Security+ Review Questions
Security+ Review Questions - Chapter 1
1-1 You're the chief security contact for MTS. One of your primary tasks is to document everything related to security and create a manual that can be used to manage the company in your absence. Which documents should be referenced in your manual as the ones that identify the methods used to accomplish a given task? A. Policies B. Standards C. Guidelines D. BIA C. Guidelines help clarify processes to maintain standards. Guidelines tend to be less formal than policies or standards. 1-2 Consider the following scenario: The asset value of your company's primary servers is $ 2 million, and they are housed in a single office building in Anderson, Indiana. Field offices are scattered throughout the United States, but the workstations located at the field offices serve as thin clients and access data from the Anderson servers. Tornados in this part of the country are not uncommon, and it is estimated that one will level the building every 60 years. Which of the following is the SLE for this scenario? A. $ 2 million B. $ 1 million C. $ 500,000 D. $ 33,333.33 E. $ 16,666.67 A. It does not matter how frequent a loss is projected (only once every 60 years, in this case). What does matter is that each occurrence will be disastrous: SLE (single loss expectancy) is equal to asset value (AV) times exposure factor (EF). In this case, asset value is $ 2 million and the exposure factor is 1. 1-3 Refer to the scenario in question 1-2. Which of the following amounts is the ALE for this scenario? A. $ 2 million B. $ 1 million C. $ 500,000 D. $ 33,333.33 E. $ 16,666.67 D. ALE (annual loss expectancy) is equal to the SLE times the annualized rate of occurrence. In this case, the SLE is $ 2 million and the ARO is 1/ 60. 1-4 Refer to the scenario in question 1-2. Which of the following is the ARO for this scenario? A. 0.0167 B. 1 C. 5 D. 16.7 E. 60 A. ARO (annualized rate of occurrence) is the frequency (in number of years) that an event can be expected to happen. In this case, ARO is 1/ 60, or 0.0167. 1-5 Which of the following strategies involves identifying a risk and making the decision to discontinue engaging in the action? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference B. Risk avoidance involves identifying a risk and making the decision to no longer engage in the actions associated with that risk. 1-6 Which of the following policy statements may include an escalation contact in the event that the person dealing with a situation needs to know whom to contact? A. Scope B. Exception C. Overview D. Accountability B. The exception policy statement may include an escalation contact in the event that the person dealing with a situation needs to know whom to contact. 1-7 Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an organization A. Separation of duties B. Acceptable use C. Least privilege D. Physical access control A. A separation of duties policy is designed to reduce the risk of fraud and to prevent other losses in an organization. 1-8 What is the term used for events that were mistakenly flagged although they weren't truly events about which to be concerned? A. Fool's gold B. Non-incidents C. Error flags D. False positives D. False positives are events that were mistakenly flagged and aren't truly events to be concerned about. 1-9 Which of the following is the structured approach that is followed to secure a company's assets? A. Audit management B. Incident management C. Change management D. Skill management C. Change management is the structured approach that is followed to secure a company's assets. 1-10 Which of the following strategies involves sharing some of the risk burden with someone else, such as an insurance company? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference E. Risk transference involves sharing some of the risk burden with someone else, such as an insurance company. 1-11 The risk-assessment component, in conjunction with the , provides the organization with an accurate picture of the situation facing it. A. RAC B. ALE C. BIA D. RMG C. The risk-assessment component, in conjunction with the business impact analysis (BIA), provides an organization with an accurate picture of the situation it faces. 1-12 Which of the following policy statements should address who is responsible for ensuring that the policy is enforced? A. Scope B. Exception C. Overview D. Accountability D. The accountability policy statement should address who is responsible for ensuring that the policy is enforced. 1-13 Which of the following strategies is accomplished any time you take steps to reduce risk? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference D. Risk mitigation is accomplished any time you take steps to reduce risk. 1-14 If you calculate the SLE to be $ 4,000 and that there will be 10 occurrences a year (ARO), then the ALE is: A. $ 400 B. $ 4,000 C. $ 40,000 D. $ 400,000 C. If you calculate the SLE to be $ 4,000 and that there will be 10 occurrences a year (ARO), then the ALE is $ 40,000 ($ 4,000 × 10). 1-15 Which of the following policies describes how the employees in an organization can use company systems and resources, both software and hardware? A. Separation of duties B. Acceptable use C. Least privilege D. Physical access control B. The acceptable use policies describe how the employees in an organization can use company systems and resources, both software and hardware. 1-16 Separation of duties helps to prevent an individual from embezzling money from a company. To embezzle funds successfully, an individual would need to recruit others to commit an act of (an agreement between two or more parties established for the purpose of committing deception or fraud). A. misappropriation B. misuse C. collusion D. fraud C. Collusion is an agreement between two or more parties established for the purpose of committing deception or fraud. Collusion, when part of a crime, is also a criminal act in and of itself. 1-17 Which of the following strategies involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference C. Risk deterrence involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you. 1-18 If you calculate SLE to be $ 25,000 and that there will be one occurrence every four years (ARO), then what is the ALE? A. $ 6,250 B. $ 12,500 C. $ 25,000 D. $ 100,000 A. If you calculate SLE to be $ 25,000 and that there will be one occurrence every four years (ARO), then the ALE is $ 6,250 ($ 25,000 × 0.25). 1-19 Which of the following policies should be used when assigning permissions, giving users only the permissions they need to do their work and no more? A. Separation of duties B. Acceptable use C. Least privilege D. Physical access control C. The principle of least privilege should be used when assigning permissions. Give users only the permissions they need to do their work and no more. 1-20 Which of the following strategies necessitates an identified risk that those involved understand the potential cost/ damage and agree to live with it? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference A. Risk acceptance necessitates an identified risk that those involved understand the potential cost or damage and agree to accept it.
Security+ Review Questions - Chapter 2
2-1 In order for network monitoring to work properly, you need a PC and a network card running in what mode? A. Launch B. Exposed C. Promiscuous D. Sweep C. In order for network monitoring to work properly, you need a PC and a network card running in promiscuous mode. 2-2 Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts? A. badlog B. faillog C. wronglog D. killlog B. Use the faillog utility in Linux to view a list of users' failed authentication attempts. 2-3 A periodic update that corrects problems in one version of a product is called a _____ A. Hotfix B. Overhaul C. Service pack D. Security update C. A service pack is a periodic update that corrects problems in one version of a product. 2-4 Which device monitors network traffic in a passive manner? A. Sniffer B. IDS C. Firewall D. Web browser A. Sniffers monitor network traffic and display traffic in real time. Sniffers, also called network monitors, were originally designed for network maintenance and troubleshooting. 2-5 What is a system that is intended or designed to be broken into by an attacker? A. Honeypot B. Honeybucket C. Decoy D. Spoofing system A. A honeypot is a system that is sacrificed in the name of knowledge. Honeypot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honeypots to gather evidence for prosecution. 2-6 How must user accounts for exiting employees be handled? A. Disabled, regardless of the circumstances B. Disabled if the employee has been terminated C. Deleted, regardless of the circumstances D. Deleted if the employee has been terminated A. No matter the reason for employees leaving, disable their account when they leave. 2-7 In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization? A. Supervisor B. Administrator C. Root D. Director B. The administrator is the person or account responsible for setting the security policy for an organization. 2-8 Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead? A. Enticement B. Entrapment C. Deceit D. Sting B. Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead. 2-9 Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database? A. Event B. SQL_LOG C. Security D. Access A. Event logs include Application logs, such as those where SQL Server would write entries. 2-10 Which of the following is another, more common, name for EAPOL? A. LDAP B. 802.1X C. LDAPS D. 802.12 B. EAPOL is more commonly referenced as 802.1X. 2-11 If you don't know the MAC address of a Windows-based machine, what command-line utility can you use to ascertain it? A. macconfig B. ifconfig C. ipconfig D. config C. Use ipconfig /all to find it in the Windows-based world. 2-12 In the Windows world, what tool is used to disable a port A. System Manager B. System Monitor C. Performance Monitor D. Windows Firewall D. Essentially, you disable a port by using the Windows Firewall to block that port. 2-13 Which of the following is an indication of an ongoing current problem? A. Alert B. Trend C. Alarm D. Trap C. An alarm is an indication of an ongoing current problem. 2-14 Which of the following a programming interface that allows a remote computer to run programs on a local machine? A. RPC B. RSH C. SSH D. SSL A. RPC (Remote Procedure Call) is a programming interface that allows a remote computer to run programs on a local machine. 2-15 Which of the following is the term for a fix for a known software problem? A. Skiff B. Patch C. Slipstream D. Upgrade B. A patch is a fix for a known software problem. 2-16 Which of the following file systems is from Microsoft and was included with their earliest operating systems? A. NTFS B. UFS C. MTFS D. FAT D. The FAT file system is from Microsoft and was included with their earliest operating systems. 2-17 The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as: A. Stabilizing B. Reinforcing C. Hardening D. Toughening C. The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as hardening. 2-18 What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)? A. Enticement B. Entrapment C. Deceit D. Sting A. Enticement is the process of luring someone in. 2-19 Which of the following is a notification that an unusual condition exists and should be investigated? A. Alert B. Trend C. Alarm D. Trap A. An alert is a notification that an unusual condition exists and should be investigated. 2-20 If you don't know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it? A. macconfig B. ifconfig C. ipconfig D. config B. Use ifconfig to find it in the Linux-based world.
