Practice Exam 1 Flashcards

Question 1

Q

What is the central feature of asymmetric public-key cryptography?

A. It is performed in only one direction.

B. The same key that locks can be used to unlock.

C. It is useful for bulk encryption.

D. It has public key–private key pairs.

Answer

A

D. It has public key–private key pairs.

Asymmetric public key cryptography has a central feature of public key–private key pairs. Asymmetric public key cryptography is reversible (unlike hashing), and the alternate key must be used to unlock (unlike symmetric). In addition, asymmetric public key cryptography is suited only for small amounts of data (unlike symmetric).

Question 2

Q

When TLS is being used to secure web communications, what URL prefix appears in the address bar to signal this fact?

A. SHTTP://

B. TLS://

C. SECURE://

D. HTTPS://

Answer

A

D. HTTPS://

HTTPS:// is the correct prefix for the use of HTTP (Hypertext Transfer Protocol) over TLS (Transport Layer Security). This is the same prefix as HTTP over SSL (Secure Sockets Layer). SHTTP:// is for Secure HTTP, which is a different technology. TLS:// and SECURE:// are invalid prefixes.

Question 3

Q

When users are placed into named collectives, then through the collectives are assigned access to resources, what is this known as?

A. DAC

B. Group management

C. Role-based access control

D. Account maintenance

Answer

A

B. Group management

Group management or group-based privileges assigns a privilege or access to a resource to all members of a group as a collective. Group-based access control grants every member of the group the same level of access to a specific object.

Question 4

Q

Which of the following is not a desired feature set of a vulnerability scanner?

A. Intrusive or nonintrusive

B. Credentialed or noncredentialed

C. Active or passive

D. False positive or false negative

Answer

A

D. False positive or false negative

A false positive occurs when an alarm or alert is triggered by benign or normal events. The problem with false positives is that they cause security administrators to waste time investigating nonmalicious events. Whereas a false positive is an alarm without a malicious event, a false negative is a malicious event without an alarm. When false negatives occur, it is assumed that only benign events are occurring; however, malicious activities are actually taking place.

Question 5

Q

Availability is threatened by what form of attack?

A. Smurf

B. Port scanning

C. Eavesdropping

D. Password cracking

Answer

A

A. Smurf

Smurf, a form of denial-of-service attack, threatens or compromises availability. Port scanning and eavesdropping threaten confidentiality. Password cracking threatens authentication.

Question 6

Q

An organization is concerned that boot malware may infect its systems. What new technology is available on some motherboards that can reduce this risk?

A. SED

B. TPM

C. BIOS

D. UEFI

Answer

A

D. UEFI

A replacement or improvement to BIOS is Unified Extensible Firmware Interface (UEFI). UEFI provides support for all of the same functions as that of BIOS with many improvements, such as support for larger hard drives (especially for booting), faster boot times, enhanced security features, and even the ability to use a mouse when making system changes. Secure boot is a feature of UEFI that aims to protect the operating environment of the local system by preventing the loading or installing of device drivers or an operating system that is not signed by a preapproved digital certificate. Secure boot thus protects systems against a range of low-level or boot-level malware, such as certain rootkits and backdoors.

Question 7

Q

RADIUS can be used to provide an additional layer of security for the network against __________.

A. Buffer overflow exploits

B. DoS attacks

C. Virus infections

D. Remote users

Answer

A

D. Remote users

RADIUS (Remote Authentication Dial-In User Service) can be used to provide an additional layer of security for the network against remote users. RADIUS doesn’t provide protection against buffer overflow exploits, DoS (denial-of-service) attacks, or virus infections.

Question 8

Q

Diffie-Hellman is what type of cryptographic system?

A. Asymmetric

B. Symmetric

C. Hashing

D. Certificate authority

Answer

A

A. Asymmetric

Diffie-Hellman is an asymmetric cryptographic system. The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are examples of symmetric cryptography. Message Digest 5 (MD5) and Secure Hash Algorithm version 1 (SHA-1) are examples of hashing. Certificate authorities issue certificates based on an implemented Public Key Infrastructure (PKI) solution.

Question 9

Q

What is the default service port of SFTP?

