CompTIA Security+ Part 4

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Semarley
S
Semarley
Community Contributor
Quizzes Created: 4 | Total Attempts: 1,732
Questions: 55 | Attempts: 348

SettingsSettingsSettings
Security Plus Quizzes & Trivia

Comptia securit+ exam


Questions and Answers
  • 1. 

    Which of the following is LEAST effective when hardening an operating system?

    • A.

      Configuration baselines

    • B.

      Limiting administrative privileges

    • C.

      Installing HIDS

    • D.

      Install a software firewall

    Correct Answer
    C. Installing HIDS
    Explanation
    Installing HIDS (Host-based Intrusion Detection System) is the least effective when hardening an operating system. While HIDS can help detect and prevent intrusions, it is not as effective as the other options listed. Configuration baselines help establish a secure starting point for the system, limiting administrative privileges reduces the attack surface, and installing a software firewall adds an additional layer of protection. However, HIDS alone may not provide comprehensive protection and should be used in conjunction with other security measures.

    Rate this question:

  • 2. 

    Which of the following provides the MOST control when deploying patches?

    • A.

      Hotfix

    • B.

      Remote desktop

    • C.

      Patch management

    • D.

      Service packs

    Correct Answer
    C. Patch management
    Explanation
    Patch management provides the most control when deploying patches. Patch management refers to the process of acquiring, testing, and installing patches or updates for software applications or systems. It allows organizations to centrally manage and control the deployment of patches, ensuring that they are applied consistently and in a controlled manner. This level of control is not provided by other options such as hotfixes, remote desktop, or service packs, which may have limitations in terms of management and control over the patch deployment process.

    Rate this question:

  • 3. 

    If a technician wants to know when a computer application is accessing the network, which of the following logs should be reviewed?

    • A.

      Antivirus log

    • B.

      RADIUS log

    • C.

      Performance log

    • D.

      Host firewall log

    Correct Answer
    D. Host firewall log
    Explanation
    The host firewall log should be reviewed if a technician wants to know when a computer application is accessing the network. The host firewall log contains information about incoming and outgoing network connections, including the applications that are initiating these connections. By reviewing the host firewall log, the technician can identify the specific times when the application is accessing the network and gather additional information about the connections made by the application.

    Rate this question:

  • 4. 

    All of the following are components of IPSec EXCEPT:

    • A.

      Encapsulating security payload

    • B.

      Internet key exchange

    • C.

      Temporal key interchange protocol

    • D.

      Authentication Header (AH)

    Correct Answer
    C. Temporal key interchange protocol
    Explanation
    The Temporal Key Interchange Protocol (TKIP) is not a component of IPSec. IPSec is a suite of protocols used for securing internet communications. The components of IPSec include the Encapsulating Security Payload (ESP), which provides confidentiality and integrity for IP packets, the Internet Key Exchange (IKE), which is responsible for establishing secure communication channels and negotiating cryptographic keys, and the Authentication Header (AH), which provides authentication and integrity for IP packets. However, TKIP is a protocol used in Wi-Fi networks to improve the security of WPA, but it is not part of IPSec.

    Rate this question:

  • 5. 

    IPSec connection parameters are stored in which of the following?

    • A.

      Security association database

    • B.

      Security payload index

    • C.

      Security parameter index

    • D.

      Certificate Authority (CA)

    Correct Answer
    A. Security association database
    Explanation
    The correct answer is the security association database. The security association database is responsible for storing the parameters required for establishing and maintaining IPSec connections. This includes information such as the security parameter index, which identifies the specific security parameters to be used, and the security payload index, which keeps track of the order and delivery of IPSec packets. The certificate authority (CA) is not directly involved in storing IPSec connection parameters.

    Rate this question:

  • 6. 

    Which of the following will provide a 128-bit hash?

    • A.

      MD5

    • B.

      AES128

    • C.

      ROT13

    • D.

      SHA-1

    Correct Answer
    A. MD5
    Explanation
    MD5 (Message Digest Algorithm 5) is a widely used cryptographic hash function that produces a 128-bit hash value. It takes an input (message) of any length and produces a fixed-size (128-bit) hash value. MD5 is commonly used for checksums and data integrity verification, but it is considered to be insecure for cryptographic purposes due to its vulnerabilities to collision attacks. Nonetheless, it still remains in use for non-cryptographic purposes. AES128 (Advanced Encryption Standard) is a symmetric encryption algorithm that uses a 128-bit key, ROT13 is a simple letter substitution cipher, and SHA-1 (Secure Hash Algorithm 1) produces a 160-bit hash value.

    Rate this question:

  • 7. 

    Which of the following describes a hash algorithms ability to avoid the same output from two guessed inputs?

    • A.

      Collision avoidance

    • B.

      Collision resistance

    • C.

      Collision strength

    • D.

      Collision metric

    Correct Answer
    B. Collision resistance
    Explanation
    Collision resistance refers to the ability of a hash algorithm to prevent the occurrence of two different inputs producing the same output, also known as a collision. In other words, it ensures that it is computationally infeasible to find two different inputs that result in the same hash value. This property is crucial in cryptographic applications where the integrity and security of data are paramount. By having collision resistance, the hash algorithm provides a high level of assurance that different inputs will always produce different hash values, enhancing the overall security of the system.

    Rate this question:

  • 8. 

    Which of the following should be included in a forensic toolkit?

    • A.

      Compressed air

    • B.

      Tape recorder

    • C.

      Fingerprint cards

    • D.

      Digital camera

    Correct Answer
    D. Digital camera
    Explanation
    A digital camera should be included in a forensic toolkit because it can be used to capture high-quality photographs of crime scenes, evidence, and other relevant materials. These photographs can be crucial in documenting the condition and location of evidence, as well as providing visual reference for analysis and presentation in court. Additionally, digital cameras often have features such as time stamps and GPS tagging, which can further enhance the accuracy and usefulness of the photographic evidence.

    Rate this question:

  • 9. 

    Which of the following BEST describes the form used while transferring evidence?

    • A.

      Booking slip

    • B.

      Affidavit

    • C.

      Chain of custody

    • D.

      Evidence log

    Correct Answer
    C. Chain of custody
    Explanation
    The form used while transferring evidence is referred to as the chain of custody. This process involves documenting and maintaining a record of the movement and handling of evidence from the time it is collected until it is presented in court. The chain of custody ensures the integrity and admissibility of the evidence by showing who had control over it and when. It is a crucial component in establishing the reliability and credibility of the evidence in legal proceedings.

    Rate this question:

  • 10. 

    Which of the following is the primary incident response function of a first responder?

    • A.

      To evaluate the scene and repair the problem

    • B.

      To secure the scene and preserve evidence

    • C.

      To evaluate the scene and determine the cause

    • D.

      To gather evidence and write reports

    Correct Answer
    B. To secure the scene and preserve evidence
    Explanation
    The primary incident response function of a first responder is to secure the scene and preserve evidence. This involves establishing a perimeter around the incident area to prevent unauthorized access and contamination of evidence. By securing the scene, first responders ensure the safety of individuals present and protect valuable evidence that may be crucial in determining the cause of the incident and identifying the responsible parties. Preserving evidence is essential for a thorough investigation and potential legal proceedings.

    Rate this question:

  • 11. 

    Which of the following is the GREATEST problem with low humidity in a server room?

    • A.

      Static electricity

    • B.

      Power surge

    • C.

      Electromagnetic interference

    • D.

      Brown out

    Correct Answer
    A. Static electricity
    Explanation
    Low humidity in a server room can lead to an increase in static electricity. Static electricity can build up and discharge, causing damage to sensitive electronic equipment. This can result in malfunctions, data loss, or even permanent damage to the servers. Therefore, static electricity is the greatest problem associated with low humidity in a server room.

    Rate this question:

  • 12. 

    Which of the following protocols is used to unsure secure transmissions on port 443?

    • A.

      HTTPS

    • B.

      Telnet

    • C.

      SFTP

    • D.

      SHTTP

    Correct Answer
    A. HTTPS
    Explanation
    HTTPS is the correct answer because it is a protocol that ensures secure transmissions over the internet. It uses encryption to protect the data being transmitted between a web browser and a web server. Port 443 is the standard port used for HTTPS communication, making it the appropriate protocol for secure transmissions on this port. Telnet, SFTP, and SHTTP are not specifically designed for secure transmissions on port 443.

    Rate this question:

  • 13. 

    When should a technician perform disaster recovery testing?

    • A.

      Immediately following lessons learned sessions

    • B.

      Once a month, during peak business hours

    • C.

      After the network is stable and online

    • D.

