Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA CASP+ > Host Security > Flashcards

Host Security Flashcards

1
Q 
By default, what is at the end of every ACL? 
A. A stateful inspection checkpoint 
B. An implicit allow statement 
C. A command that checks for ICMP 
D. An implicit deny all statement
A

D. By default, there is an implicit deny all clause at the end of every ACL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
Extended ACLs cannot check for which of the following? 
A. Protocol 
B. Port number 
C. Response value 
D. Precedence value
A

C. Extended ACLs can check for protocols, port numbers, Differentiated Services Code Point (DSCP) values, precedence values, and the state of the synchronize sequence number (SYN) bit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
Extended ACLs can process all of the following, except \_\_\_\_\_\_\_\_\_\_\_\_\_\_. 
A. SSL 
B. ICMP 
C. TCP 
D. UDP
A

A. Extended ACLs can process IP, ICMP, TCP, and UDP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
A NIDS can do which of the following with encrypted email network traffic? 
A. Nothing 
B. Scan for viruses 
C. Alert if malicious 
D. Full content inspection
A

A. An NIDS cannot scan the contents of encrypted email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
One item of importance to the CASP+ is trusted operating systems. Several standards have been developed to measure trust in an operating system. One such standard is TCSEC. TCSEC mandatory protection can be defined as \_\_\_\_\_\_\_\_\_\_\_\_\_\_. 
A. Category A 
B. Category B 
C. Category C 
D. Category D
A

B. Category B is mandatory protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
ITSEC has how many assurance levels? 
A. 5 
B. 7 
C. 9 
D. 11
A

B. ITSEC has seven assurance levels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

EAL 3 is equal to which of the following?
A. Semi-formally designed and tested
B. Methodically checked and tested
C. Functionally tested
D. Methodically designed, tested, and reviewed

A

B. EAL 3 is equal to methodically checked and tested.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
The Bell-LaPadula model is based on which of the following? 
A. Availability 
B. Integrity 
C. Confidentiality 
D. Security
A

C. The Bell–LaPadula model is confidentiality-based.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The Biba model is based on which of the following? A. Availability
B. Integrity
C. Confidentiality
D. Security

A

B. The Biba model is integrity-based.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
Which was the first security model designed for commercial usage? 
A. Bell-LaPadula 
B. Brewer and Nash 
C. Clark-Wilson 
D. Biba
A

C. The Clark–Wilson model was the first designed for commercial usage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
Which model was designed to prevent conflicts of interest? 
A. Bell-LaPadula 
B. Brewer and Nash 
C. Clark-Wilson 
D. Biba
A

B. The Brewer and Nash model was designed to prevent conflicts of interest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q 
Which approach to network security might disable autorun and remove CD drives? 
A. Vector-oriented security 
B. Information-centric 
C. Protective areas 
D. Protective enclaves
A

A. Vector-oriented security focuses on common vectors used to launch an attack. These can include disabling Autorun on USB drives, disabling USB ports, and removing CD/DVD burners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The concept that users should have only the access needed is known as which of the following? A. Need to know
B. Defense in depth
C. The principle of least privilege
D. Deny all

A

C. The principle of least privilege is based on the concept that users should have only the access needed and nothing more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q 
A mobile user calls you from the road and informs you that his laptop is acting strangely. He reports that there were no problems until he downloaded a weather program, and he is now getting pop-ups and other redirects from a site that he had never visited before. Which of the following terms describes a program that enters a system disguised in another program? 
A. Trojan horse virus 
B. Polymorphic virus 
C. Worm 
D. Spyware
A

D. Spyware may perform keylogging, redirect the user to unrequested websites, flood the user with pop-ups, or monitor their activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q 
Your system has been acting strangely since you downloaded a program that you thought was from a colleague. Upon examining the program and comparing it to the source on the vendor’s website, you discover that they are not the same size and have different MD5sum values. Which type of malware probably infected your system? 
A. Virus 
B. Trojan 
C. Worm 
D. Spyware
A

B. Trojans are programs that present themselves as something useful yet contain a malicious payload.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q 
Data diddling can best be categorized as which of the following? 
A. A type of virus 
B. The result of a keylogger 
C. Spam 
D. An incremental attack
A

D. Data diddling can best be categorized as an incremental attack.

17
Q 
Which of the following antivirus detection techniques looks for deviation from normal behavior of an application or service? 
A. Protocol analysis 
B. Heuristic 
C. Signature 
D. Anomaly
A

B. A heuristic antivirus detection technique looks for deviation of normal behavior of an application or service.

18
Q 
A user reports that her system is sending email after she opens a VBA script designed to run in Excel. Which type of attack is most likely under way? 
A. Program infector virus 
B. Boot record virus 
C. Macro virus 
D. Multipartite virus
A

C. Macro viruses target Microsoft Office programs such as Word documents and Excel spreadsheets.

19
Q 
Under Group Policy, the Local Policies node does not include which of the following? 
A. Audit policies 
B. Password policies 
C. User rights 
D. Security options
A

B. The local policy node does not include password policies. It is included under the account policy node.

20
Q 
Warning banners typically do not contain which of the following? 
A. Penalties for noncompliance 
B. What is considered proper usage 
C. What is considered improper usage 
D. Expectations of privacy
A

C. Warning banners should contain what is considered proper usage, expectations of privacy, and penalties for noncompliance.

21
Q 
An example of the system on a chip (SOC) is a \_\_\_\_\_\_\_\_\_\_\_\_\_\_. 
A. Raspberry Pi 
B. Arduino 
C. Blueberry Pi 
D. DVD player
A

B. A Raspberry Pi, with its processor, graphics processor, memory, and other components, is an example of a system on a chip.

22
Q

What are the four types of government classifications?
A. Public, internal, need to know, registered
B. Top secret, secret, confidential, unclassified
C. Public, secret, confidential, registered
D. Secret, compartment, restricted, need to know

A

B. The four classification levels used in government are Top Secret, Secret, Confidential, and Unclassified.

CompTIA CASP+ (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions