CompTIA Security+ Practice Exam (3)

1. Which of the following represents the greatest benefit of using S/MIME /Secure Multipurpose Internet Mail Extension)?

It allows users to send encrypted and digitally sign e-mail messages.

It allows users to send anonymous e-mails.

It allows users to send e-mails with a return receipt.

It expedites the delivery of e-mail.

Secure MIME (S/MIME) is a standard used for encrypting e-mail. S/MIME can also contain signature data. S/MIME provides encryption, integrity, and authentication when used in conjunction with PKI.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 368

Explanation

Secure MIME (S/MIME) is a standard used for encrypting e-mail. S/MIME can also contain signature data. S/MIME provides encryption, integrity, and authentication when used in conjunction with PKI.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 368

2. Which of the following can be used to retain connection data, user information, history of sites visited, and can be used by attackers for spoofing an on-line identity?

HTTPS (Hypertext Transfer Protocol over SSL).

Cookies.

HTTP (Hypertext Transfer Protocol)/l.0 Caching.

VCard v3.0.

Cookies were originally developed by Netscape as a convenience feature to save user settings across multiple sites, servers, and webpages. For example, some cookies save passwords and login information so a user doesn't have to enter it every time they visit a page. Since cookies contain valuable information like: user name, IP address, browser, and operating system a hacker can use cookie information for spoofing.

Explanation

Cookies were originally developed by Netscape as a convenience feature to save user settings across multiple sites, servers, and webpages. For example, some cookies save passwords and login information so a user doesn't have to enter it every time they visit a page. Since cookies contain valuable information like: user name, IP address, browser, and operating system a hacker can use cookie information for spoofing.

3. What do you call the action when a person masquerades as a reputable hardware technician in order to pick up a server for repairs?

This is known as a Trojan horse.

This is known as a man-in-the-middle attack.

This is known as a phishing attack.

This is known as social engineering.

Social engineering is the correct answer because it involves manipulating people into performing actions or divulging confidential information. In this scenario, the person is pretending to be a reputable hardware technician to gain access to the server for repairs. This manipulation and deception of the person's identity is characteristic of social engineering tactics. A Trojan horse refers to a type of malicious software, a man-in-the-middle attack involves intercepting communication, and phishing is the act of tricking individuals into revealing sensitive information through deceptive emails or websites.

Explanation

Social engineering is the correct answer because it involves manipulating people into performing actions or divulging confidential information. In this scenario, the person is pretending to be a reputable hardware technician to gain access to the server for repairs. This manipulation and deception of the person's identity is characteristic of social engineering tactics. A Trojan horse refers to a type of malicious software, a man-in-the-middle attack involves intercepting communication, and phishing is the act of tricking individuals into revealing sensitive information through deceptive emails or websites.

4. What is the scenario called that an attacker uses to persuade a user to execute an action to be successful?

This is known as a back door.

This is known as password guessing.

This is known as man-in-the-middle.

This is known as social engineering.

Social engineering is a scenario in which an attacker manipulates and deceives a user to gain unauthorized access or obtain sensitive information. It involves psychological manipulation and exploiting human vulnerabilities rather than technical means. In this case, the attacker persuades the user to execute an action, which ultimately leads to the attacker's success. This can include tactics such as impersonating a trusted individual, creating a sense of urgency, or using persuasive techniques to trick the user into disclosing information or performing actions that they shouldn't.

Explanation

Social engineering is a scenario in which an attacker manipulates and deceives a user to gain unauthorized access or obtain sensitive information. It involves psychological manipulation and exploiting human vulnerabilities rather than technical means. In this case, the attacker persuades the user to execute an action, which ultimately leads to the attacker's success. This can include tactics such as impersonating a trusted individual, creating a sense of urgency, or using persuasive techniques to trick the user into disclosing information or performing actions that they shouldn't.

5. Which types of attachments should be filtered from e-mails to minimize the danger of viruses?

Text files.

Image files.

Sound files.

Executable files.

Many newer viruses spread using email. The infected system includes an attachment to any e-mail that you send to another user. The recipient opens this file thinking it is something you legitimately sent them. When they open the file, the virus infects the target system. Many times the virus is in an executable attachment.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 78

Explanation

Many newer viruses spread using email. The infected system includes an attachment to any e-mail that you send to another user. The recipient opens this file thinking it is something you legitimately sent them. When they open the file, the virus infects the target system. Many times the virus is in an executable attachment.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 78

6. Identify an efficient social engineering defensive strategy?

You should implement training and awareness strategy.

You should implement escorting of guests strategy.

You should implement badge security system strategy.

You should implement marking of documents strategy.

An efficient social engineering defensive strategy involves implementing a training and awareness strategy. This means educating employees about the various tactics used in social engineering attacks and raising their awareness about the potential risks and consequences. By providing training, employees can learn how to identify and respond to social engineering attempts, such as phishing emails or phone calls. This strategy helps to create a vigilant and informed workforce that is less likely to fall victim to social engineering attacks, ultimately enhancing the overall security of the organization.

Explanation

An efficient social engineering defensive strategy involves implementing a training and awareness strategy. This means educating employees about the various tactics used in social engineering attacks and raising their awareness about the potential risks and consequences. By providing training, employees can learn how to identify and respond to social engineering attempts, such as phishing emails or phone calls. This strategy helps to create a vigilant and informed workforce that is less likely to fall victim to social engineering attacks, ultimately enhancing the overall security of the organization.

7. Which of the following is often used to encrypt e-mail messages?

S/MIME

BIND

DES

SSL

Secure MIME (S/MIME) is a standard used for encrypting e-mail. S/MIME can also contain signature data. S/MIME provides encryption, integrity, and authentication when used in conjunction with PKI.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 368

Explanation

Secure MIME (S/MIME) is a standard used for encrypting e-mail. S/MIME can also contain signature data. S/MIME provides encryption, integrity, and authentication when used in conjunction with PKI.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 368

8. What does a web client and server require in order for an SSL (Secure Sockets Layer) connection to be established between them automatically?

A shared password.

A certificate signed by a trusted root CA (Certificate Authority).

