Security+ Review

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the algorithms listed below does not fall into the category of asymmetric encryption? RSA GPG DSA AES DHE ECDHE PGP

AES

Which of the cryptographic algorithms listed below is the least vulnerable to attacks? AES DES RC4 3DES

AES

Which of the following encryption schemes is used in WiFi Protected Access 2 (WPA2)? RC4 AES-CCMP TKIP with RC4 AES-GCMP

AES-CCMP

For the purpose of encryption, WiFi Protected Access 3 (WPA3) takes advantage of: (Select 2 answers) AES-GCMP PSK TKIP with RC4 RC4 AES-CCMP SAE

AES-GCMP AES-CCMP

Which part of the IPsec protocol suite provides authentication and integrity? CRC AH SIEM AES

AH

Which of the following terms refers to a US government initiative for real-time sharing of cyber threat indicators? NVD AIS TTP CVSS

AIS

Which of the following statements describe the function of a forward proxy? (Select 2 answers) Acts of behalf of a client Hides the identity of a client Acts of behalf of a server Hides the identity of a server

Acts of behalf of a client Hides the identity of a client

Which of the statements listed below describe the function of a reverse proxy? (Select 2 answers) Acts of behalf of a client Acts of behalf of a server Hides the identity of a server Hides the identity of a client

Acts of behalf of a server Hides the identity of a server

Which of the following answers refers to an STP frame? MTU Jumbo frame BPDU Magic packet

BPDU

Which of the following answers describe the features of TOTP? (Select 3 answers) Vulnerable to replay attacks Based on a cryptographic hash function and a secret cryptographic key Valid for multiple login sessions Based on a shared secret key and current time Not vulnerable to replay attacks Valid for only one login session

Based on a shared secret key and current time Not vulnerable to replay attacks Valid for only one login session

Examples of key stretching algorithms include: (Select 2 answers) ROT13 Twofish Bcrypt DSA FBKDF2

Bcrypt FBKDF2

Which of the answers listed below refers to a type of metric used for evaluation of a biometric security system's accuracy? FRR CRC FAR CER

CER

An industry standard for assessing the severity of computer system security vulnerabilities is known as: SIEM CVSS OSINT SOAR

CVSS

Which of the following terms illustrate the security through obscurity concept? (Select all that apply) Code obfuscation Steganography SSID broadcast suppression Encryption

Code obfuscation Steganography SSID broadcast suppression

What is STIX? Vulnerability database Common language for describing cyber threat information US government initiative for real-time sharing of cyber threat indicators Transport mechanism for cyber threat information

Common language for describing cyber threat information

A type of code that has already been translated from a high-level programming language into a low-level programming language and converted into a binary executable file is referred to as: Script code Compiled code Inline code Runtime code

Compiled code

Which of the following terms refers to the concept of virtualization on an application level? Serverless architecture Containerization System on a Chip (SoC) Infrastructure as code

Containerization

A network protocol providing an alternative solution to the manual allocation of IP addresses is called: DNS SNMP NAT DHCP

DHCP

A security feature of a network switch that provides countermeasures against rogue DHCP servers is called: DHCP scope DHCP reservation DHCP snooping DHCP relay agent

DHCP snooping

Which of the following is an example of fake telemetry? OSINT Bluejacking DNS sinkhole Replay attack

DNS sinkhole

Which of the following methods provides the most effective way for permanent removal of data stored on a magnetic drive? Standard format Overwriting data Degaussing Low-level format

Degaussing

What are the characteristic features of a transparent proxy? (Select all that apply) Doesn't require client-side configuration Modifies client's requests and responses Redirects client's requests and responses without modifying them Clients might be unaware of the proxy service Requires client-side configuration

Doesn't require client-side configuration Redirects client's requests and responses without modifying them Clients might be unaware of the proxy service

Which of the following block cipher modes is the simplest/weakest and therefore not recommended for use? CBC GCM ECB CTR

ECB

Which cryptographic solution would be best suited for low-power devices? ECC EFS SED FDE

ECC

Which of the following answers refers to an endpoint security solution that provides the capability for detection, analysis, response, and real-time monitoring of cyber threats? SWG CASB EDR NGFW

