CompTIA Security+ Certification Exam SY0-601 Midterm 2
Which of the algorithms listed below does not fall into the category of asymmetric encryption? RSA GPG DSA AES DHE ECDHE PGP
AES
Which part of the IPsec protocol suite provides authentication and integrity? CRC AH SIEM AES
AH
Which of the physical security control types listed below provides isolation from external computer networks? Air gap Network segmentation Hardware firewall Protected cable distribution
Air gap
What are the characteristic features of Elliptic Curve Cryptography (ECC)? (Select 3 answers) Asymmetric encryption Low processing power requirements Suitable for small wireless devices High processing power requirements Symmetric encryption Not suitable for small wireless devices
Asymmetric encryption Low processing power requirements Suitable for small wireless devices
Which of the following power redundancy solutions would be best suited for providing long-term emergency power during an unexpected main power source outage? Dual-power supply Standby UPS Backup generator Managed PDU
Backup generator
Examples of key stretching algorithms include: (Select 2 answers) ROT13 Twofish Bcrypt DSA PBKDF2
Bcrypt PBKDF2
Which of the following provides physical security measure against laptop theft? Cable lock Trusted Platform Module (TPM) Geotracking LoJack for Laptops
Cable lock
Which of the following terms illustrate the security through obscurity concept? (Select all that apply) Code obfuscation Steganography SSID broadcast suppression Encryption
Code obfuscation Steganography SSID broadcast suppression
Restoring data from an incremental backup requires: (Select 2 answers) Copy of the last incremental backup All copies of differential backups made since the last full backup Copy of the last differential backup All copies of incremental backups made since the last full backup Copy of the last full backup
Copy of the last full backup
A network protocol providing an alternative solution to the manual allocation of IP addresses is called: DNS SNMP NAT DHCP
DHCP
A suite of security extensions for an Internet service that translates domain names into IP addresses is known as: EDNS DNSSEC Split DNS DDNS
DNSSEC
A suite of security extensions for an Internet service that translates domain names into IP addresses is known as: EDNS DNSSEC Split DNS DDNS
DNSSEC
Which of the following methods provides the most effective way for permanent removal of data stored on a magnetic drive? Standard format Overwriting data Degaussing Low-level format
Degaussing
Which of the following terms applies to the concept of non-repudiation? Security through obscurity Digital certificate MFA Hashing Encryption
Digital certificate
Which of the following would add power redundancy on a server box? Standby UPS Backup generator Managed PDU Dual-power supply
Dual-power supply
Which of the following block cipher modes is the simplest/weakest and therefore not recommended for use? CBC GCM ECB CTR
ECB
Which cryptographic solution would be best suited for low-power devices? ECC EFS SED FDE
ECC
Which part of IPsec provides authentication, integrity, and confidentiality? AES SHA AH ESP
ESP
POP3 is used for: Name resolution Sending email messages File exchange Email retrieval
Email retrieval
Which of the following terms applies to the concept of confidentiality? Hashing Encryption Security through obscurity MFA Digital certificate
Encryption
An asymmetric encryption key designed to be used only for a single session or transaction is known as: Static key Ephemeral key Asymmetric key Symmetric key
Ephemeral key
Which of the following protocols allow(s) for secure file transfer? (Select all that apply) FTPS TFTP FTP SFTP
FTPS SFTP
Examples of techniques used for encrypting information include symmetric encryption (also called public-key encryption) and asymmetric encryption (also called secret-key encryption, or session-key encryption.) True False
False
FTPS is an extension to the Secure Shell (SSH) protocol and runs by default on port number 22. True False
False
In a differential backup strategy, restoring data from backup requires only a working copy of the last full backup. True False
False
Secure File Transfer Protocol (SFTP) is an extension to the FTP protocol that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. True False
False
Symmetric encryption algorithms require large amounts of processing power for both encryption and decryption of data which makes them much slower in comparison to asymmetric encryption ciphers. True False
False
The lack of entropy in the process of generating cryptographic keys improves the security of cryptographic algorithms. True False
False
Which of the block cipher modes listed below provides both data integrity and confidentiality? CBC GCM ECB CTR
GCM
What is the name of a network protocol that secures web traffic via SSL/TLS encryption? SFTP HTTPS FTPS SNMP
HTTPS
Which of the protocols listed below enables remote access to another computer on the network via web browser? RDP HTTPS SSH VNC
HTTPS
Which of the following terms refers to an environmental control system? SCADA HIPS TEMPEST HVAC
