Missed Final Exam Questions - Security+
D) NAT Network Address Translation (NAT) is an IP protocol designed to translate private IP addresses to public and back. A Virtual Local Area Network (VLAN) is virtual segment of the network. The De-Militarized Zone (DMZ) is a zone that creates a buffer between an internal network and the internet. Wide Area Network (WAN) generally refers to a network of computers, which are physically distant from each other.
A firewall is configured to replace all internal IP address with a public IP when traffic is sent outbound. What protocol is used to accomplish this? A) VLAN B) DMZ C) WAN D) NAT
D) DEP Data execution prevention (DEP) keeps services and applications from running code from a non-executable memory region. Patch management tools verify and apply the latest patches to systems to ensure that known vulnerabilities are remediated. Host-based Intrusion Prevention Systems (HIPS) goes beyond HIDS to protect the she system from attacks. Application whitelisting restricts software to a predetermined list.
A group policy has been implemented to prevent software from running code from non-executable regions of the memory. What technical control is being pushed to the network? A) HIPS B) Application whitelisting C) Patch management tools D) DEP
C) DEP Data execution prevention (DEP) keeps services and applications from running code from a non-executable memory region. Patch management tools verify and apply the latest patches to systems to ensure that known vulnerabilities are remediated. Host-based Intrusion Prevention Systems (HIPS) goes beyond HIDS to protect the she system from attacks. Application whitelisting restricts software to a predetermined
A group policy has been implemented to prevent software from running code from non-executable regions of the memory. What technical control is being pushed to the network? A) HIPS B) Application whitelisting C) DEP D) Patch management tools
C) Black Box Black Box penetration tests do not provide any information regarding the environment they will be attacking. White Box penetration testing allows the attackers to have full knowledge of the environment. Black Hat attackers are malicious in nature. Gray Box penetration testing provides some knowledge of the network environment but not all data.
A pen-test team has been hired to penetration test a network without any knowledge of its inner workings. What type of penetration test is this? A) White Box B) Black Hat C) Black Box D) Gray Box
A) Gray Box Gray Box penetration testing provides some knowledge of the network environment but not all data. White Box penetration testing allows the attackers to have full knowledge of the environment. Black Box penetration tests do not provide any information regarding the environment they will be attacking. White Hat attackers are security professionals performing ethical hacking.
A pen-test team has been provided basic information regarding the environment they have been contracted to attack. What type of penetration test will this be? A) Gray Box B) White Hat C) Black Box D) White Box
A) Passive Reconnaissance Passive Reconnaissance gathers data without engaging target computer systems. Active Reconnaissance occurs when an attacker actually engages with the target computer to gather vulnerability information. Persistence or Advanced Persistent Threats (APTs) are generally from nation states conducting long term attacks. Escalation of privilege occurs when an attacker is able to escalate the rights and permissions of the user account that is compromised.
A pen-test team is driving around a corporate campus mapping wireless networks and access points. What type of attack is currently happening?
C) Passive Reconnaissance Passive Reconnaissance gathers data without engaging target computer systems. Active Reconnaissance occurs when an attacker actually engages with the target computer to gather vulnerability information. Persistence or Advanced Persistent Threats (APTs) are generally from nation states conducting long term attacks. Escalation of privilege occurs when an attacker is able to escalate the rights and permissions of the user account that is compromised.
A pen-test team is driving around a corporate campus mapping wireless networks and access points. What type of attack is currently happening? A) Escalation of privilege B) Active Reconnaissance C) Passive Reconnaissance D) Persistence
A) Data Exfiltration Data Exfiltration is the transfer of data outside the network which has not been authorized. Data Loss Prevention (DLP) mechanisms help prevent data leakage. Payment Card Industry Data Security Standard (PCI DSS) is an industry compliance control for businesses that handle credit card transactions. Social Engineering attacks attempt to trick users into performing an action or giving up information.
An attacker was able to breach a system contains credit card information and has begun transferring the data through a covert channel to an external server. What best describes what is occurring? A) Data Exfiltration B) Data Loss Prevention C) Social Engineering D) PCI-DSS
C) Injection Injection attacks use code inserted into a form field to gain information or access to a system. Cross-site scripting (XSS) attacks use embedded HTML or JavaScript in web sites or emails to capture use information. Amplification attacks are a form of DDoS attack that use public DNS servers to flood target servers with DNS response traffic. Cross-site request forgery (XSRF) tricks users by using HTML links crafted to perform actions without the user knowing.
