COMPTIA A+ 220-902 - DOMAIN 3.0 - SECURITY
3-11. Which of these would prevent tailgating? A. After scanning a badge, only allow one person to enter a secure area at a time B. Computer desktops should be manually locked before leaving your desk C. Physical papers and work documents should be locked in your desk when unattended D. When connecting to the corporate network from outside the building, always use a VPN E. Require multiple factors of information when authenticating
Answer: A. After scanning a badge, only allow one person to enter a secure area at a time Tailgating is the process of using someone else's credentials to physically enter a protected area. Instead of individually badging in everyone, someone tailgating will wait for a valid user to unlock the door, and then follow them in.
3-50. Which of these would be a best practice for workstation security? A. Assign rights and permissions based on groups B. Use a minimum password length of 6 characters C. Administrator rights are only assigned to IT staff and users with specific application requirements D. Passwords can contain only alphanumeric characters E. All accounts on the workstation should be enabled
Answer: A. Assign rights and permissions based on groups It's much easier to manage and audit a security posture that assigns rights and permissions based on groups of users. Assigning rights at a user level makes the administrative functions much more granular and it becomes much easier to make a mistake when assigning rights.
3-36. Which of these of mobile device apps is commonly used when connecting to a VPN? A. Authenticator app B. Tunnel monitor C. Encryption app D. Network monitor E. Key manager
Answer: A. Authenticator app Instead of physical authenticators that would hang from your keychain, many authentication systems now use authenticator apps that can be installed on your mobile device.
3-20. What type of security technology uses a part of the body to provide access? A. Biometrics B. Two-factor authentication C. Smart card D. Token generator E. RFID
Answer: A. Biometrics Biometrics are often used to provide access through biological means, such as a fingerprint, an optical scan, or the shape of a hand.
3-44. Which of these would be a characteristic of a phishing attack? A. Clickable link in an email B. Intermittent server availability C. Increased bandwidth D. Sluggish operating system
Answer: A. Clickable link in an email One common way to bait the user in a phishing attack is to send them an email with a link. The link might lead to a site with malware or to an evil web site that is masquerading as a legitimate site.
3-15. Which of the following would be the best way to define granular access permissions to a Windows file? A. Define NTFS permissions for the file B. Configure access rights in Windows Firewall C. Only allow external access through a VPN D. Encrypt the file E. Use a proxy to provide access to the file
Answer: A. Define NTFS permissions for the file The NTFS file system provides a very granular set of rights and permissions that can be defined for any file or directory in Windows.
3-24. Which of the following would be associated with a certificate of destruction? A. Documentation is provided after a third-party has disposed of storage devices B. An operating system crash log is copied to a debug server C. A receipt is provided when selling used computers D. A report is provided after a network outage E. A document is provided with new storage devices to show bad sectors
Answer: A. Documentation is provided after a third-party has disposed of storage devices A certificate of destruction is provided by third-parties who provide data removal and destruction services. This certifies that the data is destroyed and provides a paper trail showing the disposition of the data.
3-21. Which of the following would be common filtering points for spam? A. Local email relay B. Firewall C. Switch interface D. Internet router E. Switch trunks
Answer: A. Local email relay It's common to catch unsolicited email at centralized points, such as the local mail gateway or at a cloud-based spam filtering email gateway. Most firewalls will not provide any significant spam filtering.
3-7. What term best describes the fraudulent gathering of sensitive information through look-alike web pages? A. Phishing B. Adware C. Spam D. Trojan
Answer: A. Phishing The bad guys have gotten very good at creating web pages that look exactly like your bank web site, and unfortunately they have gotten really good at tricking people into typing in their personal information. The incorrect answers: B) Adware Adware is malicious code that sneaks onto your computer for the purpose of showing advertising. C) Spam Spam has many definitions, but it's always delivered through email and it's almost always unwanted. Fortunately, spam isn't necessarily responsible for sending private information to the bad guys. D) Trojan A Trojan is a program that pretends to be one thing but is actually something else (usually something more sinister). This often arrives as an attachment in spam and is usually has a filename that looks fun or interesting.
3-56. You have applied some read-only NTFS permissions to an important folder containing spreadsheets, and you've applied it to all users. However, a member of the accounting department connects across the network and has share permissions that allow writing to the folder. What type of access to the spreadsheet would the accounting department user ultimately have? A. Read only B. Write only C. Read and write D. No access
Answer: A. Read only When examining different NTFS and share rights, the most restrictive right always wins when a conflict occurs.
3-5. What process should you follow in Windows 8.1 to edit system configuration files? A. Run the editor as Administrator B. Start Windows 8.1 in Safe Mode C. Run the Windows Startup Repair utility D. Modify the files in System Information E. Make the changes in the Windows Registry Editor
Answer: A. Run the editor as Administrator During normal use, all user processes run normally without any special permissions. To perform a procedure that required elevated rights and permissions, you need to select the option to run the application as Administrator.
3-22. What security feature keeps mobile apps from accessing your private information? A. Sandbox B. VPN C. On-device encryption D. Anti-virus E. Mobile device manager
Answer: A. Sandbox On a mobile device, all applications run in a "sandbox," which limits the access of the application to the other portions of your mobile device. If an application needs access to resources such as your contact list, it must explicitly ask you for that permission.
