CompTIA Security+ Quiz 4 Flashcards
Which of the answers listed below refers to a concept that provides insights into methods and tools that cybercriminals use to carry out attacks?
A) TTP
B) CVE
C) ATT&CK
D) CVSS
A) TTP
Which of the following solutions provides active network security breach response on an individual computer system?
A) NIDS
B) HIDS
C) NIPS
D) HIPS
D) HIPS
A dedicated security solution that filters, monitors, and blocks HTTP/HTTPS traffic between a web application and the Internet is referred to as:
A) UTM
B) NGFW
C) UEM
D) WAF
D) WAF
Which of the acronyms listed below refers to a risk assessment formula defining probable financial loss due to a risk over a one-year period?
A) ARO
B) SLE
C) ALE
D) SLA
C) ALE
A software technology designed to provide confidentiality for an entire data storage device is known as:
A) TPM
B) FDE
C) EFS
D) HSM
B) FDE
High MTBF value indicates that a component or system provides low reliability and is more likely to fail.
A) True
B) False
B) False
Which part of the AAA security architecture deals with the verification of the identity of a person or process?
A) Accounting
B) Authentication
C) Auditing
D) Authorization
B) Authentication
Which of the following answers refers to a routing protocol used in computer networks to determine the best path for routing data packets from one network node to another?
A) BGP
B) EIGRP
C) RIP
D) OSPF
D) OSPF
Which of the answers listed below refers to an industry standard for assessing and scoring the severity of computer system security vulnerabilities?
A) SIEM
B) CVSS
C) OSINT
D) SOAR
B) CVSS
Which of the following answers refers to a hardware or software solution providing secure remote access to networks and resources?
A) NAC
B) RDP
C) SSH
D) RAS
D) RAS
Which of the wireless technologies listed below are deprecated and should not be used due to their known vulnerabilities? (Select 2 answers)
A) WPS
B) WAP
C) WPA2
D) WAF
E) WEP
A) WPS
E) WEP
Which of the following answers refer(s) to SSDs? (Select all that apply)
A) Low performance
B) Relatively high device cost
C) Lower capacity in comparison to magnetic drives
D) High performance
E) Relatively low device cost
F) Higher capacity in comparison to magnetic drives
G) Lack of moving parts (takes advantage of memory chips instead of magnetic platters
B) Relatively high device cost
C) Lower capacity in comparison to magnetic drives
D) High performance
G) Lack of moving parts (takes advantage of memory chips instead of magnetic platters
An SWG is a software component, or a hardware device designed to prevent unauthorized traffic from entering an internal network of an organization. An SWG implementation may include various security services, such as packet filtering, URL/content filtering, malware inspection, application controls, AUP enforcement, or DLP.
A) True
B) False
A) True
A type of forensic evidence that can be used to detect unauthorized access attempts or other malicious activities is called:
A) CVE
B) IoC
C) AIS
D) OSINT
B) IoC
Which of the answers listed below refers to a remote access authentication protocol that periodically re-authenticates client at random intervals to prevent session hijacking?
A) EAP
B) CHAP
C) PAP
D) PEAP
B) CHAP
A type of surveillance system comprising video cameras and monitors that enable continuous monitoring and recording of specific areas is commonly referred to as CCTV.
A) True
B) False
A) True
Which of the following answers refers to an ECC-based method for creating and verifying digital signatures?
A) DHE
B) ECDSA
C) HMAC
D) ECDHE
B) ECDSA
Which of the actions listed below can be taken by an IDS? (Select 2 answers)
A) Firewall reconfiguration
B) Closing down connection
C) Logging
D) Terminating process
E) Sending an alert
C) Logging
E) Sending an alert
FTPS is an extension to the SSH protocol and runs by default on port number 22.
A) True
B) False
B) False
Which of the following terms refers to a dedicated transport mechanism for cyber threat information?
A) STIX
B) CVE
C) TAXII
D) CVSS
C) TAXII
Which of the answers listed below refers to a legacy symmetric-key block cipher encryption algorithm?
A) RC4
B) DES
C) RSA
D) DSA
B) DES
A Microsoft-proprietary protocol providing a user with graphical interface for connecting to another networked host is known as:
A) VDI
B) RDP
C) SSH
D) VNC
B) RDP
Which of the following acronyms refers to a comprehensive strategy and set of procedures designed to ensure that an organization can continue its critical operations and functions during and after a disruptive event?
A) DRP
B) CP
C) BCP
D) COOP
C) BCP
Which type of Trojan enables unauthorized remote access to a compromised system?
A) APT
B) RAT
C) MaaS
D) PUP
B) RAT
The term “AI” refers to computer systems and algorithms that can perform tasks typically requiring human intelligence, such as problem-solving, learning, and decision-making.
A) True
B) False
A) True
Which of the algorithms listed below does not fall into the category of asymmetric encryption?
A) RSA
B) GPG
C) DSA
D) AES
E) DHE
F) ECDHE
G) PGP
D) AES
A type of cyberattack focused on making a website, service, or network unavailable to users by overloading it with traffic or malicious requests is called:
A) SQLi
B) XSS
C) CSRF
D) DoS
D) DoS
In quantitative risk assessment, this term is used for estimating the likelihood of occurrence of a future threat.
A) ALE
B) SLA
C) ARO
D) SLE
C) ARO
Which of the following answers refers to a cryptographic file generated by an entity requesting a digital certificate from a CA?
A) OID
B) CSR
C) DN
D) CRL
B) CSR
Which of the answers listed below refers to a broad term that encompasses various control and automation systems used in industrial settings to control and monitor physical processes and machinery?
A) ICS
B) PLC
C) SCADA
D) HMI
A) ICS
ACL, FACL, DAC, MAC, and RBAC are all access control mechanisms that can be used to manage user permissions and protect the confidentiality, integrity, and availability of data.
A) True
B) False
A) True
A type of access control model that grants object owners the authority to determine access permissions is referred to as:
A) ACL
B) RBAC
C) DAC
D) MAC
C) DAC
Which wireless technology enables identification and tracking of tags attached to objects?
A) WTLS
B) GPS
C) RFID
D) NFC
C) RFID
Which of the following answers refers to a tunneling protocol that is often used in combination with IPsec to secure VPN connections?
A) GRE
B) L2TP
C) BGP
D) SSL
B) L2TP
Which of the answers listed below refers to a cloud computing service model in which clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment and software?
A) SaaS
B) DaaS
C) PaaS
D) IaaS
D) IaaS