CompTIA Security+ Part 4

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Semarley

Semarley

Community Contributor

Quizzes Created: 4 | Total Attempts: 1,740

Questions: 55 | Attempts: 348 | Updated: Mar 21, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Comptia securit+ exam

Questions and Answers

1.

Which of the following is LEAST effective when hardening an operating system?
- A.
  
  Configuration baselines
- B.
  
  Limiting administrative privileges
- C.
  
  Installing HIDS
- D.
  
  Install a software firewall
Correct Answer
C. Installing HIDS

Explanation
Installing HIDS (Host-based Intrusion Detection System) is the least effective when hardening an operating system. While HIDS can help detect and prevent intrusions, it is not as effective as the other options listed. Configuration baselines help establish a secure starting point for the system, limiting administrative privileges reduces the attack surface, and installing a software firewall adds an additional layer of protection. However, HIDS alone may not provide comprehensive protection and should be used in conjunction with other security measures.

Rate this question:
2.

Which of the following provides the MOST control when deploying patches?
- A.
  
  Hotfix
- B.
  
  Remote desktop
- C.
  
  Patch management
- D.
  
  Service packs
Correct Answer
C. Patch management

Explanation
Patch management provides the most control when deploying patches. Patch management refers to the process of acquiring, testing, and installing patches or updates for software applications or systems. It allows organizations to centrally manage and control the deployment of patches, ensuring that they are applied consistently and in a controlled manner. This level of control is not provided by other options such as hotfixes, remote desktop, or service packs, which may have limitations in terms of management and control over the patch deployment process.

Rate this question:
3.

If a technician wants to know when a computer application is accessing the network, which of the following logs should be reviewed?
- A.
  
  Antivirus log
- B.
  
  RADIUS log
- C.
  
  Performance log
- D.
  
  Host firewall log
Correct Answer
D. Host firewall log

Explanation
The host firewall log should be reviewed if a technician wants to know when a computer application is accessing the network. The host firewall log contains information about incoming and outgoing network connections, including the applications that are initiating these connections. By reviewing the host firewall log, the technician can identify the specific times when the application is accessing the network and gather additional information about the connections made by the application.

Rate this question:
4.

All of the following are components of IPSec EXCEPT:
- A.
  
  Encapsulating security payload
- B.
  
  Internet key exchange
- C.
  
  Temporal key interchange protocol
- D.
  
  Authentication Header (AH)
Correct Answer
C. Temporal key interchange protocol

Explanation
The Temporal Key Interchange Protocol (TKIP) is not a component of IPSec. IPSec is a suite of protocols used for securing internet communications. The components of IPSec include the Encapsulating Security Payload (ESP), which provides confidentiality and integrity for IP packets, the Internet Key Exchange (IKE), which is responsible for establishing secure communication channels and negotiating cryptographic keys, and the Authentication Header (AH), which provides authentication and integrity for IP packets. However, TKIP is a protocol used in Wi-Fi networks to improve the security of WPA, but it is not part of IPSec.

Rate this question:
5.

IPSec connection parameters are stored in which of the following?
- A.
  
  Security association database
- B.
  
  Security payload index
- C.
  
  Security parameter index
- D.
  
  Certificate Authority (CA)
Correct Answer
A. Security association database

Explanation
The correct answer is the security association database. The security association database is responsible for storing the parameters required for establishing and maintaining IPSec connections. This includes information such as the security parameter index, which identifies the specific security parameters to be used, and the security payload index, which keeps track of the order and delivery of IPSec packets. The certificate authority (CA) is not directly involved in storing IPSec connection parameters.

Rate this question:
6.

Which of the following will provide a 128-bit hash?
- A.
  
  MD5
- B.
  
  AES128
- C.
  
  ROT13
- D.
  
  SHA-1
Correct Answer
A. MD5

Explanation
MD5 (Message Digest Algorithm 5) is a widely used cryptographic hash function that produces a 128-bit hash value. It takes an input (message) of any length and produces a fixed-size (128-bit) hash value. MD5 is commonly used for checksums and data integrity verification, but it is considered to be insecure for cryptographic purposes due to its vulnerabilities to collision attacks. Nonetheless, it still remains in use for non-cryptographic purposes. AES128 (Advanced Encryption Standard) is a symmetric encryption algorithm that uses a 128-bit key, ROT13 is a simple letter substitution cipher, and SHA-1 (Secure Hash Algorithm 1) produces a 160-bit hash value.

Rate this question:
7.

Which of the following describes a hash algorithms ability to avoid the same output from two guessed inputs?
- A.
  
  Collision avoidance
- B.
  
  Collision resistance
- C.
  
  Collision strength
- D.
  
