Security+ Flashcards

Question 1

Q

Change management is a set of processes that introduce visibility and governance and into the configuration management process.

Question 2

Q

PCI compliance requires that systems serving up credit card information be patched to mitigate exposures resulting from unknown security vulnerabilities.

Question 3

Q

SCADA

Answer

A

SCADA is an acronym for supervisory control and data acquisition, a computer system for gathering and analyzing real time data. SCADA systems are used to monitor and control a plant or equipment in industries such as telecommunications, water and waste control, energy, oil and gas refining and transportation.

Question 4

Q

Collision Resistance is a property such that given two different hash inputs they should not have equal distances.

Answer

A

False hash functions: a hash function H is collision resistant if it is hard to find two inputs that hash to the same output; that is, two inputs a and b such that H(a) = H(b), and a ≠ b. Every hash function with more inputs than outputs will necessarily have collisions.

Question 5

Q

NERC CIP

Answer

A

The NERC CIP (North American Electric Reliability Corporation critical infrastructure protection) plan is a set of requirements designed to secure the assets required for operating North America’s bulk electric system.

Question 6

Q

What is a rainbow table?

Answer

A

A rainbow table attack is a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in a database system. A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database.

Question 7

Q

Rule Based Access Control and Role Based Access Control are the same.

Question 8

Q

The “___ ____” is a full Bluetooth Pen Testing Suite

Answer

A

Blue Diving

Question 9

Q

When s-boxes are defined using pairs of characters they are referred to as diagrams.

Answer

A

True In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext — Shannon’s property of confusion.

Question 10

Q

“_________” data at rest and in motion can additionally enhance the security and confidentiality of data in Big Data systems such as Hadoop and NoSQL based platforms.

Answer

A

Encrypting

Question 11

Q

“_____ ________” are tools that are commonly used to check system security settings and patch levels.

Answer

A

Vulnerability Scanners

Question 12

Q

Name a best practice for controlling malware command and control callbacks from leaving your corporate network.

Answer

A

Deploy an authenticated forward proxy.

Question 13

Q

What is a benefit of placing a honeypot on the untrusted internet side of a company’s DMZ?

Answer

A

Does not utilize FW and IDS resources and if compromised does not create a launch point int the DMZ.

Question 14

Q

IDS

Answer

A

Intrusion Detections System

Question 15

Q

IPS

Answer

A

Intrusion Protection System

Question 16

Q

RSA cryptography strength is a function of ALL of the four key characteristics. 1. Primality. 2. Greatest common divisor. 3. Modular inverse computation 4. Modular powers.

Question 17

Q

Using a “___ ____” is a memory protection technique which a compiler encrypts pointers when stored in memory and decrypting them only when inserted into a CPU’s registers.

Answer

A

Point Guard

Question 18

Q

Encase is a popular paid forensics case management tool

Answer

A

True EnCase® Forensic is a powerful investigation platform that collects digital data, performs analysis, reports on findings and preserves them in a court validated, forensically sound format.

Question 19

Q

SAML assertions are secured through the use of digital certificates.

Answer

A

True Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). … SAML enables Single-Sign On (SSO), a term that means users can log in once, and those same credentials can be reused to log into other service providers

Question 20

Q

“___” filtering can help to ensure that only users with authorized MAC addresses can access a wireless access point.

Question 21

Q

The java runtime can allow untrusted “_____” to run in a sandboxed environment to limit its access to the rest of the system.

Question 22

Q

When filling out a CSR what is a CN?

Answer

A

The Common Name (AKA CN) represents the server name protected by the SSL certificate. The certificate is valid only if the request hostname matches the certificate common name. Most web browsers display a warning message when connecting to an address that does not match the common name in the certificate. A CSR or Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. … It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair.

Question 23

Q

“_____” protects DNS servers and clients from attacks such as DNS Spoofing and DNS Cache Poisoning

Answer

A

DNS-SEC DNSSEC strengthens authentication in DNS using digital signatures based on public key cryptography. With DNSSEC, it’s not DNS queries and responses themselves that are cryptographically signed, but rather DNS data itself is signed by the owner of the data.

Question 24

Q

OCTAVE is a suite of tools, processes and methods used for strategic security assessment and planning.

Question 25

Q

Three types of security control categories include Preventive, Corrective and Detective.

Question 26

Q

“_____” is the common replacement for Halon for fire suppression

Question 27

Q

Java programs themselves typically aren’t affected by buffer overflows because the java virtual machine manages register allocation but the JDK and/or JVM itself can be subject to buffer overflows.

Question 28

Q

The goals of Incident Response planning and execution are to limit damage, reduce recovery time and recovery costs.

Question 29

Q

Second Pre-image Resistance is also known as Strong Collision Avoidance.

