SEC+ Revision Questions Introduction to Security Termonology

Question 1

Your company issues smartphones to employees for business use. Corporate policy dictates that all data stored on smartphones must be encrypted. To which fundamental security concept does this apply?

A. Confidentiality
B. Integrity
C. Availability
D. Accountability

Answer 1

Confidentiality

Question 2

You are the network administrator for your company. Your manager has asked you to evaluate cloud backup solutions for remote branch offices. To which fundamental security concept does this apply?

A. Confidentiality
B. Integrity
C. Availability
D. Accountability

Answer 2

Availability

Question 3

Your company requires all desktop computers to run a malware detection program twice daily. You configure your network so that only the specific digital version of the executable program that you specify is allowed to run. To which fundamental security concept does this apply?

A. Confidentiality
B. Integrity
C. Availability
D. Accountability

Answer 3

Integrity

Question 4

You store personal documents and spreadsheets with a cloud provider. You would like your data to be available only to people having a special unlock key. What should you apply to your documents and spreadsheets?
A. File permissions
B. File hashing
C. File backup
D. File encryption

Answer 4

File encryption

Question 5

You would like to send a confidential message to a family member through e-mail, but you have no way of encrypting the message. What alternative method would allow you to achieve your goal?
A. PKI
B. File hashing
C. Steganography
D. File permissions

Answer 5

Steganography

Question 6

A corporate security policy emphasizes data confidentiality, and you must configure computing devices accordingly. What should you do? (Choose two.)

A. Install smartcard readers so users can identify themselves before sending important e-mail messages.

B. Enforce SD card encryption on smartphones issued to employees.

C. Configure a server failover cluster to ensure sensitive documents are always available.

D. Set file and folder permissions to control user file access.

Answer 6

Enforce SD card encryption on smartphones issued to employees

Set file and folder permissions to control user file access

Question 7

Michel, an IT security expert, grants permissions to folders on a file server to allow Marketing users to modify Marketing documents. Which information security goal has been satisfied?

A. Confidentiality
B. Integrity
C. Availability
D. Safety

Answer 7

Confidentiality

Question 8

You need to implement a solution that ensures data stored on a USB removable drive has not been tampered with. What should you implement?

A. File encryption
B. Steganography
C. File backup
D. File hashing

Answer 8

File hashing

Question 9

Ana must send an important e-mail message to Glen, the director of Human Resources (HR). Corporate policy states that messages to HR must be digitally signed. Which of the following statements is correct?

A. Ana’s public key is used to create the digital signature.
B. Ana’s public key is used to verify the digital signature.
C. Glen’s private key is used to create the digital signature.
D. Glen’s private key is used to verify the digital signature.

Answer 9

Ana’s public key is used to verify the digital signature.

Question 10

John is issuing a digital certificate for Carolyn’s computer. What can the certificate be used for? (Choose two.)

A. Setting permissions on sensitive files
B. Encrypting sensitive files
C. Verifying the computer’s identity to secure servers
D. Sending encrypted e-mail messages

Answer 10

Encrypting sensitive files
Verifying the computer’s identity to secure servers

Question 11

Every month, Gene downloads and tests the latest software patches before applying them to production smart phones. To which security goal does this example apply?

A. Confidentiality
B. Integrity
C. Availability
D. Safety

Answer 11

Availability

Question 12

You are evaluating public cloud-based e-mail hosting solutions. All vendors state that multiple servers are always running to ensure available mailboxes. What is this an example of?

A. Clustering
B. Steganography
C. Digital mailbox signatures
D. Mailbox duplicity

Answer 12

Clustering

Question 13

Your network allows only trusted scripts to run on managed devices. You write a script that must run on all managed devices. What must you do? Place the following correct steps in proper order. (Choose three.)

A. Obtain a trusted digital certificate and install it on your computer.
B. Export the private key from your digital certificate to all managed devices.
C. Create the script.
D. Digitally sign the script.

Answer 13

Obtain a trusted digital certificate and install it on your computer.
Create the script.
Digitally sign the script.

Question 14

Which of the following is depicted in Figure 2-1?

A. Authentication
B. Authorization
C. Nonrepudiation
D. Identification

Answer 14

Identification

Question 15

You are the server administrator for your company. You are configuring disk storage as shown in Figure 2-2. To which of the following security controls does your disk configuration apply?

A. Nonrepudiation
B. Clustering
C. Fault tolerance
D. Hashing

Answer 15

Fault tolerance

Question 16

17. You would like to track the modification of sensitive trade secret files. What should you implement?

A. Auditing
B. Encryption
C. File hashing
D. Disk mirroring

Answer 16

Auditing

Question 17

18. Which party determines how data labels are assigned?

A. Custodian
B. Owner
C. Server administrator
D. Human Resources department

Answer 17

Owner

Question 18

Which of the following organizes the appropriate identification methods from least secure to most secure?

