Can You Pass This Difficult CompTIA Security+ Exam?

1. Backup is required only for electric power and not electronic data. T/F?

True

False

All precautions for networks are being taken to preserve network and data availability. Hence iti s mandatory that data be given maximum online and offline fault tolerance.

Explanation

All precautions for networks are being taken to preserve network and data availability. Hence iti s mandatory that data be given maximum online and offline fault tolerance.

2. Which of the following firewall policies is most restrictive?

Any any

Deny all

Permit all

None of the above

The �deny all� is the most restrictive statement that is implicitly defined in the fireall when no other statement is configured. This will get applied to all packets that do not match with the criteria mentioned in the list above the �deny all� statement.

Explanation

The �deny all� is the most restrictive statement that is implicitly defined in the fireall when no other statement is configured. This will get applied to all packets that do not match with the criteria mentioned in the list above the �deny all� statement.

3. Which of the following services when placed on the edge of the network, will provide security to the entire network?

Firewall

Router

Antivirus

None of the above

Router is a gateway and antivirus resides on all systems. Firewall is meant to safe guard the network from external attacks.

Explanation

Router is a gateway and antivirus resides on all systems. Firewall is meant to safe guard the network from external attacks.

4. Which of the following is necessary even after an employee has attended a security awareness program?

Ensure security update bulletins are distributed to all employees at regular intervals.

Assign a test score to the employee for the training attended

Ensure the employee goes through one more such training

None of the above

The security awareness program attended by the employee may provide security awareness up to that date only. Any improvements and up gradation in security awareness there after must reach all the staff in form of bulletins.

Explanation

The security awareness program attended by the employee may provide security awareness up to that date only. Any improvements and up gradation in security awareness there after must reach all the staff in form of bulletins.

5. Which of the following provide protection to the enterprise premises against attackers? Choose two

Burglar alarms

Bullet proof jackets

Surveillance systems

Public address systems

Burglar alarms and surveillance systems are an integral part of tracking and alerting authorities against intruders and attackers.

Explanation

Burglar alarms and surveillance systems are an integral part of tracking and alerting authorities against intruders and attackers.

Submit

6. If you wish to allow the external users access your Web server you must block port number 110. T/F?

True

False

If you wish to allow the external users access your Web server you must unblock port number 80.

Explanation

If you wish to allow the external users access your Web server you must unblock port number 80.

7. Which of the following can be termed as brute force attack?

Trying all combinations to break a code

Breaking into strong cryptography

Forcibly capturing all data being transmitted

None of the above

When a particular message has been encrypted using random combinations, a person who is capturing this message will have to try all combinations of deciphering possible to expose the original message. This is known as brute force attack.

Explanation

When a particular message has been encrypted using random combinations, a person who is capturing this message will have to try all combinations of deciphering possible to expose the original message. This is known as brute force attack.

8. Which part of the security policies must a user be aware of?

The applicable policies themselves and the effect caused by security breach

The person responsible for creating the policies.

The total number of policies that are there.

None of the above

It is very essential for every employee/user to know the relevant security policies and the effect of security breach.

Explanation

It is very essential for every employee/user to know the relevant security policies and the effect of security breach.

9. Which of the following is NOT a common type of social engineering attack?

Phishing

Pretexting

SQL injection

Baiting

SQL injection is a code injection technique used to attack data-driven applications. The other options are types of social engineering attacks:

Phishing uses deceptive emails or websites to trick individuals into revealing sensitive information.

Pretexting involves creating a false scenario to gain trust and obtain personal data.

Baiting offers something enticing to lure victims into a trap, like a malicious USB drive.

Explanation

SQL injection is a code injection technique used to attack data-driven applications. The other options are types of social engineering attacks:

Phishing uses deceptive emails or websites to trick individuals into revealing sensitive information.

Pretexting involves creating a false scenario to gain trust and obtain personal data.

Baiting offers something enticing to lure victims into a trap, like a malicious USB drive.

10. Cryptography without keys is more secure than cryptography with keys. T/F?

True

False

Cryptography without keys is not at all secure as the deciphering program will reside on the same media where the data or message is being received. In case of thest, the data can be stolen along with the deciphering program.

Explanation

Cryptography without keys is not at all secure as the deciphering program will reside on the same media where the data or message is being received. In case of thest, the data can be stolen along with the deciphering program.

11. Which of the following can affect productivity? Choose two

A sick employee on leave

Network resources being unavailable to users

Server crashes and no disaster recovery plan is in place

A whole department has been assigned to training

Network resources not being available means the user has to manage with available resource and hence use more time than required to complete a task. Server crashing and no DRP in place means excess of down time and this affecting the work of several employees. Both these situations can hamper productivity.

Explanation

Network resources not being available means the user has to manage with available resource and hence use more time than required to complete a task. Server crashing and no DRP in place means excess of down time and this affecting the work of several employees. Both these situations can hamper productivity.

Submit

12. Does NTFS provide file system security?

Yes

No

NTFS supports EFS (Encrypted File System) which allows data stored on a mass storage device to be saved in encrypted format.

Explanation

NTFS supports EFS (Encrypted File System) which allows data stored on a mass storage device to be saved in encrypted format.

13. Which of the following will allow you to take stock of sensitive data in the organization?

Scanning all floppies that are allowed into the network

Running scan disk on all drives

Auditing all servers for stored data

None of the above

By auditing all servers in the network for stored data, you can classify data as sensitive or non-sensitive. Auditing is the best process of taking stock of sensitive data in the network.

Explanation

By auditing all servers in the network for stored data, you can classify data as sensitive or non-sensitive. Auditing is the best process of taking stock of sensitive data in the network.

