M12 C.2.2 - CompTIA A+ 220-1102 (Core 2) Domain 2.0: Security
Which of the following can be used to back up a company's certificate database? Answer Master File Table MDM software Certificate Manager Hard tokens certificate database? Answer Master File Table MDM software Certificate Manager Hard token
Certificate Manager ---Mobile device management (MDM) software is used by administrators to secure mobile devices and to enforce enterprise policies on devices. A hard token is a hardware device that is used to authenticate users. It is not used to back up a company's certificate database. The Master File Table (MFT) is a special partition that is created during the Windows installation process and holds the access control list.
What is issued to a website in order for it to be validated as a trusted website? Answer Hash code DNS Certificate authority Extension
Certificate authority
Which type of password cracking attack uses a list of words and phrases to guess the password? Answer Password spraying SQL injection Session hijacking Dictionary attack
Dictionary attack
Which of the following stores user accounts, groups, and their assigned rights and permissions? Answer Active Directory Local Users and Groups Microsoft account Domain controller
Domain controller --A domain controller is a special server that stores user accounts, groups, and their rights and permissions. --Domain accounts are stored in a central database called Active Directory. --A Microsoft account enables feature such as syncing your settings across multiple computers. It is not designed to store the rights and permissions associated with a user account. --Local Users and Groups is a feature in Windows that lets you create and manage users and groups locally on your computer.
You are establishing a new security policy for user authentication and want to implement multi-factor authentication. Which of the following would BEST accomplish this? Answer Fingerprint and one-time code text message Username and password Fingerprint and iris scan Smart card and one-time code text message
Fingerprint and one-time code text message --Multi-factor authentication requires that a user demonstrate two of the following: Something you are Something you know Something you have The only answer that satisfies this requirement is a fingerprint (something you are) and a one-time code text message (something you have, as the user must have their cell phone to receive the text message). Fingerprint and iris scans are both something you are. Usernames and passwords are both something you know. A smart card and one-time code text message are both something you have.
Which of the following is true of groups on a Windows system? Answer Users can log on as the group and have all the assigned access rights. A group allows multiple users to share a single logon. Group members have the access rights that are assigned to the group. Users and local resources, such as printers and shared folders, can be made members of a group.
Group members have the access rights that are assigned to the group.
Which formatting method leaves data on a drive in a state that can be recovered using special software? Answer Deep format Full format Low-level formatting High-level formatting
High-level formatting ---A high-level format is performed using the tools in the operating system. This method removes the pointers to files, but the data remains on the drive itself and can be recovered using special software. --A low-level format writes new sectors and tracks to the drive and is typically done by the manufacturer when the drive is first assembled. When performing a low-level format, the sectors and tracks are recreated, and all empty space is filled with zeroes. --Full or deep formats are not valid format types.
Which of the following hard drive destruction methods runs the risk of releasing toxic by-products? Answer Incineration Shredding Drilling Degaussing
Incineration
The AAA security standard includes authentication, authorization, and accounting (logging of user actions). Which of the following authentication protocols only provides authentication? Answer Kerberos TACACS+ RADIUS AES
Kerberos ---The Kerberos protocol only provides authentication, not authorization and accounting. ---RADIUS and TACACS+ both provide authentication, authorization, and accounting. ---AES (Advanced Encryption Standard) is an encryption algorithm, not an authentication protocol.
Which of the following door locks provides authentication to a specific lock over a Bluetooth connection? Answer Key fob Smart card Standard lock Biometric
Key fob
Susan has left the company and has been replaced by Manuel. You create a user account for Manuel on Susan's computer. Manuel calls you and says that he can't open a specific file on the computer. Which of the following will MOST likely correct the problem? Answer Delete Susan's user account from the system. Make Manuel the file owner. Edit the Local Security Policy and modify user rights. Make Manuel's user account a member of the Power Users group.
Make Manuel the file owner.
You have an executive user who keeps sensitive information about the company on a company-owned mobile device. You want to be prepared to keep company information secure if he loses this device or if it is stolen. Which of the following solutions should you use? (Select two.) Answer Mobile device management software that provides pop-up blocking. Mobile device management software that performs full device encryption. Mobile device management software that allows automatic detection of unfamiliar networks. Mobile device management software that performs remote wipes. Mobile device management software that automatically detects network firewalls.
Mobile device management software that performs remote wipes.
You want to be able to access your home computer using Remote Desktop while traveling. You enable Remote Desktop, but you find that you cannot access your computer outside of your home network. Which of the following is the BEST solution to your problem? Answer Move your home computer outside of the firewall. Open the firewall port for the Remote Desktop protocol. Open the Telnet and SSH ports in your firewall. Configure a VPN connection to your computer.
Open the firewall port for the Remote Desktop protocol.
Which of the following is released by software vendors to address issues or vulnerabilities? Answer Patches Definition files Exploits Configuration settings
Patches --Patches are released by software vendors to address known issues or security vulnerabilities. ----Configuration settings are used to set user preferences or define how a program operates. They are not released by software vendors to address known issues or security vulnerabilities. ----Definition files are used by anti-malware programs to detect known malware. ----Attackers use exploits to target known vulnerabilities.
A technician assists Joe, an employee in the sales department who needs access to the client database, by granting him Administrator privileges. Later, Joe discovers that he has access to the salaries in the payroll database. Which of the following security practices was violated? Answer Multi-factor authentication Strong password policy Principle of least privilege Entry control roster
Principle of least privilege
Joe, an executive, receives an email that appears to be from the financial institution that provides his company credit card. The text of the email includes Joe's name and the company name and states that there is a problem with Joe's credit card. The email provides a link to verify the credit card, but when Joe hovers over the link, he thinks the web address seems strange. Which of the following BEST describes this type of attack? Answer On-path Social engineering Brute forcing Zero-day attack
Social engineering
You are working as a junior network technician at the local hospital. The security administrator has just finished rolling out a new security policy that requires users to log in to workstations using a fingerprint scanner. Which authentication category does this fall under? Answer Something you know Something you have Soft token Something you are
Something you are
The Hide Programs setting is configured for a specific user as follows: Policy Setting Local Group Policy Enabled Default Domain Policy GPO Not configured GPO linked to the user's organizational unit Disabled After logging in, the user is able to see the Programs and Features option. Why did this happen? Answer The Default Domain GPO is applied last. It is set to Not configured, so it doesn't change the configuration. The Local Group Policy is applied last. It is set to Enabled, which makes the Programs and Features option visible. The GPO linked to the user's organizational unit is applied first, so this setting takes precedence over settings that are applied later. The GPO linked to the user's organizational unit is applied last, so this setting takes precedence.
The GPO linked to the user's organizational unit is applied last, so this setting takes precedence.
Which of the following is a program that appears to be a legitimate application, utility, game, or screen saver, but performs malicious activities surreptitiously? Answer Trojan horse Worm Scareware Ransomware
Trojan horse
You have recently purchased a third-party application and installed it on your workstation. However, after doing some maintenance work on the users and groups on your Windows system, the application begins to display error messages each time you try to run it. What is the MOST likely cause of the issue? Answer You assigned the wrong permissions to your user account. You assigned the application user account to the Users group. You deleted a group that was created by the third-party application. You switched from a domain account login to a local login.
You deleted a group that was created by the third-party application. --Assigning the wrong permissions to your user account would not impact the functioning of a third-party application. ---Switching from a domain to a local login would not impact the launching of a application. ---The application would not have a user account (although it might have a system account).
