Security+ - Final Exam
Which security standard is used to encrypt e-mails?
S/MIME
Which hashing algorithm uses a 160-bit hash value?
SHA
___________________ is a slang term for unwanted commercial e-mail.
SPAM
Which method of code breaking ties every possible combination of characters in an attempt to "guess" the password or key?
Brute Force
The __________ backup method is based on the philosophy that a full backup should occur at regular intervals, such as monthly or weekly?
GFS
Which "X" standard defines certificate formats and fields for public keys?
X.509
The process of making a computing environment more secure from attacks and intruders is known as ___________________________.
Hardening
PEAP was developed by a consortium including:
Cisco, Microsoft, and RSA Security
Which encryption algorithm is based on Rijndael?
AES
How many channels does the 802.11 standard define?
14
Which of the following is not an asymmetric encryption algorithm?
3DES
Computer room humidity should ideally be kept above ___________________ percent.
50
Which encryption/security measure, originally developed by Netscape, is used to establish a secure, lower-layer communication connection between two TCP/IP-based machines?
Secure Sockets Layer (SSL)
A ___________________is the term for an area in a building where access is individually monitored and controlled.
Security Zone
Which of the following is a type of attack that occurs when an attacker pretends to be a legitimate client, using information it has gained from a legitimate client (like its IP address)?
Spoofing
Which of the following is a method used with OCSP, which allows a web server to provide information on the validity of its own certificate rather than needing to go to the certificate vendor?
Stapling
What kind of cryptographic method replaces one character with another from a "match-up list" to produce the ciphertext? The decoder wheels kids get in cereal boxes often make this kind of cryptography.
Substitution Cipher
Which of the following is an internal threat?
System Failure
A simulation of a disaster is known as __________________.
Table-top exercise
Which fire extinguisher type is the best to be used on computer equipment in the case of a computer fire?
Type C
Your company has given you a laptop to use as you travel. What category does this laptop fall under?
UMTS
Which encryption algorithm uses a 40- to 128-bit key and is used on many products from Microsoft and IBM?
CAST
Which of the following uses multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they had intended to click on the top page?
Clickjacking
Individuals who specialize in the breaking of codes are known as ___________________.
Cryptanalysts
Which of the following is a hole created when code is executed with higher privileges than those of the user running it?
Escalation of Privilege
Which of the following is recommended for incident response teams?
Exercise responses to emergencies before they happen
A __________________ is a repair made while the system is being repaired remains in operation.
Hotfix
Which U.S. government agency publishes lists of known vulnerabilities in operating systems?
NIST
Which U.S. government agency is responsible for creating and breaking codes?
NSA
___________________ provide rules for expected behaviors to people in an organization.
Policies
In which of the following does the tester have significant knowledge of the system and simulates an attack from an insider?
White Box
Which of the following is not a component of Public Key Infrastructure (PKI)?
XA
Your company has given you a laptop to use as you travel. What category does this laptop fall under?
COPE
Which of the following is an attack where a program or service is placed on a server to bypass normal security procedures?
Back door
Which of the following will NOT contribute to network hardening?
Installing New Anti-Virus software on workstation
A ___________________ security device uses some biological characteristic of human beings to uniquely identify a person for authentication.
Biometric
Which of the following is used to refer to any sophisticated series of related attacks taking place over an extended period of time?
APT
The area of an application that is available to users (those who are authenticated as well as those who are not) is known as its:
Attack surface
Which document is used to propose a new standard?
RFC
Individuals who specialize in the making of codes are known as ___________________.
Cryptographers
Which of the following provides continuous online backup by using optical or tape jukeboxes?
HSM
A major organization in the tracking and reporting of common computer and network security problems is ___________________.
CERT
A ___________________ is used to provide EMI and RFI shielding for an entire room of computer or electronic equipment (also used to prevent eavesdropping).
Faraday cage
With which type of technology will allow a device to function only if it is within certain geographical locations?
Geofencing
You are the administrator of the xyz.com website. You are working when suddenly web server and network utilization spikes to 100% and stays there for several minutes and users start reporting "Server not available" errors. You may have been the victim of what kind of attack?
DoS
Which organization is tasked with developing standards for, and tries to improve, the Internet?
IEFT
___________________ is the first step in the incident response cycle.
Incident identification
How does a user obtain a message authentication code (MAC)?
It is derived from the message itself using an algorithm.
On the outer edge of physical security is the first barrier to entry. This barrier is known as a(n) ___________________.
Perimeter
Which method of cyrptography uses a sequence of photons to represent the encrypted data?
Quantum Cryptography