An address on the same subnet.

A common operating system.

For an SSL connection to compete, the web client and server should have a trusted certificate to confirm authenticity. A shared password, address on the same subnet, and a common operating system are ludicrous answers because they defy the reason why SSL exists.

Explanation

For an SSL connection to compete, the web client and server should have a trusted certificate to confirm authenticity. A shared password, address on the same subnet, and a common operating system are ludicrous answers because they defy the reason why SSL exists.

9. Which of the following can be used to track a user's browsing habits on the Internet?

Digital certificates

Cookies

ActiveX controls

Web server cache

Cookies are text files that a browser maintains on the user's hard disk. A cookie will typically contain information about the user. Cookies are used to provide persistent, customized web experience for each visit. Cookies do contain username and passwords for each site you visit or login into. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 135

Explanation

Cookies are text files that a browser maintains on the user's hard disk. A cookie will typically contain information about the user. Cookies are used to provide persistent, customized web experience for each visit. Cookies do contain username and passwords for each site you visit or login into. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 135

10. What does the security administrator wants to prevent by ensuring that the users' password cannot be seen by passersby?

The security administrator wants to stop a man-in-the-middle attack.

The security administrator wants to stop shoulder surfing.

The security administrator wants to stop dumpster diving.

The security administrator wants to stop phishing.

The security administrator wants to prevent users' passwords from being seen by passersby in order to stop shoulder surfing. Shoulder surfing is a form of attack where an individual tries to obtain sensitive information, such as passwords, by looking over someone's shoulder while they are entering it. By ensuring that passwords cannot be seen by passersby, the security administrator can mitigate the risk of unauthorized individuals gaining access to user accounts.

Explanation

The security administrator wants to prevent users' passwords from being seen by passersby in order to stop shoulder surfing. Shoulder surfing is a form of attack where an individual tries to obtain sensitive information, such as passwords, by looking over someone's shoulder while they are entering it. By ensuring that passwords cannot be seen by passersby, the security administrator can mitigate the risk of unauthorized individuals gaining access to user accounts.

11. You are in the process of auditing the security position of the company and detect that users are able to access the accounting data of the company. How can this be solved?

You have to implement a host based intrusion detection system to address this problem.

You have to ensure that the user rights and security groups are changed.

You have to implement a host based intrusion prevention system to address this problem.

You have to ensure that the file level audit settings are changed.

To solve the issue of users accessing the accounting data of the company, it is necessary to change the user rights and security groups. By modifying the permissions and access levels of users, unauthorized individuals will no longer be able to access the sensitive accounting data. This solution focuses on managing user privileges and restricting access to sensitive information, effectively mitigating the security vulnerability identified during the audit. Implementing a host-based intrusion detection system, host-based intrusion prevention system, or changing file level audit settings would not directly address the problem of unauthorized access to accounting data.

Explanation

To solve the issue of users accessing the accounting data of the company, it is necessary to change the user rights and security groups. By modifying the permissions and access levels of users, unauthorized individuals will no longer be able to access the sensitive accounting data. This solution focuses on managing user privileges and restricting access to sensitive information, effectively mitigating the security vulnerability identified during the audit. Implementing a host-based intrusion detection system, host-based intrusion prevention system, or changing file level audit settings would not directly address the problem of unauthorized access to accounting data.

12. Which of the following are VPN (Virtual Private Network) tunneling protocols? (Choose two)

PPP (Point-to-Point Protocol).

SLIP (Serial Line Internet Protocol).

L2TP (Layer Two Tunneling Protocol).

SMTP (Simple Mail Transfer Protocol).

PPTP (Point-to-Point Tunneling Protocol).

PPTP and L2TP are both VPN tunneling protocols. L2TP is more sophisticated and gaining more popularity. Incorrect answers: PPP is an encapsulation protocol usually associate with ISDN and SLIP s an old protocol used for direct serial line connections between two computers.

Explanation

PPTP and L2TP are both VPN tunneling protocols. L2TP is more sophisticated and gaining more popularity. Incorrect answers: PPP is an encapsulation protocol usually associate with ISDN and SLIP s an old protocol used for direct serial line connections between two computers.

Submit

13. Which of the following steps in the SSL (Secure Socket Layer) protocol allows for client and server authentication, MAC (Mandatory Access Control) and encryption algorithm negotiation, and selection of cryptographic keys?

SSL (Secure Sockets Layer) alert protocol.

SSL (Secure Sockets Layer) change cipher spec protocol.

SSL (Secure Sockets Layer) record protocol.

SSL (Secure Sockets Layer) handshake protocol.

SSL Handshake Protocol
* runs before any application data is transmitted
* provides mutual authentication
* establishes secret encryption keys
* establishes secret MAC keys

Explanation

SSL Handshake Protocol
* runs before any application data is transmitted
* provides mutual authentication
* establishes secret encryption keys
* establishes secret MAC keys

14. Which of the following protocols is used to secure web transactions?

S/MIME (Secure Multipurpose Internet Mail Extensions)

XML (Extensible Makeup Language)

SSL (Secure Sockets Layer)

SMTP (Simple Mail Transfer Protocol)

The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 365

Explanation

The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 365

15. Which of the following can be used to create a VPN (Virtual Private Network)?

PPP (Point-to-Point Protocol).

PPTP (Point-to-Point Tunneling Protocol).

SLIP (Serial Line Internet Protocol).

ESLIP (Encrypted Serial Line Internet Protocol).

Point to point tunneling protocol was originally proposed by Microsoft and its associates and it works by embedding its very own network protocol within the TCP/IP packets.

Explanation

Point to point tunneling protocol was originally proposed by Microsoft and its associates and it works by embedding its very own network protocol within the TCP/IP packets.

16. What is clearance into a confidential section known as that only permit access to certain data within that section?

It is known as dual control.

It is known as need to know.

It is known as separation of duties.

It is known as acceptable use.

The term "need to know" refers to the principle that individuals are only granted access to confidential information if they have a legitimate need for it in order to perform their job responsibilities. This principle ensures that sensitive data is only shared with those who require it and helps to minimize the risk of unauthorized access or data breaches. Dual control, separation of duties, and acceptable use are all important concepts in information security, but they do not specifically address the idea of limiting access to certain data within a confidential section.

