Practice Exam 1 Flashcards
CompTIA Security+ Review Guide: Exam SY0-501.
What is the central feature of asymmetric public-key cryptography?
A. It is performed in only one direction.
B. The same key that locks can be used to unlock.
C. It is useful for bulk encryption.
D. It has public key–private key pairs.
D. It has public key–private key pairs.
Asymmetric public key cryptography has a central feature of public key–private key pairs. Asymmetric public key cryptography is reversible (unlike hashing), and the alternate key must be used to unlock (unlike symmetric). In addition, asymmetric public key cryptography is suited only for small amounts of data (unlike symmetric).
When TLS is being used to secure web communications, what URL prefix appears in the address bar to signal this fact?
A. SHTTP://
B. TLS://
C. SECURE://
D. HTTPS://
D. HTTPS://
HTTPS:// is the correct prefix for the use of HTTP (Hypertext Transfer Protocol) over TLS (Transport Layer Security). This is the same prefix as HTTP over SSL (Secure Sockets Layer). SHTTP:// is for Secure HTTP, which is a different technology. TLS:// and SECURE:// are invalid prefixes.
When users are placed into named collectives, then through the collectives are assigned access to resources, what is this known as?
A. DAC
B. Group management
C. Role-based access control
D. Account maintenance
B. Group management
Group management or group-based privileges assigns a privilege or access to a resource to all members of a group as a collective. Group-based access control grants every member of the group the same level of access to a specific object.
Which of the following is not a desired feature set of a vulnerability scanner?
A. Intrusive or nonintrusive
B. Credentialed or noncredentialed
C. Active or passive
D. False positive or false negative
D. False positive or false negative
A false positive occurs when an alarm or alert is triggered by benign or normal events. The problem with false positives is that they cause security administrators to waste time investigating nonmalicious events. Whereas a false positive is an alarm without a malicious event, a false negative is a malicious event without an alarm. When false negatives occur, it is assumed that only benign events are occurring; however, malicious activities are actually taking place.
Availability is threatened by what form of attack?
A. Smurf
B. Port scanning
C. Eavesdropping
D. Password cracking
A. Smurf
Smurf, a form of denial-of-service attack, threatens or compromises availability. Port scanning and eavesdropping threaten confidentiality. Password cracking threatens authentication.
An organization is concerned that boot malware may infect its systems. What new technology is available on some motherboards that can reduce this risk?
A. SED
B. TPM
C. BIOS
D. UEFI
D. UEFI
A replacement or improvement to BIOS is Unified Extensible Firmware Interface (UEFI). UEFI provides support for all of the same functions as that of BIOS with many improvements, such as support for larger hard drives (especially for booting), faster boot times, enhanced security features, and even the ability to use a mouse when making system changes. Secure boot is a feature of UEFI that aims to protect the operating environment of the local system by preventing the loading or installing of device drivers or an operating system that is not signed by a preapproved digital certificate. Secure boot thus protects systems against a range of low-level or boot-level malware, such as certain rootkits and backdoors.
RADIUS can be used to provide an additional layer of security for the network against __________.
A. Buffer overflow exploits
B. DoS attacks
C. Virus infections
D. Remote users
D. Remote users
RADIUS (Remote Authentication Dial-In User Service) can be used to provide an additional layer of security for the network against remote users. RADIUS doesn’t provide protection against buffer overflow exploits, DoS (denial-of-service) attacks, or virus infections.
Diffie-Hellman is what type of cryptographic system?
A. Asymmetric
B. Symmetric
C. Hashing
D. Certificate authority
A. Asymmetric
Diffie-Hellman is an asymmetric cryptographic system. The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are examples of symmetric cryptography. Message Digest 5 (MD5) and Secure Hash Algorithm version 1 (SHA-1) are examples of hashing. Certificate authorities issue certificates based on an implemented Public Key Infrastructure (PKI) solution.
What is the default service port of SFTP?
A. 21
B. 22
C. 23
D. 25
B. 22
TCP port 22 is the default service port of SFTP (SSH FTP/Secure FTP). TCP port 21 is used by plain-text FTP, 23 by telnet, and 25 by SMTP.
To provide a level of fault tolerance in encryption and certificate systems, which of the following can be used to recover keys in the event of a key or certificate corruption?
A. Escrow
B. Honeypot
C. IDS
D. VLAN
A. Escrow
Escrow provides fault tolerance for encryption and certificate systems to recover keys in the event of a key or certificate corruption. Honeypots, intrusion detection systems (IDSs), and virtual large area networks (VLANs) aren’t associated with certificates or cryptography.