  Collision metric
Correct Answer
B. Collision resistance

Explanation
Collision resistance refers to the ability of a hash algorithm to prevent the occurrence of two different inputs producing the same output, also known as a collision. In other words, it ensures that it is computationally infeasible to find two different inputs that result in the same hash value. This property is crucial in cryptographic applications where the integrity and security of data are paramount. By having collision resistance, the hash algorithm provides a high level of assurance that different inputs will always produce different hash values, enhancing the overall security of the system.

Rate this question:
8.

Which of the following should be included in a forensic toolkit?
- A.
  
  Compressed air
- B.
  
  Tape recorder
- C.
  
  Fingerprint cards
- D.
  
  Digital camera
Correct Answer
D. Digital camera

Explanation
A digital camera should be included in a forensic toolkit because it can be used to capture high-quality photographs of crime scenes, evidence, and other relevant materials. These photographs can be crucial in documenting the condition and location of evidence, as well as providing visual reference for analysis and presentation in court. Additionally, digital cameras often have features such as time stamps and GPS tagging, which can further enhance the accuracy and usefulness of the photographic evidence.

Rate this question:
9.

Which of the following BEST describes the form used while transferring evidence?
- A.
  
  Booking slip
- B.
  
  Affidavit
- C.
  
  Chain of custody
- D.
  
  Evidence log
Correct Answer
C. Chain of custody

Explanation
The form used while transferring evidence is referred to as the chain of custody. This process involves documenting and maintaining a record of the movement and handling of evidence from the time it is collected until it is presented in court. The chain of custody ensures the integrity and admissibility of the evidence by showing who had control over it and when. It is a crucial component in establishing the reliability and credibility of the evidence in legal proceedings.

Rate this question:
10.

Which of the following is the primary incident response function of a first responder?
- A.
  
  To evaluate the scene and repair the problem
- B.
  
  To secure the scene and preserve evidence
- C.
  
  To evaluate the scene and determine the cause
- D.
  
  To gather evidence and write reports
Correct Answer
B. To secure the scene and preserve evidence

Explanation
The primary incident response function of a first responder is to secure the scene and preserve evidence. This involves establishing a perimeter around the incident area to prevent unauthorized access and contamination of evidence. By securing the scene, first responders ensure the safety of individuals present and protect valuable evidence that may be crucial in determining the cause of the incident and identifying the responsible parties. Preserving evidence is essential for a thorough investigation and potential legal proceedings.

Rate this question:
11.

Which of the following is the GREATEST problem with low humidity in a server room?
- A.
  
  Static electricity
- B.
  
  Power surge
- C.
  
  Electromagnetic interference
- D.
  
  Brown out
Correct Answer
A. Static electricity

Explanation
Low humidity in a server room can lead to an increase in static electricity. Static electricity can build up and discharge, causing damage to sensitive electronic equipment. This can result in malfunctions, data loss, or even permanent damage to the servers. Therefore, static electricity is the greatest problem associated with low humidity in a server room.

Rate this question:
12.

Which of the following protocols is used to unsure secure transmissions on port 443?
- A.
  
  HTTPS
- B.
  
  Telnet
- C.
  
  SFTP
- D.
  
  SHTTP
Correct Answer
A. HTTPS

Explanation
HTTPS is the correct answer because it is a protocol that ensures secure transmissions over the internet. It uses encryption to protect the data being transmitted between a web browser and a web server. Port 443 is the standard port used for HTTPS communication, making it the appropriate protocol for secure transmissions on this port. Telnet, SFTP, and SHTTP are not specifically designed for secure transmissions on port 443.

Rate this question:
13.

When should a technician perform disaster recovery testing?
- A.
  
  Immediately following lessons learned sessions
- B.
  
  Once a month, during peak business hours
- C.
  
  After the network is stable and online
- D.
  
  In accordance with the disaster recovery plan
Correct Answer
D. In accordance with the disaster recovery plan

Explanation
A technician should perform disaster recovery testing in accordance with the disaster recovery plan. This means that the testing should be conducted based on the guidelines and procedures outlined in the plan. Following the plan ensures that the testing is done at the appropriate time and in a systematic manner, allowing for the identification of any potential issues or weaknesses in the disaster recovery process. It also ensures that the testing is aligned with the overall goals and objectives of the organization's disaster recovery strategy.

Rate this question:
14.

Which of the following is the BEST backup method to restore the entire operating system and all related software?
- A.
  
  Weekly
- B.
  
  Incremental
- C.
  
  Disk Image
- D.
  
  Differential
Correct Answer
C. Disk Image

Explanation
A disk image is the best backup method to restore the entire operating system and all related software. A disk image is a complete copy of the entire system, including the operating system, software, files, and settings. It captures the system in its entirety, allowing for a complete restoration of the system to its previous state. This method ensures that all components are backed up and can be easily restored, making it the most comprehensive and reliable option for restoring the entire operating system and related software.

