CompTIA Security+ Part 2

Approved & Edited by ProProfs Editorial Team

The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.

Learn about Our Editorial Process

| By Semarley

Semarley

Community Contributor

Quizzes Created: 4 | Total Attempts: 1,801

Questions: 100 | Attempts: 394 | Updated: Mar 20, 2023

Quiz Flashcard

Questions

Feedback

During the Quiz End of Quiz

This COMPTIA Security+ part 2 quiz assesses knowledge on network security practices, including war driving, the implicit deny concept, antivirus updates, password security, spam prevention, and intrusion detection. It is designed for learners aiming to enhance their cybersecurity skills.

Questions and Answers

1.

Which of the following BEST describes the term war driving?
- A.
  
  Driving from point to point with a laptop and an antenna to find unsecured wireless access points
- B.
  
  Driving from point to point with a wireless scanner to read other users emails through the access point
- C.
  
  Driving from point to point with a wireless network card and hijacking into unsecured wireless access points
- D.
  
  Driving from point to point with a wireless scanner to use unsecured access points
Correct Answer
A. Driving from point to point with a laptop and an antenna to find unsecured wireless access points

Explanation
War driving refers to the act of driving around with a laptop and an antenna to locate unsecured wireless access points. This activity is typically done to identify vulnerable networks that can be exploited for unauthorized access or malicious activities. By driving from point to point and scanning for unsecured access points, individuals can potentially gain unauthorized access to these networks and exploit them for their own purposes.

Rate this question:
2.

Which of the following statements BEST describes the implicit deny concept?
- A.
  
  Blocks everything and only allows privileges based on job description
- B.
  
  Blocks everything and only allows explicitly granted permissions
- C.
  
  Blocks everything and only allows the minimal required privileges
- D.
  
  Blocks everything and allows the maximum level of permissions
Correct Answer
B. Blocks everything and only allows explicitly granted permissions

Explanation
The implicit deny concept refers to the practice of blocking all access to a resource or system by default, and only allowing access to specific individuals or groups who have been explicitly granted permissions. This ensures that only authorized users are able to access the resource, reducing the risk of unauthorized access or misuse.

Rate this question:
3.

When is the BEST time to update antivirus definitions?
- A.
  
  At least once a week as part of the system maintenance
- B.
  
  As the definitions become available from the vendor
- C.
  
  When a new virus is discovered on the system
- D.
  
  When an attack occurs on the network
Correct Answer
B. As the definitions become available from the vendor

Explanation
The best time to update antivirus definitions is when they become available from the vendor. Antivirus definitions are files that contain information about known viruses, allowing the antivirus software to detect and remove them. As new viruses are constantly being developed, antivirus vendors regularly release updated definitions to protect against these new threats. By updating the antivirus definitions as soon as they become available, users can ensure that their antivirus software is equipped to detect and remove the latest viruses, providing optimal protection for their systems.

Rate this question:
4.

Why would a technician use a password cracker?
- A.
  
  To look for weak passwords on the network
- B.
  
  To change a users passwords when they leave the company
- C.
  
  To enforce password complexity requirements
- D.
  
  To change users passwords if they have forgotten them
Correct Answer
A. To look for weak passwords on the network

Explanation
A technician may use a password cracker to identify weak passwords on the network. By using this tool, the technician can test the strength of passwords and identify any vulnerabilities that could potentially be exploited by unauthorized individuals. This proactive approach helps in strengthening the overall security of the network by identifying and rectifying weak passwords before they can be compromised.

Rate this question:
5.

Users on a network report that they are receiving unsolicited emails from an email address that does not change. Which of the following steps should be taken to stop this from occurring?
- A.
  
  Configure a rule in each users router and restart the router
- B.
  
  Configure rules on the users host and restart the host
- C.
  
  Install an anti-spam filter on the domain mail servers and filter the email address
- D.
  
  Install an ACL on the firewall to block traffic from the sender and filter the IP address
Correct Answer
C. Install an anti-spam filter on the domain mail servers and filter the email address

Explanation
Installing an anti-spam filter on the domain mail servers and filtering the email address is the correct solution to stop receiving unsolicited emails from a fixed email address. This solution addresses the issue at the server level, where the emails are being received. By implementing an anti-spam filter, the server can identify and block unwanted emails, while filtering the specific email address ensures that any emails originating from that address are blocked. This approach is more effective than configuring rules on individual routers or hosts, as it provides centralized protection for all users on the network. Additionally, installing an ACL on the firewall to block traffic from the sender and filter the IP address may not be as effective, as the spammer may change their IP address or use different methods to send the emails.

Rate this question:
6.

Which of the following is a true statement with regards to a NIDS?
- A.
  
  A NIDS monitors and analyzes network traffic for possible intrusions
- B.
  
  A NIDS is installed on the proxy server
- C.
  
  A NIDS prevents certain types of traffic from entering a network
- D.
  