A. Smartcard, retinal scan, password
B. Retinal scan, password, smartcard
C. Username and password, smartcard, retinal scan
D. ACL, username and password, retinal scan

Answer 18

Username and password, smartcard, retinal scan

Question 19

You are explaining how the corporate file auditing policy will work to a new IT employee. Place the following items in the correct order: C ,B ,A , and D .

A. A user opens a file, modifies the contents, and then saves the file.
B. A server validates a correct username and password combination.
C. A user provides a username and password at a logon screen.
D. The file activity generated by the user is logged.

Answer 19

A user provides a username and password at a logon screen.
A server validates a correct username and password combination.
A user opens a file, modifies the contents, and then saves the file.
The file activity generated by the user is logged.

(c, b, a, d)

Question 20

Your manager has asked you to implement a solution that will prevent users from viewing inappropriate websites. Which solution should you employ?

A. Router ACLs
B. Web site permissions
C. Proxy server
D. Digital certificates

Answer 20

Proxy server

Question 21

Trinity uses her building access card to enter a work facility after hours. She has access to only the second floor. What is this an example of?

A. Authorization
B. Authentication
C. Accountability
D. Confidentiality

Answer 21

Authorization

Question 22

Sean is capturing Wi-Fi network traffic using a packet analyzer and is able to read the contents of network transmissions. What can be done to keep network transmissions private?

A. Install digital certificates on each transmitting device.
B. Set a strong administrator password for the Wi-Fi router.
C. Use smartcard authentication.
D. Encrypt the Wi-Fi traffic.

Answer 22

Encrypt the Wi-Fi traffic.

Question 23

Which security mechanisms can be used for the purpose of nonrepudiation? (Choose two.)
A. Encryption
B. Clustering
C. Auditing
D. Digital signatures

Answer 23

Auditing
Digital signatures

Question 24

You are the network administrator for a pharmaceutical firm. Last month, the company hired a third party to conduct a security audit. From the audit findings, you learn that customers’ confidential medical data is not properly secured. Which security concept has been ignored in this case?

A. Due diligence
B. Due care
C. Due process
D. Separation of duties

Answer 24

Due care

Question 25

Which of the following are the best examples of the Custodian security role? (Choose three.)

A. Human Resources department employee
B. Server backup operator
C. CEO
D. Law enforcement employee responsible for signing out evidence
E. Sales executive

Answer 25

Human Resources department employee
Server backup operator
Law enforcement employee responsible for signing out evidence

Question 26

Franco, an accountant, accesses a shared network folder containing travel expense documents to which he has read and write access. What is this an example of?

A. Privilege escalation
B. Due care
C. Authorization
D. Authentication

Answer 26

Authorization

Question 27

A large corporation requires new employees to present a driver’s license and passport to a security officer before receiving a company-issued laptop. Which security principle does this map to?
A. Authorization
B. Confidentiality
C. Identification
D. Custodian

Answer 27

Identification

Question 28

Choose the best example of authentication from the following:

A. Each morning a network administrator visits various websites looking for the newest Windows Server vulnerabilities.

B. Before two systems communicate with one another across a network, they exchange PKI certificates to ensure they share a common ancestor.

C. A file server has two power supplies in case one fails.

D. An application has some unintended behavior that could allow a malicious user to write to the Windows registry.

Answer 28

Before two systems communicate with one another across a network, they exchange PKI certificates to ensure they share a common ancestor.

Question 29

Raylee is the new network administrator for a legal firm. She studies the existing file server folder structures and permissions and quickly realizes the previous administrator did not properly secure legal documents in these folders. She sets the appropriate file and folder permissions to ensure only the appropriate users can access the data, based on corporate policy. What security role has Raylee undertaken?

A. Custodian
B. Data owner
C. User
D. Power user

Answer 29

Custodian

Question 30

From the following list, which best describes authentication?
A. Logging in to a TFTP server with a username and password
B. Using a username, password, and token card to connect to the corporate VPN
C. Checking corporate webmail on a secured website at http://owa.acme.com after supplying credentials
D. Copying files from a server to a USB flash drive

Answer 30

Using a username, password, and token card to connect to the corporate VPN

Question 31

While experimenting with various server network configurations, you discover an unknown weakness in the server operating system that could allow a remote attacker to connect to the server with administrative privileges. What have you discovered?

A. Exploit
B. Bug
C. Vulnerability
D. Denial of service

Answer 31

Vulnerability

Question 32

Sean is a security consultant and has been hired to perform a network penetration test against his client’s network. Sean’s role is best described as:

A. White-hat hacker
B. Black-hat hacker
C. Gray-hat hacker
D. Purple-hat hacker

Answer 32

White-hat hacker

Question 33

Which of the following are classified as availability solutions? (Choose two.)

A. Auditing
B. RAID
C. File server backups
D. Smartcard authentication

Answer 33

RAID
File server backups

Question 34

You are reviewing document security on your private cloud document server. You notice employees in the Sales department have been given full permissions to all project documents. Sales personnel should have only read permissions to all project documents. Which security principle has been violated?

A. Separation of duties
B. Least privilege
C. Job rotation
D. Integrity

Answer 34

Least privilege