      In accordance with the disaster recovery plan

    Correct Answer
    D. In accordance with the disaster recovery plan
    Explanation
    A technician should perform disaster recovery testing in accordance with the disaster recovery plan. This means that the testing should be conducted based on the guidelines and procedures outlined in the plan. Following the plan ensures that the testing is done at the appropriate time and in a systematic manner, allowing for the identification of any potential issues or weaknesses in the disaster recovery process. It also ensures that the testing is aligned with the overall goals and objectives of the organization's disaster recovery strategy.

    Rate this question:

  • 14. 

    Which of the following is the BEST backup method to restore the entire operating system and all related software?

    • A.

      Weekly

    • B.

      Incremental

    • C.

      Disk Image

    • D.

      Differential

    Correct Answer
    C. Disk Image
    Explanation
    A disk image is the best backup method to restore the entire operating system and all related software. A disk image is a complete copy of the entire system, including the operating system, software, files, and settings. It captures the system in its entirety, allowing for a complete restoration of the system to its previous state. This method ensures that all components are backed up and can be easily restored, making it the most comprehensive and reliable option for restoring the entire operating system and related software.

    Rate this question:

  • 15. 

    How many keys are utilized in symmetric cryptography?

    • A.

      One

    • B.

      Two

    • C.

      Three

    • D.

      Four

    Correct Answer
    A. One
    Explanation
    In symmetric cryptography, only one key is utilized. This key is used for both encryption and decryption of the data. The same key is shared between the sender and receiver, ensuring that only authorized parties can access the encrypted information. This approach simplifies the encryption process as there is no need to manage multiple keys. However, it also poses a challenge in securely distributing the key to all authorized parties.

    Rate this question:

  • 16. 

    Which of the following terms is BEST associated with public key infrastructure (PKI)?

    • A.

      MD5 hashing

    • B.

      Symmetric key

    • C.

      Symmetric algorithm

    • D.

      Digital signatures

    Correct Answer
    D. Digital signatures
    Explanation
    Public key infrastructure (PKI) is a system that uses digital certificates and cryptographic keys to secure communication and verify the authenticity of users. Digital signatures are a fundamental component of PKI as they provide a way to ensure the integrity and non-repudiation of digital documents or messages. By using asymmetric encryption, a digital signature is created using the sender's private key, which can then be verified by anyone who has access to the sender's public key. Therefore, digital signatures are the best term associated with PKI.

    Rate this question:

  • 17. 

    Which of the following is the LAST step to granting access to specific domain resources?

    • A.

      Validate the user

    • B.

      Authorize the user

    • C.

      Verify the user

    • D.

      Authenticate the user

    Correct Answer
    B. Authorize the user
    Explanation
    The last step to granting access to specific domain resources is to authorize the user. This means that after the user has been validated, verified, and authenticated, the system will determine if the user has the necessary permissions and privileges to access the specific domain resources. Authorization ensures that only authorized users can access the resources, providing an additional layer of security and control.

    Rate this question:

  • 18. 

    After an attacker has successfully gained remote access to a server with minimal privileges, which of the following is their next step?

    • A.

      Elevate system privileges

    • B.

      Monitor network traffic

    • C.

      Capture private keys

    • D.

      Begin key recovery

    Correct Answer
    A. Elevate system privileges
    Explanation
    After an attacker has gained remote access to a server with minimal privileges, their next step would be to elevate system privileges. This allows the attacker to gain higher levels of access and control over the server, enabling them to perform more malicious activities and potentially compromise the entire system. By elevating system privileges, the attacker can bypass security measures, gain access to sensitive data, install malware, or execute unauthorized commands on the server.

    Rate this question:

  • 19. 

    Which of the following should the technician recommend as a way to logically separate various internal networks from each other?

    • A.

      NIDS

    • B.

      VLAN

    • C.

      NAT

    • D.

      HIDS

    Correct Answer
    B. VLAN
    Explanation
    A VLAN (Virtual Local Area Network) is a recommended solution to logically separate various internal networks from each other. VLANs allow for the segmentation of a physical network into multiple virtual networks, enabling different groups of devices to communicate with each other while remaining isolated from other VLANs. This separation enhances network security and improves network performance by reducing broadcast traffic and increasing network efficiency. Therefore, VLANs are an effective way to logically separate internal networks.

    Rate this question:

  • 20. 