An attacker was able to gain administrator level access to the back end of a website by entering the command below into a website form field. What type of attack took place? _x000D_SELECT * FROM members WHERE username = 'admin'--' AND password = 'password'_x000D_ A) Amplification B) Cross-site request forgery C) Injection D) Cross-site scripting
B) Injection Injection attacks use code inserted into a form field to gain information or access to a system. Cross-site scripting (XSS) attacks use embedded HTML or JavaScript in web sites or emails to capture use information. Amplification attacks are a form of DDoS attack that use public DNS servers to flood target servers with DNS response traffic. Cross-site request forgery (XSRF) tricks users by using HTML links crafted to perform actions without the user knowing.
An attacker was able to gain administrator level access to the back end of a website by entering the command below into a website form field. What type of attack took place? _x000D_SELECT * FROM members WHERE username = 'admin'--' AND password = 'password'_x000D_ A) Cross-site request forgery B) Injection C) Cross-site scripting D) Amplification
A) Manmade A war zone would be manmade threat. Environmental threats would include natural disasters such as an earthquake or tsunami. External threats are outside parties interested in attacking an organization. Internal threats come from within the business such as a disgruntled employee.
An international organization has offices in what is now a war zone. What type of threat assessment would this have covered? A) Manmade B) External C) Environmental D) Internal
D) MTTR Mean Time To Recover (MTTR) is the average time it takes to recover and restore a system which has failed. Recovery Time Objective (RTO) is the maximum acceptable time before the restoration of a system after an outage. Mean Time Between Failures (MTBF) is a the average time before a system may fail which provides a measure of reliability. Recovery Point Objective (RPO) is a point in time where data loss becomes acceptable.
An organization has determined that a specific business system needs to be restored or repaired within 1 week of an outage. What benchmark would stipulate this in the maintenance contract? A) MTBF B) RTO C) RPO D) MTTR
D) MTTR Mean Time To Recover (MTTR) is the average time it takes to recover and restore a system which has failed. Recovery Time Objective (RTO) is the maximum acceptable time before the restoration of a system after an outage. Mean Time Between Failures (MTBF) is a the average time before a system may fail which provides a measure of reliability. Recovery Point Objective (RPO) is a point in time where data loss becomes acceptable.
An organization has determined that a specific business system needs to be restored or repaired within 1 week of an outage. What benchmark would stipulate this in the maintenance contract? A) RTO B) MTBF C) RPO D) MTTR
C) Provide documentation It is important to always provide documentation of any changes, updates, or patches to the system.
Change management defines the process and accounting structure for handling modifications and upgrades. Which of the following is one of the goals associated with change management? A) Authorize data sharing B) schedule data backups C) Provide documentation D) Handle privacy considerations
A) Integrity Error and exception handling help protect the integrity of an operating system to make sure nothing can be input or changed that is not authorized or supposed to be changed.
Error and exception handling help protect the _________ of an operating system as well as controlling errors shown to users. A) Integrity B) Confidentiality C) Availability D) Accountability
C) Egress Filtering Egress Filtering filters from the inside out. It filters everything originating inside the organization that is being sent outside of the organization. Ingress Filtering filters everything originating from outside of the organization coming inside the organization.
In order to combat the amount of spam originating from inside your organization, what type of filtering can you do? A) Reverse DNS filtering B) Hybrid filtering C) Egress Filtering D) Statistical Content filtering
D) Datalink Datalink layer is responsible for sending data to the correct or specific device with the unique identifier of the MAC address.
MAC filtering would occur on which layer of the OSI model? A) Network B) Physical C) Presentation D) Datalink
D) DoS A Denial-of-Service (DoS) attack is an attack from a single source that takes down a specific target. A Distributed Denial-of-Service (DDoS) attack uses multiple sources to bring down a single target. Man-in-the-middle (MITM) attacks intercept traffic between sender and receivers and can inject malicious code. Buffer Overflow attacks occur when applications receive incorrect or too much input which create errors exposing system memory.
The DNS for a web server was hacked and all traffic was redirected to a sinkhole. The web site is now unusable. What type of attack does this best describe? A) DDoS B) Man-In-The-Middle C) Buffer Overflow D) DoS
C) technical Least privilege is a technical control. It specifies that individuals or processes are granted only those rights and permissions needed to perform their assigned tasks or functions.
The principle of least privilege can be best categorized as what type of control? A) operational B) compensating C) technical D) administrative
C) File Server A DMZ can host any internet facing server. Generally, organizations would not want to have their file servers as Internet facing servers. All the other types of servers are connected to the Internet.
Three of the following are common servers you would expect to find configured in the DMZ. Which of the following is not? A) DNS Server B) Web Server C) File Server D) Mail Server
D) RSA RSA is a method of key exchange, using the recipient's public key to encrypt the message, where only his private key may decrypt the message.