3-90. Which of the following would be commonly associated with shoulder surfing? A. Someone watches you use your credit card number at a coffee shop B. You spoof the IP address of a router to intercept Internet communications C. The most common set of possible passwords is attempted D. A web page looks like your bank login, but it's actually an untrusted server E. Malicious software installs itself invisibly into your operating system kernel
Answer: A. Someone watches you use your credit card number at a coffee shop Shoulder surfing is a relatively low-tech form of surveillance because it's as easy as watching the screen of someone else's computer.
3-30. What would you commonly expect if too many invalid login attempts are made to Windows Domain credentials? A. The account will be administratively locked B. The login device will be blocked from making any additional login attempts C. The account will be automatically deleted D. A message will be sent to the system administrator E. The device that's authenticating will automatically shut down
Answer: A. The account will be administratively locked Most operating systems will react to multiple invalid login attempts by locking the account to prevent any potential logins. The account will need to be administratively unlocked before a legitimate login can occur.
3-87. What happens if the failed passcode lock attempt security option is activated in Apple iOS? A. The device erases itself after 10 failed attempt B. The passcode will randomly change after every 10 attempts C. The device locks and requires a Google login D. An email will be sent to the device owner after 10 failed attempts E. The device locks and an email is sent to the owner of the device
Answer: A. The device erases itself after 10 failed attempt If you have configured an iOS device with the "Erase Data" passcode lock option, all data will be deleted after 10 failed passcode attempts.
3-94. Which of the following is NOT true when determining NTFS vs. Share permissions? A. The most permissive setting wins B. Share permissions only apply to connections over the network C. NTFS permissions apply to both local and network connections. D. Permissions are inherited from the parent object, unless the resource is moved to a different folder in the same volume
Answer: A. The most permissive setting wins When calculating permissions, the most restrictive setting always wins.
3-76. What type of security technology is commonly active when security token generators are used? A. Two-factor authentication B. Anti-malware C. Strong encryption D. Hashing
Answer: A. Two-factor authentication Two-factor authentication consists of at least two factors of something you know (a password), something you have (a token generator), and something you are (fingerprint or other biometric).
3-38. Which of these commands is used to view Windows shared resources on the local computer? A. net share B. net use C. net resource D. net folder E. net cache
Answer: A. net share The "net share" command can be used at the command prompt to view all shared resources on the local device. You can also view this in the GUI from Computer Management / Shared Folders.
3-48. Which of these would best describe a biometric access mechanism? Pick two. A. The outline of a door key B. A fingerprint C. A four digit PIN D. Voice recognition E. A physical access card F. A pseudo-random token generator
Answer: B. A fingerprint and D. Voice recognition A biometric is a way to authenticate that relies on a person's physical characteristics. In these examples, only the fingerprint and voice would be a biological mechanism.
3-98. Which of these best describes a zero-day threat? A. A vulnerability is stopped by the IPS when new signatures are installed B. A vulnerability is exploited before a security notice is published C. An attack has been unable to infect any remote devices D. A patch for a vulnerability has been distributed on the same day as the vulnerability announcement E. An exploit has been identified for a vulnerability that was patched two weeks ago
Answer: B. A vulnerability is exploited before a security notice is published A zero-day vulnerability is one that is exploited before anyone can react to the vulnerability. We would normally install patches, configure IPS signatures, or use firewall rules to stop any known vulnerability, but a zero-day attack is one that occurs before any of those mitigation techniques have been taken.
3-3. Which of these would be considered an untrusted software source? A. Applications from well-known publishers B. Applications from third-party sites C. Digitally-signed applications D. Applications created internally
Answer: B. Applications from third-party sites Untrusted sources of software come from unknown publishers, links in an email, drive-by downloads, and applications from little-known third-party sites.
3-95. How often should operating system patches be deployed? A. Once a month B. As soon as they are available C. After the release of a consolidated service pack D. Once a week E. There's no ongoing requirement to patch the operating system
Answer: B. As soon as they are available Operating system patches often include security updates, so it's important to test and deploy any updates as soon as possible.
3-58. Which of these best describes a rootkit? A. Replicates itself without any human intervention B. Can be invisible to the operating system C. Tricks the user into providing private information D. Controlled from a central network source E. Encrypts drive contents and requires payment to decrypt
Answer: B. Can be invisible to the operating system Rootkits are unique in their invisibility, and it's difficult to find and remove a rootkit because of its stealth-like nature.
3-97. Which one of these would be the most likely to require a UAC escalation? A. Burning a DVD B. Configuring Remote Desktop C. Using the network D. Changing your password
Answer: B. Configuring Remote Desktop User Account Control (UAC) is a security feature that allows normal use of the computer but restricts any functionality that might be a security concern. It also sometimes requires a lot of clicking.
3-60. Which of the following would be the best way to protect a laptop from physical theft when outside of the office? A. Require a secondary factor of user authentication B. Connect the laptop to a cable lock C. Make sure all operating system patches are installed D. Use a VPN on all external networks E. Keep your anti-virus signatures updated
Answer: B. Connect the laptop to a cable lock Most laptops include a reinforced locking notch for securely attaching a cable lock. These locks are attached to a metal cable and can be wrapped around a table or piece of furniture.