RAID Types
0 Striped Disks. Distributes data across multiple disks in a way that provides improved speed (read/write performance). Does not offer fault tolerance. Minimum of two disks required. 1 Provides fault tolerance by mirroring disk contents. Called MIRRORING. Minimum of two disks required. 3 or 4 Striped disks with Dedicated Parity. Combines three or more disks. Data is distributed across all disks. Uses one dedicated disk to store parity. 5 Striped disks with Distributed Parity. Combines three or more disks. Parity is distributed across the drive array. 6 Striped disks with Dual Parity. Combines four or more disks. Adds an additional parity block. Each of the parity blocks is distributed across the drive array. 10 (or 1+0) Mirrored data set that is then striped. A stripe of mirrors. Minimum of four drives: two mirrored to hold half the data, and then two more to hold the other half. 01 (or 0+1) Mirror of the stripes. Minimum of four drives: two mirrored drives to replicate the data on the RAID 0 array.
Security+ Review Questions - Chapter 10
As part of your training program, you're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type? A. Social engineering B. IDS system C. Perimeter security D. Biometrics A. (Social engineering attacks take advantage of our inherent trust as human beings, as opposed to technology, to gain access to your environment.) 2. Which of the following is another name for social engineering? A. Social disguise B. Social hacking C. Wetware D. Wetfire C. (Wetware is another name for social engineering.) 3. Which of the following is the best description of tailgating? A. Following someone through a door they just unlocked B. Figuring out how to unlock a secured area C. Sitting close to someone in a meeting D. Stealing information from someone's desk A. (Tailgating is best defined as following someone through a door they just unlocked.) 4. What is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request? A. Hoaxing B. Swimming C. Spamming D. Phishing D. (Phishing is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request.) 5. When you combine phishing with Voice over IP, it is known as: A. Spoofing B. Spooning C. Whaling D. Vishing D. (Vishing involves combining phishing with Voice over IP.) 6. Which of the following is the best description of shoulder surfing? A. Following someone through a door they just unlocked B. Figuring out how to unlock a secured area C. Watching someone enter important information D. Stealing information from someone's desk C. (Shoulder surfing is best defined as watching someone enter important information.) 7. Which of the following is a high-security installation that requires visual identification, as well as authentication, to gain access? A. Mantrap B. Fencing C. Proximity reader D. Hot aisle A. (High-security installations use a type of intermediate access control mechanism called a mantrap. Mantraps require visual identification, as well as authentication, to gain access. A mantrap makes it difficult for a facility to be accessed by a large number of individuals at once because it allows only one or two people into a facility at a time.) 8. You've been drafted for the safety committee. One of your first tasks is to inventory all of the fire extinguishers and make certain that the correct types are in the correct locations throughout the building. Which of the following categories of fire extinguisher is intended for use on electrical fires? A. Type A B. Type B C. Type C D. Type D C. (Type C fire extinguishers are intended for use in electrical fires.) 9. Which of the following will not reduce EMI? A. Physical shielding B. Humidity control C. Physical location D. Overhauling worn motors B. (Electrical devices, such as motors, that generate magnetic fields cause EMI. Humidity control does not address EMI.) 10. Which of the following is an example of perimeter security? A. Chain link fence B. Video camera C. Elevator D. Locked computer room A. (Perimeter security involves creating a perimeter or outer boundary for a physical space. Video surveillance systems wouldn't be considered a part of perimeter security, but they can be used to enhance physical security monitoring.) 11. You're the leader of the security committee at ACME Company. After a move to a new facility, you're installing a new security monitoring system throughout. Which of the following best describes a motion detector mounted in the corner of a hallway? A. Perimeter security B. Partitioning C. Security zone D. IDS system C. (A security zone is an area that is a smaller component of the entire facility. Security zones allow intrusions to be detected in specific parts of the building.) 12. Which technology uses a physical characteristic to establish identity? A. Biometrics B. Surveillance C. Smart card D. CHAP authenticator A. (Biometrics is a technology that uses personal characteristics, such as a retinal pattern or fingerprint, to establish identity.) 13. The process of reducing or eliminating susceptibility to outside interference is called what? A. Shielding B. EMI C. TEMPEST D. Desensitization A. (Shielding keeps external electronic signals from disrupting operations.) 14. You work for an electronics company that has just created a device that emits less RF than any competitor's product. Given the enormous importance of this invention and of the marketing benefits it could offer, you want to have the product certified. Which certification is used to indicate minimal electronic emissions? A. EMI B. RFI C. CC EAL 4 D. TEMPEST D. (TEMPEST is the certification given to electronic devices that emit minimal RF. The TEMPEST certification is difficult to acquire, and it significantly increases the cost of systems.) 15. Due to growth beyond current capacity, a new server room is being built. As a manager, you want to make certain that all of the necessary safety elements exist in the room when it's finished. Which fire-suppression system works best when used in an enclosed area by displacing the air around a fire? A. Gas-based B. Water-based C. Fixed system D. Overhead sprinklers A. (Gas-based systems work by displacing the air around a fire. This eliminates one of the three necessary components of a fire: oxygen.) 16. Type K fire extinguishers are intended for use on cooking oil fires. This type is a subset of which other type of fire extinguisher? A. Type A B. Type B C. Type C D. Type D B. (Type K fire extinguishers are a subset of Type B fire extinguishers.) 17. Proximity readers work with which of the following? (Choose all that apply.) A. 15.75 fob card B. 14.32 surveillance card C. 13.56 MHZ smart card D. 125 kHz proximity card C, D. (Proximity readers work with 13.56 MHz smart card and 125 kHz proximity cards.) 18. In a hot and cold aisle system, what is the typical method of handling cold air? A. It is pumped in from below raised floor tiles. B. It is pumped in from above through the ceiling tiles. C. Only hot air is extracted and cold air is the natural result. D. Cold air exists in each aisle. A. (With hot and cold aisles, cold air is pumped in from below raised floor tiles.) 19. If RF levels become too high, it can cause the receivers in wireless units to become deaf. This process is called: A. Clipping B. Desensitizing C. Distorting D. Crackling B. (If RF levels become too high, it can cause the receivers in wireless units to become deaf, and it is known as desensitizing. This occurs because of the volume of RF energy present.) 20. RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across which of the following? A. Network medium B. Electrical wiring C. Radio spectrum D. Portable media C. (RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across a radio spectrum. Motors with defective brushes can generate RFI, as can a number of other devices.)
Security+ Review Questions - Chapter 11
As part of your training program, you're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks, you explain, take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type? A. Social engineering B. IDS system C. Perimeter security D. Biometrics A. Social engineering uses the inherent trust in the human species, as opposed to technology, to gain access to your environment. 2. Which classification of information designates that information can be released on a restricted basis to outside organizations? A. Private information B. Full distribution C. Restricted information D. Limited distribution D. Limited distribution information can be released to select individuals and organizations, such as financial institutions, governmental agencies, and creditors. 3. Which of the following is not part of the CIA triad A. Avoidance B. Confidentiality C. Availability D. Integrity A. The CIA triad includes confidentiality, integrity, and availability. 4. Which of the following best defines social engineering? A. Illegal copying of software B. Gathering information from discarded manuals and printouts C. Using people skills to obtain proprietary information D. Destroying or altering data C. Social engineering involves using social skills to breach security in any manner, including obtaining proprietary information. 5. The default level of security established for access controls should be which of the following? A. All access B. Update access C. Read access D. No access D. This is the principle of least privileges and the cornerstone of access control. 6. Personal smartphones at work create a potential security risk due to which of the following? A. Operating system incompatibility B. Large storage capacity C. Widespread use D. Potential for malware introduction D. BYOD involves the possibility of a personal device that is infected with malware introducing that malware to the network. 7. Which of the following access control methods includes switching work assignments at preset intervals? A. Job rotation B. Mandatory vacations C. Least privilege D. Separation of duties A. If you change users' jobs from time to time, it is more likely that accidental or intentional security issues will be uncovered. 8. There are two types of implicit denies. One of these can be configured so that only users specifically named can use the service, and this is known as: A. at.deny B. at.allow C. at.open D. at.closed B. at.allow configurations allow only users specifically named to use the service. 9. information is made available to either large public or specific individuals, whereas information is intended for only those internal to the organization. A. Private; restricted B. Public; private C. Limited distribution; internal D. Public; internal B. Public information is made available to either large public or specific individuals, whereas private information is intended for only those internal to the organization. 