  A NIDS is normally installed on the email server
Correct Answer
A. A NIDS monitors and analyzes network traffic for possible intrusions

Explanation
A NIDS (Network Intrusion Detection System) is designed to monitor and analyze network traffic in order to detect and identify possible intrusions or malicious activities. It is not installed on a proxy server or an email server, as mentioned in the other options. Instead, a NIDS is typically deployed at strategic points within a network to passively monitor traffic and generate alerts or take actions when suspicious activity is detected. Therefore, the correct answer is that a NIDS monitors and analyzes network traffic for possible intrusions.

Rate this question:
7.

A technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which of the following will help determine the amount of CPU cycles that are being consumed?
- A.
  
  Install HIDS to determine the CPU usage
- B.
  
  Run performance monitor to evaluate the CPU usage
- C.
  
  Install malware scanning software
- D.
  
  Use a protocol analyzer to find the cause of the traffic
Correct Answer
B. Run performance monitor to evaluate the CPU usage

Explanation
Running a performance monitor will help determine the amount of CPU cycles that are being consumed. A performance monitor collects and analyzes data about the system's performance, including CPU usage. By monitoring the CPU usage, the technician can identify if a piece of malware is consuming excessive CPU cycles, which can cause the system to slow down. This will help the technician confirm their suspicion and take appropriate action to remove the malware and improve system performance.

Rate this question:
8.

Which of the following are characteristics of a hash function? (Select TWO)
- A.
  
  One-way
- B.
  
  Encrypts a connection
- C.
  
  Ensures data can be easily decrypted
- D.
  
  Fixed length output
- E.
  
  Requires a key
Correct Answer(s)
A. One-way
D. Fixed length output

Explanation
A hash function is a mathematical function that takes an input (or "message") and produces a fixed-size string of characters, which is the hash value. The hash value is unique to the input data, meaning that even a small change in the input will result in a significantly different hash value. This property makes hash functions one-way, as it is computationally infeasible to reverse-engineer the original input from the hash value. Additionally, a hash function always produces a fixed-length output, regardless of the size of the input. Therefore, the characteristics of a hash function are being one-way and having a fixed length output.

Rate this question:
9.

Which of the following is the MOST secure alternative for administrative access to a router?
- A.
  
  SSH
- B.
  
  Telnet
- C.
  
  Rlogin
- D.
  
  HTTP
Correct Answer
A. SSH

Explanation
SSH (Secure Shell) is the most secure alternative for administrative access to a router. Unlike Telnet, rlogin, and HTTP, SSH provides encryption and secure communication between the client and the server. This ensures that sensitive data, such as login credentials and configuration information, are protected from being intercepted or tampered with by attackers. SSH also supports strong authentication methods, such as public-key cryptography, further enhancing the security of administrative access to the router.

Rate this question:
10.

Which of the following might an attacker resort to in order to recover discarded company documents?
- A.
  
  Phishing
- B.
  
  Insider theft
- C.
  
  Dumpster diving
- D.
  
  Shoulder surfing
Correct Answer
C. Dumpster diving

Explanation
Dumpster diving refers to the act of searching through trash or recycling bins to find valuable information or discarded documents. In the context of the question, an attacker may resort to dumpster diving to recover discarded company documents. This method allows them to obtain sensitive information without directly hacking into systems or using advanced techniques. By physically searching through the trash, the attacker can potentially find documents that contain valuable data or insights about the company, which they can then exploit for malicious purposes.

Rate this question:
11.

Which of the following creates a security buffer zone between two rooms?
- A.
  
  Mantrap
- B.
  
  DMZ
- C.
  
  Turnstile
- D.
  
  Anti-pass back
Correct Answer
A. Mantrap

Explanation
A mantrap creates a security buffer zone between two rooms. A mantrap is a physical access control system that consists of two interlocking doors or gates. It allows only one person to enter or exit at a time, ensuring that unauthorized individuals cannot gain access to the secure area. This creates a buffer zone between the two rooms, preventing unauthorized access and enhancing security.

Rate this question:
12.

Which of the following tools would be used to review network traffic for clear text passwords?
- A.
  
  Port scanner
- B.
  
  Protocol Analyzer
- C.
  
  Firewall
- D.
  
  Password cracker
Correct Answer
B. Protocol Analyzer

Explanation
A protocol analyzer is used to review network traffic and analyze the data packets being transmitted. It captures and decodes the packets, allowing the user to inspect the contents of the network traffic. In the context of reviewing network traffic for clear text passwords, a protocol analyzer would be able to identify any packets containing passwords that are transmitted without encryption, making it the correct tool for this task. A port scanner is used to identify open ports on a network, a firewall is used to monitor and control network traffic, and a password cracker is used to guess or recover passwords.

Rate this question:
13.

Kerberos uses which of the following trusted entities to issue tickets?
- A.
  
  Ticket Granting System
- B.
  
  Certificate Authority
- C.
  
  Internet Key Exchange
- D.
  