Explanation

The term "need to know" refers to the principle that individuals are only granted access to confidential information if they have a legitimate need for it in order to perform their job responsibilities. This principle ensures that sensitive data is only shared with those who require it and helps to minimize the risk of unauthorized access or data breaches. Dual control, separation of duties, and acceptable use are all important concepts in information security, but they do not specifically address the idea of limiting access to certain data within a confidential section.

17. Which of the following can be used to exploit the clear text nature of an Instant-Messaging session?

Packet sniffing.

Port scanning.

Cryptanalysis.

Reverse engineering.

Since only clear unencrypted text is being sent across the world through multitudes of WAN equipment and routers; it is easy for someone to sniff your conversation and eavesdrop on every single word you type.

Explanation

Since only clear unencrypted text is being sent across the world through multitudes of WAN equipment and routers; it is easy for someone to sniff your conversation and eavesdrop on every single word you type.

18. What can an attacker can determine which network services are enabled on a target system?

Installing a rootkit on the target system.

Checking the services file.

Enabling logging on the target system.

Running a port scan against the target system.

A TCP/IP network makes many of the ports available to outside users through the router. These ports will respond in a predictable manner when queried. An attacker can systematically query a network to determine which services and ports are open. This process is called port scanning, and it can reveal a great deal about your network. Port scans can be performed both internally and externally. Many routers, unless configured appropriately, will let all of the protocols pass through them.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 69

Explanation

A TCP/IP network makes many of the ports available to outside users through the router. These ports will respond in a predictable manner when queried. An attacker can systematically query a network to determine which services and ports are open. This process is called port scanning, and it can reveal a great deal about your network. Port scans can be performed both internally and externally. Many routers, unless configured appropriately, will let all of the protocols pass through them.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 69

19. Where would a social engineering attack be most efficient? (Choose TWO)

It will be efficient in an environment with a help desk whose personnel have a little training.

It will be efficient in an environment with committed information technology (IT) security staff.

It will be efficient in a public building that contains shared office space.

It will be efficient in a military facility with computer equipment containing biometrics.

It will be efficient in a locked, windowless building.

A social engineering attack involves manipulating individuals to gain unauthorized access to sensitive information or systems. In an environment with a help desk whose personnel have little training, attackers can exploit the lack of knowledge and easily deceive or manipulate the employees to obtain sensitive information. Similarly, in a public building with shared office space, there is a higher likelihood of encountering individuals who may be less cautious about security protocols, making it easier for attackers to exploit vulnerabilities and gain access to confidential information.

Explanation

A social engineering attack involves manipulating individuals to gain unauthorized access to sensitive information or systems. In an environment with a help desk whose personnel have little training, attackers can exploit the lack of knowledge and easily deceive or manipulate the employees to obtain sensitive information. Similarly, in a public building with shared office space, there is a higher likelihood of encountering individuals who may be less cautious about security protocols, making it easier for attackers to exploit vulnerabilities and gain access to confidential information.

Submit

20. A stranger enters the head offices of Certkiller .com pretending to be a communications technician. A packet sniffer is then connected to the network switch in the wiring closet and hidden behind the switch against a wall. This process is known as?

It is an example of social engineering

It is an example of a vulnerability scan.

It is an example of a man in the middle attack.

It is an example of a penetration test.

The scenario described in the question involves a stranger entering the premises and pretending to be a communications technician in order to gain unauthorized access to the network. This manipulation of human behavior and trust is known as social engineering. Social engineering involves exploiting psychological manipulation techniques to deceive individuals into divulging confidential information or granting unauthorized access to systems. In this case, the stranger is using social engineering tactics to gain access to the network by pretending to be someone they are not.

Explanation

The scenario described in the question involves a stranger entering the premises and pretending to be a communications technician in order to gain unauthorized access to the network. This manipulation of human behavior and trust is known as social engineering. Social engineering involves exploiting psychological manipulation techniques to deceive individuals into divulging confidential information or granting unauthorized access to systems. In this case, the stranger is using social engineering tactics to gain access to the network by pretending to be someone they are not.

21. On a firewall, which ports must be open in order to support SSH (Secure Shell)?

TCP (Transmission Control Protocol) port 22

UDP (User Datagram Protocol) port 69

TCP (Transmission Control Protocol) port 179

UDP (User Datagram Protocol) port 17

SSH uses port 22 and TCP for connections.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 127

Explanation

SSH uses port 22 and TCP for connections.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 127

22. What is the biggest benefit to using RADIUS (Remote Authentication Dial-in User Service) for a multi-site VPN (Virtual Private Network) that supports a large number of remote users?

RADIUS (Remote Authentication Dial-in User Service) provides for a centralized user database.

RADIUS (Remote Authentication Dial-in User Service) provides for a decentralized user database.

No user database is required with RADIUS (Remote Authentication Dial-in User Service).

User database is replicated and stored locally on all remote systems.

Since RADIUS keeps its credentials and keys in a centralized database, it's ideal for a large population of remote users. RADIUS authenticates the dial-in user by means of a private symmetric key; and stores a user profile to grant user authorization.

Explanation

Since RADIUS keeps its credentials and keys in a centralized database, it's ideal for a large population of remote users. RADIUS authenticates the dial-in user by means of a private symmetric key; and stores a user profile to grant user authorization.

23. Which of the following is an alternative to using telnet?

DES (Data Encryption Standard).

S-Telnet.

SSH (Secure Shell).

PKI (Public Key Infrastructure).

Secure Shell is like telnet in the sense that an administrator may enter commands into a remote server, except that it uses an encrypted and authenticated connection [(RSA) cryptography for connection and authentication; and IDEA, Blowfish, or DES for data stream encryption.] instead of Telnet's cleartext.

Explanation

Secure Shell is like telnet in the sense that an administrator may enter commands into a remote server, except that it uses an encrypted and authenticated connection [(RSA) cryptography for connection and authentication; and IDEA, Blowfish, or DES for data stream encryption.] instead of Telnet's cleartext.