    An organization has requested the ability to monitor all network traffic as it traverses their network.  Which of the following should a technician implement?

    • A.

      Content filter

    • B.

      Protocol analyzer

    • C.

      Honeypot

    • D.

      HIDS

    Correct Answer
    B. Protocol analyzer
    Explanation
    A protocol analyzer is a tool that allows the organization to monitor and analyze network traffic. It captures and examines data packets as they traverse the network, providing detailed information about the protocols being used, the source and destination addresses, and any potential issues or security threats. By implementing a protocol analyzer, the organization can gain visibility into their network traffic, identify any abnormalities or suspicious activity, and take appropriate actions to ensure network security and performance.

    Rate this question:

  • 21. 

    A large amount of viruses have been found on numerous domain workstations.  Which of the following should the technician implement?

    • A.

      Decentralized antivirus

    • B.

      Host based intrusion detection

    • C.

      Centralized antivirus

    • D.

      Spyware detection

    Correct Answer
    C. Centralized antivirus
    Explanation
    The technician should implement centralized antivirus. Centralized antivirus allows for the management and control of antivirus software across multiple domain workstations from a central location. This ensures that all workstations are protected and that any viruses or malware can be detected and removed efficiently. By using centralized antivirus, the technician can easily update virus definitions, schedule scans, and monitor the overall security of the network. This helps to prevent the spread of viruses and maintain a secure environment for the domain workstations.

    Rate this question:

  • 22. 

    Which of the following is the MOST difficult security concern to detect when contractors enter a secured facility?

    • A.

      Rogue access points being installed

    • B.

      Copying sensitive information with cellular phones

    • C.

      Removing mass storage iSCSI drives

    • D.

      Removing network attached storage

    Correct Answer
    B. Copying sensitive information with cellular phones
    Explanation
    Copying sensitive information with cellular phones is the most difficult security concern to detect when contractors enter a secured facility because it can be done discreetly and without leaving any physical evidence. Unlike installing rogue access points or removing mass storage drives, which may require physical tampering and can potentially be detected through surveillance or monitoring systems, copying sensitive information with cellular phones can be done using various covert methods such as taking pictures or using data transfer apps, making it harder to detect and prevent.

    Rate this question:

  • 23. 

    When are port scanners generally used on systems?

    • A.

      At the middle of a vulnerability assessment

    • B.

      At the beginning of a vulnerability assessment

    • C.

      When there is a need to document vulnerabilities

    • D.

      At the end of a penetration test assessment

    Correct Answer
    B. At the beginning of a vulnerability assessment
    Explanation
    Port scanners are generally used at the beginning of a vulnerability assessment. This is because port scanning helps identify open ports on a system, which can then be assessed for potential vulnerabilities. By scanning ports at the beginning of the assessment, security professionals can gather information about the system's network services and determine if any ports are exposed and susceptible to attacks. This allows them to prioritize their efforts and focus on addressing the identified vulnerabilities during the assessment.

    Rate this question:

  • 24. 

    The staff must be cross-trained in different functional areas so that fraud can be detected.  Which of the following is this an example of?

    • A.

      Separation of duties

    • B.

      Implicit deny

    • C.

      Least privilege

    • D.

      Job rotation

    Correct Answer
    D. Job rotation
    Explanation
    Job rotation is the practice of moving employees through different roles and responsibilities within an organization. By cross-training staff in different functional areas, they gain exposure to various tasks and processes, including fraud detection. This allows them to develop a broader understanding of the organization's operations and increases the likelihood of detecting fraudulent activities. Job rotation also helps prevent fraud by reducing the risk of collusion and increasing accountability.

    Rate this question:

  • 25. 

    Human Resources has requested that staff members be moved to different parts of the country into new positions.  Which of the following is this an example of?

    • A.

      Implicit deny

    • B.

      Separation of duties

    • C.

      Least privilege

    • D.

      Job rotation

    Correct Answer
    D. Job rotation
    Explanation
    This scenario is an example of job rotation, where staff members are being moved to different parts of the country and into new positions. Job rotation involves periodically shifting employees to different roles or departments within an organization to enhance their skills, provide them with new experiences, and prevent monotony. By rotating employees, organizations can also ensure cross-training and knowledge sharing among their workforce.

    Rate this question:

  • 26. 

    An administrator is worried about an attacker using a compromised user account to gain administrator access to a system.  Which of the following is this an example of?

