Security A+ Study Guide for Final Exam
11. Which of the following is a common standard used today and relies on a 256-bit block size? A. AES B. DES C. Triple DES D. RC4
A
22. Which of the following is best described as when certificate keys are held in the case that third parties such as government or other organizations need access to encrypted communications? A. Key escrow B. CRL C. CA D. RA
A
24. Which command lists the hotfixes installed to Windows? A. systeminfo B. gpedit.msc C. cmd.exe D. sc config
A
45. What do hackers use malicious port scanning to accomplish? A. The "fingerprint" of the operating system B. The topology of the network C. All the computer names on the network D. All the usernames and passwords
A
12. Which of the following is a stream cipher? A. DES B. RC 4 C. AES D. RC 6
B
14. Which of the following encryption algorithms is based on the structure of an elliptic curve? A. RSA B. ECC C. RC4 D. One-time pad
B
14. Which of the following is the unauthorized access of information from a wireless device through a Bluetooth connection? A. Bluejacking B. Bluesnarfing C. Bluebeard D. The blues
B
17. Which of the following employs a 160-bit hash? A. MD5 B. SHA-1 C. SHA-2 D. NTLM
B
21. What is a certificate added to when it is considered to be no longer valid? A. Key escrow B. CRL C. CA D. RA
B
26. Timothy complains about a lot of pop-up Windows when he uses Internet Explorer. Which key combination should you tell him to use to close the pop-up Windows? A. Ctrl+Alt+Del B. Alt+F4 C. Ctrl+Shift+Esc D. Windows key
B
26. Which of the following authentication methods is used more commonly on UNIX networks? A. 802.1X B. TACACS C. RADIUS D. Kerberos
B
29. How can Internet Explorer be centrally managed for several computers? A. In the Advanced tab of the Internet Options dialog box B. By way of a group policy C. By creating an organizational unit D. In the Registry
B
31. Which of the following backs up only the contents of a folder that have changed since the last full backup? A. Full backup B. Differential backup C. Copy backup D. Towers of Hanoi
B
31. Which of the following should be included in a password to make it complex? A. Configure the BIOS to use complex passwords B. Numbers C. Special acronyms D. Function keys
B
32. Which of the following backup schemes could be described as using a daily, weekly, and monthly set of tapes? A. 10-tape rotation B. Grandfather-father-son C. Towers of Hanoi D. Six-tape scheme
B
34. What device should be used to ensure that a server does not shut down when there is a power outage? A. RAID 1 box B. UPS C. Redundant NIC D. Hot site
B
35. Which of the following would not be considered part of a disaster recovery plan? A. Hot site B. Patch management software C. Backing up computers D. Tape backup
B
36. Which of the following is when a thief attempts to take responsibility for shipment by redirecting it to another location? A. Pretexting B. Diversion theft C. Phishing D. Baiting
B
44. Which of the following can be summed up as ensuring that IT infrastructure risks are known and managed? A. Separation of duties B. Due diligence C. Due care D. Due process
B
10. Which of the following is the most basic form of IDS? A. Anomaly-based B. Behavioral-based C. Signature-based D. Statistical-based
C
12. Which of the following is not a good strategy for securing a WAP? A. NAT filtering B. Turn off the SSID C. Place it in a Faraday cage D. Use PNAC
C
13. Which of the following are asymmetric encryption algorithms? A. PPTP B. RC6 C. Diffie-Hellman D. AES
C
14. Which of the following methods of malware delivery is used in computer programs to bypass normal authentication? A. Privilege escalation B. Active interception C. Backdoor D. Rootkit
C
15. Which of the following types of encryption can encrypt plaintext with a secret random key that is the same length as the plaintext? A. PGP B. ECC C. One-time pad D. RSA
C
16. A summary of a file or message best describes which of the following? A. Hash function B. MD5 C. Hash D. LANMAN
C
18. Within the birthday paradox, what is the probability that 2 people have the same birth date within a group of 23 people? A. 99% B. 100% C. 50% D. 23%
C
Which of the following is an inline device that checks all packets? A) Host-based intrusion detection system B) Statistical anomaly C) Network intrusion detection system D) Personal software firewall
C
Which of the following is the greatest risk for removable storage? A) Integrity of data B) Availability of data C) Confidentiality of data D) Accountability of data
C
11. Which of the following has the strongest level of encryption? A. WEP B. WAP C. WPA D. WPA2
D
15. What should you configure to improve wireless security? A. Enable the SSID. B. IP spoofing. C. Remove repeaters. D. MAC filtering.