Answer

A

False Strong And Weak Collision Resistance Are Not The Same Even though they seem similar, there is a subtle difference between strong and weak collision resistance. Weak collision resistance is bound to a particular input, whereas strong collision resistance applies to any two arbitrary inputs.

Question 30

Q

Tools such as rakes, tension wrenches and bump keys are used for what purpose?

Answer

A

Lock Picking

Question 31

Q

When the SSO is not initiated at the Service Provider is referred to as SP-Initiated SSO.

Answer

A

False Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a

Question 32

Q

Your company wants you to stand up a web server behind your corporate stateful firewall. What change do you need to make on the firewall to allow web users to communicate with the server?

Answer

A

Allow inbound from all IP addresses on tcp port 80

Question 33

Q

Making “_______” of log files is a technique that can make audit logs tamper-evident.

Question 34

Q

What is a smart tag attack?

Answer

A

NFC stands for Near Field Communication. Essentially, it’s a way for your phone to interact with something in close proximity. It operates within a radius of about 4 cm and provides a wireless connection between your device and another.

Question 35

Q

The Cloud Security alliance defines “__” cloud security domains as part of their cloud controls matrix.

Question 36

Q

OFB – a mode of block cipher operation where each block of plaintext is XOR’d with the current output block to be the plaintext block. The current output block is the encrypted version of the previous output block.

Answer

A

False The Output Feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location.

Question 37

Q

“____ ______” refers to techniques used to make a possibly weak key, typically a password or passphrase, more secure against a brute force attack by increasing the time it takes to test each possible key.

Answer

A

Key Stretching Others are: Distributed Polynomial Monomial

Question 38

Q

One benefit of Federation is that it keeps password management centralized to the Identity Provider.

Question 39

Q

“______” generation antivirus solutions utilize activity traps and antivirus signatures to catch and quarantine malware. This generation of malware is sometimes said to have HIPS functionality.

Question 40

Q

Active Directory groups are a valid example of RBAC use.

Answer

A

True Role Based Access Control for Active Directory (RBAC AD) enables IT admins to control what individual users can do within Secret Server.

Question 41

Q

What is a ‘salt’ used for when protecting password data?

Answer

A

In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase.

Question 42

Q

“____” can prevent malicious activities at the host layer.

Answer

A

HIPS A host-based intrusion prevention system (HIPS) is a system or a program employed to protect critical computer systems containing crucial data against viruses and other Internet malware. Starting from the network layer all the way up to the application layer, HIPS protects from known and unknown malicious attacks. HIDS Host Intrusion Detecdtions System

Question 43

Q

What is a bluebug attack?

Answer

A

BlueBugging is an attack in which an attacker exploits Bluetooth on a device to get unauthorized access to the device and manipulate the target device to compromise its security. … BlueBugging was first found by German researcher Martin Herfurt in 2004, and since then, it has affected many victims.

Question 44

Q

Which of the following two ways typically separate network hosts for security purposes? (Choose two.)

Answer

A

Logically Pyshically Correct Answer: Networks are typically separated for security purposes either physically, logically, or both. Physical separation involves separating network hosts by connecting them to different devices. Logical separation involves separating them through segmented IP subnetworks.

Question 45

Q

All of the following are characteristics of the RADIUS authentication protocol, EXCEPT:

Answer

A

Radius uses tcp 1812

Question 46

Q

Which of the following DES/AES encryption modes is considered the weakest?

Answer

A

Correct Answer: With ECB mode, a given piece of plaintext will always produce the same corresponding piece of ciphertext. This predicability makes it weak. Incorrect Answers: While CBC, OFB, and CTR mode go about the processes in different ways, these modes lack ECB’s predicability, adding strength to the underlying cryptosystem.

Question 47

Q

All of the following are supporting elements of authorization, except:

Answer

A

Correct Answer: Validating credentials is an important aspect of authentication, not authorization. incorrect Answers: All of these elements directly support authorization.

Question 48

Q

Which of the following is a protocol used to obtain the status of digital certificates in public keys?

Answer

A

Correct Answer: The Online Certificate Status Protocol (OCSP) is used to obtain the revocation status of digital certificates. It is used as an alternative to certificate revocation lists and enables clients to request and receive the electronic status of digital certificates automatically and in real-time. Incorrect Answers: Diffie-Hellman Exchange (DHE) is a key negotiation and agreement protocol used in public key cryptography. RSA is the de facto standard used to generate public and private key pairs in a PKI. Elliptic curve cryptography (ECC) is a public key cryptography protocol used on small mobile devices, due to its low power and computing requirements.

Question 49

Q

Which of the following is an example of a trusted OS?

