MeasureUp, Security+ Final Questions, Measure Up Practice, Practice Exam Questions, Security+, SECURITY + QUESTIONS
Download the updates to a central server on your network and redistribute updates to network computers.
All computers on your network are configured for automatic updates. You need to be able to control deployment to prevent compatibility problems. The solution should not compromise operating system security. What should you do?
Of the following, which can be a security benefit when using virtualization? A. Patching a computer patches all virtual machines running on the computer. B. If one virtual machine is compromised, none of the other virtual machines can be compromised. C. If a virtual machine is compromised, the adverse effects can be compartmentalized. D. Virtual machines cannot be affected by hacking techniques.
C. If a virtual machine is compromised, the adverse effects can be compartmentalized.
If a switch enters fail open mode because its CAM table memory has been filled, then it will cease to function properly as a switch. What type of attack could cause this? A. DOS B. physical tampering C. MAC flooding D. double tagging
C. MAC flooding
Which protocol is based on SSH? A. FIPS B. FTP C. SFTP D. TFTP
C. SFTP
Timothy complains about a lot of pop-up Windows when he uses Internet Explorer. Which key combination should you tell him to use to close the pop-up Windows? A. Ctrl+Alt+Del B. Alt+F4 C. Ctrl+Shift+Esc D. Windows key
B. Alt+F4
How can Internet Explorer be centrally managed for several computers? A. In the Advanced tab of the Internet Options dialog box B. By way of a group policy C. By creating an organizational unit D. In the Registry
B. By way of a group policy
Which of the following attacks uses a JavaScript image tag in an email? A. SQL injection B. Cross-site scripting C. Cross-site request forgery D. Directory traversal
B. Cross-site scripting
Which of the following will most likely enable an attacker to force a switch to function like a hub? A. DNS spoofing B. MAC flooding C. ARP poisoning D. DNS poisoning
B. MAC flooding
Which of the following best describes a backdoor? A. code inserted into software that initiates one of several types of functions when specific criteria are met B. computer programs used to bypass normal authentication or other security mechanisms in place C. a platonic extra added to an operating system D. a group of compromised computers
B. computer programs used to bypass normal authentication or other security mechanisms in place
Which of the following attacks cannot occur through e-mail? A. phage virus B. dictionary attack C. Trojan horse D. polymorphic virus
B. dictionary attack
You have been asked by an organization to help correct problems with users unknowingly downloading malicious code from websites. Which of the following should you do to fix this problem? A. implement a policy to minimize the problem B. disable unauthorized ActiveX controls C. use virtual machines D. install a network based intrusion detection system
B. disable unauthorized ActiveX controls
You have been tasked with securing a switch from physical access. Which of the following should you implement first? A. check the baseline configuration B. disable unused ports C. disable unnecessary accounts D. set up access control lists
B. disable unused ports
What are kernel-level rootkits designed to do to a computer? A. make a computer susceptible to pop-ups B. extract confidential information C. read the BIOS file D. crack the user's password
B. extract confidential information
Which of the following occurs when an IDS identifies legitimate activity as something malicious? A. false-negative B. false-positive C. monitoring positive D. misidentification
B. false-positive
Which of the following programming techniques can stop buffer overflow attacks? A. sandbox B. input validation C. SQL injection attack D. backdoor analysis
B. input validation
Tom sends out many emails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the emails? A. authenticity B. nonrepudiation C. confidentiality D. integrity
B. nonrepudiation
Which of the following type of virus can change every time it is executed in an attempt to avoid antivirus detection? A. macro B. polymorphic C. armored D. boot sector
B. polymorphic
You are the network security manager for your company. You recently audited a server and found that a user logged in to the server with a regular account, executed a program, and performed activities that should be available only to an administrator. What type of attack does this describe? A. brute force B. privilege escalation C. Trojan horse D. backdoor
B. privilege escalation
Malware can use virtualization techniques. Why would this be difficult to detect? A. the malware might be using a Trojan B. the malware could be running a more privileged level than the computer's antivirus software C. the malware might be running in the command-line D. a portion of the malware might have already been removed by an IDS
B. the malware could be running a more privileged level than the computer's antivirus software
Which port is used by Microsoft SQL? A. 1723 B. 443 C. 1433 D. 445
C. 1433
1) AES 2)TKIP
802.11i standard specifies support for which encryption algorithm?
