Practice Exam 2 Flashcards

Question 1

Q

The most common form of authentication factor is a __________.

A. Password

B. Fingerprint

C. Smartcard

D. Token

Answer

A

A. Password

A password is the most common form of authentication. Fingerprints, smartcards, and tokens are widely used, but they aren’t the most widely used forms of authentication.

Question 2

Q

You’ve just received an email message that describes a new malicious code threat that’s ravaging the Internet. The message contains detailed information about the threat, describes the damage it can inflict, and provides instructions on how to remove it from your system. The message states that you can easily detect whether you’ve already been a victim of this threat by checking for the presence of three files in the \Windows\System32 folder. As a countermeasure, the message instructs you to delete these three files from your system to prevent further spread of the threat. What should your first action be, based on this message?

A. Locate and delete the identified files.

B. Perform a system backup.

C. Inform your network administrator.

D. Send the message to others in the office.

Answer

A

C. Inform your network administrator.

The best first response to a hoax message such as this is to inform your network administrator. Performing a system backup isn’t a bad idea, just not the best choice for your first response. Don’t follow the instructions or send the message to others.

Question 3

Q

Which of the following is not true of a NoSQL DBMS?

A. NoSQL uses a nonrelational database structure, such as hierarchical or multilevel nesting/referencing.

B. NoSQL cannot support Structured Query Language expressions.

C. NoSQL is well suited for managing extremely large collections of data.

D. NoSQL solutions typically do not support ACID.

Answer

A

B. NoSQL cannot support Structured Query Language expressions.

Some NoSQL DBMS systems support SQL expressions.

Question 4

Q

Which of the following represents the most secure system from a best practices perspective?

A. Removing all unneeded services and protocols

B. Using a new operating system right out of the box

C. Installing every available optional component

D. Using a firewall to provide boundary protection

Answer

A

A. Removing all unneeded services and protocols

The best solution is to remove all unneeded services and protocols. Using an operating system right out of the box and installing all components is never considered a secure option. Adding a firewall to a locked-down system is a security improvement but not a valid replacement for first removing things that aren’t needed on the server.

Question 5

Q

The technology used to prevent EMI from entering or leaving a specific room is known as __________.

A. Padded cell

B. TEMPEST

C. Site surveys

D. Directory service

Answer

A

B. TEMPEST

TEMPEST is the technology used to prevent EMI (electromagnetic interference) from entering or leaving a specific room. A padded cell is used to delay an intruder with a fake environment while that person’s activities are logged. Site surveys are used to detect where the signal from a wireless access point can be detected. A directory service is a searchable index of network resources.

Question 6

Q

Why is Internet email so vulnerable to attack?

A. It uses IP addresses to route messages.

B. Anyone can use email.

C. It requires adherence to standards.

D. It’s often sent using SMTP in clear form.

Answer

A

D. It’s often sent using SMTP in clear form.

Email is vulnerable to attack because it often uses SMTP (Simple Mail Transfer Protocol) and sends messages in clear form. Email’s use of IP addresses via the domain names found in email addresses, the fact that anyone can use email, and the fact that it requires adherence to standards doesn’t make email any more vulnerable than any other form of TCP/IP application.

Question 7

Q

The form of password attack that attempts to process every possible combination to discover passwords stored in an accounts database is known as what?

A. Dictionary attack

B. Brute-force attack

C. Birthday attack

D. Mathematical attack

Answer

A

B. Brute-force attack

A brute-force password attack attempts to process every possible combination to discover passwords stored in an accounts database. A dictionary attack is similar but uses a predefined set or list of passwords rather than every possible combination. A birthday attack (reverse hash matching) is a process most password attacks use, but it doesn’t imply that all possible password combinations are tried. A mathematical attack attempts to exploit the algorithm of a cryptography solution; it’s usually not associated with password attacks.

Question 8

Q

What is the most crucial part of enabling an investigator to reconstruct the correct order of criminal events from all the records and data collected from a crime scene during a forensic investigation?

A. Take hashes of collected data

B. Make notes of each task performed

C. Record time offset

D. Send out legal hold letters

Answer

A

C. Record time offset

As an event is recorded into a log file, it is encoded with a time stamp. The time stamp is pulled from the clock on the local device where the log file is written or sent with the event from the originating device if remote logging is performed. However, it is all too common for the clocks of the devices and computers in a network to be out of time sync to some degree. Recording the time offset is taking note of the difference between the device clock and the standard; it is used to adjust the time of log entries in order to sync events and activities across multiple network devices. Management of log times is essential for the chronological reconstruction of attack or compromise events.

Question 9

Q

What form of network segmentation should be used to prevent all cross-communication between devices?