14. Which of the following port numbers is used by SMTP?

25

26

27

SMTP service uses port number 25.

Explanation

SMTP service uses port number 25.

15. Which of the following processes will allow you to ascertain organizational assets?

Auditing

Monitoring

Troubleshooting

None of the above

Auditing is an accounting process where in the organization assets and deficits will be accounted for.

Explanation

Auditing is an accounting process where in the organization assets and deficits will be accounted for.

16. Which of the following can be termed as the Denial of Service Attack?

A computer on your network has crashed

Your router is unable to find a destination outside of your network

Your Web server has gone into a loop trying to service a client request.

You keyboard is no longer responding.

DoS is a way of engaging a Web Server continuously in one specific task by outing it on a loop and ensuring it is unable to respond to any further requests.

Explanation

DoS is a way of engaging a Web Server continuously in one specific task by outing it on a loop and ensuring it is unable to respond to any further requests.

17. If you had to implement a foolproof method of establishing a User ID in your organization, which of the following would you choose? Choose the best answer.

Smart Card

Username/Password

Biometric

Credit Card

Biometric will authenticate or establish User ID depending on the physical attribute of the user. For ex: Finger print, hand scan or retina scan. Since these physical attributes are always physically attached to the person, there is no fear of any of these being lost or reaching wrong hands. Hence Biometric is the most secure form of authentication.

Explanation

Biometric will authenticate or establish User ID depending on the physical attribute of the user. For ex: Finger print, hand scan or retina scan. Since these physical attributes are always physically attached to the person, there is no fear of any of these being lost or reaching wrong hands. Hence Biometric is the most secure form of authentication.

18. When debugging an Operating system, a programmer would make use of a front door. T/F?

True

False

A programmer makes use of back doors in the program for the purpose of debugging or observing the performance of the program.

Explanation

A programmer makes use of back doors in the program for the purpose of debugging or observing the performance of the program.

19. Which of the following are encryption systems? Choose two.

RC5

Blowfish

MAC

ARP

RC5 and Blowfish are encryption systems. MAC is a type of hardware address. ARP is a protocol that resolves MAC address to IP address.

Explanation

RC5 and Blowfish are encryption systems. MAC is a type of hardware address. ARP is a protocol that resolves MAC address to IP address.

Submit

20. It is ideal that a network supports a specific encryption standard only. T/F?

True

False

Supporting only a specific encryption standard will make that network a closed network and will make it impossible to communicate with networks that follow flexibility in encryption.

Explanation

Supporting only a specific encryption standard will make that network a closed network and will make it impossible to communicate with networks that follow flexibility in encryption.

21. Which of the following statements about a Modem are true? Choose two.

It steps us AC voltage

It steps down DC voltage

It modulates and demodulates signals for the Computer and the telephone line.

It converts Analog signals to digital and vice versa.

As the name suggests the modem mainly modulates and demodulates signals. Seated (logically) between the telephone line and the PC, it is responsible for converting the analog signals of the telephone to the digital signals required by the PC and vice versa.

Explanation

As the name suggests the modem mainly modulates and demodulates signals. Seated (logically) between the telephone line and the PC, it is responsible for converting the analog signals of the telephone to the digital signals required by the PC and vice versa.

Submit

22. An authorized update is one way of securing the DNS server. T/F?

True

False

Authorizing the sender of the update and then checking for verification purpose is one way of securing the DNS server database and service availability.

Explanation

Authorizing the sender of the update and then checking for verification purpose is one way of securing the DNS server database and service availability.

23. Which of the following is true about Public/Private key pairs? Choose two.

They form an essential part of Website security

They are used by Certificate security system

They are a pair of clear text passwords

They are obsolete.

They forma an essential part of Web site security system, as it is the most convenient security system for Web sites considering that clients would be accessing the Web site over the public network. The Certificate security system uses the basic logic of Public/Private key pairs.

Explanation

They forma an essential part of Web site security system, as it is the most convenient security system for Web sites considering that clients would be accessing the Web site over the public network. The Certificate security system uses the basic logic of Public/Private key pairs.

Submit

24. The concept of public key cryptography was introduced by Diffie-Hellman. T/F?

True

False

The issues with key distribution faced by conventional encryption, was overcome by the Public-key cryptography concepts introduced by Diffie-Hellman.

Explanation

The issues with key distribution faced by conventional encryption, was overcome by the Public-key cryptography concepts introduced by Diffie-Hellman.

25. To prevent internal Web servers from being accessed you must block TCP port 20. T/F?

True

False

The port number 443 must also be blocked.

Explanation

The port number 443 must also be blocked.

26. Which of the following protocols help to gain MAC address of a PC on the network?

ARP

FTP

TFTP

DHCP

Address Resolution Protocol (ARP) of the IP protocol suite is responsible for obtaining MAC address of the PC whose IP address is available for communication.

Explanation

Address Resolution Protocol (ARP) of the IP protocol suite is responsible for obtaining MAC address of the PC whose IP address is available for communication.

27. Which of the following does the Biometrics use to establish user identity? Choose all that apply.

Finger prints

Retinal scan

Some times the DNA structure too to establish user Id

Biometrics is a technology used to establish user identity through unique physiological or behavioral characteristics. Fingerprints are one of the most widely recognized biometric identifiers. Each person's fingerprint pattern is unique, and allows for highly accurate and rapid identification. Retinal scans provides a high level of accuracy because the retinal pattern remains stable throughout a person's life. DNA-based identification is typically reserved for situations where the utmost accuracy is required, such as in forensic investigations or specialized security applications.