Rate this question:

1
0
15.

How many keys are utilized in symmetric cryptography?
- A.
  
  One
- B.
  
  Two
- C.
  
  Three
- D.
  
  Four
Correct Answer
A. One

Explanation
In symmetric cryptography, only one key is utilized. This key is used for both encryption and decryption of the data. The same key is shared between the sender and receiver, ensuring that only authorized parties can access the encrypted information. This approach simplifies the encryption process as there is no need to manage multiple keys. However, it also poses a challenge in securely distributing the key to all authorized parties.

Rate this question:
16.

Which of the following terms is BEST associated with public key infrastructure (PKI)?
- A.
  
  MD5 hashing
- B.
  
  Symmetric key
- C.
  
  Symmetric algorithm
- D.
  
  Digital signatures
Correct Answer
D. Digital signatures

Explanation
Public key infrastructure (PKI) is a system that uses digital certificates and cryptographic keys to secure communication and verify the authenticity of users. Digital signatures are a fundamental component of PKI as they provide a way to ensure the integrity and non-repudiation of digital documents or messages. By using asymmetric encryption, a digital signature is created using the sender's private key, which can then be verified by anyone who has access to the sender's public key. Therefore, digital signatures are the best term associated with PKI.

Rate this question:
17.

Which of the following is the LAST step to granting access to specific domain resources?
- A.
  
  Validate the user
- B.
  
  Authorize the user
- C.
  
  Verify the user
- D.
  
  Authenticate the user
Correct Answer
B. Authorize the user

Explanation
The last step to granting access to specific domain resources is to authorize the user. This means that after the user has been validated, verified, and authenticated, the system will determine if the user has the necessary permissions and privileges to access the specific domain resources. Authorization ensures that only authorized users can access the resources, providing an additional layer of security and control.

Rate this question:
18.

After an attacker has successfully gained remote access to a server with minimal privileges, which of the following is their next step?
- A.
  
  Elevate system privileges
- B.
  
  Monitor network traffic
- C.
  
  Capture private keys
- D.
  
  Begin key recovery
Correct Answer
A. Elevate system privileges

Explanation
After an attacker has gained remote access to a server with minimal privileges, their next step would be to elevate system privileges. This allows the attacker to gain higher levels of access and control over the server, enabling them to perform more malicious activities and potentially compromise the entire system. By elevating system privileges, the attacker can bypass security measures, gain access to sensitive data, install malware, or execute unauthorized commands on the server.

Rate this question:
19.

Which of the following should the technician recommend as a way to logically separate various internal networks from each other?
- A.
  
  NIDS
- B.
  
  VLAN
- C.
  
  NAT
- D.
  
  HIDS
Correct Answer
B. VLAN

Explanation
A VLAN (Virtual Local Area Network) is a recommended solution to logically separate various internal networks from each other. VLANs allow for the segmentation of a physical network into multiple virtual networks, enabling different groups of devices to communicate with each other while remaining isolated from other VLANs. This separation enhances network security and improves network performance by reducing broadcast traffic and increasing network efficiency. Therefore, VLANs are an effective way to logically separate internal networks.

Rate this question:
20.

An organization has requested the ability to monitor all network traffic as it traverses their network. Which of the following should a technician implement?
- A.
  
  Content filter
- B.
  
  Protocol analyzer
- C.
  
  Honeypot
- D.
  
  HIDS
Correct Answer
B. Protocol analyzer

Explanation
A protocol analyzer is a tool that allows the organization to monitor and analyze network traffic. It captures and examines data packets as they traverse the network, providing detailed information about the protocols being used, the source and destination addresses, and any potential issues or security threats. By implementing a protocol analyzer, the organization can gain visibility into their network traffic, identify any abnormalities or suspicious activity, and take appropriate actions to ensure network security and performance.

Rate this question:
21.

A large amount of viruses have been found on numerous domain workstations. Which of the following should the technician implement?
- A.
  
  Decentralized antivirus
- B.
  
  Host based intrusion detection
- C.
  
  Centralized antivirus
- D.
  
  Spyware detection
Correct Answer
C. Centralized antivirus

Explanation
The technician should implement centralized antivirus. Centralized antivirus allows for the management and control of antivirus software across multiple domain workstations from a central location. This ensures that all workstations are protected and that any viruses or malware can be detected and removed efficiently. By using centralized antivirus, the technician can easily update virus definitions, schedule scans, and monitor the overall security of the network. This helps to prevent the spread of viruses and maintain a secure environment for the domain workstations.

Rate this question:
22.

Which of the following is the MOST difficult security concern to detect when contractors enter a secured facility?
- A.
  
