Practice Exam 2 Flashcards

CompTIA Security+ Review Guide: Exam SY0-501.

1
Q

The most common form of authentication factor is a __________.

A. Password

B. Fingerprint

C. Smartcard

D. Token

A

A. Password

A password is the most common form of authentication. Fingerprints, smartcards, and tokens are widely used, but they aren’t the most widely used forms of authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You’ve just received an email message that describes a new malicious code threat that’s ravaging the Internet. The message contains detailed information about the threat, describes the damage it can inflict, and provides instructions on how to remove it from your system. The message states that you can easily detect whether you’ve already been a victim of this threat by checking for the presence of three files in the \Windows\System32 folder. As a countermeasure, the message instructs you to delete these three files from your system to prevent further spread of the threat. What should your first action be, based on this message?

A. Locate and delete the identified files.

B. Perform a system backup.

C. Inform your network administrator.

D. Send the message to others in the office.

A

C. Inform your network administrator.

The best first response to a hoax message such as this is to inform your network administrator. Performing a system backup isn’t a bad idea, just not the best choice for your first response. Don’t follow the instructions or send the message to others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is not true of a NoSQL DBMS?

A. NoSQL uses a nonrelational database structure, such as hierarchical or multilevel nesting/referencing.

B. NoSQL cannot support Structured Query Language expressions.

C. NoSQL is well suited for managing extremely large collections of data.

D. NoSQL solutions typically do not support ACID.

A

B. NoSQL cannot support Structured Query Language expressions.

Some NoSQL DBMS systems support SQL expressions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following represents the most secure system from a best practices perspective?

A. Removing all unneeded services and protocols

B. Using a new operating system right out of the box

C. Installing every available optional component

D. Using a firewall to provide boundary protection

A

A. Removing all unneeded services and protocols

The best solution is to remove all unneeded services and protocols. Using an operating system right out of the box and installing all components is never considered a secure option. Adding a firewall to a locked-down system is a security improvement but not a valid replacement for first removing things that aren’t needed on the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The technology used to prevent EMI from entering or leaving a specific room is known as __________.

A. Padded cell

B. TEMPEST

C. Site surveys

D. Directory service

A

B. TEMPEST

TEMPEST is the technology used to prevent EMI (electromagnetic interference) from entering or leaving a specific room. A padded cell is used to delay an intruder with a fake environment while that person’s activities are logged. Site surveys are used to detect where the signal from a wireless access point can be detected. A directory service is a searchable index of network resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why is Internet email so vulnerable to attack?

A. It uses IP addresses to route messages.

B. Anyone can use email.

C. It requires adherence to standards.

D. It’s often sent using SMTP in clear form.

A

D. It’s often sent using SMTP in clear form.

Email is vulnerable to attack because it often uses SMTP (Simple Mail Transfer Protocol) and sends messages in clear form. Email’s use of IP addresses via the domain names found in email addresses, the fact that anyone can use email, and the fact that it requires adherence to standards doesn’t make email any more vulnerable than any other form of TCP/IP application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The form of password attack that attempts to process every possible combination to discover passwords stored in an accounts database is known as what?

A. Dictionary attack

B. Brute-force attack

C. Birthday attack

D. Mathematical attack

A

B. Brute-force attack

A brute-force password attack attempts to process every possible combination to discover passwords stored in an accounts database. A dictionary attack is similar but uses a predefined set or list of passwords rather than every possible combination. A birthday attack (reverse hash matching) is a process most password attacks use, but it doesn’t imply that all possible password combinations are tried. A mathematical attack attempts to exploit the algorithm of a cryptography solution; it’s usually not associated with password attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the most crucial part of enabling an investigator to reconstruct the correct order of criminal events from all the records and data collected from a crime scene during a forensic investigation?

A. Take hashes of collected data

B. Make notes of each task performed

C. Record time offset

D. Send out legal hold letters

A

C. Record time offset

As an event is recorded into a log file, it is encoded with a time stamp. The time stamp is pulled from the clock on the local device where the log file is written or sent with the event from the originating device if remote logging is performed. However, it is all too common for the clocks of the devices and computers in a network to be out of time sync to some degree. Recording the time offset is taking note of the difference between the device clock and the standard; it is used to adjust the time of log entries in order to sync events and activities across multiple network devices. Management of log times is essential for the chronological reconstruction of attack or compromise events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What form of network segmentation should be used to prevent all cross-communication between devices?

A. Airgap

B. VLAN

C. Subnets

D. Virtualization

A

A. Airgap

Physical segmentation is when no links are established between networks. This is also known as an airgap. If there are no cables and no wireless connections between two networks, then a physical network segregation, segmentation, or isolation has been achieved. This is the most reliable means of prohibiting unwanted transfer of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What form of recovery site requires the least amount of downtime before mission-critical business operations can resume?

