Security+ Practice Test 5 Flashcards

1
Q

What is the best countermeasure against social engineering?

A

User education

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following violates the principle of least privilege?

A

Improperly configured accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An e-commerce store app running on an unpatched web server is an example of:

A

Vulnerable business process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The purpose of a downgrade attack is to make a computer system fall back to a weaker security mode which makes the system more vulnerable to attacks.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than it needs is called:

A

Memory leak

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it?

A

Integer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A situation in which an application writes to or reads from an area of memory that it is not supposed to access is referred to as:

A

Buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following terms describes an attempt to read a variable that stores a null value?

A

Pointer dereference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:

A

DLL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the terms listed below describes a type of attack that relies on executing a library of code?

A

DLL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In the IT industry, the term “System sprawl” is used to describe poor hardware resource utilization.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An effective asset management process provides countermeasures against:

A

System sprawl
Undocumented assets
Architecture and design weaknesses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Zero-day attack exploits:

A

Vulnerability that is present in already released software but unknown to the software developer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A software or hardware that checks information coming from the Internet and depending on the applied configuration settings either blocks it or allows it to pass through is called:

A

Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following applies to a request that doesn’t match the criteria defined in an ACL?

A

Implicit deny rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Stateless inspection is a firewall technology that keeps track of network connections and based on the collected data determines which network packets should be allowed through the firewall.

A

False

17
Q

Which of the answers listed below refers to a dedicated device for managing encrypted connections established over an untrusted network, such as the Internet?

A

VPN concentrator

18
Q

VPNs can be either remote-access (used for connecting networks) or site-to-site (used for connecting a computer to a network).

A

False

19
Q

Which of the IPsec modes provides entire packet encryption?

A

Tunnel

20
Q

An IPsec mode providing encryption only for the payload (the data part of the packet) is known as:

A

Transport mode

21
Q

Which part of the IPsec protocol suite provides authentication and integrity?

A

AH

22
Q

Which of the IPsec protocols provides authentication, integrity, and confidentiality?

A

ESP

23
Q

Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by allowing users simultaneously make use of both the VPN and public network links?

A

Split tunnel

24
Q

Examples of secure VPN tunneling protocols include:

A

IPsec

TLS

25
Q

The term “Always-on VPN” refers to a type of persistent VPN connection the starts automatically as soon as the computer detects a network link.

A

True