Explanation

Biometrics is a technology used to establish user identity through unique physiological or behavioral characteristics. Fingerprints are one of the most widely recognized biometric identifiers. Each person's fingerprint pattern is unique, and allows for highly accurate and rapid identification. Retinal scans provides a high level of accuracy because the retinal pattern remains stable throughout a person's life. DNA-based identification is typically reserved for situations where the utmost accuracy is required, such as in forensic investigations or specialized security applications.

Submit

28. Which of the following are an advantage and a disadvantage with clear text authentication?

Advantage is that it is easy to remember passwords

Advantage is that it is easy to implement

Disadvantage is that it is difficult to implement

Disadvantage is that it is not secure

Clear text authentication is very simple and easy to implement and verify. But a network that has implemented clear text security is not very secure as it is very easy to decipher clear text passwords.

Explanation

Clear text authentication is very simple and easy to implement and verify. But a network that has implemented clear text security is not very secure as it is very easy to decipher clear text passwords.

Submit

29. Which of the following protocols could a VPN make use of? Choose two.

PPTP

L2TP

HTTP

NNTP

A VPN tunnel requires tunneling protocols. L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol) are the only two relevant protocols that relate to VPN. HTTP and NNTP are services that are usually configured on a Web Server.

Explanation

A VPN tunnel requires tunneling protocols. L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol) are the only two relevant protocols that relate to VPN. HTTP and NNTP are services that are usually configured on a Web Server.

Submit

30. If you cannot afford a hot site, which of the following would be an alternate solution?

Warm site

Cold site

Luke warm site

None of the above

A warm site would provide all facilities other than computers. Hence the return time to business is usually more than t hat in hot site.

Explanation

A warm site would provide all facilities other than computers. Hence the return time to business is usually more than t hat in hot site.

31. Which of the following is essential for backing up burglar alarms and surveillance systems? Choose two

Burglar alarms are connected to the local police or security organization through telephone lines

Burglar alarms are connected to the local police or security organization being powered by an electric supply

None

Usually, burglar alarms are connected to the local police or security organization through telephone lines as well as being powered by electric supply. Hence it is important to backup telephone lines as well as power lines.

Explanation

Usually, burglar alarms are connected to the local police or security organization through telephone lines as well as being powered by electric supply. Hence it is important to backup telephone lines as well as power lines.

Submit

32. In case of fire, which o the following needs to be programmed to be put off instantly?

Electric supply

Air conditioner

Fire

None of the above

Leaving the electric supply on during fire can have disastrous effect on the site. T o avoid this, it is ideal that the electric supply be programmed to be put off with the usage of heat sensors.

Explanation

Leaving the electric supply on during fire can have disastrous effect on the site. T o avoid this, it is ideal that the electric supply be programmed to be put off with the usage of heat sensors.

33. Which of the following vulnerabilities could be a common error on the servers?

Virus database not being updated as per schedule

Forgetting to restart the server

Installing an incorrect version of an application

None of the above

Virus database not being updated as per schedule could be a common but serious error on the servers that gives rise to vulnerabilities.

Explanation

Virus database not being updated as per schedule could be a common but serious error on the servers that gives rise to vulnerabilities.

34. Stateful inspection firewall will operate on all the 7 layers of the OSI reference model. T/F?

True

False

Stateful Inspection firewall will not operate on all the & layers of OSI reference mode.

Explanation

Stateful Inspection firewall will not operate on all the & layers of OSI reference mode.

35. What is the requirement for cryptography? Choose two.

To avoid unauthorized access of information being stored

To avoid unauthorized access of network resources

To avoid unauthorized access of information being transmitted.

To avoid unauthorized access of network servers

Network resource access will have to be controlled through access permissions. Server access will have to be controlled through physical security to the server. Unauthorized access prevention of stored information or information being transmitted is the role of cryptography.

Explanation

Network resource access will have to be controlled through access permissions. Server access will have to be controlled through physical security to the server. Unauthorized access prevention of stored information or information being transmitted is the role of cryptography.

Submit

36. A digital signature is synonymous to which of the following?

Finger print

Hand written signature

Blood sample

None of the above

A digital signature is a mathematical scheme for verifying the authenticity and integrity of digital documents or messages. It is the electronic equivalent of a handwritten signature, providing assurance that the document or message originated from the claimed sender and has not been altered in transit.

Explanation

A digital signature is a mathematical scheme for verifying the authenticity and integrity of digital documents or messages. It is the electronic equivalent of a handwritten signature, providing assurance that the document or message originated from the claimed sender and has not been altered in transit.

37. If you have implemented a DHCP in your network and you would wish to secure this service so that no external user will be able to become a DHCP client, which of the following would you ensure?

Block port numbers 20 and 21 on the external interface for incoming connections

Block port numbers 20 and 21 on the internal interface.

Block port numbers 67 and 68 on the external interface for incoming connections

Block port numbers 67 and 68 on the internal interface

Blocking port numbers 67 and 68 on the external interface of the firewall for incoming connections will ensure that no external user will be able to access the internal DHCP server.

Explanation

Blocking port numbers 67 and 68 on the external interface of the firewall for incoming connections will ensure that no external user will be able to access the internal DHCP server.

38. When employing message digest, if data does get modified, which of the following will be the result of that modification?

The receiving end and the sending end will receive an alert notification

The resulting digest after data modification will contain a completely different value.

The messages will be dropped and retransmitted.

None of the above

When cryptography uses a hash function on plain text, a fixed length of data called the message digest is generated. This message digest helps to preserve the data integrity by generating a digest value when the data was originally transmitted. If during transmission the data gets modified, the message digest value that will be resulting will be a totally different value from the original one. This is usually verified at the receiving end before accepting and confirming the receipt of data.