D
27. James doesn't want people to see where he browsed to on the Internet. What is a good way to clear his Internet browsing history? A. Checkmark the Empty Temporary Internet Files Folder When the Browser Is Closed check box. B. Use cross-site scripting. C. Use the disk defragmenter. D. Clear all cookies in the Advanced Privacy Settings dialog box.
A
27. Which of the following is also known as "high-availability clusters"? A. Failover clusters B. Load-balancing clusters C. CPU clusters D. Redundant clusters
A
29. Which of the following will have tables, chairs, restrooms, and possibly some basic phone and electric lines, but nothing else? A. Cold site B. Warm site C. Hot site D. Duplicate site
A
29. You are installing a video monitoring system for your organization. You do not want any outside people to view the video. What is the best solution? A. CCTV B. IP-based video cameras C. Motion detectors D. WebCam
A
30. Which of the following will back up only the contents of a folder that have changed since the last full backup or are the last incremental backup? A. Full backup B. Incremental backup C. Differential backup D. Copy backup
A
36. Which of the following ways can help secure a modem? A. Use the callback feature. B. Mount the modem to the floor. C. Use telnet. D. Used strong passwords on the email server
A
37. In a discretionary access control model, who is in charge of setting permissions to a resource? A. Owner of the resource B. Administrator C. Any user of the computer D. Administrator and the owner
A
38. If a server has inbound Port 21 open, what service is it running? A. File Transfer Protocol B. Simple Mail Transfer Protocol C. Hypertext Transfer Protocol D. Kerberos
A
38. Which of the following is when a person invents a scenario in the hope to persuade a victim to divulge information? A. Pretexting B. Diversion theft C. Phishing D. Baiting
A
20. What is the best option to use to isolate an operating system? A. Host-based intrusion detection system B. Network-based intrusion detection system C. Antivirus software D. Virtualization software
D
4. Which of the following questions should you take into account when securing log files? A. Were the log files encrypted and hashed? B. How old are the log files C. Were the log files encrypted in a Kerberos system? D. How big are the log files?
A
22. Which commands disable a service in the command line? A. net stop B. net start C. net disable D. sc config
D
24. Which of the following is the most secure? A. PAP B. CHAP C. MS-CHAP D. MS-CHAP2
D
25. Which of the following are commonly used in VPN tunneling protocols? A. PPP B. HTTPS C. TACACS D. L2TP
D
25. Which of the following is used to secure L2TP sessions? A. S/MIME B. PPTP C. SSH D. IPsec
D
28. Which of the following would fall into the category of something the user is? A. Password B. Smartcard C. Signature D. Thumbprint
D
3. Which of the following are examples of protocol analyzers? A. Port filter B. HTTP proxy C. NAT filter D. Network Monitor
D
40. Which of the following best describes dumpster diving? A. What a person literally scavenges for private information in the garbage B. When a malicious individual leaves infected removable media lying in the garbage C. When an unauthorized person tags along with an authorized person to gain entry to a restricted area D. When a person looks for important data by phishing in a lake
A
40. Which of the following commands can be used to turn off a service? A. Net stop B. Net start C. Sc config D. # chkconfig <service> off
A
42. Which act governs the collection, use, and dissemination of personally identifiable information? A. Privacy Act of 1974 B. SOX C. HIPAA D. Gramm Leach Bliley Act
A
43. You are contracted to conduct a forensics analysis of the computer. What should you do first? A. Back up the system. B. Analyze the files. C. Scan for viruses. D. Make changes to the operating system.