James doesn't want people to see where he browsed to on the Internet. What is a good way to clear his Internet browsing history? A. Checkmark the Empty Temporary Internet Files Folder When the Browser Is Closed check box. B. Use cross-site scripting. C. Use the disk defragmenter. D. Clear all cookies in the Advanced Privacy Settings dialog box.
A. Checkmark the Empty Temporary Internet Files Folder When the Browser Is Closed check box.
A uniform resource locator is a type of Uniform Resource Identifier (URI) that specifies where an identified resource is available. When a user attempts to go to a website, she notices the URL has change. Which attack is the most likely cause of the problem? A. DNS poisoning B. ARP poisoning C. DLL injection D. denial of service
A. DNS poisoning
A client contracts you to prevent users from accessing inappropriate websites. Which of the following technologies should you implement? A. Internet content filter B. honeypot C. NIDS D. IP proxy
A. Internet content filter
Which of the following will identify a smurf attack? A. NIDS B. gateway router C. firewall D. content filter
A. NIDS
Of the following, what is the best way to increase the security of Microsoft Outlook? A. Password protect .PST files. B. Update the browser C. Set macro security levels. D. Install the latest service pack on the network router
A. Password protect .PST files.
Which of the following can help to secure the BIOS of a computer? A. Use a case lock. B. Use a Windows boot-up password C. Configure a Microsoft Management Console admin password. D. Disable USB ports.
A. Use a case lock.
You have been instructed to install intrusion detection system that can protect a database server and the rest of the network. You cannot afford to use any more resources on the database server. You decide to implement a network intrusion detection system. Why is this superior to a host-based intrusion detection system? A. a HIDS can negatively impact system performance B. a HIDS cannot be updated C. a HIDS is not reliable when it comes to detecting attacks D. a HIDS can only viruses and not malware
A. a HIDS can negatively impact system performance
Which of the following is the first step in creating a security baseline? A. define a security policy B. perform vulnerability testing C. install software patches D. mitigate risk
A. define a security policy
What is a default rule found in a firewall's ACL? A. deny all B. permit all C. add address = 192.168.0.0 / 16 D. netsh advfirewall firewall
A. deny all
Which of the following should be performed on a computer to protect the OS from malicious software? A. disable unused services B. update HIPS signatures C. update NIDS signatures D. install a perimeter firewall
A. disable unused services
Which of the following is most often used to enable a client or a partner to access your network? A. extranet B. DMZ C. VLAN D. intranet
A. extranet
Which type of hacker has no affiliation with an organization yet will hack systems without malicious intent? A. gray hat B. blue hat C. white hat D. black hat
A. gray hat
Which of the following will stop network traffic when the traffic is not identified in the firewall ruleset? A. implicit deny B. explicit allow C. access control lists D. explicit deny
A. implicit deny
Some of the employees in your organization complain that they are receiving e-mail loaded with advertisements. What should you do? A. install anti-spam B. install antivirus C. install anti-spyware D. install a HIDS
A. install anti-spam
You are reviewing the logs of a host-based IDS. They show that a computer has been compromised by a botnet and is communicating with a master server. If you need to power the computer off, which of the following types of data will be unavailable? A. memory, system processes, and network processes B. system disk, e-mail, and log files C. swap files, system processes, and master boot record D. memory, archival storage, and temporary files
A. memory, system processes, and network processes
A customer has asked you to implement a solution to hide as much information about the internal structure of the network as possible. The customer also wants to minimize traffic with the Internet and does not want to increase security risks to the internal network. Which of the following solutions should you implement? A. proxy server B. protocol analyzer C. NIDS D. firewall
A. proxy server
You are the network administrator for your organization. You decide to implement whitelisting, blacklisting, and the closing of open relays. Which of the following threats are you attempting to mitigate? A. spam B. spyware C. viruses D. worms
A. spam