A. Cold

B. Warm

C. Hot

D. Offsite

A

C. Hot

A hot site requires the least amount of downtime before mission-critical business operations can resume, because it is a real-time mirror of the primary site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In a MAC environment, when a user has clearance for assets but is still unable to access those assets, what other security feature is in force?

A. Principle of least privilege

B. Need to know

C. Privacy

D. Service-level agreement

A

B. Need to know

Need to know is the MAC environment’s granular access control method. The principle of least privilege is the DAC environment’s concept of granular access control. Privacy and SLAs aren’t forms of access control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Sensitivity labels are used by which form of access control?

A. DAC

B. MAC

C. RBAC

D. TBAC

A

B. MAC

MAC (media/mandatory access control) uses sensitivity labels. DAC (discretionary access control) uses identity. RBAC (role-based access control) uses job descriptions. TBAC (task-based access control) uses work tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The purpose of a replay attack is ___________.

A. Intercepting encrypted data

B. Preventing a server from responding to legitimate resource requests

C. Discovering passwords

D. Gaining access to resources based on a user’s credentials

A

D. Gaining access to resources based on a user’s credentials

The purpose of a replay attack is to gain access to resources based on a user’s credentials. A replay attack isn’t used to intercept encrypted data, prevent a server from responding to legitimate resource requests, or discover passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is not an example of symmetric cryptography?

A. AES

B. Blowfish

C. CAST-128

D. RSA

A

D. RSA

RSA is asymmetric. AES, Blowfish, and CAST-128 are symmetric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is not typically a legal agreement or commitment, but rather a more formal form of a reciprocal agreement or gentlemen’s handshake (neither of which is typically written down), and can be called a “letter of intent”?

A. MOU

B. ISA

C. SLA

D. BPA

A

A. MOU

An MOU (memorandum of understanding) is an expression of agreement or aligned intent, will, or purpose between two entities. An MOU is not typically a legal agreement or commitment, but rather a more formal form of a reciprocal agreement or gentlemen’s handshake (neither of which is typically written down). An MOU can also be called a “letter of intent.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is not considered a secure coding technique?

A. Using immutable systems

B. Using stored procedures

C. Code signing

D. Server-side validation

A

A. Using immutable systems

Programmers need to adopt secure coding practices, security experts need to train programmers, and security auditors need to monitor code throughout development for proper security elements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Certificates have what single purpose?

A. Proving identity

B. Proving quality

C. Providing encryption security

D. Exchanging encryption keys

A

A. Proving identity

Certificates have the single purpose of proving identity. They don’t prove quality or provide encryption security, and they aren’t used to exchange encryption keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

When a vendor releases a patch, which of the following is the most important?

A. Installing the patch immediately

B. Setting up automatic patch installation

C. Allowing users to apply patches

D. Testing the patch before implementation

A

D. Testing the patch before implementation

It is most important to test patches before installing them onto production systems. Otherwise, business tasks can be interrupted if the patch does not perform as expected. Never rush to install a patch if that means skipping testing. Do not automatically roll out patches; be sure to test them first. Do not give users the power to install patches; this should be managed by administrators.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In order to prevent any one administrator from taking full control over a cryptography system or performing fraud, which of the following solutions should not be implemented?

A. M of N control

B. Job rotation

C. Multiple key pairs

D. Separation of duties

A

B. Job rotation

Job rotation isn’t appropriate in this situation since it trains a single person to perform all administrative tasks and therefore provides each person with the ability to overrun the entire system. M of N controls, multiple key pairs, and separation of duties should be used to prevent a single person from compromising the entire system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Why should generic, anonymous, or group accounts be prohibited?

A. No support for multifactor authentication

B. Not supported by LDAP

C. Inability to hold individuals accountable

D. Requires the use of a TPM

A

C. Inability to hold individuals accountable

Generic account prohibition is the rule that no generic or shared or anonymous accounts should be allowed in private networks or on any system where security is important. Only with unique accounts per subject is it possible to track the activities of individuals and be able to hold them accountable for their actions and any violations of company policy or the law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following is a form of web security that encrypts web sessions for modern web servers and browsers?

A. SSH

B. S-HTTP

C. TLS

D. IPSec

A

C. TLS

TLS (Transport Layer Security) is the primary form of security used on modern web servers and browsers to encrypt web sessions. SSH (Secure Shell) and IPSec (Internet Protocol Security) are not directly related to web sessions. S-HTTP (Secure HTTP) is a legacy security protocol that is no longer supported by most web servers and browsers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which form of penetration testing is able to determine the risk level resulting from a standard employee who becomes dissatisfied with their job?

A. Gray box

B. Vulnerability analysis

C. Black box

D. White box

A

A. Gray box

Gray-box testing combines the two other approaches to perform an evaluation based on partial knowledge of the target environment. The results are a security evaluation from the perspective of a disgruntled employee. An employee has some knowledge of the organization and its security and has some level of physical and logical access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

When a cryptography solution uses keys that are easily guessed due to their short length, this allows for a form of attack known as ___________.