When an investigator discovers a hard drive that might contain evidence related to a criminal investigation, what is used to create an exact duplicate of that storage device?
A. Hashing
B. Bitstream image
C. Undelete
D. Graceful shutdown
B. Bitstream image
A bitstream image is a process used to make an exact hash-matching copy of a storage device. Hashing itself does not create the copy; it can only be used to verify the copy as an exact duplicate. Undelete is not a backup tool but a potential recovery tool. Graceful shutdown is never part of a forensic investigation since software on the suspect’s system cannot be trusted.
_________________ is the process of adding new employees to the identity and access management (IAM) of an organization. This process is also used when the role or position of an employee changes or when an employee is awarded additional levels of privilege or access.
A. Reissue
B. Onboarding
C. Background checks
D. Site survey
B. Onboarding
Onboarding is the process of adding new employees to the IAM of an organization. This process is also used when the role or position of an employee changes or an employee is awarded additional levels of privilege or access.
Which of the following is a formal declaration of the security stance, risks, and technical requirements of a link between two organizations’ IT infrastructures?
A. MOU
B. SLA
C. ISA
D. BPA
C. ISA
An ISA (Interconnection Security Agreement) is a formal declaration of the security stance, risks, and technical requirements of a link between two organizations’ IT infrastructures.
___________________ are devices or applications that generate passwords at fixed time intervals, such as every 60 seconds.
A. Certificates
B. TOTP
C. TPM
D. Trusted OS
B. TOTP
TOTP (Time-based One-time Password) tokens or synchronous dynamic password tokens are devices or applications that generate passwords at fixed time intervals, such as every 60 seconds.
The best countermeasure against email spam is __________.
A. Acceptable use policies
B. Filters
C. Blocking attachments at network borders
D. Spoofing email addresses
B. Filters
Email filters are the best countermeasure against email spam. Acceptable use policies and blocking attachments don’t address email spam issues even though they’re valid security measures against other email problems. Spoofing email addresses isn’t a security solution; it’s a form of attack.
Which of the following is an example of a Type 2 authentication factor?
A. Something you have, such as a smartcard, an ATM card, a token device, or a memory card
B. Something you are, such as fingerprints, voice print, retina pattern, iris pattern, face shape, palm topology, or hand geometry
C. Something you do, such as type a passphrase, sign your name, or speak a sentence
D. Something you know, such as a password, personal identification number (PIN), lock combination, passphrase, mother’s maiden name, or favorite color
A. Something you have, such as a smartcard, an ATM card, a token device, or a memory card
A Type 2 authentication factor is something you have. This could be a smartcard, an ATM card, a token device, or a memory card.
A switch can be used to prevent broadcast storms between connected systems through the use of what?
A. SSL
B. S/MIME
C. VLANs
D. LDAP
C. VLANs
Switches can create VLANs. Broadcast storms aren’t transmitted between one VLAN and another.
What form of authentication periodically reauthenticates the client?
A. Kerberos
B. PAP
C. Certificates
D. CHAP
D. CHAP
CHAP (Challenge Handshake Authentication Protocol) periodically reauthenticates the client. Kerberos, PAP (Password Authentication Protocol), and certificates aren’t designed to periodically reauthenticate the client.
What type of virus is able to regenerate itself if a single element of its infection is not removed from a compromised system?
A. Polymorphic
B. Armored
C. Retro
D. Phage
D. Phage
A phage virus is able to regenerate itself from any of its remaining parts.
What is the term used to describe the alarm sounded by an IDS (intrusion detection system) based on events it sees in live network traffic that are different from established parameters but which turn out to be benign?
A. True positive
B. False positive
C. True negative
D. False negative
B. False positive
A false positive is when an alarm sounds based on benign events. A true positive is an alarm based on malicious events. A true negative is no alarm, due to benign events. A false negative is no alarm when there are malicious events occurring.
A smartcard is an example of what type of authentication factor?
A. “Something you have”
B. “Something you are”
C. “Something you know”
D. “Something you do”
A. “Something you have”
A smartcard is an example of a “something you have” authentication factor. A biometric is something you are, a password is something you know, and your signature is something you do.
Which of the following can make or break security for an environment?
A. Failing to apply a recent software patch
B. Using guard dogs instead of security guards
C. Not reviewing the audit trails of client systems
D. Lack of physical access control
D. Lack of physical access control
Without physical access control, there is no security. An environment’s security can be maintained in spite of poor management, such as not applying software patches, using the wrong protection solution, or not reviewing all audit trails.
What form of attack prevents a server from responding to legitimate requests for resources?