  Rogue access points being installed
- B.
  
  Copying sensitive information with cellular phones
- C.
  
  Removing mass storage iSCSI drives
- D.
  
  Removing network attached storage
Correct Answer
B. Copying sensitive information with cellular phones

Explanation
Copying sensitive information with cellular phones is the most difficult security concern to detect when contractors enter a secured facility because it can be done discreetly and without leaving any physical evidence. Unlike installing rogue access points or removing mass storage drives, which may require physical tampering and can potentially be detected through surveillance or monitoring systems, copying sensitive information with cellular phones can be done using various covert methods such as taking pictures or using data transfer apps, making it harder to detect and prevent.

Rate this question:
23.

When are port scanners generally used on systems?
- A.
  
  At the middle of a vulnerability assessment
- B.
  
  At the beginning of a vulnerability assessment
- C.
  
  When there is a need to document vulnerabilities
- D.
  
  At the end of a penetration test assessment
Correct Answer
B. At the beginning of a vulnerability assessment

Explanation
Port scanners are generally used at the beginning of a vulnerability assessment. This is because port scanning helps identify open ports on a system, which can then be assessed for potential vulnerabilities. By scanning ports at the beginning of the assessment, security professionals can gather information about the system's network services and determine if any ports are exposed and susceptible to attacks. This allows them to prioritize their efforts and focus on addressing the identified vulnerabilities during the assessment.

Rate this question:
24.

The staff must be cross-trained in different functional areas so that fraud can be detected. Which of the following is this an example of?
- A.
  
  Separation of duties
- B.
  
  Implicit deny
- C.
  
  Least privilege
- D.
  
  Job rotation
Correct Answer
D. Job rotation

Explanation
Job rotation is the practice of moving employees through different roles and responsibilities within an organization. By cross-training staff in different functional areas, they gain exposure to various tasks and processes, including fraud detection. This allows them to develop a broader understanding of the organization's operations and increases the likelihood of detecting fraudulent activities. Job rotation also helps prevent fraud by reducing the risk of collusion and increasing accountability.

Rate this question:
25.

Human Resources has requested that staff members be moved to different parts of the country into new positions. Which of the following is this an example of?
- A.
  
  Implicit deny
- B.
  
  Separation of duties
- C.
  
  Least privilege
- D.
  
  Job rotation
Correct Answer
D. Job rotation

Explanation
This scenario is an example of job rotation, where staff members are being moved to different parts of the country and into new positions. Job rotation involves periodically shifting employees to different roles or departments within an organization to enhance their skills, provide them with new experiences, and prevent monotony. By rotating employees, organizations can also ensure cross-training and knowledge sharing among their workforce.

Rate this question:
26.

An administrator is worried about an attacker using a compromised user account to gain administrator access to a system. Which of the following is this an example of?
- A.
  
  Man-in-the-middle attack
- B.
  
  Protocol analysis
- C.
  
  Privilege escalation
- D.
  
  Cross-site scripting
Correct Answer
C. Privilege escalation

Explanation
Privilege escalation refers to the unauthorized elevation of user privileges, allowing an attacker to gain higher levels of access than originally intended. In this scenario, the administrator is concerned about an attacker exploiting a compromised user account to gain administrator access to the system. This aligns with the concept of privilege escalation, as the attacker is attempting to escalate their privileges from a regular user to an administrator.

Rate this question:
27.

Which of the following is used to deny authorized users access to services?
- A.
  
  Botnets
- B.
  
  Adware
- C.
  
  Spyware
- D.
  
  Trojans
Correct Answer
A. Botnets

Explanation
Botnets are large networks of compromised computers that are controlled by a central attacker. They are used to carry out various malicious activities, including denying authorized users access to services. By overwhelming a targeted service or website with a flood of requests from multiple computers in the botnet, the service can be rendered inaccessible to legitimate users. This denial of service attack can disrupt the availability and functionality of the service, causing inconvenience or financial loss to the authorized users.

Rate this question:
28.

An administrator recommends implementing whitelisting, blacklisting, closing-open relays, and strong authentication techniques to a server administrator. Which of the following threats are being addressed?
- A.
  
  Adware
- B.
  
  Spyware
- C.
  
  Spam
- D.
  
  Viruses
Correct Answer
C. Spam

Explanation
The recommended measures of implementing whitelisting, blacklisting, closing-open relays, and strong authentication techniques are aimed at addressing the threat of spam. These techniques help in filtering and blocking unwanted and unsolicited emails, reducing the amount of spam that reaches the server and the users. By implementing these measures, the server administrator can effectively combat the issue of spam and minimize its impact on the system and its users.

Rate this question:
29.

An administrator is asked to improve the physical security of a data center located inside the office building. The data center already maintains a physical access log and has video surveillance system. Which of the following additional controls could be implemented?
- A.
  