A. 21

B. 22

C. 23

D. 25

Answer

A

B. 22

TCP port 22 is the default service port of SFTP (SSH FTP/Secure FTP). TCP port 21 is used by plain-text FTP, 23 by telnet, and 25 by SMTP.

Question 10

Q

To provide a level of fault tolerance in encryption and certificate systems, which of the following can be used to recover keys in the event of a key or certificate corruption?

A. Escrow

B. Honeypot

C. IDS

D. VLAN

Answer

A

A. Escrow

Escrow provides fault tolerance for encryption and certificate systems to recover keys in the event of a key or certificate corruption. Honeypots, intrusion detection systems (IDSs), and virtual large area networks (VLANs) aren’t associated with certificates or cryptography.

Question 11

Q

When an investigator discovers a hard drive that might contain evidence related to a criminal investigation, what is used to create an exact duplicate of that storage device?

A. Hashing

B. Bitstream image

C. Undelete

D. Graceful shutdown

Answer

A

B. Bitstream image

A bitstream image is a process used to make an exact hash-matching copy of a storage device. Hashing itself does not create the copy; it can only be used to verify the copy as an exact duplicate. Undelete is not a backup tool but a potential recovery tool. Graceful shutdown is never part of a forensic investigation since software on the suspect’s system cannot be trusted.

Question 12

Q

_________________ is the process of adding new employees to the identity and access management (IAM) of an organization. This process is also used when the role or position of an employee changes or when an employee is awarded additional levels of privilege or access.

A. Reissue

B. Onboarding

C. Background checks

D. Site survey

Answer

A

B. Onboarding

Onboarding is the process of adding new employees to the IAM of an organization. This process is also used when the role or position of an employee changes or an employee is awarded additional levels of privilege or access.

Question 13

Q

Which of the following is a formal declaration of the security stance, risks, and technical requirements of a link between two organizations’ IT infrastructures?

A. MOU

B. SLA

C. ISA

D. BPA

Answer

A

C. ISA

An ISA (Interconnection Security Agreement) is a formal declaration of the security stance, risks, and technical requirements of a link between two organizations’ IT infrastructures.

Question 14

Q

___________________ are devices or applications that generate passwords at fixed time intervals, such as every 60 seconds.

A. Certificates

B. TOTP

C. TPM

D. Trusted OS

Answer

A

B. TOTP

TOTP (Time-based One-time Password) tokens or synchronous dynamic password tokens are devices or applications that generate passwords at fixed time intervals, such as every 60 seconds.

Question 15

Q

The best countermeasure against email spam is __________.

A. Acceptable use policies

B. Filters

C. Blocking attachments at network borders

D. Spoofing email addresses

Answer

A

B. Filters

Email filters are the best countermeasure against email spam. Acceptable use policies and blocking attachments don’t address email spam issues even though they’re valid security measures against other email problems. Spoofing email addresses isn’t a security solution; it’s a form of attack.

Question 16

Q

Which of the following is an example of a Type 2 authentication factor?

A. Something you have, such as a smartcard, an ATM card, a token device, or a memory card

B. Something you are, such as fingerprints, voice print, retina pattern, iris pattern, face shape, palm topology, or hand geometry

C. Something you do, such as type a passphrase, sign your name, or speak a sentence

D. Something you know, such as a password, personal identification number (PIN), lock combination, passphrase, mother’s maiden name, or favorite color

Answer

A

A. Something you have, such as a smartcard, an ATM card, a token device, or a memory card

A Type 2 authentication factor is something you have. This could be a smartcard, an ATM card, a token device, or a memory card.

Question 17

Q

A switch can be used to prevent broadcast storms between connected systems through the use of what?

A. SSL

B. S/MIME

C. VLANs

D. LDAP

Answer

A

C. VLANs

Switches can create VLANs. Broadcast storms aren’t transmitted between one VLAN and another.

Question 18

Q

What form of authentication periodically reauthenticates the client?

A. Kerberos

B. PAP

C. Certificates

D. CHAP

Answer

A

D. CHAP

CHAP (Challenge Handshake Authentication Protocol) periodically reauthenticates the client. Kerberos, PAP (Password Authentication Protocol), and certificates aren’t designed to periodically reauthenticate the client.