HVAC
Which of the following terms applies to the concept of data integrity? MFA Digital certificate Hashing Security through obscurity Encryption
Hashing
What is the purpose of steganography? Checking data integrity Verifying hash values Hiding data within another piece of data Encrypting data
Hiding data within another piece of data
Which of the following enables processing data in an encrypted form? Diffusion Homomorphic encryption Obfuscation Hashing
Homomorphic encryption
Digital signatures provide: (Select 3 answers) Integrity Authentication Confidentiality Authorization Non-repudiation Accounting
Integrity Authentication Non-repudiation
Which of the following answers refer to the concept of non-persistence? (Select 3 answers) Last known-good configuration System image Live boot media Journaling Known state reversion
Last known-good configuration Live boot media Known state reversion
Which of the answers listed below refers to a type of removable storage media that contains a portable, non-persistent OS? Flash memory Primary storage Live boot media Hybrid drive
Live boot media
A network hardware or software solution designed for managing the optimal distribution of workloads across multiple computing resources is known as: Content filter Power Distribution Unit (PDU) Load balancer Domain controller
Load balancer
Which of the following terms applies to the authentication process? Digital certificate MFA Encryption Security through obscurity Hashing
MFA
Which of the following answers refer to an office equipment that combines the functionality of multiple devices? (Select 2 answers) MFD IoT MFP PED MFA
MFD MFP
Which of the following answers refers to a sequential-access backup media? Magnetic tapes Disk drives Optical discs Flash media
Magnetic tapes
Which of the following answers refers to a device designed to distribute (and monitor the quality of) electric power to multiple outlets? Power Supply Unit (PSU) Main Distribution Frame (MDF) Managed Power Distribution Unit (Managed PDU) Intermediate Distribution Frame (IDF)
Managed Power Distribution Unit (Managed PDU)
A dedicated storage appliance that can be added to a local network is known as: SDP NAS EDR SSD
NAS
The process of combining multiple physical network adapters into a single logical interface for increased throughput and redundancy is called: Device pairing Multipath I/O Route aggregation NIC teaming
NIC teaming
Which of the following is a secure implementation of a protocol used for synchronizing clocks over a computer network? NTPsec SNMPv3 SRTP IPsec
NTPsec
Which of the following answers refer to IMAP? (Select 2 answers) Offers improved functionality in comparison to POP3 Serves the same function as POP3 Enables sending email messages from client devices Offers less functions than POP3 Enables email exchange between mail servers
Offers improved functionality in comparison to POP3 Serves the same function as POP3
Which of the following answers refers to a solution designed to strengthen the security of session keys? ECB PFS EFS PFX
PFS
Protection provided by security personnel is an example of: Technical security control Physical security control Administrative security control Logical security control
Physical security control
Which of the following answers refer(s) to the characteristic feature(s) of Faraday cage? (Select all that apply) Physical security control type Provides protection against RFI Technical security control type Provides protection against EMI Administrative security control type
Physical security control type Provides protection against RFI Provides protection against EMI
According to predictions, the most future-proof cryptographic solution should be: Quantum cryptography Symmetric-key cryptography Post-quantum cryptography Asymmetric-key cryptography Public-key cryptography
Post-quantum cryptography
A type of contactless smart card that can be read at a close range from a reader device is commonly referred to as: MicroSD card Common Access Card (CAC) Proximity card Personal Identity Verification (PIV) card
Proximity card
What type of preventive physical access controls would provide a basic means for securing a door access? (Select 2 answers) Air gap Proximity card reader CCTV Industrial camouflage Smart card reader
Proximity card reader Smart card reader
An emerging field of advanced computing technologies based on the principles of physics is known as: DNA computing Edge computing Quantum computing Fog computing
Quantum computing
Which of the algorithms listed below does not belong to the category of symmetric ciphers? RC4 DES RSA AES Blowfish 3DES Twofish
RSA
A type of OS characterized by low delay between the execution of tasks required in specific applications, such as in military missile guidance systems or in automotive braking systems, is known as: UNIX Windows NT POSIX RTOS
RTOS
Examples of embedded systems include: (Select all that apply) Android OS Raspberry Pi iOS Arduino Field Programmable Gate Array (FPGA) Mainframe computer system
Raspberry Pi Arduino Field Programmable Gate Array (FPGA)