10. An administrator can configure access control functions but is not able to administer audit functions. This is an example of what? A. Access enforcement B. Separation of duties C. Least privilege D. Account management B. It is necessary that critical functions not be operational by a single individual. Having several individuals responsible for critical functions reduces the likelihood of purposeful or accidental security issues. 11. Tailgating with the permission of the person being followed is known as: A. Piggybacking B. Convoying C. Clipping D. Riding A. Piggybacking is tailgating with the permission of the person you are following. 12. Who typically signs an NDA (nondisclosure agreement)? A. Alpha testers B. Customers C. Beta testers D. Focus groups C. An NDA is typically signed by beta testers. 13. A company decides that the domain controller administrator and the DNS server administrator should exchange positions in order to allow for more oversight of past transactions. Which of the following is this an example of? A. Least privilege B. Implicit deny C. Separation of duties D. Job rotation D. If you change users' jobs from time to time, it is more likely that accidental or intentional security issues will be uncovered. 14. To avoid mishandling of information (electronic or documents), what should you consider using? A. Labeling B. Token C. Tickets D. SLL A. Labeling information (such as secret, top secret, public) allows those with legitimate access to be immediately aware of how sensitive the data is and how to handle it appropriately. 15. Which act mandates national standards and procedures for the storage, use, and transmission of personal medical information? A. CFAA B. HIPAA C. GLBA D. FERPA B. HIPAA mandates national standards and procedures for the storage, use, and transmission of personal medical information. 16. The Cyberspace Security Enhancement Act gives law enforcement the right to: A. Fine ISPs who host rogue sites B. Gain access to encryption keys C. Restrict information from public view D. Stop issuance of .gov domains B. The Cyberspace Security Enhancement Act gives law enforcement the right to gain access to encryption keys. 17. Which of the following is the highest classification level in the government? A. Top Secret B. Secret C. Classified D. Confidential A. Top Secret is the highest classification level in the government. 18. at.allow is an access control that allows only specific users to use the service. What is at.deny? A. It does not allow users named in the file to access the system. B. It ensures that no one will ever be able to use that part of your system. C. It opens up the server only to intranet users. D. It blocks access to Internet users. A. The at.deny file does not allow users named in the file to access the system. 19. A new sales manager has asked for administrator rights on the sales database. Should you grant that request, and why or why not? A. No, his job does not require administrator rights. B. No, this will interfere with the database administrator's job security. C. Yes, he is the manager and he should get whatever level of access he wants. D. Yes, he should have been given that access initially. A. Least privileges should be your first thought in granting access. A sales manager will need to run reports but does not need administrative rights to the database. 20. Your company requires that when employees are not at their desk no documents should be out on the desk and the monitor should not be viewable. What is this called? A. Wiping the desk B. Clean desk C. Excessive requirements D. Basic housekeeping B. Clean desk means that documents are not out and the computer monitor is not showing anything. Leaving out documents (or leaving them on the screen) means anyone passing by could gain confidential informati
Security+ Review Questions - Chapter 6
In which cloud service model can the consumer "provision" and "deploy and run"? A. SaaS B. PaaS C. IaaS D. CaaS C. In the Infrastructure as a Service (IaaS) model, the consumer can "provision," and is able to "deploy and run," but they still do not "manage or control" the underlying cloud infrastructure. 2. Which cloud delivery model is implemented by a single organization, enabling it to be implemented behind a firewall? A. Private B. Public C. Community D. Hybrid A. A private cloud delivery model is implemented by a single organization and can be implemented behind a firewall. 3. Which cloud service model provides the consumer the infrastructure to create applications and host them? A. SaaS B. PaaS C. IaaS D. CaaS B. In the Platform as a Service (PaaS) model, the consumer has access to the infrastructure to create applications and host them. 4. Which cloud delivery model could be considered a pool of services and resources delivered across the Internet by a cloud provider? A. Private B. Public C. Community D. Hybrid B. A public delivery model could be considered a pool of services and resources delivered across the Internet by a cloud provider. 5. Which cloud service model gives the consumer the ability to use applications provided by the cloud provider over the Internet? A. SaaS B. PaaS C. IaaS D. CaaS A. In the Software as a Service (SaaS) model, the consumer has the ability to use applications provided by the cloud provider over the Internet. 6. Which cloud delivery model has an infrastructure shared by several organizations with shared interests and common IT needs? A. Private B. Public C. Community D. Hybrid C. A community delivery model has an infrastructure shared by several organizations with shared interests and common IT needs. 7. Which cloud delivery model could be considered an amalgamation of other types of delivery models? A. Private B. Public C. Community D. Hybrid D. The hybrid delivery model can be considered an amalgamation of other types of delivery models. A snapshot is a method of capturing a virtual machine at a given point in time. D. Five 9s (99.999 percent) is the industry standard for uptime. B. Elasticity is a feature of cloud computing that involves dynamically provisioning (or de-provisioning) resources as needed. D. Sandboxing is the term for restricting an application to a safe/ restricted resource area. A. Multitenancy implies hosting data from more than one consumer on the same equipment. C. Ultimately, the organization is accountable for the choice of public cloud and the security and privacy of the outsourced service. C. When multiple models are mixed together, this is referred to as Anything as a Service (XaaS). 8. Which of the following is a method of capturing a virtual machine at a given point in time? A. Snapshot B. Photograph C. Syslog D. WMI A. A snapshot is a method of capturing a virtual machine at a given point in time. D. Five 9s (99.999 percent) is the industry standard for uptime. B. Elasticity is a feature of cloud computing that involves dynamically provisioning (or de-provisioning) resources as needed. D. Sandboxing is the term for restricting an application to a safe/ restricted resource area. A. Multitenancy implies hosting data from more than one consumer on the same equipment. C. Ultimately, the organization is accountable for the choice of public cloud and the security and privacy of the outsourced service. C. When multiple models are mixed together, this is referred to as Anything as a Service (XaaS). 9. Which of the following is an industry standard for host availability? A. Eight 9s B. Seven 9s C. Six 9s D. Five 9s D. Five 9s (99.999 percent) is the industry standard for uptime. 10. Which feature of cloud computing involves dynamically provisioning (or de-provisioning) resources as needed? A. Multitenancy B. Elasticity C. CMDB D. Sandboxing B. Elasticity is a feature of cloud computing that involves dynamically provisioning (or de-provisioning) resources as needed. 11. What is the term for restricting an application to a safe/ restricted resource area? A. Multitenancy B. Fencing C. Securing D. Sandboxing D. Sandboxing is the term for restricting an application to a safe/ restricted resource area. 12. Which of the following terms implies hosting data from more than one consumer on the same equipment? A. Multitenancy B. Duplexing C. Bastioning D. Fashioning A. Multitenancy implies hosting data from more than one consumer on the same equipment. 13. When going with a public cloud delivery model, who is accountable for the security and privacy of the outsourced service? A. The cloud provider and the organization B. The cloud provider C. The organization D. No one C. Ultimately, the organization is accountable for the choice of public cloud and the security and privacy of the outsourced service. 14. There are some implementations of cloud computing where multiple service models (IaaS, SaaS, PaaS) are combined into a hybrid. This is known as what? A. DBaaS B. HaaS C. XaaS D. ZaaS C. When multiple models are mixed together, this is referred to as Anything as a Service (XaaS). 15. Although a hybrid cloud could be any mixture of cloud delivery models, it is usually a combination of which of the following? A. Public and community B. Public and private C. Private and community D. Two or more communities B. While a hybrid cloud could be any mixture of cloud delivery models, it is usually a combination of public and private. Which type of hypervisor implementation is known as "bare metal"? A. Type I B. Type II C. Type III D. Type IV A. Type I hypervisor implementations are known as "bare metal." 17. Which type of hypervisor implementation is known as "hosted"? A. Type I B. Type II C. Type III D. Type IV B. Type II hypervisor implementations are known as "hosted." 18. When your servers become too busy, you can offload traffic to resources from a cloud provider. This is known as which of the following? A. Latency B. Cloud bursting C. Multitenancy D. Peaking B. Cloud bursting means that when your servers become too busy, you can offload traffic to resources from a cloud provider. 19. What protocol is used by technologies for load balancing/ prioritizing traffic? A. ESX B. QoS C. IBJ D. IFNC B. QoS (Quality of Service) makes load balancing/ prioritizing possible. What is the machine on which virtualization software is running known as? A. Node B. Workstation C. Host D. Server C. The machine on which virtualization software is running is known as a host, whereas the virtual machines are known as guests.
