Practice Exam 1 Flashcards

CompTIA Security+ Review Guide: Exam SY0-501.

1
Q

What is the central feature of asymmetric public-key cryptography?

A. It is performed in only one direction.

B. The same key that locks can be used to unlock.

C. It is useful for bulk encryption.

D. It has public key–private key pairs.

A

D. It has public key–private key pairs.

Asymmetric public key cryptography has a central feature of public key–private key pairs. Asymmetric public key cryptography is reversible (unlike hashing), and the alternate key must be used to unlock (unlike symmetric). In addition, asymmetric public key cryptography is suited only for small amounts of data (unlike symmetric).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When TLS is being used to secure web communications, what URL prefix appears in the address bar to signal this fact?

A. SHTTP://

B. TLS://

C. SECURE://

D. HTTPS://

A

D. HTTPS://

HTTPS:// is the correct prefix for the use of HTTP (Hypertext Transfer Protocol) over TLS (Transport Layer Security). This is the same prefix as HTTP over SSL (Secure Sockets Layer). SHTTP:// is for Secure HTTP, which is a different technology. TLS:// and SECURE:// are invalid prefixes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When users are placed into named collectives, then through the collectives are assigned access to resources, what is this known as?

A. DAC

B. Group management

C. Role-based access control

D. Account maintenance

A

B. Group management

Group management or group-based privileges assigns a privilege or access to a resource to all members of a group as a collective. Group-based access control grants every member of the group the same level of access to a specific object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is not a desired feature set of a vulnerability scanner?

A. Intrusive or nonintrusive

B. Credentialed or noncredentialed

C. Active or passive

D. False positive or false negative

A

D. False positive or false negative

A false positive occurs when an alarm or alert is triggered by benign or normal events. The problem with false positives is that they cause security administrators to waste time investigating nonmalicious events. Whereas a false positive is an alarm without a malicious event, a false negative is a malicious event without an alarm. When false negatives occur, it is assumed that only benign events are occurring; however, malicious activities are actually taking place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Availability is threatened by what form of attack?

A. Smurf

B. Port scanning

C. Eavesdropping

D. Password cracking

A

A. Smurf

Smurf, a form of denial-of-service attack, threatens or compromises availability. Port scanning and eavesdropping threaten confidentiality. Password cracking threatens authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An organization is concerned that boot malware may infect its systems. What new technology is available on some motherboards that can reduce this risk?

A. SED

B. TPM

C. BIOS

D. UEFI

A

D. UEFI

A replacement or improvement to BIOS is Unified Extensible Firmware Interface (UEFI). UEFI provides support for all of the same functions as that of BIOS with many improvements, such as support for larger hard drives (especially for booting), faster boot times, enhanced security features, and even the ability to use a mouse when making system changes. Secure boot is a feature of UEFI that aims to protect the operating environment of the local system by preventing the loading or installing of device drivers or an operating system that is not signed by a preapproved digital certificate. Secure boot thus protects systems against a range of low-level or boot-level malware, such as certain rootkits and backdoors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

RADIUS can be used to provide an additional layer of security for the network against __________.

A. Buffer overflow exploits

B. DoS attacks

C. Virus infections

D. Remote users

A

D. Remote users

RADIUS (Remote Authentication Dial-In User Service) can be used to provide an additional layer of security for the network against remote users. RADIUS doesn’t provide protection against buffer overflow exploits, DoS (denial-of-service) attacks, or virus infections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Diffie-Hellman is what type of cryptographic system?

A. Asymmetric

B. Symmetric

C. Hashing

D. Certificate authority

A

A. Asymmetric

Diffie-Hellman is an asymmetric cryptographic system. The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are examples of symmetric cryptography. Message Digest 5 (MD5) and Secure Hash Algorithm version 1 (SHA-1) are examples of hashing. Certificate authorities issue certificates based on an implemented Public Key Infrastructure (PKI) solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the default service port of SFTP?

A. 21

B. 22

C. 23

D. 25

A

B. 22

TCP port 22 is the default service port of SFTP (SSH FTP/Secure FTP). TCP port 21 is used by plain-text FTP, 23 by telnet, and 25 by SMTP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

To provide a level of fault tolerance in encryption and certificate systems, which of the following can be used to recover keys in the event of a key or certificate corruption?