Answer

A

Correct Answer: SELinux is the only example, from the answers given, of a trusted operating system. Incorrect Answers: These operating systems are not considered trusted operating systems, although they can be hardened to varying degrees.

Question 50

Q

Which of the following is a variant of a phishing attack, where a phishing e-mail is sent to a high-value target instead of on a mass scale to all employees?

Answer

A

Correct Answer: Whaling is a social engineering attack that targets people in high-value positions, such as senior executives. It is a form of a phishing attack. Incorrect Answers: Spear phishing involves targeting a particular type of user, regardless of rank in the organization, and basing the attack on more detailed, in-depth information in order to convince the target that the phishing e-mail is actually valid. Vishing is a form of phishing attack that takes place over Voice-over-IP (VoIP) telephone systems. Pharming is a form of DNS attack.

Question 51

Q

All of the following are valid methods to secure static hosts in an organization, except:

Answer

A

The organization should not depend solely upon the users to manage security and static devices, because these devices can be managed just as traditional hosts and network devices are. Incorrect Answers: These are all valid methods of securing static hosts in an organization.

Question 52

Q

Which of the following forms of authentication pass credentials in clear text and is not recommended for use?

Answer

A

Correct Answer: The Password Authentication Protocol (PAP) is an older authentication method that passes usernames and passwords in clear text. For this reason, it is no longer used. Incorrect Answers: CHAP, the Challenge Handshake Authentication Protocol, uses password hashes and challenge methods to authenticate to the system. Passwords are not passed in clear text with this protocol. MS-CHAP (Microsoft CHAP) is a Microsoft proprietary version of CHAP, native to Windows systems. The Extensible Authentication Protocol (EAP) is a modern authentication framework that can use various authentication methods. It also does not pass username and password information in clear text.

Question 53

Q

All of the following are methods that can be used to detect unauthorized (rogue) hosts connected to the network, except:

Answer

A

Correct Answers: MAC addresses can be spoofed, so examining MAC address on filtering logs may not provide any indication of whether a host is authorized or not. Incorrect Answers: All of these are valid methods of detecting rogue hosts that connect to the network.

Question 54

Q

Which of the following statements best defines the recovery point objective (RPO)?

Answer

A

Explanation Correct Answers: The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident. Incorrect Answers: The RPO is the maximum amount of data, not the minimum, that can be lost during a disaster or an incident. RPO refers to data that can be lost, not time itself. RPO is measured in time, not gigabytes.

Question 55

Q

What size WEP key did the original IEEE 802.11b specification use?

Answer

A

Correct Anwer: WEP key sizes are 64-bits (40-bit key and 24-bit initialization vector) or 128-bit (104-bit key and 24-bit initialization vector). The 802.11b standard called for a 64-bit key. Incorrect Answers: Neither 512-bit nor 256-bit are valid WEP key sizes. The original 802.11b standard called for a 64-bit key; the 128-bit key was developed after this standard was issued.

Question 56

Q

Which of the following methods of strengthening weak keys involves taking a weak initial key and feeding it to an algorithm that produces an enhanced key, which is much stronger?

Answer

A

orrect Answer: Key stretching is a technique used to change weak keys into stronger ones by feeding them into an algorithm to produce enhanced keys. Incorrect Answers: Key streaming involves sending individual characters of the key through an algorithm and using mathematical XOR function to change the output. Key repetition is not a valid answer or term. Key exchange involves generating and exchanging a asymmetric key used for a particular communications session, or exchanging public keys in order to use them for public key cryptography.

Question 57

Q

You are trying to determine the appropriate level of high availability for a server. The server must be available on a constant basis, and downtime in a given year cannot exceed 1 hour. It normally takes you about 45 minutes to bring down and restart the server for maintenance. Which of the following reflects the level of availability you require?

Answer

A

Correct Answers 99.99 percent availability accounts for 52 minutes of downtime per year. Incorrect Answers: 99.999 percent availability allows only 5.26 minutes of downtime per year, which may not be enough if the server requires almost an hour of maintenance time. 99.9 percent availability equates to more than 8 hours of downtime per year and exceeds the stated requirement. 99 percent availability is more than 3 days of downtime per year, far exceeding the requirement for no more than 1 hour of downtime.

Question 58

Q

Which of the following is the simplest form of disaster recovery exercise?

Answer

A

Correct Answer: The documentation review is the simplest form of test. In this type of test, the business continuity plan, disaster recovery plan, and associated documents are reviewed by relevant personnel including managers, recovery team members, and anyone else who may have responsibilities directly affecting plans. Incorrect Answers: A tabletop exercise is a type of group review. In a full-scale test, all personnel are usually involved and may actually conduct activities as they would during a real incident. This type of test is more complex and normally requires extensive resources, such as people and equipment, so it is typically conducted infrequently. In a walkthrough test, team members go through the motions of fulfilling the responsibilities and conducting the activities required during an incident or disaster.