SY0-401 Attack Types
Spear Phishing A type of phishing attack that focuses on a single user or department within an organization, addressed from someone within the company in a position of trust and requesting information such as login IDs and passwords. These scams will often appear to be from a company's own human resources or technical support divisions and may ask employees to update their username and passwords. Once hackers get this data they can gain entry into secured networks. A variation of this type of attack will ask users to click on a link, which deploys spyware that can thieve data. DDoS (Distributed Denial of Service) A multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. Armored A type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing, disassembling and reverse engineering more difficult. Virus A malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected." Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time, accessing private information, corrupting data, displaying political or humorous messages on the user's screen, spamming their contacts, or logging their keystrokes. Shoulder Surfing Using direct observation techniques to get information Bluejacking The practice of sending messages between mobile users using a Bluetooth wireless connection. Pharming To redirect a website's traffic to another, fake site. can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. Packet Sniffer A program that can record all network packets that travel past a given network interface, on a given computer, on a network. Spyware Software that aids in gathering information about a person or organization without their knowledge. Spread to machines by users that inadvertently ask for it. Tailgating Using someone else to gain access to a building Wardriving Searching for Wi-Fi by a person in a moving vehicle, using a portable computer, smartphone or personal digital assistant SQL (Structured Query Language) Injection The most common relational database management system language. Modifies SQL requests in the browser. The application should be written to prevent this. Spoofing An attempt to gain access to a system by using a false identity. This can be accomplished using stolen user credentials or a false IP address. After the attacker successfully gains access as a legitimate user or host, elevation of privileges or abuse using authorization can begin. Countermeasures include: Filter incoming packets that appear to come from an internal IP address at your perimeter. Filter outgoing packets that appear to originate from an invalid local IP address. Information Gathering Countermeasures include: Configure routers to restrict their responses to foot-printing requests. Configure operating systems that host network software (for example, software firewalls) to prevent foot-printing by disabling unused protocols and unnecessary ports. Man in the Middle An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. Worm A standalone malware program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Sniffing Countermeasures include: Using strong physical security and proper segmenting of the network. This is the first step in preventing traffic from being collected locally. Encrypting communication fully, including authentication credentials. This prevents packets from being usable to an attacker. SSL and IPSec (Internet Protocol Security) are examples of encryption solutions. Dumpster Diving Important information can be thrown out with the trash. Whaling Phishing attacks directed specifically at senior executives and other high profile targets within businesses. Social Engineering Refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access. Adware The common name used to describe software that is given to the user with advertisements embedded in the application. Buffer Overflow When a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Phishing The act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Warchalking Drawing of symbols in public places to advertise an open Wi-Fi network. Bluesnarfing The unauthorized access of information from a wireless device through a Bluetooth connection. Computer Hoax A threat that doesn't actually exist, but SEEMS real. Often consumes lots of resources. Trojan Malicious or harmful code that is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage. DoS (Denial of Service) An attempt to make a machine or network resource unavailable to its intended users. Cross-site Scripting (XSS) Exploits browser security flaws. Information from one site can be shared with another. One of the most common vulnerabilities. Used by malware that uses JavaScript vulnerabilities. Wireless Initialization Vector Attack IV is an extra bit of data thrown in to change the encryption stream. The IV changes each time data is sent (ideally). With 802.11 WEP, the IV is passed along with the encrypted data. The other side reverses the process. Rootkits Software programs that have the ability to hide certain things from the operating system. May cause numerous processes to run on a system that do not show up in Task Manager or cause numerous connections to be established that do not appear in a NETSTAT display. Logic Bombs Programs or code snippets that execute when certain predefined events occur. Backdoor Troubleshooting and developer hooks into systems that often circumvent normal authentication. Or, gaining access to a network and inserting a program or utility that creates an entrance for an attacker. Botnet Malicious software running on infected computers called zombies that are under control of a "bot-herder." Ransomware Software - often delivered through a Trojan - that takes control of a system and demands that a third party be paid in order to get the code needed to revert their systems to normal operations. Polymorphic Viruses that change form in order to avoid detection. Stealth Viruses that attempt to avoid detection by masking themselves from applications. Retroviruses Viruses that attack or bypass the antivirus software installed on a computer. Multipartite Viruses that attack a system in multiple ways. Companion Viruses that attach themselves to legitimate programs and create a program with a different filename extension. Phage Viruses that modify and alter other programs and databases. Macro Viruses that exploit the enhancements made to many application programs, which are used by programmers to expand the capability of applications. Ping of Death Crashes a system by sending Internet Control Message Protocol (ICMP) packets that are ARP Spoofing (Poisoning) The MAC address of the data is faked, possibly making it look as if the data came from a network that it did not. DNS Spoofing (Poisoning) The server is given information about a name server that it thinks is legitimate when it isn't. Vishing When phishing is combined with VoIP. Xmas An advanced scan that tries to get around firewall detection and look for open ports. Sets three flags: FIN, PSH, and URG. Replay When information is captured over a network that is then used to try and access a system for which the attacker is not authorized. Smurf Spoofing a target machine's IP address and broadcasting to that machine's routers so that the routers think the target is sending out the broadcast. This causes every machine on the network to respond and results in an overload of the target system. Brute-Force An attempt to guess passwords until a successful guess occurs. Dictionary Uses common words to attempt to find the user's password. Hybrid Typically uses a combination of dictionary entries and brute force. Birthday Works on the premise that if your key is hashed, given enough time, another value can be created that will give the same hash value. Rainbow Table Focuses on identifying a stored value. Privilege Escalation Involves a user gaining more privileges than they should have allowing them to perform tasks they should not be allowed to do.
Security+ Review Questions - Chapter 3
Which of the following devices is the most capable of providing infrastructure security? A. Hub B. Switch C. Router D. Modem C. Routers can be configured in many instances to act as packet-filtering firewalls. When configured properly, they can prevent unauthorized ports from being opened. Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function? A. Prevents unauthorized packets from entering the network B. Allows all packets to leave the network C. Allows all packets to enter the network D. Eliminates collisions in the network A. Packet filters prevent unauthorized packets from entering or leaving a network. Packet filters are a type of firewall that blocks specified port traffic. Which device stores information about destinations in a network (choose the best answer)? A. Hub B. Modem C. Firewall D. Router D. Routers store information about network destinations in routing tables. Routing tables contain information about known hosts on both sides of the router. As more and more clients have been added to your network, the efficiency of the network has decreased significantly. You're preparing a budget for next year, and you specifically want to address this problem. Which of the following devices acts primarily as a tool to improve network efficiency? A. Hub B. Switch C. Router D. PBX B. Switches create virtual circuits between systems in a network. These virtual circuits are somewhat private and reduce network traffic when used. Most of the sales force has been told that they should no longer report to the office on a daily basis. From now on, they're to spend the majority of their time on the road calling on customers. Each member of the sales force has been issued a laptop computer and told to connect to the network nightly through a dial-up connection. Which of the following protocols is widely used today as a transport protocol for Internet dial-up connections? A. SMTP B. PPP C. PPTP D. L2TP B. PPP can pass multiple protocols, and it is widely used today as a transport protocol for dial-up connections. Which protocol is unsuitable for WAN VPN connections? A. PPP B. PPTP C. L2TP D. IPSec A. PPP provides no security, and all activities are unsecure. PPP is primarily intended for dial-up connections, and it should never be used for VPN connections. You've been notified that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn't a tunneling protocol but is probably used at your site by tunneling protocols for network security? A. IPSec B. PPTP C. L2TP D. L2F A. IPSec provides network security for tunneling protocols. IPSec can be used with many different protocols besides TCP/ IP, and it has two modes of security. 8. A socket is a combination of which components? A. TCP and port number B. UDP and port number C. IP and session number D. IP and port number D. A socket is a combination of IP address and port number. The socket identifies which application will respond to the network request. You're explaining protocols to a junior administrator shortly before you leave for vacation. The topic of Internet mail applications comes up, and you explain how communications are done now as well as how you expect them to be done in the future. Which of the following protocols is becoming the standard for Internet mail applications? A. SMTP B. POP C. IMAP D. IGMP C. IMAP is becoming the most popular standard for email clients and is replacing POP protocols for mail systems. IMAP allows mail to be forwarded and stored in information areas called stores. Which protocol is primarily used for network maintenance and destination information? A. ICMP B. SMTP C. IGMP D. Router A. ICMP is used for destination and error reporting functions in TCP/ IP. ICMP is routable, and it is used by programs such as Ping and Traceroute. IPv6, in addition to having more bits allocated for each host address, has mandatory requirements built in for which security protocol? A. TFTP B. IPSec C. SFTP D. L2TP B. The implementation of IPSec is mandatory with IPv6. Though it is widely implemented with IPv4, it is not a requirement. Which ports are, by default, reserved for use by FTP? (Choose all that apply.) A. 20 and 21 TCP B. 20 and 21 UDP C. 22 and 23 TCP D. 22 and 23 UDP A. FTP uses TCP ports 20 and 21. FTP does not use UDP ports. Which of the following services use only TCP ports and not UDP? A. IMAP B. LDAP C. FTPS D. SFTP D. SFTP uses only TCP ports. IMAP, LDAP, and FTPS all use both TCP and UDP ports. Which of the following can be implemented as a software or hardware solution and is usually associated with a device— a router, a firewall, NAT, and so on— used to shift a load from one device to another? A. Proxy B. Hub C. Load balancer D. Switch C. A load balancer can be implemented as a software or hardware solution and is usually associated with a device— a router, a firewall, NAT, and so on. As the name implies, it is used to shift a load from one device to another. Which of the following are multiport devices that improve network efficiency? A. Switches B. Modems C. Gateways D. Concentrators A. Switches are multiport devices that improve network efficiency. A switch typically has a small amount of information about systems in a network. Which service( s), by default, use TCP and UDP port 22? (Choose all that apply.) A. SMTP B. SSH C. SCP D. IMAP B, C. Port 22 is used by both SSH and SCP with TCP and UDP. What protocol, running on top of TCP/ IP, is often used for name registration and resolution with Windows-based clients? A. Telnet B. SSL C. NetBIOS D. TLS C. NetBIOS is used for name resolution and registration in Windows-based environments. It runs on top of TCP/ IP. How many bits are used for addressing with IPv4 and IPv6, respectively? A. 32, 128 B. 16, 64 C. 8, 32 D. 4, 16 A. IPv4 uses 32 bits for the host address, whereas IPv6 uses 128 bits for this. Which IDS system uses algorithms to analyze the traffic passing through the network? A. Arithmetical B. Algebraic C. Statistical D. Heuristic D. A heuristic system uses algorithms to analyze the traffic passing through the network. Which device monitors network traffic in a passive manner? A. Sniffer B. IDS C. Firewall D. Web browser A. Sniffers monitor network traffic and display traffic in real time. Sniffers, also called network monitors, were originally designed for network maintenance and troubleshooting.