EDR

Which part of IPsec provides authentication, integrity, and confidentiality? AES SHA AH ESP

ESP

Which of the following solutions would be best suited for situations where response time in data processing is of critical importance? Edge computing Thin client architecture Fog computing Cloud computing

Edge computing

POP3 is used for: Name resolution Sending email messages File exchange Email retrieval

Email retrieval

An asymmetric encryption key designed to be used only for a single session or transaction is known as: Static key Ephemeral key Asymmetric key Symmetric key

Ephemeral key

A measure of the likelihood that a biometric security system will incorrectly accept an access attempt by an unauthorized user is known as: CRC FAR CER FRR

FAR

A software technology designed to provide confidentiality for an entire data storage device is known as: AES FDE EFS HSM

FDE

A measure of the likelihood that a biometric security system will incorrectly reject an access attempt by an authorized user is referred to as: FAR CER CRC FRR

FRR

Which of the following protocols allow(s) for secure file transfer? (Select all that apply) FTPS TFTP FTP SFTP

FTPS SFTP

Code obfuscation techniques rely on encryption to protect the source code against unauthorized access. True False

False

Stateless inspection is a firewall technology that keeps track of the state of network connections and based on that data determines which network packets to allow through the firewall. True False

False

The term "DHCP snooping" refers to an exploit that enables operation of a rogue DHCP network server. True False

False - prevents rogue DHCP servers

The practice of finding vulnerabilities in an application by feeding it incorrect input is called: Normalization Hardening Static code analysis Fuzzing

Fuzzing

Which of the block cipher modes listed below provides both data integrity and confidentiality? CBC GCM ECB CTR

GCM

Which of the protocols listed below enables remote access to another computer on the network via web browser? RDP HTTPS SSH VNC

HTTPS

A NIDS/NIPS that detects intrusions by comparing network traffic against the previously established baseline can be classified as: (Select all that apply) Heuristic Anomaly-based Behavioral Signature-based

Heuristic Anomaly-based Behavioral

Examples of protocols used for implementing secure VPN tunnels include: (Select all that apply) bcrypt IPsec SRTP TLS L2TP

IPsec TLS L2TP

Vulnerability scanning: (Select all that apply) Identifies lack of security controls Actively tests security controls Identifies common misconfigurations Exploits vulnerabilities Passively tests security controls

Identifies lack of security controls Identifies common misconfigurations Passively tests security controls

A type of forensic evidence that can be used to detect unauthorized access attempts or other malicious activities is called: CVE IoC AIS OSINT

IoC

Which of the following servers would be best suited to act as an intermediary between an intranet and a screened subnet? UC server Proxy server C2 server Jump server

Jump server

Which of the following are examples of hardware authentication tokens? Key fob Cable lock Passphrase Biometric reader RFID badge Smart card

Key fob RFID badge Smart card

Which of the following answers refer to the concept of non-persistence? (Select 3 answers) Last known-good configuration System image Live boot media Journaling Known state reversion

Last known-good configuration Live boot media Known state reversion

Which of the following answers refer to an office equipment that combines the functionality of multiple devices? (Select 2 answers) MFD IoT MFP PED MFA

MFD MFP

Which of the following would be the best solution for a company that needs IT services but lacks any IT personnel? MSA MaaS MSP MSSP

MSP

Which of the following terms refers to a third-party vendor offering IT security management services? (Select best answer) MSP MaaS MSA MSSP

MSSP

What is the name of a network security access control method in which a 48-bit physical address assigned to each network card is used to determine access to the network? Mac filtering Network Address Translation (NAT) Static IP addressing Network Access Control (NAC)

Mac filtering

Which of the following answers refers to a device designed to distribute (and monitor the quality of) electric power to multiple outlets? Power Supply Unit (PSU) Main Distribution Frame (MDF) Managed Power Distribution Unit (Managed PDU) Intermediate Distribution Frame (IDF)

Managed Power Distribution Unit (Managed PDU)