3-80. Which of these would best describe the effect a degausser would have on a hard drive? A. Remove all encrypted files B. Delete all data and render the drive unusable C. Delete all duplicate files D. Delete all data and prepare the drive for a fresh OS install E. Delete data in unused drive sectors
Answer: B. Delete all data and render the drive unusable Degaussing a hard drive deletes both the data and the underlying code required to operate the drive. A degaussed hard drive would be completely unusable afterwards.
3-43. Which of these would you expect to find in a user's account profile? A. Smart card information B. Group memberships C. Password hash D. PIN code
Answer: B. Group memberships An account profile contains information about the user, and generally does not include account credentials or security identifiers.
3-41. Which of these would be an authentication factor that is something you have? Pick two. A. Password B. Hardware Token C. User Name D. Answer to a security question E. Smart Card
Answer: B. Hardware Token and E. Smart Card A security factor of "something you have" would be a physical device such as a smart card, USB token, or an SMS message on your phone.
3-51. Which of these would be the best description of social engineering? A. Guessing a password based on the most common options B. Impersonating a help desk technician over the phone C. Installing malware that is invisible to the operating system D. Malware that self-replicates between computers E. Viewing another user's computer screen from a distance
Answer: B. Impersonating a help desk technician over the phone Social engineering manipulates people to circumvent security controls. One common method of social engineering is impersonating a trusted authority to gain access to information.
3-79. Which of the following would be the best reason not to use WPS on your wireless router? A. The WPS process contains a cryptographic vulnerability B. It's easy to brute force the WPS PIN C. WPS is only available for Windows devices D. The WPS process is too complex for most people E. WPS only protects outgoing traffic
Answer: B. It's easy to brute force the WPS PIN The WPS (Wi-Fi Protected Setup) feature on many wireless routers was designed to provide an easy way for other devices to connect to a secure network. Unfortunately, it's very easy to brute force the WPS PIN to gain unauthorized access to a WPS-enabled network.
3-34. What does autorun do? A. Starts the operating system from the boot loader B. Launches a program when a removable storage devices is connected C. Automatically loads previously closed tabs when a browser is started D. Starts the cooling fan when the internal temperature reaches a threshold
Answer: B. Launches a program when a removable storage devices is connected Autorun in Windows XP and Windows Vista was found to be a significant security issue. The feature has been disabled in Windows 7 and later.
3-92. Which of the following is required to enable full device encryption in the Windows Phone OS? A. NTFS B. Microsoft Exchange C. BitLocker D. TPM E. EFS
Answer: B. Microsoft Exchange Microsoft supports full device encryption when the Windows Phone is used with Microsoft Exchange.
3-77. Which of these would be best practices for creating complex passwords? Pick two. A. Use single words B. Mix upper and lower case C. Use special characters D. Use 7 characters or fewer E. Use something you can remember, i.e., child or pet name
Answer: B. Mix upper and lower case and C. Use special characters The best passwords are longer than 8 characters and use letters, numbers, and special characters.
3-54. Which of these would a mantrap prevent? A. Simultaneous logins from multiple locations B. More than one person through an entrance at a time C. Database injection attacks from outside of the network D. Inappropriate use of company assets
Answer: B. More than one person through an entrance at a time A mantrap is a physical entrance that limits access to an area to only one person at a time.
3-2. Which of these is most associated with the 802.1X standard? A. Ethernet topology B. Network Access Control C. Ethernet trunking D. Spanning Tree Protocol
Answer: B. Network Access Control 802.1X defines Network Access Control, which is a way to securely provide access to a network.
3-78. Which of the following would not be true of a VPN concentrator? A. Includes specialized cryptographic software B. Only available as a hardware appliance C. Can often use built-in software on the end station D. Encrypts and decrypts all data traversing the concentrator
Answer: B. Only available as a hardware appliance VPN concentrators are commonly hardware appliances, but there are many software-based VPN solutions available.
3-35. The theft of personal information is a widespread problem for network security professionals. What's the most common method for tricking a user into divulging their personal account details? A. Spam B. Phishing C. Social engineering D. Spyware E. Trojan horse
Answer: B. Phishing Although many of these methods can ultimately be used to steal private data, phishing is the most common method of obtaining this information. A phishing site often appears to look like a legitimate site, but the web pages are actually hosted by the bad guys. With this web page doppelganger in place, it's easy to fool people into freely giving their username, password, and other personal details.
3-61. In Windows 7, which of these would delete all data from a hard drive so that the data was unrecoverable? A. DISKPART B. Regular format C. FDISK D. Quick format
Answer: B. Regular format Beginning with Windows Vista, a full or regular format in Windows will write zeros to the entire disk. This means that none of the data after a regular format would be recoverable. A quick format only overwrites the master file table, and many third-party recovery applications could potentially recover the data.
3-9. What would you commonly secure with BitLocker To Go? A. Windows system volumes B. Removable USB flash drives C. DVD-ROM volumes D. VPN connections E. Laptop storage drives
Answer: B. Removable USB flash drives BitLocker To Go is designed to provide the full-disk encryption capabilities of BitLocker to removable USB flash drives.