Security+ Review Questions - Chapter 8
Which of the following does not apply to a hashing algorithm? A. One-way B. Long key size C. Variable-length input with fixed-length output D. Collision resistance B. Hashing algorithms must be one-way/ nonreversible, have variable-length input and fixed-length output, and be collision resistant. 2. During a training session, you want to impress upon users how serious security is and, in particular, cryptography. To accomplish this, you want to give them as much of an overview about the topic as possible. Which government agency should you mention is primarily responsible for establishing government standards involving cryptography for general-purpose government use? A. NSA B. NIST C. IEEE D. ITU B. NIST is responsible for establishing the standards for general-purpose government encryption. NIST is also becoming involved in private sector cryptography. 3. Which of the following is the most widely used asymmetric algorithm today? A. RSA B. AES C. 3DES D. SHA A. RSA is the most widely used asymmetric algorithm today. AES and 3DES are symmetric algorithms, and SHA is a hashing algorithm. 4. You're a member of a consortium wanting to create a new standard that will effectively end all spam. After years of meeting, the group has finally come across a solution and now wants to propose it. The process of proposing a new standard or method on the Internet is referred to by which acronym? A. WBS B. X. 509 C. RFC D. IEEE C. The Request for Comments (RFC) process allows all users and interested parties to comment on proposed standards for the Internet. The RFC editor manages the RFC process. The editor is responsible for cataloging, updating, and tracking RFCs through the process. 5. Mary claims that she didn't make a phone call from her office to a competitor and tell them about developments at her company. Telephone logs, however, show that such a call was placed from her phone, and time clock records show that she was the only person working at the time. What do these records provide? A. Integrity B. Confidentiality C. Authentication D. Nonrepudiation D. Nonrepudiation offers indisputable proof that a party was involved in an action. 6. Mercury Technical Solutions has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, the new IT manager wants to use stronger security than SSL can offer. Which of the following protocols is similar to SSL but offers the ability to use additional security protocols? A. TLS B. SSH C. RSH D. X. 509 A. TLS is a security protocol that uses SSL, and it allows the use of other security protocols. 7. MAC is an acronym for what as it relates to cryptography? A. Media access control B. Mandatory access control C. Message authentication code D. Multiple advisory committees C. A MAC as it relates to cryptography is a method of verifying the integrity of an encrypted message. The MAC is derived from the message and the key. 8. You've been brought in as a security consultant for a small bicycle manufacturing firm. Immediately, you notice that they're using a centralized key-generating process, and you make a note to dissuade them from that without delay. What problem is created by using a centralized key-generating process? A. Network security B. Key transmission C. Certificate revocation D. Private key security B. Key transmission is the most serious problem from among the choices. Transmitting private keys is a major concern. Private keys are typically transported using out-of-band methods to ensure security. You need to encrypt your hard drive. Which of the following is the best choice? A. DES B. RSA C. AES D. SHA C. AES is the best symmetric cipher on this list, and it is therefore appropriate for hard drive encryption. DES is weaker and no longer considered secure. RSA is an asymmetric cipher and is never used for hard drive encryption, and SHA is a hashing algorithm. 10. As the head of IT for MTS, you're explaining some security concerns to a junior administrator who has just been hired. You're trying to emphasize the need to know what is important and what isn't. Which of the following is not a consideration in key storage? A. Environmental controls B. Physical security C. Hardened servers D. Administrative controls A. Proper key storage requires that the keys be physically stored in a secure environment. This may include using locked cabinets, hardened servers, and effective physical and administrative controls. 11. What is the primary organization for maintaining certificates called? A. CA B. RA C. LRA D. CRL A. A certificate authority (CA) is responsible for maintaining certificates in the PKI environment. 12. Due to a breach, a certificate must be permanently revoked and you don't want it to ever be used again. What is often used to revoke a certificate? A. CRA B. CYA C. CRL D. PKI C. A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key. 13. Which organization can be used to identify an individual for certificate issue in a PKI environment? A. RA B. LRA C. PKE D. SHA B. A local registration authority (LRA) can establish an applicant's identity and verify that the applicant for a certificate is valid. The LRA sends verification to the CA that issues the certificate. 14. Kristin from Payroll has left the office on maternity leave and won't return for at least six weeks. You've been instructed to suspend her key. Which of the following statements is true? A. In order to be used, suspended keys must be revoked. B. Suspended keys don't expire. C. Suspended keys can be reactivated. D. Suspending keys is a bad practice. C. Suspending keys is a good practice: It disables a key, making it unusable for a certain period of time. This can prevent the key from being used while someone is gone. The key can be reactivated when that person returns. 15. What document describes how a CA issues certificates and for what they are used? A. Certificate policies B. Certificate practices C. Revocation authority D. CRL A. The certificate policies document defines what certificates can be used for. 16. After returning from a conference, your manager informs you that he has learned that law enforcement has the right, under subpoena, to conduct investigations using keys. He wants you to implement measures to make such an event run smoothly should it ever happen. What is the process of storing keys for use by law enforcement called? A. Key escrow B. Key archival C. Key renewal D. Certificate rollover A. Key escrow is the process of storing keys or certificates for use by law enforcement. Law enforcement has the right, under subpoena, to conduct investigations using these keys. 17. The CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified? A. CA B. CP C. CRC D. OCSP D. Online Certificate Status Protocol (OCSP) can be used immediately to verify a certificate's authenticity. 18. Which set of specifications is designed to allow XML-based programs access to PKI services? A. XKMS B. XMLS C. PKXMS D. PKIXMLS A. XML Key Management Specification (XKMS) is designed to allow XML-based programs access to PKI services. 19. Which of the following is similar to Blowfish but works on 128-bit blocks? A. Twofish B. IDEA C. CCITT D. AES A. Twofish was created by the same person who created Blowfish. It performs a similar function on 128-bit blocks instead of 64-bit blocks. 20. Your IT manager has stated that you need to select an appropriate tool for email encryption. Which of the following would be the best choice? A. MD5 B. IPSEC C. TLS D. PGP D. Pretty Good Privacy (PGP) is an excellent email encryption tool that is either free or low cost. The other answers are not encryption t
Security+ Review Questions - Chapter 4
Which of the following is the basic premise of least privilege? A. Always assign responsibilities to the administrator who has the minimum permissions required. B. When assigning permissions, give users only the permissions they need to do their work and no more. C. Regularly review user permissions and take away one that they currently have to see if they will complain or even notice that it is missing. D. Do not give management more permissions than users. B. The basic premise of least privilege is, when assigning permissions, give users only the permissions they need to do their work and no more. Which of the following is a protection feature built into many firewalls that allows the administrator to tweak the tolerance for unanswered login attacks? A. MAC filter B. Flood guard C. MAC limiter D. Security posture B. A flood guard is a protection feature built into many firewalls that allows the administrator to tweak the tolerance for unanswered login attacks. Reducing this tolerance makes it possible to lessen the likelihood of a successful DoS attack. Which of the following is not a tunneling protocol, but is used in conjunction with tunneling protocols? A. IPSec B. PPTP C. L2TP D. L2F A. IPSec provides network security for tunneling protocols. IPSec can be used with many different protocols besides TCP/ IP. The present method of requiring access to be strictly defined on every object is proving too cumbersome for your environment. The edict has come down from upper management that access requirements should be slightly reduced. Which access model allows users some flexibility for information-sharing purposes? A. DAC B. MAC C. RBAC D. MLAC A. DAC allows some information-sharing flexibility capabilities within the network. A newly hired junior administrator will assume your position temporarily while you attend a conference. You're trying to explain the basics of security to her in as short a period of time as possible. Which of the following best describes an ACL? A. ACLs provide individual access control to resources. B. ACLs aren't used in today's systems. C. The ACL process is dynamic in nature. D. ACLs are used to authenticate users. A. Access control lists allow individual and highly controllable access to resources in a network. An ACL can also be used to exclude a particular system, IP address, or user. LDAP is an example of which of the following? A. Directory access protocol B. IDS C. Tiered model application development environment D. File server A. Lightweight Directory Access Protocol (LDAP) is a directory access protocol used to publish information about users. It is the computer equivalent of a phone book. Upper management has suddenly become concerned about security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recommend if the technique to be used is one that is primarily based on preestablished access and can't be changed by users? A. MAC B. DAC C. RBAC D. Kerberos A. Mandatory Access Control (MAC) is oriented toward preestablished access. This access is typically established by network administrators and can't be changed by users. Your office administrator is being trained to perform server backups. Which authentication method would be ideal for this situation? A. MAC B. DAC C. RBAC D. Security tokens C. Role-Based Access Control (RBAC) allows specific people to be assigned to specific roles with specific privileges. A backup operator would need administrative privileges to back up a server. This privilege would be limited to the role and wouldn't be present during the employee's normal job functions. You've been assigned to mentor a junior administrator and bring him up to speed quickly. The topic you're currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, programs, or systems? A. CHAP B. Kerberos C. Biometrics D. Smart cards B. Kerberos uses a key distribution center (KDC) to authenticate a principal. The KDC provides a credential that can be used by all Kerberos-enabled servers and applications. After a careful risk analysis, the value of your company's data has been increased. Accordingly, you're expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon? A. Multifactor B. Biometrics C. Smart card D. Kerberos A. A multifactor authentication method uses two or more processes for logon. A two-factor method might use smart cards and biometrics for logon. You're the administrator for Mercury Technical. Due to several expansions, the network has grown exponentially in size within the past two years. Which of the following is a popular method for breaking a network into smaller private networks that can coexist on the same wiring and yet be unaware of each other? A. VLAN B. NAT C. MAC D. Security zone A. Virtual local area networks (VLANs) break a large network into smaller ones. These networks can coexist on the same wiring and be unaware of each other. A router or other routing-type device would be needed to connect these VLANs. Which technology allows a connection to be made between two networks using a secure protocol? A. Tunneling B. VLAN C. Internet D. Extranet A. Tunneling allows a network to make a secure connection to another network through the Internet or other network. Tunnels are usually secure and present themselves as extensions of both networks. Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data, it's imperative that authentication be established on each session and be valid only for that session. Which of the following authentication methods provides credentials that are valid only during a single session? A. Tokens B. Certificate C. Smart card D. Kerberos A. Tokens are created when a user or system successfully authenticates. The token is destroyed when the session is over. Which of the following is the term used whenever two or more parties authenticate each other? A. SSO B. Multifactor authentication C. Mutual authentication D. Tunneling C. Whenever two or more parties authenticate each other, this is known as mutual authentication. Which of the following security areas encompasses network access control (NAC)? A. Physical security B. Operational security C. Management security D. Triad security B. Operational security issues include network access control (NAC), authentication, and security topologies once the network installation is complete. You have added a new child domain to your network. As a result of this, the child has adopted all of the trust relationships with other domains in the forest that existed for its parent domain. What is responsible for this? A. LDAP access B. XML access C. Fuzzing access D. Transitive access D. Transitive access exists between the domains and creates this relationship. 17. What is invoked when a person claims that they are the user but cannot be authenticated, such as with a lost password? A. Identity proofing B. Social engineering C. Directory traversal D. Cross-site requesting A. Identity proofing is invoked when a person claims that they are the user but cannot be authenticated, such as when they lose their password. Which of the following is a client/ server-oriented environment that operates in a manner similar to RADIUS? A. HSM B. TACACS + C. TPM D. ACK B. Terminal Access Controller Access-Control System (TACACS, and variations like XTACACS and TACACS +) is a client/ server-oriented environment, and it operates in a manner similar to RADIUS. What is implied at the end of each access control list? A. Least privilege B. Separation of duties C. Implicit deny D. Explicit allow C. An implicit deny clause is implied at the end of each ACL, and it means that if the proviso in question has not been explicitly granted, then it is denied. Which of the following is a type of smart card issued by the Department of Defense as a general identification/ authentication card for military personnel, contractors, and non-DoD employees? A. PIV B. POV C. DLP D. CAC D. The Common Access Card (CAC) is issued by the Department of Defense as a general identification/ authentication card for military personnel, contractors, and non-DoD employees.
