Security+ Practice Test 5

Question 1

What is the best countermeasure against social engineering?

Answer 1

User education

Question 2

Which of the following violates the principle of least privilege?

Answer 2

Improperly configured accounts

Question 3

An e-commerce store app running on an unpatched web server is an example of:

Answer 3

Vulnerable business process

Question 4

The purpose of a downgrade attack is to make a computer system fall back to a weaker security mode which makes the system more vulnerable to attacks.

Answer 4

True

Question 5

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than it needs is called:

Answer 5

Memory leak

Question 6

Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it?

Answer 6

Integer overflow

Question 7

A situation in which an application writes to or reads from an area of memory that it is not supposed to access is referred to as:

Answer 7

Buffer overflow

Question 8

Which of the following terms describes an attempt to read a variable that stores a null value?

Answer 8

Pointer dereference

Question 9

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:

Answer 9

DLL

Question 10

Which of the terms listed below describes a type of attack that relies on executing a library of code?

Answer 10

DLL injection

Question 11

In the IT industry, the term “System sprawl” is used to describe poor hardware resource utilization.

Answer 11

True

Question 12

An effective asset management process provides countermeasures against:

Answer 12

System sprawl
Undocumented assets
Architecture and design weaknesses

Question 13

Zero-day attack exploits:

Answer 13

Vulnerability that is present in already released software but unknown to the software developer

Question 14

A software or hardware that checks information coming from the Internet and depending on the applied configuration settings either blocks it or allows it to pass through is called:

Answer 14

Firewall

Question 15

Which of the following applies to a request that doesn’t match the criteria defined in an ACL?

Answer 15

Implicit deny rule

Question 16

Stateless inspection is a firewall technology that keeps track of network connections and based on the collected data determines which network packets should be allowed through the firewall.

Answer 16

False

Question 17

Which of the answers listed below refers to a dedicated device for managing encrypted connections established over an untrusted network, such as the Internet?

Answer 17

VPN concentrator

Question 18

VPNs can be either remote-access (used for connecting networks) or site-to-site (used for connecting a computer to a network).

Answer 18

False

Question 19

Which of the IPsec modes provides entire packet encryption?

Answer 19

Tunnel

Question 20

An IPsec mode providing encryption only for the payload (the data part of the packet) is known as:

Answer 20

Transport mode

Question 21

Which part of the IPsec protocol suite provides authentication and integrity?

Answer 21

AH

Question 22

Which of the IPsec protocols provides authentication, integrity, and confidentiality?

Answer 22

ESP

Question 23

Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by allowing users simultaneously make use of both the VPN and public network links?

Answer 23

Split tunnel

Question 24

Examples of secure VPN tunneling protocols include:

Answer 24

IPsec

TLS

Question 25

The term “Always-on VPN” refers to a type of persistent VPN connection the starts automatically as soon as the computer detects a network link.

Answer 25

True