  Defense-in-depth
- B.
  
  Logical token
- C.
  
  ACL
- D.
  
  Mantrap
Correct Answer
D. Mantrap

Explanation
A mantrap is a physical security control that can be implemented to improve the physical security of a data center. It is a small enclosed area with two separate doors, where one door must close and lock before the other door can be opened. This ensures that only one person can enter or exit the data center at a time, preventing unauthorized access. Implementing a mantrap adds an additional layer of security to the existing physical access log and video surveillance system, making it more difficult for unauthorized individuals to gain entry to the data center.

Rate this question:
30.

In regards to physical security, which of the following BEST describes an access control system which implements a non-trusted but secure zone immediately outside of the secure zone?
- A.
  
  Smart card
- B.
  
  Defense-in-depth
- C.
  
  Mantrap
- D.
  
  DMZ
Correct Answer
C. Mantrap

Explanation
A mantrap is a physical security system that consists of two or more interlocking doors or gates. It is designed to control access to a secure area by allowing only one person to enter or exit at a time. This creates a buffer zone between the non-trusted but secure zone and the secure zone, ensuring that unauthorized individuals cannot gain access easily. The use of a mantrap enhances physical security by preventing unauthorized access and providing a controlled environment for verifying the identity and intentions of individuals before granting them access to the secure zone.

Rate this question:
31.

A technician notices delays in mail delivery on the mail server. Which of the following tools could be used to determine the cause of the service degradation?
- A.
  
  Port scanner
- B.
  
  Performance monitor
- C.
  
  Ipconfig /all
- D.
  
  TFTP
Correct Answer
B. Performance monitor

Explanation
The performance monitor tool can be used to determine the cause of the service degradation. This tool allows the technician to monitor various performance metrics such as CPU usage, memory usage, disk activity, and network traffic. By analyzing these metrics, the technician can identify any bottlenecks or issues that may be causing delays in mail delivery on the mail server. The performance monitor provides real-time data and can help in troubleshooting and optimizing the server's performance.

Rate this question:
32.

Penetration testing should only be used once which of the following items is in place?
- A.
  
  Acceptable use policy
- B.
  
  Data retention and disclosure policy
- C.
  
  Service level agreement
- D.
  
  Written permission
Correct Answer
D. Written permission

Explanation
Penetration testing involves actively testing the security of a system or network to identify vulnerabilities. It is a sensitive and potentially disruptive activity, so it should only be conducted with proper authorization. Written permission ensures that the organization or individual responsible for the system or network is aware of and has approved the penetration testing. This helps to prevent any unauthorized or malicious activities and ensures that the testing is conducted within the boundaries and guidelines set by the organization.

Rate this question:
33.

An administrator recommends that management establish a trusted third party central repository to maintain all employees private keys. Which of the following BEST describes the administrators recommendation?
- A.
  
  Registration
- B.
  
  Certificate Authority
- C.
  
  Recovery agent
- D.
  
  Key escrow
Correct Answer
D. Key escrow

Explanation
The administrator's recommendation is to establish a trusted third party central repository to maintain all employees' private keys. This is known as key escrow, where the keys are securely stored with a trusted entity. This ensures that the keys can be accessed and recovered if needed, while maintaining their confidentiality and integrity.

Rate this question:
34.

To combat transaction fraud, a bank has implemented a requirement that all bank customers enter a different, unique code to confirm every transaction. Which of the folowing is the MOST effective method to accomplish this?
- A.
  
  ATM PIN code
- B.
  
  Elliptic curve
- C.
  
  One-time password
- D.
  
  Digital certificate
Correct Answer
C. One-time password

Explanation
A one-time password is the most effective method to combat transaction fraud because it provides an additional layer of security. Unlike a static password or PIN code, a one-time password is valid for only a single login session or transaction, and it expires after a short period of time. This makes it extremely difficult for fraudsters to gain unauthorized access to a user's account or make fraudulent transactions, even if they manage to obtain the password. By requiring customers to enter a different, unique code for every transaction, the bank ensures that even if a password is compromised, it cannot be used for any future transactions.

Rate this question:
35.

All of the following should be identified within the penetration testing scope of work EXCEPT:
- A.
  
  A complete list of all network vulnerabilities
- B.
  
  IP addresses of machines from which penetration testing will be executed
- C.
  
  A list of acceptable testing techniques and tools to be utilized
- D.
  
  Handling of information collected by the penetration testing team
Correct Answer
A. A complete list of all network vulnerabilities

Explanation
The correct answer is "A complete list of all network vulnerabilities." This is because the scope of work for penetration testing typically focuses on identifying vulnerabilities and assessing the security of a system or network. However, it is not necessary to provide a complete list of all network vulnerabilities as this would be impractical and time-consuming. Instead, the penetration testing team should focus on identifying and documenting the most critical vulnerabilities that pose a significant risk to the system or network.