Question 59

Q

Which of the following algorithms won the U.S. government?sponsored competition to become the Advanced Encryption Standard (AES)?

Answer

A

Correct Answer: Rijindael was selected as the winner of the NIST competition and became the U.S. government?s Advanced Encryption Standard (AES). Incorrect Answers: Twofish, another symmetric algorithm, was one of the five finalists for the competition, but it did not win. Blowfish is also symmetric algorithm, but was not considered in the competition to be the AES. RC4 is a symmetric streaming cipher commonly seen in WEP and SSL implementations. It was not one of the finalists involved in the AES competition.

Question 60

Q

You have a server that is used for Domain Name System (DNS) queries. You find that it has several open ports, and you intend to close all of the unnecessary ports on the server. The server is listening on ports 22, 25, 53, and 80. Which port must be left open to continue to use DNS functionality?

Answer

A

Correct Answers: DNS uses TCP and UDP port 53, so this port should be left open. Incorrect Answers: All other unnecessary ports should be closed. Port 22 is used by SSH. Port 25 is used by SMTP. Port 80 is used by HTTP.

Question 61

Q

Which of the following technologies allows devices to communicate with each other at very close range through radio signals by using a special chip implanted in the device, and may be vulnerable to eavesdropping and man-in-the-middle attacks?

Answer

A

Correct Answer: Near-field communication is enables devices to send very low-power radio signals to each other by using a special chip implanted in the device. This technology requires that the devices be extremely close or even touching each other. This technology is used for a wide variety of applications, including payments through NFC-enabled smartphones. Incorrect Answers: Neither 802.11 wireless nor Bluetooth technologies are used in this manner. Infrared does not use radio frequency technology; it enables communications between devices using a beam of light.

Question 62

Q

What is the second step in the incident response life cycle?

Answer

A

Correct Answer: Detection and analysis is the second step of the incident response life cycle. Incorrect Answers: In order, the steps of the incident response life cycle are preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity.

Question 63

Q

What is the biggest difference between EAP-TLS and EAP-TTLS?

Answer

A

EAP-TLS needs server and client certifcates; EAP-TTLS only needs server certifcates. Incorrect Answers: The EAP standard does not define the use of signed or unsigned certificates, although most implementations require signed certificates.

Question 64

Q

A virtual LAN (VLAN) offers which of the following advantages for network security? (Choose two.)

Answer

A

Correct Answers: VLANs offer the security advantage of logically segmenting hosts, and they allow different segments to receive different security policies. Incorrect Answers: VLANs reduce the size of broadcast domains, not create them but this, in an of itself, does not improve network security. VLANs use logical segmentation, not physical segmentation.

Answer 50

A

Correct Answer: Sandboxing separates applications from one another and does not allow them to share execution, user, or data space. Incorrect Answers: Whitelisting enables an administrator to determine which applications and other software the user is allowed to install and execute. Containerization is a technique used to separate different sensitivities of data, such as corporate and personal data on a mobile device. Blacklisting is a method that enables administrators to restrict users from installing and executing certain applications.

Answer 51

A

Correct Answers: Both dig and nslookup are designed to query DNS servers. Incorrect Answers: One might argue that Nmap and ping might be used to diagnose DNS, but neither of them are specifically for DNS queries. Kali is a Linux distro, not a utility.

Answer 52

A

Correct Answers: Probability and impact values are evaluated and assessed during a risk assessment. Incorrect Answers: Threats and vulnerabilities do not have defined values.

Answer 53

A

Correct Answer: Password length and the use of additional character space are two important characteristics of password strength and complexity. Incorrect Answers: Neither authentication methods nor encryption strength directly affects password strength.

Answer 54

A

Explanation Correct Answer: A false reject rate (FRR) is the error caused from rejecting an authorized user; it is also called a Type I error. Incorrect Answer: A false acceptance rate (FAR) is the error caused when an unauthorized user is validated as authorized, also referred to as a Type II error.

Answer 55

A

Correct Answer: The Lightweight Directory Application Protocol (LDAP) uses TCP port 389. Incorrect Answers: SQL is a query language for directories. HTTPS is the secure HTTP protocol for Web pages. TLS is an authentication/encryption protocol.

Answer 56

A

Correct Answer: WEP is a legacy wireless encryption protocol that has been determined to be very weak and easily broken. It uses the RC4 streaming protocol and weak initialization vectors (24-bit) to encrypt data on wireless networks. Incorrect Answers: WPA2 is an advanced encryption protocol that uses AES. WPA was an interim protocol used to correct some of WEP’s weaknesses. It uses the TKIP protocol. 802.1X is a port-based authentication method, not a wireless encryption protocol.