A. Airgap

B. VLAN

C. Subnets

D. Virtualization

Answer

A

A. Airgap

Physical segmentation is when no links are established between networks. This is also known as an airgap. If there are no cables and no wireless connections between two networks, then a physical network segregation, segmentation, or isolation has been achieved. This is the most reliable means of prohibiting unwanted transfer of data.

Question 10

Q

What form of recovery site requires the least amount of downtime before mission-critical business operations can resume?

A. Cold

B. Warm

C. Hot

D. Offsite

Answer

A

C. Hot

A hot site requires the least amount of downtime before mission-critical business operations can resume, because it is a real-time mirror of the primary site.

Question 11

Q

In a MAC environment, when a user has clearance for assets but is still unable to access those assets, what other security feature is in force?

A. Principle of least privilege

B. Need to know

C. Privacy

D. Service-level agreement

Answer

A

B. Need to know

Need to know is the MAC environment’s granular access control method. The principle of least privilege is the DAC environment’s concept of granular access control. Privacy and SLAs aren’t forms of access control.

Question 12

Q

Sensitivity labels are used by which form of access control?

A. DAC

B. MAC

C. RBAC

D. TBAC

Answer

A

B. MAC

MAC (media/mandatory access control) uses sensitivity labels. DAC (discretionary access control) uses identity. RBAC (role-based access control) uses job descriptions. TBAC (task-based access control) uses work tasks.

Question 13

Q

The purpose of a replay attack is ___________.

A. Intercepting encrypted data

B. Preventing a server from responding to legitimate resource requests

C. Discovering passwords

D. Gaining access to resources based on a user’s credentials

Answer

A

D. Gaining access to resources based on a user’s credentials

The purpose of a replay attack is to gain access to resources based on a user’s credentials. A replay attack isn’t used to intercept encrypted data, prevent a server from responding to legitimate resource requests, or discover passwords.

Question 14

Q

Which of the following is not an example of symmetric cryptography?

A. AES

B. Blowfish

C. CAST-128

D. RSA

Answer

A

D. RSA

RSA is asymmetric. AES, Blowfish, and CAST-128 are symmetric.

Question 15

Q

Which of the following is not typically a legal agreement or commitment, but rather a more formal form of a reciprocal agreement or gentlemen’s handshake (neither of which is typically written down), and can be called a “letter of intent”?

A. MOU

B. ISA

C. SLA

D. BPA

Answer

A

A. MOU

An MOU (memorandum of understanding) is an expression of agreement or aligned intent, will, or purpose between two entities. An MOU is not typically a legal agreement or commitment, but rather a more formal form of a reciprocal agreement or gentlemen’s handshake (neither of which is typically written down). An MOU can also be called a “letter of intent.”

Question 16

Q

Which of the following is not considered a secure coding technique?

A. Using immutable systems

B. Using stored procedures

C. Code signing

D. Server-side validation

Answer

A

A. Using immutable systems

Programmers need to adopt secure coding practices, security experts need to train programmers, and security auditors need to monitor code throughout development for proper security elements.

Question 17

Q

Certificates have what single purpose?

A. Proving identity

B. Proving quality

C. Providing encryption security

D. Exchanging encryption keys

Answer

A

A. Proving identity

Certificates have the single purpose of proving identity. They don’t prove quality or provide encryption security, and they aren’t used to exchange encryption keys.

Question 18

Q

When a vendor releases a patch, which of the following is the most important?

A. Installing the patch immediately

B. Setting up automatic patch installation

C. Allowing users to apply patches

D. Testing the patch before implementation

Answer

A

D. Testing the patch before implementation

It is most important to test patches before installing them onto production systems. Otherwise, business tasks can be interrupted if the patch does not perform as expected. Never rush to install a patch if that means skipping testing. Do not automatically roll out patches; be sure to test them first. Do not give users the power to install patches; this should be managed by administrators.

Question 19

Q

In order to prevent any one administrator from taking full control over a cryptography system or performing fraud, which of the following solutions should not be implemented?

A. M of N control

B. Job rotation

C. Multiple key pairs

D. Separation of duties

Answer

A

B. Job rotation

Job rotation isn’t appropriate in this situation since it trains a single person to perform all administrative tasks and therefore provides each person with the ability to overrun the entire system. M of N controls, multiple key pairs, and separation of duties should be used to prevent a single person from compromising the entire system.

Question 20

Q

Why should generic, anonymous, or group accounts be prohibited?

A. No support for multifactor authentication

B. Not supported by LDAP

C. Inability to hold individuals accountable

D. Requires the use of a TPM

Answer

A

C. Inability to hold individuals accountable

Generic account prohibition is the rule that no generic or shared or anonymous accounts should be allowed in private networks or on any system where security is important. Only with unique accounts per subject is it possible to track the activities of individuals and be able to hold them accountable for their actions and any violations of company policy or the law.