A
48. Here are three statements that relate to Chapter 12: Encryption and Hashing Concepts 1. Symmetric key algorithms require a secure initial exchange of one or more secret keys. 2. A stream cipher is a type of algorithm that encrypts a group of bits collectively as blocks. 3. Steganography uses a certificate authority to manage keys. Which of the following choices is the most correct description of the three statements above? a. statement 1 is correct b. statements 1and 2 are correct c. statements 1, 2 and 3 are correct d. statements 2 and 3 are correct
A
19. Which of the following is the newest and strongest Windows hash? A. LANMAN B. NTLM C. NTLM2 D. NTLM3
C
26. Which of the following can be described as striping with parity? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 0+1
C
28. Which of the following is a near duplicate of the original site of the organization? A. Cold site B. Warm site C. Hot site D. Duplicate site
C
37. Which one of the following is the attempt at fraudulently obtaining private information through email? A. Pretexting B. Diversion theft C. Phishing D. Baiting
C
39. Which of the following could be described as an attempt at deceiving people into believing something that is false? A. Shoulder surfing B. Eavesdropping C. Hoax D. Piggybacking
C
43. Which of the following types of policies defined the rules that restrict how a computer or other system may be used by an employee? A. Change management B. Due process C. Acceptable use D. Job rotation
C
50. Here are three statements that relate to Chapter 15: Policies, Procedures, and People 1. A fire extinguisher denoted by a green triangle should be used for ash fires. 2. A class D fire extinguisher should be used in a chemical laboratory. 3. A CO2 fire extinguisher displaces oxygen needed for fire to burn. Which of the following choices is the most correct description of the three statements above? a. statements 1 and 3 are correct b. statements 1and 2 are correct c. statements 1, 2 and 3 are correct d. statements 2 and 3 are correct
C
33. Which of the following is not a category of disaster? A. Fire B. Flood C. Successful malicious attack D. Pretexting
D
41. Which of the following data sensitivity classifications is often broken into sections on a need-to-know basis? A. Public information B. Confidential information C. Internal information D. Top-secret information
D
46. Here are three statements that relate to Chapter 11: Monitoring and Auditing 1. In a signature-based monitoring environment, network traffic is analyzed for predetermined attack patterns. 2. An SNMP agent is software run on a server to monitor the network. 3. Network Monitor requires Windows server to run. Which of the following choices is the most correct description of the three statements above? a. statement 2 is correct b. statements 1,2, and 3 are correct c. statement 3 is correct d. statements 1 and 3 are correct
D
38. Which of the following is an access control policy determined by a computer system and not by a user or owner? A. DAC B. MAC C. RBAC D. Discretionary security policy
B
4. James has detected an intrusion in his company. What should he check first? A. DNS logs B. Firewall logs C. Event Viewer D. Performance logs
B
40. Which of the following access control policies is based on sets of permissions involved in an operation? A. DAC B. RBAC C. MAC D. Rule-based access control
B
41. Which of the following is when a prearranged list of likely words is attempted one at a time? A. Brute force attack B. Dictionary attack C. Cryptanalysis attack D. Guessing
B
44. Which of the following can best be described as the exploitation of a computer session in an attempt to gain unauthorized access to data? A. DoS B. Session hijacking C. Null session D. Domain name kiting
B
47. Which of the following is the amount of times per year that a specific incident occurs? A. SLE B. ARO C. ALE D. MAC