Two connected systems are using a cipher suite that is coded TLS_RSA_WITH_AES_128_CBC_SHA256. From this information, what ensures authentication of the sender and recipients? A) SHA256 B) AES C) TLS D) RSA
C) Application Web security gateways are UTM appliances and work on the application layer primarily as a content filter for web browsers and email.
Web Security gateways sit on which layer of the OSI model? A) Datalink B) Physical C) Application D) Transport
A) EAP Extensible Authentication Protocol (EAP) provides a framework for separate systems to create secure connection keys to encrypt network traffic between them. Temporal Key Integrity Protocol (TKIP) improved the security of WEP but still has vulnerabilities and has been deprecated. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is based on AES and is used to manage WPA2 keys. Wi-Fi Protected Access II (WPA2) permanently replaced WEP and WPA and contains many security improvements.
What authentication framework provides a method for systems to create a Pairwise Master Key (PMK) to encrypt traffic? A) EAP B) CCMP C) TKIP D) WPA2
A) OpenID Connect OpenID Connect is an authentication layer on top of OAuth 2.0 which verifies the identity of end-users by an authorization server. NT LAN Manager (NTLM) is an upgrade to LANMAN which uses an MD4 hash for user's passwords but is also backward compatible to LANMAN. Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is an improved CHAP protocol for Microsoft clients. Security Assertion Markup Language (SAML) is used for SSO on web browsers and is based on XML.
What authentication layer can be added to OAuth 2.0 to verify the identity of end-users? A) OpenID Connect B) NTLM C) MS-CHAP D) SAML
D) RTO Recovery Time Objective (RTO) is the maximum acceptable time before the restoration of a system after an outage. Recovery Point Objective (RPO) is a point in time where data loss becomes acceptable. Mean Time Between Failures (MTBF) is a the average time before a system may fail which provides a measure of reliability. Mean Time To Recover (MTTR) is the average time it takes to recover and restore a system that has failed.
What best defines the maximum amount of time it can take to restore a system after an outage? A) MTBF B) MTTR C) RPO D) RTO
B) The point in time where data loss becomes acceptable. Recovery Point Objective (RPO) is a point in time where data loss becomes acceptable. Mean Time To Recover (MTTR) is the average time it takes to recover and restore a system which has failed. Recovery Time Objective (RTO) is the maximum acceptable time before the restoration of a system after an outage. Mean Time Between Failures (MTBF) is a the average time before a system may fail which provides a measure of reliability.
What best describes what a Recovery Point Objective (RPO) details? A) The average time before a system may fail. B) The point in time where data loss becomes acceptable. C) The maximum acceptable time before the restoration of a system. D) The average time it takes to recover and restore a system.
D) PIA A Privacy Impact Assessment (PIA) is used to identify privacy risks as well as mitigate them. Recovery Point Objective (RPO) is a point in time where data loss becomes acceptable. A Privacy Threshold Analysis (PTA) determines if a program has privacy implications and what compliance it will require. A Business Impact Analysis (BIA) collects information in order to identify core business requirements to identify business critical systems.
What decision tool would be used to identify what PII is being collected and how it's being used? A) PTA B) BIA C) RPO D) PIA
B) PIA A Privacy Impact Assessment (PIA) is used to identify privacy risks as well as mitigate them. Recovery Point Objective (RPO) is a point in time where data loss becomes acceptable. A Privacy Threshold Analysis (PTA) determines if a program has privacy implications and what compliance it will require. A Business Impact Analysis (BIA) collects information in order to identify core business requirements to identify business critical systems.
What decision tool would be used to identify what PII is being collected and how it's being used? A) RPO B) PIA C) PTA D) BIA
A) Vulnerability scanning identifies weaknesses and penetration testing exploits them. Vulnerability scanning identifies weaknesses in a network such as open ports and unpatched systems and penetration testing exploits them. Vulnerability scanning can be active or passive while penetration testing is always active.
What is the primary difference between penetration testing and vulnerability scanning? A) Vulnerability scanning identifies weaknesses and penetration testing exploits them. B) Vulnerability scanning is active and penetration testing is passive. C) Penetration testing identifies weaknesses and vulnerability scanning exploits them. D) Penetration testing is active and vulnerability scanning is passive.
D) Netstat Netstat is a shell command used to display network connections. Nslookup is a shell command used for querying for DNS records. Ping tests connectivity as well as round trip time. Traceroute tracks the route and delay of network packets over a network.