Question 21

Q

Which of the following is a form of web security that encrypts web sessions for modern web servers and browsers?

A. SSH

B. S-HTTP

C. TLS

D. IPSec

Answer

A

C. TLS

TLS (Transport Layer Security) is the primary form of security used on modern web servers and browsers to encrypt web sessions. SSH (Secure Shell) and IPSec (Internet Protocol Security) are not directly related to web sessions. S-HTTP (Secure HTTP) is a legacy security protocol that is no longer supported by most web servers and browsers.

Question 22

Q

Which form of penetration testing is able to determine the risk level resulting from a standard employee who becomes dissatisfied with their job?

A. Gray box

B. Vulnerability analysis

C. Black box

D. White box

Answer

A

A. Gray box

Gray-box testing combines the two other approaches to perform an evaluation based on partial knowledge of the target environment. The results are a security evaluation from the perspective of a disgruntled employee. An employee has some knowledge of the organization and its security and has some level of physical and logical access.

Question 23

Q

When a cryptography solution uses keys that are easily guessed due to their short length, this allows for a form of attack known as ___________.

A. Eavesdropping attack

B. Birthday attack

C. Social engineering attack

D. Spoofing attack

Answer

A

B. Birthday attack

When a cryptography solution uses keys that are short, this allows for a form of attack known as a birthday attack. Eavesdropping, social engineering, and spoofing aren’t directly associated with cryptography attacks.

Question 24

Q

What is a cipher suite?

A. A standardized collection of authentication, encryption, and hashing algorithms used to set or define the parameters for a security network communication

B. A communication tunnel between two entities across an intermediary network

C. A storage process by which copies of private keys and/or secret keys are retained by a centralized management system

D. A process by which one communication is hidden inside another communication

Answer

A

A. A standardized collection of authentication, encryption, and hashing algorithms used to set or define the parameters for a security network communication

A cipher suite a standardized collection of authentication, encryption, and hashing algorithms used to set or define the parameters for a security network communication. A VPN is a communication tunnel between two entities across an intermediary network. Key escrow is a storage process by which copies of private keys and/or secret keys are retained by a centralized management system. Steganography is a process by which one communication is hidden inside another communication.

Question 25

Q

What is the programmatic activity of retrieving the value stored in a memory location by triggering the pulling of the memory based on its address or location as stored in a pointer?

A. DLL injection

B. Pointer dereferencing

C. Integer overflow

D. Pivot

Answer

A

B. Pointer dereferencing

Pointer dereferencing is the programmatic activity of retrieving the value stored in a memory location by triggering the pulling of the memory based on its address or location as stored in a pointer.

Question 26

Q

Which of the following is a form of malicious code injection attack where attackers are able to compromise a web server and inject their own malicious code into the content sent to other visitors?

A. Cross-site scripting

B. Form field manipulation

C. Birthday attack

D. Spoofing attack

Answer

A

A. Cross-site scripting

Cross-site scripting is a form of malicious code injection attack where attackers are able to compromise a web server and inject their own malicious code into the content sent to other visitors. Form field manipulation occurs when an attack changes elements in a web document on the client side before submitting results back to the web server. A birthday attack is associated with hashing. Spoofing is falsifying source information.

Question 27

Q

What form of federation trust should be established between domain entities A and B as well as B and C in order for members of each domain to be able to access the resources of all three of the linked domains?

A. One-way nontransitive trusts

B. One-way transitive trusts

C. Two-way nontransitive trusts

D. Two-way transitive trusts

Answer

A

D. Two-way transitive trusts

Two-way transitive trusts between domains A and B as well as B and C will link all three domains in such a way that members of any domain can access resources in any other domain.

Question 28

Q

TACACS, a solution similar to RADIUS, is based on what RFC?

A. RFC 1918

B. RFC 2828

C. RFC 1492

D. RFC 1087

Answer

A

C. RFC 1492

TACACS (Terminal Access Controller Access Control System) is based on RFC 1492. RFC 1918 defines private IP (Internet Protocol) addresses. RFC 2828 is the Internet security glossary. RFC 1087 is the “ethics and the Internet” document.

Question 29

Q

Certificates operate under the security concept of __________.

A. Principle of least privilege

B. Trusted third party

C. Separation of duties

D. Need to know

Answer

A

B. Trusted third party

Certificates operate under the security concept of trusted third party. Certificates aren’t associated with the principle of least privilege, separation of duties, or need to know.

Question 30

Q

Data is not always stored statically on a storage device. Thus, a range of security mechanisms are needed to provide reasonable protection over a range of events and circumstances. Which of the following is a false statement?