Question 19

Q

What type of virus is able to regenerate itself if a single element of its infection is not removed from a compromised system?

A. Polymorphic

B. Armored

C. Retro

D. Phage

Answer

A

D. Phage

A phage virus is able to regenerate itself from any of its remaining parts.

Question 20

Q

What is the term used to describe the alarm sounded by an IDS (intrusion detection system) based on events it sees in live network traffic that are different from established parameters but which turn out to be benign?

A. True positive

B. False positive

C. True negative

D. False negative

Answer

A

B. False positive

A false positive is when an alarm sounds based on benign events. A true positive is an alarm based on malicious events. A true negative is no alarm, due to benign events. A false negative is no alarm when there are malicious events occurring.

Question 21

Q

A smartcard is an example of what type of authentication factor?

A. “Something you have”

B. “Something you are”

C. “Something you know”

D. “Something you do”

Answer

A

A. “Something you have”

A smartcard is an example of a “something you have” authentication factor. A biometric is something you are, a password is something you know, and your signature is something you do.

Question 22

Q

Which of the following can make or break security for an environment?

A. Failing to apply a recent software patch

B. Using guard dogs instead of security guards

C. Not reviewing the audit trails of client systems

D. Lack of physical access control

Answer

A

D. Lack of physical access control

Without physical access control, there is no security. An environment’s security can be maintained in spite of poor management, such as not applying software patches, using the wrong protection solution, or not reviewing all audit trails.

Question 23

Q

What form of attack prevents a server from responding to legitimate requests for resources?

A. Backdoor

B. Impersonation

C. Replay

D. Denial-of-service

Answer

A

D. Denial-of-service

A denial-of-service (DoS) attack prevents a server from responding to legitimate requests for resources. A backdoor attack gives intruders the ability to bypass security to gain access to a system. Impersonation is when someone assumes the identity of another user. Replay attacks occur when authentication traffic is captured and retransmitted.

Question 24

Q

PPTP can use all but which of the following authentication protocols?

A. AH

B. PAP

C. CHAP

D. EAP

Answer

A

A. AH

AH (Authentication Header) is an authentication protocol of IPSec, not PPTP (Point-to-Point Tunneling Protocol). PPTP can use PAP (Password Authentication Protocol), CHAP (Challenge Handshake Authentication Protocol), or EAP (Extensible Authentication Protocol).

Question 25

Q

What is a distinctive benefit in deploying an application-aware device as compared to a generic firewall appliance?

A. Traffic filtering

B. NAT services

C. Deep packet inspection

D. Network segmentation

Answer

A

C. Deep packet inspection

Often application-aware devices are able to provide deep content inspection and filtering based on their focus on a specific applications and protocols. This is a distinct benefit compared to a generic firewall appliance. Both devices can provide traffic filtering, NAT services, and network segmentation.

Question 26

Q

What is an important feature of symmetric cryptography?

A. It operates slowly.

B. It is scalable.

C. It uses a shared secret key.

D. It protects integrity.

Answer

A

C. It uses a shared secret key.

An important feature of symmetric cryptography is the shared secret key. Symmetric cryptography is fast, isn’t scalable by itself, and protects confidentiality.

Question 27

Q

Which of the following options is the most secured version of wireless configuration?

A. OSA

B. WEP

C. WPA

D. CCMP

Answer

A

D. CCMP

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is a variant of the Advanced Encryption Standard (AES) and the encryption scheme used in WPA2 (WiFi Protected Access 2). Open System Authentication (OSA) offers no security, WEP (Wired Equivalent Privacy) encryption is crackable in less than 60 seconds, and WPA encryption is crackable in hours.

Question 28

Q

Which of the following is a denial-of-service attack that uses network packets that have been spoofed so that the source and destination address are that of the victim?

A. Land

B. Teardrop

C. Smurf

D. Fraggle

Answer

A

A. Land

A land DoS attack uses network packets that have been spoofed so that the source and destination address are that of the victim. A teardrop attack uses fragmented IP packets. Smurf and Fraggle attacks use spoofed ICMP and UDP packets, respectively, against an amplification network.