Answer 57

A

Correct Answer: Notifying and coordinating with senior management and law enforcement officials is normally the job of a senior leader within the incident response team. Incorrect Answers: The primary job of a first responder is to secure the scene. They are also responsible for notifying the incident response team and initially determining the scope, seriousness, and impact of the incident.

Answer 58

A

Correct Answer: The risk likelihood and impact should directly determine how much you budget for controls to prevent the occurrence of risk. Incorrect Answers: Asset identification does not require analysis of cost. Risk likelihood and impact are more accurate than threat of natural disaster and qualitative costs in determining how much a solution will actually cost.

Answer 59

A

Correct Answer: Halon is a dangerous chemical that was previously used in data centers to suppress fires. However, it was banned in 1987 because it is also dangerous to human beings. Incorrect Answers: Water is still used to combat certain classes of fires. Carbon dioxide is used to combat both liquid and electrical fires. FM-200 has generally replaced Halon in data center fire suppression systems.

Answer 60

A

Correct Answer: A deterrent control keeps someone from performing a malicious act, provided that he or she knows the control is there and is aware of the consequences for violating it. Incorrect Answers: The difference between a deterrent control and a preventive control is that it is necessary for a potential attacker to have knowledge of the deterrent control for it to be effective. Users do not have to have knowledge of a preventative control for it to function. A corrective control is used to correct a condition when there is either no control at all, or when the existing control is ineffective. Normally, a corrective control is temporary until a more permanent solution is put into place. A compensating control assists and mitigates the risk when an existing control is unable to do so.

Answer 61

A

Correct Answer: IMAPS (secure IMAP) is a secure version of the IMAP4 protocol used over SSL or TLS connections to provide for client e-mail security. Incorrect Answers: SMTP is a server-side e-mail protocol and is not used over SSL or TLS. SMTP uses TCP port 25. POP3 is a non-secure client-side e-mail protocol that uses TCP port 110. IMAP4 is a non-secure client-side e-mail protocol that uses TCP port 143.

Answer 62

A

Correct Answer: Elliptic Curve Diffie-Hellman (ECDH) is a key exchange protocol used in public key cryptography. It is used to negotiate, agree upon, and establish a secure session between two parties. Incorrect Answers: RSA (Rivest-Shamir-Adleman) is the most common public-private key generation algorithm used in public key cryptography. It is used to generate a public and private key pair. AES is the Advanced Encryption Standard, and it is not used in public key cryptography; it is a symmetric key cryptography algorithm. SHA-2 is the second iteration of the Secure Hashing Algorithm and is used to generate message digests for plaintext. It is not used in public key cryptography to exchange keys or establish secure sessions.

Answer 63

A

Correct Answer: The mean time to failure (MTTF) is the length of time a device is expected to last in operation. In MTTF, only a single, definitive failure will occur and will require that the device be replaced rather than repaired. Incorrect Answer: Mean time between failures (MTBF) represents the manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component. This assumes that more than one failure will occur, which means that the component will be repaired, rather than replaced. Mean time to recovery (MTTR) is the amount of time it takes for a hardware component to recover from failure. Mean time to replace is not a valid term.

Answer 64

A

L2TP aligns to TCP port 1701, allowing secure remote access to a system through a VPN connection. Incorrect Answer: UDP port 53 aligns to the Domain Name Service (DNS), UDP port 123 is used by Network Time Protocol (NTP) services, and TCP port 443 is used by HTTP over SSL

Answer 65

A

Correct Answer: Pretty good privacy, or PGP, is commonly used between individuals or small groups of people, and it normally does not require a public key infrastructure. It uses a web of trust model, which means that each individual has to be able to trust every other individual who uses PGP to encrypt and decrypt data sent and received by them. Incorrect Answers: RSA is the de-facto key generation protocol used in public key cryptography, and it is normally used in a public key infrastructure type of environment. Diffie-Hellman Exchange (DHE) is a key negotiation and agreement protocol that is used to exchange keys and establish a secure communications session. AES is a symmetric key protocol not used in public key cryptography.

Answer 66

A

Correct Answer: Kerberos is an authentication protocol used in Windows Active Directory. It uses a series of tickets and timestamps to authenticate individuals and prevent replay attacks. Incorrect Answers: MS-CHAP is a Microsoft version of the Challenge Handshake Authentication Protocol, used in earlier versions of Windows. It uses challenges and password hashes to authenticate individuals. EAP, the Extensible Authentication Protocol, is an authentication framework that can use several other protocols for secure access across both wired and wireless networks. SESAME (Secure European System for Applications in a Multivendor Environment) is a European-developed authentication protocol that can provide for single sign-on capability. It is not widely used and does not use tickets for authentication.

