CompTIA Security+ Part 3

100 Questions | Total Attempts: 265

SettingsSettingsSettings
Security Plus Quizzes & Trivia

Comptia security+ certification


Questions and Answers
  • 1. 
    A CEO is concerned about staff browsing inappropriate material on the Internet via HTTPS.  If has been suggested that the company purchase a product which could decrypt the SSL session, scan the content and then repackage the SSL session without staff knowing.  Which of the following type of attacks is similar to this product?
    • A. 

      Replay

    • B. 

      Spoofing

    • C. 

      TCP/IP hijacking

    • D. 

      Man-in-the-middle

  • 2. 
    After a system risk assessment was performed it was found that the cost to mitigate the risk was higher than the expected loss if the risk was actualized.  In this instance, which of the following is the BEST course of action?
    • A. 

      Accept the risk

    • B. 

      Mitigate the risk

    • C. 

      Reject the risk

    • D. 

      Run a new risk assessment

  • 3. 
    A small call center business decided to install an email system to facilitate communications in the office.  As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year.  The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protected.  If workstations are compromised it will take three hours to restore services for the 30 staff.  Staff members in the call center are paid $90 per hour.  If determining the risk, which of the following is the annual loss expectancy (ALE)?
    • A. 

      $2,700

    • B. 

      $4,500

    • C. 

      $5,000

    • D. 

      $7,290

  • 4. 
    A technician is deciding between implementing a HIDS on the database server of implementing a HIDS.  Which of the following are reasons why a NIDS may be better to implement? (Select TWO)
    • A. 

      Many HIDS require frequent patched and updates

    • B. 

      Many HIDS are not able to detect network attacks

    • C. 

      Many HIDS have a negative impact on system performance

    • D. 

      Many HIDS only offer a low level of detection granularity

    • E. 

      Many HIDS are not good at detecting attacks on database servers

  • 5. 
    Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a laptop?
    • A. 

      Remote access user connecting via SSL VPN

    • B. 

      Office laptop connected to the enterprise LAN

    • C. 

      Remote access user connecting via corporate dial-in server

    • D. 

      Office laptop connected to a home user network

  • 6. 
    Virtualized applications, such as virtualized browsers, are capable of protecting the operating system from which of the following?
    • A. 

      Malware installation from suspect Internet sites

    • B. 

      Man-in-the-middle attacks

    • C. 

      Phishing and spam attacks

    • D. 

      DDoS attacks against the underlying OS

  • 7. 
    A flat or simple role-based access control (RBAC) embodies which of the following principles?
    • A. 

      Users assigned to roles, permissions are assigned to groups, controls applied to groups and permissions by controls

    • B. 

      Users assigned permissions, roles assigned to groups and users acuire additional permissions by being a member of a group

    • C. 

      Roles applied to groups, users assigned to groups and users acquire permissions by being a member of the group

    • D. 

      Users assigned to roles, permissions are assigned to roles and users acquire permissions by being a member of the role

  • 8. 
    A number of unauthorized staff have been entering the data center by piggybacking authorized staff.  The CIO has mandated that this behavior stops.  Which of the following is the BEST technology to install at the data center to prevent piggybacking?
    • A. 

      Mantrap

    • B. 

      Security badges

    • C. 

      Hardware locks

    • D. 

      Token access

  • 9. 
    Which of the following is a security threat that hides its processes and files from being easily detected?
    • A. 

      Trojan

    • B. 

      Adware

    • C. 

      Worm

    • D. 

      Rootkit

  • 10. 
    Security templates are used for which of the following purposes? Select TWO)
    • A. 

      To ensure that email is encrypted by users of PGP

    • B. 

      To ensure that PKI will work properly within the companys trust model

    • C. 

      Th ensure that performance is standardized across all servers

    • D. 

      To ensure that all servers start from a common security configuration

    • E. 

      To ensure that servers are in compliance with the corporate security policy

  • 11. 
    Frequent signature updates are required by which of the following security applications?  (Select TWO)
    • A. 

      Antivirus

    • B. 

      PGP

    • C. 

      Firewall

    • D. 

      PKI

    • E. 