A. Eavesdropping attack

B. Birthday attack

C. Social engineering attack

D. Spoofing attack

A

B. Birthday attack

When a cryptography solution uses keys that are short, this allows for a form of attack known as a birthday attack. Eavesdropping, social engineering, and spoofing aren’t directly associated with cryptography attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a cipher suite?

A. A standardized collection of authentication, encryption, and hashing algorithms used to set or define the parameters for a security network communication

B. A communication tunnel between two entities across an intermediary network

C. A storage process by which copies of private keys and/or secret keys are retained by a centralized management system

D. A process by which one communication is hidden inside another communication

A

A. A standardized collection of authentication, encryption, and hashing algorithms used to set or define the parameters for a security network communication

A cipher suite a standardized collection of authentication, encryption, and hashing algorithms used to set or define the parameters for a security network communication. A VPN is a communication tunnel between two entities across an intermediary network. Key escrow is a storage process by which copies of private keys and/or secret keys are retained by a centralized management system. Steganography is a process by which one communication is hidden inside another communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is the programmatic activity of retrieving the value stored in a memory location by triggering the pulling of the memory based on its address or location as stored in a pointer?

A. DLL injection

B. Pointer dereferencing

C. Integer overflow

D. Pivot

A

B. Pointer dereferencing

Pointer dereferencing is the programmatic activity of retrieving the value stored in a memory location by triggering the pulling of the memory based on its address or location as stored in a pointer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following is a form of malicious code injection attack where attackers are able to compromise a web server and inject their own malicious code into the content sent to other visitors?

A. Cross-site scripting

B. Form field manipulation

C. Birthday attack

D. Spoofing attack

A

A. Cross-site scripting

Cross-site scripting is a form of malicious code injection attack where attackers are able to compromise a web server and inject their own malicious code into the content sent to other visitors. Form field manipulation occurs when an attack changes elements in a web document on the client side before submitting results back to the web server. A birthday attack is associated with hashing. Spoofing is falsifying source information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What form of federation trust should be established between domain entities A and B as well as B and C in order for members of each domain to be able to access the resources of all three of the linked domains?

A. One-way nontransitive trusts

B. One-way transitive trusts

C. Two-way nontransitive trusts

D. Two-way transitive trusts

A

D. Two-way transitive trusts

Two-way transitive trusts between domains A and B as well as B and C will link all three domains in such a way that members of any domain can access resources in any other domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

TACACS, a solution similar to RADIUS, is based on what RFC?

A. RFC 1918

B. RFC 2828

C. RFC 1492

D. RFC 1087

A

C. RFC 1492

TACACS (Terminal Access Controller Access Control System) is based on RFC 1492. RFC 1918 defines private IP (Internet Protocol) addresses. RFC 2828 is the Internet security glossary. RFC 1087 is the “ethics and the Internet” document.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Certificates operate under the security concept of __________.

A. Principle of least privilege

B. Trusted third party

C. Separation of duties

D. Need to know

A

B. Trusted third party

Certificates operate under the security concept of trusted third party. Certificates aren’t associated with the principle of least privilege, separation of duties, or need to know.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Data is not always stored statically on a storage device. Thus, a range of security mechanisms are needed to provide reasonable protection over a range of events and circumstances. Which of the following is a false statement?

A. Data in-transit is data being communicated over a network connection.

B. Session encryption should be used to protect data in-transit.

C. Storage encryption, such as file encryption or whole-drive encryption, should be used to protect data at-rest.

D. Data in-use should be protected against disclosure with hashing.

A

D. Data in-use should be protected against disclosure with hashing.

Hashing is an integrity protecting mechanism, not a protection against disclosure. Data in-use is data being actively processed by an application. Open and active data is only secure if the logical and physical environment is secure. A well-established security baseline and physical access control are needed to provide reasonable protection for data in-use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following is not an essential element in locking down a server?

A. Remove unneeded components.

B. Install updates and patches.

C. Perform user awareness training.

D. Configure the system according to company standards and baselines.

A

C. Perform user awareness training.

User awareness training is an essential part of security, but it isn’t directly related to locking down a server. Server lockdown should include removing unneeded components, installing updates and patches, and complying with company standards and baselines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What type of security zone can be positioned so it operates as a buffer network between the secured private network and the Internet and can host publicly accessible services?

A. Honeypot

B. DMZ

C. Extranet

D. Intranet

A

B. DMZ

A DMZ (demilitarized zone) is a type of security zone that can be positioned so it operates as a buffer network between the secured private network and the Internet and can host publicly accessible services. A honeypot is a false network used to trap intruders; it isn’t used to host public services. An extranet is for limited partner access, not public. An intranet is the private secured network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What certificate format is also a file extension and stores Base64 ASCII-encoded certificate information for server certificates, intermediate certificates, and private keys?

