Comptia Final Exam
An attacker has used a rogue access point to intercept traffic passing between wireless clients and the wired network segment. What type of attack is this?
A Man-in-the-Middle (MitM) attack
How does a one-time password work?
A unique password is generated using an algorithm known to both a device (fob) and the authenticating server.
What is the main difference between virus and worm malware?
A virus has to infect a file whereas a worm propagates in memory and over computer networks.
What is a reputable source of management software and drivers for a particular system?
An OEM website
What is a Standard Operating Procedure (SOP)?
An inflexible, step-by-step listing of the actions that must be completed for any given task
What does AAA stand for and in which order are they typically performed?
Authentication, Authorization, Accounting
How might malware hosted on a website be able to infect your computer simply by your browsing the site?
By exploiting a vulnerability in software installed on your computer
How might spyware be able to steal a password?
By monitoring key strokes or stealing a password database
Your friend sent you an email link, which you have opened, and now the browser is asking whether you should install a plug-in to view all the content on the page. What should you do next?
Check whether your friend actually sent the link in good faith first
What security concern is snooping most affected by?
Confidentiality
Which of the following configuration changes does NOT reduce the attack surface?
Configuring data back-ups in case ransomware encrypts the file system
What class of data is a transport encryption protocol designed to protect?
Data in transit
What are the three main areas where redundancy should be provisioned?
Data, network links, and power
Which specific attack uses a botnet to threaten availability?
Distributed Denial of Service (DDoS)
What sort of account allows someone to access a computer without providing a user name or password?
Guest account
What type of cryptographic operation(s) are non-reversible?
Hashing
What are the four processes of an access control system?
Identification, authentication, authorization, and accounting
What system policy ensures that users do not receive rights unless granted explicitly?
Implicit deny
What impact is presented when users reveal their passwords to technical support staff?
It exposes users to social engineering attacks that try to gather login credentials for malicious use.
In considering availability concerns, what use might a lockable faceplate on a server-class computer be?
It may prevent the user from switching the machine on/off or accessing removable drives and ports.
Which non-discretionary access control type is based on the idea of security clearance levels?
Mandatory Access Control (MAC)
What type of control prevents a user from denying they performed an action?
Non-repudiation
Which of the following is NOT a method that a malicious person can use to masquerade as someone else when using email or Instant Messaging?
Overwhelm the server with a Denial of Service (DoS)
What is it called when antivirus software remediates a system by blocking access to an infected file but not actually deleting it.
Quarantining the file
Malware encrypts the user's documents folder and any attached removable disks then extorts the user for money to release the encryption key. What type of malware is being described?
Ransomware
Why is prioritization a critical task for disaster recovery?
Services may have dependencies that make restoring them in the wrong order futile.
What type of system allows a user to authenticate once to access multiple services?
Single Sign-On (SSO)
Why might a company ban use of the corporate network and desktop software for personal communications?
The company might be held responsible for inappropriate content posted by its employees.
What are the two main ways that spam might expose recipients to hazardous content?
Through malware-infected attachments and through links to malicious websites
What type of access mechanism is MOST vulnerable to a replay attack?
Use of a token generated by software
What is the main means by which anti-virus software identifies infected files?
Using definitions or signatures of known virus code
What technique makes password cracking fairly easy?
Using simple words or names as a password
What type of information would NOT be considered confidential and governed by classification and handling procedures?
Website information