A. Escrow

B. Honeypot

C. IDS

D. VLAN

A

A. Escrow

Escrow provides fault tolerance for encryption and certificate systems to recover keys in the event of a key or certificate corruption. Honeypots, intrusion detection systems (IDSs), and virtual large area networks (VLANs) aren’t associated with certificates or cryptography.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When an investigator discovers a hard drive that might contain evidence related to a criminal investigation, what is used to create an exact duplicate of that storage device?

A. Hashing

B. Bitstream image

C. Undelete

D. Graceful shutdown

A

B. Bitstream image

A bitstream image is a process used to make an exact hash-matching copy of a storage device. Hashing itself does not create the copy; it can only be used to verify the copy as an exact duplicate. Undelete is not a backup tool but a potential recovery tool. Graceful shutdown is never part of a forensic investigation since software on the suspect’s system cannot be trusted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

_________________ is the process of adding new employees to the identity and access management (IAM) of an organization. This process is also used when the role or position of an employee changes or when an employee is awarded additional levels of privilege or access.

A. Reissue

B. Onboarding

C. Background checks

D. Site survey

A

B. Onboarding

Onboarding is the process of adding new employees to the IAM of an organization. This process is also used when the role or position of an employee changes or an employee is awarded additional levels of privilege or access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is a formal declaration of the security stance, risks, and technical requirements of a link between two organizations’ IT infrastructures?

A. MOU

B. SLA

C. ISA

D. BPA

A

C. ISA

An ISA (Interconnection Security Agreement) is a formal declaration of the security stance, risks, and technical requirements of a link between two organizations’ IT infrastructures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

___________________ are devices or applications that generate passwords at fixed time intervals, such as every 60 seconds.

A. Certificates

B. TOTP

C. TPM

D. Trusted OS

A

B. TOTP

TOTP (Time-based One-time Password) tokens or synchronous dynamic password tokens are devices or applications that generate passwords at fixed time intervals, such as every 60 seconds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The best countermeasure against email spam is __________.

A. Acceptable use policies

B. Filters

C. Blocking attachments at network borders

D. Spoofing email addresses

A

B. Filters

Email filters are the best countermeasure against email spam. Acceptable use policies and blocking attachments don’t address email spam issues even though they’re valid security measures against other email problems. Spoofing email addresses isn’t a security solution; it’s a form of attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is an example of a Type 2 authentication factor?

A. Something you have, such as a smartcard, an ATM card, a token device, or a memory card

B. Something you are, such as fingerprints, voice print, retina pattern, iris pattern, face shape, palm topology, or hand geometry

C. Something you do, such as type a passphrase, sign your name, or speak a sentence

D. Something you know, such as a password, personal identification number (PIN), lock combination, passphrase, mother’s maiden name, or favorite color

A

A. Something you have, such as a smartcard, an ATM card, a token device, or a memory card

A Type 2 authentication factor is something you have. This could be a smartcard, an ATM card, a token device, or a memory card.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A switch can be used to prevent broadcast storms between connected systems through the use of what?

A. SSL

B. S/MIME

C. VLANs

D. LDAP

A

C. VLANs

Switches can create VLANs. Broadcast storms aren’t transmitted between one VLAN and another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What form of authentication periodically reauthenticates the client?

A. Kerberos

B. PAP

C. Certificates

D. CHAP

A

D. CHAP

CHAP (Challenge Handshake Authentication Protocol) periodically reauthenticates the client. Kerberos, PAP (Password Authentication Protocol), and certificates aren’t designed to periodically reauthenticate the client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What type of virus is able to regenerate itself if a single element of its infection is not removed from a compromised system?

A. Polymorphic

B. Armored

C. Retro

D. Phage

A

D. Phage

A phage virus is able to regenerate itself from any of its remaining parts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the term used to describe the alarm sounded by an IDS (intrusion detection system) based on events it sees in live network traffic that are different from established parameters but which turn out to be benign?

A. True positive

B. False positive

C. True negative

D. False negative

A

B. False positive

A false positive is when an alarm sounds based on benign events. A true positive is an alarm based on malicious events. A true negative is no alarm, due to benign events. A false negative is no alarm when there are malicious events occurring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A smartcard is an example of what type of authentication factor?

A. “Something you have”

B. “Something you are”

C. “Something you know”

D. “Something you do”

A

A. “Something you have”

A smartcard is an example of a “something you have” authentication factor. A biometric is something you are, a password is something you know, and your signature is something you do.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following can make or break security for an environment?