Explanation

When cryptography uses a hash function on plain text, a fixed length of data called the message digest is generated. This message digest helps to preserve the data integrity by generating a digest value when the data was originally transmitted. If during transmission the data gets modified, the message digest value that will be resulting will be a totally different value from the original one. This is usually verified at the receiving end before accepting and confirming the receipt of data.

39. Differential cryptanalysis is nothing but pattern studying. T/F?

True

False

Differential Cryptanalysis is nothing but pattern studying. It chooses a pair of plain text with specific differences.

Explanation

Differential Cryptanalysis is nothing but pattern studying. It chooses a pair of plain text with specific differences.

40. RADIUS is abbreviation for Remote Access Data Inspection User Service. T/F?

True

False

RADIUS is abbreviation for Remote Access Dial In User Service.

Explanation

RADIUS is abbreviation for Remote Access Dial In User Service.

41. RSA is the encryption system used in cellular devices. T/F?

True

False

ECC is the encryption system used in cellular devices.

Explanation

ECC is the encryption system used in cellular devices.

42. Which of the following can be referred to as highly confidential data?

Intranet web site

Customer information

Budget related information

None of the above

Customer information is usually classified as highly confidential information. Budget related information is classified as confidential information.

Explanation

Customer information is usually classified as highly confidential information. Budget related information is classified as confidential information.

43. Surge protectors are meant to provide backup to electrical and electronic devices. T/F?

True

False

Power Supply Units provide backup power, whereas surge protectors solely shield devices from transient voltage spikes.

Explanation

Power Supply Units provide backup power, whereas surge protectors solely shield devices from transient voltage spikes.

44. You are configuring a VPN whose tunnel passes through the public network. You are concerned for the security as your VPN may be connecting across the globe to several networks operating on different platforms. Which of the following would be ideal to secure your VPN? Choose the best answer.

PPTP

IPSec

Kerberos

Certificate

Since the only protocol that supports cross platform communication is IP, the best way to implement security in this scenario would be through IPSec. PPTP is a tunneling protocol and does not relate to security. Kerberos is a LAN security protocol. Certificates can help in this scenario provided the access limitation is acceptable.

Explanation

Since the only protocol that supports cross platform communication is IP, the best way to implement security in this scenario would be through IPSec. PPTP is a tunneling protocol and does not relate to security. Kerberos is a LAN security protocol. Certificates can help in this scenario provided the access limitation is acceptable.

45. As per a company policy, which of the following personnel should be considered as insiders? Choose two.

Key employees

Contractors

Ex-employees

Vendors

Although as per certain company policies that provide granular clarity and specific information, even ex-employees are considered as insiders, by and large many corporates consider only key employees and contractors as insiders as they require some kind of an access to the company resources and in specific network resources.

Explanation

Although as per certain company policies that provide granular clarity and specific information, even ex-employees are considered as insiders, by and large many corporates consider only key employees and contractors as insiders as they require some kind of an access to the company resources and in specific network resources.

Submit

46. Cyphertext can be used for punch system locks. T/F?

True

False

Cypher locks can be used in punch lock systems and not Ciphertext. Cyphertext is an encryption scheme.

Explanation

Cypher locks can be used in punch lock systems and not Ciphertext. Cyphertext is an encryption scheme.

47. To allow access to a campus you would use Kerberos. T/F?

True

False

To allow access to a campus you would use smart cards.

Explanation

To allow access to a campus you would use smart cards.

48. While assigning access privilege using the DAC, which of the following will you be needing?

User database

Access Control list

Resource list

None of the above

The information of mapping users to their permissions for resource access would be available in the ACL.

Explanation

The information of mapping users to their permissions for resource access would be available in the ACL.

49. In symmetric-key encryption, one key will be used for encryption and another will be used for decryption to provide maximum security. T/F?

True

False

In symmetric-key encryption, one key will be used for encryption as well as decryption.

Explanation

In symmetric-key encryption, one key will be used for encryption as well as decryption.

50. Which of the following enhances the server available on the network? Choose the best answer

Server mirroring

Server clustering

PDC

None of the above

Server clustering is the ideal solution for enhancing file server availability on the network

Explanation

Server clustering is the ideal solution for enhancing file server availability on the network

51. Which of the following will not be available on a cold site?

Electricity

Networking

Space

None of the above

Cold site usually has electricity and space for furniture. Networking will have to be set up from scratch.

Explanation

Cold site usually has electricity and space for furniture. Networking will have to be set up from scratch.

52. Which of the following is a Wireless LAN susceptible to?

Loss of signal strength

Eavesdropping

Blackout

EMI

Wireless LANs are most susceptible to eavesdropping as the media here is dependent on frequency for transmission and reception. This makes the media very susceptible to overhearing or eavesdropping as well.

Explanation

Wireless LANs are most susceptible to eavesdropping as the media here is dependent on frequency for transmission and reception. This makes the media very susceptible to overhearing or eavesdropping as well.

53. Which of the following is the most common attack faced by the DES algorithm?

DoS

Brute force attack

Code attack

None of the above

Brute force attack is the most common attack faced by the DES algorithm

Explanation

Brute force attack is the most common attack faced by the DES algorithm

54. Which of the following will be compulsory tasks to run on Web servers of your network? Choose all that apply.

There are web sites that keep updating vulnerability information for different platforms.

Update virus definition files regularly.

None

There are web sites that keep updating vulnerability information for different platforms. It is ideal to constantly browse these sites and keep checking if it applicable for the platform and applications housed in your web server. Another mandatory task is to update virus definition files regularly.

Explanation

There are web sites that keep updating vulnerability information for different platforms. It is ideal to constantly browse these sites and keep checking if it applicable for the platform and applications housed in your web server. Another mandatory task is to update virus definition files regularly.