    • A.

      Man-in-the-middle attack

    • B.

      Protocol analysis

    • C.

      Privilege escalation

    • D.

      Cross-site scripting

    Correct Answer
    C. Privilege escalation
    Explanation
    Privilege escalation refers to the unauthorized elevation of user privileges, allowing an attacker to gain higher levels of access than originally intended. In this scenario, the administrator is concerned about an attacker exploiting a compromised user account to gain administrator access to the system. This aligns with the concept of privilege escalation, as the attacker is attempting to escalate their privileges from a regular user to an administrator.

    Rate this question:

  • 27. 

    Which of the following is used to deny authorized users access to services?

    • A.

      Botnets

    • B.

      Adware

    • C.

      Spyware

    • D.

      Trojans

    Correct Answer
    A. Botnets
    Explanation
    Botnets are large networks of compromised computers that are controlled by a central attacker. They are used to carry out various malicious activities, including denying authorized users access to services. By overwhelming a targeted service or website with a flood of requests from multiple computers in the botnet, the service can be rendered inaccessible to legitimate users. This denial of service attack can disrupt the availability and functionality of the service, causing inconvenience or financial loss to the authorized users.

    Rate this question:

  • 28. 

    An administrator recommends implementing whitelisting, blacklisting, closing-open relays, and strong authentication techniques to a server administrator.  Which of the following threats are being addressed?

    • A.

      Adware

    • B.

      Spyware

    • C.

      Spam

    • D.

      Viruses

    Correct Answer
    C. Spam
    Explanation
    The recommended measures of implementing whitelisting, blacklisting, closing-open relays, and strong authentication techniques are aimed at addressing the threat of spam. These techniques help in filtering and blocking unwanted and unsolicited emails, reducing the amount of spam that reaches the server and the users. By implementing these measures, the server administrator can effectively combat the issue of spam and minimize its impact on the system and its users.

    Rate this question:

  • 29. 

    An administrator is asked to improve the physical security of a data center located inside the office building.  The data center already maintains a physical access log and has video surveillance system.  Which of the following additional controls could be implemented?

    • A.

      Defense-in-depth

    • B.

      Logical token

    • C.

      ACL

    • D.

      Mantrap

    Correct Answer
    D. Mantrap
    Explanation
    A mantrap is a physical security control that can be implemented to improve the physical security of a data center. It is a small enclosed area with two separate doors, where one door must close and lock before the other door can be opened. This ensures that only one person can enter or exit the data center at a time, preventing unauthorized access. Implementing a mantrap adds an additional layer of security to the existing physical access log and video surveillance system, making it more difficult for unauthorized individuals to gain entry to the data center.

    Rate this question:

  • 30. 

    In regards to physical security, which of the following BEST describes an access control system which implements a non-trusted but secure zone immediately outside of the secure zone?

    • A.

      Smart card

    • B.

      Defense-in-depth

    • C.

      Mantrap

    • D.

      DMZ

    Correct Answer
    C. Mantrap
    Explanation
    A mantrap is a physical security system that consists of two or more interlocking doors or gates. It is designed to control access to a secure area by allowing only one person to enter or exit at a time. This creates a buffer zone between the non-trusted but secure zone and the secure zone, ensuring that unauthorized individuals cannot gain access easily. The use of a mantrap enhances physical security by preventing unauthorized access and providing a controlled environment for verifying the identity and intentions of individuals before granting them access to the secure zone.

    Rate this question:

  • 31. 

    A technician notices delays in mail delivery on the mail server.  Which of the following tools could be used to determine the cause of the service degradation?

    • A.

      Port scanner

    • B.

      Performance monitor

    • C.

      Ipconfig /all

    • D.

      TFTP

    Correct Answer
    B. Performance monitor
    Explanation
    The performance monitor tool can be used to determine the cause of the service degradation. This tool allows the technician to monitor various performance metrics such as CPU usage, memory usage, disk activity, and network traffic. By analyzing these metrics, the technician can identify any bottlenecks or issues that may be causing delays in mail delivery on the mail server. The performance monitor provides real-time data and can help in troubleshooting and optimizing the server's performance.

    Rate this question:

  • 32. 

    Penetration testing should only be used once which of the following items is in place?

    • A.

      Acceptable use policy

    • B.

      Data retention and disclosure policy

    • C.