B
49. Here are three statements that relate to Chapter 3: OS Hardening and Virtualization. 1. The systeminfo commands show a list of hot fixes that have been installed to the operating system. 2. The second step in a patch management strategy is testing. 3. The convert command converts an NTFS drive to FAT32. Which of the following choices is the most correct description of the three statements above? a. statements 1 and 3 are correct b. statements 1and 2 are correct c. statements 1, 2 and 3 are correct d. statements 2 and 3 are correct
B
7. Which type of firewall filter can match incoming traffic to the corresponding outbound IP address connection by way of IP address and port? A. Packet filtering B. NAT filtering C. Application-level gateway D. Circuit-level gateway
B
9. Which of the following devices should you use to keep machines behind it anonymous? (Select the best answer.) A. Caching proxy B. IP proxy C. Circuit-level gateway D. Firewall
B
Tom sends out many emails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the emails? A) Authenticity B) Nonrepudiation C) Confidentiality D) Integrity
B
Which of the following is an example of personal software firewall? A) Proxy Server B) ZoneAlarm C) Microsoft ISA Server D) Antivirus software
B
Which of the following occurs when an IDS identifies legitimate activity as something malicious? A) False-negative B) False-positive C) Monitoring positive D) Misidentification
B
Which of the following type of the virus can change every time it is executed in an attempt to avoid antivirus detection? A) Macro B) Polymorphic C) Armored D) Boot sector
B
18. Which of the following are examples of virtualization? A. Mainframe and dumb terminal technology B. Microsoft Server 2008 C. VMware D. Microsoft Visio
C
19. Of the following, which can be a security benefit when using virtualization? A. Patching a computer patches all virtual machines running on the computer. B. If one virtual machine is compromised, none of the other virtual machines can be compromised. C. If a virtual machine is compromised, the adverse effects can be compartmentalized. D. Virtual machines cannot be affected by hacking techniques.
C
19. The act of splitting the wires of a twisted-pair cable connection would be an example of which of the following? A. Wardriving B. Data emanation C. Wiretapping D. Spectral analyzing
C
2. What are Snort and Bro examples of? A. Firewalls B. Proxy servers C. IDS D. SPI
C
2. Which of the following is not part of the three-step auditing process? A. Enabling auditing for files. B. Turning on and auditing policy. C. Evaluating the system log. D. Reviewing the security log.
C
21. Which of the following is the best file system to use in Windows? A. FAT32 B. FAT C. NTFS D. FAT16
C
23. Which port does terminal services use? A. 1812 B. 389 C. 3389 D. 1813
C
25. What is baselining? A. The act of securing an operating system and updating it B. A group of updates, bug fixes, and security fixes C. The process of measuring changes in networking devices, hardware, and software D. A type of patch management
C
27. Which of the following is described as "when a person's identity is confirmed or verified through the use of a specific system"? A. Identification B. Authorization C. Authentication D. Access control
C
28. Which of the following is placed in an application by programmers either knowingly or inadvertently to bypass normal authentication? A. Input validation B. Sandbox C. Back door D. Virus
C
30. Which of the following is when two or more types of authentication are used when dealing with access control? A. Single sign-on B. False positive C. Multifactor authentication D. Username and password
C
30. Which of the following should you include as general browser security practices? A. Use the latest browser. B. Use a Virtual Server C. Train your users. D. Use multiple web browsers.