24. What should be installed for HTTPS in order to function properly on a web site?

You should install a security token.

You should install a Symmetric key.

You should install a Digital certificate.

You should install a 3DES encryption.

A digital certificate is required for HTTPS to function properly on a website. A digital certificate is a type of security credential that verifies the authenticity of a website and enables secure communication between the website and the user's browser. It contains information about the website, such as its domain name and public key, and is issued by a trusted certificate authority. The digital certificate ensures that the website is legitimate and that the data transmitted between the website and the user is encrypted and secure.

Explanation

A digital certificate is required for HTTPS to function properly on a website. A digital certificate is a type of security credential that verifies the authenticity of a website and enables secure communication between the website and the user's browser. It contains information about the website, such as its domain name and public key, and is issued by a trusted certificate authority. The digital certificate ensures that the website is legitimate and that the data transmitted between the website and the user is encrypted and secure.

25. Which of the following can be used to authenticate and encrypt IP (Internet Protocol) traffic?

ESP (Encapsulating Security Payload)

S/MIME (Secure Multipurpose Internet Mail Extensions)

IPSec (Internet Protocol Security)

IPv2 (Internet Protocol version 2)

IPSec provides secure authentication and encryption of data and headers. IPSec can work in tunneling mode or transport mode. In tunneling mode, the data or payload and message headers are encrypted. Transport mode encrypts only the payload. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 127

Explanation

IPSec provides secure authentication and encryption of data and headers. IPSec can work in tunneling mode or transport mode. In tunneling mode, the data or payload and message headers are encrypted. Transport mode encrypts only the payload. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 127

26. What can be used to make the information unreadable to those who don't have the correct key?

Non-repudiation protects the confidentiality of data.

Encryption protects the confidentiality of data.

Hashing protects the confidentiality of data

Digital signatures protect the confidentiality of data.

Encryption is a method used to convert readable data into unreadable form, known as ciphertext, using an encryption algorithm and a key. Only individuals with the correct key can decrypt the ciphertext and convert it back into its original, readable form. Therefore, encryption is used to make the information unreadable to those who don't have the correct key, ensuring the confidentiality of data.

Explanation

Encryption is a method used to convert readable data into unreadable form, known as ciphertext, using an encryption algorithm and a key. Only individuals with the correct key can decrypt the ciphertext and convert it back into its original, readable form. Therefore, encryption is used to make the information unreadable to those who don't have the correct key, ensuring the confidentiality of data.

27. What can be done to stop the malicious code being carried out in e-mail clients?

You can ensure that regular updates are executed.

You can ensure that the preview screens are disabled.

You can ensure that the spam and anti-virus filters are used.

You can ensure that the e-mail client characteristics are disabled.

Regular updates, disabling preview screens, and disabling e-mail client characteristics may help in preventing some forms of malicious code, but the most effective measure to stop malicious code in e-mail clients is to use spam and anti-virus filters. These filters can identify and block potentially harmful emails, attachments, or links, reducing the risk of malware infections or other security threats.

Explanation

Regular updates, disabling preview screens, and disabling e-mail client characteristics may help in preventing some forms of malicious code, but the most effective measure to stop malicious code in e-mail clients is to use spam and anti-virus filters. These filters can identify and block potentially harmful emails, attachments, or links, reducing the risk of malware infections or other security threats.

28. What is the main DISADVANTAGE of using a third party mail relay?

Spammers can utilize the relay.

The relay limits access to specific users.

The relay restricts the types of e-mail that maybe sent.

The relay restricts spammers from gaining access.

Using a third party email relay can put you in an advantage of getting unnecessary spam. Anyone on the internet can relay an unsolicited email through an SMTP server, and the message will appear to be legitimate coming from the email server, and it makes it much more difficult to trace the spammer.

Explanation

Using a third party email relay can put you in an advantage of getting unnecessary spam. Anyone on the internet can relay an unsolicited email through an SMTP server, and the message will appear to be legitimate coming from the email server, and it makes it much more difficult to trace the spammer.

29. Which of the following are used to prove where ActiveX controls originated from?

Encryption.

Their location on the web server.

SSL (Secure Sockets Layer).

Digital signatures.

ActiveX controls are digitally signed with an Authenticode signature, verified by a Certificate Authority. The controls are restricted by that signature only, not by the web browser settings.

Explanation

ActiveX controls are digitally signed with an Authenticode signature, verified by a Certificate Authority. The controls are restricted by that signature only, not by the web browser settings.

30. On a firewall, which ports must be open in order to support SSL (Secure Sockets Layer)?

UDP (User Datagram Protocol) transport layer protocol and port 80

TCP (Transmission Control Protocol) transport layer protocol and port 80

TCP (Transmission Control Protocol) transport layer protocol and port 443

UDP (User Datagram Protocol) transport layer protocol and port 69

Secure Sockets Layer is secure, so it would be natural to assume that it uses the connection orientated TCP instead of UDP. Secondly, TCP port 80 is HTTP, which stands for (hyper text transfer protocol) TCP port 443 is HTTPS which stands for hyper text transfer protocol over secure socket layer'

Explanation

Secure Sockets Layer is secure, so it would be natural to assume that it uses the connection orientated TCP instead of UDP. Secondly, TCP port 80 is HTTP, which stands for (hyper text transfer protocol) TCP port 443 is HTTPS which stands for hyper text transfer protocol over secure socket layer'

31. With regard to viruses and hoaxes, which of the following is TRUE? (Choose the best answer)

Hoaxes can create as much damage as a real virus.

Hoaxes are harmless pranks and should be ignored

Hoaxes can help educate user about a virus.

Hoaxes carry a malicious payload and can be destructive.

Hoaxes do have the possibility of causing as much damage as viruses. Many hoaxes instruct the recipient to forward the message to everyone that they know and thus causes network congestion and heavy e-mail activity. Hoaxes also often instruct the user to delete files on their computer that may cause their computer or a program to quit functioning.