Question 29

Q

Which of the following depends on ephemeral keys?

A. Digital certificates

B. Perfect forward secrecy

C. Whole-drive encryption

D. Integrity protection

Answer

A

B. Perfect forward secrecy

Perfect forward secrecy is a means of ensuring that the compromise of an entity’s digital certificates or public/private key pairs does not compromise the security of any session keys. Perfect forward secrecy is implemented by using ephemeral keys for each and every session, generated at the time of need, and then only using for a specific period of time or volume of data transfer before being discarded and replaced.

Question 30

Q

What is the purpose of BYOD policies mandating storage segmentation?

A. Lock the device when the user fails to provide proper credentials after repeated attempts.

B. Enable all data and possibly even configuration settings to be deleted from a device remotely.

C. Isolate the device’s operating system and preinstalled apps from user-installed apps and user data.

D. Oversee the installed apps, app usage, stored data, and data access on a device.

Answer

A

C. Isolate the device’s operating system and preinstalled apps from user-installed apps and user data.

Storage segmentation is used to artificially compartmentalize various types or values of data on a storage medium. On a mobile device, the device manufacturer and/or the service provider may use storage segmentation to isolate the device’s operating system and preinstalled apps from user-installed apps and user data.

Question 31

Q

What network device can be used to create and manage virtual LANs?

A. Switch

B. Router

C. Firewall

D. Proxy

Answer

A

A. Switch

A switch can be used to create and manage virtual large area networks (VLANs). Routers, firewalls, and proxies don’t support VLANs.

Question 32

Q

The communications concept of PPP provides three authentication services, which includes PAP and EAP. What is the third option?

A. Smartcard

B. CHAP

C. TLS

D. Mutual

Answer

A

B. CHAP

PPP supports PAP, CHAP, and EAP authentication systems. Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol used over a wide range of Point-to-Point Protocol (PPP) connections (including dial-up, ISDN, DSL, and cable) as a means to provide a secure transport mechanism for logon credentials.

Question 33

Q

Which of the following is the biggest issue related to data and resources stored or hosted in a cloud computing solution?

A. Reducing local hardware requirements

B. Allowing for real-time backups

C. Whether or not it is actually securable

D. Enabling anywhere access

Answer

A

C. Whether or not it is actually securable

There are serious concerns regarding whether or not cloud computer is secure or even securable. Reducing local hardware requirements, allowing for real-time backups, and enabling anywhere access are less critical concerns than security.

Question 34

Q

_____ is a networking storage standard based on IP that can be used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public Internet connections.

A. Fibre Channel

B. SAN

C. Thunderbolt

D. iSCSI

Answer

A

D. iSCSI

iSCSI is a networking storage standard based on IP that can be used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public Internet connections.

Question 35

Q

A network-based IDS is good at detecting and stopping what form of attack?

A. Spoofing

B. Denial-of-service

C. Spam

D. Buffer overflow

Answer

A

B. Denial-of-service

A network-based IDS (intrusion detection system) is good at detecting and stopping DoS (denial-of-service) attacks. Host-based IDS, in comparison to network-based IDS, is better at detecting and stopping spoofing, spam, and buffer overflow attacks.

Question 36

Q

Most password-guessing attacks employ what attack process?

A. Statistical anomaly attack

B. Reverse hash-matching attack

C. Mathematical attack

D. Implementation attack

Answer

A

B. Reverse hash-matching attack

Most password-guessing attacks employ the reverse hash-matching attack process. Software exploitation attacks may employ statistical anomaly, mathematical, and impersonation attacks.

Question 37

Q

What is the proper humidity level or range for IT environments?

A. Below 40%

B. 40% to 60%

C. Above 60%

D. 20% to 80%

Answer

A

B. 40% to 60%

The proper humidity level or range for IT environments is 40% to 60% relative humidity.

Question 38

Q

___________ is an integrated circuit (IC) or chip that has all of the elements of a computer integrated into a single chip.