Hardware RAID Level 10 (a.k.a. RAID 1+0): (Select 3 answers) Requires a minimum of 4 drives to implement Is referred to as stripe of mirrors, i.e. a combination of RAID 1 (disk mirroring) and RAID 0 (disk striping) Requires a minimum of 5 drives to implement Offers increased performance and fault tolerance (failure of one drive in each mirrored pair of disk drives does not destroy the array) Requires a minimum of 3 drives to implement Continues to operate in case of failure of more than 2 drives
Requires a minimum of 4 drives to implement Is referred to as stripe of mirrors, i.e. a combination of RAID 1 (disk mirroring) and RAID 0 (disk striping Offers increased performance and fault tolerance (failure of one drive in each mirrored pair of disk drives does not destroy the array)
Hardware RAID Level 1: (Select 3 answers) Requires at least 2 drives to implement Is also known as disk striping Offers improved performance in comparison to RAID 0 Requires at least 3 drives to implement Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data) Is also referred to as disk mirroring
Requires at least 2 drives to implement Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data) Is also referred to as disk mirroring
Hardware RAID Level 5: (Select 2 answers) Requires at least 2 drives to implement Continues to operate in case of failure of more than 1 drive Requires at least 3 drives to implement Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives) Requires at least 4 drives to implement
Requires at least 3 drives to implement Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives)
Hardware RAID Level 6: (Select 2 answers) Requires at least 4 drives to implement Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the array and lost data can be re-created by the remaining drives) Requires at least 3 drives to implement Continues to operate in case of failure of more than 2 drives Requires at least 5 drives to implement
Requires at least 4 drives to implement Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the array and lost data can be re-created by the remaining drives)
A dedicated local network consisting of devices providing data access is called: SDN NAS iSCSI SAN
SAN
Which of the following answers refer to industrial and manufacturing control systems? (Select 2 answers) EDR CMS SCADA ICS CCTV
SCADA ICS
A network protocol for secure file transfer over Secure Shell (SSH) is called: TFTP SFTP Telnet FTPS
SFTP
Which of the answers listed below refers to a deprecated TLS-based method for securing SMTP? IMAPS STARTTLS POP3S SMTPS
SMTPS
Which version(s) of the SNMP protocol offer(s) authentication based on community strings sent in an unencrypted form? (Select all that apply) SNMPv1 SNMPv2 SNMPv3 SNMPv4
SNMPv1 SNMPv2
Which protocol enables secure, real-time delivery of audio and video over an IP network? S/MIME RTP SIP SRTP
SRTP
Which of the following answers refers to a non-proprietary cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services? RDP Telnet SSH RAS
SSH
Pseudo-random data added to a password before hashing is called: Shim Salt Seed IV
Salt
Which of the following answers refers to a type of additional input that increases password complexity and provides better protection against brute-force, dictionary, and rainbow table attacks? Seed IV Salt Shim
Salt
The capability of a hardware or software system to process increasing workload without decrease in performance is known as: Redundancy Multitasking Scalability Fault tolerance
Scalability
A lightly protected subnet (previously known as a DMZ) consisting of publicly available servers placed on the outside of the company's firewall is called: Honeynet Virtual Private Network (VPN) Extranet Screened subnet
Screened subnet
Which of the following answers refer(s) to POP3S encrypted communication? (Select all that apply) TCP port 993 Secure Sockets Layer (SSL) TCP port 995 Transport Layer Security (TLS) TCP port 110
Secure Sockets Layer (SSL) TCP port 995 Transport Layer Security (TLS)
What are the characteristic features of the secure version of IMAP? (Select all that apply) TCP port 143 Secure Sockets Layer (SSL) TCP port 993 Transport Layer Security (TLS) TCP port 995
Secure Sockets Layer (SSL) TCP port 993 Transport Layer Security (TLS)
LDAPS is an example of: Authentication protocol Secure directory access protocol Address resolution protocol File exchange protocol
Secure directory access protocol
Which of the following terms applies to the concept of obfuscation? Encryption Security through obscurity Hashing Digital certificate MFA
Security through obscurity
A type of encryption scheme where the same key is used to encrypt and decrypt data is referred to as: (Select 3 answers) Session-key encryption Public-key encryption Symmetric encryption Asymmetric encryption Secret-key encryption
Session-key encryption
Which of the following destruction tools/methods allow(s) for secure disposal of physical documents? (Select all that apply) Shredding Hard drive sanitization Burning Low-level formatting Degaussing
Shredding Burning
A file-based representation of the state of a virtual machine at a given point in time is called: Restore point Shadow copy Snapshot System image