What shell command is used to display open network connections? A) Ping B) Nslookup C) Traceroute D) Netstat
C) War Driving War driving is moving about your environment searching for a wireless signal. Often times using your laptop or wireless device will suffice to discover rogue access points.
What technique is used to locate rogue wireless access points? A) Port Scanning B) Intrusion Detection System C) War Driving D) Packet Sniffing
D) Service Account Service Accounts are used by programs that need to grant resources in order to accomplish a task. Guest Accounts are built into Microsoft operating systems but should be disabled and not used because there is no accounting for it. User Accounts are standard accounts used to log onto networks and grant basic privileges. Privileged accounts provide enhanced access such as the ability to install programs or access secure resources.
What type of account is used by applications in order to access resources across the network? A) Guest Account B) User Account C) Privileged Account D) Service Account
D) Pharming This is the definition of a pharming attack.
What type of attack redirects a web site's traffic to another web site by modifying the host file on a user's system? A) Cross Site Request Forgery B) DNS poisoning C) Cross Site Scripting D) Pharming
A) Persistence Persistence or Advanced Persistent Threats (APTs) are generally from nation states conducting long term attacks. Passive Reconnaissance gathers data without engaging target computer systems. Active Reconnaissance occurs when an attacker actually engages with the target computer to gather vulnerability information. Escalation of privilege occurs when an attacker is able to escalate the rights and permissions of the user account that is compromised.
What type of attack would most likely come from a nation state in order to gather intelligence and not be noticed? A) Persistence B) Active Reconnaissance C) Passive Reconnaissance D) Escalation of privilege
A) Succession Planning Succession planning is used to create a seamless transition for an organization in the event that key personnel unexpectedly leave or are unavailable. It is used so that there is no downtime in day to day critical operations.
What type of planning ensures that an organization can continue normal business operations even if key personnel unexpectedly leave or are unavailable? A) Succession Planning B) Business Continuity Planning C) Business Impact Planning D) Disaster Recovery Planning
B) Traceroute Traceroute tracks the route and delay of network packets over a network. Ping tests connectivity as well as round trip time. Nslookup is a shell command used for querying for DNS records. Netstat is a shell command used to display network connections.
What utility could be used to discover if a node between a computer and a web server is causing a delay? A) Netstat B) Traceroute C) Nslookup D) Ping
D) RAM inspection Tools that inspect RAM can uncover hidden hooked processes that rootkits use to function. Inspecting the RAM is the best way to find a rootkit.
What would be best for discovering a Rootkit? A) BIOS B) Antivirus C) Kernel Encryption D) RAM inspection
C) RAM inspection Tools that inspect RAM can uncover hidden hooked processes that rootkits use to function. Inspecting the RAM is the best way to find a rootkit.
What would be best for discovering a Rootkit? A) BIOS B) Antivirus C) RAM inspection D) Kernel Encryption
B) CBC Cipher Block Chaining (CBC) XORs each plaintext block with the previous block with an initialization vector used on the first block. Electronic Codebook (ECB) divides data into blocks and encrypts them separately, however identical blocks are encrypted the same. Galois/Counter Mode (GCM) number blocks sequentially, encrypts them and then XORs it with plain text to provide confidentiality and authenticity. Data Encryption Standard (DES) is an obsolete algorithm that encrypts data in 64 bit blocks with a 56 bit key.
Which cipher mode XORs each plaintext block with the previous block? A) ECB B) CBC C) DES D) GCM
C) Staging Staging environments mirror production in order to test the code immediately before deployment to ensure no damage will be caused to the production environment. The production environment is the area which is live and being used for business. A sandbox is a computer that's been isolated from the network so it's safe to test programs. Test development environments are used by both human and automated tools to ensure that code is working as intended.
Which development environment mirrors the production environment as closely as possible? A) Sandbox B) Test C) Staging D) Production
B) 2nd 2nd Generation firewalls introduced Stateful Inspection, that would analyze the type and purpose of network traffic.
Which generation of firewalls saw the addition of "stateful inspections"? A) 1st B) 2nd C) 3rd D) 4th
C) Asymmetric Keys Kerberos uses symmetric keys
Which is not typically used with the Kerberos authentication protocol? A) Key Distribution Center B) Ticket Granting Tickets C) Asymmetric Keys D) Active Directory
D) ECB Electronic Codebook (ECB) divides data into blocks and encrypts them separately, however identical blocks are encrypted the same. Cipher Block Chaining (CBC) XORs each plaintext block with the previous block with an initialization vector used on the first block. AES is a block symmetric cipher chosen by NIST to be a standard. Galois/Counter Mode (GCM) number blocks sequentially, encrypts them and then XORs it with plain text to provide confidentiality and authenticity.