A nontransparent proxy: (Select 2 answers) Modifies client's requests and responses Doesn't require client-side configuration Requires client-side configuration Redirects client's requests and responses without modifying them

Modifies client's requests and responses Requires client-side configuration

A dedicated storage appliance that can be added to a local network is known as: SDP NAS EDR SSD

NAS

A solution that alleviates the problem of depleting IPv4 address space by allowing multiple hosts on the same private LAN to share a single public IP address is known as: DNS APIPA NAT DHCP

NAT

Which of the following solutions is used to hide the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device? NAC ACL NAT DMZ

NAT

Which of the following terms refers to a nonprofit organization focused on software security? CSIRT IETF OWASP CERT

OWASP

Which of the following answers refer to IMAP? (Select 2 answers) Offers improved functionality in comparison to POP3 Serves the same function as POP3 Enables sending email messages from client devices Offers less functions than POP3 Enables email exchange between mail servers

Offers improved functionality in comparison to POP3 Serves the same function as POP3 Enables email exchange between mail servers

Which of the following answers refers to a specification for SEDs? OVAL ISO Opal OWASP

Opal

Which of the following answers refers to a solution designed to strengthen the security of session keys? ECB PFS EFS PFX

PFS

Which of the following answers refers to a deprecated method for implementing Virtual Private Networks (VPNs)? GRE PPTP OpenVPN SSTP

PPTP

Which of the following acronyms refers to a client authentication method used in WPA2 Personal mode? AES RC4 IKE PSK SAE

PSK

Which cloud service model would provide the best solution for a web developer intending to create a web app? XaaS SaaS PaaS IaaS

PaaS

Which of the following answers refer(s) to the characteristic feature(s) of Faraday cage? (Select all that apply) Physical security control type Provides protection against RFI Technical security control type Provides protection against EMI Administrative security control type

Physical security control type Provides protection against RFI Provides protection against EMI

Which of the following allows an administrator to inspect traffic passing through a network switch? VLAN tagging Port mirroring Fault-tolerant mode Port scanner

Port mirroring

According to predictions, the most future-proof cryptographic solution should be: Quantum cryptography Symmetric-key cryptography Post-quantum cryptography Asymmetric-key cryptography Public-key cryptography

Post-quantum cryptography

What type of preventive physical access controls would provide a basic means for securing a door access? (Select 2 answers) Air gap Proximity card reader CCTV Industrial camouflage Smart card reader

Proximity card reader Smart card reader

A type of formal document that describes the specifications for a particular technology is known as: RFQ RFC RFI RFP

RFC

Which of the algorithms listed below does not belong to the category of symmetric ciphers? RC4 DES RSA AES Blowfish 3DES Twofish

RSA

A type of OS characterized by low delay between the execution of tasks required in specific applications, such as in military missile guidance systems or in automotive braking systems, is known as: UNIX Windows NT POSIX RTOS

RTOS

Which VPN type is used for connecting computers to a network? (Select all that apply) Remote access Intranet-based Client-to-site Site-to-site Extranet-based

Remote access Client-to-site

Which of the following acronyms refers to a client authentication method used in WPA3 Personal mode? SAE IKE RC4 PSK AES

SAE

Which of the following answers refer to industrial and manufacturing control systems? (Select 2 answers) EDR CMS SCADA ICS CCTV

SCADA ICS

Which of the acronyms listed below refers to a specialized suite of software tools used for developing applications for a specific platform? GUI SDLC API SDK

SDK

Which of the following answers refer to software technologies designed to simplify network infrastructure management? (Select 2 answers) SDP SSP SDV SEH SDN

SDV SDN

Which of the following answers refers to a data storage device equipped with hardware-level encryption functionality? SSP SEH SDN SED

SED

A network protocol for secure file transfer over Secure Shell (SSH) is called: TFTP SFTP Telnet FTPS

SFTP

Which version(s) of the SNMP protocol offer(s) authentication based on community strings sent in an unencrypted form? (Select all that apply) SNMPv1 SNMPv2 SNMPv3 SNMPv4

SNMPv1 SNMPv2

Which of the following tools enables automated response to security incidents? NIDS SOAR HIDS SIEM

