Security+ Review
Which of the algorithms listed below does not fall into the category of asymmetric encryption? RSA GPG DSA AES DHE ECDHE PGP
AES
Which of the cryptographic algorithms listed below is the least vulnerable to attacks? AES DES RC4 3DES
AES
Which of the following encryption schemes is used in WiFi Protected Access 2 (WPA2)? RC4 AES-CCMP TKIP with RC4 AES-GCMP
AES-CCMP
For the purpose of encryption, WiFi Protected Access 3 (WPA3) takes advantage of: (Select 2 answers) AES-GCMP PSK TKIP with RC4 RC4 AES-CCMP SAE
AES-GCMP AES-CCMP
Which part of the IPsec protocol suite provides authentication and integrity? CRC AH SIEM AES
AH
Which of the following terms refers to a US government initiative for real-time sharing of cyber threat indicators? NVD AIS TTP CVSS
AIS
Which of the following statements describe the function of a forward proxy? (Select 2 answers) Acts of behalf of a client Hides the identity of a client Acts of behalf of a server Hides the identity of a server
Acts of behalf of a client Hides the identity of a client
Which of the statements listed below describe the function of a reverse proxy? (Select 2 answers) Acts of behalf of a client Acts of behalf of a server Hides the identity of a server Hides the identity of a client
Acts of behalf of a server Hides the identity of a server
Which of the following answers refers to an STP frame? MTU Jumbo frame BPDU Magic packet
BPDU
Which of the following answers describe the features of TOTP? (Select 3 answers) Vulnerable to replay attacks Based on a cryptographic hash function and a secret cryptographic key Valid for multiple login sessions Based on a shared secret key and current time Not vulnerable to replay attacks Valid for only one login session
Based on a shared secret key and current time Not vulnerable to replay attacks Valid for only one login session
Examples of key stretching algorithms include: (Select 2 answers) ROT13 Twofish Bcrypt DSA FBKDF2
Bcrypt FBKDF2
Which of the answers listed below refers to a type of metric used for evaluation of a biometric security system's accuracy? FRR CRC FAR CER
CER
An industry standard for assessing the severity of computer system security vulnerabilities is known as: SIEM CVSS OSINT SOAR
CVSS
Which of the following terms illustrate the security through obscurity concept? (Select all that apply) Code obfuscation Steganography SSID broadcast suppression Encryption
Code obfuscation Steganography SSID broadcast suppression
What is STIX? Vulnerability database Common language for describing cyber threat information US government initiative for real-time sharing of cyber threat indicators Transport mechanism for cyber threat information
Common language for describing cyber threat information
A type of code that has already been translated from a high-level programming language into a low-level programming language and converted into a binary executable file is referred to as: Script code Compiled code Inline code Runtime code
Compiled code
Which of the following terms refers to the concept of virtualization on an application level? Serverless architecture Containerization System on a Chip (SoC) Infrastructure as code
Containerization
A network protocol providing an alternative solution to the manual allocation of IP addresses is called: DNS SNMP NAT DHCP
DHCP
A security feature of a network switch that provides countermeasures against rogue DHCP servers is called: DHCP scope DHCP reservation DHCP snooping DHCP relay agent
DHCP snooping
Which of the following is an example of fake telemetry? OSINT Bluejacking DNS sinkhole Replay attack
DNS sinkhole
Which of the following methods provides the most effective way for permanent removal of data stored on a magnetic drive? Standard format Overwriting data Degaussing Low-level format
Degaussing
What are the characteristic features of a transparent proxy? (Select all that apply) Doesn't require client-side configuration Modifies client's requests and responses Redirects client's requests and responses without modifying them Clients might be unaware of the proxy service Requires client-side configuration
Doesn't require client-side configuration Redirects client's requests and responses without modifying them Clients might be unaware of the proxy service
Which of the following block cipher modes is the simplest/weakest and therefore not recommended for use? CBC GCM ECB CTR
ECB
Which cryptographic solution would be best suited for low-power devices? ECC EFS SED FDE
ECC
