CompTIA Security+ Certification Exam SY0-601 Midterm 2

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which of the algorithms listed below does not fall into the category of asymmetric encryption? RSA GPG DSA AES DHE ECDHE PGP

AES

Which part of the IPsec protocol suite provides authentication and integrity? CRC AH SIEM AES

AH

Which of the physical security control types listed below provides isolation from external computer networks? Air gap Network segmentation Hardware firewall Protected cable distribution

Air gap

What are the characteristic features of Elliptic Curve Cryptography (ECC)? (Select 3 answers) Asymmetric encryption Low processing power requirements Suitable for small wireless devices High processing power requirements Symmetric encryption Not suitable for small wireless devices

Asymmetric encryption Low processing power requirements Suitable for small wireless devices

Which of the following power redundancy solutions would be best suited for providing long-term emergency power during an unexpected main power source outage? Dual-power supply Standby UPS Backup generator Managed PDU

Backup generator

Examples of key stretching algorithms include: (Select 2 answers) ROT13 Twofish Bcrypt DSA PBKDF2

Bcrypt PBKDF2

Which of the following provides physical security measure against laptop theft? Cable lock Trusted Platform Module (TPM) Geotracking LoJack for Laptops

Cable lock

Which of the following terms illustrate the security through obscurity concept? (Select all that apply) Code obfuscation Steganography SSID broadcast suppression Encryption

Code obfuscation Steganography SSID broadcast suppression

Restoring data from an incremental backup requires: (Select 2 answers) Copy of the last incremental backup All copies of differential backups made since the last full backup Copy of the last differential backup All copies of incremental backups made since the last full backup Copy of the last full backup

Copy of the last full backup

A network protocol providing an alternative solution to the manual allocation of IP addresses is called: DNS SNMP NAT DHCP

DHCP

A suite of security extensions for an Internet service that translates domain names into IP addresses is known as: EDNS DNSSEC Split DNS DDNS

DNSSEC

A suite of security extensions for an Internet service that translates domain names into IP addresses is known as: EDNS DNSSEC Split DNS DDNS

DNSSEC

Which of the following methods provides the most effective way for permanent removal of data stored on a magnetic drive? Standard format Overwriting data Degaussing Low-level format

Degaussing

Which of the following terms applies to the concept of non-repudiation? Security through obscurity Digital certificate MFA Hashing Encryption

Digital certificate

Which of the following would add power redundancy on a server box? Standby UPS Backup generator Managed PDU Dual-power supply

Dual-power supply

Which of the following block cipher modes is the simplest/weakest and therefore not recommended for use? CBC GCM ECB CTR

ECB

Which cryptographic solution would be best suited for low-power devices? ECC EFS SED FDE

ECC

Which part of IPsec provides authentication, integrity, and confidentiality? AES SHA AH ESP

ESP

POP3 is used for: Name resolution Sending email messages File exchange Email retrieval

Email retrieval

Which of the following terms applies to the concept of confidentiality? Hashing Encryption Security through obscurity MFA Digital certificate

Encryption

An asymmetric encryption key designed to be used only for a single session or transaction is known as: Static key Ephemeral key Asymmetric key Symmetric key

Ephemeral key

Which of the following protocols allow(s) for secure file transfer? (Select all that apply) FTPS TFTP FTP SFTP

FTPS SFTP

Examples of techniques used for encrypting information include symmetric encryption (also called public-key encryption) and asymmetric encryption (also called secret-key encryption, or session-key encryption.) True False

False

FTPS is an extension to the Secure Shell (SSH) protocol and runs by default on port number 22. True False

False

In a differential backup strategy, restoring data from backup requires only a working copy of the last full backup. True False

False

Secure File Transfer Protocol (SFTP) is an extension to the FTP protocol that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. True False

False

Symmetric encryption algorithms require large amounts of processing power for both encryption and decryption of data which makes them much slower in comparison to asymmetric encryption ciphers. True False

False

The lack of entropy in the process of generating cryptographic keys improves the security of cryptographic algorithms. True False

False

Which of the block cipher modes listed below provides both data integrity and confidentiality? CBC GCM ECB CTR

GCM

What is the name of a network protocol that secures web traffic via SSL/TLS encryption? SFTP HTTPS FTPS SNMP

HTTPS

Which of the protocols listed below enables remote access to another computer on the network via web browser? RDP HTTPS SSH VNC