A. RTOS

B. ICS

C. SoC

D. SED

Answer

A

C. SoC

System on a Chip (SoC) is an integrated circuit (IC) or chip that has all of the elements of a computer integrated into a single chip. This often includes the main CPU, memory, a GPU, WiFi, wired networking, peripheral interfaces (such as USB), and power management.

Question 39

Q

A company needs to deploy dozens of new workstations for a new project for which nearly 100 new employees were hired. All of the workstations will have the same hardware and will be running the same OS, applications, and configuration. What tool will be most effective in this situation?

A. Snapshots

B. Baseline documentation

C. A security template

D. Master image

Answer

A

D. Master image

A master image is a crafted setup and configuration of a software product or an entire computer system. A master image is created just after the target system has been manually installed, patched, and configured. A master image is employed to quickly roll out new versions of a system. For example, when you are deploying 100 new workstations the master image of the preferred workstation software deployment configuration can be installed to quickly bring the new devices into compliance with production needs and security requirements.

Question 40

Q

A token is a physical implementation of what?

A. Static password

B. Biometric factor

C. Something you know

D. One-time password

Answer

A

D. One-time password

A token is a physical implementation of a one-time password. A token isn’t a static password device, it isn’t a biometric factor, and it isn’t something you know.

Question 41

Q

A link to the network using a modem has what primary difference from a LAN connection?

A. Ability to share files

B. Speed

C. Access to network printers

D. Use of network services

Answer

A

B. Speed

Connecting to the network over a modem rather than a local area network (LAN) cable is different only in terms of speed. A modem-linked system can share files, access network printers, and use network services.

Question 42

Q

What form of malware takes a computer system hostage and demands payment in order to release control back to the user?

A. Rootkit

B. Ransomware

C. Trojan horse

D. Logic bomb

Answer

A

B. Ransomware

Ransomware is a form of malware that aims to take over a computer system in order to block its use while demanding payment. Effectively, it is malware that holds data or an entire computer system hostage in exchange for a ransom payment.

Question 43

Q

Certificates are used for what purpose?

A. Prove reliability

B. Prove compatibility

C. Prove identity

D. Prove timeliness

Answer

A

C. Prove identity

Certificates are used to prove identity. Certificates can’t prove reliability, compatibility, or timeliness.

Question 44

Q

A ________ firewall monitors the state or session of the communication, and it evaluates previous packets and potentially other communications and conditions when making an allow-or-deny decision for the current packet.

A. Stateless

B. Circuit level

C. Stateful

D. Application layer

Answer

A

C. Stateful

A stateful firewall monitors the state or session of the communication, and it evaluates previous packets and potentially other communications and conditions when making an allow-or-deny decision for the current packet.

Question 45

Q

The most effective type of alternate site is ___________.

A. Proposed

B. Hot

C. Warm

D. Cold

Answer

A

B. Hot

The most effective type of alternate site is a hot site. A proposed site is no site at all—it is just a plan to get a site. A warm site is less effective but still a realistic solution. A cold site is a real site but offers an unrealistic solution.

Question 46

Q

What does a signed message or data indicate?

A. Its source of origin

B. Its compatibility with your operating system

C. Its reliability

D. Its programming quality

Answer

A

A. Its source of origin

A signed message or data indicates its source of origin, not its compatibility, reliability, or quality.

Question 47

Q

___________ may be left in an application by developers once a product is released to market. It was originally installed to allow for quick debugging.

A. A Trojan horse

B. A backdoor

C. An input validation check

D. A quality assurance test

Answer

A

B. A backdoor

A backdoor may be left in an application by developers once a product is released to market. Backdoors are originally installed to allow for quick debugging. A Trojan horse is a malicious program disguised as a legitimate program. Input validation checks are protections against buffer overflows; they should remain in an application. Quality assurance tests are improvements to the quality of developed software; they’re part of the development process but aren’t coded into the application.

Question 48

Q

What is an asset?

A. An item costing more than $10,000

B. Anything used in a work task

C. A threat to the security of an organization

D. An intangible resource

Answer

A

B. Anything used in a work task

An asset is anything used in a work task.

Question 49

Q

In mutual authentication, what occurs?