A. Data in-transit is data being communicated over a network connection.

B. Session encryption should be used to protect data in-transit.

C. Storage encryption, such as file encryption or whole-drive encryption, should be used to protect data at-rest.

D. Data in-use should be protected against disclosure with hashing.

Answer

A

D. Data in-use should be protected against disclosure with hashing.

Hashing is an integrity protecting mechanism, not a protection against disclosure. Data in-use is data being actively processed by an application. Open and active data is only secure if the logical and physical environment is secure. A well-established security baseline and physical access control are needed to provide reasonable protection for data in-use.

Question 31

Q

Which of the following is not an essential element in locking down a server?

A. Remove unneeded components.

B. Install updates and patches.

C. Perform user awareness training.

D. Configure the system according to company standards and baselines.

Answer

A

C. Perform user awareness training.

User awareness training is an essential part of security, but it isn’t directly related to locking down a server. Server lockdown should include removing unneeded components, installing updates and patches, and complying with company standards and baselines.

Question 32

Q

What type of security zone can be positioned so it operates as a buffer network between the secured private network and the Internet and can host publicly accessible services?

A. Honeypot

B. DMZ

C. Extranet

D. Intranet

Answer

A

B. DMZ

A DMZ (demilitarized zone) is a type of security zone that can be positioned so it operates as a buffer network between the secured private network and the Internet and can host publicly accessible services. A honeypot is a false network used to trap intruders; it isn’t used to host public services. An extranet is for limited partner access, not public. An intranet is the private secured network.

Question 33

Q

What certificate format is also a file extension and stores Base64 ASCII-encoded certificate information for server certificates, intermediate certificates, and private keys?

A. DER

B. PFX

C. P7B

D. PEM

Answer

A

D. PEM

PEM (Privacy-Enhanced Electronic Mail) is a certificate format that uses Base64 (ASCII) to encode the certificate details into a file with a .pem, .crt, .cer, or .key extension. PEM certificate files include “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” statements. PEM can be used to store server certificates, intermediate certificates, and private keys.

Question 34

Q

What is integrated into WPA-2 as a replacement for TKIP and is based on AES?

A. CCMP

B. IEEE 802.1x

C. LEAP

D. ECDHE

Answer

A

A. CCMP

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) was created to replace WEP and WPA’s TKIP. CCMP is based on AES. It’s the preferred standard security protocol of 802.11 wireless networking indicated by 802.11i.

Question 35

Q

You work for a government agency that must control access to the network and its resources using classifications. However, there are an insufficient number of classifications in order to have detailed control over access. What additional element can be added to the existing authorization system to grant granular control over resource access?

A. Separation of duties

B. DAC

C. Need to know

D. MAC

Answer

A

C. Need to know

MAC isn’t a very granular controlled security environment. An improvement to MAC includes the use of need to know, a security restriction where some objects (resources or data) are restricted unless the subject has a need to know them. The objects that require a specific need to know are assigned a sensitivity label, but they’re compartmentalized from the rest of the objects with the same sensitivity label (in the same security domain).

Question 36

Q

_____________________ are devices or applications that generate passwords based on a nonrepeating one-way function, such as a hash or HMAC (hash message authentication code) (i.e., a type of hash that uses a symmetric key in the hashing process) operation.

A. SCADA

B. CHAP

C. HOTP

D. FCoE

Answer

A

C. HOTP

HOTP (HMAC-based One-time Password) tokens, or asynchronous dynamic password tokens, devices, or applications, generate passwords based on a nonrepeating one-way function, such as a hash or HMAC (hash message authentication code) (i.e., a type of hash that used a symmetric key in the hashing process) operation. Note the TOTP (time base one-time password) is similar, but it generates the one-time use unique code based on a fixed time interval.

Question 37

Q

Which of the following features commonly found on a mobile phone may prevent an unauthorized thief from gaining access to sensitive information?

A. Screen lock

B. Storage device encryption

C. Remote wipe

D. GPS tracking

Answer

A

C. Remote wipe

A remote wipe may allow you to remove all device contents once the mobile phone is reported missing or stolen. Screen lock is not a true security measure. Storage device encryption is not a common feature of mobile phones. GPS tracking will not prevent access to sensitive information.

Question 38

Q

You are the security manager for a small organization. You have been designing training for all employees to reduce security violations, improve adherence to company policies, and prevent user-caused system compromise. You have included talking points related to avoiding email attachments, discontinuing use of USB drives, and being cautious of odd requests, especially those demanding instant responses and that encourage breaking or bending company rules. However, in spite of these precautionary training measures, there is still concern that workers can be harmed when a social-engineering attacker plants malicious code on a commonly visited location in order to compromise a specific or group of targets. What is this type of attack called?