Rate this question:
36.

Which of the following is the MOST efficient way that an administrator can restrict network access to certain ports enterprise wide?
- A.
  
  HIDS
- B.
  
  Personal software firewall
- C.
  
  NIDS
- D.
  
  ACL
Correct Answer
D. ACL

Explanation
An ACL (Access Control List) is the most efficient way for an administrator to restrict network access to certain ports enterprise-wide. ACLs are a set of rules that determine what network traffic is allowed or denied based on various criteria, such as source IP address, destination IP address, and port number. By configuring ACLs on network devices, administrators can control access to specific ports, allowing only authorized traffic to pass through while blocking unauthorized traffic. This helps in enhancing network security and preventing unauthorized access to sensitive resources.

Rate this question:
37.

An administrator is responsible for a server which has been attacked repeatedly in the past. The only recourse has been to reload the server from scratch. Which of the following techniques could be used to decrease the recovery time following an incident?
- A.
  
  Implement the server as a honeypot
- B.
  
  Implement the server as a virtual server instance
- C.
  
  Load balance between two identical servers
- D.
  
  Install the server on a separate VLAN segment
Correct Answer
B. Implement the server as a virtual server instance

Explanation
Implementing the server as a virtual server instance can decrease the recovery time following an incident. By using virtualization technology, the server can be easily backed up, replicated, and restored in case of an attack. This eliminates the need to reload the server from scratch, saving time and effort. Additionally, virtual server instances can be easily migrated or moved to different hardware, providing flexibility and scalability.

Rate this question:
38.

Validating the users claimed identity is called which of the following?
- A.
  
  Authentication
- B.
  
  Identification
- C.
  
  Verification
- D.
  
  Validation
Correct Answer
A. Authentication

Explanation
Authentication refers to the process of verifying the claimed identity of a user or entity. It involves confirming the authenticity of the provided credentials, such as username and password, to ensure that the user is who they claim to be. This process helps to establish trust and secure access to systems, data, or resources. Identification, on the other hand, is the act of identifying or recognizing a user or entity, while verification is the process of confirming the accuracy or truthfulness of something. Validation, in this context, is not the correct term as it refers to the process of checking if something is valid or compliant with certain criteria.

Rate this question:
39.

Which of the following is planted on an infected system and deployed at a predetermined time?
- A.
  
  Logic bomb
- B.
  
  Trojan horse
- C.
  
  Worm
- D.
  
  Rootkit
Correct Answer
A. Logic bomb

Explanation
A logic bomb is a type of malicious code that is planted on a system and programmed to execute a specific action at a predetermined time or when certain conditions are met. It is typically used to cause harm or damage to the infected system or its data. Unlike a Trojan horse, which disguises itself as a legitimate program, or a worm, which replicates itself to spread, a logic bomb remains dormant until triggered, making it a covert and dangerous threat. A rootkit, on the other hand, is a type of malware that allows unauthorized access to a system while hiding its presence.

Rate this question:
40.

Which of the following allows a user to float a domain registration for a maximum of five days?
- A.
  
  DNS poisoning
- B.
  
  Domain hijacking
- C.
  
  Spoofing
- D.
  
  Kiting
Correct Answer
D. Kiting

Explanation
Kiting allows a user to float a domain registration for a maximum of five days. Kiting refers to the practice of intentionally delaying the payment for a domain registration, allowing the user to keep the domain active for a short period of time without actually paying for it. This can be used to exploit the system and gain temporary control over a domain without proper payment or authorization.

Rate this question:
41.

According to company policy and administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?
- A.
  
  NIDS
- B.
  
  DMZ
- C.
  
  NAT
- D.
  
  VLAN
Correct Answer
D. VLAN

Explanation
A VLAN (Virtual Local Area Network) would be the simplest way to keep the Human Resources department separated from the Accounting department. VLANs allow for the creation of separate virtual networks within a physical network infrastructure, enabling different departments to have their own isolated network segments. By implementing VLANs, the administrator can ensure that the HR and Accounting departments are logically separated, preventing unauthorized access and maintaining the company policy of keeping these departments separate.

Rate this question:
42.

Which of the following is an attack which is launched from multiple zombie machines in attempt to bring down a service?
- A.
  
  DoS
- B.
  
  Man-in-the-middle
- C.
  
  DDoS
- D.
  
