Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA security+ 701 > Exam8 > Flashcards

Exam8 Flashcards

1
Q

Which of the following terms describes the process of identifying differences between an organization’s current security posture and its desired security posture?

A

A. Tabletop exercise
B. Gap analysis
C. Security awareness training
D. Risk assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The term “Zero Trust security” refers to a cybersecurity model that eliminates implicit trust from networks and requires all users and devices to be continuously verified before being granted access to resources. The implementation of the Zero Trust security involves two distinct components: a Data Plane, responsible for defining and managing security policies, and a Control Plane, responsible for enforcing the security policies established by the Data Plane.

A

True
False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the answers listed below refers to a Zero Trust Control Plane security approach that takes into account user identity, device security, network conditions, and other contextual information to enable dynamic access decisions?

A

A. Implicit trust
B. Monitoring and logging
C. Adaptive identity
D. Microsegmentation

Adaptive identity in security can improve security and user experience by reducing friction for legitimate users. For example, if a user is shopping online and logs in to their preferred shopping app, adaptive authentication may only ask for their password because it knows they’re on their usual device and network. However, if they add a pricey item to their cart, it may prompt for a fingerprint scan or phone code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the key components of the Zero Trust Control Plane’s Policy Decision Point (PDP)? (Select 2 answers)

A

A. Policy Engine (PE)
B. Monitoring and logging
C. Policy Enforcement Point (PEP)
D. Microsegmentation
E. Policy Administrator (PA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In the Zero Trust security architecture, the Policy Enforcement Point (PEP) is a Data Plane component that enforces the security policies defined at the Control Plane by the Policy Decision Point (PDP).

A

True
False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An access control vestibule (a.k.a. mantrap) is a physical security access control system used to prevent unauthorized users from gaining access to restricted areas. An example mantrap could be a two-door entrance point connected to a guard station wherein a person entering from the outside remains locked inside until he/she provides authentication token required to unlock the inner door.

A

True
False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following statements about honeypots are true? (Select 2 answers)

A

A. Honeypots are always part of a honeynet
B. Honeypots mimic real systems to attract cyber attackers
C. Honeypots are a type of anti-malware solution
D. Honeypots contain apparent vulnerabilities that are closely monitored by a security team
E.Honeypots are used to launch attacks on cyber attackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a honeynet in the context of cybersecurity?

A

A. A network of IDSs
B. A network of honeypots
C. A network of infected hosts
D. A network of IPSs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the answers listed below refers to a honeynet example?

A

A. A network of fake websites
B. A network of fake servers
C. A network of fake databases
D. A network of fake file shares
E. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A honeyfile can be any type of file (e.g., a document, email message, image, or video file) containing real user data intentionally placed within a network or system to attract potential attackers or unauthorized users.

A

True
False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A honeyfile can be used for:

A

A. Attracting cyber attackers
B. Triggering alerts when accessed
C. Monitoring network activity
D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a honeytoken?

A

A. A decoy file that is designed to attract attackers
B. A unique identifier assigned to a honeyfile
C. A decoy system that is designed to lure potential attackers
D. A unique identifier that is designed to track attackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following should not be used as honeytokens? (Select all that apply)

A

A. Active user account credentials
B. Database entries mimicking real data
C. Actual URLs to live websites or resources
D. Dummy server logs with enticing information
E. Fake identifiers, including usernames, passwords, email addresses, and IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A process used by organizations to assess and evaluate the potential impact of disruptive incidents or disasters on their critical business functions and operations is referred to as:

A

A. BPA
B. BIA
C. SLE
D.BCP

Business Impact Analysis (BIA) has emerged as a crucial tool in understanding the potential impacts of disruptions and guiding business continuity efforts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates is known as:

A

A. PKI
B. RA
C. PKCS
D. CA

Public Key Infrastructure (PKI) is a system of technologies, policies, and practices that protects data by encrypting it and authenticating digital communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the answers listed below best describes the characteristics of a public-private key pair?