Answer 67

A

Correct Answer: FTPS is a secure version of the non-secure FTP protocol and is used over SSL or TLS connections to ensure security when transferring files to or from an Internet-based host. Incorrect Answers: FTP is a non-secure protocol used to copy files to and from Internet-based hosts. SCP is a secure copy protocol used to copy files securely to and from a networked host, and it uses SSH. SFTP is a secure file transfer protocol used to copy files to and from an Internet-based host, and it also uses SSH.

Answer 68

A

Correct Answers: Both Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols are used to encrypt traffic sent over untrusted networks, such as the Internet. Incorrect Answers: Both use TCP port 443.SCP is part of the SSH protocol suite and is used to copy files securely from one host to another. SSH is a protocol used to connect to and administer hosts remotely. Both SCP and SSH use TCP port 22. UDP uses UDP port 69 and is totally unsecure.

Answer 69

A

Correct Answer: To encrypt information that Dawn can decrypt, using public and private key pairs, Bobby would need Dawn’s public key to encrypt data that only her private key can decrypt. Incorrect Answers: Encrypting with Bobby’s public key would allow only Bobby’s private key to decrypt the data, and only he would possess that. Bobby would not possess Dawn’s private key to encrypt data to her, and then only her public key, which everyone would have, would be able to decrypt it, so there would be no confidentiality involved. Bobby would not use his private key to encrypt data, because only his public key can decrypt it, and everyone could have that key, so no confidentiality would be assured.

Answer 70

A

Correct Answer: A refactored driver will work correctly, but might also perform other, malicious actions. Incorrect Answers: Man-in-the-middle might be a result of the refactor, but is not the threat itself. Version control refers to formally tracking different versions of the baseline configuration. Shimming is a library that responds to inputs that the original device driver isn?t designed to handle and would require a separate file.

Answer 71

A

Correct Answer: The IV size for TKIP is 48-bit. Incorrect Answers: The only valid IV size for TKIP is 48-bit.

Answer 72

A

DES uses 16 rounds of encryption. Incorrect Answers: DES does not use 32,64, or 128 rounds of encryption or decryption processes.

Answer 73

A

Correct Answer: Hashes are produced from one-way mathematical functions and cannot be decrypted. Incorrect Answers: All of these are characteristics of hashing.

Answer 74

A

Correct Answer: In the security requirements stage, requirements for different security functions are determined. Iterations of interviews and surveys might be developed and gathered and diagrams developed to show project milestones. Incorrect Answers: During the secure testing phase of the secure software development model, software is measured or tested against security, functional, and performance requirements. This may include secure code review, application fuzzing, and vulnerability assessments, as well as penetration testing. In the secure design stage, different security functionality is designed into the application. During the secure implementation of software, security requirements are validated as implemented in the application.

Answer 75

A

Correct Answer: Telecoms use Interconnection Service Agreements. Incorrect Answers: Government entities use MOUs because contracts are not the primary method of agreements between entities of the same government but they do not use Interconnection Service Agreements because they don’t run or manage Internet or Telecom traffic..

Answer 76

A

Correct Answer: Vishing (a combination of the terms voice and phishing) refers to social engineering attacks that make use of VoIP systems to spoof phone numbers, hide caller IDs, and so forth, to obtain personal or account information from unsuspecting users. Incorrect Answers: Phishing involves the use of e-mail targeted to users with a malicious web site link embedded in the e-mail. Whaling involves specifically targeting senior-level executives of an organization for social engineering attacks. VoIP hijacking is a nonexistent term in this context.

Answer 77

A

Correct Answer: The business impact analysis (BIA) is a critical first step in developing the business continuity plan (BCP). It involves determining what risks are present and their effects on the business and its assets. Incorrect Answers: The BCP is the overall and final product that the BIA contributes to. The BIA must be completed as one of the first steps, as it essentially is the risk assessment for the BCP. The disaster recovery plan (DRP) concerns itself with recovering the assets and operations of the business immediately following a disaster. A system backup plan is but one element of the DRP and may or may not be one of the first things accomplished for that plan.

Answer 78

A

Password sharing typically will be in the acceptable use policy (AUP), as a directive to users about what they can and cannot do. Incorrect Answers: Password history, aging, and complexity will all typically be found in a password policy, as technical elements that describe how passwords should be constructed, implemented, and managed by administrators.

Answer 79

A

IKE uses UDP port 500. Incorrect Answers: Port 443 is used by SSL, 22 is used by SSH, and 8080 does not fall into the range of well-known ports (0?1023) but is frequently used by proxy servers and other security devices.

