C.2.2 CompTIA A+ 220-1102 (Core 2) Domain 2: Security

¡Supera tus tareas y exámenes ahora con Quizwiz!

Match each authentication protocol on the left with its unique characteristic on the right. (Each protocol may be used more than once). 1.) Sends a user's credentials over UDP 2.) Sends a user's credentials over TCP 3.) Is a key component of Windows Active Directory 4.) Provides a trusted Key Distribution Center (KDC) 5.) Only encrypts the password

1.) Remote Authentication Dial-In Service (RADIUS) 2.) Terminal Access Controller Access-Control System (TACACS+) 3.) Kerberos 4.) Kerberos 5.) Remote Authentication Dial-In Service (RADIUS) Explanation: The following are unique characteristics of the listed authentication protocols: Remote Authentication Dial-In Service (RADIUS): Sends a user's credentials over UDP. Only encrypts the password. Terminal Access Controller Access-Control System (TACACS+): Sends a user's credentials over TCP. Kerberos: Is a key component of Windows Active Directory. Provides a trusted Key Distribution Center (KDC).

Which of the following is an example of a soft token?

Authentication app Explanation: A soft token is any digital authentication key that is used to authenticate a user. Of these options, only the authentication app is a soft token, since an authentication app is a digital app on a phone or tablet. All the other options are examples of hard tokens, which are hardware devices that authenticate users.

A public library has purchased new laptop computers to replace their older desktop computers and is concerned that they are vulnerable to theft. Which of the following laptop features should they use to physically secure the new laptops?

Cable locks Explanation: Cable locks can be used to physically secure laptops in order to deter theft. Biometric authentication, a multi-factor password policy, or external encryption devices do not physically secure laptops.

Which of the following can be used to back up a company's certificate database?

Certificate Manager Explanation: Windows Certificate Manager can be used to back up a company's digital certificate database.

You want to set up a service on your company network that can be configured with a list of valid websites. The service should give employees a certificate warning if they try to visit a version of an untrusted site. Which of the following services is designed to provide this functionality?

DNS server Explanation: Internal DNS servers, such as one on your company network, can be configured with a list of valid sites. This means that you can allow or deny access to certain sites. The CA on the server will operate using the same authority as on a public site and will give the user a certificate warning if they try to visit their version of an untrusted site.

Ted, an employee in the sales department, has asked a coworker, Ann, to update the product descriptions contained in a sales document. Ann can open the file, but can't save her changes to it. Which of the following digital security methods is MOST likely preventing her from saving the file?

Directory permissions Explanation: Directory permissions can be set to allow or deny users or groups of users from reading, writing, updating, deleting, or executing files. In this scenario, Ann has Read permissions, but not Write permissions.

Employees in a small business have a habit of transferring files between computers using a USB flash drive. The employees often bring in these files from outside the company. Recently, a computer was infected with malware from a USB flash drive even though the employee did not access any files. Which of the following options would prevent this issue in the future?

Disable Autorun. Explanation: Disabling Autorun would prevent malware from installing even if a flash drive were attached.

Which of the following stores user accounts, groups, and their assigned rights and permissions?

Domain controller Explanation: A domain controller is a special server that stores user accounts, groups, and their rights and permissions. Domain accounts are stored in a central database called Active Directory.

A user has a file that contains sensitive data. Which of the following security technologies should he or she use to encrypt the single file?

EFS Explanation: Encrypting File Server (EFS) is a Windows feature that can encrypt a single file or multiple files and folders.

A user calls to report a problem. She is trying to install an application on her new Windows 11 system, but the installation will not proceed. Her user account is a member of the Users group. What is MOST likely causing the installation issue?

Her group membership does not allow her to install new software. Explanation: Members of the Users group are not allowed to make system-wide changes, such as installing new applications. Only users who are members of the Administrators group can install new applications.

Which of the following describes spyware?

It monitors the actions you take on your machine and sends the information back to the originating source. Explanation: Spyware monitors the actions you take on your machine and sends the information back to the originating source.

After an employee left the company, you discovered that they utilized whole disk encryption to encrypt their laptop hard drive. What do you need to do to access the hard drive contents?