  TCP/IP hijacking
Correct Answer
C. DDoS

Explanation
A DDoS (Distributed Denial of Service) attack is launched from multiple zombie machines in an attempt to bring down a service. In a DDoS attack, the attacker overwhelms the target system with a flood of traffic, making it unable to respond to legitimate requests. By using multiple zombie machines, the attacker can amplify the attack and make it harder to mitigate. This type of attack is commonly used to disrupt websites, online services, or network infrastructure.

Rate this question:
43.

Which of the following will MOST likely allow an attacker to make a switch function like a hub?
- A.
  
  MAC flooding
- B.
  
  ARP poisoning
- C.
  
  DNS poisoning
- D.
  
  DNS spoofing
Correct Answer
A. MAC flooding

Explanation
MAC flooding is a technique used by attackers to overload the MAC address table of a switch. By sending a large number of fake MAC addresses to the switch, the attacker can fill up the table, causing the switch to enter into a fail-open mode where it functions like a hub. In this mode, the switch broadcasts all incoming traffic to all connected devices, allowing the attacker to intercept and analyze the network traffic. Therefore, MAC flooding is the most likely method to make a switch function like a hub.

Rate this question:
44.

Which of the following is commonly programmed into an application for ease of administration?
- A.
  
  Back door
- B.
  
  Worm
- C.
  
  Zombie
- D.
  
  Trajan
Correct Answer
A. Back door

Explanation
A back door is commonly programmed into an application for ease of administration. It is a hidden entry point that allows authorized individuals to bypass normal authentication and gain access to the application or system. This allows administrators to easily manage and maintain the application without going through the usual authentication process.

Rate this question:
45.

Which of the following is a technique used by hackers to identify unsecured wireless network locations to other hackers?
- A.
  
  Bluesnarfing
- B.
  
  War dialing
- C.
  
  War chalking
- D.
  
  War driving
Correct Answer
C. War chalking

Explanation
War chalking is a technique used by hackers to identify unsecured wireless network locations to other hackers. It involves marking physical locations, such as walls or pavements, with specific symbols or codes that indicate the presence of an unsecured network. These markings can be easily understood by other hackers, allowing them to locate and exploit these vulnerable networks. This technique is a form of information gathering and reconnaissance, enabling hackers to identify potential targets for unauthorized access or data theft.

Rate this question:
46.

Which of the following authentication models uses a KDC?
- A.
  
  CHAP
- B.
  
  PKI
- C.
  
  PGP
- D.
  
  Kerberos
Correct Answer
D. Kerberos

Explanation
Kerberos is the correct answer because it is an authentication model that uses a Key Distribution Center (KDC). The KDC acts as a trusted third party that issues tickets to clients and servers for authentication. These tickets are used to verify the identity of users and ensure secure communication within a network. Kerberos is commonly used in enterprise environments to provide strong authentication and secure access to resources.

Rate this question:
47.

Which of the following disaster recovery components is a location that is completely empty, but allows the infrastructure to be built if the live site goes down?
- A.
  
  Mirrored site
- B.
  
  Cold site
- C.
  
  Warm site
- D.
  
  Hot site
Correct Answer
B. Cold site

Explanation
A cold site is a disaster recovery component that is an empty location, allowing the infrastructure to be built if the live site goes down. Unlike other sites, a cold site does not have any pre-configured equipment or systems. Instead, it provides the necessary space and utilities for the organization to set up their infrastructure in the event of a disaster. This allows for a cost-effective solution, as the organization only needs to invest in equipment and systems when they are actually needed.

Rate this question:
48.

Which of the following should be done if an organization intends to prosecute an attacker once an attack has been completed?
- A.
  
  Update antivirus definitions
- B.
  
  Disconnect the entire network from the internet
- C.
  
  Apply proper forensic techniques
- D.
  
  Restore missing files on the affected system
Correct Answer
C. Apply proper forensic techniques

Explanation
When an organization intends to prosecute an attacker after an attack, it is crucial to apply proper forensic techniques. Forensic techniques involve collecting and analyzing digital evidence to identify the attacker, understand the attack methodology, and gather evidence that can be used in legal proceedings. This includes preserving and analyzing logs, examining system files, and conducting network forensics. By applying proper forensic techniques, the organization can ensure that the evidence is admissible in court and increase the chances of successful prosecution. Updating antivirus definitions, disconnecting the network, or restoring missing files may be important steps in incident response, but they do not directly contribute to prosecuting the attacker.

Rate this question:
49.

Which of the following documents specifies the uptime guarantee of a web server?
- A.
  
  Due process
- B.
  
  Due diligence
- C.
  
  Scope of work
- D.
  
  Service level agreement
Correct Answer
D. Service level agreement

Explanation
A Service Level Agreement (SLA) is a document that outlines the expectations and responsibilities of both the service provider and the client. It specifies the quality and level of service that will be provided, including guarantees such as uptime. Therefore, the correct answer is Service Level Agreement as it is the document that specifies the uptime guarantee of a web server.