A. Failing to apply a recent software patch

B. Using guard dogs instead of security guards

C. Not reviewing the audit trails of client systems

D. Lack of physical access control

A

D. Lack of physical access control

Without physical access control, there is no security. An environment’s security can be maintained in spite of poor management, such as not applying software patches, using the wrong protection solution, or not reviewing all audit trails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What form of attack prevents a server from responding to legitimate requests for resources?

A. Backdoor

B. Impersonation

C. Replay

D. Denial-of-service

A

D. Denial-of-service

A denial-of-service (DoS) attack prevents a server from responding to legitimate requests for resources. A backdoor attack gives intruders the ability to bypass security to gain access to a system. Impersonation is when someone assumes the identity of another user. Replay attacks occur when authentication traffic is captured and retransmitted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

PPTP can use all but which of the following authentication protocols?

A. AH

B. PAP

C. CHAP

D. EAP

A

A. AH

AH (Authentication Header) is an authentication protocol of IPSec, not PPTP (Point-to-Point Tunneling Protocol). PPTP can use PAP (Password Authentication Protocol), CHAP (Challenge Handshake Authentication Protocol), or EAP (Extensible Authentication Protocol).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a distinctive benefit in deploying an application-aware device as compared to a generic firewall appliance?

A. Traffic filtering

B. NAT services

C. Deep packet inspection

D. Network segmentation

A

C. Deep packet inspection

Often application-aware devices are able to provide deep content inspection and filtering based on their focus on a specific applications and protocols. This is a distinct benefit compared to a generic firewall appliance. Both devices can provide traffic filtering, NAT services, and network segmentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is an important feature of symmetric cryptography?

A. It operates slowly.

B. It is scalable.

C. It uses a shared secret key.

D. It protects integrity.

A

C. It uses a shared secret key.

An important feature of symmetric cryptography is the shared secret key. Symmetric cryptography is fast, isn’t scalable by itself, and protects confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following options is the most secured version of wireless configuration?

A. OSA

B. WEP

C. WPA

D. CCMP

A

D. CCMP

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is a variant of the Advanced Encryption Standard (AES) and the encryption scheme used in WPA2 (WiFi Protected Access 2). Open System Authentication (OSA) offers no security, WEP (Wired Equivalent Privacy) encryption is crackable in less than 60 seconds, and WPA encryption is crackable in hours.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following is a denial-of-service attack that uses network packets that have been spoofed so that the source and destination address are that of the victim?

A. Land

B. Teardrop

C. Smurf

D. Fraggle

A

A. Land

A land DoS attack uses network packets that have been spoofed so that the source and destination address are that of the victim. A teardrop attack uses fragmented IP packets. Smurf and Fraggle attacks use spoofed ICMP and UDP packets, respectively, against an amplification network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which of the following depends on ephemeral keys?

A. Digital certificates

B. Perfect forward secrecy

C. Whole-drive encryption

D. Integrity protection

A

B. Perfect forward secrecy

Perfect forward secrecy is a means of ensuring that the compromise of an entity’s digital certificates or public/private key pairs does not compromise the security of any session keys. Perfect forward secrecy is implemented by using ephemeral keys for each and every session, generated at the time of need, and then only using for a specific period of time or volume of data transfer before being discarded and replaced.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is the purpose of BYOD policies mandating storage segmentation?

A. Lock the device when the user fails to provide proper credentials after repeated attempts.

B. Enable all data and possibly even configuration settings to be deleted from a device remotely.

C. Isolate the device’s operating system and preinstalled apps from user-installed apps and user data.

D. Oversee the installed apps, app usage, stored data, and data access on a device.

A

C. Isolate the device’s operating system and preinstalled apps from user-installed apps and user data.

Storage segmentation is used to artificially compartmentalize various types or values of data on a storage medium. On a mobile device, the device manufacturer and/or the service provider may use storage segmentation to isolate the device’s operating system and preinstalled apps from user-installed apps and user data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What network device can be used to create and manage virtual LANs?

A. Switch

B. Router

C. Firewall

D. Proxy

A

A. Switch

A switch can be used to create and manage virtual large area networks (VLANs). Routers, firewalls, and proxies don’t support VLANs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

The communications concept of PPP provides three authentication services, which includes PAP and EAP. What is the third option?