Obtain a backup recovery key. Explanation: Most whole disk encryption solutions provide a backup recovery key that can unlock the drive if the original key is lost.

Which of the following must be set up before you can register a facial or fingerprint scan for your account?

Password Explanation: Windows Hello requires you to set up a PIN before you can register a facial or fingerprint scan for your account.

You manage the two folders listed below on your computer. C:\Confidential D:\PublicReports The C:\ drive is formatted with NTFS, and the D:\ drive is formatted with FAT32. On the C:\Confidential folder, you edit the properties for the following two files and assign the Deny Read permission to the Users group: Reports.doc Costs.doc You then take the following actions. You: Move Reports.doc from C:\Confidential to D:\PublicReports. Copy Costs.doc from C:\Confidential to D:\PublicReports. Which of the following BEST describes what happens to the permissions for both files as they are created in the D:\PublicReports folder?

Permissions are removed from both files. Explanation: Permissions will be removed from both files. Moving or copying files to a non-NTFS partition removes all permissions (FAT32 does not support NTFS permissions). Moving files to the same NTFS partition preserves the permissions. Copying files to another partition (NTFS or otherwise) removes existing permissions. Copied files on an NTFS partition inherit the permissions assigned to the drive or folder, and copied files on a non-NTFS partition do not inherit permissions because no permissions exist.

Jared receives an email relating that an account containing a large sum of money has been frozen by the government of a small African nation. Jared is offered a 25 percent share of this account if he will help the sender transfer it to a bank in the United States. Jared replies to the sender and is instructed to send his bank account number so that it can be used to facilitate the transfer. Jared sends the requested information, and then the sender uses the information to drain Jared's bank account. Which type of attack occurred?

Phishing Explanation: Jared was the victim of a phishing attack. This particular attack is sometimes referred to as a Nigerian 419 attack and is very common. Tailgating occurs when an unauthorized person follows an authorized person into a secure building or area. Eavesdropping refers to an unauthorized person listening to conversations of employees or other authorized personnel discussing sensitive topics. Vishing is a social engineering attack that takes place over the phone.

A technician assists Joe, an employee in the sales department who needs access to the client database, by granting him Administrator privileges. Later, Joe discovers that he has access to the salaries in the payroll database. Which of the following security practices was violated?

Principle of least privilege Explanation: The technician violated the principle of least privilege, which is the practice of limiting user access rights to be the bare minimum that a user needs to perform their work.

Computer configuration policies (also called machine policies) are enforced for the entire computer and are applied when the computer boots. Which of the following are computer configuration policies? (Select two).

Software that has been installed on the local system. Network communication security settings. Explanation: Computer configuration policies (also called machine policies) are enforced for the entire computer and are applied when the computer boots. Computer configuration policies include network communication security settings and software that has been installed on the local system. User configuration policies are enforced for specific users. User configuration policies include scripts that run at logon or logoff, browser favorites and security settings, software installed for specific users, and HKEY_CURRENT_USER Registry settings.

How many NTFS partitions does BitLocker require to operate?

Two Explanation: BitLocker requires two NTFS partitions to operate. It requires the system partition, which is not encrypted and is set to active. It also requires the operating system partition, which needs to be large enough for the operating system files. BitLocker cannot function with only one NTFS permission, but does not need more than two NTFS partitions to operate.

Which Windows component prompts the user for credentials or permissions to protect against unauthorized activities, such as an unintended software installation?

User Account Control (UAC) Explanation: User Account Control (UAC) prompts a user for credentials or permissions in an effort to minimize the dangers of unauthorized actions or unintended software installations.

Which of the following authentication methods allows you to securely connect a printer to the wireless network with the least amount of effort?

WPS Explanation: Wi-Fi Protected Setup (WPS) allows you to connect a device to the wireless network simply by pushing the button on the wireless access point. The connecting device then connects by using a WPS button or an 8-digit pin. WPS can only be used on a wireless network that is using a PSK and an appropriate encryption protocol.


Conjuntos de estudio relacionados

Anatomy Final Exam Review Mastering Chapters 1-9

View Set

Principles & Techniques of Counseling (Chp. 8)

View Set

2.11 Checks on the Judicial Branch

View Set