A. Piggybacking

B. Hoax

C. Watering hole attack

D. Vishing

Answer

A

C. Watering hole attack

A watering hole attack is a form of targeted attack against a region, a group, or an organization. The attack is performed in three main phases. The first phase is to observe the target’s habits. The goal is to discover a common resource, site, or location that one or more members of the target frequent. These locations are considered the watering hole. The second phase is to plant malware on watering hole systems. The third phase is to wait for members of the target to revisit the poisoned watering hole and then bring the infection back into the group.

Question 39

Q

Which of the following describes a community cloud?

A. A cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange.

B. A cloud service within a corporate network and isolated from the Internet.

C. A cloud service that is accessible to the general public typically over an Internet connection.

D. A cloud service that is partially hosted within an organization for private use and that uses external services to offer recourse to outsiders.

Answer

A

A. A cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange.

A community cloud is a cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange. A private cloud is a cloud service within a corporate network and isolated from the Internet. A public could is a cloud service that is accessible to the general public typically over an Internet connection. A hybrid cloud is a cloud service that is partially hosted within an organization for private use and that uses external services to offer recourse to outsiders.

Question 40

Q

An organization wants to use a wireless network internally, but they do not want any possibility of external access or detection. What security tool should be used?

A. Airgap

B. Faraday cage

C. Biometric authentication

D. Screen filters

Answer

A

B. Faraday cage

A Faraday cage is an enclosure that blocks or absorbs electromagnetic fields or signals. Faraday cage containers, computer cases, rack-mount systems, rooms, or even building materials are used to create a blockage against the transmission of data, information, metadata, or other emanations from computers and other electronics. Devices inside a Faraday cage can use EM fields for communications, such as wireless or Bluetooth, but devices outside of the cage will not be able to eavesdrop on the signals of the systems within the cage.

Question 41

Q

As data is transmitted from one system to another across a VPN link, the normal LAN TCP/IP traffic is __________ the VPN protocol.

A. Replaced by

B. Converted into

C. Hashed with

D. Encapsulated in

Answer

A

D. Encapsulated in

As data is transmitted from one system to another across a VPN (virtual private network) link, the normal LAN (large area network) TCP/IP (Transmission Control Protocol/Internet Protocol) traffic is encapsulated in the VPN protocol.

Question 42

Q

The basis of application server hardening depends primarily on __________.

A. The function of the server

B. The number of users

C. The size of the average resource transmitted

D. Local versus remote access

Answer

A

A. The function of the server

The basis of application server hardening depends primarily on the function of the server. The number of users, the size of transmissions, and whether users access the server locally or remotely are at best secondary issues.

Question 43

Q

What form of removable media is best suited for backups that are to be used in disaster recovery processes?

A. CD

B. USB thumb drives

C. Flash memory cards

D. Tape

Answer

A

D. Tape

Tape is the best form of removable media for backups that are to be used in disaster recovery processes. CDs, USB thumb drives, and flash memory cards often don’t have sufficient capacity to be suitable for large backups.

Question 44

Q

Which of the following is considered the least secure?

A. Out-of-band key exchange

B. ECDHE key exchange

C. In-band key exchange

D. One-time pad-based keys

Answer

A

C. In-band key exchange

In-band key exchange is often considered less secure than any other key exchange option because there is greater risk of an eavesdropping or man-in-the-middle attack being able to capture and/or intercept the exchange.

Question 45

Q

Your organization operates a popular website. The user base is growing at a phenomenal rate and there seems to be an increasing need for password recovery. You do not wish to send passwords through email, so what other technique would be effective, can be automated, and will have minimum impact on administrative overhead once implemented?

A. Certificate revocation and reissue

B. Static default passwords

C. Security questions

D. Delete existing account; have users re-create an account

Answer

A

C. Security questions

A common alternative password recovery method often preferred to that of emailed passwords is asking the user a set of security questions aimed at proving or verifying their identity before providing an interface to change their current password.

Question 46

Q

What is a honeypot used to do?

A. Encourage security policy compliance.

B. Test the security perimeter of a network.

C. Establish a secured communication link across an untrusted network.

D. Lure and detain intruders.

Answer

A

D. Lure and detain intruders.

A honeypot is used to lure and detain intruders. Awareness training is used to encourage security policy compliance. Penetration testing is used to test the security perimeter of a network. A VPN (virtual private network) is used to establish a secured communication link across an untrusted network.

Question 47

Q

What is an incident?

A. Any occurrence that takes place during a certain period of time

B. Any person or tool that can take advantage of a vulnerability

C. The path or means by which an attack can gain access to a target in order to cause harm

D. An event that has a negative outcome affecting the confidentiality, integrity, or availability of an organization’s data

Answer

A

D. An event that has a negative outcome affecting the confidentiality, integrity, or availability of an organization’s data

An incident is an event that has a negative outcome affecting the confidentiality, integrity, or availability of an organization’s data. Any occurrence that takes place during a certain period of time is an event. A threat is any person or tool that can take advantage of a vulnerability. A threat vector is the path or means by which an attack can gain access to a target in order to cause harm.