A

A. Both keys are examples of a symmetrical key
B. Two keys that are identical
C. A pair of keys where one is used for encryption and the other for decryption
D. Both keys are examples of a shared key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the typical use of a public key?

A

A. Data encryption
B. Data decryption
C. User/device authentication
D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Key escrow is a cryptographic technique that enables storing copies of encryption keys with a trusted third party. A Recovery Agent (RA) is a trusted third party (an individual, entity, or system) who is authorized to assist in the retrieval of encryption keys and data on behalf of the data owner. Key escrow and RA are both used to ensure that encrypted data can be decrypted even if the data owner loses access to their encryption key. Since key escrow and RAs are both components of a single security solution, the only way to implement key escrow systems is with the use of RAs.

A

True
False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following answers refers to a data storage device equipped with hardware-level encryption functionality?

A

A. HSM
B. TPM
C. EFS
D. SED

Self-Encrypting Drives (SED) are a type of hard drive with built-in encryption and decryption capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the answers listed below refers to software technology designed to provide confidentiality for an entire data storage device?

A

A. TPM
B. FDE
C. EFS
D.HSM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

An MS Windows component that enables encryption of individual files is called:

A

A. SED
B. EFS
C. BitLocker
D. FDE

22
Q

Which of the following software application tools are specifically designed for implementing encryption algorithms to secure data communication and storage? (Select 2 answers)

A

A. VPN
B. GPG
C. SSH
D IPsec
E. PGP

The GPG Project provides the tools and libraries to allows users to interface with a GUI or command line to integrate encryption with emails and operating systems like Linux. GPG can open and decrypt files encrypted by PGP or Open PGP, meaning it works well with other products.

PGP (Pretty Good Privacy) is a security program that uses cryptography to encrypt and decrypt messages and files, and to digitally sign and verify documents. PGP is a standard method for organizations to secure email communication

23
Q

What is the name of a network protocol that secures web traffic via SSL/TLS encryption?

A

A. SFTP
B. HTTPS
C. FTPS
D. SNMP

24
Q

Which of the answers listed below refers to a deprecated TLS-based method for secure transmission of email messages?

A

A. S/MIME
B. STARTTLS
C. DKIM
D. SMTPS

25
Q

Which of the following answers refers to an obsolete protocol used for secure data transfer over the web?

A

A. SMTPS
B. SRTP
C. SHTTP
D. S/MIME

S-HTTP is a protocol for transmitting private documents over the internet. It ensures data security by encrypting the messages at the message level.

26
Q

The MIME specification extends the email message format beyond plain text, enabling the transfer of graphics, audio, and video files over the Internet mail system. S/MIME is an enhanced version of the MIME protocol that enables email security features by providing encryption, authentication, message integrity, and other related services.

A

True
False

27
Q

What is the name of a network protocol that enables secure file transfer over SSH?

A

A. TFTP
B. SFTP
C. Telnet
D. FTPS

28
Q

SFTP is an extension of the FTP protocol that adds support for SSL/TLS encryption.

A

True
False

Secure File Transfer Protocol (SFTP) is a secure method for transferring data over a network using encryption and authentication to protect data from unauthorized access

29
Q

A type of cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers is known as:

A

A. RDP
B. SSH
C. Telnet
D. SCP

The Secure Copy Protocol, or SCP, is a file transfer network protocol used to move files onto servers, and it fully supports encryption and authentication. SCP uses Secure Shell (SSH) mechanisms for data transfer and authentication to ensure the confidentiality of the data in transit.

30
Q

Which of the answers listed below refers to a suite of protocols and technologies providing encryption, authentication, and data integrity for network traffic?

A

A. TLS
B. SSH
C. IPsec
D. VPN

31
Q

Which part of IPsec provides authentication, integrity, and confidentiality?

A

A. SPD
B. PFS
C. AH
D. ESP

32
Q

A system that uses public network (such as the Internet) as a means for creating private encrypted connections between remote locations is referred to as:

A

A. WWAN
B. VPN
C. PAN
D. VLAN

A virtual private network (VPN) creates a private network overlay across an existing public network. VPNs use tunneling protocols that create encrypted connections between the network and client devices.