3-71. Which of the following categories of malware is designed to monitor your surfing habits? A. Worm B. Spyware C. DDoS D. Shoulder surfing E. Spoofing
Answer: B. Spyware Spyware is especially good at logging your keystrokes and monitoring your browsing habits, and then sending that information back to a central server that's under the control of the bad guys.
3-32. Which of these best describes the policy of least privilege? A. A safe combination is shared among multiple people B. The shipping department is able to view orders but not modify orders C. All key owners must be present to option a lockbox D. A security audit is performed at regular intervals E. A network administrator has configuration rights to all switches and routers
Answer: B. The shipping department is able to view orders but not modify orders Least privilege describes the limits that are placed on a particular job function and they help determine exactly where those lines are drawn. You want to make sure that each job function has just enough rights and permissions to perform their job function, but you don't want to give more rights than necessary. In this example, the shipping department is able to view orders for the shipping process, but their job function does include changing or modifying any customer orders.
3-14. Which of these would be the result of SSID broadcast suppression? A. All wireless data will be encrypted B. The wireless network will not appear in the list of available networks C. Non-authenticated users will not be able to connect to the wireless network D. The network will be configured as an open wireless network E. Large bandwidth wireless transfers will be restricted
Answer: B. The wireless network will not appear in the list of available networks The SSID identifies the name of the wireless network, and suppressing the SSID broadcast will effectively remove the name of the wireless network from the list on your mobile device. This isn't a security feature, however. If you know the SSID name, you can still connect.
3-8. You would like to improve the security on your network by adding an additional authentication requirement to access network resources, especially over a VPN. What's the best network security technology to address this requirement? A. BIOS passwords B. Token generators C. Software firewalls D. Require NTFS file systems
Answer: B. Token generators A pseudo-random token generator can provide an additional authentication requirement that consists of "something you have." Unless you physically have the token generator, you can't authenticate. A simple username and password just isn't good enough!
3-63. Which of these would commonly be identified by DLP? A. Known operating system vulnerabilities B. Unencrypted credit card numbers C. Unauthorized web site URLs D. Port scans E. Zero-day vulnerabilities
Answer: B. Unencrypted credit card numbers Most DLP (Data Loss Prevention) solutions can identify sensitive data traversing the network. These DLP systems can send an alarm or block network traffic if this traffic is identified.
3-73. One of your executives has asked you to remove a sensitive file from your server, and the removal must not be reversible. What is the most efficient and effective way to ensure that this file cannot be recovered? A. Format the entire volume and reload the data B. Use a secure file delete utility C. Remove all permissions from the file and delete it normally D. It is not possible; files can always be recovered from disk
Answer: B. Use a secure file delete utility There are many utilities that can securely delete individual files, including sdelete from Microsoft's Sysinternals library.
3-13. Which of these security features would prevent a computer from booting an operating system without the correct password? A. Windows Login Screen B. User BIOS password C. Encrypting File System D. NTFS
Answer: B. User BIOS password The User BIOS Password requires a password before the computer will load any operating system.
3-69. You're configuring a wireless access point, and you want to be sure your communications are secure. Which wireless configuration setting can render your network communication unreadable to others? A. SSID broadcast B. WPA2 C. MAC filtering D. Channel/Frequency
Answer: B. WPA2 WPA2, or Wi-Fi Protected Access, is an encryption type used on wireless networks. With WPA2 enabled, all of the wireless communication may be intercepted as it travels through the air, but the resulting data is encrypted and therefore unreadable.
3-53. Which of these would you need to deguass a hard drive? A. An industrial shredder B. The original Windows installation media C. A large magnet D. A drill E. None of these
Answer: C. A large magnet A deguassing tools is designed to demagnetize all of the information on a magnetic media, such as a hard drive, tape drive, or solid state drive. This very strong magnetic field will destroy both data on disk and any data stored in electronics or ROMs. Degaussing a hard drive will render it unusable.
3-1. What kind of document would detail a specific set of rules for network use? A. End User License Agreement B. Statement of Work C. Acceptable Use Policy D. Shrink-wrap License E. Privacy Policy
Answer: C. Acceptable Use Policy An acceptable use policy (AUP) is a well-documented set of rules that most organizations will provide to their network users. These AUP rules are often so important that the users must sign the rules before gaining access to the network.
3-27. Which of these would be the best way to avoid showing a Windows share in a list of available resources? A. Configure Windows Firewall to filter the share name B. Modify the registry on the device hosting the share C. Add a dollar sign to the end of the share name D. Enable the "Hidden" share permission E. Disable NetBIOS over IP
Answer: C. Add a dollar sign to the end of the share name Windows will hide a share name if a dollar sign has been added to the end of the name. This does not prevent access or add any additional security, but it will hide the share name from a list of available resources.
3-101. Which of these would be the best way to secure unused interfaces on a switch? A. Configure the interfaces with an unused VLAN B. Put empty RJ45 connectors in the unused ports C. Administratively disable all unused interfaces D. Configure the interfaces to use multifactor authentication E. Enable auto negotiation on the unused interfaces
Answer: C. Administratively disable all unused interfaces The best way to prevent anyone from connecting to an unused interface is to administratively disable the interface on the switch.
