CompTIA Security+ Quiz 7 Flashcards
What is the fastest way for checking the validity of a digital certificate?
A) CRL
B) OSPF
C) CSR
D) OCSP
D) OCSP
Which of the terms listed below refers to a process of intercepting network traffic data for analysis and troubleshooting purposes?
A) AIS
B) PCAP
C) EDR
D) MaaS
B) PCAP
In a Kerberos-protected network, this type of secure token is granted to users during their initial login to enable them access to multiple network services without the need to re-enter their login information.
A) OTP
B) TGT
C) AS
D) TGS
B) TGT
Which of the following answers refers to a language primarily used for automating the assessment of security vulnerabilities and configuration issues on computer systems?
A) OVAL
B) SAML
C) XML
D) SOAP
A) OVAL
A remote access authentication protocol used primarily in Microsoft networks that periodically re-authenticates client at random intervals to prevent session hijacking is known as:
A) PEAP
B) MSCHAP
C) LEAP
D) CHAP
B) MSCHAP
Which of the acronyms listed below refers to a formal and legally binding document that specifies detailed terms, obligations, and responsibilities of all parties involved?
A) SOW
B) MOA
C) MSA
D) MOU
B) MOA
Which of the following answers refers to CSRF?
A) A cyberattack in which an attacker intercepts and maliciously retransmits data or authentication requests to gain unauthorized access or impersonate a legitimate user or system
B) A type of malicious attack where unauthorized commands are transmitted from a user’s browser to a web application without their knowledge or consent, often leading to actions being taken on their behalf
C) A security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to data theft or manipulation
D) A type of cyberattack where malicious code is injected into a web application’s input fields to manipulate the database and gain unauthorized access to data or perform malicious actions
B) A type of malicious attack where unauthorized commands are transmitted from a user’s browser to a web application without their knowledge or consent, often leading to actions being taken on their behalf
ARP provides:
A) IP-to-FQDN mapping
B) MAC-to-IP mapping
C) FQDN-to-IP mapping
D) IP-to-MAC mapping
D) IP-to-MAC mapping
A set of procedures put in place to recover IT systems and data following a major disruption is called:
A) DRP
B) BIA
C) SLE
D) BCP
A) DRP
Which of the answers listed below refers to a network protocol used for synchronizing clocks over a computer network?
A) NTP
B) VTP
C) NNTP
D) RTP
A) NTP
An integrated circuit combining components typically found in a standard computer system is referred to as:
A) HSM
B) TPM
C) SoC
D) BIOS
C) SoC
Which of the answers listed below refers to a protocol used by routers, hosts, and network devices to generate error messages and troubleshoot problems with delivery of IP packets?
A) CCMP
B) RSTP
C) ICMP
D) SNMP
C) ICMP
Which of the following acronyms refers to a document that authorizes, initiates, and tracks the progress and completion of a particular job or task?
A) SOW
B) WO
C) SLA
D) MSA
B) WO
Which of the following terms refer to the characteristic features of DSL? (Select 3 answers)
A) Leased lines
B) Copper cabling
C) Telephone lines
D) Fiber-optic cabling
E) Last mile solutions
F) WAN links
A) Leased lines
B) Copper cabling
E) Last mile solutions
A type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs is known as:
A) RA
B) IKE
C) CA
D) CSP
C) CA
Which of the answers listed below refers to a mobile device deployment model that allows employees to use private mobile devices for accessing company’s restricted data and applications?
A) COPE
B) BYOD
C) JBOD
D) CYOD
B) BYOD
What is the name of a U.S. government initiative providing a set of procedures and plans that an organization can implement to ensure continued performance of its essential functions during unexpected events?
A) SLA
B) COOP
C) RPO
D) BCP
B) COOP
Which of the following answers refers to a policy framework that allows domain owners to specify how email receivers should handle emails that fail authentication checks?
A) DKIM
B) SPF
C) PGP
D) DMARC
D) DMARC
Which of the answers listed below refers to a deprecated wireless authentication protocol developed by Cisco?
A) PEAP
B) EAP-TTLS
C) LEAP
D) EAP-TLS
C) LEAP
A cloud-based solution that provides ongoing oversight and supervision of IT assets and services is called:
A) PaaS
B) IaaS
C) SaaS
D) MaaS
D) MaaS
Which of the following terms is used to describe all aspects of software development?
A) PLC
B) SDLC
C) QA
D) SDLM
D) SDLM
Which of the answers listed below refers to a markup language for exchanging authentication and authorization data?
A) SAML
B) XML
C) SOAP
D) XHTML
A) SAML
What are the characteristic features of SAML? (Select 3 answers)
A) Enables only the exchange of SSO authorization data
B) Handles both authentication and authorization for SSO
C) Uses XML for data exchange
D) Commonly used in enterprise environments and legacy systems
E) Enables only the exchange of SSO authentication data
F) Uses JSON for data exchange
G) Specifically designed for web and mobile applications
B) Handles both authentication and authorization for SSO
C) Uses XML for data exchange
D) Commonly used in enterprise environments and legacy systems
Which DNS TXT records are used for spam management? (Select 3 answers)
A) SPF
B) DKIM
C) SRV
D) DMARC
E) PTR
A) SPF
B) DKIM
D) DMARC
Which of the following terms can be used as a synonym for an aerial drone?
A) UGV
B) UAV
C) USV
D) UAP
B) UAV
A software development approach that aims for speedy application creation and continuous improvement through iterative development and user collaboration is referred to as:
A) FDD
B) DevOps
C) RAD
D) SaaS
C) RAD
Which of the protocols listed below is referred to as a connectionless, unreliable, or best-effort protocol?
A) MPLS
B) TCP
C) SMTP
D) UDP
D) UDP
Which of the following answers refers to a software tool that provides a single management interface for mobile devices, PCs, printers, IoT devices and wearables?
A) MDM
B) RCS
C) UEM
D) MAM
C) UEM
Which of the answers listed below refers to a technology that allows USB devices to act as both hosts and peripherals, enabling them to connect to and communicate with other USB devices directly without the need for a computer or dedicated host?
A) PnP
B) OTG
C) P2P
D) HCI
B) OTG
A messaging service that allows users to send content such as images, videos, and audio along with text messages to mobile devices is known as:
A) MMS
B) IRC
C) IM
D) SMS
A) MMS
Which of the following answers refers to a security policy enforcement software tool or service placed between cloud service users and cloud applications?
A) UTM
B) CASB
C) NGFW
D) DMVPN
B) CASB
What is a common target of XSS?
A) Physical security
B) Alternate sites
C) Dynamic web pages
D) Removable storage
C) Dynamic web pages
Which of the answers listed below refers to a set of procedures put in place to recover IT systems and data following a major disruption?
A) BCP
B) DRP
C) IRP
D) ERP
B) DRP
A technology that enables real-time analysis of security alerts generated by network hardware and applications is called:
A) LACP
B) DSCP
C) SIEM
D) LWAPP
C) SIEM
Which of the following acronyms refers to a senior executive responsible for technology-related decision-making and planning?
A) CIO
B) CEO
C) CTO
D) CSO
C) CTO