Which of the following is a type of packet filtering used by firewalls that retains memory of the packets that pass through the firewall? A. stateful packet inspection B. NAT filtering C. circuit level gateway D. stateless packet filter
A. stateful packet inspection
What is the primary purpose of network address translation? A. to hide internal hosts from the public network B. to convert IP addresses into domain names C. to cache web pages D. to hide the public network from internal hosts
A. to hide internal hosts from the public network
Which of the following defines the difference, if any between a Trojan horse and a worm? A. worms self-replicate but Trojan horses do not B. Trojan horses are malicious attacks, worms are not C. There is no difference, the two are the same D. Worms are sent via e-mail, Trojan horses are not
A. worms self-replicate but Trojan horses do not
What is one of the potential risks associated with WEP when that protocol is used to secure a WLAN? A. data emanation B. SSID broadcast C. weak encryption D. zero protection against war-driving attacks
C. weak encryption
Which of the following security threats can be updated remotely from a command center? A. worm B. spam C. zombie D. virus
C. zombie
A malicious computer is sending data frames with false hardware addresses to a switch. What is happening? A. MAC spoofing B. DNS poisoining C. pWWnspoofing D. ARP poisoning
D. ARP poisoning
Which tab in the Internet Options dialog box of Internet Explorer enables a person to make secure connections through a VPN? A. Advanced tab B. Content tab C. Programs tab D. Connections tab
D. Connections tab
Which of the following would a DMZ typically contain? A. user workstations B. customer account database C. SQL accounting server D. FTP server
D. FTP server
Of the following, which type of device attempts to server client requests without the user actually contacting the remote server? A. firewall B. IP proxy C. DMZ D. HTTP proxy
D. HTTP proxy
Which of the following security applications cannot proactively detect computer anomalies? A. antivirus software B. personal software firewall C. HIPS D. NIDS
D. NIDS
Which of the following would you most likely find in a buffer overflow attack? A. set flags B. IV length C. sequence numbers D. NOP instructions
D. NOP instructions
What kind of attack would a flood guard protect a network from? A. Xmas attack B. botnet C. MITM attack D. SYN attack
D. SYN attack
Which one of the following attacks misuses the transmission control protocol three way handshake process in an attempt to overload network servers so that authorized users are denied access to a network resources? A. man-in-the-middle attack B. smurf attack C. teardrop attack D. SYN attack
D. SYN attack
What is the best option to use to isolate an operating system? A. Host-based intrusion detection system B. Network-based intrusion detection system C. Antivirus software D. Virtualization software
D. Virtualization software
Which of the following is the best description of a security advantage when using a standardized server image? A. all current updates for the OS will already have been applied B. OS licensing will be easier to track C. all antivirus software will be current D. all mandated security configurations will already have been applied to the OS
D. all mandated security configurations will already have been applied to the OS
You have disabled all unnecessary services on a domain controller. What is this an example of? A. secure code review B. patch management strategy C. baselining D. application hardening
D. application hardening
Which of the following will a Faraday cage prevent usage of? A. USB flash drives B. uninterruptible power supplies C. wired keyboards D. cell telephones
D. cell telephones
You check the application log of your web server and see that someone attempted unsuccessfully to enter the text "test; etc/ passwd" into an HTML form field. Which attack was attempted? A. code injection B. SQL injection C. buffer overflow D. command injection
D. command injection
Which of the following threats is not associated with Bluetooth? A. discovery mode B. bluejacking C. bluesnarfing D. fraggle attack
D. fraggle attack
Which of the following permits a user to float a domain registration for a maximum of 5 days? A. domain hijacking B. domain spoofing C. DNS poisoning D. kiting
D. kiting
Which of the following would an antivirus program most likely NOT detect? A. virus B. worm C. Trojan D. logic bomb
D. logic bomb
Which of the following is a common symptom of spyware? A. infected files B. application freeze C. computer shuts down D. pop-up windows
D. pop-up windows