Answer 80

A

Correct Answer: Microsoft CHAP (MS-CHAP) uses Microsoft Point-to-Point Encryption (MPPE) protocol to encrypt all traffic from the client to the server. Incorrect Answers: Neither EAP nor Kerberos uses MPPE. CHAP is the nonproprietary version and uses MD5 as its hashing algorithm.

Answer 81

A

Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography during certain phases of authentication.[1] Kerberos uses UDP port 88 by default.

Answer 82

A

WEP (Wired Equivalent Privacy) uses a faulty implementation of the RC4 protocol, in addition to weak initialization vectors, making it an unsecure wireless protocol and as a result should never be used. Incorrect Answers: None of these other protocols use RC4.

Answer 83

A

RC4 is a stream symmetric cipher. It operates by creating long keystream sequences and adding them to data bytes. RC4 encrypts data by adding it XOR byte by byte, one after the other, to keystream bytes. The whole RC4 algorithm is based on creating keystream bytes.

Answer 84

A

The certificate revocation list (CRL) is used to identify invalid certificates. Incorrect Answers: A CAL is a client access license. PKS is a cryptographic file standard, and a CA is a certificate authority, which issues certificates.

Answer 85

A

is a secure host outside the network.

Answer 86

A

is used to detect attacks and attempt to prevent them by rerouting traffic, blocking ports, etc.

Answer 87

A

full disk encryption

Answer 88

A

A crossover error is a reference to biometric authentication factors.

Answer 89

A

an area between two locked doors from which the second door cannot be opened until the first door is locked, is designed to allow only one person at a time to enter a facility, effectively preventing tailgating.

Answer 90

A

Separation of duties and least privilege are two security principles designed to prevent collusion and elevated privileges, respectively.

Answer 91

A

involves preventing a user from denying that he or she performed an action.

Answer 92

A

typically involves passwords, not applications.

Answer 93

A

Network access control (NAC) can be used to prevent hosts from connecting to the network unless they meet certain security requirements, such as patch level, up-to-date antivirus signatures, and so forth.

Answer 94

A

by not doing anything to cause harm when the failure occurs.

Answer 95

A

device responds by making sure the device is using a secure state when a failure occurs.

Answer 96

A

enables attackers to inject client-side scripts into web pages viewed by others.

Answer 97

A

A buffer overflow takes advantage of programming flaws that occur when data overwrites a program?s allocated memory address and enables arbitrary code to be executed in that address.

Answer 98

A

Correct Answer: A minimum password age requires that users must wait a certain amount of time before they are allowed to change passwords. Incorrect Answers: A maximum password age setting requires that users must change passwords after a certain amount of time. Passwords are typically good only for a certain amount of time, not through a certain date. Passwords typically cannot be reused until a certain number of password changes have occurred, preventing the use of the last specified number of passwords.

Answer 99

A

Bluebugging, the most serious of the various Bluetooth attacks, involves an attacker attempting to take control of or use a Bluetooth-enabled cell phone to place calls. Incorrect Answers: Bluejacking is the act of sending unsolicited messages or files to a Bluetooth device. Bluesnarfing is a more serious attack than Bluejacking and involves unauthorized access to information on a Bluetooth-enabled device. Bluesniffing is a false, nonexistent term.

Answer 100

A

A Faraday cage can be used to shield devices from sending or receiving electronic signals. Incorrect Answers: A protocol analyzer is used to capture and view network traffic. A spectrum analyzer is used for site surveys when designing wireless networks. A signal reducer is not a device used in this context.

Answer 101

A

the Reverse Address Resolution Protocol, resolves MAC addresses to IP addresses’ the exact opposite of ARP.

Answer 102

A

is a remote access authentication technology.

Answer 103

A

TACACS encrypts all information between the client and server, whereas RADIUS only encrypts the passwords.

Answer 104

A

is used to encrypt a message for him. Bob would then decrypt the message with his private key.

Answer 105

A

used to decrypt, not encrypt, the message in this scenario.

Answer 106

A

risk that has been reduced to a lower level.

Answer 107

A

is what risk the management authority chooses to accept with or without

Answer 108

A

or hash, can be used to verify the integrity of a message by comparing the original hash to one generated after receipt of the message. If the two match, then integrity is assured. If they do not match, then the message was altered between transmission and receipt.

Answer 109

A

contain public keys that are distributed to users.

Answer 110

A

are not used to provide for integrity, but confidentiality.

Answer 111

A

is a symmetric algorithm that replaces DES.

Answer 112

A

is an asymmetric algorithm used in public key cryptography.

Answer 113

A

AES and 3DES are considered encryption standards and use symmetric algorithms. Incorrect Answers: SHA and MD5 are hashing algorithms, and RSA is an asymmetric algorithm.