A. DER

B. PFX

C. P7B

D. PEM

A

D. PEM

PEM (Privacy-Enhanced Electronic Mail) is a certificate format that uses Base64 (ASCII) to encode the certificate details into a file with a .pem, .crt, .cer, or .key extension. PEM certificate files include “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” statements. PEM can be used to store server certificates, intermediate certificates, and private keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is integrated into WPA-2 as a replacement for TKIP and is based on AES?

A. CCMP

B. IEEE 802.1x

C. LEAP

D. ECDHE

A

A. CCMP

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) was created to replace WEP and WPA’s TKIP. CCMP is based on AES. It’s the preferred standard security protocol of 802.11 wireless networking indicated by 802.11i.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

You work for a government agency that must control access to the network and its resources using classifications. However, there are an insufficient number of classifications in order to have detailed control over access. What additional element can be added to the existing authorization system to grant granular control over resource access?

A. Separation of duties

B. DAC

C. Need to know

D. MAC

A

C. Need to know

MAC isn’t a very granular controlled security environment. An improvement to MAC includes the use of need to know, a security restriction where some objects (resources or data) are restricted unless the subject has a need to know them. The objects that require a specific need to know are assigned a sensitivity label, but they’re compartmentalized from the rest of the objects with the same sensitivity label (in the same security domain).

36
Q

_____________________ are devices or applications that generate passwords based on a nonrepeating one-way function, such as a hash or HMAC (hash message authentication code) (i.e., a type of hash that uses a symmetric key in the hashing process) operation.

A. SCADA

B. CHAP

C. HOTP

D. FCoE

A

C. HOTP

HOTP (HMAC-based One-time Password) tokens, or asynchronous dynamic password tokens, devices, or applications, generate passwords based on a nonrepeating one-way function, such as a hash or HMAC (hash message authentication code) (i.e., a type of hash that used a symmetric key in the hashing process) operation. Note the TOTP (time base one-time password) is similar, but it generates the one-time use unique code based on a fixed time interval.

37
Q

Which of the following features commonly found on a mobile phone may prevent an unauthorized thief from gaining access to sensitive information?

A. Screen lock

B. Storage device encryption

C. Remote wipe

D. GPS tracking

A

C. Remote wipe

A remote wipe may allow you to remove all device contents once the mobile phone is reported missing or stolen. Screen lock is not a true security measure. Storage device encryption is not a common feature of mobile phones. GPS tracking will not prevent access to sensitive information.

38
Q

You are the security manager for a small organization. You have been designing training for all employees to reduce security violations, improve adherence to company policies, and prevent user-caused system compromise. You have included talking points related to avoiding email attachments, discontinuing use of USB drives, and being cautious of odd requests, especially those demanding instant responses and that encourage breaking or bending company rules. However, in spite of these precautionary training measures, there is still concern that workers can be harmed when a social-engineering attacker plants malicious code on a commonly visited location in order to compromise a specific or group of targets. What is this type of attack called?

A. Piggybacking

B. Hoax

C. Watering hole attack

D. Vishing

A

C. Watering hole attack

A watering hole attack is a form of targeted attack against a region, a group, or an organization. The attack is performed in three main phases. The first phase is to observe the target’s habits. The goal is to discover a common resource, site, or location that one or more members of the target frequent. These locations are considered the watering hole. The second phase is to plant malware on watering hole systems. The third phase is to wait for members of the target to revisit the poisoned watering hole and then bring the infection back into the group.

39
Q

Which of the following describes a community cloud?

A. A cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange.

B. A cloud service within a corporate network and isolated from the Internet.

C. A cloud service that is accessible to the general public typically over an Internet connection.

D. A cloud service that is partially hosted within an organization for private use and that uses external services to offer recourse to outsiders.

A

A. A cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange.

A community cloud is a cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange. A private cloud is a cloud service within a corporate network and isolated from the Internet. A public could is a cloud service that is accessible to the general public typically over an Internet connection. A hybrid cloud is a cloud service that is partially hosted within an organization for private use and that uses external services to offer recourse to outsiders.

40
Q

An organization wants to use a wireless network internally, but they do not want any possibility of external access or detection. What security tool should be used?

A. Airgap

B. Faraday cage

C. Biometric authentication

D. Screen filters

A

B. Faraday cage

A Faraday cage is an enclosure that blocks or absorbs electromagnetic fields or signals. Faraday cage containers, computer cases, rack-mount systems, rooms, or even building materials are used to create a blockage against the transmission of data, information, metadata, or other emanations from computers and other electronics. Devices inside a Faraday cage can use EM fields for communications, such as wireless or Bluetooth, but devices outside of the cage will not be able to eavesdrop on the signals of the systems within the cage.

41
Q

As data is transmitted from one system to another across a VPN link, the normal LAN TCP/IP traffic is __________ the VPN protocol.

A. Replaced by

B. Converted into

C. Hashed with

D. Encapsulated in

A

D. Encapsulated in

As data is transmitted from one system to another across a VPN (virtual private network) link, the normal LAN (large area network) TCP/IP (Transmission Control Protocol/Internet Protocol) traffic is encapsulated in the VPN protocol.

