CompTIA A+ Certification Practice Test 15 (Exam 220-902)
Zombie
A computer that has been compromised by a virus or Trojan horse that puts it under the remote control of an online hijacker is called: Honeypot Zombie Logic bomb Proxy
RFID badge
A type of identification badge that can be held within a certain distance of the reader to authenticate the holder is called: ID badge Smart card Security token RFID badge
Vulnerability that is present in already released software but unknown to the software developer
A zero-day attack exploits: New accounts Patched software Vulnerability that is present in already released software but unknown to the software developer Well known vulnerability
True
An attack against encrypted data that relies heavily on computing power in order to check all possible keys and passwords until the correct one is found is known as a brute-force attack. True or False
Spoofing Social engineering
An email sent from an unknown source disguised as the source known to the message receiver is an example of: (Select 2 answers) Spoofing Dictionary attack Trojan horse Brute forcing Social engineering Tailgating
Social engineering
An unauthorized practice of obtaining confidential information by manipulating people into disclosing sensitive data is known as: Zero-day attack MITM attack Social engineering Backdoor access
True
Authentication process can be based on different categories of authentication factors, including unique physical traits of each individual such as fingerprints ("something you are"), physical tokens such as smart cards ("something you have"), or user names and passwords ("something you know"). Additional factors might include geolocation ("somewhere you are"), or user-specific activity patterns, such as for example keyboard typing style ("something you do"). Multifactor authentication systems require implementation of authentication factors from two or more different categories. True or False
Shoulder surfing
In computer security, a situation in which an unauthorized person is able to view another user's display or keyboard to learn their password or other confidential information is known as: Spear phishing Tailgating Shoulder surfing Spoofing
Spear phishing
Phishing scams targeting a specific group of people are generally referred to as: Vishing Spear phishing Spoofing Whaling
True
Privacy filter (aka privacy screen) is a protective overlay placed on the computer screen that narrows the viewing angle so data is only visible directly in front of the monitor and cannot be seen by others nearby. Privacy filter is one of the countermeasures against shoulder surfing. True or False
True
The term "Mantrap" refers to a physical security access control system used to prevent unauthorized users from gaining access to restricted areas by following another person. An example mantrap could be a two-door entrance point connected to a guard station wherein a person entering mantrap from the outside remains locked inside until he/she provides authentication token required to unlock the inner door. True or False
Password length Password complexity
The two factors that are considered important for creating strong passwords are: Password length Minimum password age Password history Password complexity Maximum password age
Gaining unauthorized access to restricted areas by following another person
What is tailgating? Acquiring unauthorized access to confidential data Looking over someone's shoulder in order to get information Gaining unauthorized access to restricted areas by following another person Manipulating a user into disclosing confidential information
NAC
What type of security measure is in place when a client is denied access to the network due to an outdated antivirus software? NAS DMZ NAC NAT
SMTP
Which of the answers listed below refers to a network protocol used in the most common types of spoofing attacks? SMTP RDP SNMP Telnet
-User education -Strong authentication -Principle of least privilege -Patch/update management -Appropriate data destruction and disposal methods
Which of the following answers refer(s) to the implementation of best security practices in a corporate environment? (Select all that apply) User education Strong authentication Principle of least privilege Patch/update management Appropriate data destruction and disposal methods Virtualization support
Password and biometric scan
Which of the following examples meets the requirement of multifactor authentication? Password and biometric scan Username and PIN Smart card and identification badge Iris and fingerprint scan
Spear phishing Shoulder surfing Tailgating
Which of the following fall(s) into the category of social engineering attacks? (Select all that apply) MITM attack Spear phishing Dictionary attack Shoulder surfing Zero-day attack Tailgating
MITM
Which of the following is an example of active eavesdropping? Spoofing Zero-day attack Spear phishing MITM
Key fob Door lock Biometrics RFID badge
Which of the following prevention methods fall(s) into the category of physical security controls? (Select all that apply) Key fob Door lock Data Loss Prevention (DLP) Biometrics Access Control List (ACL) RFID badge Firewall
Cable locks
Which of the following provides physical security measure against laptop theft? Cable locks Trusted Platform Module (TPM) Geotracking LoJack for Laptops
Botnet
Which of the following terms is used to describe a collection of intermediary compromised systems under control of a hacker? Honeynet Botnet Intranet Malware
Dictionary attack
Which of the password attacks listed below takes advantage of a predefined list of words? Replay attack Birthday attack Dictionary attack Brute-force attack
Mantraps
Which of the security controls listed below is used to prevent tailgating? Hardware locks Mantraps Video surveillance EMI shielding
Shredder
Which of the tools listed below allows for secure disposal of physical documents? Shredder Hard drive sanitation Degaussing tool Recycle Bin