3-52. Which of the following attacks would most likely cause a web server to become unresponsive? A. Man-in-the-middle B. Social engineering C. DDoS D. Brute force E. Trojan horse
Answer: C. DDoS A DDoS (Distributed Denial of Service) attack commonly uses hundreds or thousands of devices to overwhelms the resources of a website or service.
3-66. What kind of attack breaks into a system by trying the most common passwords? A. Man-in-the-middle B. Denial of service C. Dictionary attack D. Spoofing E. Rootkit
Answer: C. Dictionary attack Instead of trying every possible combination of characters, a dictionary attack will try the most common passwords to see if it can quickly gain access to a system.
3-42. Which of these would be the best way to enable manual IP addressing on a SOHO network? A. Create a pool of IP address in the wireless router B. Configure each device to be in a different VLAN C. Disable DHCP on the wireless router D. Configure NAT on the SOHO router E. Build a separate DMZ network for all servers
Answer: C. Disable DHCP on the wireless router DHCP (Dynamic Host Configuration Protocol) is used to automatically assign IP addresses. In a SOHO network, the DHCP server is often running on the wireless router.
3-99. Which of the following would best describe a physical access list containing a list of names that is enforced by a security guard? A. Multi-factor authentication B. Mantrap C. Entry control roster D. Privacy filter E. Biometric
Answer: C. Entry control roster An entry control roster can be as simple as a clipboard with names on it, and a security guard is in charge of allowing or denying access based on this list of names.
3-102. Biometrics can be useful for security authentication. Which of these is an example of a biometric? A. Smart card B. Token generator C. Fingerprint D. Strong password
Answer: C. Fingerprint Fingerprint readers are great biometric authentication tools because they use a piece of biology that only one person (usually) has. The incorrect answers: A) Smart card - Smart cards are useful for authentication because they are something you have (the smart card) and can be used in conjunction with something you know (your username and password). Since they're not part of you, they don't qualify as a biometric. B) Token generator - Token generators are also useful items that are "something you have." Unfortunately, they also don't qualify as a biometric. D) Strong password - Although strong passwords are stored in your brain, they don't quite qualify as a biometric.
3-59. Which of these would be most likely to proxy network traffic? A. Anti-virus software B. NTFS file permissions C. Firewall D. Anti-malware software E. IPS
Answer: C. Firewall Some firewalls can filter traffic by port number, application, and proxy network traffic flows.
3-37. Which of the following would be the best way to avoid infecting a mobile device with malware? A. Only install APK files B. Sideload all mobile device applications C. Install apps from the mobile device app store D. Only install apps that have been emailed directly to you E. Download the app from a non-curated website
Answer: C. Install apps from the mobile device app store The Apple App store, Google Play, or the Windows App Store are trusted sites that have curated and tested applications to minimize the potential for any malicious software.
3-93. Which of these would be the best choice to prevent communication to a wireless access point? A. SSID broadcast suppression B. Static IP addressing C. MAC filtering D. Modification of the default access point username and password
Answer: C. MAC filtering The MAC address is a hardware address associated with a network adapter. By filtering specific MAC addresses on an access point, you can limit the devices that can communicate to a network device. SSID broadcast suppression limits visibility of the wireless network, but does not prevent communication. Static IP address also does not prevent communication to an access point.
3-68. Which of these file permissions would apply to someone local on a computer as well as someone connecting to the computer over the network? A. Share B. Ethernet C. NTFS D. TCP/IP
Answer: C. NTFS NTFS permissions are associated with the file system of a computer and would therefore apply to anyone accessing a file, regardless of their location.
3-86. You're interested in doing some work on your laptop at the local coffee shop, but you're concerned with the security of the public wireless network. What can help protect your computer while you're using this public network? A. Two-factor authentication B. DSL router C. Personal firewall D. Peer-to-peer networking
Answer: C. Personal firewall A software-based personal firewall can help protect your computer from attacks, and it's especially useful when you're on a public network. With this software-based firewall enabled, you'll know that your computer is protected from unauthorized access while simultaneously allowing you to use the network normally. Don't leave home without it!
3-64. Which of these would be the best description of a security vulnerability that modifies core system files and can be invisible to the operating system? A. Worm B. Phishing C. Rootkit D. Virus E. Botnet
Answer: C. Rootkit A rootkit is designed to embed itself as deep as possible in the operating system. Some rootkits can exist in the kernel, making them effectively invisible to the operating system itself.
3-28. Your company has just digitally imaged a year of corporate tax documents. Which of these would be the best way to dispose of the paper copies? A. Personally take the paper copies to the garbage bin B. Dispose of the paper at an off-site garbage facility C. Shred the paper documents D. Leave the documents with building security
Answer: C. Shred the paper documents Sensitive information should be rendered unreadable before they are put into any garbage facility.
3-18. Which of the following are not common methods of unlocking the screen of a mobile device? A. Fingerprint B. Passcode C. Smart card D. Face recognition E. Swipe pattern
Answer: C. Smart card Although smart cards are common authentication systems on laptop and desktop computers, it's not common to find a smart card slot on a mobile device.