  Key Distribution Center
Correct Answer
D. Key Distribution Center

Explanation
Kerberos uses the Key Distribution Center (KDC) to issue tickets. The KDC is a trusted entity that acts as a centralized authentication server in a Kerberos-based system. It consists of two components: the Authentication Server (AS) and the Ticket Granting Server (TGS). The AS is responsible for authenticating users and issuing initial tickets, while the TGS is responsible for issuing service tickets. The KDC uses encryption and mutual authentication to ensure the security of the ticket issuance process.

Rate this question:
14.

Which of the following specifies a set of consistent requirements for a workstation or server?
- A.
  
  Vulnerability assessment
- B.
  
  Imaging software
- C.
  
  Patch management
- D.
  
  Configuration baseline
Correct Answer
D. Configuration baseline

Explanation
A configuration baseline refers to a set of consistent requirements for a workstation or server. It outlines the desired state of the system, including settings, software versions, and security measures. By establishing a configuration baseline, organizations can ensure that all systems are configured correctly and consistently, reducing the risk of vulnerabilities or inconsistencies. This helps in maintaining the desired level of security and performance across the network.

Rate this question:
15.

A companys website allows customers to search for a product and display the current price and quantity available of each product from the production database. Which of the following would invalidate an SQL injection attack launched from the lookup field at the web server level?
- A.
  
  Security template
- B.
  
  Buffer overflow protection
- C.
  
  NIPS
- D.
  
  Input validation
Correct Answer
D. Input validation

Explanation
Input validation would invalidate an SQL injection attack launched from the lookup field at the web server level because it ensures that the input provided by the user is checked and validated before it is used in any database queries. This helps to prevent malicious SQL code from being injected into the query and executed on the database. By validating the input, the website can ensure that only safe and expected values are used in the query, thereby protecting against SQL injection attacks.

Rate this question:
16.

Which of the following virtual machine components monitors and manages the various virtual instances?
- A.
  
  VMOS
- B.
  
  VCPU
- C.
  
  Hypervisor
- D.
  
  Virtual supervisor
Correct Answer
C. Hypervisor

Explanation
The correct answer is "Hypervisor". A hypervisor is a software or hardware component that monitors and manages the various virtual instances, also known as virtual machines (VMs). It is responsible for creating, running, and managing multiple VMs on a single physical server, allowing for efficient resource allocation and isolation between VMs. The hypervisor provides a layer of abstraction between the physical hardware and the VMs, enabling the virtualization of resources and facilitating the management of the virtual environment.

Rate this question:
17.

A smurf attack is an example of which of the following threats?
- A.
  
  ARP poisoning
- B.
  
  DoS
- C.
  
  TCP/IP Hijacking
- D.
  
  Man-in-the-Middle
Correct Answer
B. DoS

Explanation
A smurf attack is a type of Denial of Service (DoS) attack. In a smurf attack, the attacker sends a large number of ICMP echo request packets to an IP broadcast address, with the source address spoofed to be the victim's IP address. This causes all the hosts on the network to reply to the victim's IP address, overwhelming it with traffic and causing it to become inaccessible to legitimate users. Therefore, the correct answer is DoS.

Rate this question:
18.

Which of the following is the BEST tool for allowing users to go to approved business-related websites only?
- A.
  
  Internet content filter
- B.
  
  Firewall
- C.
  
  ACL
- D.
  
  Caching server
Correct Answer
A. Internet content filter

Explanation
An internet content filter is the best tool for allowing users to go to approved business-related websites only. It helps in blocking or restricting access to certain websites based on predefined rules and policies. This tool allows organizations to filter and control the content that employees can access, ensuring that they are limited to approved websites that are relevant to their work. By using an internet content filter, businesses can enhance productivity, prevent unauthorized access to inappropriate or non-business-related websites, and protect their network from potential security threats.

Rate this question:
19.

Which of the following is a security trait of a virtual machine?
- A.
  
  Provides additional resources for testing
- B.
  
  Provides real-time access to all system processes
- C.
  
  Provides a read-only area for executing code
- D.
  
  Provides a restricted environment for executing code
Correct Answer
D. Provides a restricted environment for executing code

Explanation
A virtual machine provides a restricted environment for executing code. This means that the virtual machine isolates the code being executed from the host system, providing a layer of security. This prevents any malicious code or actions within the virtual machine from affecting the host system. By restricting the environment, the virtual machine ensures that the code being executed is contained and cannot access or modify sensitive resources or data on the host system.

Rate this question:
20.

An unauthorized user intercepted a users password and used this information to obtain the companys administrator password. The unauthorized user can use the administrators password to access sensitive information pertaining to client data. Which of the following is this an example of?
- A.
  
  Session hijacking
- B.
  
  Least privilege
- C.
  
  Privilege escalation
- D.
  
  Network address translation
Correct Answer
C. Privilege escalation

Explanation
This scenario is an example of privilege escalation. Privilege escalation refers to the unauthorized elevation of user privileges, allowing an attacker to gain access to resources or perform actions that they are not supposed to have access to. In this case, the unauthorized user intercepted a user's password and used it to obtain the company's administrator password, thereby gaining higher privileges and access to sensitive client data.

Rate this question:
21.

Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO)
- A.
  