A. Two clients authenticate simultaneously.

B. A server authenticates to a Kerberos server.

C. The client and the server authenticate to each other.

D. Multifactor authentication is used.

Answer

A

C. The client and the server authenticate to each other.

Mutual authentication means that the client and the server authenticate to each other. Two clients authenticating simultaneously is just a high-performance authentication system. A server authenticating to a Kerberos server is a normal action of a Kerberos realm. Using multifactor authentication is stronger than using single-factor, but it isn’t necessarily mutual.

Question 50

Q

What protocol can be used to assist in monitoring the health of a network and to provide a centralized monitoring capability?

A. SMTP

B. TACACS

C. PPTP

D. SNMP

Answer

A

D. SNMP

SNMP (Simple Network Management Protocol) is used to assist in monitoring the health of a network, and it provides a centralized monitoring capability. SMTP (Simple Mail Transfer Protocol) is used for email. TACACS (Terminal Access Controller Access Control System) is a centralized authentication solution for remote access. PPTP (Point-to-Point Tunneling Protocol) is a VPN (virtual private network) protocol.

Question 51

Q

What is a common organizational and referencing format used by some NoSQL database options?

A. HTML

B. Java

C. JSON

D. LDAP

Answer

A

C. JSON

JSON (JavaScript Object Notation) is a common organizational and referencing format used by some NoSQL database options.

Question 52

Q

What form of malicious code lies dormant until a specific triggering event is encountered?

A. Trojan horses

B. Viruses

C. Logic bombs

D. Worms

Answer

A

C. Logic bombs

A logic bomb is a form of malicious code that lies dormant until a specific triggering event is encountered. A Trojan horse is a malicious program disguised as something useful or legitimate. Viruses are programs designed to spread from one system to another through self-replication and to perform any of a wide range of malicious activities. Worms are designed to exploit a single flaw or hole in a system (operating system, protocol, service, or application) and then use that flaw or hole to spread or replicate themselves to other systems with the same flaw.

Question 53

Q

When performing system hardening, what is the first step?

A. Install patches and updates.

B. Scan for malicious code.

C. Configure security software.

D. Remove unnecessary elements.

Answer

A

D. Remove unnecessary elements.

Removing unnecessary elements is always the first step when performing system hardening. All of the other options are steps performed later in the process.

Question 54

Q

What tool is used to lure or retain intruders in order to gather sufficient evidence without compromising the security of the private network?

A. Firewall

B. IDS

C. Router

D. Honeypot

Answer

A

D. Honeypot

A honeypot is used to lure or retain intruders in order to gather sufficient evidence without compromising the security of the private network. The primary benefit of a honeypot is to decoy or distract attackers into attacking the false network/system of the honeypot instead of a real production system.

Question 55

Q

When a vendor releases a new service pack, what is the first step you should take?

A. Install it on production systems.

B. Document the changes to the environment.

C. Test it on nonproduction systems.

D. Update user awareness training.

Answer

A

C. Test it on nonproduction systems.

When a new service pack is released, the first step is to test it on nonproduction systems. Only after successful testing should you document the changes to the environment, install the service pack on production systems, and update the user awareness training program.

Question 56

Q

Which of the following is a technology that is the equivalent of RFID?

A. Field-powered proximity device

B. Passive proximity device

C. Self-powered proximity device

D. TOTP token

Answer

A

A. Field-powered proximity device

RFID (radio frequency identification) is effectively a field-powered proximity device. A passive proximity device is often a magnet. A self-powered proximity device has its own battery. A TOTP token is a device with an LCD screen that displays a one-time use password that is based on time and that changes at fixed time intervals.

Question 57

Q

_______________ is the message sent to a certificate authority from a user or organization to request and apply for a digital certificate.

A. SHA-1

B. OCSP

C. PKI

D. CSR

Answer

A

D. CSR

CSR (Certificate Signing Request) is the message sent to a certificate authority from a user or organization to request and apply for a digital certificate.

Question 58

Q

What are the hash value lengths for the family members of both SHA-2 and SHA-3?