Snapshot
What type of backups are commonly used with virtual machines? Incremental backups Snapshot backups Tape backups Differential backups
Snapshot backups
An integrated circuit combining components normally found in a standard computer system is referred to as: HSM TPM SoC BIOS
SoC
An exact copy of the entire state of a computer system is known as: System image Last known-good configuration Restore point Mirrored volume
System image
An IPsec mode providing encryption only for the payload (the data part of the packet) is known as: Protected mode Tunnel mode Transport mode Safe mode
Transport mode
In asymmetric encryption, any message encrypted with the use of a public key can only be decrypted by applying the same algorithm and a matching private key (and vice versa). True False
True
In cryptography, the number of bits in a key used by a cryptographic algorithm is referred to as a key size or key length. The key length determines the maximum number of combinations required to break the encryption algorithm, therefore typically a longer key means stronger cryptographic security. True False
True
In cryptography, the term "Key stretching" refers to a mechanism for extending the length of a cryptographic key to make it more secure against brute-force attacks. True False
True
Multipurpose Internet Mail Extensions (MIME) specification extends the email message format beyond simple text, enabling the transfer of graphics, audio, and video files over the Internet mail system. Secure MIME (S/MIME) is an enhanced version of the MIME protocol that enables email security features by providing encryption, authentication, message integrity, and other related services. True False
True
Of the three existing versions of the Simple Network Management Protocol (SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity). True False
True
One of the ways of confirming that a software application comes from a trusted source is the verification of its digital signature. A digitally signed software proves the identity of the developer and guarantees that the application code has not been tampered with since it was signed. The authenticity and integrity of the application's code can be verified by comparing results of a cryptographic hash function (original hash published by the application developer vs. hash obtained from a downloaded app). True False
True
Private Branch Exchange (PBX) is an internal telephone exchange or switching system implemented in a business or office. PBX allows for handling of internal communications without the use of paid Public Switched Telephone Network (PSTN) service, also known as Plain Old Telephone Service (POTS). A Voice over Internet Protocol (VoIP) PBX, which takes advantage of existing LAN cables, can further reduce costs by removing the need for separate telephone cabling infrastructure in a building or office. VoIP endpoints are specialized hardware devices or application programs that enable VoIP calls from computing devices. VoIP gateways are network devices that convert voice and fax calls, in real time, between an IP network and PSTN/POTS. True False
True
Setting up hot and cold aisles in a server room allows for more efficient management of air flow. True False
True
The term "Blockchain" refers to a decentralized digital ledger system (i.e. a specific type of a distributed database) stored across multiple computers in a P2P network. True False
True
The term "Mantrap" (a.k.a. access control vestibule) refers to a physical security access control system used to prevent unauthorized users from gaining access to restricted areas by following another person. An example mantrap could be a two-door entrance point connected to a guard station wherein a person entering mantrap from the outside remains locked inside until he/she provides authentication token required to unlock the inner door. True False
True
The term "Multipath I/O" refers to a framework that improves fault tolerance and performance by enabling additional, alternate routes for data that is being transferred to and from storage devices. True False
True
Unlike stream ciphers which process data by encrypting individual bits, block ciphers divide data into separate fragments and encrypt each fragment separately. True False
True
Which of the IPsec modes provides entire packet encryption? Tunnel Payload Transport Default
Tunnel
What is the name of a device that can provide short-term emergency power during an unexpected main power source outage? UPS PoE SVC PSU
UPS
Which of the following physical security controls can be implemented as DLP solution? USB data blocker Visitor logs CCTV Motion detection
USB data blocker
What are the characteristic features of a session key? (Select 2 answers) Used during a single session Asymmetric key Reused during multiple sessions Symmetric key
Used during a single session Symmetric key
Which of the answers listed below refers to an IoT technology designed to provide communication between appliances in a home automation network? Ant+ Zigbee NFC RFID
Zigbee