A. Backdoor
B. Impersonation
C. Replay
D. Denial-of-service
D. Denial-of-service
A denial-of-service (DoS) attack prevents a server from responding to legitimate requests for resources. A backdoor attack gives intruders the ability to bypass security to gain access to a system. Impersonation is when someone assumes the identity of another user. Replay attacks occur when authentication traffic is captured and retransmitted.
PPTP can use all but which of the following authentication protocols?
A. AH
B. PAP
C. CHAP
D. EAP
A. AH
AH (Authentication Header) is an authentication protocol of IPSec, not PPTP (Point-to-Point Tunneling Protocol). PPTP can use PAP (Password Authentication Protocol), CHAP (Challenge Handshake Authentication Protocol), or EAP (Extensible Authentication Protocol).
What is a distinctive benefit in deploying an application-aware device as compared to a generic firewall appliance?
A. Traffic filtering
B. NAT services
C. Deep packet inspection
D. Network segmentation
C. Deep packet inspection
Often application-aware devices are able to provide deep content inspection and filtering based on their focus on a specific applications and protocols. This is a distinct benefit compared to a generic firewall appliance. Both devices can provide traffic filtering, NAT services, and network segmentation.
What is an important feature of symmetric cryptography?
A. It operates slowly.
B. It is scalable.
C. It uses a shared secret key.
D. It protects integrity.
C. It uses a shared secret key.
An important feature of symmetric cryptography is the shared secret key. Symmetric cryptography is fast, isn’t scalable by itself, and protects confidentiality.
Which of the following options is the most secured version of wireless configuration?
A. OSA
B. WEP
C. WPA
D. CCMP
D. CCMP
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is a variant of the Advanced Encryption Standard (AES) and the encryption scheme used in WPA2 (WiFi Protected Access 2). Open System Authentication (OSA) offers no security, WEP (Wired Equivalent Privacy) encryption is crackable in less than 60 seconds, and WPA encryption is crackable in hours.
Which of the following is a denial-of-service attack that uses network packets that have been spoofed so that the source and destination address are that of the victim?
A. Land
B. Teardrop
C. Smurf
D. Fraggle
A. Land
A land DoS attack uses network packets that have been spoofed so that the source and destination address are that of the victim. A teardrop attack uses fragmented IP packets. Smurf and Fraggle attacks use spoofed ICMP and UDP packets, respectively, against an amplification network.
Which of the following depends on ephemeral keys?
A. Digital certificates
B. Perfect forward secrecy
C. Whole-drive encryption
D. Integrity protection
B. Perfect forward secrecy
Perfect forward secrecy is a means of ensuring that the compromise of an entity’s digital certificates or public/private key pairs does not compromise the security of any session keys. Perfect forward secrecy is implemented by using ephemeral keys for each and every session, generated at the time of need, and then only using for a specific period of time or volume of data transfer before being discarded and replaced.
What is the purpose of BYOD policies mandating storage segmentation?
A. Lock the device when the user fails to provide proper credentials after repeated attempts.
B. Enable all data and possibly even configuration settings to be deleted from a device remotely.
C. Isolate the device’s operating system and preinstalled apps from user-installed apps and user data.
D. Oversee the installed apps, app usage, stored data, and data access on a device.
C. Isolate the device’s operating system and preinstalled apps from user-installed apps and user data.
Storage segmentation is used to artificially compartmentalize various types or values of data on a storage medium. On a mobile device, the device manufacturer and/or the service provider may use storage segmentation to isolate the device’s operating system and preinstalled apps from user-installed apps and user data.
What network device can be used to create and manage virtual LANs?
A. Switch
B. Router
C. Firewall
D. Proxy
A. Switch
A switch can be used to create and manage virtual large area networks (VLANs). Routers, firewalls, and proxies don’t support VLANs.
The communications concept of PPP provides three authentication services, which includes PAP and EAP. What is the third option?
A. Smartcard
B. CHAP
C. TLS
D. Mutual
B. CHAP
PPP supports PAP, CHAP, and EAP authentication systems. Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol used over a wide range of Point-to-Point Protocol (PPP) connections (including dial-up, ISDN, DSL, and cable) as a means to provide a secure transport mechanism for logon credentials.
Which of the following is the biggest issue related to data and resources stored or hosted in a cloud computing solution?
A. Reducing local hardware requirements
B. Allowing for real-time backups
C. Whether or not it is actually securable
D. Enabling anywhere access
C. Whether or not it is actually securable
There are serious concerns regarding whether or not cloud computer is secure or even securable. Reducing local hardware requirements, allowing for real-time backups, and enabling anywhere access are less critical concerns than security.