Submit

55. Which of the following can secure your internal server best, against external attacks? Choose all that apply.

Perform OS hardening by blocking all access to this server

Perform OS hardening by verify and terminating all un used service

Regularly check for unused usernames and disable or delete them.

Ensure you are running a vulnerability check on this server at regular intervals.

The best way to preserve an internal server from external attacks is to make sure there are no unnecessary services running on the server, no unused user names are existing in the user database, all vulnerabilities are being verified and monitored at required intervals.

Explanation

The best way to preserve an internal server from external attacks is to make sure there are no unnecessary services running on the server, no unused user names are existing in the user database, all vulnerabilities are being verified and monitored at required intervals.

Submit

56. Which of the following are key components in the Kerberos system? Choose two.

Ticket Granting Server (TGS)

Key Distribution Center (KDC)

Lightweight Directory Access Protocol (LDAP)

Single Sign-On (SSO)

Authentication Token Generator (ATG)

In the Kerberos authentication system, the key components include the Ticket Granting Server (TGS) and the Key Distribution Center (KDC). These components work together to provide secure authentication services. Options C, D, and E are not typically considered key components of the Kerberos system.

Explanation

In the Kerberos authentication system, the key components include the Ticket Granting Server (TGS) and the Key Distribution Center (KDC). These components work together to provide secure authentication services. Options C, D, and E are not typically considered key components of the Kerberos system.

Submit

57. The keys are measured by bytes. T/F?

True

False

Keys are measured by bits.

Explanation

Keys are measured by bits.

58. Which of the following is the most popular protocol that is used in dial-up connections?

SLIP

PPTP

POP3

PPP

SLIP and PPP are the only two protocols that can be used for dial-up connections. SLIP is now obsolete. PPTP is a tunneling protocol and POP3 is used for mail retrieval.

Explanation

SLIP and PPP are the only two protocols that can be used for dial-up connections. SLIP is now obsolete. PPTP is a tunneling protocol and POP3 is used for mail retrieval.

59. Which of the following are the two key-based algorithms?

Symmetric algorithm

Asymmetric algorithm

128-bit key algorithm

1024-bit key algorithm

There are two types of key-based algorithms. Depending on the key pair types they use, they can be categorized as symmetric or asymmetric algorithms.

Explanation

There are two types of key-based algorithms. Depending on the key pair types they use, they can be categorized as symmetric or asymmetric algorithms.

Submit

60. Which of the following statements about the SHA (Security Hash Algorithm) are true? Choose two.

SHA is a security hash algorithm that is used with encryption protocols

Its latest version is SHA-1

None

SHA is a security hash algorithm that is used with encryption protocols. Its latest version is SHA-1

Explanation

SHA is a security hash algorithm that is used with encryption protocols. Its latest version is SHA-1

Submit

61. Which of the following types of cryptography is possible? Choose two.

Cryptography with keys

Cryptography without keys

Cryptography before encryption

Cryptography without encryption

Cryptography without encryption and before encryption is not cryptography at all. Cryptography is possible with keys and without keys. When used without keys, it will be using simple or complex substitution.

Explanation

Cryptography without encryption and before encryption is not cryptography at all. Cryptography is possible with keys and without keys. When used without keys, it will be using simple or complex substitution.

Submit

62. Which of the following statements are true about the way data classification can be made? Choose two

It must be adhoc or informal

It may be adhoc or informal

The strategy usually involves a scheme that splits into different levels

The strategy usually involves a ten level scheme.

It is important to have a classification of data to ensure correct levels of security to the relevant type of data. Although it is possible to have informal methods to classify data, it is much methodical to employ a strategy to achieve the end result. The usual strategy employs a scheme that splits into different levels to classify data in the organization. The number of levels is usually dependent on the company needs and requirements or security.

Explanation

It is important to have a classification of data to ensure correct levels of security to the relevant type of data. Although it is possible to have informal methods to classify data, it is much methodical to employ a strategy to achieve the end result. The usual strategy employs a scheme that splits into different levels to classify data in the organization. The number of levels is usually dependent on the company needs and requirements or security.

Submit

63. Which of the following virus types can be transmitted via email? Choose two most common types that apply.

Worms

Trojan horse

Boot Record virus

EXE file virus

Usually email attachments are documents, pictures or zip files. EXE files are usually too large to be sent as mail attachments hence EXE file virus is not appropriate. Boot record virus is deposited into a system through floppy media and not via email.

Explanation

Usually email attachments are documents, pictures or zip files. EXE files are usually too large to be sent as mail attachments hence EXE file virus is not appropriate. Boot record virus is deposited into a system through floppy media and not via email.

Submit

64. Which of the following are capable of functioning as a Firewall? Choose two

Proxy

Router

PC

Switch

Proxy service as well as the Router is both capable of Network Address translation (NAT) which is the basic function of a firewall.

Explanation

Proxy service as well as the Router is both capable of Network Address translation (NAT) which is the basic function of a firewall.

Submit

65. When faced with an outgoing packet, which of the following header components would a firewall look at first?

Protocol information

Source address

Destination address

No of bytes in the header

The firewall will first look at the destination address.

Explanation

The firewall will first look at the destination address.

66. Which of the following is necessary when analyzing threats?

View the data in the history to analyze the pattern and frequency of an occurrence

Analyze if the threat is external or internal

Isolate people in the organization from whom you fear a threat

None of the above

View the data in the history and study any visible occurrences to analyze the pattern and frequency of its occurrence. This will allow you to be better prepared for risk management.

Explanation

View the data in the history and study any visible occurrences to analyze the pattern and frequency of its occurrence. This will allow you to be better prepared for risk management.