  Disable the USB root hub within the OS
- B.
  
  Install anti-virus software on the USB drives
- C.
  
  Disable USB within the workstation BIOS
- D.
  
  Apply the concept of least privilege to USB devices
- E.
  
  Run spyware detection against all workstations
Correct Answer(s)
A. Disable the USB root hub within the OS
C. Disable USB within the workstation BIOS

Explanation
The two mitigation techniques that would address the concern of sensitive files being copied to USB drives are disabling the USB root hub within the OS and disabling USB within the workstation BIOS. By disabling the USB root hub within the OS, users will not be able to connect any USB devices to the workstation. Similarly, by disabling USB within the workstation BIOS, the USB ports on the workstation will be rendered inactive, preventing any USB devices from being connected. These measures ensure that sensitive files cannot be copied to USB drives through the workstation's USB ports.

Rate this question:
22.

An administrator has developed an OS install that will implement the tightest security controls possible. In order to quickly replicate these controls on all systems, which of the following should be established?
- A.
  
  Take screen shots of the configuration options
- B.
  
  Create an image from the OS install
- C.
  
  Create a boot disk for the operating system
- D.
  
  Implement OS hardening procedures
Correct Answer
B. Create an image from the OS install

Explanation
Creating an image from the OS install is the best option for quickly replicating the tightest security controls on all systems. By creating an image, the administrator can capture the entire configuration and settings of the OS install, including the security controls. This image can then be easily deployed to multiple systems, ensuring that the same security controls are implemented consistently across all systems. This saves time and effort compared to manually configuring each system or taking screenshots of the configuration options.

Rate this question:
23.

After registering an email address on a website, a user starts receiving messages from unknown sources. The email account is new, and therefore the user is concerned. This type of message traffic is referred to as:
- A.
  
  Instant message traffic
- B.
  
  SPIM
- C.
  
  S/MIME
- D.
  
  Spam
Correct Answer
D. Spam

Explanation
Spam refers to unsolicited and unwanted messages that are sent to a user's email account. In this scenario, the user starts receiving messages from unknown sources after registering their email address on a website. Since the email account is new and the user is concerned about these messages, it indicates that they are receiving spam.

Rate this question:
24.

A technician is testing the security of a new database application with a website front-end. The technician notices that when certain characters are input into the application it will crash the server. Which of the following does the technician need to do?
- A.
  
  Utilize SSL on the website
- B.
  
  Implement an ACL
- C.
  
  Lock-down the database
- D.
  
  Input validation
Correct Answer
D. Input validation

Explanation
The technician needs to implement input validation. Input validation is a process of ensuring that the data entered into a system is valid, correct, and safe. In this case, the application crashes when certain characters are input, indicating that the input is not being properly validated. By implementing input validation, the technician can prevent the application from crashing by filtering out or sanitizing any input that may be malicious or cause system errors. This will help improve the security and stability of the application.

Rate this question:
25.

An administrator in a small office environment has implemented an IDS on the network perimeter to detect malicious traffic patterns. The administrator still has a concern about traffic inside the network originating between client workstations. Which of the following could be implemented?
- A.
  
  HIDS
- B.
  
  A VLAN
- C.
  
  A network router
- D.
  
  An access list
Correct Answer
A. HIDS

Explanation
A Host-based Intrusion Detection System (HIDS) could be implemented to address the administrator's concern about traffic originating between client workstations. HIDS monitors the activities and events occurring on individual host systems, allowing it to detect any suspicious or malicious behavior. By deploying HIDS, the administrator can gain visibility into the traffic originating from the client workstations and detect any potential threats or attacks. This would complement the network perimeter IDS and provide a comprehensive security solution for the small office environment.

Rate this question:
26.

A user is redirected to a different website when the user requests the DNS record www.xyz.comptia.com. Which of the following is this an example of?
- A.
  
  DNS poisoning
- B.
  
  DoS
- C.
  
  DNS caching
- D.
  
  Smurf attack
Correct Answer
A. DNS poisoning

Explanation
This is an example of DNS poisoning, where the user is redirected to a different website than the one requested. DNS poisoning occurs when an attacker maliciously alters the DNS records to redirect users to a fake or malicious website.

Rate this question:
27.

A company wants to host public servers on a new network. These servers will include a website and mail server. Which of the following should be implemented on the network to isolate these public hosts from the rest of the network?
- A.
  
  IPv6
- B.
  
  IPSec
- C.
  
  DMZ
- D.
  
  VLAN
Correct Answer
C. DMZ

Explanation
To isolate the public hosts from the rest of the network, a DMZ (Demilitarized Zone) should be implemented on the network. A DMZ is a separate network segment that acts as a buffer zone between the public servers and the internal network. It provides an additional layer of security by placing the public servers in a separate zone, which restricts direct access to the internal network. This helps to protect the internal network from potential threats and attacks that may target the public servers.

Rate this question:
28.

A user has decided that they do not want an internal LAN segment to use public IP addresses. The user wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the Internet. Which of the following does the user want to implement?
- A.
  
