Security+ Practice Test 5

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as: A. DLL B. ISO C. EXE D. INI

A. DLL

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than it needs is called: A. Memory leak B. Buffer overflow C. DLL injection D. Integer overflow

A. Memory leak

An effective asset management process provides countermeasures against: (Select all that apply) A. System sprawl B. Race conditions C. Undocumented assets D. Architecture and design weaknesses E. User errors

A. System sprawl C. Undocumented assets D. Architecture and design weaknesses

Which of the IPsec modes provides entire packet encryption? A. Tunnel B. Payload C. Transport D. Default

A. Tunnel

Which of the answers listed below refers to a dedicated device for managing encrypted connections established over an untrusted network, such as the Internet? A. VPN concentrator B. Load balancer C. Managed switch D. Multilayer switch

A. VPN concentrator

Which part of the IPsec protocol suite provides authentication and integrity? A. CRC B. AH C. SIEM D. AES

B. AH

A situation in which an application writes to or reads from an area of memory that it is not supposed to access is referred to as: A. DLL injection B. Buffer overflow C. Memory leak D. Integer overflow

B. Buffer overflow

Which of the terms listed below describes a type of attack that relies on executing a library of code? A. Memory leak B. DLL injection C. Pointer dereference D. Buffer overflow

B. DLL injection

A software or hardware that checks information coming from the Internet and depending on the applied configuration settings either blocks it or allows it to pass through is called: A. Antivirus B. Firewall C. Antispyware D. Malware

B. Firewall

Which of the following applies to a request that doesn't match the criteria defined in an ACL? A. Group policy B. Implicit deny rule C. Transitive trust D. Context-aware authentication

B. Implicit deny rule

Which of the following violates the principle of least privilege? A. On-boarding process B. Improperly configured account C. Shared accounts for privileged users D. Time-of-day restrictions

B. Improperly configured account

Which of the following terms describes an attempt to read a variable that stores a null value? A. Integer overflow B. Pointer dereference C. Buffer overflow D. Memory leak

B. Pointer dereference

Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by allowing users simultaneously make use of both the VPN and public network links? A. Tethering B. Split tunnel C. Load balancing D. Full tunnel

B. Split tunnel

Examples of secure VPN tunneling protocols include: (Select 2 answers) A. bcrypt B. SCP C. IPsec D. WEP E. TLS

C. IPsec E. TLS

An IPsec mode providing encryption only for the payload (the data part of the packet) is known as: A. Protected mode B. Tunnel mode C. Transport mode D. Safe mode

C. Transport mode

Zero-day attack exploits: A. New accounts B. Patched software C. Vulnerability that is present in already released software but unknown to the software developer D. Well known vulnerability

C. Vulnerability that is present in already released software but unknown to the software developer

An e-commerce store app running on an unpatched web server is an example of: A. Architecture/design weakness B. Risk acceptance C. Vulnerable business process D. Security through obscurity

C. Vulnerable business process

Which of the IPsec protocols provides authentication, integrity, and confidentiality? A. AES B. SHA C. AH D. ESP

D. ESP

Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it? A. Buffer overflow B. Pointer dereference C. Memory leak D. Integer overflow

D. Integer overflow

What is the best countermeasure against social engineering? A. AAA protocols B. User authentication C. Strong passwords D. User education

D. User education

Stateless inspection is a firewall technology that keeps track of network connections and based on the collected data determines which network packets should be allowed through the firewall. True False

False

VPNs can be either remote-access (used for connecting networks) or site-to-site (used for connecting a computer to a network). True False

False

In the IT industry, the term "System sprawl" is used to describe poor hardware resource utilization. True False

True

The purpose of a downgrade attack is to make a computer system fall back to a weaker security mode which makes the system more vulnerable to attacks. True False

True

The term "Always-on VPN" refers to a type of persistent VPN connection the starts automatically as soon as the computer detects a network link. True False

True