      Service level agreement

    • D.

      Written permission

    Correct Answer
    D. Written permission
    Explanation
    Penetration testing involves actively testing the security of a system or network to identify vulnerabilities. It is a sensitive and potentially disruptive activity, so it should only be conducted with proper authorization. Written permission ensures that the organization or individual responsible for the system or network is aware of and has approved the penetration testing. This helps to prevent any unauthorized or malicious activities and ensures that the testing is conducted within the boundaries and guidelines set by the organization.

    Rate this question:

  • 33. 

    An administrator recommends that management establish a trusted third party central repository to maintain all employees private keys.  Which of the following BEST describes the administrators recommendation?

    • A.

      Registration

    • B.

      Certificate Authority

    • C.

      Recovery agent

    • D.

      Key escrow

    Correct Answer
    D. Key escrow
    Explanation
    The administrator's recommendation is to establish a trusted third party central repository to maintain all employees' private keys. This is known as key escrow, where the keys are securely stored with a trusted entity. This ensures that the keys can be accessed and recovered if needed, while maintaining their confidentiality and integrity.

    Rate this question:

  • 34. 

    To combat transaction fraud, a bank has implemented a requirement that all bank customers enter a different, unique code to confirm every transaction.  Which of the folowing is the MOST effective method to accomplish this?

    • A.

      ATM PIN code

    • B.

      Elliptic curve

    • C.

      One-time password

    • D.

      Digital certificate

    Correct Answer
    C. One-time password
    Explanation
    A one-time password is the most effective method to combat transaction fraud because it provides an additional layer of security. Unlike a static password or PIN code, a one-time password is valid for only a single login session or transaction, and it expires after a short period of time. This makes it extremely difficult for fraudsters to gain unauthorized access to a user's account or make fraudulent transactions, even if they manage to obtain the password. By requiring customers to enter a different, unique code for every transaction, the bank ensures that even if a password is compromised, it cannot be used for any future transactions.

    Rate this question:

  • 35. 

    All of the following should be identified within the penetration testing scope of work EXCEPT:

    • A.

      A complete list of all network vulnerabilities

    • B.

      IP addresses of machines from which penetration testing will be executed

    • C.

      A list of acceptable testing techniques and tools to be utilized

    • D.

      Handling of information collected by the penetration testing team

    Correct Answer
    A. A complete list of all network vulnerabilities
    Explanation
    The correct answer is "A complete list of all network vulnerabilities." This is because the scope of work for penetration testing typically focuses on identifying vulnerabilities and assessing the security of a system or network. However, it is not necessary to provide a complete list of all network vulnerabilities as this would be impractical and time-consuming. Instead, the penetration testing team should focus on identifying and documenting the most critical vulnerabilities that pose a significant risk to the system or network.

    Rate this question:

  • 36. 

    Which of the following is the MOST efficient way that an administrator can restrict network access to certain ports enterprise wide?

    • A.

      HIDS

    • B.

      Personal software firewall

    • C.

      NIDS

    • D.

      ACL

    Correct Answer
    D. ACL
    Explanation
    An ACL (Access Control List) is the most efficient way for an administrator to restrict network access to certain ports enterprise-wide. ACLs are a set of rules that determine what network traffic is allowed or denied based on various criteria, such as source IP address, destination IP address, and port number. By configuring ACLs on network devices, administrators can control access to specific ports, allowing only authorized traffic to pass through while blocking unauthorized traffic. This helps in enhancing network security and preventing unauthorized access to sensitive resources.

    Rate this question:

  • 37. 

    An administrator is responsible for a server which has been attacked repeatedly in the past.  The only recourse has been to reload the server from scratch.  Which of the following techniques could be used to decrease the recovery time following an incident?

    • A.

      Implement the server as a honeypot

    • B.

      Implement the server as a virtual server instance

    • C.

      Load balance between two identical servers

    • D.

      Install the server on a separate VLAN segment

    Correct Answer
    B. Implement the server as a virtual server instance
    Explanation
    Implementing the server as a virtual server instance can decrease the recovery time following an incident. By using virtualization technology, the server can be easily backed up, replicated, and restored in case of an attack. This eliminates the need to reload the server from scratch, saving time and effort. Additionally, virtual server instances can be easily migrated or moved to different hardware, providing flexibility and scalability.

    Rate this question:

  • 38. 