Question 48

Q

Because FTP doesn’t offer security, what attack is it vulnerable to?

A. Birthday

B. Packet sniffing

C. Replay

D. Social engineering

Answer

A

B. Packet sniffing

FTP is vulnerable to packet sniffing attacks. Birthday attacks focus on hashing. Replay attacks focus on encrypted authentication traffic. Social engineering attacks focus on people rather than technology.

Question 49

Q

The best defense against spoofed network traffic is ___________.

A. An ingress filter

B. A switch

C. A web server

D. Kerberos

Answer

A

A. An ingress filter

The best defense against spoofed network traffic is an ingress filter. A switch is used to connect individual systems or subnets together. A web server is used to distribute web content. Kerberos is an authentication system. None of these other three items addresses spoofed network traffic.

Question 50

Q

What cryptographic tool can be used to increase the difficulty of hashing and prevent password cracking from being as effective?

A. IV

B. XOR

C. Salt

D. Nonce

Answer

A

C. Salt

A salt is secret data added to input material prior to the hashing process. Salting hashes makes the process of attaching hashes much more complicated and computationally intensive. Salts are sometimes part of an authentication system, such as on Linux and many websites, but not on Windows. Authentication salts add additional characters to a password just before it is hashed. Salting passwords makes the act of password cracking more difficult for an attacker.

Question 51

Q

A new wireless access point has been installed in your office. You wish to determine what areas of the office receive the strongest and weakest signals as well as whether the access point can be reached from outside of your office. This activity is known as what?

A. A site survey

B. Penetration testing

C. Risk assessment

D. Business continuity planning

Answer

A

A. A site survey

This activity is known as a site survey. Penetration testing uses cracking tools to test a security perimeter. Risk assessment evaluates the risks of a secured environment. Business continuity planning is used to support business operations when processes are threatened.

Question 52

Q

The act of falsifying data is also known as ___________.

A. Impersonation

B. Spoofing

C. Social engineering

D. Replay

Answer

A

B. Spoofing

The act of falsifying data is also known as spoofing. Impersonation is the assumption of another user’s identity. Social engineering involves convincing someone to perform a restricted activity or reveal confidential information. Replay attacks occur when authentication traffic is captured and retransmitted.

Question 53

Q

Which of the following is a common example of a host-based IDS that uses signature detection?

A. Firewall

B. Padded cell

C. Virus scanner

D. Penetration testing

Answer

A

C. Virus scanner

A virus scanner is a common example of a host-based IDS (intrusion detection system) that uses signature detection. Firewalls, padded cells, and penetration testing aren’t forms of IDS.

Question 54

Q

By what means can a flaw in WPS be attacked in order for an unauthorized device to be able to connect into an otherwise secure wireless network?

A. Use a deauthorization flood

B. Operate an evil twin

C. Guess the activation PIN

D. Perform war chalking

Answer

A

C. Guess the activation PIN

WPS (WiFi Protected Setup) is a security standard for wireless networks. It was intended to simply the effort involved in adding new clients to a well-secured wireless network. It operates by auto-connecting the first new wireless client to seek the network once the administrator triggered the feature by pressing the WPS button on the base station. However, the standard also called for a code that could be sent to the base station remotely in order to trigger WPS negotiation without the need to be able to physically press the button on the base station. This led to a brute-force guessing attack that could enable a hacker to guess the WPS code in just hours, which in turned enabled the hacker to connect their own unauthorized system to the wireless network.

Question 55

Q

Which of the following is more closely associated with client-side validation rather than server-side validation?

A. Protecting a system against input submitted by a malicious user

B. Filtering for known scriptable or malicious content (such as SQL commands or script calls)

C. Blocking meta-characters

D. Providing better response or feedback to the typical user

Answer

A

D. Providing better response or feedback to the typical user

Client-side validation is better suited for providing better response or feedback to the typical user. By contrast, server-side validation is better suited for protecting a system against input submitted by a malicious user, such as filtering for known scriptable or malicious content (such as SQL commands or script calls) and blocking meta-characters.

Question 56

Q

Which of the following describes the operation performed by a file integrity check?

A. Encrypting the file with a symmetric key

B. Comparing the current hash of a file to the stored/previous hash of a file

C. Checking the file size and filename against a directory index

D. Using a private key to encrypt a hash of the file

Answer

A

B. Comparing the current hash of a file to the stored/previous hash of a file

File integrity checking is the activity of comparing the current hash of a file to the stored/previous hash of a file. The purpose is to detect whether the file has retained its integrity (the hashes match exactly) or it has been changed (the hashes do not match).