3-46. During a normal workday, you receive a call at your desk asking for information about a recently submitted help desk ticket. Two things are remarkable about this particular call; you notice that the call is coming from an outside line, and you don't have any recent help desk tickets. What security exploit should you be concerned about? A. Phishing B. Spyware C. Social Engineering D. Baiting
Answer: C. Social Engineering If someone is trying to communicate directly with you to obtain restricted information, there's reason to be concerned. As modern day technological con men, social engineers are very good at getting information from you while your guard is down. The incorrect answers: A) Phishing is the gathering of sensitive information through fraudulent emails or web pages. A phishing page will look exactly like your bank's login page, but your user credentials are sent to the bad guys instead of your financial institution. B) Spyware runs on a your local computer and gathers information about your surfing habits, keystrokes, and gathers other information that the bad guys can use to exploit your computer or personal information. D) Baiting is a technique that plants a piece of media (CD-ROM, memory stick) in an area where it can be found. The media usually contains a Trojan Horse or other malicious software that can open your system for attack, install keyboard loggers, or other bad, bad things.
3-62. You've found a USB memory stick in the parking lot at your office. Which of these security exploits may be at work? A. Spyware B. Virus C. Social engineering D. Application vulnerability
Answer: C. Social engineering One of the most difficult security exploits to identify is the one that has very little to do with technology. Enticing someone into putting a USB memory stick into their office computer is one of the more common social engineering techniques. Once the social engineering exploit has worked, the USB key will usually load some type of malicious software onto the computer.
3-96. Which of these would best describe a code sent to your phone using SMS? A. Something you know B. Something you are C. Something you have D. Somewhere you are E. Something you do
Answer: C. Something you have One authentication factor might be to verify something that might be physically associated with a person. Our phone is a very common personal physical item that can be used as an authentication method, and one way to do this is by sending a verification code to a phone using a text message (SMS).
3-40. Which of these events would commonly involve a hash? A. Copy data to a USB memory stick B. Start your browser C. Store a password D. Install a new hardware driver
Answer: C. Store a password To protect the original password, the plaintext of the password is usually hashed. This hashed data is stored as the password and the hashing is recreated and compared with each authentication attempt. Since the hash cannot be reversed, the original password text remains private.
3-4. What does it mean when a mobile device application runs in a "sandbox?" A. The application has full access to the mobile device storage and memory B. The application will only use a specific amount of memory C. The application will only have access to specific data sources D. The application will automatically build links to other data sources as required
Answer: C. The application will only have access to specific data sources Each application is designed to operate in its own little "world" where it has limited access to anything else on the mobile device. If required, the user can allow the application to access external data sources. For example, a contact list application may request permission to view the contact list on the mobile device, and the user must interactively provide this access.
3-25. What happens if the failed passcode lock attempt security option is activated in Android OS? A. The device erases itself after 10 failed attempts B. The passcode will randomly change after every 10 attempts C. The device locks and requires a Google login D. An email will be sent to the device owner after 10 failed attempts
Answer: C. The device locks and requires a Google login The Android OS will counter failed consecutive passcode attempts by requiring a full login into Google.
3-89. What does an SSID represent? A. The type of 802.11 standard in use B. The manufacturer of a wireless access point C. The logical name of the wireless network D. The strength of the wireless signal
Answer: C. The logical name of the wireless network A wireless Service Set Identification is the name of the wireless network. This is the name that appears when browsing for wireless networks, so it usually is a name that is familiar to people who are looking to connect.
3-81. You've moved a file from one folder on an NTFS volume to another folder on the same NTFS volume. What has happened to the permissions of the file after the move? A. The permissions are inherited from the new parent object B. The permissions are reset to default C. The original permissions are retained D. The permissions are inherited from other files in the new folder
Answer: C. The original permissions are retained If a file is copied from one location to another, the newly created file will inherit the permissions from the parent object. If a file is moved, however, the only thing that changes is the pointer to the file location; the moved file is essentially the same file, so none of the permissions are modified. The moved file will have the exact same permissions it had before the move.
3-10. Which of the following would be true of a password recovery process? A. The process should be automated and seamless B. Passwords can be sent to registered email addresses C. The recovery process should not be trivial D. Server passwords do not need to be regularly changed E. The recovery process should reset to a well-known password
Answer: C. The recovery process should not be trivial The password recovery process is the only thing between your network resources and an illegitimate user. The process for resetting the password and recovering the account should be a formal process with many checks and balances.
3-39. What category of malicious software gains access to your system by disguising itself as something nonthreatening? Choose the best answer. A. Virus B. Worm C. Trojan horse D. Spyware E. Rootkit
Answer: C. Trojan horse Trojan horse software is especially sneaky because it pretends to be something fun or unassuming in the hopes that you'll run the program and, in turn, infect your computer.
3-47. What is the security threat that best describes malicious software that uses humans as the method of distribution? A. Social engineering B. Worm C. Virus D. Tailgating E. Man-in-the-middle
Answer: C. Virus A computer virus doesn't have the ability to replicate on its own, so it relies on humans to click a button or run an application to execute and spread.
3-72. Which of these would be the best encryption type to use on a wireless network? A. 802.1X B. WEP C. WPA2 D. TKIP
Answer: C. WPA2 WPA2 is the most secure encryption type to use on wireless networks.
3-12. Which of these is true about high-level formatting? A. A drive cannot be used again after a high-level format B. The high-level formatting process is always done at the factory C. All data is securely deleted after a high-level format D. A high-level format can be performed by the operating system
Answer: D. A high-level format can be performed by the operating system A high-level format is almost always done by the operating system, and it's designed to initialize the drive or partition for use by the OS.
