11

A type of legally binding contract that establishes the foundational terms and conditions governing future agreements between two parties is known as:

A) MOU
B) SLA
C) MSA
D) SOW

Answer 11

C) MSA

Question 12

Which part of IPsec provides authentication, integrity, and confidentiality?

A) SPD
B) PFS
C) AH
D) ESP

Answer 12

D) ESP

Question 13

Which of the answers listed below refers to a multi-protocol authentication framework frequently used in 802.11 networks and point-to-point connections?

A) PAP
B) MS-CHAP
C) EAP
D) CHAP

Answer 13

C) EAP

Question 14

Which of the following acronyms represents evidence that helps cybersecurity professionals detect potential security incidents?

A) APT
B) IoC
C) ATT&CK
D) EDR

Answer 14

B) IoC

Question 14

For a wireless client to be able to connect to a network, the security type (e.g., WEP, WPA, WPA2, or WPA3) and encryption type (e.g., TKIP or AES) settings on the connecting host must match the corresponding wireless security settings on a WAP.

A) True
B) False

Answer 14

A) True

Question 15

Which of the answers listed below refers to an obsolete authentication protocol that sends passwords in cleartext?

A) PAP
B) CHAP
C) EAP
D) MS-CHAP

Answer 15

A) PAP

Question 16

Which of the following answers refers to an internal telephone exchange or switching system implemented in a business or office?

A) POTS
B) VoIP
C) PBX
D) PSTN

Answer 16

C) PBX

Question 17

Which of the acronyms listed below refers to a maximum tolerable period of time required for restoring business functions after a failure or disaster?

A) SLA
B) RTO
C) AUP
D) RPO

Answer 17

B) RTO

Question 18

A computer network connecting multiple LANs over an area of a city is called:

A) PAN
B) SAN
C) MAN
D) CAN

Answer 18

C) MAN

Question 19

Which cryptographic protocol is designed to provide secure communications over a computer network and is the successor to SSL?

A) WEP
B) CCMP
C) TLS
D) AES

Answer 19

C) TLS

Question 20

Which of the following answers refers to an embedded microcontroller used for secure boot, disk encryption, and system integrity verification?

A) TPM
B) SoC
C) UEFI
D) HSM

Answer 20

A) TPM

Question 21

Which of the answers listed below refer to IMAP? (Select 2 answers)

A) Offers improved functionality in comparison to POP3

B) Serves the same function as POP3

C) Enables sending email messages from client devices

D) Offers less functions than POP3

E) Enables email exchange between mail servers

Answer 21

A) Offers improved functionality in comparison to POP3

B) Serves the same function as POP3

Question 22

Which cryptographic solution would be best suited for low-power devices, such as IoT devices, embedded systems, and mobile devices?

A) ECC
B) DES
C) RSA
D) AES

Answer 22

A) ECC

Question 23

The term “ASLR” refers to a technique used in modern OSs to enhance:

A) Data redundancy
B) System security
C) Performance
D) Storage capacity

Answer 23

B) System security

Question 24

Which of the following solutions provide the AAA functionality? (Select 2 answers)

A) CHAP
B) TACACS+
C) PAP
D) RADIUS
E) MS-CHAP

Answer 24

B) TACACS+

D) RADIUS

Question 24

Which of the acronyms listed below refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?

A) CRL
B) NAT
C) BCP
D) ACL

Answer 24

D) ACL

Question 25

A network admin can ping remote host by its IP address, but not by its domain name. Which of the following is the most probable source of this problem?

A) ICMP
B) DNS
C) HTTP
D) DHCP

Answer 25

B) DNS

Question 26

The role of a RA in PKI is to: (Select 2 answers)

A) Accept requests for digital certificates

B) Validate digital certificates

C) Authenticate the entity making the request

D)Provide backup source for cryptographic keys

E) Issue digital certificates

Answer 26

A) Accept requests for digital certificates

C) Authenticate the entity making the request

Question 27

Which of the answers listed below refers to a generic term used to identify any resource?

A) OUI
B) URI
C) OID
D) URL

Answer 27

B) URI

Question 28

Which of the following answers refers to a framework widely used for enabling secure third-party access to user accounts?

A) SSO
B) OAuth
C) MFA
D) SAML

Answer 28

B) OAuth

Question 29

An IV is a random or pseudorandom value used in cryptography to ensure that the same plaintext input does not produce the same ciphertext output, even when the same encryption key is used. The IV is typically used with encryption algorithms in block cipher modes to enhance security by introducing randomness to the encryption process.

A) True
B) False

Answer 29

A) True

Question 30

Which of the answers listed below refers to a security vulnerability that allows an attacker to inject malicious code into input fields, such as search bars or login forms, to execute unauthorized commands on a database?

A) RCE
B) SQLi
C) XSS
D) CSRF

Answer 30

B) SQLi

Question 31

What is the name of a mobile device deployment model in which employees select devices for work-related tasks from a company-approved device list?

A) VDI
B) CYOD
C) BYOD
D) COPE

Answer 31

B) CYOD

Question 32

Which of the following terms is used to describe sophisticated and prolonged cyberattacks often carried out by well-funded and organized groups, such as nation-states?

A) MitM
B) APT
C) XSRF
D) DDoS

Answer 32

B) APT

Question 33

What is STIX?

A) Vulnerability database

B) Common language for describing cyber threat information

C) US government initiative for real-time sharing of cyber threat indicators

D) Transport mechanism for cyber threat information

Answer 33

B) Common language for describing cyber threat information