42
Q

The basis of application server hardening depends primarily on __________.

A. The function of the server

B. The number of users

C. The size of the average resource transmitted

D. Local versus remote access

A

A. The function of the server

The basis of application server hardening depends primarily on the function of the server. The number of users, the size of transmissions, and whether users access the server locally or remotely are at best secondary issues.

43
Q

What form of removable media is best suited for backups that are to be used in disaster recovery processes?

A. CD

B. USB thumb drives

C. Flash memory cards

D. Tape

A

D. Tape

Tape is the best form of removable media for backups that are to be used in disaster recovery processes. CDs, USB thumb drives, and flash memory cards often don’t have sufficient capacity to be suitable for large backups.

44
Q

Which of the following is considered the least secure?

A. Out-of-band key exchange

B. ECDHE key exchange

C. In-band key exchange

D. One-time pad-based keys

A

C. In-band key exchange

In-band key exchange is often considered less secure than any other key exchange option because there is greater risk of an eavesdropping or man-in-the-middle attack being able to capture and/or intercept the exchange.

45
Q

Your organization operates a popular website. The user base is growing at a phenomenal rate and there seems to be an increasing need for password recovery. You do not wish to send passwords through email, so what other technique would be effective, can be automated, and will have minimum impact on administrative overhead once implemented?

A. Certificate revocation and reissue

B. Static default passwords

C. Security questions

D. Delete existing account; have users re-create an account

A

C. Security questions

A common alternative password recovery method often preferred to that of emailed passwords is asking the user a set of security questions aimed at proving or verifying their identity before providing an interface to change their current password.

46
Q

What is a honeypot used to do?

A. Encourage security policy compliance.

B. Test the security perimeter of a network.

C. Establish a secured communication link across an untrusted network.

D. Lure and detain intruders.

A

D. Lure and detain intruders.

A honeypot is used to lure and detain intruders. Awareness training is used to encourage security policy compliance. Penetration testing is used to test the security perimeter of a network. A VPN (virtual private network) is used to establish a secured communication link across an untrusted network.

47
Q

What is an incident?

A. Any occurrence that takes place during a certain period of time

B. Any person or tool that can take advantage of a vulnerability

C. The path or means by which an attack can gain access to a target in order to cause harm

D. An event that has a negative outcome affecting the confidentiality, integrity, or availability of an organization’s data

A

D. An event that has a negative outcome affecting the confidentiality, integrity, or availability of an organization’s data

An incident is an event that has a negative outcome affecting the confidentiality, integrity, or availability of an organization’s data. Any occurrence that takes place during a certain period of time is an event. A threat is any person or tool that can take advantage of a vulnerability. A threat vector is the path or means by which an attack can gain access to a target in order to cause harm.

48
Q

Because FTP doesn’t offer security, what attack is it vulnerable to?

A. Birthday

B. Packet sniffing

C. Replay

D. Social engineering

A

B. Packet sniffing

FTP is vulnerable to packet sniffing attacks. Birthday attacks focus on hashing. Replay attacks focus on encrypted authentication traffic. Social engineering attacks focus on people rather than technology.

49
Q

The best defense against spoofed network traffic is ___________.

A. An ingress filter

B. A switch

C. A web server

D. Kerberos

A

A. An ingress filter

The best defense against spoofed network traffic is an ingress filter. A switch is used to connect individual systems or subnets together. A web server is used to distribute web content. Kerberos is an authentication system. None of these other three items addresses spoofed network traffic.

50
Q

What cryptographic tool can be used to increase the difficulty of hashing and prevent password cracking from being as effective?

A. IV

B. XOR

C. Salt

D. Nonce

A

C. Salt

A salt is secret data added to input material prior to the hashing process. Salting hashes makes the process of attaching hashes much more complicated and computationally intensive. Salts are sometimes part of an authentication system, such as on Linux and many websites, but not on Windows. Authentication salts add additional characters to a password just before it is hashed. Salting passwords makes the act of password cracking more difficult for an attacker.

51
Q

A new wireless access point has been installed in your office. You wish to determine what areas of the office receive the strongest and weakest signals as well as whether the access point can be reached from outside of your office. This activity is known as what?

A. A site survey

B. Penetration testing

C. Risk assessment

D. Business continuity planning

A

A. A site survey

This activity is known as a site survey. Penetration testing uses cracking tools to test a security perimeter. Risk assessment evaluates the risks of a secured environment. Business continuity planning is used to support business operations when processes are threatened.

52
Q

The act of falsifying data is also known as ___________.

A. Impersonation

B. Spoofing

C. Social engineering

D. Replay

A

B. Spoofing

The act of falsifying data is also known as spoofing. Impersonation is the assumption of another user’s identity. Social engineering involves convincing someone to perform a restricted activity or reveal confidential information. Replay attacks occur when authentication traffic is captured and retransmitted.