A. 224, 256, 384, 512

B. 64, 128

C. 32448

D. 128, 192, 256

Answer

A

A. 224, 256, 384, 512

The SHA-2 and SHA-3 hash value families both have hash value length options of 224, 256, 384, and 512. 64 and 128 are common block sizes for symmetric encryption. 32448 are the key lengths of Blowfish. 128, 192, and 256 are the key lengths of AES.

Question 59

Q

Kerberos is used to perform what security service?

A. Authentication protection

B. File encryption

C. Secure communications

D. Protected data transfer

Answer

A

A. Authentication protection

Kerberos is a third-party authentication service; thus it provides authentication protection. Kerberos can’t be used to encrypt files, secure nonauthentication communications, or protect data transfer.

Question 60

Q

What is a proprietary protocol that is an open access multicast sensor network technology and operates on the 2.4 GHz frequency band?

A. Bluetooth

B. WiFi Direct

C. ANT

D. SATCOM

Answer

A

C. ANT

ANT is a proprietary protocol owned by Garmin that is an open access multicast sensor network technology. It uses the 2.4 GHz frequency band to support interactions between sensor devices and management devices (such as a smartphone). It is similar in nature to Bluetooth LE (Low Energy), but with a primary focus on gathering data from low-power and low bit-rate sensors. ANT is found in many fitness trackers, heart rate monitors, watches, cycling meters, and pedometers.

Question 61

Q

The best way to respond to security violations is to __________.

A. Notify law enforcement immediately.

B. Turn off all servers.

C. Initiate a lockdown so no employees can enter or leave the facility.

D. Have an incident response plan to follow.

Answer

A

D. Have an incident response plan to follow.

The best way to respond to security violations is to have an incident response plan to follow. The incident response plan may instruct you to contact law enforcement, turn off servers, or initiate a lockdown, but only if the situation requires such actions.

Question 62

Q

The best protection against known viruses is ___________.

A. User behavior modification

B. Virus scanners

C. Restriction of Internet downloads

D. Not reusing removable media from other environments

Answer

A

B. Virus scanners

The best protection against known viruses is a virus scanner. Other valid protection methods include user behavior modification, restriction of Internet downloads, and not reusing removable media from other environments.

Question 63

Q

Smartcards are often used to store ___________.

A. Encrypted data files

B. Network account databases

C. Digital certificates

D. User emails

Answer

A

C. Digital certificates

Smartcards are often used to store digital certificates. Encrypted data files, network account databases, and emails are usually too large to fit on a smart card.

Question 64

Q

Which of the following is the most likely type of evidence to be damaged or lost?

A. Files in a backup

B. Network connections

C. Data on a flash card

D. Contents of the paging file

Answer

A

B. Network connections

When collecting evidence, it is important to consider the volatility of data and resources. Volatility is the likelihood that data will be changed or lost due to the normal operations of a computer system and the passing of time. Network connections are more volatile than files stored on an internal storage device (such as a paging file), a flash card, or backup media.

Answer 65

A

C. Availability

Cryptography is not able to protect and thus provide availability. Cryptography can provide protection for confidentiality, integrity, and nonrepudiation.

Answer 66

A

A. Chain of custody

If the chain of custody is violated or mismanaged, evidence is inadmissible in court. Service-level agreements (SLAs), privacy policies, and change management aren’t associated with evidence gathering or forensics.

Answer 67

A

B. RC4

RC4 is a symmetric cryptography algorithm. SHA-1, MD5, and MD2 are all hashing algorithms.

Answer 68

A

C. X.509 v3

The current official digital certificate standard is X.509 v3. IEEE 802.1x is port authentication. X.500 is a directory service that is the foundation of LDAP. IEEE 802.3 is the definition of Ethernet.

Answer 69

A

A. TCP/IP hijacking

TCP/IP hijacking is a technique that may be used in some forms of man-in-the-middle attacks. Backdoor attacks, replay attacks, and social engineering aren’t typically associated with man-in-the-middle attacks.

Answer 70

A

C. Adding iterative computations that increase the effort involved in creating the improved result

Often, key stretching involves adding iterative computations that increase the effort involved in creating the improved key result, usually by several orders of magnitude. Salting input before hashing is a means to increase password security against brute-force attacks. Generating a random number and then using a trapdoor one-way function to derive a related key is the process of creating an asymmetric key pair set. Using a challenge-response dialogue is the basis of CHAP authentication.