HTTPS

Which of the following terms refers to an environmental control system? SCADA HIPS TEMPEST HVAC

HVAC

Which of the following terms applies to the concept of data integrity? MFA Digital certificate Hashing Security through obscurity Encryption

Hashing

What is the purpose of steganography? Checking data integrity Verifying hash values Hiding data within another piece of data Encrypting data

Hiding data within another piece of data

Which of the following enables processing data in an encrypted form? Diffusion Homomorphic encryption Obfuscation Hashing

Homomorphic encryption

Digital signatures provide: (Select 3 answers) Integrity Authentication Confidentiality Authorization Non-repudiation Accounting

Integrity Authentication Non-repudiation

Which of the following answers refer to the concept of non-persistence? (Select 3 answers) Last known-good configuration System image Live boot media Journaling Known state reversion

Last known-good configuration Live boot media Known state reversion

Which of the answers listed below refers to a type of removable storage media that contains a portable, non-persistent OS? Flash memory Primary storage Live boot media Hybrid drive

Live boot media

A network hardware or software solution designed for managing the optimal distribution of workloads across multiple computing resources is known as: Content filter Power Distribution Unit (PDU) Load balancer Domain controller

Load balancer

Which of the following terms applies to the authentication process? Digital certificate MFA Encryption Security through obscurity Hashing

MFA

Which of the following answers refer to an office equipment that combines the functionality of multiple devices? (Select 2 answers) MFD IoT MFP PED MFA

MFD MFP

Which of the following answers refers to a sequential-access backup media? Magnetic tapes Disk drives Optical discs Flash media

Magnetic tapes

Which of the following answers refers to a device designed to distribute (and monitor the quality of) electric power to multiple outlets? Power Supply Unit (PSU) Main Distribution Frame (MDF) Managed Power Distribution Unit (Managed PDU) Intermediate Distribution Frame (IDF)

Managed Power Distribution Unit (Managed PDU)

A dedicated storage appliance that can be added to a local network is known as: SDP NAS EDR SSD

NAS

The process of combining multiple physical network adapters into a single logical interface for increased throughput and redundancy is called: Device pairing Multipath I/O Route aggregation NIC teaming

NIC teaming

Which of the following is a secure implementation of a protocol used for synchronizing clocks over a computer network? NTPsec SNMPv3 SRTP IPsec

NTPsec

Which of the following answers refer to IMAP? (Select 2 answers) Offers improved functionality in comparison to POP3 Serves the same function as POP3 Enables sending email messages from client devices Offers less functions than POP3 Enables email exchange between mail servers

Offers improved functionality in comparison to POP3 Serves the same function as POP3

Which of the following answers refers to a solution designed to strengthen the security of session keys? ECB PFS EFS PFX

PFS

Protection provided by security personnel is an example of: Technical security control Physical security control Administrative security control Logical security control

Physical security control

Which of the following answers refer(s) to the characteristic feature(s) of Faraday cage? (Select all that apply) Physical security control type Provides protection against RFI Technical security control type Provides protection against EMI Administrative security control type

Physical security control type Provides protection against RFI Provides protection against EMI

According to predictions, the most future-proof cryptographic solution should be: Quantum cryptography Symmetric-key cryptography Post-quantum cryptography Asymmetric-key cryptography Public-key cryptography

Post-quantum cryptography

A type of contactless smart card that can be read at a close range from a reader device is commonly referred to as: MicroSD card Common Access Card (CAC) Proximity card Personal Identity Verification (PIV) card

Proximity card

What type of preventive physical access controls would provide a basic means for securing a door access? (Select 2 answers) Air gap Proximity card reader CCTV Industrial camouflage Smart card reader

Proximity card reader Smart card reader

An emerging field of advanced computing technologies based on the principles of physics is known as: DNA computing Edge computing Quantum computing Fog computing

Quantum computing

Which of the algorithms listed below does not belong to the category of symmetric ciphers? RC4 DES RSA AES Blowfish 3DES Twofish

RSA

A type of OS characterized by low delay between the execution of tasks required in specific applications, such as in military missile guidance systems or in automotive braking systems, is known as: UNIX Windows NT POSIX RTOS

RTOS

Examples of embedded systems include: (Select all that apply) Android OS Raspberry Pi iOS Arduino Field Programmable Gate Array (FPGA) Mainframe computer system

Raspberry Pi Arduino Field Programmable Gate Array (FPGA)