  IPSec
- B.
  
  NAT
- C.
  
  SSH
- D.
  
  SFTP
Correct Answer
B. NAT

Explanation
The user wants to implement NAT (Network Address Translation). NAT allows the user to translate the internal LAN segment's public IP addresses to private IP addresses from a pool of public IP addresses. This allows the internal devices to be identified on the Internet using the public IP addresses from the pool.

Rate this question:
29.

An administrator has been studying stateful packet inspection and wants to implement this security technique on the network. Which of the following devices could the administrator use to BEST utilize stateful packet inspection?
- A.
  
  Hub
- B.
  
  IDS
- C.
  
  Switch
- D.
  
  Firewall
Correct Answer
D. Firewall

Explanation
A firewall would be the best device to utilize stateful packet inspection. Firewalls are designed to monitor and control incoming and outgoing network traffic based on predetermined security rules. Stateful packet inspection is a technique used by firewalls to analyze the context and state of network connections, allowing them to make more informed decisions about whether to allow or block specific packets. This helps to enhance network security by preventing unauthorized access and detecting potentially malicious activities. Hubs, IDS, and switches do not typically have the same level of advanced security features as firewalls.

Rate this question:
30.

Which of the following is the primary purpose of a honeypot?
- A.
  
  Translate addresses at the perimeter
- B.
  
  To provide a decoy target on the network
- C.
  
  Provide cryptography for the network
- D.
  
  Work as a network proxy
Correct Answer
B. To provide a decoy target on the network

Explanation
The primary purpose of a honeypot is to provide a decoy target on the network. A honeypot is a security mechanism that is designed to attract and deceive potential attackers. It mimics a vulnerable system or network, enticing attackers to interact with it. By doing so, it allows security professionals to monitor and analyze the attacker's methods and techniques, gather valuable information about their tactics, and ultimately enhance the overall security of the network.

Rate this question:
31.

An administrator wants to ensure that no equipment is damaged when there is a fire or false alarm in the server room. Which of the following type of fire suppression systems should be used?
- A.
  
  Carbon Dioxide
- B.
  
  Hydrogen Peroxide
- C.
  
  Wet pipe sprinkler
- D.
  
  Deluge sprinkler
Correct Answer
A. Carbon Dioxide

Explanation
Carbon dioxide should be used as a fire suppression system in the server room to ensure that no equipment is damaged during a fire or false alarm. Carbon dioxide is an effective fire suppressant as it displaces oxygen, which is necessary for combustion. It is a clean agent that does not leave any residue or cause damage to equipment. Additionally, it is non-conductive and safe to use in electrical environments.

Rate this question:
32.

Which of the following is a CRL composed of?
- A.
  
  Public Key Infrastructure (PKI)
- B.
  
  Expired or revoked certificates
- C.
  
  Certificate Authorities
- D.
  
  Expired user accounts
Correct Answer
B. Expired or revoked certificates

Explanation
A Certificate Revocation List (CRL) is a component of a Public Key Infrastructure (PKI). It is a list that contains information about certificates that have been revoked or expired. When a certificate authority determines that a certificate is no longer valid, it is added to the CRL. This allows relying parties to check the CRL and verify the status of a certificate before trusting it. Therefore, the correct answer is "Expired or revoked certificates" as it accurately represents the content of a CRL.

Rate this question:
33.

Which of the following is the primary purpose of a CA?
- A.
  
  LANMAN validation
- B.
  
  Encrypt data
- C.
  
  Kerberos authentication
- D.
  
  Issue private/public keys
Correct Answer
D. Issue private/public keys

Explanation
The primary purpose of a CA (Certificate Authority) is to issue private/public keys. A CA is responsible for verifying the authenticity and identity of individuals or organizations requesting digital certificates. These certificates include the public key of the entity and are used for various purposes such as secure communication, encryption, and authentication. By issuing these keys, the CA ensures the integrity and security of digital transactions and communications.

Rate this question:
34.

An administrator wants to replace telnet with a more secure protocol to manage a network device. Which of the following should be implemented on the network?
- A.
  
  SMTP
- B.
  
  SNMP
- C.
  
  SFTP
- D.
  
  SSH
Correct Answer
D. SSH

Explanation
SSH (Secure Shell) should be implemented on the network to replace telnet with a more secure protocol for managing a network device. SSH provides secure remote access and secure file transfer capabilities, ensuring that data transmitted between the administrator and the network device is encrypted and protected from unauthorized access. SMTP (Simple Mail Transfer Protocol) is used for email transmission, SNMP (Simple Network Management Protocol) is used for network management, and SFTP (Secure File Transfer Protocol) is used for secure file transfers, but none of these protocols specifically address the need for secure remote access to network devices like SSH does.

Rate this question:
35.

A user is attempting to receive digitally signed and encrypted email messages from a remote office. Which of the following protocols does the system need to support?
- A.
  
  SMTP
- B.
  
  S/MIME
- C.
  
  ISAKMP
- D.
  