A. Smartcard

B. CHAP

C. TLS

D. Mutual

A

B. CHAP

PPP supports PAP, CHAP, and EAP authentication systems. Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol used over a wide range of Point-to-Point Protocol (PPP) connections (including dial-up, ISDN, DSL, and cable) as a means to provide a secure transport mechanism for logon credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following is the biggest issue related to data and resources stored or hosted in a cloud computing solution?

A. Reducing local hardware requirements

B. Allowing for real-time backups

C. Whether or not it is actually securable

D. Enabling anywhere access

A

C. Whether or not it is actually securable

There are serious concerns regarding whether or not cloud computer is secure or even securable. Reducing local hardware requirements, allowing for real-time backups, and enabling anywhere access are less critical concerns than security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

_____ is a networking storage standard based on IP that can be used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public Internet connections.

A. Fibre Channel

B. SAN

C. Thunderbolt

D. iSCSI

A

D. iSCSI

iSCSI is a networking storage standard based on IP that can be used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public Internet connections.

35
Q

A network-based IDS is good at detecting and stopping what form of attack?

A. Spoofing

B. Denial-of-service

C. Spam

D. Buffer overflow

A

B. Denial-of-service

A network-based IDS (intrusion detection system) is good at detecting and stopping DoS (denial-of-service) attacks. Host-based IDS, in comparison to network-based IDS, is better at detecting and stopping spoofing, spam, and buffer overflow attacks.

36
Q

Most password-guessing attacks employ what attack process?

A. Statistical anomaly attack

B. Reverse hash-matching attack

C. Mathematical attack

D. Implementation attack

A

B. Reverse hash-matching attack

Most password-guessing attacks employ the reverse hash-matching attack process. Software exploitation attacks may employ statistical anomaly, mathematical, and impersonation attacks.

37
Q

What is the proper humidity level or range for IT environments?

A. Below 40%

B. 40% to 60%

C. Above 60%

D. 20% to 80%

A

B. 40% to 60%

The proper humidity level or range for IT environments is 40% to 60% relative humidity.

38
Q

___________ is an integrated circuit (IC) or chip that has all of the elements of a computer integrated into a single chip.

A. RTOS

B. ICS

C. SoC

D. SED

A

C. SoC

System on a Chip (SoC) is an integrated circuit (IC) or chip that has all of the elements of a computer integrated into a single chip. This often includes the main CPU, memory, a GPU, WiFi, wired networking, peripheral interfaces (such as USB), and power management.

39
Q

A company needs to deploy dozens of new workstations for a new project for which nearly 100 new employees were hired. All of the workstations will have the same hardware and will be running the same OS, applications, and configuration. What tool will be most effective in this situation?

A. Snapshots

B. Baseline documentation

C. A security template

D. Master image

A

D. Master image

A master image is a crafted setup and configuration of a software product or an entire computer system. A master image is created just after the target system has been manually installed, patched, and configured. A master image is employed to quickly roll out new versions of a system. For example, when you are deploying 100 new workstations the master image of the preferred workstation software deployment configuration can be installed to quickly bring the new devices into compliance with production needs and security requirements.

40
Q

A token is a physical implementation of what?

A. Static password

B. Biometric factor

C. Something you know

D. One-time password

A

D. One-time password

A token is a physical implementation of a one-time password. A token isn’t a static password device, it isn’t a biometric factor, and it isn’t something you know.

41
Q

A link to the network using a modem has what primary difference from a LAN connection?

A. Ability to share files

B. Speed

C. Access to network printers

D. Use of network services

A

B. Speed

Connecting to the network over a modem rather than a local area network (LAN) cable is different only in terms of speed. A modem-linked system can share files, access network printers, and use network services.

42
Q

What form of malware takes a computer system hostage and demands payment in order to release control back to the user?

A. Rootkit

B. Ransomware

C. Trojan horse

D. Logic bomb

A

B. Ransomware

Ransomware is a form of malware that aims to take over a computer system in order to block its use while demanding payment. Effectively, it is malware that holds data or an entire computer system hostage in exchange for a ransom payment.

43
Q

Certificates are used for what purpose?

A. Prove reliability

B. Prove compatibility

C. Prove identity

D. Prove timeliness

A

C. Prove identity

Certificates are used to prove identity. Certificates can’t prove reliability, compatibility, or timeliness.