    Validating the users claimed identity is called which of the following?

    • A.

      Authentication

    • B.

      Identification

    • C.

      Verification

    • D.

      Validation

    Correct Answer
    A. Authentication
    Explanation
    Authentication refers to the process of verifying the claimed identity of a user or entity. It involves confirming the authenticity of the provided credentials, such as username and password, to ensure that the user is who they claim to be. This process helps to establish trust and secure access to systems, data, or resources. Identification, on the other hand, is the act of identifying or recognizing a user or entity, while verification is the process of confirming the accuracy or truthfulness of something. Validation, in this context, is not the correct term as it refers to the process of checking if something is valid or compliant with certain criteria.

    Rate this question:

  • 39. 

    Which of the following is planted on an infected system and deployed at a predetermined time?

    • A.

      Logic bomb

    • B.

      Trojan horse

    • C.

      Worm

    • D.

      Rootkit

    Correct Answer
    A. Logic bomb
    Explanation
    A logic bomb is a type of malicious code that is planted on a system and programmed to execute a specific action at a predetermined time or when certain conditions are met. It is typically used to cause harm or damage to the infected system or its data. Unlike a Trojan horse, which disguises itself as a legitimate program, or a worm, which replicates itself to spread, a logic bomb remains dormant until triggered, making it a covert and dangerous threat. A rootkit, on the other hand, is a type of malware that allows unauthorized access to a system while hiding its presence.

    Rate this question:

  • 40. 

    Which of the following allows a user to float a domain registration for a maximum of five days?

    • A.

      DNS poisoning

    • B.

      Domain hijacking

    • C.

      Spoofing

    • D.

      Kiting

    Correct Answer
    D. Kiting
    Explanation
    Kiting allows a user to float a domain registration for a maximum of five days. Kiting refers to the practice of intentionally delaying the payment for a domain registration, allowing the user to keep the domain active for a short period of time without actually paying for it. This can be used to exploit the system and gain temporary control over a domain without proper payment or authorization.

    Rate this question:

  • 41. 

    According to company policy and administrator must logically keep the Human Resources department separated from the Accounting department.  Which of the following would be the simplest way to accomplish this?

    • A.

      NIDS

    • B.

      DMZ

    • C.

      NAT

    • D.

      VLAN

    Correct Answer
    D. VLAN
    Explanation
    A VLAN (Virtual Local Area Network) would be the simplest way to keep the Human Resources department separated from the Accounting department. VLANs allow for the creation of separate virtual networks within a physical network infrastructure, enabling different departments to have their own isolated network segments. By implementing VLANs, the administrator can ensure that the HR and Accounting departments are logically separated, preventing unauthorized access and maintaining the company policy of keeping these departments separate.

    Rate this question:

  • 42. 

    Which of the following is an attack which is launched from multiple zombie machines in attempt to bring down a service?

    • A.

      DoS

    • B.

      Man-in-the-middle

    • C.

      DDoS

    • D.

      TCP/IP hijacking

    Correct Answer
    C. DDoS
    Explanation
    A DDoS (Distributed Denial of Service) attack is launched from multiple zombie machines in an attempt to bring down a service. In a DDoS attack, the attacker overwhelms the target system with a flood of traffic, making it unable to respond to legitimate requests. By using multiple zombie machines, the attacker can amplify the attack and make it harder to mitigate. This type of attack is commonly used to disrupt websites, online services, or network infrastructure.

    Rate this question:

  • 43. 

    Which of the following will MOST likely allow an attacker to make a switch function like a hub?

    • A.

      MAC flooding

    • B.

      ARP poisoning

    • C.

      DNS poisoning

    • D.

      DNS spoofing

    Correct Answer
    A. MAC flooding
    Explanation
    MAC flooding is a technique used by attackers to overload the MAC address table of a switch. By sending a large number of fake MAC addresses to the switch, the attacker can fill up the table, causing the switch to enter into a fail-open mode where it functions like a hub. In this mode, the switch broadcasts all incoming traffic to all connected devices, allowing the attacker to intercept and analyze the network traffic. Therefore, MAC flooding is the most likely method to make a switch function like a hub.

    Rate this question:

  • 44. 

    Which of the following is commonly programmed into an application for ease of administration?

    • A.

      Back door

    • B.

      Worm

    • C.

      Zombie

    • D.