Hardware RAID Level 10 (a.k.a. RAID 1+0): (Select 3 answers) Requires a minimum of 4 drives to implement Is referred to as stripe of mirrors, i.e. a combination of RAID 1 (disk mirroring) and RAID 0 (disk striping) Requires a minimum of 5 drives to implement Offers increased performance and fault tolerance (failure of one drive in each mirrored pair of disk drives does not destroy the array) Requires a minimum of 3 drives to implement Continues to operate in case of failure of more than 2 drives

Requires a minimum of 4 drives to implement Is referred to as stripe of mirrors, i.e. a combination of RAID 1 (disk mirroring) and RAID 0 (disk striping Offers increased performance and fault tolerance (failure of one drive in each mirrored pair of disk drives does not destroy the array)

Hardware RAID Level 1: (Select 3 answers) Requires at least 2 drives to implement Is also known as disk striping Offers improved performance in comparison to RAID 0 Requires at least 3 drives to implement Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data) Is also referred to as disk mirroring

Requires at least 2 drives to implement Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data) Is also referred to as disk mirroring

Hardware RAID Level 5: (Select 2 answers) Requires at least 2 drives to implement Continues to operate in case of failure of more than 1 drive Requires at least 3 drives to implement Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives) Requires at least 4 drives to implement

Requires at least 3 drives to implement Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives)

Hardware RAID Level 6: (Select 2 answers) Requires at least 4 drives to implement Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the array and lost data can be re-created by the remaining drives) Requires at least 3 drives to implement Continues to operate in case of failure of more than 2 drives Requires at least 5 drives to implement

Requires at least 4 drives to implement Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the array and lost data can be re-created by the remaining drives)

A dedicated local network consisting of devices providing data access is called: SDN NAS iSCSI SAN

SAN

Which of the following answers refer to industrial and manufacturing control systems? (Select 2 answers) EDR CMS SCADA ICS CCTV

SCADA ICS

A network protocol for secure file transfer over Secure Shell (SSH) is called: TFTP SFTP Telnet FTPS

SFTP

Which of the answers listed below refers to a deprecated TLS-based method for securing SMTP? IMAPS STARTTLS POP3S SMTPS

SMTPS

Which version(s) of the SNMP protocol offer(s) authentication based on community strings sent in an unencrypted form? (Select all that apply) SNMPv1 SNMPv2 SNMPv3 SNMPv4

SNMPv1 SNMPv2

Which protocol enables secure, real-time delivery of audio and video over an IP network? S/MIME RTP SIP SRTP

SRTP

Which of the following answers refers to a non-proprietary cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services? RDP Telnet SSH RAS

SSH

Pseudo-random data added to a password before hashing is called: Shim Salt Seed IV

Salt

Which of the following answers refers to a type of additional input that increases password complexity and provides better protection against brute-force, dictionary, and rainbow table attacks? Seed IV Salt Shim

Salt

The capability of a hardware or software system to process increasing workload without decrease in performance is known as: Redundancy Multitasking Scalability Fault tolerance

Scalability

A lightly protected subnet (previously known as a DMZ) consisting of publicly available servers placed on the outside of the company's firewall is called: Honeynet Virtual Private Network (VPN) Extranet Screened subnet

Screened subnet

Which of the following answers refer(s) to POP3S encrypted communication? (Select all that apply) TCP port 993 Secure Sockets Layer (SSL) TCP port 995 Transport Layer Security (TLS) TCP port 110

Secure Sockets Layer (SSL) TCP port 995 Transport Layer Security (TLS)

What are the characteristic features of the secure version of IMAP? (Select all that apply) TCP port 143 Secure Sockets Layer (SSL) TCP port 993 Transport Layer Security (TLS) TCP port 995

Secure Sockets Layer (SSL) TCP port 993 Transport Layer Security (TLS)

LDAPS is an example of: Authentication protocol Secure directory access protocol Address resolution protocol File exchange protocol

Secure directory access protocol

Which of the following terms applies to the concept of obfuscation? Encryption Security through obscurity Hashing Digital certificate MFA

Security through obscurity

A type of encryption scheme where the same key is used to encrypt and decrypt data is referred to as: (Select 3 answers) Session-key encryption Public-key encryption Symmetric encryption Asymmetric encryption Secret-key encryption

Session-key encryption

Which of the following destruction tools/methods allow(s) for secure disposal of physical documents? (Select all that apply) Shredding Hard drive sanitization Burning Low-level formatting Degaussing