  IPSec
Correct Answer
B. S/MIME

Explanation
The system needs to support S/MIME protocol in order to receive digitally signed and encrypted email messages from a remote office. S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol that provides a secure way to send and receive email messages by adding a layer of encryption and digital signatures to the messages. This ensures the confidentiality, integrity, and authenticity of the messages being transmitted.

Rate this question:
36.

An adinistrator does not want anyone to VPN from inside the network to a remote office or network. Which of the following protocols should be blocked outbound on the network?
- A.
  
  TPM
- B.
  
  OVAL
- C.
  
  SNMP
- D.
  
  ISAKMP
Correct Answer
D. ISAKMP

Explanation
ISAKMP stands for Internet Security Association and Key Management Protocol. It is used for establishing and negotiating security associations, such as encryption keys, between two devices. In this scenario, blocking ISAKMP outbound on the network would prevent anyone from establishing a VPN connection from inside the network to a remote office or network. By blocking ISAKMP, the administrator ensures that the network remains secure and prevents unauthorized access to the remote network through VPN connections.

Rate this question:
37.

An administrator is implementing a public website and they want all client connections to the server to be encrypted via thier web browser. Which of the following should be implemented?
- A.
  
  SSL
- B.
  
  SHA-1
- C.
  
  Blowfish
- D.
  
  3DES
Correct Answer
A. SSL

Explanation
SSL (Secure Sockets Layer) should be implemented in order to encrypt client connections to the server via their web browser. SSL is a cryptographic protocol that ensures secure communication between a client and a server by encrypting the data transmitted between them. It provides authentication, confidentiality, and integrity of the data, making it an appropriate choice for securing a public website and protecting sensitive information. SHA-1, Blowfish, and 3DES are encryption algorithms but do not provide the complete secure communication that SSL offers.

Rate this question:
38.

Which of the following is MOST likely provided by asymmetric key cryptography?
- A.
  
  Performance
- B.
  
  A pre-shared key
- C.
  
  Kiting
- D.
  
  Confidentiality
Correct Answer
D. Confidentiality

Explanation
Asymmetric key cryptography is primarily used to provide confidentiality in communication. It ensures that only the intended recipient can decrypt and access the information by using their private key, while the sender uses the recipient's public key to encrypt the data. This method ensures that the communication remains secure and confidential, protecting it from unauthorized access or interception.

Rate this question:
39.

All of the following are symmetric key algorithms EXCEPT:
- A.
  
  ECC
- B.
  
  Rijndael
- C.
  
  3DES
- D.
  
  RC4
Correct Answer
A. ECC

Explanation
ECC stands for Elliptic Curve Cryptography, which is a type of public key cryptography. Unlike symmetric key algorithms, which use the same key for both encryption and decryption, ECC uses a pair of mathematically related keys - a private key and a public key. Rijndael, 3DES, and RC4 are all examples of symmetric key algorithms, as they use the same key for both encryption and decryption.

Rate this question:
40.

Which of the following is true about ECC algorithms?
- A.
  
  It is the algorithm used in PGP
- B.
  
  It is implemented in portable devices
- C.
  
  It is a private key algorithm
- D.
  
  It is CPU intensive
Correct Answer
B. It is implemented in portable devices

Explanation
ECC algorithms are implemented in portable devices. This means that these algorithms are designed and used in devices such as smartphones, tablets, and other portable electronic devices. They are specifically optimized for these devices, allowing for efficient and secure encryption and decryption processes. This implementation enables secure communication and data protection on portable devices, making them suitable for various applications such as mobile banking, secure messaging, and secure access to sensitive information.

Rate this question:
41.

Which of the following is a way to encrypt session keys using SSL?
- A.
  
  Session keys are sent unencrypted
- B.
  
  Session keys are encrypted using an astmmetric algorithm
- C.
  
  Session keys are sent in clear text because they are private keys
- D.
  
  Session keys are encrypted using a symmetric algorithm
Correct Answer
B. Session keys are encrypted using an astmmetric algorithm

Explanation
Session keys are encrypted using an asymmetric algorithm in SSL. This is done to ensure the confidentiality and security of the session keys. Asymmetric encryption involves the use of a public key and a private key. The session key is encrypted with the recipient's public key and can only be decrypted using the corresponding private key, which is kept secret. This ensures that only the intended recipient can decrypt and access the session keys, providing a secure method for transmitting sensitive information during SSL sessions.

Rate this question:
42.

Which of the following can reduce the risk associated with password guessing attacks? (Select TWO)
- A.
  
  Implement single sign-on
- B.
  
  Implement shared passwords
- C.
  
  Implement account-lockout thresholds
- D.
  
  Implement shadow passwords
- E.
  
  Implement stronger password complexity policies
Correct Answer(s)
C. Implement account-lockout thresholds
E. Implement stronger password complexity policies

Explanation
Implementing account-lockout thresholds can reduce the risk of password guessing attacks by locking out an account after a certain number of failed login attempts. This prevents an attacker from repeatedly guessing passwords. Implementing stronger password complexity policies can also reduce the risk as it requires users to create passwords that are more difficult to guess, such as using a combination of uppercase and lowercase letters, numbers, and special characters. This makes it less likely for an attacker to guess the password through brute force or dictionary attacks.