Which of the following answers refers to an endpoint security solution that provides the capability for detection, analysis, response, and real-time monitoring of cyber threats? SWG CASB EDR NGFW
EDR
Which part of IPsec provides authentication, integrity, and confidentiality? AES SHA AH ESP
ESP
Which of the following solutions would be best suited for situations where response time in data processing is of critical importance? Edge computing Thin client architecture Fog computing Cloud computing
Edge computing
POP3 is used for: Name resolution Sending email messages File exchange Email retrieval
Email retrieval
An asymmetric encryption key designed to be used only for a single session or transaction is known as: Static key Ephemeral key Asymmetric key Symmetric key
Ephemeral key
A measure of the likelihood that a biometric security system will incorrectly accept an access attempt by an unauthorized user is known as: CRC FAR CER FRR
FAR
A software technology designed to provide confidentiality for an entire data storage device is known as: AES FDE EFS HSM
FDE
A measure of the likelihood that a biometric security system will incorrectly reject an access attempt by an authorized user is referred to as: FAR CER CRC FRR
FRR
Which of the following protocols allow(s) for secure file transfer? (Select all that apply) FTPS TFTP FTP SFTP
FTPS SFTP
Code obfuscation techniques rely on encryption to protect the source code against unauthorized access. True False
False
Stateless inspection is a firewall technology that keeps track of the state of network connections and based on that data determines which network packets to allow through the firewall. True False
False
The term "DHCP snooping" refers to an exploit that enables operation of a rogue DHCP network server. True False
False - prevents rogue DHCP servers
The practice of finding vulnerabilities in an application by feeding it incorrect input is called: Normalization Hardening Static code analysis Fuzzing
Fuzzing
Which of the block cipher modes listed below provides both data integrity and confidentiality? CBC GCM ECB CTR
GCM
Which of the protocols listed below enables remote access to another computer on the network via web browser? RDP HTTPS SSH VNC
HTTPS
A NIDS/NIPS that detects intrusions by comparing network traffic against the previously established baseline can be classified as: (Select all that apply) Heuristic Anomaly-based Behavioral Signature-based
Heuristic Anomaly-based Behavioral
Examples of protocols used for implementing secure VPN tunnels include: (Select all that apply) bcrypt IPsec SRTP TLS L2TP
IPsec TLS L2TP
Vulnerability scanning: (Select all that apply) Identifies lack of security controls Actively tests security controls Identifies common misconfigurations Exploits vulnerabilities Passively tests security controls
Identifies lack of security controls Identifies common misconfigurations Passively tests security controls
A type of forensic evidence that can be used to detect unauthorized access attempts or other malicious activities is called: CVE IoC AIS OSINT
IoC
Which of the following servers would be best suited to act as an intermediary between an intranet and a screened subnet? UC server Proxy server C2 server Jump server
Jump server
Which of the following are examples of hardware authentication tokens? Key fob Cable lock Passphrase Biometric reader RFID badge Smart card
Key fob RFID badge Smart card
Which of the following answers refer to the concept of non-persistence? (Select 3 answers) Last known-good configuration System image Live boot media Journaling Known state reversion
Last known-good configuration Live boot media Known state reversion
Which of the following answers refer to an office equipment that combines the functionality of multiple devices? (Select 2 answers) MFD IoT MFP PED MFA
MFD MFP
Which of the following would be the best solution for a company that needs IT services but lacks any IT personnel? MSA MaaS MSP MSSP
MSP
Which of the following terms refers to a third-party vendor offering IT security management services? (Select best answer) MSP MaaS MSA MSSP
MSSP
What is the name of a network security access control method in which a 48-bit physical address assigned to each network card is used to determine access to the network? Mac filtering Network Address Translation (NAT) Static IP addressing Network Access Control (NAC)
Mac filtering
Which of the following answers refers to a device designed to distribute (and monitor the quality of) electric power to multiple outlets? Power Supply Unit (PSU) Main Distribution Frame (MDF) Managed Power Distribution Unit (Managed PDU) Intermediate Distribution Frame (IDF)