Security+ Review Questions - Chapter 9
You are the senior administrator for a bank. A user calls you on the telephone and says that they were notified to contact you but couldn't find your information on the company website. Two days ago, an email told them that there was something wrong with their account and that they needed to click a link in the email to fix the problem. They clicked the link and filled in the information, but now their account is showing a large number of transactions that they did not authorize. They were likely the victims of what type of attack? A. Spimming B. Phishing C. Pharming D. Escalating B. Sending an email with a misleading link to collect information is a phishing attack. 2. As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim? A. DoS B. DDoS C. Worm D. UDP attack B. A DDoS attack uses multiple computer systems to attack a server or host in the network. 3. An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred? A. DoS B. DDoS C. Backdoor D. Social engineering C. In a backdoor attack, a program or service is placed on a server to bypass normal security procedures. An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute? A. Man-in-the-middle attack B. Backdoor attack C. Worm D. TCP/ IP hijacking A. A man-in-the-middle attack attempts to fool both ends of a communications session into believing that the system in the middle is the other end. 5. You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be? A. Man-in-the-middle attack B. Backdoor attack C. Replay attack D. TCP/ IP hijacking C. A replay attack attempts to replay the results of a previously successful session to gain access. 6. A smurf attack attempts to use a broadcast ping on a network; the return address of the ping may be a valid system in your network. Which protocol does a smurf attack use to conduct the attack? A. TCP B. IP C. UDP D. ICMP D. A smurf attack attempts to use a broadcast ping (ICMP) on a network. The return address of the ping may be a valid system in your network. This system will be flooded with responses in a large network. Which type of attack denies authorized users access to network resources? A. DoS B. Worm C. Logic bomb D. Social Engineering A. A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network. Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you connected to the Internet. What kind of attack has probably occurred? A. Logic bomb B. Worm C.Virus D. ACK attack A. A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system. You're explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they've heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is she referring to? A. Armored Virus B. Polymorphic virus C. Worm D. Stealth Virus A. An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus. What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes? A. Trojan horse virus B. Stealth virus C. Worm D. Polymorphic virus B. A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system. Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely experiencing? A. Pass-word guessing attack B. Backdoor attack C. Worm attack D. TCP/IP hijacking A. A password-guessing attack occurs when a user account is repeatedly attacked using a variety of passwords. What type of attack uses other methods (hijacking, cross-site forgery, and so forth) to change values in HTTP headers and falsify access? A. Enticement B. Header manipulation C. Class Helper D. UTM B. Header manipulation attacks use other methods (hijacking, cross-site forgery, and so forth) to change values in HTTP headers and falsify access. What is a system that is intended or designed to be broken into by an attacker called? A. Honeypot B. Honeybucket C. Decoy D. Spoofing system A. A honeypot is a system that is intended to be sacrificed in the name of knowledge. Honeypot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honeypots to gather evidence for prosecution. What is it known as when an attacker manipulates the database code to take advantage of a weakness in it? A. SQL tearing B. SQL manipulation C. SQL cracking D. SQL injection D. SQL injection occurs when an attacker manipulates the database code to take advantage of a weakness in it. In an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as: A. Cross-site forgery B. Directory traversal C. Root hardening D. Trusted platform corruption B. If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as directory traversal. What term describes when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party? A. Patch infilitration B. XML injection C. Session hijacking D. DTB exploitation C. Session hijacking occurs when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party. Which of the following involves unauthorized commands coming from a trusted user to the website? A. ZDT B. HSM C. TT3 D. XSRF D. XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user's knowledge, and it employs some type of social networking to pull it off. Which of the following is the name used for looking at the header information sent with data to find out what operating system a host is running? A. Port scanning B. Vishing C. Banner grabbing D. Transitive attack C. Banner grabbing looks at the banner, or header, information messages sent with data to find out about the system( s). What type of tool would best describe Nmap? A. Port scanner B. Vulnerability scanner C. Banner grabber D. Honeynet B. Nmap can be used for multiple purposes, but of the options given, it is best described as a vulnerability scanner. When a hole is found in a web browser or other software, and attackers begin exploiting it the very day it is discovered by the developer, what type of attack is it known as? A. Polymorphic B. Xmas C. Malicious insider D. Zero-day D. When a hole is found in a web browser or other software and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one-to-two-day response time that many software providers need to put out a patch once the hole has been found), it is known as a zero-day attack.
Security+ Review Questions - Chapter 7
Which of the following terms refers to the process of establishing a standard for security? A. Baselining B. Security evaluation C. Hardening D. Methods research A. Baselining is the process of establishing a standard for security. 2. You've been chosen to lead a team of administrators in an attempt to increase security. You're currently creating an outline of all the aspects of security that will need to be examined and acted on. Which of the following terms describes the process of improving security in an OS? A. Common Criteria B. Hardening C. Encryption D. Networking B. Hardening is the process of improving the security of an operating system or application. One of the primary methods of hardening an OS is to eliminate unneeded protocols. 3. Which of the following statements is NOT true? A. You should never share the root directory of a disk. B. You should share the root directory of a disk. C. You should apply the most restrictive access necessary for a shared directory. D. Filesystems are frequently based on hierarchical models. B. Never share the root directory of a disk if at all possible. Doing so opens the entire disk to potential exploitation. 4. Users are complaining about name resolution problems suddenly occurring that were never an issue before. You suspect that an intruder has compromised the integrity of the DNS server on your network. What is one of the primary ways in which an attacker uses DNS? A. Network footprinting B. Network sniffing C. Database server lookup D. Registration counterfeiting A. DNS records in a DNS server provide insights into the nature and structure of a network. DNS records should be kept to a minimum in public DNS servers. Network footprinting involves the attacker collecting data about the network to devise methods of intrusion. 5. Which of the following is the technique of providing unexpected values as input to an application to try to make it crash? A. DLP B. Fuzzing C. TPM D. HSM B. Fuzzing is the technique of providing unexpected values as input to an application to try to make it crash. Those values can be random, invalid, or just unexpected. 6. Which systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed? A. DLP B. PKM C. XML D. GSP A. DLP systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. 7. You're redesigning your network in preparation for putting the company up for sale. The network, like all aspects of the company, needs to perform at its best in order to benefit the sale. Which model is used to provide an intermediary server between the end user and the database? A. One-tiered B. Two-tiered C. Three-tiered D. Relational database C. A three-tiered model puts a server between the client and the database. 8. The administrator at MTS was recently fired, and it has come to light that he didn't install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked clients and servers up-to-date. What is a bundle of one or more system fixes in a single product called? A. Service pack B. Hotfix C. Patch D. System install A. A service pack is one or more repairs to system problems bundled into a single process or function. 9. Your company does electronic monitoring of individuals under house arrest around the world. Because of the sensitive nature of the business, you can't afford any unnecessary downtime. What is the process of applying a repair to an operating system while the system stays in operation? A. Upgrading B. Service pack installation C. Hotfix D. File update C. A hotfix is done while a system is operating. This reduces the necessity of taking a system out of service to fix a problem. 10. Which of the following security features are not needed in a SAN? A. Firewall B. Antivirus C. User access control D. None of the above D. A SAN needs all of the security measures that any other network would need. 11. Your company has grown at a tremendous rate, and the need to hire specialists in various IT areas has become apparent. You're helping to write an online advertisement that will be used to recruit new employees, and you want to make certain that applicants possess the necessary skills. One knowledge area in which your organization is weak is database intelligence. What is the primary type of database used in applications today that you can mention in the ads? A. Hierarchical B. Relational C. Network D. Archival B. Relational database systems are the most frequently installed database environments in use today. 12. What is the process of applying manual changes to a program called? A. Hotfix B. Service pack C. Patching D. Replacement C. A patch is a workaround of a bug or problem in code that is applied manually. Complete programs usually replace patches at a later date. 13. You want to assign privileges to a user so that she can delete a file but not be able to assign privileges to others. What permissions should you assign? A. Full Control B. Delete C. Administrator D. Modify D. Modify is the same as Read and Write, plus Delete. 14. What types of systems monitor the contents of workstations, servers, and networks to make sure that key content is not deleted or removed? A. Backup systems B. DLP C. DoS D. HSM B. Data loss prevention (DLP) systems monitor the contents of workstations, servers, and networks. 15. Which level of RAID is a "stripe of mirrors"? A. RAID 1 + 0 B. RAID 0 + 1 C. RAID 0 D. RAID 1 A. RAID 1 + 0 is a mirrored data set (RAID 1), which is then striped (RAID 0): a "stripe of mirrors." 16. A list of applications approved for use on your network would be known as which of the following? A. Black list B. Red list C. White list D. Orange list C. "White lists" are lists of those items that are allowed (as opposed to a black list— things that are prohibited). 17. What is the term for files including GPS-relevant information with them? A. Backdating B. GPS-linking C. RDF-feeding D. Geo-tagging D. Geo-tagging allows GPS coordinates to accompany a file such as an image. 18. What types of systems utilize parallel processing (improving performance and availability) and add redundancy? A. Loaded B. Collected C. Clustered D. Dispersed C. Clustered systems utilize parallel processing (improving performance and availability) and add redundancy. 19. There is a term used for extremely large amounts of data owned by an organization. What is it officially known as? A. VMFS B. NAS C. SAN D. Big Data D. Increasingly, organizations have to store extremely large amounts of data, often many terabytes. This is sometimes referred to simply as Big Data. 20. Which RAID level writes parity to two different drives, thus providing fault tolerance to the system even in the event of the failure of two drives in the array? A. RAID 0 + 1 B. RAID 6 C. RAID 5 D. RAID 1 + 0 B. RAID 6 writes parity to two different drives, thus providing fault tolerance to the system even in the event of the failure of two drives in the array.