Explanation

Hoaxes do have the possibility of causing as much damage as viruses. Many hoaxes instruct the recipient to forward the message to everyone that they know and thus causes network congestion and heavy e-mail activity. Hoaxes also often instruct the user to delete files on their computer that may cause their computer or a program to quit functioning.

32. Which of the following is the primary attribute associated with e-mail hoaxes?

E-mail hoaxes create unnecessary e-mail traffic and panic in non-technical users.

E-mail hoaxes take up large amounts of server disk space.

E-mail hoaxes can cause buffer overflows on the e-mail server.

E-mail hoaxes can encourage malicious users.

Although answer choices B,C,D have a degree of truth to them; the BEST answer is A. Email hoaxes often create unnecessary traffic because they ask users to forward an email to everyone in address book, and whether it is a computer virus or a blind, crippled, starving, cancer victim child suffering from Herpes it creates undue panic and emotion in the work setting.

Explanation

Although answer choices B,C,D have a degree of truth to them; the BEST answer is A. Email hoaxes often create unnecessary traffic because they ask users to forward an email to everyone in address book, and whether it is a computer virus or a blind, crippled, starving, cancer victim child suffering from Herpes it creates undue panic and emotion in the work setting.

33. What will the SSL (Secure Sockets Layer) enabled server do first when a user clicks to browse a secure page?

Use its digital certificate to establish its identity to the browser.

Validate the user by checking the CRL (Certificate Revocation List).

Request the user to produce the CRL (Certificate Revocation List).

Display the requested page on the browser, then provide its IP (Internet Protocol) address for verification

The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 365

Explanation

The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 365

34. Which of the following is responsible for displaying an install dialog box for an ActiveX component?

The user's browser setting.

The meta tag.

The condition of the sandbox.

The negotiation between the client and the server.

ActiveX components are downloaded to the client hard disk, potentially allowing additional security breaches. Web browsers can be configured so that they require confirmation to accept an ActiveX control.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 135

Explanation

ActiveX components are downloaded to the client hard disk, potentially allowing additional security breaches. Web browsers can be configured so that they require confirmation to accept an ActiveX control.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 135

35. What is a possible cause of an SMTP server being the source of e-mail spam in a company?

A possible cause could be that the administrator account was not protected.

A possible cause could be that the remote access to the install directory of the e-mail applications was not removed.

A possible cause could be that anonymous relays have not been disabled.

A possible cause could be that the X.400 connectors have not been password protected.

A possible cause of an SMTP server being the source of e-mail spam in a company could be that anonymous relays have not been disabled. This means that anyone, including spammers, can use the server to send emails without authentication. By disabling anonymous relays, the server would require authentication for sending emails, reducing the risk of spam being sent through the server.

Explanation

A possible cause of an SMTP server being the source of e-mail spam in a company could be that anonymous relays have not been disabled. This means that anyone, including spammers, can use the server to send emails without authentication. By disabling anonymous relays, the server would require authentication for sending emails, reducing the risk of spam being sent through the server.

36. What type of port scan is used to determine which ports are in a listening state and then performs a two way handshake?

TCP (transmission Control Protocol) SYN (Synchronize) scan

TCP (transmission Control Protocol) connect scan

TCP (transmission Control Protocol) fin scan

TCP (transmission Control Protocol) null scan

In SYN scanning, a TCP SYN packet is sent to the port(s) to be scanned. If the port responds with a TCP SYN ACK packet, then the port is listening. If it replies with a TCP RST packet, then it is not.

Explanation

In SYN scanning, a TCP SYN packet is sent to the port(s) to be scanned. If the port responds with a TCP SYN ACK packet, then the port is listening. If it replies with a TCP RST packet, then it is not.

37. Which of the following defines the ability to verify that an e-mail message received has not been modified in transit?

Authorization

Non-repudiation

Integrity

Cryptographic mapping

Integrity defines the ability to verify that an e-mail message received has not been modified in transit. This means that the message has not been altered or tampered with during transmission. Integrity ensures that the content of the email remains intact and unchanged from the moment it was sent to the moment it was received. It is an important aspect of email security to ensure that the information being communicated is reliable and trustworthy.

Explanation

Integrity defines the ability to verify that an e-mail message received has not been modified in transit. This means that the message has not been altered or tampered with during transmission. Integrity ensures that the content of the email remains intact and unchanged from the moment it was sent to the moment it was received. It is an important aspect of email security to ensure that the information being communicated is reliable and trustworthy.

38. Which of the following is the greatest vulnerability of using Instant Messaging clients?

Theft of root user credentials.

Disconnection from the file server.

Hostile code delivered by file transfer.

Slow Internet connections.

Loss of email privileges.

IM clients can also be compromised by malicious code, Trojan Horse programs, and traditional DoS attacks. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 197

Explanation

IM clients can also be compromised by malicious code, Trojan Horse programs, and traditional DoS attacks. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 197

39. Identify the logs that will illustrate the unapproved usage attempts after the implementation of a file audit?

The Application will show the usage attempts that are not approved.

The Performance will show the usage attempts that are not approved.

The System will show the usage attempts that are not approved.

The Security will show the usage attempts that are not approved.

The Security logs will provide information about the usage attempts that are not approved. These logs specifically focus on security-related events and activities, such as unauthorized access attempts or violations of security policies. Therefore, they are the most relevant logs to identify unapproved usage attempts after the implementation of a file audit.

Explanation

The Security logs will provide information about the usage attempts that are not approved. These logs specifically focus on security-related events and activities, such as unauthorized access attempts or violations of security policies. Therefore, they are the most relevant logs to identify unapproved usage attempts after the implementation of a file audit.

40. Identify the step that is often disregarded during an auditing process?

Auditing all system events is frequently disregarded.

Permitting auditing on the system is frequently disregarded.

Deciding the events that need to be audit is frequently disregarded.

Regularly reviewing event logs is frequently disregarded.

During an auditing process, one step that is often disregarded is regularly reviewing event logs. Event logs contain important information about system activities and can provide valuable insights into any potential security breaches or unauthorized access. However, due to time constraints or lack of awareness, many auditors fail to regularly review these logs. This oversight can lead to missed opportunities to identify and address security issues, making it a common step that is disregarded during the auditing process.