Question 57

Q

Which of the following physical control mechanisms will serve to delay an intruder once their presence is detected?

A. Mantrap

B. Security cameras

C. Fencing

D. Guard dogs

Answer

A

A. Mantrap

A mantrap will delay an intruder once their presence is detected. Security cameras, fencing, and guard dogs aren’t guaranteed to delay an intruder to keep them from escaping.

Question 58

Q

Which of the following is not a benefit of SFTP?

A. It is interoperable with other FTP solutions.

B. It provides logon credential protection.

C. It encrypts data traffic.

D. It uses SSH to provide security.

Answer

A

A. It is interoperable with other FTP solutions.

SFTP (Secure FTP) isn’t interoperable with other FTP solutions; only SFTP clients can interact with SFTP servers. SFTP provides logon credential protection, encrypts data traffic, and uses SSH (Secure Shell) to provide security.

Question 59

Q

Which of the following is not a form of asymmetric cryptography?

A. RSA

B. Diffie-Hellman

C. Blowfish

D. ElGamal

Answer

A

C. Blowfish

Blowfish is symmetric. RSA (Rivest, Shamir, and Adleman), Diffie-Hellman, and ElGamal are asymmetric.

Question 60

Q

What hacker technique can be used over a network connection to discover the identity of services active on a computer system?

A. Port scanning

B. Banner grabbing

C. Sniffing

D. ARP poisoning

Answer

A

B. Banner grabbing

Banner grabbing may reveal the identity of a service when used against an open port across a network connection. Port scanning is used to determine whether ports are open or closed. Sniffing is used to collect network traffic to reveal the contents of the headers and nonencrypted payloads. ARP (Address Resolution Protocol) poisoning is used to trick a switch into rerouting traffic.

Question 61

Q

You attempt to visit Amazon.com but mistakenly type amazin.com. The website you see is an obvious rip-off of the valid online merchant. What is this situation called?

A. Watering hole attack

B. Typo squatting

C. Rainbow tables

D. Spear phishing

Answer

A

B. Typo squatting

Typo squatting, or URL hijacking, is a practice employed to capture traffic when a user mistypes the domain name or IP address of an intended resource. A squatter will predict URL typos and then register those domain names to direct traffic to their own site.

Question 62

Q

When CHAP is used for authentication, how are the passwords transmitted from the client to the authentication server?

A. In hashed form

B. In clear text

C. As a ticket

D. Encrypted with AES

Answer

A

A. In hashed form

CHAP (Challenge Handshake Authentication Protocol) uses MD5 to hash passwords before transmission. PAP (Password Authentication Protocol) sends passwords in the clear. Kerberos uses tickets. AES (Advanced Encryption Standard) is an encryption algorithm that isn’t used by CHAP.

Question 63

Q

Which of the following authentication actions is the strongest?

A. Three passwords consisting of 50 characters each

B. A password, a fingerprint, and a smartcard

C. Two biometrics and a token

D. A token, a handprint, and an iris scan

Answer

A

B. A password, a fingerprint, and a smartcard

Multifactor authentication, which uses different factors, is always stronger than using fewer different factors or multiples of one factor.

Question 64

Q

What type of token device produces new time-derived passwords on a specific time interval that can be used only a single time when attempting to authenticate?

A. HOTP

B. HMAC

C. SAML

D. TOTP

Answer

A

D. TOTP

The two main types of token devices are TOTP and HOTP. Time-based one-time password (TOTP) tokens or synchronous dynamic password tokens are devices or applications that generate passwords at fixed time intervals, such as every 60 seconds. HMAC-based one-time password (HOTP) tokens or asynchronous dynamic password tokens are devices or applications that generate passwords not based on fixed time intervals but instead based on a nonrepeating one-way function, such as a hash or hash message authentication code (HMAC—a type of hash that uses a symmetric key in the hashing process) operation.

Answer 65

A

C. Overhearing conversations

The most commonly overlooked aspect of mobile phone eavesdropping is related to people in the vicinity overhearing conversations (at least one side of them). Organizations frequently consider and address issues of wireless networking, storage device encryption, and screen locks.

Answer 66

A

A. SSH

Secure FTP (SFTP) is a secured alternative to standard FTP. Standard FTP sends all data, including authentication traffic, in the clear. Thus, there is no confidentiality protection. SFTP encrypts both authentication and data traffic between the client and server by employing SSH to provide secure FTP communications.

Answer 67

A

B. Privacy

Cookies pose a risk to privacy. They don’t pose a risk to network infrastructure, physical security, or availability.