SY0-401 - Wireless
802.11 Defines wireless LANs transmitting at 1 Mbps or 2 Mbps bandwidths using the 2.4 GHz frequency spectrum. 802.11a This standard provides wireless LAN bandwidth of up to 54 Mbps in the 5 GHz frequency spectrum. 802.11b Provides for bandwidths of up to 11 Mbps (with fallback rates of 5.5, 2, and 1 Mbps) in the 2.4 GHz frequency spectrum. This standard is also called Wi-Fi or 802.11 high rate. 802.11g Provides for bandwidths of up to 54 Mbps in the 2.4 GHz frequency spectrum. Though able to obtain faster speeds, it also suffers from the same interference problem of having to share the spectrum with other devices using that frequency, which are inherent with 802.11b. 802.11i Provides for security enhancements to the wireless standard with particular focus on authentication. The standard is often referenced as WPA2, the name given to it by the Wi-Fi Alliance. 802.11n This standard is one of the most popular today. It can operate in both the 5 GHz and the 2.4 GHz (for compatibility) ranges. Under the right conditions, it can reach speeds of 600 Mbps, but actual speeds are much slower. The advantage of this standard is that it offers higher speed and a frequency that does not have as much interference. WEP (Wired Equivalency Privacy) Designed to provide privacy equivalent to that of a wired network. Vulnerable because of a weakness in the way its encryption algorithms (RC4) are employed. Uses a 24-bit initialization vector (IV), which is quite weak and means that IVs are reused with the same key. TKIP (Temporal Key Integrity Protocol) Places a 128-bit wrapper around the WEP encryption with a key that is based on things such as the MAC address of the destination device and the serial number of the packet. WAP (Wireless Application Protocol) A data transmission standard adopted by many manufacturers. Its functions are equivalent to TCP/IP functions. Use a smaller version of HTML called Wireless Markup Language (WML), which is used for Internet displays. Can also respond to scripts using WMLScript, which is similar to Java. WPA (Wi-Fi Protected Access) Implements most of the 802.11i standard in order to communicate with older devices. Use RC4 along with TKIP. WPA2 (Wi-Fi Protected Access 2) Uses the full standard of 802.11i and requires CCMP. CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) Uses 128-bit AES encryption with a 48-bit initialization vector. WTLS (Wireless Transport Layer Security) Provides authentication, encryption, and data integrity for wireless devices.
SY0-401 - Well Known Ports
FTP Data 20 TCP FTP Control 21 TCP SSH and SCP 22 TCP Telnet 23 TCP SMTP 25 TCP TACACS 49 UDP TACACS+ 49 TCP HTTP 80 TCP POP3 110 TCP SFTP 22 TCP NNTP 119 TCP NetBIOS name service 137 UDP NetBIOS datagram service 138 UDP NetBIOS session service 139 TCP IMAP 143 TCP LDAP 389 TCP UDP HTTPS 443 TCP FTPS Data 989 TCP UDP FTPS Control 990 TCP UDP RDP (MS WBT Server) 3389 TCP UDP DNS 53 TCP UDP TFTP (Trivial File Transfer Protocol) 69 UDP SNMP 161 UDP SNMP Trap 162 TCP UDP SSL VPN 443 TCP ISAKMP (VPN) 500 UDP L2TP 1701 UDP PPTP 1723 TCP UDP DHCP 67 68 UDP Kerberos 88 TCP UDP Syslog 514 UDP RADIUS 1812 1813 TCP UDP LDAP/SSL 636 TCP
SY0-401 - Access Controls and Related Terms
Mandatory (MAC) All access is predefined. Enforces a rigid model of security. Used in environments where confidentiality is a driving force. Often incorporates government and military classifications such as Top Secret and others. Discretionary (DAC) Incorporates some flexibility but increases the risk of unauthorized disclosure of information. Role-Based (RBAC) Allow's the user's role to dictate access capabilities. Rule-Based (RBAC) Limits the user to settings in preconfigured policies. Continuous Monitoring An ongoing audit of what resources a user actually accesses. Flood Guard A protection feature built into many firewalls that allows the administrator to tweak the tolerance for unanswered login attacks.
SY0-401 Authentication Protocols
PAP (Password Authentication Protocol) An older authentication protocol that is no longer used. Sends the username and password to the authentication server in plain text. SPAP (Shiva Password Authentication Protocol) Replaced an older authentication protocol that is no longer used. The main difference between the two is that this one encrypts the username and password (rather than sending it in plain text). CHAP (Challenge Handshake Authentication Protocol) Designed to stop man-in-the-middle (MITM) attacks. Upon initial authentication, the connecting machine is forced to generate a random number (usually a hash) and send it to the server which will then challenge the client to occasionally reply with that initial number. If an attacker has taken over the session, they won't be able to respond with the correct number. TOTP (Time-Based One-Time Password) An algorithm that uses a time-based factor to create unique passwords. HOTP (HMAC-Based One-Time Password) An algorithm that is based on using a Hash Message Authentication Code (HMAC) algorithm.
