CompTIA Security+ Quiz 7 Flashcards

Question 1

Q

What is the fastest way for checking the validity of a digital certificate?

A) CRL
B) OSPF
C) CSR
D) OCSP

Question 2

Q

Which of the terms listed below refers to a process of intercepting network traffic data for analysis and troubleshooting purposes?

A) AIS
B) PCAP
C) EDR
D) MaaS

Question 3

Q

In a Kerberos-protected network, this type of secure token is granted to users during their initial login to enable them access to multiple network services without the need to re-enter their login information.

A) OTP
B) TGT
C) AS
D) TGS

Question 4

Q

Which of the following answers refers to a language primarily used for automating the assessment of security vulnerabilities and configuration issues on computer systems?

A) OVAL
B) SAML
C) XML
D) SOAP

Question 5

Q

A remote access authentication protocol used primarily in Microsoft networks that periodically re-authenticates client at random intervals to prevent session hijacking is known as:

A) PEAP
B) MSCHAP
C) LEAP
D) CHAP

Answer

A

B) MSCHAP

Question 6

Q

Which of the acronyms listed below refers to a formal and legally binding document that specifies detailed terms, obligations, and responsibilities of all parties involved?

A) SOW
B) MOA
C) MSA
D) MOU

Question 7

Q

Which of the following answers refers to CSRF?

A) A cyberattack in which an attacker intercepts and maliciously retransmits data or authentication requests to gain unauthorized access or impersonate a legitimate user or system

B) A type of malicious attack where unauthorized commands are transmitted from a user’s browser to a web application without their knowledge or consent, often leading to actions being taken on their behalf

C) A security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to data theft or manipulation

D) A type of cyberattack where malicious code is injected into a web application’s input fields to manipulate the database and gain unauthorized access to data or perform malicious actions

Answer

A

B) A type of malicious attack where unauthorized commands are transmitted from a user’s browser to a web application without their knowledge or consent, often leading to actions being taken on their behalf

Question 8

Q

ARP provides:

A) IP-to-FQDN mapping
B) MAC-to-IP mapping
C) FQDN-to-IP mapping
D) IP-to-MAC mapping

Answer

A

D) IP-to-MAC mapping

Question 9

Q

A set of procedures put in place to recover IT systems and data following a major disruption is called:

A) DRP
B) BIA
C) SLE
D) BCP

Question 10

Q

Which of the answers listed below refers to a network protocol used for synchronizing clocks over a computer network?

A) NTP
B) VTP
C) NNTP
D) RTP

Question 11

Q

An integrated circuit combining components typically found in a standard computer system is referred to as:

A) HSM
B) TPM
C) SoC
D) BIOS

Question 12

Q

Which of the answers listed below refers to a protocol used by routers, hosts, and network devices to generate error messages and troubleshoot problems with delivery of IP packets?

A) CCMP
B) RSTP
C) ICMP
D) SNMP

Question 13

Q

Which of the following acronyms refers to a document that authorizes, initiates, and tracks the progress and completion of a particular job or task?

A) SOW
B) WO
C) SLA
D) MSA

Question 14

Q

Which of the following terms refer to the characteristic features of DSL? (Select 3 answers)

A) Leased lines

B) Copper cabling

C) Telephone lines

D) Fiber-optic cabling

E) Last mile solutions

F) WAN links

Answer

A

A) Leased lines

B) Copper cabling

E) Last mile solutions

Question 15

Q

A type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs is known as:

A) RA
B) IKE
C) CA
D) CSP

Question 16

Q

Which of the answers listed below refers to a mobile device deployment model that allows employees to use private mobile devices for accessing company’s restricted data and applications?

A) COPE
B) BYOD
C) JBOD
D) CYOD

Question 17

Q

What is the name of a U.S. government initiative providing a set of procedures and plans that an organization can implement to ensure continued performance of its essential functions during unexpected events?

A) SLA
B) COOP
C) RPO
D) BCP

Question 18

Q

Which of the following answers refers to a policy framework that allows domain owners to specify how email receivers should handle emails that fail authentication checks?

A) DKIM
B) SPF
C) PGP
D) DMARC

Question 19

Q

Which of the answers listed below refers to a deprecated wireless authentication protocol developed by Cisco?

A) PEAP
B) EAP-TTLS
C) LEAP
D) EAP-TLS

Question 20

Q

A cloud-based solution that provides ongoing oversight and supervision of IT assets and services is called:

A) PaaS
B) IaaS
C) SaaS
D) MaaS

Question 21

Q

Which of the following terms is used to describe all aspects of software development?

A) PLC
B) SDLC
C) QA
D) SDLM

Question 22

Q

Which of the answers listed below refers to a markup language for exchanging authentication and authorization data?

A) SAML
B) XML
C) SOAP
D) XHTML

Question 23

Q

What are the characteristic features of SAML? (Select 3 answers)

A) Enables only the exchange of SSO authorization data

B) Handles both authentication and authorization for SSO

C) Uses XML for data exchange

D) Commonly used in enterprise environments and legacy systems

E) Enables only the exchange of SSO authentication data

F) Uses JSON for data exchange

G) Specifically designed for web and mobile applications

Answer

A

B) Handles both authentication and authorization for SSO

C) Uses XML for data exchange

D) Commonly used in enterprise environments and legacy systems

Question 24

Q

Which DNS TXT records are used for spam management? (Select 3 answers)

A) SPF

B) DKIM

C) SRV

D) DMARC

E) PTR

Answer

A

A) SPF

B) DKIM

D) DMARC

Question 25

Q

Which of the following terms can be used as a synonym for an aerial drone?

A) UGV
B) UAV
C) USV
D) UAP

Question 26

Q

A software development approach that aims for speedy application creation and continuous improvement through iterative development and user collaboration is referred to as:

A) FDD
B) DevOps
C) RAD
D) SaaS

Question 27

Q

Which of the protocols listed below is referred to as a connectionless, unreliable, or best-effort protocol?

A) MPLS
B) TCP
C) SMTP
D) UDP

Question 28

Q

Which of the following answers refers to a software tool that provides a single management interface for mobile devices, PCs, printers, IoT devices and wearables?

A) MDM
B) RCS
C) UEM
D) MAM

Question 29

Q

Which of the answers listed below refers to a technology that allows USB devices to act as both hosts and peripherals, enabling them to connect to and communicate with other USB devices directly without the need for a computer or dedicated host?

A) PnP
B) OTG
C) P2P
D) HCI

Question 30

Q

A messaging service that allows users to send content such as images, videos, and audio along with text messages to mobile devices is known as:

A) MMS
B) IRC
C) IM
D) SMS

Question 31

Q

Which of the following answers refers to a security policy enforcement software tool or service placed between cloud service users and cloud applications?

A) UTM
B) CASB
C) NGFW
D) DMVPN

Question 32

Q

What is a common target of XSS?

A) Physical security
B) Alternate sites
C) Dynamic web pages
D) Removable storage

Answer

A

C) Dynamic web pages

Question 33

Q

Which of the answers listed below refers to a set of procedures put in place to recover IT systems and data following a major disruption?

A) BCP
B) DRP
C) IRP
D) ERP

Question 34

Q

A technology that enables real-time analysis of security alerts generated by network hardware and applications is called:

A) LACP
B) DSCP
C) SIEM
D) LWAPP

Question 35

Q

Which of the following acronyms refers to a senior executive responsible for technology-related decision-making and planning?

A) CIO
B) CEO
C) CTO
D) CSO

Brainscape's Knowledge GenomeTM

CompTIA Security+ Quiz 7 Flashcards

Brainscape's Knowledge Genome^TM