Rate this question:
43.

Which of the following is a common practice in forensic investigation?
- A.
  
  Performing a Gutman sanitization of the drive
- B.
  
  Performing a binary copy of the system storage media
- C.
  
  Performing a file level copy of the systems storage media
- D.
  
  Performing a sanitization of the drive
Correct Answer
B. Performing a binary copy of the system storage media

Explanation
Performing a binary copy of the system storage media is a common practice in forensic investigation because it involves creating an exact replica of the storage media, including all files, folders, and system data. This allows investigators to analyze the copy without altering or damaging the original evidence. By performing a binary copy, investigators can preserve the integrity of the evidence and ensure that any analysis or examination is conducted on a separate, isolated copy of the data. This practice is crucial in forensic investigations to maintain the chain of custody and ensure the accuracy and reliability of the findings.

Rate this question:
44.

Which of the following is done to ensure appropriate personnel have access to systems and networks? (Select TWO)
- A.
  
  Conduct periodic penetration testing assessments
- B.
  
  Conduct periodic personnel employment verifications
- C.
  
  Conduct rights review of users and groups
- D.
  
  Conduct virus scan
- E.
  
  Conduct vulnerability assessments
Correct Answer(s)
B. Conduct periodic personnel employment verifications
C. Conduct rights review of users and groups

Explanation
To ensure appropriate personnel have access to systems and networks, conducting periodic personnel employment verifications is important. This helps to verify that the individuals who have access to the systems and networks are still employed and authorized to access them. Additionally, conducting rights review of users and groups is crucial to ensure that the access privileges granted to individuals are appropriate and aligned with their job roles and responsibilities. This helps to prevent unauthorized access and potential security breaches.

Rate this question:
45.

Antivirus software products detect malware by comparing the characteristics of known instances against which of the following type of file sets?
- A.
  
  Signature
- B.
  
  Text
- C.
  
  NIDS signature
- D.
  
  Dynamic Library
Correct Answer
A. Signature

Explanation
Antivirus software products detect malware by comparing the characteristics of known instances against signature file sets. Signature files contain unique patterns or code snippets that are associated with specific malware. When the antivirus software scans a file, it checks for these signatures to identify any matches and determine if the file is infected. This method allows antivirus software to quickly and accurately detect malware based on its known characteristics.

Rate this question:
46.

Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment?
- A.
  
  Water
- B.
  
  Carbon Dioxide
- C.
  
  Halon
- D.
  
  Foam
Correct Answer
A. Water

Explanation
Water would cause the most damage to electrical equipment because it is a conductor of electricity. When water comes into contact with live electrical components, it can cause short circuits, electrical shocks, and damage to the equipment. This is why it is not recommended to use water-based fire suppression tools in areas with electrical equipment.

Rate this question:
47.

Which of the following is the BEST process of removing PII data from a disk drive before reuse?
- A.
  
  Destruction
- B.
  
  Sanitization
- C.
  
  Reformatting
- D.
  
  Degaussing
Correct Answer
B. Sanitization

Explanation
Sanitization is the best process of removing PII data from a disk drive before reuse. Sanitization refers to the process of permanently and irreversibly removing all data from a disk drive, ensuring that it cannot be recovered or accessed by unauthorized individuals. This process typically involves overwriting the entire disk with random data patterns multiple times, making it virtually impossible to retrieve any sensitive information. Destruction involves physically destroying the disk, reformatting only deletes the file system and does not completely remove the data, and degaussing is a method used for magnetic media and may not be effective for all types of disk drives.

Rate this question:
48.

When assigning permissions, which of the following concepts should be applied to enable a person to perform their job task?
- A.
  
  Rule based
- B.
  
  Discretionary Access Control (DAC)
- C.
  
  Least privilege
- D.
  
  Role based
Correct Answer
C. Least privilege

Explanation
The concept of least privilege should be applied when assigning permissions in order to enable a person to perform their job task. This means that individuals should only be given the minimum level of access necessary to complete their specific job responsibilities. By implementing the principle of least privilege, organizations can minimize the risk of unauthorized access or misuse of sensitive information, and ensure that individuals have access only to the resources required for their specific tasks.

Rate this question:
49.

While conducting a review of the system logs, a user had attempted to log onto the network over 250 times. Which of the following type of attacks is MOST likely occurring?
- A.
  
  Brute force
- B.
  
  Phishing
- C.
  
  Spamming
- D.
  
  DNS spoofing
Correct Answer
A. Brute force

Explanation
Based on the information provided, the user's repeated attempts to log onto the network indicate a brute force attack. In a brute force attack, an attacker systematically tries multiple combinations of usernames and passwords to gain unauthorized access to a system. The fact that the user attempted to log in over 250 times suggests a persistent and determined effort to gain access, which aligns with the characteristics of a brute force attack.