Rate this question:
50.

Which of the following authentication models uses a time stamp to prevent the risks associated with a replay attack?
- A.
  
  Two-factor authentication
- B.
  
  RADIUS
- C.
  
  LDAP
- D.
  
  Kerberos
Correct Answer
D. Kerberos

Explanation
Kerberos is the correct answer because it uses a time stamp to prevent the risks associated with a replay attack. A replay attack occurs when an attacker intercepts and retransmits a valid data transmission. By using a time stamp, Kerberos ensures that the authentication information is only valid for a specific period of time, making it difficult for an attacker to replay the authentication data and gain unauthorized access.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 21, 2023

Quiz Edited by
ProProfs Editorial Team
May 25, 2010

Quiz Created by
Semarley

CompTIA Security+ Part 4

Which of the following is LEAST effective when hardening an operating system?

Which of the following provides the MOST control when deploying patches?

If a technician wants to know when a computer application is accessing the network, which of the following logs should be reviewed?

All of the following are components of IPSec EXCEPT:

IPSec connection parameters are stored in which of the following?

Which of the following will provide a 128-bit hash?

Which of the following describes a hash algorithms ability to avoid the same output from two guessed inputs?

Which of the following should be included in a forensic toolkit?

Which of the following BEST describes the form used while transferring evidence?

Which of the following is the primary incident response function of a first responder?

Which of the following is the GREATEST problem with low humidity in a server room?

Which of the following protocols is used to unsure secure transmissions on port 443?

When should a technician perform disaster recovery testing?

Which of the following is the BEST backup method to restore the entire operating system and all related software?

How many keys are utilized in symmetric cryptography?

Which of the following terms is BEST associated with public key infrastructure (PKI)?

Which of the following is the LAST step to granting access to specific domain resources?

After an attacker has successfully gained remote access to a server with minimal privileges, which of the following is their next step?

Which of the following should the technician recommend as a way to logically separate various internal networks from each other?

An organization has requested the ability to monitor all network traffic as it traverses their network. Which of the following should a technician implement?

A large amount of viruses have been found on numerous domain workstations. Which of the following should the technician implement?

Which of the following is the MOST difficult security concern to detect when contractors enter a secured facility?

When are port scanners generally used on systems?

The staff must be cross-trained in different functional areas so that fraud can be detected. Which of the following is this an example of?

Human Resources has requested that staff members be moved to different parts of the country into new positions. Which of the following is this an example of?

An administrator is worried about an attacker using a compromised user account to gain administrator access to a system. Which of the following is this an example of?

Which of the following is used to deny authorized users access to services?

An administrator recommends implementing whitelisting, blacklisting, closing-open relays, and strong authentication techniques to a server administrator. Which of the following threats are being addressed?

An administrator is asked to improve the physical security of a data center located inside the office building. The data center already maintains a physical access log and has video surveillance system. Which of the following additional controls could be implemented?

In regards to physical security, which of the following BEST describes an access control system which implements a non-trusted but secure zone immediately outside of the secure zone?

A technician notices delays in mail delivery on the mail server. Which of the following tools could be used to determine the cause of the service degradation?

Penetration testing should only be used once which of the following items is in place?

An administrator recommends that management establish a trusted third party central repository to maintain all employees private keys. Which of the following BEST describes the administrators recommendation?

To combat transaction fraud, a bank has implemented a requirement that all bank customers enter a different, unique code to confirm every transaction. Which of the folowing is the MOST effective method to accomplish this?

All of the following should be identified within the penetration testing scope of work EXCEPT:

Which of the following is the MOST efficient way that an administrator can restrict network access to certain ports enterprise wide?

An administrator is responsible for a server which has been attacked repeatedly in the past. The only recourse has been to reload the server from scratch. Which of the following techniques could be used to decrease the recovery time following an incident?

Validating the users claimed identity is called which of the following?

Which of the following is planted on an infected system and deployed at a predetermined time?

Which of the following allows a user to float a domain registration for a maximum of five days?

According to company policy and administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?

Which of the following is an attack which is launched from multiple zombie machines in attempt to bring down a service?

Which of the following will MOST likely allow an attacker to make a switch function like a hub?

Which of the following is commonly programmed into an application for ease of administration?

Which of the following is a technique used by hackers to identify unsecured wireless network locations to other hackers?

Which of the following authentication models uses a KDC?

Which of the following disaster recovery components is a location that is completely empty, but allows the infrastructure to be built if the live site goes down?

Which of the following should be done if an organization intends to prosecute an attacker once an attack has been completed?

Which of the following documents specifies the uptime guarantee of a web server?

Which of the following authentication models uses a time stamp to prevent the risks associated with a replay attack?