Managed Power Distribution Unit (Managed PDU)
A nontransparent proxy: (Select 2 answers) Modifies client's requests and responses Doesn't require client-side configuration Requires client-side configuration Redirects client's requests and responses without modifying them
Modifies client's requests and responses Requires client-side configuration
A dedicated storage appliance that can be added to a local network is known as: SDP NAS EDR SSD
NAS
A solution that alleviates the problem of depleting IPv4 address space by allowing multiple hosts on the same private LAN to share a single public IP address is known as: DNS APIPA NAT DHCP
NAT
Which of the following solutions is used to hide the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device? NAC ACL NAT DMZ
NAT
Which of the following terms refers to a nonprofit organization focused on software security? CSIRT IETF OWASP CERT
OWASP
Which of the following answers refer to IMAP? (Select 2 answers) Offers improved functionality in comparison to POP3 Serves the same function as POP3 Enables sending email messages from client devices Offers less functions than POP3 Enables email exchange between mail servers
Offers improved functionality in comparison to POP3 Serves the same function as POP3 Enables email exchange between mail servers
Which of the following answers refers to a specification for SEDs? OVAL ISO Opal OWASP
Opal
Which of the following answers refers to a solution designed to strengthen the security of session keys? ECB PFS EFS PFX
PFS
Which of the following answers refers to a deprecated method for implementing Virtual Private Networks (VPNs)? GRE PPTP OpenVPN SSTP
PPTP
Which of the following acronyms refers to a client authentication method used in WPA2 Personal mode? AES RC4 IKE PSK SAE
PSK
Which cloud service model would provide the best solution for a web developer intending to create a web app? XaaS SaaS PaaS IaaS
PaaS
Which of the following answers refer(s) to the characteristic feature(s) of Faraday cage? (Select all that apply) Physical security control type Provides protection against RFI Technical security control type Provides protection against EMI Administrative security control type
Physical security control type Provides protection against RFI Provides protection against EMI
Which of the following allows an administrator to inspect traffic passing through a network switch? VLAN tagging Port mirroring Fault-tolerant mode Port scanner
Port mirroring
According to predictions, the most future-proof cryptographic solution should be: Quantum cryptography Symmetric-key cryptography Post-quantum cryptography Asymmetric-key cryptography Public-key cryptography
Post-quantum cryptography
What type of preventive physical access controls would provide a basic means for securing a door access? (Select 2 answers) Air gap Proximity card reader CCTV Industrial camouflage Smart card reader
Proximity card reader Smart card reader
A type of formal document that describes the specifications for a particular technology is known as: RFQ RFC RFI RFP
RFC
Which of the algorithms listed below does not belong to the category of symmetric ciphers? RC4 DES RSA AES Blowfish 3DES Twofish
RSA
A type of OS characterized by low delay between the execution of tasks required in specific applications, such as in military missile guidance systems or in automotive braking systems, is known as: UNIX Windows NT POSIX RTOS
RTOS
Which VPN type is used for connecting computers to a network? (Select all that apply) Remote access Intranet-based Client-to-site Site-to-site Extranet-based
Remote access Client-to-site
Which of the following acronyms refers to a client authentication method used in WPA3 Personal mode? SAE IKE RC4 PSK AES
SAE
Which of the following answers refer to industrial and manufacturing control systems? (Select 2 answers) EDR CMS SCADA ICS CCTV
SCADA ICS
Which of the acronyms listed below refers to a specialized suite of software tools used for developing applications for a specific platform? GUI SDLC API SDK
SDK
Which of the following answers refer to software technologies designed to simplify network infrastructure management? (Select 2 answers) SDP SSP SDV SEH SDN
SDV SDN
Which of the following answers refers to a data storage device equipped with hardware-level encryption functionality? SSP SEH SDN SED
SED
A network protocol for secure file transfer over Secure Shell (SSH) is called: TFTP SFTP Telnet FTPS
SFTP
Which version(s) of the SNMP protocol offer(s) authentication based on community strings sent in an unencrypted form? (Select all that apply) SNMPv1 SNMPv2 SNMPv3 SNMPv4
