CompTIA Security+ Practice Exam- 2

Security is the most critical issue when making resources available to the new employee, hence it is ideal to make the security policy awareness program a part of the induction program.

All information hosted on a web site is usually available for public users and hence can be categorized as public level data

NTFS supports EFS (Encrypted File System) which allows data stored on a mass storage device to be saved in encrypted format.

Larger the number of bits in a key, more complex it is to decrypt a message.

Applying correct version of patches and applying it as and when required will secure the server to a great extent and reduce on vulnerabilities.

User account and password must be so created and maintained that it must be very difficult for a hacker to guess and break in to the network. Hence these will be governed by the security policies.

The port number 119 must also be blocked.

Gas based fire suppressants can not only put off various sources of fire, it will also not cause the damage that water based suppressant would possibly do on a network site.

POP3 uses port number 110.

The best way to secure stored information on the server is to encrypt the sensitive information by using complex algorithms and securing the passwords and making it inaccessible to hackers.

Hot site is an alternate or a mirror site available for backup and DRP testing.

Putting the ping command on a continuous loop to a given destination IP address can cause that destination end system to hang thus causing the DoS state.

If it is practical and achievable on the network, the best way to implement security on Wireless LAns would be to encrypt passwords as well as data.

Blocking port numbers 20 and 21 on the external interface of the firewall for incoming connections will ensure that no external user will be able to access the FTP service.

Certificate service will be responsible for generating and maintaining certificates.

Super imposing the internal IP address of a network on to your own for the purpose of gaining access to the network is referred to as �IP Masquerading� or �Spoofing�.

Proxy, firewall and Router are all capable of Network Address Translation (NAT). NAT helps to hide internal network IP addresses from the external world.

Circuit level filtering firewall relates to transport/session layers and will hence relate to TCP and UDP. It can make up for the shortcomings of the ultra-simple UDP protocol, wherein the source address is never validated as a function of the protocol. IP spoofing can be rendered much more difficult.

Based on the network policy and the access policy the administrator will be required to design an accurate firewall policy. The Government will have no role to play here.

IETF (Internet Engineering Task Force) is responsible for proposing and developing standards relating to computers, networks and the Internet.

Small range LAN that can afford placement of devices within line of sight may go in for Infrared communication. Remote control devices such as television or home theater sets do also use Infrared. Advanced cellular devices use Infrared for data transfer between themselves and PCs or Printers.

A threat is a probability of an action that will damage the assets of the organization when and if it occurs. It is not a surety of that action in itself.

ECC, RSA, Diffie-Hellman, and El Gamal are all asymmetric systems using public/private keys

MS-CHAP is abbreviation for Microsoft Challenge Handshake Authentication Protocol.

In a three-tier model, the client is the superficial component, the middle server provides the required security and the database server forms the core component. Since the middle level server receives client requests first and then passes it on to the database server, the database server is not directly exposed to the client and is hence the most secure way of hosting the web server.

The number of rounds can range from 0-255 whereas the key size will range from 0-2040 bits.

RADIUS (Remote Access Dial In User Service) is meant for authenticating remote users on a network.

The �Permit any� is the most restrictive statement that can be defined in the firewall. This statement should not be configured on the top of the list ideally as it will over rule any other restriction that may follow this statement.

Digital signatures help to establish that data was not modified during the transmission, hence helping in establishing data integrity.

Incremental is the fastest of the backup methods (since only files that have been modified since last full back up are backed up) , but the slowest of the restore methods.

Packet filtering firewall operates on the network layer of the OSI reference model.

In Public-key cryptography, Public key is used for encryption and Private key is used for decryption.

There is no such algorithm as Caesar�s Cipher. Symmetric algorithm can be categorized into two: Stream and block.

The Certificate Server component that is hosting the Certificate service is responsible for generating certificates. This Certificate Server can be local to the network or can be a third party Certification authority.

To harden the Web server, it is essential that all services running on the server be updated with latest patches as and when required. Resources that should not be accessible to the external user must have the most restrictive permissions. Static files and other resources that are not relevant to external users must not be accessible through URLs.

3DES is a variation of DES and is much slower.

A skillful but non-trust worthy administrator is a potential source for data leakage. An amateur administrator may not assign the access permission as and how required, which is also goes against he security of the database server.

When bulk data needs to be transferred between sites, it is ideal to write it into a CD ROM drive and carry the same.

To exercise brute force attack you will need just a usual configuration computer that is being used everyday by regular users.

The mandatory information required while assigning privilege access in the RBAC model would be the responsibilities attached to the role in the organization that the user has assumed.

As the name suggests, the services or the access to resources may be denied. This is not to say that the resources will themselves stop functioning. Any user who is currently logging in may be denied authentication, or users who are already logged in may not have resources available to them. The entire network connected to the Web Server cannot stop functioning as the network is usually hidden behind the firewall and will not be accessible to the outside world.

It is ideally meant to establish Identity of the sender and receiver of the information and not to encrypt the information. The most practical implementation of digital signatures would be in emails. It is not any encryption standard.

MDA is also a hash algorithm that can be used during encryption. It provides 128-bit hash. Its latest version is MD#5.

The firewall is capable of Nat (Network Address Translation) as well as PAT (Port Address Translation).
MAC is an addressing scheme and DAC is Digital to Analog conversion, which the firewall is not capable of.

Since Cryptography without keys will require just one enciphering program and one deciphering program it may not be as resource intensive as cryptography with keys and may be simpler to implement than cryptography with keys.

Every user must be transparent to the security solutions employed on the network

Ciphertext is a result of strong cryptography. It is meant to be so complex that it is impossible to decode without appropriate decoding tools in spite of using extensive computing capabilities.

Connecting a modem to the switch is the same as connecting it to the PC. Switch is a transparent device on the network and is not intelligent enough to independently drive a modem to perform any function. The PC and the router require a modem for dial up or leased line connectivity to the WAN.

The RADIUS server can be managed by the central administrator or by the administrator who manages the other servers. It need not be configured on the Central server to be centrally manged.

An email client application usually has the client component that is configured with a protocol (POP3) for retrieving mails from an email server.