Rate this question:
50.

Users do not want to enter credentials to each server or application to conduct their work. Which of the following type of strategies will resolve this issue?
- A.
  
  Smart Card
- B.
  
  Two-factor authentication
- C.
  
  Biometrics
- D.
  
  SSO
Correct Answer
D. SSO

Explanation
Single Sign-On (SSO) is a strategy that can resolve the issue of users having to enter credentials for each server or application they need to access. SSO allows users to authenticate themselves once, typically using a username and password, and then grants them access to multiple systems or applications without requiring them to re-enter their credentials. This streamlines the authentication process, improves user experience, and increases productivity by reducing the need for repeated logins.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 20, 2023

Quiz Edited by
ProProfs Editorial Team
May 22, 2010

Quiz Created by
Semarley

CompTIA Security+ Part 2

Which of the following BEST describes the term war driving?

Which of the following statements BEST describes the implicit deny concept?

When is the BEST time to update antivirus definitions?

Why would a technician use a password cracker?

Users on a network report that they are receiving unsolicited emails from an email address that does not change. Which of the following steps should be taken to stop this from occurring?

Which of the following is a true statement with regards to a NIDS?

A technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which of the following will help determine the amount of CPU cycles that are being consumed?

Which of the following are characteristics of a hash function? (Select TWO)

Which of the following is the MOST secure alternative for administrative access to a router?

Which of the following might an attacker resort to in order to recover discarded company documents?

Which of the following creates a security buffer zone between two rooms?

Which of the following tools would be used to review network traffic for clear text passwords?

Kerberos uses which of the following trusted entities to issue tickets?

Which of the following specifies a set of consistent requirements for a workstation or server?

A companys website allows customers to search for a product and display the current price and quantity available of each product from the production database. Which of the following would invalidate an SQL injection attack launched from the lookup field at the web server level?

Which of the following virtual machine components monitors and manages the various virtual instances?

A smurf attack is an example of which of the following threats?

Which of the following is the BEST tool for allowing users to go to approved business-related websites only?

Which of the following is a security trait of a virtual machine?

An unauthorized user intercepted a users password and used this information to obtain the companys administrator password. The unauthorized user can use the administrators password to access sensitive information pertaining to client data. Which of the following is this an example of?

Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO)

An administrator has developed an OS install that will implement the tightest security controls possible. In order to quickly replicate these controls on all systems, which of the following should be established?

After registering an email address on a website, a user starts receiving messages from unknown sources. The email account is new, and therefore the user is concerned. This type of message traffic is referred to as:

A technician is testing the security of a new database application with a website front-end. The technician notices that when certain characters are input into the application it will crash the server. Which of the following does the technician need to do?

An administrator in a small office environment has implemented an IDS on the network perimeter to detect malicious traffic patterns. The administrator still has a concern about traffic inside the network originating between client workstations. Which of the following could be implemented?

A user is redirected to a different website when the user requests the DNS record www.xyz.comptia.com. Which of the following is this an example of?

A company wants to host public servers on a new network. These servers will include a website and mail server. Which of the following should be implemented on the network to isolate these public hosts from the rest of the network?

A user has decided that they do not want an internal LAN segment to use public IP addresses. The user wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the Internet. Which of the following does the user want to implement?

An administrator has been studying stateful packet inspection and wants to implement this security technique on the network. Which of the following devices could the administrator use to BEST utilize stateful packet inspection?

Which of the following is the primary purpose of a honeypot?

An administrator wants to ensure that no equipment is damaged when there is a fire or false alarm in the server room. Which of the following type of fire suppression systems should be used?

Which of the following is a CRL composed of?

Which of the following is the primary purpose of a CA?

An administrator wants to replace telnet with a more secure protocol to manage a network device. Which of the following should be implemented on the network?

A user is attempting to receive digitally signed and encrypted email messages from a remote office. Which of the following protocols does the system need to support?

An adinistrator does not want anyone to VPN from inside the network to a remote office or network. Which of the following protocols should be blocked outbound on the network?

An administrator is implementing a public website and they want all client connections to the server to be encrypted via thier web browser. Which of the following should be implemented?

Which of the following is MOST likely provided by asymmetric key cryptography?

All of the following are symmetric key algorithms EXCEPT:

Which of the following is true about ECC algorithms?

Which of the following is a way to encrypt session keys using SSL?

Which of the following can reduce the risk associated with password guessing attacks? (Select TWO)

Which of the following is a common practice in forensic investigation?

Which of the following is done to ensure appropriate personnel have access to systems and networks? (Select TWO)

Antivirus software products detect malware by comparing the characteristics of known instances against which of the following type of file sets?

Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment?

Which of the following is the BEST process of removing PII data from a disk drive before reuse?

When assigning permissions, which of the following concepts should be applied to enable a person to perform their job task?

While conducting a review of the system logs, a user had attempted to log onto the network over 250 times. Which of the following type of attacks is MOST likely occurring?

Users do not want to enter credentials to each server or application to conduct their work. Which of the following type of strategies will resolve this issue?