Which commands disable a service in the command line? A. net stop B. net start C. net disable D. sc config
D. sc config
You are attempting to apply corporate security settings to a workstation. Which of the following would be the best solution? A. service pack B. hotfix C. patch D. security template
D. security template
What is one way of discouraging bluesnarfing? A. configure the device to use a class C private network B. turn off the device C. use infrared D. set the device to undiscoverable
D. set the device to undiscoverable
Which of the following services uses port 49? A. file transfer protocol B. domain name service C. post office protocol v3 D. terminal access controller access control system plus
D. terminal access controller access control system plus
Virtualization is a broad term that includes the use of virtual machines and the extraction of computer resources. Which of the following is the best security reason for using virtualization of network servers? A. to add network services B. to analyze network traffic C. to centralize patch management D. to isolate network services and roles
D. to isolate network services and roles
Which of the following is often misused by spyware to collect and report a user's activities? A. persistent cookie B. session cookie C. web bug D. tracking cookie
D. tracking cookie
What is the best way to protect a VOIP PBX from man-in-the-middle attacks? A. place the VOIP server in the DMZ B. use an authentication scheme C. use encryption D. update the VOIP system
D. update the VOIP system
The IT director asks you to verify that the organization's virtualization technology is implemented securely. What should you take into consideration? A. subnet the network so that each virtual machine is on a different network segment B. verify that virtual machines are multihomed C. install a NIDS D. verify that virtual machines have the latest service packs and patches installed
D. verify that virtual machines have the latest service packs and patches installed
You get a call from what appears to be your bank. The caller asks you to state your name, birthday, and then enter your bank account number to validate your identity. What type of attack has been perpetuated against you? A. phishing B. spoofing C. pharming D. vishing
D. vishing
Which of the following is the best option to use to prevent spyware? A. personal software firewall B. whitelists C. antivirus software D. windows defender
D. windows defender
Comparing network activity to am established baseline.
How do anomaly - based monitoring methodologies identify potential incidents?
Comparing network activity to an established baseline
How do anomaly - based monitoring methodologies identify potential incidents?
Weak encryption
Potential risk associated with WEP when used with WLAN?
Use file servers attached to an NAS system. Lock file servers and NAS in a secure area.
Ways to protect data on your network. You should- provide easy backup, minimize risk of physical data theft, minimize the impact of failure of any one file server. What solution should you use?
It lets you minimize the attack surface relating to the application.
What is the advantage of using application virtualization?
1) configure personal software firewalls on all computers 2) install Antivirus software on all network computers
What is the best way to prepare a network to prevent a virus infection from spreading?
1) to ensure that clients are compliant before allowing network access. 2) to provide automatic remediation for unsecured computers
When would you implement NAC?
1) RA 2) CFL
Which component of PKI is necessary for a CA to know whether to accept or reject certificates from another CA?
Enable windows automatic updates
You are configuring a computer running windows server 2008 r for use as a network file server. You want to ensure that the most recent hot fixes have been applied to the computer. You want to minimize the effort necessary to maintain the solution. What should you do?
MAC
You are designing a secure application environment. You need to ensure that data is kept as secure as possible. You need to select the strictest access control model. What access control model should you use?
1) maintain appropriate humidity levels 2) provide an appropriate ambient temperature
You are determining environmental control requirements for a data center that will contain several computers. What is the role of an HVAC system in this environment?
Implement a key escrow arrangement.
You have deployed PKI within your ogranization. To meet legal requirements, you need to implement a way to provide decryption keys to a third party on an as-needed basis. What should you do?