Explanation

During an auditing process, one step that is often disregarded is regularly reviewing event logs. Event logs contain important information about system activities and can provide valuable insights into any potential security breaches or unauthorized access. However, due to time constraints or lack of awareness, many auditors fail to regularly review these logs. This oversight can lead to missed opportunities to identify and address security issues, making it a common step that is disregarded during the auditing process.

41. With which privileges are ActiveX control executed?

Current user account

Administrator account

Guest account

System account

When you're online and you execute an ActiveX control; the only thing that can control it, are the individual user settings of the current user.

Explanation

When you're online and you execute an ActiveX control; the only thing that can control it, are the individual user settings of the current user.

42. Identify the series of steps in the auditing process?

You should consider enabling auditing. Then you can set auditing to record the events.

You should consider enabling auditing. Then you can set auditing on the object and respond as alerts are generated.

You should consider setting auditing on the object and respond as alerts are produced.

You should consider enabling auditing. Then you can set auditing on objects and review event logs.

The correct answer is to consider enabling auditing, setting auditing on objects, and reviewing event logs. This series of steps ensures that auditing is enabled, events are recorded, and alerts are generated. By reviewing the event logs, any suspicious activities or security breaches can be identified and appropriate actions can be taken.

Explanation

The correct answer is to consider enabling auditing, setting auditing on objects, and reviewing event logs. This series of steps ensures that auditing is enabled, events are recorded, and alerts are generated. By reviewing the event logs, any suspicious activities or security breaches can be identified and appropriate actions can be taken.

43. Which of the following is a possible technical impact of receiving large quantifies of spam?

DoS (Denial of Service).

Processor under utilization.

Reduction in hard drive space requirements.

Increased network throughput.

In systems where no email filters are set up, it is possible for some users to receive over a hundred unsolicited emails a day! If every user on a network received that much email, the human time necessary to sort through those emails will be Herculean. The system resources required to: process, download, and store such email can potentially reduce a networks availability to zero; thus denying service.

Explanation

In systems where no email filters are set up, it is possible for some users to receive over a hundred unsolicited emails a day! If every user on a network received that much email, the human time necessary to sort through those emails will be Herculean. The system resources required to: process, download, and store such email can potentially reduce a networks availability to zero; thus denying service.

44. Which of the following protocols is used to encrypt traffic between a web browser and web server?

IPSec (Internet Protocol Security)

HTTP (Hypertext Transfer Protocol)

SSL (Secure Sockets Layer)

VPN (Virtual Private Network)

The Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 365

Explanation

The Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 365

45. Certkiller .com makes use of remote users to connect securely from their homes to the company network. Identify the encryption technology that will ensure that you are able to connect securely to the network?

The PPTP will enable a secure connection.

The IPSec will enable a secure connection.

The PPPoE will enable a secure connection.

The L2TP will enable a secure connection.

The correct answer is "The IPSec will enable a secure connection." IPSec (Internet Protocol Security) is a widely-used encryption technology that provides secure communication over the internet. It ensures the confidentiality, integrity, and authenticity of data transmitted between remote users and the company network. PPTP (Point-to-Point Tunneling Protocol), PPPoE (Point-to-Point Protocol over Ethernet), and L2TP (Layer 2 Tunneling Protocol) are also used for secure connections, but IPSec is considered more secure and reliable.

Explanation

The correct answer is "The IPSec will enable a secure connection." IPSec (Internet Protocol Security) is a widely-used encryption technology that provides secure communication over the internet. It ensures the confidentiality, integrity, and authenticity of data transmitted between remote users and the company network. PPTP (Point-to-Point Tunneling Protocol), PPPoE (Point-to-Point Protocol over Ethernet), and L2TP (Layer 2 Tunneling Protocol) are also used for secure connections, but IPSec is considered more secure and reliable.

46. Evaluating cryptographic hash functions of system executables, configuration files and log files illustrates which process?

You should identify stateful packet filtering.

You should identify host based intrusion detection.

You should identify network based intrusion detection.

You should identify file integrity auditing.

The process of evaluating cryptographic hash functions of system executables, configuration files, and log files is known as file integrity auditing. This process involves calculating and comparing hash values of files to ensure that they have not been tampered with or modified. By identifying file integrity auditing as the correct answer, it suggests that this process is specifically focused on verifying the integrity of files rather than other security measures such as stateful packet filtering, host-based intrusion detection, or network-based intrusion detection.

Explanation

The process of evaluating cryptographic hash functions of system executables, configuration files, and log files is known as file integrity auditing. This process involves calculating and comparing hash values of files to ensure that they have not been tampered with or modified. By identifying file integrity auditing as the correct answer, it suggests that this process is specifically focused on verifying the integrity of files rather than other security measures such as stateful packet filtering, host-based intrusion detection, or network-based intrusion detection.

47. Which of the following are VPN (Virtual Private Network) tunneling protocols?

IPSec (Internet Protocol Security), L2TP (Layer Two Tunneling Protocol), and SSL (Secure Sockets Layer)

IPSec (Internet Protocol Security), L2TP (Layer Two Tunneling Protocol), and PPP (Point-to-Point Protocol)

L2TP (Layer Two Tunneling Protocol), PPTP (Point-to-Point Tunneling Protocol), and SSL (Secure Sockets Layer)

PPTP (Point-to-Point Tunneling Protocol), L2TP (Layer Two Tunneling Protocol), and IPSec (Internet Protocol Security)

It's obvious that L2TP and PPTP are tunneling protocols because the word tunneling is in the acronyms for their name, but IPSec is also considered a tunneling protocol because it creates a secure tunnel connection.

Explanation

It's obvious that L2TP and PPTP are tunneling protocols because the word tunneling is in the acronyms for their name, but IPSec is also considered a tunneling protocol because it creates a secure tunnel connection.

48. On a firewall, which ports must be open in order to support e-mail communication using SMTP (Simple Mail Transfer Protocol)?

TCP (Transmission Control Protocol) port 110 to all inbound and outbound connections.

UDP (User Datagram Protocol) port 110 to all inbound connections.