SY0-401 - Cloud Computing
SaaS (Software as a Service) Using provider's applications running on a cloud infrastructure. These applications are accessible through either a thin client interface such as a web browser or a program interface. The consumer does not manage or control the underlying cloud infrastructure. PaaS (Platform as a Service) The consumer can deploy consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure, but has control over the deployed applications and possible configuration settings for the application-hosting environment. IaaS (Infrastructure as a Service) The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possible limited control of select networking components. XaaS (Anything as a Service) When multiple models are combined. Private Provisioned for exclusive use by a single organization comprising multiple consumers. It may be owned, managed, and operated by the organization, a third party, or some combination thereof, and it may exist on or off premises. Public Provisioned for open use. It may be owned, managed, and operated by a business, academic, or government organization, or some combination thereof. It exists on the premises of the cloud provider. Community Provisioned for exclusive use by a specific group of consumers from organizations that have shared concerns. It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination thereof, and it may exist on or off premises. Hybrid A composition of two or more distinct cloud infrastructures that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portabilit
Security+ Review Questions - Chapter 12
Which plan or policy helps an organization determine how to relocate to an emergency site? A. Disaster-recovery plan B. Backup site plan C. Privilege management policy plan D. Privacy plan A. The disaster-recovery plan deals with site relocation in the event of an emergency, natural disaster, or service outage. Although you're talking to her on the phone, the sound of the administrative assistant's screams of despair can be heard down the hallway. She has inadvertently deleted a file that the boss desperately needs. Which type of backup is used for the immediate recovery of a lost file? A. Onsite storage B. Working copies C. Incremental backup D. Differential backup B. Working copies are backups that are usually kept in the computer room for immediate use in recovering a system or lost file. You're trying to rearrange your backup procedures to reduce the amount of time they take each evening. You want the backups to finish as quickly as possible during the week. Which backup system backs up on the the files that have changed since the last backup? A. Full backup B. Incremental backup C. Differential backup D. Backup server B. An incremental backup backs up files that have changed since the last full or partial backup. Which backup system backs up all of the files that have changed since the last full backup? A. Full backup B. Incremental backup C. Differential backup D. Archival backup C. A differential backup backs up all of the files that have changed since the last full backup. You're a consultant brought in to advise MTS on its backup procedures. One of the first problems you notice is that the company doesn't use a good tape-rotation scheme. Which backup method uses a rotating schedule of backup media to ensure long-term information storage? A. Grandfather, Father, Son method B. Full Archival method C. Backup Server method D. Differential Backup method A. The Grandfather, Father, Son backup method is designed to provide a rotating schedule of backup processes. It allows for a minimum usage of backup media, and it still allows for long-term archiving. Which site provides limited capabilities for the restoration of services in a disaster? A. Hot site B. Warm site C. Cold site D. Backup site B. Warm sites provide some capabilities in the event of a recovery. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that may already exist at the warm site. You're the head of information technology for MTS and have a brother in a similar position for ABC. The companies are approximately the same size and are located several hundred miles apart. As a benefit to both companies, you want to implement an agreement that would allow either company to use resources at the other site should a disaster make a building unusable. What type of agreement between two organizations provides mutual use of their sites in the event of an emergency? A. Backup-site agreement B. Warm-site agreement C. Hot-site agreement D. Reciprocal agreement D. A reciprocal agreement is between two organizations and allows one to use the other's site in an emergency. The process of automatically switching from a malfunctioning system to another system is call what? A. Fail safe B. Redundancy C. Failover D. Hot site C. Failover occurs when a system that is developing a malfunction automatically switches processes to another system to continue operations. Which agreement outlines performance requirement for a vendor? A. MTBF B. MTTR C. SLA D. BCP C. A service-level agreement (SLA) specifies performance requirements for a vendor. This agreement may use MTBF and MTTR as performance measures in the SLA. Your company is about to invest heavily in an application written by a new startup. Because it is such a sizable investment, you express your concerns about the longevity of the new company and the rick this organization is taking. You propose that the new company agree to store its source code for use by customers in the event that it ceases business. What is this model called? A. Code escrow B. SLA C. BCP D. CA A. Code escrow allows customers to access the source code of installed systems under specific conditions, such as the bankruptcy of a vendor. Which of the following would normally NOT be part of an incident response policy? A. Outside agencies (that require status) B. Outside experts (to resolve the incident) C. Contingency plans D. Evidence collection procedures C. A contingency plan wouldn't normally be part of an incident response policy. It would be part of a disaster-recovery plan. Which of the following is the measure of the anticipated incidence of failure for a system or component? A. CIBR B. AIFS C. MTBF D. MTTR C. Mean time between failures (MTBF) is the measure of the anticipated incidence of failure for a system or component. Which of the following outlines those internal to the organization who have the ability to step into positions when they open? A. Succession planning B. Progression planning C. Emergency planning D. Eventuality planning A. Succession planning outlines those internal to the organization who have the ability to step into positions when they open. What is another name for working copies? A. Functional copies B. Running copies C. Operating copies D. Shadow copies D. Working copies are also known as shadow copies. Which of the following is a reversion from a change that had negative consequences A. Backup B. ERD C. Backout D. DIS C. A backout is a reversion from a change that had negative consequences. Which o the following is data that is too large to deal with by traditional database management means? A. Infomatics B. Big data C. Bit stream D. Data warehouse B. Big data is data that is too large to be dealt with by traditional database management means. According to CERT, which of the following would be a formalized or an ad hoc team you can call upon to respond to an incident after it arises? A. CSIRT B. CIRT C. IRT D. RT A. CSIRT is a formalized or an ad hoc team you can call upon to respond to an incident after it arises. Which of the following is a concept that works on the assumption that any information created on any system is stored forever? A. Cloud computing B. Warm site C. Big data D. Full archival D. Full archival is a concept that works on the assumption that any information created on any system is stored forever. Which of the following is a newer backup type that provides continuous online backup by using optical or tape jukeboxes and can be configured to provide the closest version of an available real-time backup? A. TPM B. HSM C. SAN D. NAS B. HSM is a newer backup type that provides continuous online backup by using optical or tape jukeboxes. It appears as an infinite disk to the system, and it can be configured to provide the closest version of an available real-time backup. Which type of penetration-style testing involves actually trying to break into the network? A. Discreet B. Indiscreet C. Non-intrusive D. Intrusive D. Intrusive testing involves actually trying to break into the network. Non-intrusive testing takes more of a passive approach.
Security+ Review Questions - Chapter 5
Which protocol is mainly used to enable access to the Internet from a mobile device or smartphone? A. WEP B. WTLS C. WAP D. WPO C. Wireless Application Protocol (WAP) is an open international standard for applications that use wireless communication. Which protocol operates on 2.4 GHz and has a bandwidth of 1 Mbps or 2 Mbps? A. 802.11 B. 802.11a C. 802.11b D. 802.11g A. 802.11 operates on 2.4 GHz. This standard allows for bandwidths of 1 Mbps or 2 Mbps. You're outlining your plans for implementing a wireless network to upper management. Suddenly, a vice president brings up the question of security. Which protocol was designed to provide security for a wireless network and is considered equivalent to the security of a wired network? A. WAP B. WTLS C. WPA2 D. IR C. Wi-Fi Protected Access 2 (WPA2) was intended to provide security that's equivalent to that on a wired network, and it implements elements of the 802.11i standard. Which of the following is a primary vulnerability of a wireless environment? A. Decryption software B. IP spoofing C. A gap in the WAP D. Site survey D. A site survey is the process of monitoring a wireless network using a computer, wireless controller, and analysis software. Site surveys are easily accomplished and hard to detect. Which of the following is synonymous with MAC filtering? A. TKIP B. Network lock C. EAP-TTLS D. MAC secure B. The term network lock is synonymous with MAC filtering. Which of the following 802.11 standards is often referenced as WPA2? A. 802.11a B. 802.11b C. 802.11i D. 802.11n C. The WPA2 standard is also known as 802.11i. Which of the following 802.11 standards provides for bandwidths of up to 300 Mbps? A. 802.11n B. 802.11i C. 802.11g D. 802.11b A. The 802.11n standard provides for bandwidths of up to 300 Mbps. An IV attack is usually associated with which of the following wireless protocols? A. WEP B. WAP C. WPA D. WPA2 A. An IV attack is usually associated with the WEP wireless protocol. Which type of encryption does CCMP use? A. EAP B. DES C. AES D. IV C. CCMP uses 128-bit AES encryption. Which encryption technology is associated with WPA? A. TKIP B. CCMP C. WEP D. LDAP A. The encryption technology associated with WPA is TKIP. What is the size of the initialization vector (IV) that WEP uses for encryption? A. 6-bit B. 24-bit C. 56-bit D. 128-bit B. The initialization vector (IV) that WEP uses for encryption is 24-bit. Which of the following authentication levels with WAP requires both ends of the connection to authenticate to confirm validity? A. Relaxed B. Two-way C. Server D. Anonymous B. Two-way authentication requires both ends of the connection to authenticate to confirm validity. Which of the following provides services similar to TCP and UDP for WAP? A. WTLS B. WDP C. WTP D. WFMD C. The Wireless Transaction Protocol (WTP) provides services similar to TCP and UDP for WAP. Packets between the WAP server and the Internet may be intercepted. What is this vulnerability known as? A. Packet sniffing B. Minding the gap C. Middle man D. Broken promise A. When the interconnection between the WAP server and the Internet isn't encrypted, packets between the devices may be intercepted; this vulnerability is known as packet sniffing. What is the size of the wrapper TKIP places around the WEP encryption with a key that is based on things such as the MAC address of your machine and the serial number of the packet? A. 128-bit B. 64-bit C. 56-bit D. 12-bit A. TKIP places a 128-bit wrapper around the WEP encryption with a key that is based on things such as the MAC address of the host device and the serial number of the packet. The system administrator for Bill Steen Moving comes back from a conference intent on disabling the SSID broadcast on the single AP the company uses. What will the effect be on client machines? A. They will no longer be able to use wireless networking. B. They will no longer see the SSID as a Preferred Network when they are connected. C. They will no longer see the SSID as an available network. D. They will be required to make the SSID part of their HomeGroup. C. Disabling the SSID broadcast keeps it from being seen in the list of available networks, but it is still possible to connect to it and use the wireless network. Tammy is having difficulty getting a signal from the AP on the second floor of her home office to the basement. You recommend that she replace the antenna on the AP. What measurement should she use to compare gain between possible antenna options? A. ios B. GB/ s C. MHz D. dBi D. The dBi number indicates the amount of gain the antenna offers. What should a VPN over wireless use for tunneling? A. TKIP B. SSL or IPSec C. CCMP D. PEAP B. The VPN should use SSL or IPSec for the tunneling. What technology is used to send data between phones that are in close proximity to each other? A. NFC B. IBI C. IBJ D. IFNC A. Near field communication (NFC) is used to send data between phones that are in close proximity. What technology is used to simplify network setup by allowing a router to have the administrator push a button on it to allow a new host to join? A. WEP B. WPA C. WTLS D. WPS D. WPS (Wi-Fi Protected Setup) is intended to simplify network setup for home and small offices.