C
33. "Maximum and minimum password age" is part of which of the following? A. Organizational unit B. Group policy editor C. Password policy D. Registry
C
35. Which of the following is the strongest password? A. |ocrian# B. Marqu1sD3S0d C. This1sV#ryS3cure D. Thisisverysecure
C
36. What key combination helps to secure the logon process? A. Windows+R B. Ctrl+Shift+Esc C. Ctrl+Alt+Del D. Alt+F4
C
39. Lattice-based access control is an example of what type of access control policy? A. DAC B. RBAC C. MAC D. Rule-based access control
C
41. Which of the following port numbers is used by the Character Generator? A. 21 B. 7 C. 19 D. 53
C
42. Which of the following is a protocol analyzer? A. Nessus B. Cain and Abel C. Wireshark D. John the Ripper
C
44. Which of the following is a vulnerability assessment tool? A. John the Ripper B. AirSnort C. Nessus D. Cain & Abel
C
49. Which of the following uses the equation SLE X ARO = ALE? A. Qualitative risk assessment B. Passive security analysis C. Quantitative risk assessment D. Active security analysis
C
5. Which file would you set permissions on to protect the security log on Windows Server 2003? A. config B. system.log1 C. SecEvent.evt D. Security.log
C
5. Which of the following can detect malicious packets and discard them? A. Proxy server B. NIDS C. NIPS D. PAT
C
6. Which of the following should be your primary line of defense? A. Proxy server B. NIPS C. Firewall D. Protocol analyzer
C
9. You are setting up auditing on a Windows XP Professional computer. If set up properly, which log should have entries? A. Application log B. System log C. Security log D. Maintenance log
C
Which of the following does the "A" in CIA stand for when it comes to IT security? Select the best answer. A) Accountability B) Assessment C) Availability D) Auditing
C
31. Your boss wants you to make changes to the Internet Explorer programs on 20 computers. To do this quickly, what is the best solution? A. Use a proxy server. B. Create an organizational unit. C. Create a script. D. Create and use a template.
D
33. Which tab in the Internet Options dialog box of Internet Explorer enables a person to make secure connections through a VPN? A. Advanced tab B. Content tab C. Programs tab D. Connections tab
D
34. Which of the following keeps every user in a standard user mode instead of as an administrator, even if the user is a member of the administrators group? A. Password policy B. Administrator policy C. Vista access control D. User account control
D
42. Your boss wants you to secure your web server's transactions. Which protocol and port number should you use to accomplish this? A. POP3-110 B. LDAP-389 C. RDP-3389 D. HTTPS-443
D
46. When conducting a risk assessment, which of the following should you do after identifying threats and threat likelihood? A. Identify the organization's assets. B. Identify vulnerabilities. C. Identify a potential impact on suppliers D. Identify the impact assessment.
D
47. Here are three statements that relate to Chapter 2: Computer Systems Security. 1. Opening mail relays can decrease the amount of spam that an organization receives on its email server. 2. Back Orifice is an example of a backdoor. 3. By turning on the phishing filter, a person can prevent spyware. Which of the following choices is the most correct description of the three statements above? a. statement 1 is correct b. statements 1and 2 are correct c. statements 1, 2 and 3 are correct d. statements 2 and 3 are correct
D
8. A client computer uses the IP address 10.254.254.189. It has made a connection to a web server by opening the outbound port 1589. The server uses the IP address 65.19.28.154. You want to filter out any HTTP packets coming from the server. Which IP address and port should you specify to be filtered on the firewall? A. 10.254.254.189:1589 B. 10.254.254.189:80 C. 65.19.28.154: 1589 D. 65.19.28.154:80
D
8. Which tool can be instrumental in capturing FTP GET requests? A. Vulnerability scanner B. Port scanner C. Performance Monitor D. Protocol analyzer
D
For information security, what is the "I" in CIA? A) Insurrection B) Information C) Indigestion D) Integrity
D
What are two ways to discouraging bluesnarfing? A) Configure the device to use a Class C private network B) Turn off the device C) Use infrared D) Set the device to undiscoverable
D
Which of the following is an example of whole disk encryption? A) Windows Vista Ultimate B) AES C) Bluesnarfing D) BitLocker
D
16. Which of the following should be done to maintain and harden a hard disk? A. Deploy biometric security to access the server room B. Consider a whole disk encryption. C. Install third-party applications. D. Sanitize the drive.
B
17. Which of the following should you implement to keep a well-maintained computer? A. Deploy VPN encryption B. Update the BIOS. C. Use a surge protector on the network switch D. Remove the unnecessary firewall.