67. Which of the following will relates to how the external world can access internal network resources?

Network policy

Firewall policy

Access policy

None of the above

The access policy or the Service access policy will dictate to what extent the external users can access internal network resources or which of the internal resources will be totally inaccessible to the outside world.

Explanation

The access policy or the Service access policy will dictate to what extent the external users can access internal network resources or which of the internal resources will be totally inaccessible to the outside world.

68. Which of the following is true about providing security to database servers? Choose two.

Do not host a database server on the same server as your web server.

Do not host a database server on a server based system

Employ a three-tier model

Employ a centralized administration model.

It is always safe that you host a database server on a server resource internal to the network rather than on the same server as your Web server. A three-tier model ensures security to your database server as the database server cannot be directly accessed in this model. Centralized or distributed administration will not be a security concern here.

Explanation

It is always safe that you host a database server on a server resource internal to the network rather than on the same server as your Web server. A three-tier model ensures security to your database server as the database server cannot be directly accessed in this model. Centralized or distributed administration will not be a security concern here.

Submit

69. Which of the following is an ideal practice to ensure network resources safety? Choose three.

Rename guest accounts

Rename administrator accounts.

Ensure there is just one administrator account present.

Ensure the administrator account does not have a blank password

None of the above

It is not wise to have just one administrator account in case that administrator gets locked out. It is always safe to rename guest and administrator accounts renamed. Administrator passwords must be difficult to guess and should not be blank.

Explanation

It is not wise to have just one administrator account in case that administrator gets locked out. It is always safe to rename guest and administrator accounts renamed. Administrator passwords must be difficult to guess and should not be blank.

Submit

70. Which of the following is an essential configuration for email messages?

Content sensitivity action

Sender specific action

Receipt date specific action

None of the above

Content specific action will ensure that you can discard the mail that is containing sensitive or prohibited data.

Explanation

Content specific action will ensure that you can discard the mail that is containing sensitive or prohibited data.

71. To transfer emails between email servers of different domains you would require POP3 service. T/F?

True

False

To transfer mails between email servers of different domains you would require SMTP service.

Explanation

To transfer mails between email servers of different domains you would require SMTP service.

72. When a remote user is dialing-in to the network, which of the following servers would be challenging his request for authentication first? (Select all that apply)

RADIUS server would be challenging the users request first, the rest of the servers on the network

RADIUS server at a later stage when they receive a request for resource access from this dial-in or remote user

None

In the mentioned scenario, the RADIUS server would be challenging the user's request first, the rest of the servers on the network would then verify with this RADIUS server at a later stage when they receive a request for resource access from this dial-in or remote user.

Explanation

In the mentioned scenario, the RADIUS server would be challenging the user's request first, the rest of the servers on the network would then verify with this RADIUS server at a later stage when they receive a request for resource access from this dial-in or remote user.

Submit

73. Which of the following is an advantage of using conventional encryption?

It is the most secure

It is very fast

It is economical

None of the above

When conventional encryption is used for stored data rather than the data being transmitted, encryption and decryption process can be very fast.

Explanation

When conventional encryption is used for stored data rather than the data being transmitted, encryption and decryption process can be very fast.

74. The block size in RC5 can range from 0 to 255. Y/N?

Yes

No

The block size in RC5 can be 32-bit, 64-bit or 128-bit.

Explanation

The block size in RC5 can be 32-bit, 64-bit or 128-bit.

75. Which of the following is the best way to ensure that contact employees no longer use the network resources once their contract with the organization is over? Choose two

Ensure you create a separate group for contractors.

Ensure that you disable the account of the contractor who has completed contract

Ensure you assign permissions to individual contractor each time

Ensure you monitor the logged in users to forcibly log out a contract employee who has completed contract.

A separate group for contract employees will be a good idea as they are all similar in nature of the role and will require similar access to the network. Disabling an account of the contractor who has completed contract is a must as he will no longer be able to log in.

Explanation

A separate group for contract employees will be a good idea as they are all similar in nature of the role and will require similar access to the network. Disabling an account of the contractor who has completed contract is a must as he will no longer be able to log in.

Submit

76. To which layer do the following communicating devices belong? Switch, Ethernet Card.

Physical layer

Datalink layer

Network Layer

None of the above

The mentioned devices� purpose is media access. Media access is the responsibility of Layer 2 or the data link layer. Hence the devices belong to data link layer.

Explanation

The mentioned devices� purpose is media access. Media access is the responsibility of Layer 2 or the data link layer. Hence the devices belong to data link layer.

77. Which of the following communications use the 2.4 GHz frequency? Choose three.

The microwave operates

Blue-tooth

Wireless

The microwave operates on the 2.4 GHz range, which is why is it is necessary to place the Wireless 802.11b and g devices slightly apart from Microwave device when used in homes. Bluetooth, as well as Wireless 802.11b and g devices, operate on 2.4 GHz frequency.

Explanation

The microwave operates on the 2.4 GHz range, which is why is it is necessary to place the Wireless 802.11b and g devices slightly apart from Microwave device when used in homes. Bluetooth, as well as Wireless 802.11b and g devices, operate on 2.4 GHz frequency.

Submit

78. Which of the following is provided by IDEA? Choose two.

High level security

Complex implementation

Ease of implementation

Average security level

IDEA provides high level of security along with ease of implementation.

Explanation

IDEA provides high level of security along with ease of implementation.

Submit

79. You are planning on hosting an eCommerce Web server. You are intent on making the server secure against all external attacks possible. Which of the following would be the best way to test your server for its weaknesses? Choose the best answer.

Ping to the server

Simulate a DDoS attack on that server

Simulate a DoS attack on the server

Check if all the patches and required antivirus software has been loaded o the server.