Answer 71

A

C. Biometrics

Biometrics provides the strongest form of authentication when used for physical access control. Metal keys, proximity detectors, and smartcards aren’t as secure since they can be stolen and used by other people.

Answer 72

A

B. Bluejacking

Bluejacking enables a hacker to forcibly send message to Bluetooth devices. War driving is used to detect wireless networks. Initiation vector (IV) attacks are used to crack WEP (Wired Equivalent Privacy) encryption. Bluesnarfing enables a hacker to read data from Bluetooth devices.

Answer 73

A

C. It’s easy to perform.

Man-in-the-middle attacks aren’t easy to perform; they’re complicated and require specialized high-end attack tools. Man-in-the-middle attacks are a form of eavesdropping attack; they allow the attacker to intercept encrypted communications, and they require that the attacker impersonate the server to the client.

Answer 74

A

C. Security framework

A security framework is a guide or plan for keeping your organizational assets safe. It provides guidance and a structure to the implementation of security for both new organizations and those with a long history.

Answer 75

A

C. Blind FTP server

Blind FTP gives anonymous users the ability to upload files to an Internet site but doesn’t grant them the ability to access or even see any files that have been deposited. An S/FTP server and an authenticated FTP server eliminate anonymous users. An SSL server is typically used for web traffic security and may require authentication as well.

Answer 76

A

D. X.500

LDAP (Lightweight Directory Access Protocol) is based on X.500. Certificates are based on X.509. Wireless networking is based on 802.11. 160 bits is the value of an SHA (Secure Hash Algorithm) hash.

Answer 77

A

A. Deterrent

A deterrent access control is deployed to discourage violation of security policies. Deterrent and preventive controls are similar, but deterrent controls often depend on individuals deciding not to take an unwanted action.

Answer 78

A

D. ARO

ARO (annualized rate of occurrence) is the statistical probability that a specific risk may be realized a certain number of times in a year. ALE (annualized loss expectancy) is the potential dollar value loss per year per risk. SLE (single loss expectancy) is the potential dollar-value loss from a single risk realization incident. EF (exposure factor) is the percentage of asset value loss that would occur if a risk was realized.

Answer 79

A

C. Certificate policies

Certificate policies dictate what is and is not acceptable in regard to how certificates can be used. They also define a set of rules that control how certificates are used, managed, and deployed. A certificate practice statement describes how a certificate authority will manage the certificates that it issues. An OCSP (Online Certificate Status Protocol) system is used to query whether a certificate is valid or revoked. Certificate solutions are based on Internet standards, such as X.509, but the standards don’t dictate what is acceptable use for them.

Answer 80

A

A. Clickjacking

Clickjacking is a web page–based attack that causes a user to click on something other than what the user intended on clicking. This is often accomplished by using hidden or invisible layovers, frame sets, or image maps.

Answer 81

A

C. Job descriptions

RBAC (role-based access control) uses job descriptions to manage access. Discretionary access control (DAC) uses identity. Media/mandatory access control (MAC) uses security domains and sensitivity levels.

Answer 82

A

B. Ransomware

Ransomware uses cryptography as a weapon. Ransomware is a form of malware that takes over a computer system, usually by encrypting user data, in order to hinder its use while demanding payment.

Answer 83

A

C. A firewall

A firewall is a network device designed to protect one network from another by filtering traffic. A proxy server mediates access to untrusted networks for clients in a private network. A modem is used to connect to remote systems. A PBX (private branch exchange) is a network-based telephone system.

Answer 84

A

B. Noncredentialed test

A noncredentialed test is run without usernames and passwords. An announced test is one where all employees know it is taking place. A white-box test is a full knowledge test. An intrusive test attempts to fully exploit discovered flaws.

Brainscape's Knowledge GenomeTM

Practice Exam 1 Flashcards

CompTIA Security+ Review Guide: Exam SY0-501.

Brainscape's Knowledge Genome^TM