53
Q

Which of the following is a common example of a host-based IDS that uses signature detection?

A. Firewall

B. Padded cell

C. Virus scanner

D. Penetration testing

A

C. Virus scanner

A virus scanner is a common example of a host-based IDS (intrusion detection system) that uses signature detection. Firewalls, padded cells, and penetration testing aren’t forms of IDS.

54
Q

By what means can a flaw in WPS be attacked in order for an unauthorized device to be able to connect into an otherwise secure wireless network?

A. Use a deauthorization flood

B. Operate an evil twin

C. Guess the activation PIN

D. Perform war chalking

A

C. Guess the activation PIN

WPS (WiFi Protected Setup) is a security standard for wireless networks. It was intended to simply the effort involved in adding new clients to a well-secured wireless network. It operates by auto-connecting the first new wireless client to seek the network once the administrator triggered the feature by pressing the WPS button on the base station. However, the standard also called for a code that could be sent to the base station remotely in order to trigger WPS negotiation without the need to be able to physically press the button on the base station. This led to a brute-force guessing attack that could enable a hacker to guess the WPS code in just hours, which in turned enabled the hacker to connect their own unauthorized system to the wireless network.

55
Q

Which of the following is more closely associated with client-side validation rather than server-side validation?

A. Protecting a system against input submitted by a malicious user

B. Filtering for known scriptable or malicious content (such as SQL commands or script calls)

C. Blocking meta-characters

D. Providing better response or feedback to the typical user

A

D. Providing better response or feedback to the typical user

Client-side validation is better suited for providing better response or feedback to the typical user. By contrast, server-side validation is better suited for protecting a system against input submitted by a malicious user, such as filtering for known scriptable or malicious content (such as SQL commands or script calls) and blocking meta-characters.

56
Q

Which of the following describes the operation performed by a file integrity check?

A. Encrypting the file with a symmetric key

B. Comparing the current hash of a file to the stored/previous hash of a file

C. Checking the file size and filename against a directory index

D. Using a private key to encrypt a hash of the file

A

B. Comparing the current hash of a file to the stored/previous hash of a file

File integrity checking is the activity of comparing the current hash of a file to the stored/previous hash of a file. The purpose is to detect whether the file has retained its integrity (the hashes match exactly) or it has been changed (the hashes do not match).

57
Q

Which of the following physical control mechanisms will serve to delay an intruder once their presence is detected?

A. Mantrap

B. Security cameras

C. Fencing

D. Guard dogs

A

A. Mantrap

A mantrap will delay an intruder once their presence is detected. Security cameras, fencing, and guard dogs aren’t guaranteed to delay an intruder to keep them from escaping.

58
Q

Which of the following is not a benefit of SFTP?

A. It is interoperable with other FTP solutions.

B. It provides logon credential protection.

C. It encrypts data traffic.

D. It uses SSH to provide security.

A

A. It is interoperable with other FTP solutions.

SFTP (Secure FTP) isn’t interoperable with other FTP solutions; only SFTP clients can interact with SFTP servers. SFTP provides logon credential protection, encrypts data traffic, and uses SSH (Secure Shell) to provide security.

59
Q

Which of the following is not a form of asymmetric cryptography?

A. RSA

B. Diffie-Hellman

C. Blowfish

D. ElGamal

A

C. Blowfish

Blowfish is symmetric. RSA (Rivest, Shamir, and Adleman), Diffie-Hellman, and ElGamal are asymmetric.

60
Q

What hacker technique can be used over a network connection to discover the identity of services active on a computer system?

A. Port scanning

B. Banner grabbing

C. Sniffing

D. ARP poisoning

A

B. Banner grabbing

Banner grabbing may reveal the identity of a service when used against an open port across a network connection. Port scanning is used to determine whether ports are open or closed. Sniffing is used to collect network traffic to reveal the contents of the headers and nonencrypted payloads. ARP (Address Resolution Protocol) poisoning is used to trick a switch into rerouting traffic.

61
Q

You attempt to visit Amazon.com but mistakenly type amazin.com. The website you see is an obvious rip-off of the valid online merchant. What is this situation called?

A. Watering hole attack

B. Typo squatting

C. Rainbow tables

D. Spear phishing

A

B. Typo squatting

Typo squatting, or URL hijacking, is a practice employed to capture traffic when a user mistypes the domain name or IP address of an intended resource. A squatter will predict URL typos and then register those domain names to direct traffic to their own site.

62
Q

When CHAP is used for authentication, how are the passwords transmitted from the client to the authentication server?

A. In hashed form

B. In clear text

C. As a ticket

D. Encrypted with AES

A

A. In hashed form

CHAP (Challenge Handshake Authentication Protocol) uses MD5 to hash passwords before transmission. PAP (Password Authentication Protocol) sends passwords in the clear. Kerberos uses tickets. AES (Advanced Encryption Standard) is an encryption algorithm that isn’t used by CHAP.