UDP (User Datagram Protocol) port 25 to all inbound connections

TCP (Transmission Control Protocol) port 25 to all inbound and outbound connections.

TCP port 25 is reserved for SMTP while port 110 is for POP3.

Explanation

TCP port 25 is reserved for SMTP while port 110 is for POP3.

49. Which security does L2TP tunneling reply on?

It will reply on L2F.

It will reply on IPSec.

It will reply on SSH.

It will reply on SSL.

L2TP (Layer 2 Tunneling Protocol) tunneling relies on IPSec (Internet Protocol Security) for security. IPSec provides encryption and authentication for the data transmitted over the L2TP tunnel, ensuring the confidentiality and integrity of the communication. SSH (Secure Shell) and SSL (Secure Sockets Layer) are also security protocols, but they are not specifically used for L2TP tunneling. Therefore, the correct answer is that L2TP tunneling relies on IPSec for security.

Explanation

L2TP (Layer 2 Tunneling Protocol) tunneling relies on IPSec (Internet Protocol Security) for security. IPSec provides encryption and authentication for the data transmitted over the L2TP tunnel, ensuring the confidentiality and integrity of the communication. SSH (Secure Shell) and SSL (Secure Sockets Layer) are also security protocols, but they are not specifically used for L2TP tunneling. Therefore, the correct answer is that L2TP tunneling relies on IPSec for security.

50. What is the purpose of S/MIME (Secure Multipurpose Internet Mail Extensions)?

To encrypt user names and profiles to ensure privacy

To encrypt messages and files

To encrypt network sessions acting as a VPN (Virtual Private Network) client

To automatically encrypt all outbound messages

Secure MIME (S/MIME) is a standard used for encrypting e-mail. S/MIME can also contain signature data. S/MIME provides encryption, integrity, and authentication when used in conjunction with PKI. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 368

Explanation

Secure MIME (S/MIME) is a standard used for encrypting e-mail. S/MIME can also contain signature data. S/MIME provides encryption, integrity, and authentication when used in conjunction with PKI. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 368

51. Which of the following would best protect the confidentiality and integrity of an e-mail message?

IPSec (Internet Protocol Security)

SHA-1 (Secure Hashing Algorithm 1)

Digital signature

S/MIME (Secure Multipurpose Internet Mail Extensions)

S/MIME (Secure Multipurpose Internet Mail Extensions) would best protect the confidentiality and integrity of an e-mail message. S/MIME is a protocol that adds an extra layer of security to email communications by encrypting the message content and attachments, ensuring that only the intended recipient can decrypt and read the message. It also provides digital signatures, which verify the authenticity and integrity of the message, ensuring that it has not been tampered with during transit. This combination of encryption and digital signatures makes S/MIME an effective solution for protecting the confidentiality and integrity of email messages.

Explanation

S/MIME (Secure Multipurpose Internet Mail Extensions) would best protect the confidentiality and integrity of an e-mail message. S/MIME is a protocol that adds an extra layer of security to email communications by encrypting the message content and attachments, ensuring that only the intended recipient can decrypt and read the message. It also provides digital signatures, which verify the authenticity and integrity of the message, ensuring that it has not been tampered with during transit. This combination of encryption and digital signatures makes S/MIME an effective solution for protecting the confidentiality and integrity of email messages.

52. You work as the security administrator at Certkiller .com. During routine monitoring you detect an increase in the integer of spam e-mails. You receive a complaint from several users stating that the problem is escalating even though they are unsubscribed from the lists. Why the problem persisting?

The problem persists since unsubscribe requests confirms e-mail addresses.

The problem persists since the e-mails include a disclaimer.

The problem persists since the spam blocker software has to be updated.

The problem persists since the e-mails are not properly deleted.

The problem persists because unsubscribe requests confirm e-mail addresses. When users unsubscribe from a spam e-mail list, they often have to click on a link or reply to the e-mail. This action confirms to the sender that the e-mail address is active and valid, making it more likely to receive additional spam e-mails. Therefore, even though the users have unsubscribed, the problem continues because their actions have inadvertently confirmed their e-mail addresses to the spammers.

Explanation

The problem persists because unsubscribe requests confirm e-mail addresses. When users unsubscribe from a spam e-mail list, they often have to click on a link or reply to the e-mail. This action confirms to the sender that the e-mail address is active and valid, making it more likely to receive additional spam e-mails. Therefore, even though the users have unsubscribed, the problem continues because their actions have inadvertently confirmed their e-mail addresses to the spammers.

53. Which of the following allows secure access to a web page, regardless of the browser type or vendor?

Certificates with SSL (Secure Sockets Layer).

Integrated web with NOS (Network Operating System) security.

SSL (Secure Sockets Layer) only.

None of the above.

Regardless of whether or not you use Netscape Navigator or Microsoft Internet Explorer, if you come across a page with a security certificate and an SSL connection (most likely for banking, investments, or purchases) you will have secure access.

Explanation

Regardless of whether or not you use Netscape Navigator or Microsoft Internet Explorer, if you come across a page with a security certificate and an SSL connection (most likely for banking, investments, or purchases) you will have secure access.

54. Which of the following is Instant Messaging most vulnerable to?

DoS (Denial of Service).

Fraud.

Stability.

Sniffing.

Since instant messenger conversations are sent unencrypted (in clear-text) it's very easy for someone to use a sniffer on the line to eavesdrop on the entire conversation.

Explanation

Since instant messenger conversations are sent unencrypted (in clear-text) it's very easy for someone to use a sniffer on the line to eavesdrop on the entire conversation.

55. What should you do to ensure that users do not unintentionally download malicious code from the Internet websites?

You should ensure that a policy is implemented to reduce the problem.

You should ensure that the unauthorized ActiveX controls are disabled.

You should ensure that a NIDS is installed on the network.

You should ensure that Java virtual machines are used to minimize impact.

To ensure that users do not unintentionally download malicious code from the Internet websites, it is important to disable unauthorized ActiveX controls. ActiveX controls are a type of software component that can be downloaded and executed by web browsers, and they can pose a security risk if they are not properly vetted and authorized. By disabling unauthorized ActiveX controls, the potential for users to download and execute malicious code is significantly reduced, thereby enhancing the overall security of the system.