44
Q

A ________ firewall monitors the state or session of the communication, and it evaluates previous packets and potentially other communications and conditions when making an allow-or-deny decision for the current packet.

A. Stateless

B. Circuit level

C. Stateful

D. Application layer

A

C. Stateful

A stateful firewall monitors the state or session of the communication, and it evaluates previous packets and potentially other communications and conditions when making an allow-or-deny decision for the current packet.

45
Q

The most effective type of alternate site is ___________.

A. Proposed

B. Hot

C. Warm

D. Cold

A

B. Hot

The most effective type of alternate site is a hot site. A proposed site is no site at all—it is just a plan to get a site. A warm site is less effective but still a realistic solution. A cold site is a real site but offers an unrealistic solution.

46
Q

What does a signed message or data indicate?

A. Its source of origin

B. Its compatibility with your operating system

C. Its reliability

D. Its programming quality

A

A. Its source of origin

A signed message or data indicates its source of origin, not its compatibility, reliability, or quality.

47
Q

___________ may be left in an application by developers once a product is released to market. It was originally installed to allow for quick debugging.

A. A Trojan horse

B. A backdoor

C. An input validation check

D. A quality assurance test

A

B. A backdoor

A backdoor may be left in an application by developers once a product is released to market. Backdoors are originally installed to allow for quick debugging. A Trojan horse is a malicious program disguised as a legitimate program. Input validation checks are protections against buffer overflows; they should remain in an application. Quality assurance tests are improvements to the quality of developed software; they’re part of the development process but aren’t coded into the application.

48
Q

What is an asset?

A. An item costing more than $10,000

B. Anything used in a work task

C. A threat to the security of an organization

D. An intangible resource

A

B. Anything used in a work task

An asset is anything used in a work task.

49
Q

In mutual authentication, what occurs?

A. Two clients authenticate simultaneously.

B. A server authenticates to a Kerberos server.

C. The client and the server authenticate to each other.

D. Multifactor authentication is used.

A

C. The client and the server authenticate to each other.

Mutual authentication means that the client and the server authenticate to each other. Two clients authenticating simultaneously is just a high-performance authentication system. A server authenticating to a Kerberos server is a normal action of a Kerberos realm. Using multifactor authentication is stronger than using single-factor, but it isn’t necessarily mutual.

50
Q

What protocol can be used to assist in monitoring the health of a network and to provide a centralized monitoring capability?

A. SMTP

B. TACACS

C. PPTP

D. SNMP

A

D. SNMP

SNMP (Simple Network Management Protocol) is used to assist in monitoring the health of a network, and it provides a centralized monitoring capability. SMTP (Simple Mail Transfer Protocol) is used for email. TACACS (Terminal Access Controller Access Control System) is a centralized authentication solution for remote access. PPTP (Point-to-Point Tunneling Protocol) is a VPN (virtual private network) protocol.

51
Q

What is a common organizational and referencing format used by some NoSQL database options?

A. HTML

B. Java

C. JSON

D. LDAP

A

C. JSON

JSON (JavaScript Object Notation) is a common organizational and referencing format used by some NoSQL database options.

52
Q

What form of malicious code lies dormant until a specific triggering event is encountered?

A. Trojan horses

B. Viruses

C. Logic bombs

D. Worms

A

C. Logic bombs

A logic bomb is a form of malicious code that lies dormant until a specific triggering event is encountered. A Trojan horse is a malicious program disguised as something useful or legitimate. Viruses are programs designed to spread from one system to another through self-replication and to perform any of a wide range of malicious activities. Worms are designed to exploit a single flaw or hole in a system (operating system, protocol, service, or application) and then use that flaw or hole to spread or replicate themselves to other systems with the same flaw.

53
Q

When performing system hardening, what is the first step?

A. Install patches and updates.

B. Scan for malicious code.

C. Configure security software.

D. Remove unnecessary elements.

A

D. Remove unnecessary elements.

Removing unnecessary elements is always the first step when performing system hardening. All of the other options are steps performed later in the process.

54
Q

What tool is used to lure or retain intruders in order to gather sufficient evidence without compromising the security of the private network?

A. Firewall

B. IDS

C. Router

D. Honeypot

A

D. Honeypot

A honeypot is used to lure or retain intruders in order to gather sufficient evidence without compromising the security of the private network. The primary benefit of a honeypot is to decoy or distract attackers into attacking the false network/system of the honeypot instead of a real production system.