SNMPv1 SNMPv2
Which of the following tools enables automated response to security incidents? NIDS SOAR HIDS SIEM
SOAR
Which protocol enables secure, real-time delivery of audio and video over an IP network? S/MIME RTP SIP SRTP
SRTP
Which of the following protocols provide protection against broadcast storms and switching loops? (Select 2 answers) RTP SRTP RDP STP RSTP
STP RSTP
What are the characteristic features of the secure version of IMAP? (Select all that apply) TCP port 143 Secure Sockets Layer (SSL) TCP port 993 Transport Layer Security (TLS) TCP port 995
Secure Sockets Layer (SSL) TCP port 993 Transport Layer Security (TLS)
Which of the following answers refer(s) to POP3S encrypted communication? (Select all that apply) TCP port 993 Secure Sockets Layer (SSL) TCP port 995 Transport Layer Security (TLS) TCP port 110
Secure Sockets Layer (SSL) TCP port 995 Transport Layer Security (TLS)
LDAPS is an example of: Authentication protocol Secure directory access protocol Address resolution protocol File exchange protocol
Secure directory access protocol
In active-passive mode, load balancers distribute network traffic across: All servers Servers marked as active Least utilized servers Servers marked as passive
Servers marked as active
A type of encryption scheme where the same key is used to encrypt and decrypt data is referred to as: (Select 3 answers) Session-key encryption Public-key encryption Symmetric encryption Asymmetric encryption Secret-key encryption
Session-key encryption Symmetric encryption Secret-key encryption
Which of the following destruction tools/methods allow(s) for secure disposal of physical documents? (Select all that apply) Shredding Hard drive sanitization Burning Low-level formatting Degaussing
Shredding Burning
Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by enabling utilization of both the VPN and public network links? Tethering Split tunnel Load balancing Full tunnel
Split tunnel
Which of the terms listed below refers to the dynamic packet filtering concept? Port mirroring Stateful inspection Out-of-band management Stateless inspection
Stateful inspection
Which of the following terms refers to an embedded cryptoprocessor that can be found on the motherboards of newer PCs and laptops? CFB AHCI UEFI TPM
TPM
Which of the following answers list examples of hardware root of trust? (Select 2 answers) EFS TPM SED HSM FDE
TPM HSM
A hash function allows for mapping large amount of data content to a small string of characters. The result of hash function provides the exact "content in a nutshell" (in the form of a string of characters) derived from the original data content. In case there is any change to the data after the original hash was taken, the next time when hash function is applied, the resulting hash value calculated after content modification will be different from the original hash. True False
True
Of the three existing versions of the Simple Network Management Protocol (SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity). True False
True
The term "VM sprawl" is used to describe a situation in which large number of deployed virtual machines lack proper administrative controls. True False
True
What are the characteristic features of a session key? (Select 2 answers) Used during a single session Asymmetric key Reused during multiple sessions Symmetric key
Used during a single session Symmetric key
A logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain regardless of their physical location is known as: VLAN Screened subnet Intranet SAN
VLAN
In cloud computing, users on an on-premises network take advantage of a transit gateway to connect to: WAN VPC SAN VLAN
VPC
Which of the following answers refer to the characteristics of HOTP? (Select 3 answers) Valid for only one login session Based on a shared secret key and current time Vulnerable to replay attacks Based on a cryptographic hash function and a secret cryptographic key Valid for multiple login sessions Not vulnerable to replay attacks
Valid for only one login session Based on a cryptographic hash function and a secret cryptographic key Not vulnerable to replay attacks
Which of the acronyms listed below refers to a firewall controlling access to a web server? WEP WAP WPS WAF
WAF
Which of the wireless security protocols listed below has been deprecated in favor of newer standards due to known vulnerabilities resulting from implementation flaws? EAP AES WPA2 WEP
WEP
An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against: War chalking Spoofing War driving Insider threat
War driving