63
Q

Which of the following authentication actions is the strongest?

A. Three passwords consisting of 50 characters each

B. A password, a fingerprint, and a smartcard

C. Two biometrics and a token

D. A token, a handprint, and an iris scan

A

B. A password, a fingerprint, and a smartcard

Multifactor authentication, which uses different factors, is always stronger than using fewer different factors or multiples of one factor.

64
Q

What type of token device produces new time-derived passwords on a specific time interval that can be used only a single time when attempting to authenticate?

A. HOTP

B. HMAC

C. SAML

D. TOTP

A

D. TOTP

The two main types of token devices are TOTP and HOTP. Time-based one-time password (TOTP) tokens or synchronous dynamic password tokens are devices or applications that generate passwords at fixed time intervals, such as every 60 seconds. HMAC-based one-time password (HOTP) tokens or asynchronous dynamic password tokens are devices or applications that generate passwords not based on fixed time intervals but instead based on a nonrepeating one-way function, such as a hash or hash message authentication code (HMAC—a type of hash that uses a symmetric key in the hashing process) operation.

65
Q

The most commonly overlooked aspect of mobile phone eavesdropping is related to _________.

A. Wireless networking

B. Storage device encryption

C. Overhearing conversations

D. Screen locks

A

C. Overhearing conversations

The most commonly overlooked aspect of mobile phone eavesdropping is related to people in the vicinity overhearing conversations (at least one side of them). Organizations frequently consider and address issues of wireless networking, storage device encryption, and screen locks.

66
Q

What encryption system is used to protect SFTP?

A. SSH

B. TLS

C. IPSec

D. WPA-2

A

A. SSH

Secure FTP (SFTP) is a secured alternative to standard FTP. Standard FTP sends all data, including authentication traffic, in the clear. Thus, there is no confidentiality protection. SFTP encrypts both authentication and data traffic between the client and server by employing SSH to provide secure FTP communications.

67
Q

Cookies pose a risk to ___________.

A. Network infrastructure

B. Privacy

C. Physical security

D. Availability

A

B. Privacy

Cookies pose a risk to privacy. They don’t pose a risk to network infrastructure, physical security, or availability.

68
Q

Which of the following is a goal of NAC?

A. Reduce social engineering threats

B. Map internal private addresses to external public addresses

C. Distribute IP address configurations

D. Reduce zero-day attacks

A

D. Reduce zero-day attacks

The goals of Network Access Control (NAC) include preventing/reducing zero-day attacks, enforcing security policy throughout the network, and using identities to perform access control.

69
Q

Which type of Bluetooth attack allows an attacker to send messages to a target mobile device that may appear on the screen automatically?

A. Bluesnarfing

B. Bluesniffing

C. Bluesmacking

D. Bluejacking

A

D. Bluejacking

Bluejacking involves sending messages to Bluetooth-capable devices without the permission of the owner/user. These messages often appear on a device’s screen automatically.

70
Q

Which of the following technologies enables numerous internal clients to access the Internet over a few leased public IP addresses?

A. SSL

B. L2TP

C. SSH

D. NAT

A

D. NAT

NAT (network address translation) enables numerous internal clients to access the Internet over a few leased public IP addresses. SSL (Secure Sockets Layer) is a security solution often used on web servers. L2TP (Layer 2 Tunneling Protocol) is a VPN (virtual private network) protocol. SSH (Secure Shell) is a secure replacement for Telnet.

71
Q

What is the size of an SHA-1 hash output?

A. 160 bits

B. 128 bits

C. 192 bits

D. 56 bits

A

A. 160 bits

SHA-1’s hash output is 160 bits. MD5, MD4, and MD2 produce 128-bit hash output.

72
Q

Which of the following is not part of the CIA triad?

A. Confidentiality

B. Integrity

C. Availability

D. Authentication

A

D. Authentication

Authentication is not part of the CIA triad. The CIA triad consists of confidentiality, integrity, and availability.

73
Q

The basis of a reliable disaster recovery and business continuity plan is ___________.

A. User awareness

B. A warm alternate site

C. Backups

D. Redundant hardware

A

C. Backups

Backups form the basis of a reliable disaster recovery and business continuity plan. User awareness, warm alternate sites, and redundant hardware may improve DRP (disaster recovery planning) and BCP (business continuity planning), but they aren’t essential like backups.

74
Q

Kerberos is an example of which of the following security technologies?

A. Physical access control

B. Monitoring system

C. Single sign-on

D. Authentication factor

A

C. Single sign-on

Kerberos is an example of a single sign-on security technology. A mantrap is an example of a physical access control device. Auditing is an example of a monitoring system. A password is an example of an authentication factor.

75
Q

Hashing is used for what primary purpose?

A. Integrity verification

B. Digital envelopes

C. Data encryption

D. Authentication

A

A. Integrity verification

Hashing is used primarily for integrity verification. Digital envelopes are produced using asymmetric encryption, not hashing. Data encryption is performed using symmetric encryption or asymmetric encryption. Authentication can be provided for by symmetric encryption or asymmetric encryption.