55
Q

When a vendor releases a new service pack, what is the first step you should take?

A. Install it on production systems.

B. Document the changes to the environment.

C. Test it on nonproduction systems.

D. Update user awareness training.

A

C. Test it on nonproduction systems.

When a new service pack is released, the first step is to test it on nonproduction systems. Only after successful testing should you document the changes to the environment, install the service pack on production systems, and update the user awareness training program.

56
Q

Which of the following is a technology that is the equivalent of RFID?

A. Field-powered proximity device

B. Passive proximity device

C. Self-powered proximity device

D. TOTP token

A

A. Field-powered proximity device

RFID (radio frequency identification) is effectively a field-powered proximity device. A passive proximity device is often a magnet. A self-powered proximity device has its own battery. A TOTP token is a device with an LCD screen that displays a one-time use password that is based on time and that changes at fixed time intervals.

57
Q

_______________ is the message sent to a certificate authority from a user or organization to request and apply for a digital certificate.

A. SHA-1

B. OCSP

C. PKI

D. CSR

A

D. CSR

CSR (Certificate Signing Request) is the message sent to a certificate authority from a user or organization to request and apply for a digital certificate.

58
Q

What are the hash value lengths for the family members of both SHA-2 and SHA-3?

A. 224, 256, 384, 512

B. 64, 128

C. 32448

D. 128, 192, 256

A

A. 224, 256, 384, 512

The SHA-2 and SHA-3 hash value families both have hash value length options of 224, 256, 384, and 512. 64 and 128 are common block sizes for symmetric encryption. 32448 are the key lengths of Blowfish. 128, 192, and 256 are the key lengths of AES.

59
Q

Kerberos is used to perform what security service?

A. Authentication protection

B. File encryption

C. Secure communications

D. Protected data transfer

A

A. Authentication protection

Kerberos is a third-party authentication service; thus it provides authentication protection. Kerberos can’t be used to encrypt files, secure nonauthentication communications, or protect data transfer.

60
Q

What is a proprietary protocol that is an open access multicast sensor network technology and operates on the 2.4 GHz frequency band?

A. Bluetooth

B. WiFi Direct

C. ANT

D. SATCOM

A

C. ANT

ANT is a proprietary protocol owned by Garmin that is an open access multicast sensor network technology. It uses the 2.4 GHz frequency band to support interactions between sensor devices and management devices (such as a smartphone). It is similar in nature to Bluetooth LE (Low Energy), but with a primary focus on gathering data from low-power and low bit-rate sensors. ANT is found in many fitness trackers, heart rate monitors, watches, cycling meters, and pedometers.

61
Q

The best way to respond to security violations is to __________.

A. Notify law enforcement immediately.

B. Turn off all servers.

C. Initiate a lockdown so no employees can enter or leave the facility.

D. Have an incident response plan to follow.

A

D. Have an incident response plan to follow.

The best way to respond to security violations is to have an incident response plan to follow. The incident response plan may instruct you to contact law enforcement, turn off servers, or initiate a lockdown, but only if the situation requires such actions.

62
Q

The best protection against known viruses is ___________.

A. User behavior modification

B. Virus scanners

C. Restriction of Internet downloads

D. Not reusing removable media from other environments

A

B. Virus scanners

The best protection against known viruses is a virus scanner. Other valid protection methods include user behavior modification, restriction of Internet downloads, and not reusing removable media from other environments.

63
Q

Smartcards are often used to store ___________.

A. Encrypted data files

B. Network account databases

C. Digital certificates

D. User emails

A

C. Digital certificates

Smartcards are often used to store digital certificates. Encrypted data files, network account databases, and emails are usually too large to fit on a smart card.

64
Q

Which of the following is the most likely type of evidence to be damaged or lost?

A. Files in a backup

B. Network connections

C. Data on a flash card

D. Contents of the paging file

A

B. Network connections

When collecting evidence, it is important to consider the volatility of data and resources. Volatility is the likelihood that data will be changed or lost due to the normal operations of a computer system and the passing of time. Network connections are more volatile than files stored on an internal storage device (such as a paging file), a flash card, or backup media.

65
Q

Cryptography is not able to provide which of the following security features or services?