      IDS

  • 12. 
    When choosing an antivirus product, which of the following are the MOST inportant security considerations?  (Select TWO)
    • A. 

      The frequency of signature updates

    • B. 

      The ability to scan encrypted files

    • C. 

      The availability od application programming interface

    • D. 

      The number of emails that can be scanned

    • E. 

      The number of viruses the software can detect

  • 13. 
    Three generally accepted activities of patch management are:  determining which patches are needed, applying the patches and which of the following?
    • A. 

      Updating the firewall configuration to include the patches

    • B. 

      Running a NIDS report to list the remaining vulnerabilities

    • C. 

      Auditing for the successful application of the patches

    • D. 

      Backing up the patch file executables to a network share

  • 14. 
    In which of the following situations would it be appropriate to install a hotfix?
    • A. 

      A patch in a service pack fixes the issue, but too many extra patches are included

    • B. 

      A patch is not available and workarounds do not correct the problem

    • C. 

      A patch is available, but has not yet been tested in a production environment

    • D. 

      A patch is too large to be distributed via remote deployment tool

  • 15. 
    Social engineering, password cracking and vulnerability exploitation are examples of which of the following?
    • A. 

      Vulnerability assessment

    • B. 

      Fingerprinting

    • C. 

      Penetration testing

    • D. 

      Fuzzing

  • 16. 
    If an administrator does not have a NIDS examining network traffic, which of the following could be used to identify an active attack?
    • A. 

      Protocol analyzer

    • B. 

      Penetration testing tool

    • C. 

      Network mapper

    • D. 

      Vulnerability scanner

  • 17. 
    Configuration baseline should be taken at which of the following stages in the deployment of a new system?
    • A. 

      Before initial configuration

    • B. 

      Before loading the OS

    • C. 

      After the user logs in

    • D. 

      After initial configuration

  • 18. 
    Which of the following practices should be implemented to harden workstations and servers?
    • A. 

      Log on only as administrator

    • B. 

      Install only needed software

    • C. 

      Check the logs regularly

    • D. 

      Report all security incidents

  • 19. 
    Which of the following is a mechanism that prevents electromagnetic emanations from being captured?
    • A. 

      Install a repeater

    • B. 

      Uninterruptible power supply (UPS)

    • C. 

      Faraday cage

    • D. 

      Disable SSID broadcast

  • 20. 
    Which of the following describes the difference between a secure cipher and a secure hash?
    • A. 

      A hash produces a variable output for any input size, a cipher does not

    • B. 

      A cipher produces the same size output for any input size, a hash does not

    • C. 

      A cipher can be reversed, a hash cannot

    • D. 

      A hash can be reversed, a cipher cannot

  • 21. 
    Which of the following physical threats is prevented with mantraps?
    • A. 

      Piggybacking

    • B. 

      Social engineering

    • C. 

      Dumpster diving

    • D. 

      Shoulder surfing

  • 22. 
    Which of the following BEST describes the differences between SHA-1 and MD5?
    • A. 

      MD5 produces variable length message digests

    • B. 

      SHA-1 produces fewer collisions than MD5

    • C. 

      MD5 produces fewer collisions than SHA-1

    • D. 

      SHA-1 produces fixed length message digests

  • 23. 
    Which of the following BEST applies in the secure disposal of computers?
    • A. 

      Computers must be configured for automated patch management

    • B. 

      Computer media must be sanitized

    • C. 

      Default passwords must be changed once

    • D. 

      Computers must be tested against known TCP/IP vulnerabilities

  • 24. 
    Which of the following BEST describes the differences between RADIUS and TACACS?
    • A. 

      TACACS separates authentication, authorization and auditing capabilities

    • B. 

      TACACS is a remote access authentication service

    • C. 

      RADIUS is a remote access authentication service

    • D. 

      RADIUS separates authentication, authorization and auditing capabilities

  • 25. 
    Which of the following BEST describes the differences between RADIUS and TACACS?
    • A. 

      RADIUS encrypts client-server negotiation dialog

    • B. 

      RADIUS is a remote access authentication service

    • C. 

      TACACS encrypts client-server negotiation dialog

    • D. 

      TACACS is a remote access authentication service

Back to Top Back to top