Answer 114

A

AES and 3DES

Answer 115

A

SHA and MD5

Answer 116

A

Correct Answer: The use of a smartcard and PIN involves the use of two factors: something you have and something you know. Incorrect Answers: All of the other answers involve the use of only one factor: something you are or something you know, but not used together.

Answer 117

A

SHA-1 (secure hashing algorithm) generates a 160-bit hash. Incorrect Answers; MD5 is a hashing algorithm that generates a 128-bit hash, which is weaker than SHA-1. 3DES and AES-256 are symmetric encryption algorithms, not hashing algorithms

Answer 118

A

When users connect to the wireless network, management wants them to receive a message asking them to agree to the terms of use before being granted wireless network access. What network service could be used to perform this goal?

Answer 119

A

orrect Answer: The private key, when used for nonrepudiation, is used to encrypt text that anyone who possesses the public key can decrypt. This assures that only the person owning the private key could have encrypted it, ensuring that he or she is the one who performed the action. Incorrect Answers: Used in this scenario, this does not guarantee confidentiality, but it does provide for nonrepudiation. Symmetric keys and hashes do not provide for nonrepudiation, because they cannot be used to guarantee who sent a message or performed an action. Public keys can be in the possession of anyone and are used in this case to verify that the private key was used to encrypt the text for nonrepudiation.

Answer 120

A

Correct Answer: The maximum tolerable downtime (MTD) indicates how long an asset may be down or offline without seriously impacting the organization. Incorrect Answers: The mean time between failures is an estimate of how long a piece of equipment will perform before failure. The recovery point objective and recovery time objective refer to how much data may be lost during a failure or disaster and the maximum amount of time it must take to recover the system or data, respectively, before the organization is seriously impacted.

Answer 121

A

A smurf attack is a type of ICMP attack where large amounts of ping packets are sent from a spoofed IP address on the network to the network broadcast address, causing many replies back to the victim and possibly bringing about a denial of service. A smurf attack is an example of a DDoS attack.

Answer 122

A

SMTP uses port 25, not port 110. Port 110 is used by POP3 to receive e-mail messages.

Answer 123

A

Correct Answer: Even when using NAT, firewalls and security devices are required on a network boundary. Incorrect Answers: All of these are advantages to using NAT.

Answer 124

A

Correct Answer: Insurance is a method of risk transference where the organization pays a premium for the insurance company to assume the risk. If a disaster or event occurs, the organization is paid for its losses. Incorrect Answers: Separation of duties transfers key duties to another individual but does not transfer the risk away from the organization. A service-level agreement between two parties specifies levels of service and support, but the organization still maintains risk. An alternate site is used to transfer operations from a primary site in the event of a disaster, but the risk is still borne by the organization.

Answer 125

A

Correct Answer: Remote drive or disk wiping is used to ensure data protection and confidentiality on a mobile device in the event it is lost or stolen. Incorrect Answers: Remote destruction and remote encryption are invalid terms in this context. Remote access enables a remote user to authenticate to and access an organization’s private network.

Answer 126

A

Correct Answer: A Trusted Platform Module (TPM) is a hardware device, usually in the form of an embedded chip, that performs cryptographic functions, such as encrypting an entire hard drive. Incorrect Answers: None of these are valid choices to describe a Trusted Platform Module.

Answer 127

A

Correct Answer: A certificate revocation list (CRL) contains a list of all invalid or revoked certificates. Incorrect Answers: A certificate denial list and certificate invalidation list are false choices and do not exist. A certificate authority is responsible for issuing certificates.

Answer 128

A

Correct Answer: IPSec provides encryption services for L2TP when used in a VPN implementation. Incorrect Answers: None of these protocols use IPSec for encryption services.

Answer 129

A

requires both sides of a communications session to authenticate to each other.

Answer 130

A

In order to view network traffic, it must be sniffed or captured using a protocol analyzer (sometimes called a sniffer). Incorrect Answers: These devices cannot be used to capture and view network traf

Answer 131

A

53 TCP/UDP

Answer 132

A

88 TCP/UDP

Answer 133

A

135 TCP/UDP

Answer 134

A

137,138,139 TCP

Answer 135

A

162 TCP/UDP

Answer 136

A

389 TCP/UDP

Answer 137

A

465/587 TCP

Answer 138

A

636 TCP/UDP

Answer 139

A

989/990 TCP

Answer 140

A

1645, accounting 1646 UDP - stamdard 1812/1813

Answer 141

A

1723 TCP/UDP

Answer 142

A

3225 TCP/UDP

Answer 143

A

3389 TCP/UDP

Brainscape's Knowledge GenomeTM

Security+ Flashcards

Brainscape's Knowledge Genome^TM