A. Confidentiality

B. Integrity

C. Availability

D. Nonrepudiation

A

C. Availability

Cryptography is not able to protect and thus provide availability. Cryptography can provide protection for confidentiality, integrity, and nonrepudiation.

66
Q

Evidence is inadmissible in court if which of the following is violated or mismanaged?

A. Chain of custody

B. Service-level agreement

C. Privacy policy

D. Change management

A

A. Chain of custody

If the chain of custody is violated or mismanaged, evidence is inadmissible in court. Service-level agreements (SLAs), privacy policies, and change management aren’t associated with evidence gathering or forensics.

67
Q

Which of the following is not a hashing algorithm?

A. SHA-1

B. RC4

C. MD5

D. MD2

A

B. RC4

RC4 is a symmetric cryptography algorithm. SHA-1, MD5, and MD2 are all hashing algorithms.

68
Q

What is the current official digital certificate standard?

A. IEEE 802.1x

B. X.500

C. X.509 v3

D. IEEE 802.3

A

C. X.509 v3

The current official digital certificate standard is X.509 v3. IEEE 802.1x is port authentication. X.500 is a directory service that is the foundation of LDAP. IEEE 802.3 is the definition of Ethernet.

69
Q

A man-in-the-middle attack can possibly be waged by performing which of the following techniques?

A. TCP/IP hijacking

B. Backdoor attack

C. Replay attack

D. Social engineering

A

A. TCP/IP hijacking

TCP/IP hijacking is a technique that may be used in some forms of man-in-the-middle attacks. Backdoor attacks, replay attacks, and social engineering aren’t typically associated with man-in-the-middle attacks.

70
Q

Which of the following is a description of a key-stretching technique?

A. Salting input before hashing

B. Generating a random number, and then using a trapdoor one-way function to derive a related key

C. Adding iterative computations that increase the effort involved in creating the improved result

D. Using a challenge-response dialogue

A

C. Adding iterative computations that increase the effort involved in creating the improved result

Often, key stretching involves adding iterative computations that increase the effort involved in creating the improved key result, usually by several orders of magnitude. Salting input before hashing is a means to increase password security against brute-force attacks. Generating a random number and then using a trapdoor one-way function to derive a related key is the process of creating an asymmetric key pair set. Using a challenge-response dialogue is the basis of CHAP authentication.

71
Q

To provide the strongest level of security control over a facility, locked doors can authenticate authorized personnel through what means?

A. Metal keys

B. Proximity detectors

C. Biometrics

D. Smartcards

A

C. Biometrics

Biometrics provides the strongest form of authentication when used for physical access control. Metal keys, proximity detectors, and smartcards aren’t as secure since they can be stolen and used by other people.

72
Q

What type of attack enables a hacker to forcibly send messages to Bluetooth devices?

A. War driving

B. Bluejacking

C. IV attack

D. Bluesnarfing

A

B. Bluejacking

Bluejacking enables a hacker to forcibly send message to Bluetooth devices. War driving is used to detect wireless networks. Initiation vector (IV) attacks are used to crack WEP (Wired Equivalent Privacy) encryption. Bluesnarfing enables a hacker to read data from Bluetooth devices.

73
Q

Which of the following is a false statement in regard to a man-in-the-middle attack?

A. It’s a form of eavesdropping attack.

B. It allows the attacker to intercept encrypted communications.

C. It’s easy to perform.

D. It requires the attacker to impersonate the server to the client.

A

C. It’s easy to perform.

Man-in-the-middle attacks aren’t easy to perform; they’re complicated and require specialized high-end attack tools. Man-in-the-middle attacks are a form of eavesdropping attack; they allow the attacker to intercept encrypted communications, and they require that the attacker impersonate the server to the client.

74
Q

A(n) _____________ is a guide or plan for keeping your organizational assets safe. It provides guidance and a structure to the implementation of security for both new organizations and those with a long history.

A. Industry regulation

B. Business continuity plan

C. Security framework

D. Incident response policy

A

C. Security framework

A security framework is a guide or plan for keeping your organizational assets safe. It provides guidance and a structure to the implementation of security for both new organizations and those with a long history.

75
Q

If you need to give anonymous users the ability to upload files to an Internet site but you don’t wish to grant them the ability to access or even see any files that have been deposited, what do you need to install?