Deploy one firewall
You need to connect your LAN to the Internet. The configuration needs to include a perimeter network. You need to keep hardware requirements to a minimum. What should you do?
Use RAID
You need to ensure that a critical server has minimal down time. You need to ensure data fault tolerance for the server. What should you do?
Protocol Analyzer
You suspect that an attacker is sending damaged packets into your network as a way to compromise your firewall. You need to collect as much information about the attacker as possible. What should you do?
Deploy a honeypot in the perimeter network
You suspect that someone is trying to gather information about your network. Your network is isolated from from the Internet by a perimeter network. You need to gather as much information about the attacker as possible. You want to prevent the attacker from knowing that the attempt has been detected. What should you do?
1)Rename the local default accounts 2) require strong passwords
Your network had servers that are configured as member servers in a Windows Active Directory domain. You need to minimize the risk of unauthorized persons logging on locally to the servers. The solution should have minimal impact on local management and administration and should not limit administrator acces. What should you do?
1) place users in OUs based on organizational roles. 2) assign users membership to security groups based on organizational roles.
Your network is configured as a Windows Active Directory Domains. Configure user acces to file folders that are shared to the network. Directory access is dependent upon a user's role in the organization. You need to keep the administrative overhead needed to manage access security to a minimum; be able to quickly modify a user's permissions and be able to assign a user more than one role. What should you do?
Configure a VLAN
Your organization has two groups that work with confidential projects. Membership in these group changes as project requirements change. For each group, access to and communications with the computers of the other users in the group must be managed. You need to be able to quickly reconfigure your network to control security and bandwidth usage between computers; be able to reconfigure the network quickly without having to physically relocate or reroute cables at the network patch panel. What should you do?
Which of the following technologies was originally designed to decrease broadcast traffic and reduce the likelihood of having information compromised by network sniffers? A. RADIUS B. firewall C. VLAN D. VPN
C. VLAN
You are the network administrator for your organization and are in charge of many server, including one web server. Which of the following is the best way to reduce vulnerabilities on your web server? A. block DNS on port 80 B. use a 24/7 packet sniffer C. apply updates and patches D. enable auditing and review log files
C. apply updates and patches
Which of the following does the "A" in CIA stand for when it comes to IT security? A. accountability B. assessment C. availability D. auditing
C. availability
Which command lists the hotfixes installed to Windows? A. systeminfo B. gpedit.msc C. cmd.exe D. sc config
C. cmd.exe
Which of the following web application security weaknesses can be mitigated by preventing the usage of HTML tags? A. LDAP injection B. SQL injection C. cross-site scripting D. rootkits
C. cross-site scripting
An attacker has identified and exploited several vulnerabilities in a closed-source application that your organization has developed. What did the attacker implement? A. secure code review B. compiling C. fuzzing D. vulnerability testing
C. fuzzing
Your company uses instant messaging between the central office and satellite offices. What is the most important security issues that you need to deal with when it comes to instant messaging? A. instant messaging has no or weak encryption B. instant messaging can adversely affect Internet bandwidth C. instant messaging program sessions are open and unprotected D. different instant messaging programs have no common protocol
C. instant messaging program sessions are open and unprotected
What kinds of attacks involve intercepting packets on the network and modifying them? A. spoofing B. null session C. man-in-the-middle attacks D. MAC flooding
C. man-in-the-middle attacks
E-mail servers can be maliciously exploited in many ways, for example spoofing e-mail messages. Which of the following is a common component that attackers would use to spoof e-mails? A. logic bomb B. session hijacking C. open relay D. web proxy
C. open relay
Which of the following enables an attacker to hide the presence of malicious code by altering registry entries? A. logic bomb B. worm C. rootkit D. Trojan
C. rootkit
You have written an application that is ready to go through the hardening process? Which of the following could be considered a hardening process of the SDLC? A. writing an HTML script B. disabling unnecessary services C. secure coding concepts D. application patching management schedule
C. secure coding concepts