Which of the following block cipher modes of operation produces plaintext values that will always result in the same ciphertext value? A) GCM B) AES C) CBC D) ECB
A) Authentication Header Although AH provides authentication, it does so as a part of IPSec with no attribution to end users. It authenticates IP packets.
Which of the following does not provide authentication services for remote users and devices? A) Authentication Header B) RADIUS C) TACACS+ D) Diameter
C) Physical Control An organization loses physical control over its assets by using the cloud. This is because the cloud is operated and managed by a third party vendor and the data owner wil no longer have physical control over its data.
Which of the following is a key security control an organization loses with cloud computing? A) Patch Management B) Availability C) Physical Control D) Data validation
D) FTPS FTPS uses SSL. the FTP protocol that uses SSH is SFTP. All of the other can be combined with SSH.
Which of the following protocols does not use SSH? A) SFTP B) SCP C) LDAP D) FTPS
A) NDP ARP resolves MAC addresses to IPv4 addresses and similarly NDP resolves MAC addresses to IPv6 addresses. It also performs autoconfiguration of devices IPv6 addresses and discovers other devices on the network such as the IPv6 default gateway address.
Which of the following protocols resolve MAC addresses to IPv6 addresses? A) NDP B) RPA C) ARP D) DNS
D) RSTP STP and RSTP (Rapid spanning tree protocol) protect against switching loops.
Which of the following protocols, if disabled makes a switch susceptible to loop problems? A) SCP B) RDP C) Socks5 D) RSTP
B) Direct Action Virus A Police Virus is also known as a Trojan Reveton, and a Moneypak virus. This virus accuses users of being involved in illegal activities and demands a fine.
Which of the following viruses does not accuse users of being involved in illegal activities and demands a fine? A) Moneypak virus B) Direct Action Virus C) Police Virus D) Trojan Reveton
A) Faraday Cage Social engineering is a non-technical method of intrusion used to gain information such as tailgating, dumpster diving, or reading over one's shoulder. A Faraday cage helps block technical methods of stealing data.
Which physical security control would probably NOT deter social engineering?
C) 143 Port 143 is IMAP4. Port 465 is SMTP with SSL, port 993 is IMAP4 with SSL, and port 636 is LDAP with SSL.
Which port is not related to a protocol using SSL? A) 636 B) 465 C) 143 D) 993
A) 1024 - 49151 Registered 3rd party applications would use the Registered Port Range which is 1024-49151.
Which port range would a registered 3rd party application likely use? A) 1024 - 49151 B) 49152 - 65535 C) 1 - 1024 D) 1025 - 37843
B) CHAP Challenge Handshake Authentication Protocol (CHAP) is more secure than Password Authentication Protocol (PAP) and is used to pass client credentials securely over a public network. Point-to-Point Protocol (PPP) was developed for dial-up access and was not secure. Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is an improved CHAP protocol for Microsoft clients. Kerberos is a secure authentication technology used by Windows Active Directory and Unix Realms.
Which protocol was created to replace PAP and pass client credentials over public networks? A) PPP B) CHAP C) Kerberos D) MS-CHAP
B) RC4 RC4 is a symmetric stream cipher that was used in WEP but is now obsolete as it can be broken. AES is a block symmetric cipher chosen by NIST to be a standard. 3DES was an improvement over DES because it makes 3 encryption passes with different keys. Twofish is similar to Blowfish but encrypts 128 bit blocks instead of 64 bits.
Which symmetric stream cipher was used in WEP? A) 3DES B) RC4 C) Twofish D) AES
D) Armored virus An Armored Virus uses one or more techniques to make it difficult to reverse engineer. Common techniques are complex code, encryption, and hiding the location.
Which type of virus uses one or more techniques including complex code, encryption, and hiding location, to make it difficult to reverse engineer? A) Multipartite virus B) Polymorphic virus C) Boot Sector virus D) Armored virus
D) Hub Hubs cannot segment traffic as they broadcast to all ports and cannot direct traffic to specific ports.
Which would not be used for network segmentation? A) Router B) Firewall C) VLAN D) Hub
C) Lower your IDS threshold Lowering your IDS' threshold will minimize false positives but it still must be high enough that it does not allow false negatives.
Your IDS is returning a high incidence of false positives, increasing your workload as the network administrator. What can you do to minimize the number of false positives you are getting while still not allowing false negatives? A) Put an IPS in instead of your IDS so that it will quarantine and remediate the issues before you are alerted to false positives B) Install an IPS in front of your IDS C) Lower your IDS threshold D) Make sure that more than one NIDS is not running at the same time