3-17. What is the fundamental characteristic that defines a computer worm? A. A worm causes massive operating system outages B. A worm intentionally modifies the contents of files C. A worm captures keystrokes D. A worm can replicate itself without any user intervention E. A worm pretends to be a legitimate application
Answer: D. A worm can replicate itself without any user intervention There are good worms and bad worms, but the thing that sets a worm apart from a virus or spyware is its unique ability to replicate without user intervention. A worm can move from machine to machine without a user clicking any buttons or actively running any programs.
3-91. Which of the following best describes the list of permissions associated with operating system objects? A. Network shares B. Usernames C. Multifactor authentication D. ACLs E. Process IDs
Answer: D. ACLs An access control list (ACL) is a way to associate permissions with an object. This is the method used toconfigure permissions in operating systems, network devices, file systems, and more.
3-75. How does a blacklist of outbound traffic work in a SOHO network? A. All traffic is blocked by default, and only specified traffic types are allowed B. All inbound traffic to a server is redirected to the internal address C. All outbound traffic uses a proxy D. All traffic is allowed, but certain traffic types are administratively blocked E. No outbound traffic is allowed
Answer: D. All traffic is allowed, but certain traffic types are administratively blocked A network blacklist is a security technique that allows all traffic except the items listed on a blacklist.
3-6. Which of the following would be the best way to stop malicious code when it tries to execute in main memory? A. Host-based firewall B. DLP application C. Access control list D. Anti-virus application E. NTFS file system
Answer: D. Anti-virus application An anti-virus and anti-malware application is designed to stop malicious code from executing on your computer.
3-100. What kind of attack would attempt to identify a password by attempting every possible combination of letters, numbers, and symbols? A. Dictionary attack B. Denial of service C. Rootkit D. Brute force attack E. Phishing
Answer: D. Brute force attack A brute force attack is commonly used to identify a password by attempting every possible combination until the password is discovered.
3-33. How does the Windows AutoRun feature work with USB drives in Windows 7? A. Enabled by default B. Enabled with a registry change C. Disabled with a security path D. Disabled completely
Answer: D. Disabled completely In Windows 7, the AutoRun feature was completely disabled for any device that mounts as a USB drive.
3-55. Which of the following is true regarding explicit and inherited permissions in Windows? A. Implicit permissions take precedence over explicit permissions B. Inherited permissions are propagated from the child object to the parent object C. Implicit permissions must be administratively assigned D. Explicit permissions take precedence over inherited permissions E. If you apply a permission to a parent object, it does not apply to any child objects
Answer: D. Explicit permissions take precedence over inherited permissions In Windows, a permission that has been explicitly defined takes precedence over any permissions that may have been inherited from other objects. Child objects inherit their permissions from the parent object.
3-103. What primary method does a locator application use to help identify the location of a mobile device? A. Time of day B. Last known application used C. Temperature D. GPS E. Cloud storage information
Answer: D. GPS The GPS in a mobile device is used for many different applications, but the GPS becomes most important when trying to locate a missing mobile phone.
3-49. What type of business policy would provide you with only the rights necessary to perform your job? A. Split knowledge B. Dual control C. Separation of duties D. Least privilege
Answer: D. Least privilege Least privilege is a policy that sets security limits that are tightly associated with a business task or person. Generally, management gets to choose the rights based on business requirements and the security team gets to administer the rights.
3-16. Which of the following file systems can support EFS? A. FAT B. FAT32 C. HPFS D. NTFS
Answer: D. NTFS The NTFS file system allows for many capabilities, and EFS (Encrypted File System) is one of those enhancements. If you're using a supported version of Windows, you can encrypt your files to prevent anyone else from seeing the contents. The encryption and decryption process is done seamlessly in the operating system.
3-67. Which of these would be the most likely reason for creating a BIOS user password? A. Disable the Windows login prompt B. Restrict the sharing of resources across the network C. Prevent the modification of any BIOS settings D. Prevent booting until the correct password is provided E. Reset the Windows login credentials
Answer: D. Prevent booting until the correct password is provided The user password in a BIOS prevents the system from starting the operating system until the correct password is provided.
3-65. Which of these security prevention methods would be the most useful when traveling with your laptop? A. Mantrap B. Access control list C. Data loss prevention D. Privacy filter E. Email filtering
Answer: D. Privacy filter A privacy filter on your laptop's LCD display can prevent others from viewing your screen in a public area.
3-84. What type of malware would encrypt all of your personal documents and require you to pay to obtain the decryption key? A. Phishing B. Trojan horse C. Man-in-the-middle D. Ransomware E. Spyware
Answer: D. Ransomware Ransomware effectively holds all of your personal documents, pictures, movies, and other files for ransom until you pay the amount requested by the bad guys.
3-82. Which of these permissions apply only to connections made over the network? A. NTFS B. Ethernet C. FAT32 D. Share
Answer: D. Share Share permissions are created and managed when using network shares, so the use of them would be limited to access over the network. Users that were on the same device as the share would not be subject to share-level permissions.
