Create New Article

Wiki Search

 
 
Google
Personal tools

Security+ Study Guide Review

From Proprofs

Security+ Study Guide Review

You are here: Home > Schools > Comptia > Security+ Certification > Wiki Home > Study Guide


Security+ Study Guide

Image:logoSmall.jpg

Table Of Contents

Contents

[edit section] Security+ Study Guide Review

We would like to wrap up some of the points that we’ve covered previously and introduce you to the kinds of questions that you will encounter on the real Security+ examination. Therefore, this review will feature questions that are sure to have you thinking; hopefully, you will be prepared from reading the guide to do well.

[edit section] Questions

1. Your manager asks you to implement a system that can filter out unwanted content, such as viruses and unproductive Internet content. The best way to accomplish this would be through a system that implements a:

a. Circuit-level gateway

b. Proxy server

c. Packet filtering firewall

d. DMZ host

e. Bastion host


2. Which of the following is the function of PGP?

a. Filter unwanted Internet traffic

b. Create a buffered security zone

c. Provide access control functionality

d. Boot a *Nix server that is not operational as the result of an attack

e. Provide message encryption services


3. How do mandatory access controls protect access to restricted resources?

a. Sensitivity labeling

b. User-level share permissions

c. Server-level share permissions

d. Role-oriented permissions

e. ACL lists


4. You notice a rapid increase in the number of ICMP requests coming from a single host. The requests are continuous and have been occurring for minutes. What kind of attack are you likely experiencing?

a. Ping flood

b. Smurf

c. Birthday

d. Buffer overflow

e. You are not experiencing an attack


5. Your company requires secure remote access through a terminal to a server. Which of the following would provide such secure access?

a. Telnet

b. SSH

c. FTP

d. SSL

e. Ethernet


6. Which of the following is an advantage of symmetric-key cryptography in comparison to asymmetric-key cryptography?

a. Symmetric keys are stronger than asymmetric keys

b. Symmetric key systems are more scalable than asymmetric systems

c. Symmetric key systems are faster than their asymmetric counterparts

d. Symmetric key systems can operate in more than layers of the OSI model than can asymmetric systems

e. None of the above


7. Which of the following is not a way that IDS systems are commonly classified?

a. Active

b. Passive

c. Latent

d. Knowledge-based

e. Behavior-based


8. Which of the following provides tunneling over the data-link layer?

a. IPSec

b. L2TP

c. PPP

d. PPTP

e. VPN


9. Which of the following authentication factors is considered the strongest?

a. Type 1

b. Type 2

c. Type 3

d. Type 4

e. Type 5


10. You setup a packet-filtering firewall that accepts or rejects traffic based on the IP address of the source. What kind of attack is this firewall specifically vulnerable to?

a. Buffer overflow

b. Man-in-the-Middle attack

c. Smurfing

d. Spoofing

e. Distributed denial of service


11. Your manager complains that he cannot remember his password. You have also lost your copy of the password, but the MD5 hash of the password is stored in the database. How can you use the MD5 hash to recover the password?

a. Decrypt the hash using a shared secret key

b. Decrypt the hash using a public encryption system

c. Encrypt the hash using a shared secret key

d. Encrypt the hash of the hash using a shared secret key

e. You cannot recover the password from the hash


12. Which of the following parts of the CIA triangle are effectively ensured by cryptography?

a. Confidentiality Only

b. Integrity Only

c. Accessibility Only

d. Accessibility and Integrity Only

e. Confidentiality and Integrity Only


13. Which of the following is not a parameter of a security association in IPSec?

a. SPI

b. Source IP Address

c. Destination IP Address

d. Security Protocol ID


14. Which of the following is not considered a physical security threat?

a. Fire

b. Water

c. Severe Weather

d. Electricity

e. Buffer Overflow


15. Which of the following is a layer-3 device that connects two dissimilar network segments?

a. Bridge

b. Switch

c. Hub

d. Router

e. Gateway

[edit section] Answers

1. A proxy server is the best way to filter content because it prevents a direct connection between a local and remote host and therefore can effectively filter incoming and outgoing traffic. Answer: B


2. PGP, which stands for “Pretty Good Privacy,” is used to provide message signing and encryption services. Answer: E


3. Mandatory is the key word in mandatory access control, which means that the sensitivity of information is determined at the top of the decision-making tree rather than up to the user’s discretion. To accomplish such a task, sensitivity labeling is necessary. Answer: A


4. Unusually large numbers of ICMP packets are usually employed in a ping flood attack. In this attack, the number of packets is supposed to be so great that the system is overwhelmed and succumbs to the attack, denying availability. Answer: A


5. Only SSH provides secure access through the Internet to a terminal. Telnet provides remote access over cleartext. Answer: B


6. While symmetric key systems can prove difficult to manage and are cumbersome for many users, they offer a greater degree of speed as fewer and less complex calculations are involved in the process. Answer: C


7. IDS systems are not classified by latency, as such a concept makes no sense in that context. Answer: C


8. L2TP stands for “Layer 2 Tunneling Protocol.” This should help you remember that L2TP indeed provides tunneling over Layer 2, or the Data Link layer of the OSI model. Answer: B


9. As Types 4 and 5 are fictitious types of authentication factors, we are left with a choice between Types 1, 2, and 3. Although Types 1 and 2 can offer strong factors, biometric identification (“what you are”) is usually considered the strongest, as it is difficult to impersonate a fingerprint. Answer: C


10. Because the firewall discerns traffic by IP address, the best way to circumvent this firewall would be to make it appear that your IP address is different than it really is. To do this, you would have to “spoof” your IP address. Answer: D


11. A hash, by definition, is a one-way function that encrypts a message for digesting. Therefore, it is impossible to actually “decrypt” the hash. Answer: E


12. Cryptography can both protect the contents of a message and ensure that a message remains the same as when it was sent. Therefore, cryptography can be used to ensure confidentiality and integrity. Availability, or the idea that systems should be available, is not ensured by cryptography. Answer: E


13. Because the destination IP address is not a security interest in IPSec transmissions, it is not included on the security association. Answer: C


14. A buffer overflow, while a serious threat to system stability, is a logical rather than a physical vulnerability. Answer: E


15. A router operates in the Network layer of the OSI model and is typically used to adjoin two dislike network segments together (and forward packets based on IP address). Answer: D

[edit section] Your Progress and Final Thoughts

If you scored between 0 and 7 questions correct, you need to study the entire guide again. Obviously, you are lacking in mulitple areas of the security+ examination and could therefore benefit from reading all of the subject areas in depth.


If you scored between 8 and 11 questions correct, you should take a close look at the subject areas of the questions that you missed and carefully re-read and review the lessons in the guide concerning those specific areas. If you took the exam today, you would probably not pass with this sort of score.


If you scored between 12 and 15 questions correct, great job! You should probably glance over some of the questions that you missed and the corresponding guide article, but you are most likely ready to move on to our cram sheet. If you took the exam today, you would likely pass it.


We wish you the best of luck in your pursuit of Security+ certification. Be sure to check out our Security+ Cram Sheet and take plenty of practice exams! We hope you do well.

<<                              Table Of Contents                               This is the last lesson in the guide.

Top 5 Contributors to this article

UsersArticle Contributions
james 4 contribs
Proprofs 3 contribs
Xeogin 1 contribs

 
   
Home  |  Site Map  |  Contact
Copyright © 2005-2014 ProProfs.com - Privacy & Terms