Shredding Burning

A file-based representation of the state of a virtual machine at a given point in time is called: Restore point Shadow copy Snapshot System image

Snapshot

What type of backups are commonly used with virtual machines? Incremental backups Snapshot backups Tape backups Differential backups

Snapshot backups

An integrated circuit combining components normally found in a standard computer system is referred to as: HSM TPM SoC BIOS

SoC

An exact copy of the entire state of a computer system is known as: System image Last known-good configuration Restore point Mirrored volume

System image

An IPsec mode providing encryption only for the payload (the data part of the packet) is known as: Protected mode Tunnel mode Transport mode Safe mode

Transport mode

In asymmetric encryption, any message encrypted with the use of a public key can only be decrypted by applying the same algorithm and a matching private key (and vice versa). True False

True

In cryptography, the number of bits in a key used by a cryptographic algorithm is referred to as a key size or key length. The key length determines the maximum number of combinations required to break the encryption algorithm, therefore typically a longer key means stronger cryptographic security. True False

True

In cryptography, the term "Key stretching" refers to a mechanism for extending the length of a cryptographic key to make it more secure against brute-force attacks. True False

True

Multipurpose Internet Mail Extensions (MIME) specification extends the email message format beyond simple text, enabling the transfer of graphics, audio, and video files over the Internet mail system. Secure MIME (S/MIME) is an enhanced version of the MIME protocol that enables email security features by providing encryption, authentication, message integrity, and other related services. True False

True

Of the three existing versions of the Simple Network Management Protocol (SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity). True False

True

One of the ways of confirming that a software application comes from a trusted source is the verification of its digital signature. A digitally signed software proves the identity of the developer and guarantees that the application code has not been tampered with since it was signed. The authenticity and integrity of the application's code can be verified by comparing results of a cryptographic hash function (original hash published by the application developer vs. hash obtained from a downloaded app). True False

True

Private Branch Exchange (PBX) is an internal telephone exchange or switching system implemented in a business or office. PBX allows for handling of internal communications without the use of paid Public Switched Telephone Network (PSTN) service, also known as Plain Old Telephone Service (POTS). A Voice over Internet Protocol (VoIP) PBX, which takes advantage of existing LAN cables, can further reduce costs by removing the need for separate telephone cabling infrastructure in a building or office. VoIP endpoints are specialized hardware devices or application programs that enable VoIP calls from computing devices. VoIP gateways are network devices that convert voice and fax calls, in real time, between an IP network and PSTN/POTS. True False

True

Setting up hot and cold aisles in a server room allows for more efficient management of air flow. True False

True

The term "Blockchain" refers to a decentralized digital ledger system (i.e. a specific type of a distributed database) stored across multiple computers in a P2P network. True False

True

The term "Mantrap" (a.k.a. access control vestibule) refers to a physical security access control system used to prevent unauthorized users from gaining access to restricted areas by following another person. An example mantrap could be a two-door entrance point connected to a guard station wherein a person entering mantrap from the outside remains locked inside until he/she provides authentication token required to unlock the inner door. True False

True

The term "Multipath I/O" refers to a framework that improves fault tolerance and performance by enabling additional, alternate routes for data that is being transferred to and from storage devices. True False

True

Unlike stream ciphers which process data by encrypting individual bits, block ciphers divide data into separate fragments and encrypt each fragment separately. True False

True

Which of the IPsec modes provides entire packet encryption? Tunnel Payload Transport Default

Tunnel

What is the name of a device that can provide short-term emergency power during an unexpected main power source outage? UPS PoE SVC PSU

UPS

Which of the following physical security controls can be implemented as DLP solution? USB data blocker Visitor logs CCTV Motion detection

USB data blocker

What are the characteristic features of a session key? (Select 2 answers) Used during a single session Asymmetric key Reused during multiple sessions Symmetric key

Used during a single session Symmetric key

Which of the answers listed below refers to an IoT technology designed to provide communication between appliances in a home automation network? Ant+ Zigbee NFC RFID

Zigbee


Kaugnay na mga set ng pag-aaral

Chapter 16: Adolescence: Psychosocial Development

View Set

Chapter Fifteen -- Commercial Paper

View Set

Cosmetology, Chapter 8, Design Decisions

View Set

PH 506: Eight Prakriti and Organ Systems

View Set

Chapter 21 Earth & Space Science

View Set

Chapter 21: The Child's Experience of Hospitalization

View Set

module 11: skeletal system and axial division

View Set