Ping the server will only ensure if the connectivity is proper. Simulating a DoS attack could only test for a very few vulnerabilities on the server. DDoS (Distributed DoS) would test for more vulnerabilities on the server than the DoS would. Checking for patches and antivirus is just a precaution. It is not a process of testing for vulnerabilities.

Explanation

Ping the server will only ensure if the connectivity is proper. Simulating a DoS attack could only test for a very few vulnerabilities on the server. DDoS (Distributed DoS) would test for more vulnerabilities on the server than the DoS would. Checking for patches and antivirus is just a precaution. It is not a process of testing for vulnerabilities.

80. Which of the following statements regarding Infrared communication is true? Choose three.

It requires line of sight

It requires the same radio frequency at the transmitting and receiving end.

It is least secure.

Interception is possible if the tapping devices is also in the line of sight

Interception is possible if the tapping device is also tuned to the same radio frequency as the main communicating devices.

Infrared and Radio frequency are two different communication media. The Infrared communication requires line of sight. If the device that intends interception is placed in the line of sight as the main devices then interception will be very easy. This mode of communication is least secure.

Explanation

Infrared and Radio frequency are two different communication media. The Infrared communication requires line of sight. If the device that intends interception is placed in the line of sight as the main devices then interception will be very easy. This mode of communication is least secure.

Submit

81. Which of the following is responsible for key issues relating to the security of inter-bank communications?

IETF

ISI

NSA

ABA

ABA concerns itself with key issues in providing security to financial transaction/communication between banks.

Explanation

ABA concerns itself with key issues in providing security to financial transaction/communication between banks.

82. Which of the following backup is the most time consuming to restore during a server crash?

Differential backup

Incremental backup

Full backup

None of the above

Incremental backups take the fastest to perform in comparison with full and differential backups, but are the longest to restore

Explanation

Incremental backups take the fastest to perform in comparison with full and differential backups, but are the longest to restore

83. Which of the following is required by the cipher when it is important to maintain a message as a secret?

Generate one cipher text for that message

Generate at least 5 cipher text for that message

Generate several cipher text.

None of the above.

To keep a message a secret it is required that the cipher must be able to generate several cipher text.

Explanation

To keep a message a secret it is required that the cipher must be able to generate several cipher text.

84. Which of the following about the Stateful inspection firewall is true? Choose two.

It maintains a state table

It maintains a routing table

It functions on the network layer

It functions on the application layer.

The Stateful inspection firewall, monitors connection status based on the state table. It functions on the network layer and monitors connection status for the entire network.

Explanation

The Stateful inspection firewall, monitors connection status based on the state table. It functions on the network layer and monitors connection status for the entire network.

Submit

85. Which of the following best describes Ron's Code 2? (Select all that apply)

RC2 or Ron's code 2 is a 64-bit block cipher.

It was devised by Ron Rivest.

None

RC2 or Ron's code 2 is a 64-bit block cipher. It was devised by Ron Rivest.

Explanation

RC2 or Ron's code 2 is a 64-bit block cipher. It was devised by Ron Rivest.

Submit

86. Which of the following statements relating to the MAC model is true? Choose two.

MAC uses static mapping or predefined access privileges

MAC cannot allow dynamic sharing of resources

MAC uses ACL to assign privileges

MAC allows dynamic sharing of resources

MAC uses a static or predefined set of access privileges and hence cannot allow dynamic sharing of resources.

Explanation

MAC uses a static or predefined set of access privileges and hence cannot allow dynamic sharing of resources.

Submit

87. Which of the following is true about a token system? Choose all that apply.

A token is generated when a user has been successfully authenticated

This token is attached to the users session and will be destroyed once the session is terminated

This token is attached to the users session and will be destroyed after the user has logged out

A token is generated when a user has been successfully authenticated. This token is attached to the users� session and will be destroyed once the session is terminated or after the user has logged out. This token will contain user access permission assigned on the network resources for that user.

Explanation

A token is generated when a user has been successfully authenticated. This token is attached to the users� session and will be destroyed once the session is terminated or after the user has logged out. This token will contain user access permission assigned on the network resources for that user.

Submit

88. Which of the following will be required to perform Cryptanalysis? Choose three.

Mathematical tools

Analytical reasoning

Pattern finding

Mathematical reasoning

Advanced calculators

Cryptanalysis is a process of studying the pattern of secure communication and breaking it. It involves complex combination such as patience and determination combined with skills of pattern finding, mathematical tools and analytical reasoning.

Explanation

Cryptanalysis is a process of studying the pattern of secure communication and breaking it. It involves complex combination such as patience and determination combined with skills of pattern finding, mathematical tools and analytical reasoning.

Submit

89. You are the system administrator for your organization. You are responsible for access privilege for which of the following control systems?

Mandatory Access Control

Discretionary Access Control

Role Based Access Control

Any of the above

System administrator is responsible for access control in the MAC model. The owner of the organization will be responsible for DAC. The RBAC is dependent on the role played by the user in the organization.

Explanation

System administrator is responsible for access control in the MAC model. The owner of the organization will be responsible for DAC. The RBAC is dependent on the role played by the user in the organization.

90. It is ideal for any organization to employ an encryption scheme that can address its entire organizations data security either stores or transmitted. T/F?

True

False

No one encryption scheme can handle the security required by an entire organization. It will usually be a combination of two or more.

Explanation

No one encryption scheme can handle the security required by an entire organization. It will usually be a combination of two or more.

91. When configuring antivirus for email, which of the following configurations must be applied? Choose two.

Scan before downloading

Scan before sending

Scan before opening

Scan after receiving

Scan before downloading will ensure the message that is infected will be deleted before actually downloading to the hard disk. Scan before sending will ensure that you are not inadvertently transmitting a virus along with the message tot the destination email Id.