SOAR

Which protocol enables secure, real-time delivery of audio and video over an IP network? S/MIME RTP SIP SRTP

SRTP

Which of the following protocols provide protection against broadcast storms and switching loops? (Select 2 answers) RTP SRTP RDP STP RSTP

STP RSTP

What are the characteristic features of the secure version of IMAP? (Select all that apply) TCP port 143 Secure Sockets Layer (SSL) TCP port 993 Transport Layer Security (TLS) TCP port 995

Secure Sockets Layer (SSL) TCP port 993 Transport Layer Security (TLS)

Which of the following answers refer(s) to POP3S encrypted communication? (Select all that apply) TCP port 993 Secure Sockets Layer (SSL) TCP port 995 Transport Layer Security (TLS) TCP port 110

Secure Sockets Layer (SSL) TCP port 995 Transport Layer Security (TLS)

LDAPS is an example of: Authentication protocol Secure directory access protocol Address resolution protocol File exchange protocol

Secure directory access protocol

In active-passive mode, load balancers distribute network traffic across: All servers Servers marked as active Least utilized servers Servers marked as passive

Servers marked as active

A type of encryption scheme where the same key is used to encrypt and decrypt data is referred to as: (Select 3 answers) Session-key encryption Public-key encryption Symmetric encryption Asymmetric encryption Secret-key encryption

Session-key encryption Symmetric encryption Secret-key encryption

Which of the following destruction tools/methods allow(s) for secure disposal of physical documents? (Select all that apply) Shredding Hard drive sanitization Burning Low-level formatting Degaussing

Shredding Burning

Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by enabling utilization of both the VPN and public network links? Tethering Split tunnel Load balancing Full tunnel

Split tunnel

Which of the terms listed below refers to the dynamic packet filtering concept? Port mirroring Stateful inspection Out-of-band management Stateless inspection

Stateful inspection

Which of the following terms refers to an embedded cryptoprocessor that can be found on the motherboards of newer PCs and laptops? CFB AHCI UEFI TPM

TPM

Which of the following answers list examples of hardware root of trust? (Select 2 answers) EFS TPM SED HSM FDE

TPM HSM

A hash function allows for mapping large amount of data content to a small string of characters. The result of hash function provides the exact "content in a nutshell" (in the form of a string of characters) derived from the original data content. In case there is any change to the data after the original hash was taken, the next time when hash function is applied, the resulting hash value calculated after content modification will be different from the original hash. True False

True

Of the three existing versions of the Simple Network Management Protocol (SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity). True False

True

The term "VM sprawl" is used to describe a situation in which large number of deployed virtual machines lack proper administrative controls. True False

True

What are the characteristic features of a session key? (Select 2 answers) Used during a single session Asymmetric key Reused during multiple sessions Symmetric key

Used during a single session Symmetric key

A logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain regardless of their physical location is known as: VLAN Screened subnet Intranet SAN

VLAN

In cloud computing, users on an on-premises network take advantage of a transit gateway to connect to: WAN VPC SAN VLAN

VPC

Which of the following answers refer to the characteristics of HOTP? (Select 3 answers) Valid for only one login session Based on a shared secret key and current time Vulnerable to replay attacks Based on a cryptographic hash function and a secret cryptographic key Valid for multiple login sessions Not vulnerable to replay attacks

Valid for only one login session Based on a cryptographic hash function and a secret cryptographic key Not vulnerable to replay attacks

Which of the acronyms listed below refers to a firewall controlling access to a web server? WEP WAP WPS WAF

WAF

Which of the wireless security protocols listed below has been deprecated in favor of newer standards due to known vulnerabilities resulting from implementation flaws? EAP AES WPA2 WEP

WEP

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against: War chalking Spoofing War driving Insider threat

War driving


Conjuntos de estudio relacionados

National Flood Insurance Program (NFIP)

View Set

PCI Data Security Standard Study Materials

View Set

AP CHEM BIG IDEA #2 MULTIPLE CHOICE

View Set

Fundamentals of Management by Griffin Chapter 14

View Set

Chapter 1: Consumer Safety and Drug Regulations

View Set