76
Q

When will a certificate authority (CA) be likely to revoke a certificate?

A. When the subject profits from the use of the certificate

B. When the subject requests a suspension

C. When the subject obtains certificates from other CAs

D. When the subject changes its verified identity

A

D. When the subject changes its verified identity

A CA will revoke a certificate when the subject’s verified identity changes. The CA isn’t likely to revoke when the subject profits, at a request for a suspension, or when the subject obtains certificates from other CAs. There are other reasons why a CA may revoke a certificate than those included in this list, such as if the subject requests it.

77
Q

What is the measurement of the amount of data that can be lost during a disaster, as measured in time, which if that level is exceeded, the organization will be unable to return to normal operations?

A. RTO

B. MTD

C. RPO

D. MTTR

A

C. RPO

The recovery point objective (RPO) is a measurement of how much loss can be accepted by the organization when a disaster occurs. This acceptable loss is measured in time.

78
Q

Which access control system allows an administrator to choose the level of access to grant to users?

A. RBAC

B. MAC

C. TBAC

D. DAC

A

D. DAC

DAC (discretionary access control) is based on the discretion of a user (that is, the administrator). RBAC (role-based access control), MAC (media/mandatory access control), and TBAC (task-based access control) are based on rules: job descriptions, classifications, and work tasks, respectively.

79
Q

____________ are formal contracts (or at least written documents) that define some form of arrangements where two entities agree to work with each other in some capacity. This could be an agreement between a supplier and customer or between equals.

A. Service-level agreements

B. Business partners agreements

C. Interoperability agreements

D. Memorandum of understanding

A

C. Interoperability agreements

Interoperability agreements are formal contracts (or at least written documents) that define some form of arrangements where two entities agree to work with each other in some capacity. This could be an agreement between a supplier and customer or between equals. An SLA is a contract between a supplier and a customer. A BPA is a contract between two entities dictating their business relationship. An MOU is an expression of agreement or aligned intent, will, or purpose between two entities.

80
Q

SSH is considered a secure replacement for __________.

A. TFTP

B. VPN

C. SSL

D. Telnet

A

D. Telnet

SSH (Secure Shell) is considered a secure replacement for Telnet. SSH isn’t a replacement for TFTP (Trivial File Transfer Protocol). VPN (virtual private network) and SSL (Secure Sockets Layer) are already secure. Additionally, SSH can function as a VPN and can encrypt protocols similar to SSL/TLS. For example, FTP can be SSL/TLS encrypted to become FTPS or SSH encrypted to become SFTP. While SSH may be an alternative to VPNs and SSL, it is not a secure replacement as the typical VPN and SSL are already secured (with the standard caveat that nothing is perfectly secure and many secure concepts have flaws or known exploits).

81
Q

After checking into your hotel room, you attempt to connect to the Internet over the free WiFi network. You are prompted by a hotel logo screen to agree to terms of service and provide both your room number and your last name. Once you complete the request, you are able to access the Internet. What is this procedure known as?

A. Captive portal

B. Onboarding

C. DHCP reservation

D. Formal enrollment

A

A. Captive portal

A captive portal is an authentication technique that redirects a newly connected wireless web client to a portal access control page. The portal page may require the user to input payment information, provide logon credentials, or input an access code.

82
Q

What can birthday attacks focus on?

A. Asymmetric keys

B. Digital certificates

C. Hashing

D. Encrypted files

A

C. Hashing

Birthday attacks can focus on hashing. Mathematical and social engineering attacks focus on asymmetric keys and encrypted files. Intrusions to certificate authorities (CAs) may be used against digital certificates.

83
Q

What are the four elements in a secure staging deployment environment?

A. Authentication, authorization, auditing, and accounting

B. Development, test, staging, and production

C. Preventive, detective, deterrent, and corrective

D. Physical, logical, administrative, and operational

A

B. Development, test, staging, and production

The organization’s IT environment must be configured and segmented to properly implement staging. This often requires at least four main network divisions: development, test, staging, and production.

84
Q

What is the primary reason to maintain a password history?

A. Monitor account logins

B. Force complexity requirements compliance

C. Provide for legal investigations

D. Prevent password reuse

A

D. Prevent password reuse

Password history is an authentication protection feature that tracks previous passwords (by archiving hashes) in order to prevent password reuse.

85
Q

What is a significant difference between vulnerability scanners and penetration testing?

A. One tests both the infrastructure and personnel.

B. One tests only internal weaknesses.

C. One tests only for configuration errors.

D. One is used to find problems before hackers do.

A

A. One tests both the infrastructure and personnel.

The primary difference between vulnerability assessment and penetration testing is that penetration testing tests both the infrastructure and the personnel. Vulnerability assessment is performed by a security administrator using an automated tool that is designed solely to test the configuration of target systems.