Explanation

Scan before downloading will ensure the message that is infected will be deleted before actually downloading to the hard disk. Scan before sending will ensure that you are not inadvertently transmitting a virus along with the message tot the destination email Id.

Submit

92. Certificates are best used in which of the following scenarios? Choose all that apply.

LAN authentication

Accessing Web sites

Dial-Up connections

Intranet login

LAN login will be secure if the network policies in the organization follow book rules. It will not require certificates. Certificates are best used during WAN access. For ex: when using web sites that require you to provide confidential information about yourself, or when you are logging in to the Intranet, from an unknown location. The Dial-up connection in itself does not require any authentication except with the service provider.

Explanation

LAN login will be secure if the network policies in the organization follow book rules. It will not require certificates. Certificates are best used during WAN access. For ex: when using web sites that require you to provide confidential information about yourself, or when you are logging in to the Intranet, from an unknown location. The Dial-up connection in itself does not require any authentication except with the service provider.

Submit

93. If you wish to block FTP access to your Web server, which of the following Firewall types should you consider?

Stateful Inspection

Port filtering

Packet filtering

Application filtering

Application filtering firewalls operate at the application layer of the OSI model and can block specific applications or protocols, such as FTP. They can identify and block FTP traffic based on its characteristics, such as port numbers, commands, and data patterns.

Explanation

Application filtering firewalls operate at the application layer of the OSI model and can block specific applications or protocols, such as FTP. They can identify and block FTP traffic based on its characteristics, such as port numbers, commands, and data patterns.

94. Which of the following is NOT a common type of social engineering attack?

Phishing

Pretexting

Baiting

Cross-site scripting

Cross-site scripting (XSS) is a web security vulnerability, not a social engineering tactic. Social engineering manipulates people to gain unauthorized access or information. Phishing uses deceptive emails or websites, pretexting involves creating a false scenario, and baiting offers tempting lures to hook victims.

Explanation

Cross-site scripting (XSS) is a web security vulnerability, not a social engineering tactic. Social engineering manipulates people to gain unauthorized access or information. Phishing uses deceptive emails or websites, pretexting involves creating a false scenario, and baiting offers tempting lures to hook victims.

95. L2TP can work over which of the following networks? Choose all appropriate answers.

IP

IPX

SNA

None of the above

L2TP (Layer 2 Tunneling Protocol) was created by Cisco as well as Microsoft. It is meant to function over IP, IPX and SNA networks.

Explanation

L2TP (Layer 2 Tunneling Protocol) was created by Cisco as well as Microsoft. It is meant to function over IP, IPX and SNA networks.

Submit

96. Which of the following statements about Public Key Cryptography are true? Choose two.

You do not need an existing security setup

Public key can only encrypt and private key can only decrypt.

Public key can encrypt as well as decrypt, private key can only decrypt

None of the above

The implementation of Public key cryptography does not need any existing security measure to be implemented. Public key can only encrypt and Private key can only decrypt.

Explanation

The implementation of Public key cryptography does not need any existing security measure to be implemented. Public key can only encrypt and Private key can only decrypt.

Submit

97. Which of the following statements about an email server is/are true? Choose only answer(s) that apply

Verifies if destination domain is self or not before transmitting a mail

Verifies if recipient is from local domain or not before receiving an email

Verifies if email is infected or not

None of the above

Before transmitting any email, the mail server is bound to verify the domain in the destination address of the email to see if it the domain name is self or not before it actually sends the mail out. Before receiving any email its primary security function is to ensure that the email is not infected. In case of the email being infected it is supposed to be discarded.

Explanation

Before transmitting any email, the mail server is bound to verify the domain in the destination address of the email to see if it the domain name is self or not before it actually sends the mail out. Before receiving any email its primary security function is to ensure that the email is not infected. In case of the email being infected it is supposed to be discarded.

Submit

98. Which of the following would help with dedicated authentication to dial-in clients? (Select all that apply)

TACACS (Terminal Access Controller Access Control System)

RADIUS

IAS (Internet Authentication Server)

TACACS (Terminal Access Controller Access Control System), RADIUS are both dedicated authenticating services for dial-in users. IAS (Internet Authentication Server) is not ideally meant for this purpose.

Explanation

TACACS (Terminal Access Controller Access Control System), RADIUS are both dedicated authenticating services for dial-in users. IAS (Internet Authentication Server) is not ideally meant for this purpose.

Submit

99. Which of the following is an ideal location for storing the backup? (select all that apply)

Offsite location

Within the main site

In the same city as head office

None of the above

Any off site location is good. Within the vicinity of the site will ensure that data backup is safe in case of fire and is also available at short notice when required to restore. In general, Budget and security concerns should dictate distance, as far away location will protect against natural disasters that may effect the city/neighbrohood.

Explanation

Any off site location is good. Within the vicinity of the site will ensure that data backup is safe in case of fire and is also available at short notice when required to restore. In general, Budget and security concerns should dictate distance, as far away location will protect against natural disasters that may effect the city/neighbrohood.

Submit

100. Which of the following does NOT happen during a CHAP authentication? Choose all that apply

The server issues password to any body requesting for it.

The server poses the challenge for the password request.

The server requests for the password.

The server expects a clear text password initially.

Whenever a user requests login, the Server poses a challenge and then the user provides the requested password and then the server will decide based on the credentials if it should authorize the user or not. This is what is referred to as three-way handshake.

Explanation

Whenever a user requests login, the Server poses a challenge and then the user provides the requested password and then the server will decide based on the credentials if it should authorize the user or not. This is what is referred to as three-way handshake.

Submit