      Trajan

    Correct Answer
    A. Back door
    Explanation
    A back door is commonly programmed into an application for ease of administration. It is a hidden entry point that allows authorized individuals to bypass normal authentication and gain access to the application or system. This allows administrators to easily manage and maintain the application without going through the usual authentication process.

    Rate this question:

  • 45. 

    Which of the following is a technique used by hackers to identify unsecured wireless network locations to other hackers?

    • A.

      Bluesnarfing

    • B.

      War dialing

    • C.

      War chalking

    • D.

      War driving

    Correct Answer
    C. War chalking
    Explanation
    War chalking is a technique used by hackers to identify unsecured wireless network locations to other hackers. It involves marking physical locations, such as walls or pavements, with specific symbols or codes that indicate the presence of an unsecured network. These markings can be easily understood by other hackers, allowing them to locate and exploit these vulnerable networks. This technique is a form of information gathering and reconnaissance, enabling hackers to identify potential targets for unauthorized access or data theft.

    Rate this question:

  • 46. 

    Which of the following authentication models uses a KDC?

    • A.

      CHAP

    • B.

      PKI

    • C.

      PGP

    • D.

      Kerberos

    Correct Answer
    D. Kerberos
    Explanation
    Kerberos is the correct answer because it is an authentication model that uses a Key Distribution Center (KDC). The KDC acts as a trusted third party that issues tickets to clients and servers for authentication. These tickets are used to verify the identity of users and ensure secure communication within a network. Kerberos is commonly used in enterprise environments to provide strong authentication and secure access to resources.

    Rate this question:

  • 47. 

    Which of the following disaster recovery components is a location that is completely empty, but allows the infrastructure to be built if the live site goes down?

    • A.

      Mirrored site

    • B.

      Cold site

    • C.

      Warm site

    • D.

      Hot site

    Correct Answer
    B. Cold site
    Explanation
    A cold site is a disaster recovery component that is an empty location, allowing the infrastructure to be built if the live site goes down. Unlike other sites, a cold site does not have any pre-configured equipment or systems. Instead, it provides the necessary space and utilities for the organization to set up their infrastructure in the event of a disaster. This allows for a cost-effective solution, as the organization only needs to invest in equipment and systems when they are actually needed.

    Rate this question:

  • 48. 

    Which of the following should be done if an organization intends to prosecute an attacker once an attack has been completed?

    • A.

      Update antivirus definitions

    • B.

      Disconnect the entire network from the internet

    • C.

      Apply proper forensic techniques

    • D.

      Restore missing files on the affected system

    Correct Answer
    C. Apply proper forensic techniques
    Explanation
    When an organization intends to prosecute an attacker after an attack, it is crucial to apply proper forensic techniques. Forensic techniques involve collecting and analyzing digital evidence to identify the attacker, understand the attack methodology, and gather evidence that can be used in legal proceedings. This includes preserving and analyzing logs, examining system files, and conducting network forensics. By applying proper forensic techniques, the organization can ensure that the evidence is admissible in court and increase the chances of successful prosecution. Updating antivirus definitions, disconnecting the network, or restoring missing files may be important steps in incident response, but they do not directly contribute to prosecuting the attacker.

    Rate this question:

  • 49. 

    Which of the following documents specifies the uptime guarantee of a web server?

    • A.

      Due process

    • B.

      Due diligence

    • C.

      Scope of work

    • D.

      Service level agreement

    Correct Answer
    D. Service level agreement
    Explanation
    A Service Level Agreement (SLA) is a document that outlines the expectations and responsibilities of both the service provider and the client. It specifies the quality and level of service that will be provided, including guarantees such as uptime. Therefore, the correct answer is Service Level Agreement as it is the document that specifies the uptime guarantee of a web server.

    Rate this question:

  • 50. 

    Which of the following authentication models uses a time stamp to prevent the risks associated with a replay attack?

    • A.

      Two-factor authentication

    • B.

      RADIUS

    • C.

      LDAP

    • D.

      Kerberos

    Correct Answer
    D. Kerberos
    Explanation
    Kerberos is the correct answer because it uses a time stamp to prevent the risks associated with a replay attack. A replay attack occurs when an attacker intercepts and retransmits a valid data transmission. By using a time stamp, Kerberos ensures that the authentication information is only valid for a specific period of time, making it difficult for an attacker to replay the authentication data and gain unauthorized access.

    Rate this question:

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.