VLANs allow devices to be logically separated based on their purpose, department, or security needs. Network administrators can enhance network performance and security by grouping devices with similar tasks or security requirements into VLANs.

33
Q

Which protocol enables secure, real-time delivery of audio and video over an IP network?

A

A. S/MIME
B. RTP
C. SIP
D. SRTP

Secure Real-time Transport Protocol(STRP). An extension of Real-time Transport Protocol (RTP) that features enhanced security measures. The protocol provides encryption, confidentiality, message authentication, and replay protection to your transmitted audio and video traffic.

34
Q

An encryption protocol primarily used in Wi-Fi networks implementing the WPA2 security standard is called:

A

A. TKIP
B. CCMP
C. SSL
D.IPsec

Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.S. federal government’s Advanced Encryption Standard (AES) algorithm and uses the Counter Mode with CBC-MAC (CCM) mode of operation.

35
Q

A security protocol designed to improve the security of existing WEP implementations is known as:

A

A. WPA2
B. RC4
C. CCMP
D. TKIP

TKIP is a security protocol used in the IEEE 802.11 wireless networking standard. It was designed to provide more secure encryption than the earlier Wired Equivalent Privacy (WEP), without needing to replace existing hardware.

36
Q

Which of the following answers refer(s) to deprecated/insecure encryption protocols and cryptographic hash functions? (Select all that apply)

A

A. DES
B. AES-256
C. MD5
D. ECC
E. SHA-1
F. SSL
G. RC4

37
Q

Which cryptographic protocol is designed to provide secure communications over a computer network and is the successor to SSL?

A

A. IPsec
B. TLS
C. AES
D. CCMP

38
Q

Examples of techniques used for encrypting information include symmetric encryption (also called public-key encryption) and asymmetric encryption (also called secret-key encryption, or session-key encryption).

A

True
False

39
Q

In asymmetric encryption, any message encrypted with the use of a public key can only be decrypted by applying the same algorithm and a matching private key (and vice versa).

A

True
False

40
Q

Which of the algorithms listed below are not symmetric ciphers? (Select 3 answers)

A

A. AES
B. DES
C. DHE
D. ECC
E. IDEA
F. RC4
G. RSA

41
Q

Which of the following algorithms do(es) not fall into the category of asymmetric encryption? (Select all that apply)

A

A. AES
B. DES
C. DHE
D. ECC
E. IDEA
F. RC4
G. RSA

42
Q

The term “KEK” refers to a type of cryptographic key often used in key management systems to add an additional layer of security when encrypting and decrypting other cryptographic keys.

A

True
False

43
Q

Which of the answers listed below refers to a shared secret authentication method used in WPA, WPA2, and EAP?

A

A. PSK
B. 802.1X
C. SAE
D. TKIP

44
Q

Which of the following answers refers to a protocol used to set up secure connections and exchange of cryptographic keys in IPsec VPNs?

A

A. SSL
B. IKE
C. ESP
D. DHE

45
Q

Which of the answers listed below refers to a key exchange protocol that generates temporary keys for each session, providing forward secrecy to protect past and future communications?

A

A. PFS
B. SHA
C. PGP
D. DHE

46
Q

Which of the following answers refers to a cryptographic key exchange protocol that leverages ECC for enhanced security and efficiency?

A

A. IKE
B. ECDHE
C. DHE
D. ECDSA

47
Q

Which of the answers listed below refers to a solution designed to strengthen the security of session keys?

A

A. ECB
B. PFS
C. EFS
D. PFX

48
Q

Which of the following answers refers to a public-key cryptosystem used for digital signatures, secure key exchange, and encryption?

A

A. ECC
B. RSA
C. PKI
D. DSA

49
Q

Which cryptographic solution would be best suited for low-power devices, such as IoT devices, embedded systems, and mobile devices?

A

A. ECC
B. DES
C. RSA
D. AES

50
Q

Which of the cryptographic algorithms listed below is the least vulnerable to attacks?

A

A. AES
B. DES
C. RC4
C. 3DES

CompTIA security+ 701 (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions