CompTIA Security+ Practice Tests 1 89 question exams

How many rounds does DES perform when it encrypts plaintext? A.128 B.16 C.64 D.32

B. 16 DES uses 16 rounds of encryption. Incorrect Answers: DES does not use 32,64, or 128 rounds of encryption or decryption processes.

What size is the initilization vector (IV) for the Temporal Key Integrity Protocol (TKIP), used in the WPA standard? A.128-bit B.48-bit C.64-bit D.24-bit

B. 48-bit Correct Answer: The IV size for TKIP is 48-bit. Incorrect Answers: The only valid IV size for TKIP is 48-bit.

What size WEP key did the original IEEE 802.11b specification use? A.64-bit B.256-bit C.128-bit D.512-bit

A. 64-bit Explanation Correct Anwer: WEP key sizes are 64-bits (40-bit key and 24-bit initialization vector) or 128-bit (104-bit key and 24-bit initialization vector). The 802.11b standard called for a 64-bit key. Incorrect Answers: Neither 512-bit nor 256-bit are valid WEP key sizes. The original 802.11b standard called for a 64-bit key; the 128-bit key was developed after this standard was issued.

Which of the follow is a key agreement protocol used in pubic key cryptography? A.ECDH B.AES C.SHA-2 D.RSA

A. ECDH Elliptic Curve Diffie-Hellman (ECDH) is a key exchange protocol used in public key cryptography. It is used to negotiate, agree upon, and establish a secure session between two parties. Incorrect Answers: D.RSA (Rivest-Shamir-Adleman) is the most common public-private key generation algorithm used in public key cryptography. It is used to generate a public and private key pair. B.AES is the Advanced Encryption Standard, and it is not used in public key cryptography; it is a symmetric key cryptography algorithm. C.SHA-2 is the second iteration of the Secure Hashing Algorithm and is used to generate message digests for plaintext. It is not used in public key cryptography to exchange keys or establish secure sessions.

Risk assessment means evaluating which of the following elements? (Choose two.) A.Impact B.Threat C.Vulnerability D.Probability

A. Impact D. Probability Probability and impact values are evaluated and assessed during a risk assessment. Incorrect Answers: Threats and vulnerabilities do not have defined values.

Which of the following policy settings prevent a user from rapidly changing passwords and cycling through his or her password history to reuse a password? A.Minimum password age B.Password complexity C.Maximum password age D.Password history

A. Minimum password age Correct Answer: The minimum password age setting is used to force users to use a password for a minimum amount of time before they are allowed to change it. This prevents them from rapidly cycling through the password history to reuse an older password. Incorrect Answers: D.Password history simply records a previous number of passwords, so that they cannot be reused in the system. The maximum password age is used to expire a password after a certain time period. B.Password complexity enforces the use of longer password lengths and character spaces, increasing password strength.

Which of the following is a protocol used to obtain the status of digital certificates in public keys? A.OCSP B.ECC C.DHE D.RSA

A. OCSP The Online Certificate Status Protocol (OCSP) is used to obtain the revocation status of digital certificates. It is used as an alternative to certificate revocation lists and enables clients to request and receive the electronic status of digital certificates automatically and in real-time. Incorrect Answers: C.Diffie-Hellman Exchange (DHE) is a key negotiation and agreement protocol used in public key cryptography. D.RSA is the de facto standard used to generate public and private key pairs in a PKI. B.Elliptic curve cryptography (ECC) is a public key cryptography protocol used on small mobile devices, due to its low power and computing requirements.

Which of the following formal management efforts is designed to remediate security flaws discovered in applications and operating systems? A.Patch management B.Change management C.Upgrade management D.Account management

A. Patch management Patch management is the formal effort designed to remediate vulnerabilities and other software flaws on a regular basis. Incorrect Answers: C.Managing upgrades is part of a formal change and configuration management process. D.Account management is the process of provisioning and maintaining user accounts on the system. B.Change management is a formalized process that involves both long-term and short-term infrastructure changes, as well as configuration changes to hosts and networks.

Which of the following two ways typically separate network hosts for security purposes? (Choose two.) A.Physically B.Functionally C.Logically D.Geographically

A. Physically C.Logically Networks are typically separated for security purposes either physically, logically, or both. Physical separation involves separating network hosts by connecting them to different devices. Logical separation involves separating them through segmented IP subnetworks. Incorrect Answers: Separating network hosts either geographically or functionally does not contribute to security.

During which stage of a secure development model would you normally find steps such as requirements gathering, analysis, and diagram development? A.Security requirements B.Secure design C.Secure testing D.Secure implementation

A. Security requirements In the security requirements stage, requirements for different security functions are determined. Iterations of interviews and surveys might be developed and gathered and diagrams developed to show project milestones. C.During the secure testing phase of the secure software development model, software is measured or tested against security, functional, and performance requirements. This may include secure code review, application fuzzing, and vulnerability assessments, as well as penetration testing. B.In the secure design stage, different security functionality is designed into the application. D.During the secure implementation of software, security requirements are validated as implemented in the application.

Which of the following ports would be most likely to allow secure remote access into a system within a data center? A.TCP port 1701 B.UDP port 53 C.UDP port 123 D.TCP port 443

A. TCP port 1701 L2TP aligns to TCP port 1701, allowing secure remote access to a system through a VPN connection. Incorrect Answer: B.UDP port 53 aligns to the Domain Name Service (DNS), UDP port 123 is used by Network Time Protocol (NTP) services, and TCP port 443 is used by HTTP over SSL.

What type of organizations are the main users of an interconnection service agreement (ISA)? A.Telecommunications companies B.Government entities C.End users D. Sattelite providers

A. Telecommunications companies Telecoms use Interconnection Service Agreements. Incorrect Answers: B.Government entities use MOUs because contracts are not the primary method of agreements between entities of the same government but they do not use Interconnection Service Agreements because they don't run or manage Internet or Telecom traffic..

Which of the following describe a false reject rate? (Choose two.) ​ A.The error caused from rejecting someone who is in fact an authorized user ​ B.The error caused when an unauthorized user is validated as authorized ​ C.Type I error ​ D.Type II error

A. The error caused from rejecting someone who is in fact an authorized user C.Type I error A false reject rate (FRR) is the error caused from rejecting an authorized user; it is also called a Type I error. Incorrect Answer: A false acceptance rate (FAR) is the error caused when an unauthorized user is validated as authorized, also referred to as a Type II error.

Which of the following utilities are specifically used to diagnose DNS issues? (Select Two) A. nslookup B.dig C.Kali D.nmap E.ping

A. nslookup B.dig Correct Answers: Both dig and nslookup are designed to query DNS servers. Incorrect Answers: One might argue that Nmap and ping might be used to diagnose DNS, but neither of them are specifically for DNS queries. Kali is a Linux distro, not a utility.

Which of the following is an older form of attack where a malicious/compromised Web site places invisible controls on a page, giving users the impression they are clicking some safe item that actually is an active control for something malicious? A.Clickjacking B.Buffer overflow C.Man-in-the-browser D.Header manipulation

A.Clickjacking Clickjacking is almost never seen anymore as it's easy to detect this type of attack. incorrect Answers: D.Header manipulation means to add malicious information to HTTP headers. C.A man-in-the-browser attack means to add malicious information or code, often by using a Trojan horse. B.Buffer overflows attempt to access privilege escalation by forcing a buffer to cause an error.

What is the second step in the incident response life cycle? A.Detection and analysis B.Preparation C.Containment,eradication, and recovery D.Post-incident activity

A.Detection and analysis Detection and analysis is the second step of the incident response life cycle. Incorrect Answers: In order, the steps of the incident response life cycle are preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity.

If a person knows a control exists, and this control keeps him or her from performing a malicious act, what type of control would this be classified as? A.Deterrent control B.Preventative control C.Compensating control D.Corrective control

A.Deterrent control A deterrent control keeps someone from performing a malicious act, provided that he or she knows the control is there and is aware of the consequences for violating it. Incorrect Answers: B.The difference between a deterrent control and a preventive control is that it is necessary for a potential attacker to have knowledge of the deterrent control for it to be effective. Users do not have to have knowledge of a preventative control for it to function. D.A corrective control is used to correct a condition when there is either no control at all, or when the existing control is ineffective. Normally, a corrective control is temporary until a more permanent solution is put into place. C.A compensating control assists and mitigates the risk when an existing control is unable to do so.

During which type of assessment would penetration testers not have any knowledge about the network and network defenders have no knowledge of the test itself? A.Double-blind test B.Blind test C.Gray box test D.Black box test

A.Double-blind test In a double-blind test, testers have no prior knowledge of the network they are testing, and network defenders have no prior knowledge of the test and aren't aware of any attacks unless they can detect and defend against them. This test is designed to test the defenders' abilities to detect and respond to attacks and to test and exploit vulnerabilities on the network. Incorrect Answers: D.In a black box test, only the testers have no knowledge of details about this network configuration. This type of test is also referred to as a blind test. C.In a gray box test, the penetration tester may have some limited knowledge of the network or systems, gained from the organization that wants the test.

Which of the following is a form of intentional interference with a wireless network? A.Jamming B.Evil twin C.MAC spoofing D.SSID cloaking

A.Jamming Jamming is an intentional interference with the signal of a wireless network. It is often part of a DoS attack. Incorrect Answers: B.An evil twin attack is a rogue wireless access point set up to be nearly identical to a legitimate access point. D.SSID cloaking is a weak security measure designed to hide the broadcasting of a wireless network's service set identifier. C.MAC spoofing is an attempt to impersonate another host by using its MAC address.

All of the following are considered duties of a first responder to an incident, except: A.Notifying and coordinating with senior management and law enforcement officials B.Notifying the incident response team C.Determining the initial scope and impact of the incident D.Securing the scene

A.Notifying and coordinating with senior management and law enforcement officials Notifying and coordinating with senior management and law enforcement officials is normally the job of a senior leader within the incident response team. Incorrect Answers: The primary job of a first responder is to secure the scene. They are also responsible for notifying the incident response team and initially determining the scope, seriousness, and impact of the incident.

Which of the following types of public key cryptography uses a web of trust model? A.PGP B.RSA C.AES D.DHE

A.PGP Pretty good privacy, or PGP, is commonly used between individuals or small groups of people, and it normally does not require a public key infrastructure. It uses a web of trust model, which means that each individual has to be able to trust every other individual who uses PGP to encrypt and decrypt data sent and received by them. Incorrect Answers: B.RSA is the de-facto key generation protocol used in public key cryptography, and it is normally used in a public key infrastructure type of environment. D.Diffie-Hellman Exchange (DHE) is a key negotiation and agreement protocol that is used to exchange keys and establish a secure communications session. C.AES is a symmetric key protocol not used in public key cryptography.

Which of the following is an example of a trusted OS? A.SELinux B.Windows Server C.Windows 10 D.Ubuntu Linux

A.SELinux SELinux is the only example, from the answers given, of a trusted operating system. Incorrect Answers: These operating systems are not considered trusted operating systems, although they can be hardened to varying degrees.

Which of the following uses a management information base (MIB) to provide detailed device-specific information to a central management console? A.SNMP B.ACL C.SMTP D.Syslog

A.SNMP The Simple Network Management Protocol (SNMP) uses a management information base, or MIB, specific to each device and from which device information can be obtained. Incorrect Answers: A.SMTP, the Simple Mail Transport Protocol, is responsible for sending e-mail. D.Syslog is a log server found in UNIX and Linux systems. B.An access control list (ACL) resides on network devices and filters traffic coming into and out of a device.

Which of the following is not a characteristic of effective signage? A.Signage should indicate security checkpoints to report to in the event of an emergency requiring evacuation B.Signage should be placed in well-lit areas and not obstructed by large objects C.Signage should warn intruders away from restricted areas D.Signage should follow national and international standards for symbols and colors

A.Signage should indicate security checkpoints to report to in the event of an emergency requiring evacuation Signage should indicate the location and route to emergency evacuation exits, not security checkpoints, in the event of an emergency requiring evacuation. Incorrect Answers: All of these are invalid characteristics of good signage.

Which of the following enables a user to provide one set of credentials to the system and use those credentials throughout other interconnected systems? A.Single sign-on B.Multifactor authentication C.Single-factor authentication D.Pass-through authentication

A.Single sign-on Single sign-on is a method of authentication that enables a user to provide one set of credentials and use them throughout an interconnected network. Both Kerberos and Sesame protocols allow single sign-on. Incorrect Answers: B.Multifactor authentication refers to the use of several different factors to authenticate to a system, such as something you know, something you are, and something you have. Multifactor authentication can be used in a single sign-on environment but is not necessarily required. C.Single-factor authentication uses only one factor, such as something you know, to authenticate to a system. It can also be used in a single sign-on environment but is not required. D.Pass-through authentication can appear to be similar to single sign-on, but it requires all individual systems simply to accept credentials passed from another system without a unified approach.

Your organization wants you to create and implement a policy that will detail proper use of its information systems during work hours. Which of the following is the best choice? A.Due Care B.Acceptable-use polocy C.Service level agreement D.Access control policies

B. Acceptable use policies An acceptable-use policy details what is (and is not) acceptable for users to do during their working hours, including personal use and unacceptable activities on the company network, such as gambling and pornography. Incorrect Answers: A.Due care is an act performed by the company itself, and is not a user policy. C.Service level agreements are made between a company and a third party, such as a contractor or a supplier. D.Access control policies help protect against unauthorized access, both physical and logical, but they don't discuss how users can and cannot use systems.

If Bobby and Dawn exchange confidential encrypted e-mail messages using public and private key pairs, which of the following keys would Bobby need to encrypt confidential data in an e-mail message sent to Dawn? A.Bobbys public key B.Dawns public key C.Dawns private key D.Bobbys private key

B. Dawns public key To encrypt information that Dawn can decrypt, using public and private key pairs, Bobby would need Dawn's public key to encrypt data that only her private key can decrypt. Incorrect Answers: Encrypting with Bobby's public key would allow only Bobby's private key to decrypt the data, and only he would possess that. Bobby would not possess Dawn's private key to encrypt data to her, and then only her public key, which everyone would have, would be able to decrypt it, so there would be no confidentiality involved. Bobby would not use his private key to encrypt data, because only his public key can decrypt it, and everyone could have that key, so no confidentiality would be assured.

You have received reports that a number of hosts in your company's internal network are sluggish and unresponsive. After troubleshooting other items, you decide to use a sniffer to examine the network traffic coming into the host. You see that massive amounts of ICMP broadcasts are being sent on the network. The switch is having trouble processing all of this traffic, due to repeated ICMP replies, causing it to slow down. Which of the following is the most likely explanation for this? A.Phishing attack B.Flood attack C.Man-in-the-middle attack D.Malware attack

B. Flood attack A flood is a type of network attack based upon confusing a switch with ICMP traffic. Incorrect Answers: D.Malware would not cause a large volume of ICMP segments to be sent to a host. C.A man-in-the-middle attack attempts to break into an existing communications session, and is not a denial-of service attack. A.A phishing attack is a form of social engineering attack using e-mail.

Which of the following is an application designed to create and initiate files on a host to provide a fully functional virtual machine? A.Guest operating system B.Hypervisor C.Load balancer D.Host operating system

B. Hypervisor A hypervisor, also called a virtual machine monitor, is application software responsible for creating and managing virtual machines and their associated files on a host. D.The host operating system does not create or manage virtual machines; it merely shares resources with them. A.The guest operating system is the virtual machine itself and is managed by a hypervisor. C.A load balancer is other software or a hardware appliance responsible for balancing user requests and network traffic among several different physical or virtualized hosts.

Which of the following secure e-mail protocols is carried over an SSL or TLS connection and uses TCP port 993? A.POP3 B.IMAPS C.IMAP4 D.SMTP

B. IMAPS IMAPS (secure IMAP) is a secure version of the IMAP4 protocol used over SSL or TLS connections to provide for client e-mail security. Incorrect Answers: D.SMTP is a server-side e-mail protocol and is not used over SSL or TLS. SMTP uses TCP port 25. A.POP3 is a non-secure client-side e-mail protocol that uses TCP port 110. C.IMAP4 is a non-secure client-side e-mail protocol that uses TCP port 143.

Which of the following is the biggest risk involved in cloud computing? A. Lack of responsibility B.Lack of control C. Lack of availability D. Lack of accountability

B. Lack of control Lack of control over data and the infrastructure is probably the greatest risk to cloud computing. Incorrect Answers: D.Accountability and responsibility can be established through effective security controls and well-written service-level agreements. Cloud computing usually increases availability of data for users, since it is typically built on highly available, redundant infrastructures.

Which of the following can cause a successful attack on a system when a user enters malicious code or characters into a form field on a Web application? A.Lack of restrictive permissions on the Web form B.Lack of input validation C.Lack of properly formatted HTML D.Lack of adequate memory in a buffer

B. Lack of input validation A lack of input validation in the Web form field may allow certain types of attacks to take place when a user enters malicious or incorrect characters in the form. Incorrect Answers: A.Permissions do not affect the quality or type of input in the field, only who can access and perform actions on the form. D.Adequate memory in a buffer cannot perform input validation functions. C.Properly formatted HTML cannot perform input validation on a form field.

Which of the following is generally a script planted by a disgruntled employee or other malicious actor that is set to execute at a certain time? A.Virus B.Logic bomb C.Trojan horse D.Adware

B. Logic Bomb A logic bomb is simply a script that is set to execute at a certain time. Logic bombs are usually created by rogue administrators or disgruntled employees. Incorrect Answers: A.A virus is a piece of malicious software that must be propagated through a definite user action. C.A Trojan horse is a piece of software that seems to be of value to the user, but in reality is malware. D.Adware is usually annoying advertisements that come in the form of pop-up messages in a user?s browser.

Which of the following terms indicates the length of time a device is expected to last in operation, and only a single, definitive failure will occur and will require that the device be replaced rather than repaired? A.Mean time to replace B.Mean time to failure C.Mean time to recovery D.Mean time between failures

B. Mean time to failure The mean time to failure (MTTF) is the length of time a device is expected to last in operation. In MTTF, only a single, definitive failure will occur and will require that the device be replaced rather than repaired. Incorrect Answer: D.Mean time between failures (MTBF) represents the manufacturer's best guess (based on historical data) regarding how much time will pass between major failures of that component. This assumes that more than one failure will occur, which means that the component will be repaired, rather than replaced. C.Mean time to recovery (MTTR) is the amount of time it takes for a hardware component to recover from failure. A.Mean time to replace is not a valid term.

Which of the following technologies allows devices to communicate with each other at a very close range through radio signals by using a special chip implanted in the device, and may be vulnerable to eavesdropping and man-in-the-middle attacks? A.Infared B.Near-field communication (NFC) C.802.11 wireless D.Bluetooth

B. Near-field communication (NFC) Correct Answer: Near-field communication is enables devices to send very low-power radio signals to each other by using a special chip implanted in the device. This technology requires that the devices be extremely close or even touching each other. This technology is used for a wide variety of applications, including payments through NFC-enabled smartphones. Incorrect Answers: Neither 802.11 wireless nor Bluetooth technologies are used in this manner. Infrared does not use radio frequency technology; it enables communications between devices using a beam of light.

Which of the following forms of authentication pass credentials in clear text and is not recommended for use? A.CHAP B.PAP C.MS-CHAP D.EAP

B. PAP The Password Authentication Protocol (PAP) is an older authentication method that passes usernames and passwords in clear text. For this reason, it is no longer used. Incorrect Answers: A.CHAP, the Challenge Handshake Authentication Protocol, uses password hashes and challenge methods to authenticate to the system. Passwords are not passed in clear text with this protocol. C.MS-CHAP (Microsoft CHAP) is a Microsoft proprietary version of CHAP, native to Windows systems. D.The Extensible Authentication Protocol (EAP) is a modern authentication framework that can use various authentication methods. It also does not pass username and password information in clear text.

Which of the following algorithms won the U.S. government?sponsored competition to become the Advanced Encryption Standard (AES)? A.RC4 B.Rijindael C.Twofish D.Blowfish

B. Rijindael Rijindael was selected as the winner of the NIST competition and became the U.S. government?s Advanced Encryption Standard (AES). Incorrect Answers: C.Twofish, another symmetric algorithm, was one of the five finalists for the competition, but it did not win. D.Blowfish is also symmetric algorithm, but was not considered in the competition to be the AES. A.RC4 is a symmetric streaming cipher commonly seen in WEP and SSL implementations. It was not one of the finalists involved in the AES competition.

Fabian's new load balancer has a number of scheduling options and he's trying to decide the one to use. He wants to schedule load balancing such that the load balancer assigns to each server in order, then returns to the first server. What is this form of scheduling? A.Affinity B.Round robin C.First come D.On demand

B. Round Robin Round robin is a turn-based scheduling method where jobs are assigned to servers in sequential order. Incorrect Answers: A.Affinity scheduling means that the load balancer keeps a client's sessions connected to the server that's keeping the session. C&D. On demand and First come are meaningless terms created from the depths of your test writer's mind.

During which stage of a secure development model would you normally find steps such as secure code review, fuzzing, and vulnerability assessments? A.Secure design B.Security testing C.Secure implementation D.Security requirement

B. Secure testing During the secure testing phase of the secure software development model, software is measured or tested against security, functional, and performance requirements. This may include secure code review, application fuzzing, and vulnerability assessments, as well as penetration testing. Incorrect Answers: A.In the secure design stage, different security functionality is designed into the application. D.In the security requirements stage, requirements for different security functions are determined. C.During secure implementation of software, security requirements are validated as implemented in the application.

Which of the following are typically created for a single Web browsing session and are generally not carried across different sessions? A.Flash cookies ​B.Session cookies C.Locally shared objects ​ D.Persistent cookies

B. Session cookies Session cookies are used for a single Web browsing session only and are generally not carried across Web sessions. Incorrect Answers: D.Persistent cookies are saved and used between various Web sessions. A&C.Locally shared objects, also called flash cookies, are used for Web sites that use Adobe Flash content, and they can be persistent.

Which of the following statements best describes a buffer overflow attack? A.An attack that involves sending malicious XML content to a web application, taking advantage of any lack of input validation and XML parsing B.An attack that exceeds the memory allocated to an application for a particular function,causing it to crash C.An attack on a database through vulnerabilities in the Web application,usually in user input fields D.An attack that uses unexpected numerical results from a mathematical operation to overflow a buffer

B.An attack that exceeds the memory allocated to an application for a particular function,causing it to crash buffer overflow attack is an attack that exceeds the memory allocated to an application for a particular function, causing it to crash. Incorrect Answers: While similar to a buffer overflow attack, an integer overflow attack uses unexpected numerical results from a mathematical operation to overflow a buffer. An SQL injection attack is an attack on a database through vulnerabilities in the Web application, usually in user input fields. An XML injection attack involves sending malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing

Which type of network intrusion detection system (NIDS) develops a baseline of normal traffic so it can detect deviations in this traffic that might indicate an attack? A. Rule-based system B.Anomaly-based system C.Signature based system D.Filter-based system

B.Anomoly-based system Anomaly-based systems detect unusual network traffic patterns based upon a baseline of normal network traffic. Incorrect Answers: A.Rule-based systems use predefined rule sets. C.Signature-based systems use predefined traffic signatures that are typically downloaded from a vendor. D.Filter-based systems, such as routers and firewalls, base detection on access control lists that specify traffic that is permitted and denied.

When information is converted to an unreadable state using cryptography, in what form is the information? A.Message digest B.Ciphertext C.Hash D.Plaintext

B.Ciphertext Ciphertext is a result of the encryption process; it is encrypted text. Incorrect Answers: D.Plaintext is unencrypted text. A&C.A hash or message digest is a cryptographic representation of variable length text, but it is not the text itself.

All of the following types of social engineering attacks might go undetected by the victim, except: A.Shoulder surfing B.Coercion C.Dumpster diving D.Tailgating

B.Coercion Coercion attacks generally require direct confrontation with the victim, so they are usually detected. Incorrect Answers: All of these attacks may go undetected by the victim, because they may not require any direct interaction with the target and can be performed subtly by the attacker without the victim noticing.

Which of the following is the simplest form of disaster recovery exercise? A.Walkthough test B.Documentation review C.Tabletop exercise D.Full-scale test

B.Documentation review The documentation review is the simplest form of test. In this type of test, the business continuity plan, disaster recovery plan, and associated documents are reviewed by relevant personnel including managers, recovery team members, and anyone else who may have responsibilities directly affecting plans. Incorrect Answers: C.A tabletop exercise is a type of group review. D.In a full-scale test, all personnel are usually involved and may actually conduct activities as they would during a real incident. This type of test is more complex and normally requires extensive resources, such as people and equipment, so it is typically conducted infrequently. A.In a walkthrough test, team members go through the motions of fulfilling the responsibilities and conducting the activities required during an incident or disaster.

Which of the following DES/AES encryption modes is considered the weakest? A.CTR B.ECB C.OFB D.CBC

B.ECB With ECB mode, a given piece of plaintext will always produce the same corresponding piece of ciphertext. This predictability makes it weak. Incorrect Answers: While CBC, OFB, and CTR mode go about the processes in different ways, these modes lack ECB's predicability, adding strength to the underlying cryptosystem.

Which of the following secure file copy protocols is used over an SSL or TLS connection? A.SCP B.FTPS C.FTP D.SFTP

B.FTPS FTPS is a secure version of the non-secure FTP protocol and is used over SSL or TLS connections to ensure security when transferring files to or from an Internet-based host. Incorrect Answers: C.FTP is a non-secure protocol used to copy files to and from Internet-based hosts. A.SCP is a secure copy protocol used to copy files securely to and from a networked host, and it uses SSH. D.SFTP is a secure file transfer protocol used to copy files to and from an Internet-based host, and it also uses SSH.

Which of the following fire suppression chemicals was banned in 1987 and can no longer be used in data centers? A.Water B.Halon C.FM-200 D.Carbon Dioxide

B.Halon Halon is a dangerous chemical that was previously used in data centers to suppress fires. However, it was banned in 1987 because it is also dangerous to human beings. Incorrect Answers: A.Water is still used to combat certain classes of fires. D.Carbon dioxide is used to combat both liquid and electrical fires. C.FM-200 has generally replaced Halon in data center fire suppression systems.

Which of the following authentication protocols uses a series of tickets to authenticate users to resources, as well as timestamps to prevent replay attacks? A.EAP B.Kerberos C.SESAME D.MS-CHAP

B.Kerberos Kerberos is an authentication protocol used in Windows Active Directory. It uses a series of tickets and timestamps to authenticate individuals and prevent replay attacks. Incorrect Answers: D.MS-CHAP is a Microsoft version of the Challenge Handshake Authentication Protocol, used in earlier versions of Windows. It uses challenges and password hashes to authenticate individuals. A.EAP, the Extensible Authentication Protocol, is an authentication framework that can use several other protocols for secure access across both wired and wireless networks. C.SESAME (Secure European System for Applications in a Multivendor Environment) is a European-developed authentication protocol that can provide for single sign-on capability. It is not widely used and does not use tickets for authentication.

Marisol sees a tremendous amount of traffic on TCP port 389 from the Internet. Which TCP/IP service should she inspect first? A.HTTPS B.LDAP C.TLS D.SQL

B.LDAP The Lightweight Directory Application Protocol (LDAP) uses TCP port 389. Incorrect Answers: D.SQL is a query language for directories. A.HTTPS is the secure HTTP protocol for Web pages. C.TLS is an authentication/encryption protocol.

All of the following are characteristics of the RADIUS authentication protocol, EXCEPT: A.RADIUS accepts earlier forms of authentication protocols suchs as PAP B.RADIUS uses TCP port 1812 C.RADIUS uses UDP port 1812 D.RADIUS encrypts user passwords during the authentication process

B.RADIUS uses TCP port 1812 RADIUS does not use TCP. Incorrect Answers: All of these are characteristics of the RADIUS protocol.

Which of the following attacks might involve an attacker attempting to enter a facility with arms full of boxes, in an attempt to gain sympathy and have someone open the door for him or her? A.Impersonation B.Tailgating C.Dumpster diving D.Shoulder surfing

B.Tailgating A tailgating person might use some sort of creative pretext to convince someone to open the door and allow him or her to enter without proper identification. Incorrect Answers: Neither shoulder surfing nor dumpster diving are attempts to enter a facility. Impersonation could be used to enter a facility, but it is not being used to do so in this case.

Which of the following statements best defines the recovery point objective (RPO)? A.The RPO is the maximum amount of time the organization can afford to be down from normal processing B.The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident C.The RPO is the minimum amount of data the organization is expected to lose during a disaster D.Virus D.

B.The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident. Incorrect Answers: The RPO is the maximum amount of data, not the minimum, that can be lost during a disaster or an incident. RPO refers to data that can be lost, not time itself. RPO is measured in time, not gigabytes.

You are trying to determine the appropriate level of high availability for a server. The server must be available on a constant basis, and downtime in a given year cannot exceed 1 hour. It normally takes you about 45 minutes to bring down and restart the server for maintenance. Which of the following reflects the level of availability you require? A.99.9 percent availability B. 99.999 percent availability C. 99.99 percent availability D.99 percent availability

C. 99.99 percent availability Correct Answers 99.99 percent availability accounts for 52 minutes of downtime per year. Incorrect Answers: B.99.999 percent availability allows only 5.26 minutes of downtime per year, which may not be enough if the server requires almost an hour of maintenance time. A.99.9 percent availability equates to more than 8 hours of downtime per year and exceeds the stated requirement. D.99 percent availability is more than 3 days of downtime per year, far exceeding the requirement for no more than 1 hour of downtime.

Which of the following details the specific access levels that individuals or entities may have when interacting with objects? A.Access approval list B.Metadata table C.Access Control list D.Rule-based access control

C. Access Control List An access control list (ACL) is a physical or logical list that details specific access levels individuals or entities may have when interacting with objects. An ACL is also used on network devices to determine how traffic from various users can enter and exit a network device and access internal hosts. Incorrect Answers: A & B.Access approval lists and metadata tables are distractors and are not valid terms. D.Rule-based access control is an access control model based upon various access control rules that apply to users, objects, and actions.

Which of the following are true statements regarding the relationships of functionality, security, and available resources? (Choose two.) A.As resources increase, security decreases but functionality decreases B.As functionality increases, security increases C.As security increases, functionality decreases D.As resources decrease, both functionality and security decrease

C. As security increases, functionality decreases D. As resources decrease, both functionality and security decrease Correct Answers: The relationship between security and functionality is inversely proportional. As one increases, the other decreases. The relationship between resources and both security and functionality is directly proportional. As resources increase, so do both functionality and security. If resources decrease, so do functionality and security. Incorrect Answers: B.If functionality increases, security generally decreases. A.If resources increase, both security and functionality increase as well.

Which of the following processes is concerned with validating credentials? A.Accountability B.Authroization C.Authentication D.Auditing

C. Authentication Authentication is the process of validating that a user?s credentials are authentic, after the user has presented them through the identification process. _____________________________________________________________________________ B.Authorization is the process of controlling access to resources through methods that include permissions, rights, and privileges. D.Auditing is the process of reviewing logs and other audit trails to determine what actions have been performed on systems and data. A.Accountability uses auditing to ensure that users are traced to and held responsible for their actions.

Which the following is a recognized way of restricting access to applications? A.Whitelisting B.Graylisting C.Blacklisting D.Filtering

C. Blacklisting Blacklisting is a technique that involves an administrator adding undesirable or restricted software or applications to a list on content filtering devices, in group policy, or through some other type of mechanism. This ensures that users are not allowed to download, install, or execute these particular applications. Incorrect Answers: A.Whitelisting is the opposite of blacklisting; applications that users are allowed to download, install, and execute are added to a whitelist. B.There is no such term as graylisting. D.Filtering typically involves checking traffic on a network device based upon specific characteristics. The term normally does not apply to software or applications.

Which of the following is normally required to convert and read coded messages? A.Asymmetric key B.Symmetric key C.Codebook D.Algorithm

C. Codebook Correct Answer: Codes are representations of an entire phrase or sentence, where ciphers are encrypted on a character-by-character basis. A codebook is needed to translate coded phrases into their true plaintext meanings. Incorrect Answers: B.A symmetric key is used to encrypt ciphers, not codes, as are algorithms and asymmetric keys.

An attack in which an attacker attempts to disconnect a victim?s wireless host from its access point is called a(n) __________. A.Replay attack B.Spoofing C.Deauthentication attack D.Intialization vector attack

C. Deauthentication attack A deauthentication attack involves sending specially-crafted traffic to both a wireless client and an access point, in the hopes of causing them to deauthenticate with each other and disconnect. Incorrect Answers: B.A spoofing attack involves impersonating a wireless client or access point, either through its IP or MAC address. A.A replay attack involves the reuse of intercepted non-secure credentials to gain access to a system or network. D.Initialization vector (IV) attacks involve attempting to break WEP keys by targeting their weak IVs.

Which of the following methods of log management involves visiting each individual host to review its log files? A.SIEM B.Centralized C.Decentralized D.Syslog

C. Decentralized Decentralized log management means that logs are managed and reviewed on a host-by-host basis, rather than as a centralized, consolidated group. B.Centralized log management involves collecting logs from across the network into a system and reviewing then as a group. A.Security Information Event Management (SIEM) is a centralized method of obtaining logs and other data from disparate devices across a network. D.Syslog is a logging tool found in UNIX and Linux systems, which can be used either on a centralized or decentralized basis.

Which of the following access control models enables a person who creates or owns objects to define permissions to access those objects? A.Rule-based access control model B.Mandatory access control model C.Discretionary access control model D.Role-based access control model

C. Discretionary access control model Correct Answer: Discretionary access control enables a user who has created or owns an object, such as a file or folder, the discretion to assign permissions for that object to anyone they choose. Incorrect Answers: B.Mandatory access control models use labels and security clearances to grant access to objects. A.Rule-based access control models use a specific set of rules that control the interaction between users and objects. D.Role-based access control models use defined roles with specific rights and permissions assigned to those roles to control access to objects.

Which of following is the process of marking a photo or other type of media with geographical location information using the GPS of a mobile device? A.Remote management B.Geolocation C.Geotagging D.Geofencing

C. Geotagging Geotagging is the practice of marking media files, such as pictures and video, with relevant information such as geographic location (using the GPS features of the mobile device) and time. This information can be used by security professionals to track where and how a mobile device has been used. A.Remote management is the overall process of remotely managing and monitoring mobile devices that are used to connect to the corporate infrastructure. B.Geolocation is the use of a device's GPS features to determine device location, to locate points of interest, and to gather other useful information. Although it can be used to geotag media, it is not the same as geotagging. D.Geofencing is the use of geolocation features to ensure that a mobile device does not leave specific areas of corporate property.

All of the following are characteristics of hashing, except: A.Hashing can be used to protect data integrity\ B.Hashes produce fixed-length digests for variable-length text C.Hashes are decrypted using the same algorithm and key that encrypted them D.Hashes are cryptographic representations of plaintext

C. Hashes are decrypted using the same algorithm and key that encrypted them Correct Answer: Hashes are produced from one-way mathematical functions and cannot be decrypted.

For which of the following should employees receive training to establish how they are to treat information of differing sensitivity levels? A.Data disposal B.Clean desk policies C.Information classification D.Protection of personally identifiable information on social media

C. Information classification An organization's information classification policy not only outlines what level of security protections certain data receives, but it also serves to instruct employees on how to treat sensitive data. Incorrect Answers: B.Clean desk policies, which instruct employees to not leave sensitive data unattended, as well as data disposal policies, can be included in the information and data handling policies, but these are very specific instances and don't cover all information or all scenarios where an employee would be in a position to treat data with care. D.Protection of personally identifiable information on social media would be part of an organization's social media policy.

All of the following are methods that can be used to detect unauthorized (rogue) hosts connected to the network, except: A.NAC device logs B.Switch logs C.MAC filtering logs D.DHCP logs

C. MAC filtering logs MAC addresses can be spoofed, so examining MAC address on filtering logs may not provide any indication of whether a host is authorized or not. Incorrect answers: All of these are valid methods of detecting rogue hosts that connect to the network.

Which of the following secure protocols protects traffic during transmission and uses TCP port 443? (Choose two.) A.SCP B.SSH C.SSL D.TLS E.TFTP

C. SSL D.TLS Both Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols are used to encrypt traffic sent over untrusted networks, such as the Internet. Incorrect Answers: Both use TCP port 443.SCP is part of the SSH protocol suite and is used to copy files securely from one host to another. B.SSH is a protocol used to connect to and administer hosts remotely. A.Both SCP and SSH use TCP port 22. UDP uses UDP port 69 and is totally unsecure.

Which of the following types of network-connected systems can manage heating, ventilation, and air-conditioning controls? ​ A.Minicomputers ​ B.Embedded hosts ​ C.Supervisory control and data acquisition D.Mainframes

C. Supervisory control and data acquisition Supervisory control and data acquisition (SCADA) systems are used to control and manage heating, ventilation, air-conditioning, and other types of industrial and environmental systems. Incorrect Answers: A.Minicomputers are antiquated computers that performed advanced tasks in the place of mainframe systems and are no longer widely in use. B.Although some SCADA systems could be embedded, embedded hosts normally refer to systems that have operating systems burned into their computer chips. D.Mainframe systems normally do not control industrial types of systems, such as heating, ventilation, and air-conditioning.

Which of the following are two characteristics of strong passwords? (Choose two.) A.Authentication methods B.Encryption Strength C.Use of additional character space D.Password length

C. Use of additional character space D.Password length Password length and the use of additional character space are two important characteristics of password strength and complexity. Incorrect Answers: Neither authentication methods nor encryption strength directly affects password strength.

All of the following are valid methods to secure static hosts in an organization, except: A.Network segmentation B.Application level firewalls C.user-dependent security D.Layered security

C. User dependent security The organization should not depend solely upon the users to manage security and static devices, because these devices can be managed just as traditional hosts and network devices are. Incorrect Answers: These are all invalid methods of securing static hosts in an organization.

All of the following are supporting elements of authorization, except: A.Rights,permissions, and privileges B.Principle of least privilege C.Credential validation D.Separation of duties

C.Credentials validation Validating credentials is an important aspect of authentication, not authorization. incorrect Answers: All of these elements directly support authorization.

What type of file, often sent with an e-mail message, can contain malicious code that can be downloaded and executed on a client's computer? A.Cross-site script B.Locally shared object C.HTML attachment D.Cookie

C.HTML attachment Any form of attachment is a risk. An HTML attachment is basically an HTML file that comes attached to an e-mail message. When a user clicks this attachment, it automatically spawns a browser session and could connect to a malicious Web site. Once the user is connected to the site, malicious code can be downloaded onto the user's browser. Incorrect Answers: Neither cookies, locally shared objects, nor cross-site scripts are attached to e-mail messages.

Which of the following network management protocols uses agents that respond to queries to report its status to a central program manager? A.SMTP B.SSH C.SNMP D.SHTTP

C.SNMP The Simple Network Management Protocol (SNMP) uses SNMP agents that respond to queries to report their status to a central program manager. Incorrect Answers: These protocols are not used to manage network devices.

Which of the following encryption protocols uses RC4 with small initialization vector sizes? A.WPA B.WPA2 C.WEP D.802.1X

C.WEP WEP is a legacy wireless encryption protocol that has been determined to be very weak and easily broken. It uses the RC4 streaming protocol and weak initialization vectors (24-bit) to encrypt data on wireless networks. Incorrect Answers: B.WPA2 is an advanced encryption protocol that uses AES. A.WPA was an interim protocol used to correct some of WEP's weaknesses. It uses the TKIP protocol. D.802.1X is a port-based authentication method, not a wireless encryption protocol.

You have a server that is used for Domain Name System (DNS) queries. You find that it has several open ports, and you intend to close all of the unnecessary ports on the server. The server is listening on ports 22, 25, 53, and 80. Which port must be left open to continue to use DNS functionality? A.80 B.22 C.25 D.53

D. 53 DNS uses TCP and UDP port 53, so this port should be left open. Incorrect Answers: All other unnecessary ports should be closed. B.Port 22 is used by SSH. C.Port 25 is used by SMTP. D.Port 80 is used by HTTP.

Which of the following protocols would you use to encrypt VPN traffic? A.S/MIME B.MD5 C.SSH IPSec

D. IPSec IPsec provides encryption, integrity, and authentication for data tunneled over VPNs across public networks. Incorrect Answers: A.S/MIME is used for encrypting e-mail C.SSH allows secure remote access B.MD5 facilitates hashes to allow for integrity.

Which of the following methods of strengthening weak keys involves taking a weak initial key and feeding it to an algorithm that produces an enhanced key, which is much stronger? A.Key repetition B.Key exchange C.Key streaming D.Key streching

D. Key stretching Key stretching is a technique used to change weak keys into stronger ones by feeding them into an algorithm to produce enhanced keys. Incorrect Answers: C.Key streaming involves sending individual characters of the key through an algorithm and using mathematical XOR function to change the output. A.Key repetition is not a valid answer or term. B.Key exchange involves generating and exchanging a asymmetric key used for a particular communications session, or exchanging public keys in order to use them for public key cryptography.

Wissa is updating a printer dirver on a Windows system. She downloads the lastest driver from the manufacturers web site. When installing the driver, windows warns that the dirver is unsigned. To which of the following threats is Wissa exposing her system? A. Version Control B. Man-in-the-middle C. Shimming D. Refacoring

D. Refactoring A refactored driver will work correctly, but might also perform other, malicious actions. Incorrect Answers: B.Man-in-the-middle might be a result of the refactor, but is not the threat itself. A.Version control refers to formally tracking different versions of the baseline configuration. C.Shimming is a library that responds to inputs that the original device driver isn?t designed to handle and would require a separate file.

Which of the following concepts should be the most important consideration when determining how to budget properly for security controls? ​ A.Qualitative costs ​ B.Asset identification ​ C.Threat of natural disasters ​ D.Risk likelihood and impact

D. Risk likelihood and impact The risk likelihood and impact should directly determine how much you budget for controls to prevent the occurrence of risk. Incorrect Answers: B.Asset identification does not require analysis of cost. Risk likelihood and impact are more accurate than threat of natural disaster and qualitative costs in determining how much a solution will actually cost.

Which of the following types of factors could be used to describe a fingerprint-based method of logging in and authenticating to a touchscreen device? A. Something you have B.Something you know C.Something you do D.Something you are

D. Something you are Correct Answer:This is an example of "something you are," like any biometric factor, such as a fingerprint or retinal eye pattern. Incorrect Answers: B.An example of "something you know" would be a password or PIN. A."Something you have" would include a token or smart card. C."Something you do" would be considered swiping a pattern like a pattern unlock on a cell phone.

Which of the following statements best describes the relationship between the elements of risk? A.Threats cause impact to vulnerabilities B.Threat actors initiate vulnerabilities C.Threat actors create vulnerabilities in assets D.Threats exploit vulnerabilities

D. Threats exploit vulnerabilities Threats exploit vulnerabilities.The relationship between the elements of risk are as follows: threat actors initiate threats, which in turn exploit vulnerabilities. Incorrect Answers: All other answers are incorrect.

Your organization is concerned that employees might e-mail proprietary information to themselves at their private addresses. Which of the following would be most effective at catching that particular effort? A.Firewall B.Caching proxy serrver C.Antispam filter D.Content filter

D.Content filter Content filters can scan content as it leaves the network, checking for certain types of content that has been pre-specified within the software. Incorrect Answers: The other choices are incorrect because those technologies will not content-filter messages. C.Antispam filters are used to catch and quarantine spam messages. B.Caching proxy servers are used to cache, or store, messages for speedy retrieval in the future. A.Firewalls help control and block (when necessary) network traffic at the ingress and egress points.

What is the biggest difference between EAP-TLS and EAP-TTLS? A.EAP-TTLS needs server and client certificates; EAP-TLS only needs server certificates B. EAP-TLS can use unsigned certificates;EAP-TTLS must have third part signed certificates C.EAP-TTLS can use unsigned certififcates;EAP-TLS must have third party signed certififcates D. EAP-TLS needs server and client certificates; EAP-TTLS only needs server certificates

D.EAP-TLS needs server and client certificates; EAP-TTLS only needs server certificates EAP-TLS needs server and client certifcates; EAP-TTLS only needs server certifcates. Incorrect Answers: The EAP standard does not define the use of signed or unsigned certificates, although most implementations require signed certificates.

Which of the following security controls allows connectivity to a network based on the system?s hardware address? A.Disabling SSID broadcast B.WEP encryption C>WPA2 encryption D.MAC address filtering

D.MAC address filtering Filtering by the MAC address ensures that only specific systems can access the wireless network based on the MAC address generally presented by the network card. That address is added into a list of systems that can connect (or not). Incorrect Answers: Encryption technologies cannot stop specific systems from entering the network on its own. Disabling the SSID broadcast cannot stop systems from connecting if they determine the SSID through other means.

Which type of cloud service is usually operated by a third-party provider that sells or rents "pieces" of the cloud to different entities, such as small businesses or large corporations, to use as they need? A.Private B.External C.Community D.Public

D.Public A public cloud is operated by a third-party provider who leases space in the cloud to anyone who needs it. Incorrect Answers: B.An external cloud is not a valid type of cloud and could be a public, private, or community cloud. A.A private cloud is for use only by one organization and is usually hosted by that organization?s infrastructure. C.A community cloud is for use by similar organizations or communities, such as universities or hospitals, that need to share common data.

The corporate IT manager wants you to implement a process that separates corporate apps from personal apps on mobile devices. Which of the following techniques will enable you to do this? A.Containerization B.Blacklisting C.Whitelisting D.Sandboxing

D.Sandboxing Sandboxing separates applications from one another and does not allow them to share execution, user, or data space. Incorrect Answers: C.Whitelisting enables an administrator to determine which applications and other software the user is allowed to install and execute. A.Containerization is a technique used to separate different sensitivities of data, such as corporate and personal data on a mobile device. B.Blacklisting is a method that enables administrators to restrict users from installing and executing certain applications.

Which of the following is a point-in-time backup of certain key configuration settings of a virtual machine, allowing the VM to be restored back to that point in time if it suffers a crash or other issue? A.System state backup B.Differential backup C.Incremental backup D.Snapshot

D.Snapshot

Which type of assessment is used to determine weaknesses within a system? A.Penetration test B.Risk assessment C.Threat assessment D.Vulnerability assessment

D.Vulnerability assessment A vulnerability assessment looks for weaknesses in systems. Incorrect Answers: C.A threat assessment looks at events that could exploit vulnerabilities. B.A risk assessment is a combination of assessments and is designed to assess factors, including likelihood and impact, that affect an asset. A.A penetration test actually attempts to exploit any found weaknesses (usually after a vulnerability assessment) to gain access to systems.

Which of the following is a variant of a phishing attack, where a phishing e-mail is sent to a high-value target instead of on a mass scale to all employees? A.Vishing B.Pharming C.Spear phishing D.Whaling

D.Whaling Whaling is a social engineering attack that targets people in high-value positions, such as senior executives. It is a form of a phishing attack. Incorrect Answers: C.Spear phishing involves targeting a particular type of user, regardless of rank in the organization, and basing the attack on more detailed, in-depth information in order to convince the target that the phishing e-mail is actually valid. A.Vishing is a form of phishing attack that takes place over Voice-over-IP (VoIP) telephone systems. B.Pharming is a form of DNS attack.