A. S/FTP server

B. SSL server

C. Blind FTP server

D. Authenticated FTP server

A

C. Blind FTP server

Blind FTP gives anonymous users the ability to upload files to an Internet site but doesn’t grant them the ability to access or even see any files that have been deposited. An S/FTP server and an authenticated FTP server eliminate anonymous users. An SSL server is typically used for web traffic security and may require authentication as well.

76
Q

LDAP, a standardized protocol that enables clients to access resources within a directory service, is based on what standard?

A. X.509

B. 802.11

C. 160 bits

D. X.500

A

D. X.500

LDAP (Lightweight Directory Access Protocol) is based on X.500. Certificates are based on X.509. Wireless networking is based on 802.11. 160 bits is the value of an SHA (Secure Hash Algorithm) hash.

77
Q

What means of implementing security focuses on convincing a potential perpetrator to choose not to commit a violation or security breach?

A. Deterrent

B. Corrective

C. Preventive

D. Detective

A

A. Deterrent

A deterrent access control is deployed to discourage violation of security policies. Deterrent and preventive controls are similar, but deterrent controls often depend on individuals deciding not to take an unwanted action.

78
Q

What is the risk calculation metric that measures the number of times an unwanted event might occur within the next year?

A. ALE

B. SLE

C. EF

D. ARO

A

D. ARO

ARO (annualized rate of occurrence) is the statistical probability that a specific risk may be realized a certain number of times in a year. ALE (annualized loss expectancy) is the potential dollar value loss per year per risk. SLE (single loss expectancy) is the potential dollar-value loss from a single risk realization incident. EF (exposure factor) is the percentage of asset value loss that would occur if a risk was realized.

79
Q

___________________ dictate what is and is not acceptable in regard to how certificates can be used and define a set of rules that control how certificates are used, managed, and deployed.

A. Certificate practice statements

B. OCSP systems

C. Certificate policies

D. Internet standards

A

C. Certificate policies

Certificate policies dictate what is and is not acceptable in regard to how certificates can be used. They also define a set of rules that control how certificates are used, managed, and deployed. A certificate practice statement describes how a certificate authority will manage the certificates that it issues. An OCSP (Online Certificate Status Protocol) system is used to query whether a certificate is valid or revoked. Certificate solutions are based on Internet standards, such as X.509, but the standards don’t dictate what is acceptable use for them.

80
Q

A worker complains that when he searches for various topics using a standard Internet search engine, when he clicks on one of the results, he is taken to a website that might include the topic of concern but it is not the URL that he was electing to click on. What type of attack causes a user to visit an online location different from the one he intentionally selected to visit?

A. Clickjacking

B. Typo squatting

C. Session hijacking

D. URL hijacking

A

A. Clickjacking

Clickjacking is a web page–based attack that causes a user to click on something other than what the user intended on clicking. This is often accomplished by using hidden or invisible layovers, frame sets, or image maps.

81
Q

RBAC manages access by using __________.

A. User identity

B. Security domains

C. Job descriptions

D. Sensitivity levels

A

C. Job descriptions

RBAC (role-based access control) uses job descriptions to manage access. Discretionary access control (DAC) uses identity. Media/mandatory access control (MAC) uses security domains and sensitivity levels.

82
Q

What is an example of crypto-malware that uses cryptography as a weapon?

A. Polymorphic

B. Ransomware

C. Armored

D. Phage

A

B. Ransomware

Ransomware uses cryptography as a weapon. Ransomware is a form of malware that takes over a computer system, usually by encrypting user data, in order to hinder its use while demanding payment.

83
Q

What network device is designed to protect one network from another by filtering traffic?

A. A proxy server

B. A modem

C. A firewall

D. A PBX system

A

C. A firewall

A firewall is a network device designed to protect one network from another by filtering traffic. A proxy server mediates access to untrusted networks for clients in a private network. A modem is used to connect to remote systems. A PBX (private branch exchange) is a network-based telephone system.

84
Q

When a security consultant is performing a penetration test but is not provided a set of logon name and passwords by the target organization, what form of assessment is being performed?

A. Announced test

B. Noncredentialed test

C. White-box test

D. Intrusive test

A

B. Noncredentialed test

A noncredentialed test is run without usernames and passwords. An announced test is one where all employees know it is taking place. A white-box test is a full knowledge test. An intrusive test attempts to fully exploit discovered flaws.