3-83. Why are most 802.11b access points configured to use channels 1, 6, or 11, but rarely the channels inbetween? A. The other channels are government-restricted B. The other channels provide slower bandwidth C. The other channels are reserved for VoIP communication D. The other channel frequencies overlap each other
Answer: D. The other channel frequencies overlap each other The 2.4 GHz frequencies in 802.11b or 802.11g can be configured to use channels 1 through 14, but the frequency overlaps between the channels would create conflicts if multiple access points are used in close proximity. Channels 1, 6, and 11 are far enough apart from each other that a frequency conflict would never arise.
3-45. You'd like to use your laptop at the local coffee shop, but you're concerned about the open Wi-Fi access. What Windows component can prevent others at the coffee shop from accessing your computer? A. Anti-virus software B. NTFS file system C. Windows Update D. Windows Firewall
Answer: D. Windows Firewall The built-in Windows Firewall creates a stateful firewall that allows applications to communicate out from your laptop, but prevents anyone else from sending unwanted information into your computer.
3-19. When would you use MAC filtering on your wireless network? A. You want to prevent your wireless network from appearing in a search list B. You want to require encrypted communication on your wireless network C. You want to restrict all Apple computers from joining the wireless network D. You want to prevent specific workstations from joining the wireless network
Answer: D. You want to prevent specific workstations from joining the wireless network The Media Access Control address is a physical address that's hard-coded into network adapters. Most wireless access points will provide a way to allow or restrict access based on this address. This isn't foolproof, since many network adapters also allow you to modify the MAC address value.
3-57. Which of the following would be true when using a company's mobile device manager? A. Screen locks and PINs would be required B. The camera can be administratively disabled C. The name and type of applications can be specifically defined D. Data can be encrypted by default E. All of these would be common when using a mobile device manager
Answer: E. All of these would be common when using a mobile device manager A mobile device manager (MDM) is commonly used to control many aspects of a mobile device, especially in a company setting. Many MDMs will control all or part of a mobile device so that the company's applications and data will remain secure.
3-26. Which of these would be a characteristic of the Windows SSO process? A. Access times to stored data is increased B. Wireless network encryption is integrated C. File permissions can be defined for all Windows users D. All network communication is encrypted by default E. Credentials are only required during the initial login process
Answer: E. Credentials are only required during the initial login process SSO (Single Sign-On) is a process where you provide login credentials one time and access to other allowed resources are provided without any additional authentication.
3-23. Which of the following would be the best way to allow a system account to operate properly, but prevent any logins across the network? A. Change the ownership of the user documents B. Only allow access during certain hours of the day C. Disable the network connection on the device D. Change the password for the system account E. Disable interactive logins on the account
Answer: E. Disable interactive logins on the account It's important to disable any unused accounts, but some accounts must remain active for certain system processes to work properly. In these cases, the best practice is to keep the account active but disable any interactive logins for the account.
3-29. Which of these would best describe a device that was not an SOE? A. Upgradable B. Disabled C. Embedded D. Secure E. Non-compliant
Answer: E. Non-compliant A system configured as an SOE (Standard Operating Environment) has been tested and approved for use on the organization's network. If a system does not meet the SOE requirements, then it is a non-compliant system.
3-88. Which of the following would commonly be experienced by the end users during a man-in-the-middle attack? A. The mouse moves around the screen without any user interaction B. Usernames and passwords would be displayed on the screen C. Information is typed into fields without touching the keyboard D. A file copy would begin without any user intervention E. None of the above
Answer: E. None of the above Man-in-the-middle attacks are especially disconcerting because there's commonly no feedback that anything different is happening with the network traffic flow. Although a malicious attacker could inject information into the traffic flow, it's commonly done without any obvious feedback to the end users.
3-85. Which of the following commonly contain a digital certificate? A. DVD-ROM B. PIN C. Strong password D. MBR E. Smart card
Answer: E. Smart card A smart card often contains a digital certificate to create a unique card that cannot be duplicated elsewhere. It's common to use smart cards as authentication factors to use with passwords, PINs, fingerprints, and more.
3-74. If you modify your MAC address to appear as if you are a legitimate device on the network, what security threat would you be using? A. Social engineering B. Phishing C. Brute force D. Tailgating E. Spoofing
Answer: E. Spoofing Spoofing is a threat that changes one device to make it appear as if it is a different device. Changing MAC addresses and IP addresses are common ways to spoof a legitimate device.
3-70. Which of the following best describes remote backup on a mobile device? A. The backups occur when the device is physically connected to a computer B. The backups are stored in decrypted form for easy access C. The backups only contain mail, contacts, and calendar events D. The backups must restore to the same physical device E. The backups occur constantly to the cloud backup servers
Answer: E. The backups occur constantly to the cloud backup servers Remote devices that backup to the cloud perform backups constantly and keep an updated backup online at all times. If a device is lost, a replacement can be restored automatically from the remote backup.
3-31. Which of these would be the best reason for regularly changing a login password? A. The login process becomes more difficult when a history of passwords has been saved B. Secondary passwords are a separate factor of authentication C. The security of a password will age out over time D. Changing the password will refresh the firewall timers E. The scope of a potential attack would be reduced
Answer: E. The scope of a potential attack would be reduced If someone has discovered your password, you can limit the amount of time they can use those account credentials by changing the password to something different.