B
18. Which of the following cable types can be susceptible to crosstalk? A. Fiber-optic B. Twisted-pair C. STP D. Data emanation
B
21. Which of the following uses a two-way authentication system known as mutual authentication? A. LDAP B. Kerberos C. RADIUS D. 802.1X
B
23. Which one of the following navigational paths shows the current service pack level to the user? A. Click Start, right-click Network, and select Properties. B. Click Start, right-click Computer, and select Properties. C. Click Start, right-click Computer, and select Manage. D. Click Start, right-click Network, and select Manage.
B
32. Of the following, what is the best way to protect the computer? A. Verify that the user account is disabled. B. Rename and password protect the administrator account. C. Delete the administrator account. D. Remove password policies
B
32. What is the most common port used when connecting an Internet Explorer browser to a proxy server for use with HTTP connections? A. 53 B. 80 C. 443 D. 21
B
34. Which of the following attacks uses a JavaScript image tag in an email? A. SQL injection B. Cross-site scripting C. Cross-site request forgery D. Directory traversal
B
1. Where would a NIDS sit on a network? A. Inline B. On the extranet C. On the DMZ D. Back to back
A
13. A person searches for wireless networks from their car. What is this an example of? A. Wardriving B. DDoS C. Replay attack D. Bluejacking
A
16. Which of the following should be modified because it is weak by default? A. Default account B. NAT firewall C. Wireless encryption D. PNAC
A
20. You find a rogue access point on your network. What should you do with it? (Select the best answer.) A. Remove it. B. Disable the SSID. C. Use strong encryption. D. Use PNAC.
A
22. Which of the following commands enables you to synchronize a client's time to a domain controller? A. net time B. netstat -an C. net stop D. sc config
A
3. A person complains that he cannot see any events in the Event Viewer. Which of the following questions should you not ask the person? A. Did you reboot your computer? B. Has auditing been turned on in a policy? C. Was auditing enabled for the individual objects? D. Do you have administrative capabilities?
A
35. Of the following, what is the best way to increase the security of Microsoft Outlook? A. Password protect .PST files. B. Update the browser C. Set macro security levels. D. Install the latest service pack on the network router
A
46. Here are three statements that relate to Chapter 2: Computer Systems Security. 1. Viruses self-replicate, whereas worms do not. 2. Active interception is the act of exploiting a bug or design flaw in software. 3. A RAT is an example of a Trojan horse. Which of the following choices is the most correct description of the three statements above? a. statement 2 is correct b. statements 1,2, and 3 are correct c. statement 3 is correct d. statements 1 and 3 are correct
A
48. Which of the following can be defined as the loss of value in dollars based on a single incident? A. SLE B. ARO C. ALE D. MAC
A
50. Here are three statements that relate to Chapter 4: Application Security 1. Input validation is a process that ensures the correct usage of data. 2. Alt+F8 is the key combination that closes pop-up windows. 3. ActiveX controls can run on any browser platform. Which of the following choices is the most correct description of the three statements above? a. statement 1 is correct b. statements 1and 2 are correct c. statements 1, 2 and 3 are correct d. statements 2 and 3 are correct
A
7. Which of the following best describes an audit trail? A. Records or logs that show the tracked actions of users B. Ensuring that a person or group cannot refute the validity of your proof C. Files that log activity of users D. Software deployed via the network management system
A
Which of the following can help to prevent spam? A) Use a spam filter B) Run a Trojan scan C) Close SMTP port 25 to inbound and outbound traffic D) Consider technologies that discourage spyware.
A
Which of the following can help to secure the BIOS of a computer? A) Use a case lock B) Use a Windows boot-up password C) Configure a Microsoft Management Console admin password D) Disable USB ports
A
Which type of hacker has no affiliation with an organization yet will hack systems without malicious intent? A) Gray hat B) Blue hat C) White hat D) Black hat
A
37. Which of the following ranges comprise the well-known ports category? A. 1024-49,151 B. 0-1023 C. 49,152-65,535 D. 10.0.0.0-10.255.255.255
B