Answer 68

A

D. Reduce zero-day attacks

The goals of Network Access Control (NAC) include preventing/reducing zero-day attacks, enforcing security policy throughout the network, and using identities to perform access control.

Answer 69

A

D. Bluejacking

Bluejacking involves sending messages to Bluetooth-capable devices without the permission of the owner/user. These messages often appear on a device’s screen automatically.

Answer 70

A

D. NAT

NAT (network address translation) enables numerous internal clients to access the Internet over a few leased public IP addresses. SSL (Secure Sockets Layer) is a security solution often used on web servers. L2TP (Layer 2 Tunneling Protocol) is a VPN (virtual private network) protocol. SSH (Secure Shell) is a secure replacement for Telnet.

Answer 71

A

A. 160 bits

SHA-1’s hash output is 160 bits. MD5, MD4, and MD2 produce 128-bit hash output.

Answer 72

A

D. Authentication

Authentication is not part of the CIA triad. The CIA triad consists of confidentiality, integrity, and availability.

Answer 73

A

C. Backups

Backups form the basis of a reliable disaster recovery and business continuity plan. User awareness, warm alternate sites, and redundant hardware may improve DRP (disaster recovery planning) and BCP (business continuity planning), but they aren’t essential like backups.

Answer 74

A

C. Single sign-on

Kerberos is an example of a single sign-on security technology. A mantrap is an example of a physical access control device. Auditing is an example of a monitoring system. A password is an example of an authentication factor.

Answer 75

A

A. Integrity verification

Hashing is used primarily for integrity verification. Digital envelopes are produced using asymmetric encryption, not hashing. Data encryption is performed using symmetric encryption or asymmetric encryption. Authentication can be provided for by symmetric encryption or asymmetric encryption.

Answer 76

A

D. When the subject changes its verified identity

A CA will revoke a certificate when the subject’s verified identity changes. The CA isn’t likely to revoke when the subject profits, at a request for a suspension, or when the subject obtains certificates from other CAs. There are other reasons why a CA may revoke a certificate than those included in this list, such as if the subject requests it.

Answer 77

A

C. RPO

The recovery point objective (RPO) is a measurement of how much loss can be accepted by the organization when a disaster occurs. This acceptable loss is measured in time.

Answer 78

A

D. DAC

DAC (discretionary access control) is based on the discretion of a user (that is, the administrator). RBAC (role-based access control), MAC (media/mandatory access control), and TBAC (task-based access control) are based on rules: job descriptions, classifications, and work tasks, respectively.

Answer 79

A

C. Interoperability agreements

Interoperability agreements are formal contracts (or at least written documents) that define some form of arrangements where two entities agree to work with each other in some capacity. This could be an agreement between a supplier and customer or between equals. An SLA is a contract between a supplier and a customer. A BPA is a contract between two entities dictating their business relationship. An MOU is an expression of agreement or aligned intent, will, or purpose between two entities.

Answer 80

A

D. Telnet

SSH (Secure Shell) is considered a secure replacement for Telnet. SSH isn’t a replacement for TFTP (Trivial File Transfer Protocol). VPN (virtual private network) and SSL (Secure Sockets Layer) are already secure. Additionally, SSH can function as a VPN and can encrypt protocols similar to SSL/TLS. For example, FTP can be SSL/TLS encrypted to become FTPS or SSH encrypted to become SFTP. While SSH may be an alternative to VPNs and SSL, it is not a secure replacement as the typical VPN and SSL are already secured (with the standard caveat that nothing is perfectly secure and many secure concepts have flaws or known exploits).

Answer 81

A

A. Captive portal

A captive portal is an authentication technique that redirects a newly connected wireless web client to a portal access control page. The portal page may require the user to input payment information, provide logon credentials, or input an access code.

Answer 82

A

C. Hashing

Birthday attacks can focus on hashing. Mathematical and social engineering attacks focus on asymmetric keys and encrypted files. Intrusions to certificate authorities (CAs) may be used against digital certificates.

Answer 83

A

B. Development, test, staging, and production

The organization’s IT environment must be configured and segmented to properly implement staging. This often requires at least four main network divisions: development, test, staging, and production.

Answer 84

A

D. Prevent password reuse

Password history is an authentication protection feature that tracks previous passwords (by archiving hashes) in order to prevent password reuse.

Answer 85

A

A. One tests both the infrastructure and personnel.

The primary difference between vulnerability assessment and penetration testing is that penetration testing tests both the infrastructure and the personnel. Vulnerability assessment is performed by a security administrator using an automated tool that is designed solely to test the configuration of target systems.

Brainscape's Knowledge GenomeTM

Practice Exam 2 Flashcards

CompTIA Security+ Review Guide: Exam SY0-501.

Brainscape's Knowledge Genome^TM