CompTIA A+ Certification Practice Test 15 (Exam 220-902)

Ace your homework & exams now with Quizwiz!

Zombie

A computer that has been compromised by a virus or Trojan horse that puts it under the remote control of an online hijacker is called: Honeypot Zombie Logic bomb Proxy

RFID badge

A type of identification badge that can be held within a certain distance of the reader to authenticate the holder is called: ID badge Smart card Security token RFID badge

Vulnerability that is present in already released software but unknown to the software developer

A zero-day attack exploits: New accounts Patched software Vulnerability that is present in already released software but unknown to the software developer Well known vulnerability

True

An attack against encrypted data that relies heavily on computing power in order to check all possible keys and passwords until the correct one is found is known as a brute-force attack. True or False

Spoofing Social engineering

An email sent from an unknown source disguised as the source known to the message receiver is an example of: (Select 2 answers) Spoofing Dictionary attack Trojan horse Brute forcing Social engineering Tailgating

Social engineering

An unauthorized practice of obtaining confidential information by manipulating people into disclosing sensitive data is known as: Zero-day attack MITM attack Social engineering Backdoor access

True

Authentication process can be based on different categories of authentication factors, including unique physical traits of each individual such as fingerprints ("something you are"), physical tokens such as smart cards ("something you have"), or user names and passwords ("something you know"). Additional factors might include geolocation ("somewhere you are"), or user-specific activity patterns, such as for example keyboard typing style ("something you do"). Multifactor authentication systems require implementation of authentication factors from two or more different categories. True or False

Shoulder surfing

In computer security, a situation in which an unauthorized person is able to view another user's display or keyboard to learn their password or other confidential information is known as: Spear phishing Tailgating Shoulder surfing Spoofing

Spear phishing

Phishing scams targeting a specific group of people are generally referred to as: Vishing Spear phishing Spoofing Whaling

True

Privacy filter (aka privacy screen) is a protective overlay placed on the computer screen that narrows the viewing angle so data is only visible directly in front of the monitor and cannot be seen by others nearby. Privacy filter is one of the countermeasures against shoulder surfing. True or False

True

The term "Mantrap" refers to a physical security access control system used to prevent unauthorized users from gaining access to restricted areas by following another person. An example mantrap could be a two-door entrance point connected to a guard station wherein a person entering mantrap from the outside remains locked inside until he/she provides authentication token required to unlock the inner door. True or False

Password length Password complexity

The two factors that are considered important for creating strong passwords are: Password length Minimum password age Password history Password complexity Maximum password age

Gaining unauthorized access to restricted areas by following another person

What is tailgating? Acquiring unauthorized access to confidential data Looking over someone's shoulder in order to get information Gaining unauthorized access to restricted areas by following another person Manipulating a user into disclosing confidential information

NAC

What type of security measure is in place when a client is denied access to the network due to an outdated antivirus software? NAS DMZ NAC NAT

SMTP

Which of the answers listed below refers to a network protocol used in the most common types of spoofing attacks? SMTP RDP SNMP Telnet

-User education -Strong authentication -Principle of least privilege -Patch/update management -Appropriate data destruction and disposal methods

Which of the following answers refer(s) to the implementation of best security practices in a corporate environment? (Select all that apply) User education Strong authentication Principle of least privilege Patch/update management Appropriate data destruction and disposal methods Virtualization support

Password and biometric scan

Which of the following examples meets the requirement of multifactor authentication? Password and biometric scan Username and PIN Smart card and identification badge Iris and fingerprint scan

Spear phishing Shoulder surfing Tailgating

Which of the following fall(s) into the category of social engineering attacks? (Select all that apply) MITM attack Spear phishing Dictionary attack Shoulder surfing Zero-day attack Tailgating

MITM

Which of the following is an example of active eavesdropping? Spoofing Zero-day attack Spear phishing MITM

Key fob Door lock Biometrics RFID badge

Which of the following prevention methods fall(s) into the category of physical security controls? (Select all that apply) Key fob Door lock Data Loss Prevention (DLP) Biometrics Access Control List (ACL) RFID badge Firewall

Cable locks

Which of the following provides physical security measure against laptop theft? Cable locks Trusted Platform Module (TPM) Geotracking LoJack for Laptops

Botnet

Which of the following terms is used to describe a collection of intermediary compromised systems under control of a hacker? Honeynet Botnet Intranet Malware

Dictionary attack

Which of the password attacks listed below takes advantage of a predefined list of words? Replay attack Birthday attack Dictionary attack Brute-force attack

Mantraps

Which of the security controls listed below is used to prevent tailgating? Hardware locks Mantraps Video surveillance EMI shielding

Shredder

Which of the tools listed below allows for secure disposal of physical documents? Shredder Hard drive sanitation Degaussing tool Recycle Bin


Related study sets

AP MacroEconomics: Practise Exam MC Questions

View Set

Ideology in law: Gordon and 'what is liberal legalism?'

View Set

the point chapter 53 renal/urinary function

View Set