Explanation

To ensure that users do not unintentionally download malicious code from the Internet websites, it is important to disable unauthorized ActiveX controls. ActiveX controls are a type of software component that can be downloaded and executed by web browsers, and they can pose a security risk if they are not properly vetted and authorized. By disabling unauthorized ActiveX controls, the potential for users to download and execute malicious code is significantly reduced, thereby enhancing the overall security of the system.

56. In addition to opening the appropriate L2TP (Layer Two Tunneling Protocol) and IKE (Internet Key Exchange) transport layer ports on the perimeter router and firewall, what steps must be performed on the perimeter router and firewall to allow AH (Authentication Header) and ESP (Encapsulating Security Payload) tunnel-encapsulated IPSec (Internet Protocol Security) traffic to flow between a client and the firewall?

The most secure firewall configuration is one in which the firewall permits only IKE and IPSec traffic to flow between the specific IP addresses of the peers. However, if these addresses are not static, or if there are many addresses, a less secure configuration might be required to permit IPSec and IKE traffic to flow between subnets. When a firewall or filtering router exists between IPSec peers, it must be configured to forward IPSec traffic on UDP source and destination port 500, IP protocol 50 (ESP), or IP protocol 51 (AH). Reference: http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=

Explanation

The most secure firewall configuration is one in which the firewall permits only IKE and IPSec traffic to flow between the specific IP addresses of the peers. However, if these addresses are not static, or if there are many addresses, a less secure configuration might be required to permit IPSec and IKE traffic to flow between subnets. When a firewall or filtering router exists between IPSec peers, it must be configured to forward IPSec traffic on UDP source and destination port 500, IP protocol 50 (ESP), or IP protocol 51 (AH). Reference: http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=

57. Which of the following mail standards relies on a "Web of Trust"?

Secure Multipurpose Internet Mail extensions (S/MIME)

Pretty Good Privacy (PGP)

MIME Object Security Services (MOSS)

Privacy Enhanced Mail (PEM)

"PGP does not use a hierarchy of Cas, or any type of formal trust certificates, but relies on a "web of trust" in its key management approach. Each user generates and distributes his or her public key, and users sign each other's public keys, which creates a community of users who trust each other. This is different than the CA approach where no one trusts each other, they only trust the CA.

Explanation

"PGP does not use a hierarchy of Cas, or any type of formal trust certificates, but relies on a "web of trust" in its key management approach. Each user generates and distributes his or her public key, and users sign each other's public keys, which creates a community of users who trust each other. This is different than the CA approach where no one trusts each other, they only trust the CA.

58. Which of the following protocols does a web server use to encrypt data?

TCP/IP (Transmission Control Protocol/Internet Protocol)

ActiveX

IPSec (Internet Protocol Security)

SSL (Secure Sockets Layer)

The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 365

Explanation

The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 365

59. Identify the VPN implementations that will take the IPv6 security characteristics and port them to IPv4?

The IPSec VPN implementations will accomplish the task.

The SSL VPN implementations will accomplish the task.

The L2TP VPN implementations will accomplish the task.

The PPTP VPN implementations will accomplish the task.

The IPSec VPN implementations will accomplish the task because IPSec is a protocol suite that provides secure communication over IP networks. It can be used to establish secure connections between devices using IPv6 and port the security characteristics to IPv4. SSL VPN implementations, L2TP VPN implementations, and PPTP VPN implementations may not necessarily support IPv6 or have the capability to port IPv6 security characteristics to IPv4.

Explanation

The IPSec VPN implementations will accomplish the task because IPSec is a protocol suite that provides secure communication over IP networks. It can be used to establish secure connections between devices using IPv6 and port the security characteristics to IPv4. SSL VPN implementations, L2TP VPN implementations, and PPTP VPN implementations may not necessarily support IPv6 or have the capability to port IPv6 security characteristics to IPv4.

60. What do you require in order to use S/MIME (Secure Multipurpose Internet Mail Extensions)?

A digital certificate.

A server side certificate.

A SSL (Secure Sockets Layer) certificate.

A public certificate.

What differentiates S/MIME from MIME is that it uses RSA asymmetric encryption and it relies on a digital certificate for authentication.

Explanation

What differentiates S/MIME from MIME is that it uses RSA asymmetric encryption and it relies on a digital certificate for authentication.

61. Identify how the risks of social engineering can be reduced? (Choose TWO)

You should implement operating system patching instructions.

You should implement security awareness training.

You should implement risk assessment policies.

You should implement vulnerability testing techniques.

You should implement identity verification methods.

To reduce the risks of social engineering, implementing security awareness training is crucial. This helps employees understand various social engineering tactics and teaches them how to identify and respond to potential threats. By raising awareness, employees become more cautious and less likely to fall victim to social engineering attacks. Additionally, implementing identity verification methods can also help reduce risks. This involves implementing processes and tools to verify the identity of individuals before granting them access to sensitive information or systems, making it harder for attackers to impersonate legitimate users.

Explanation

To reduce the risks of social engineering, implementing security awareness training is crucial. This helps employees understand various social engineering tactics and teaches them how to identify and respond to potential threats. By raising awareness, employees become more cautious and less likely to fall victim to social engineering attacks. Additionally, implementing identity verification methods can also help reduce risks. This involves implementing processes and tools to verify the identity of individuals before granting them access to sensitive information or systems, making it harder for attackers to impersonate legitimate users.

Submit

62. On a firewall, which ports must be open in order to support IMAP4?

80

143

443

110

3869

Internet Message Access Protocol is an email feature that is similar to POP3 but has the ability to search for key words while the messages are on the mail server. The current version of IMAP (IMAP4) uses port 143 and TCP for connection.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 130

Explanation

Internet Message Access Protocol is an email feature that is similar to POP3 but has the ability to search for key words while the messages are on the mail server. The current version of IMAP (IMAP4) uses port 143 and TCP for connection.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 130

63. What is the possible reason for a web page to become unresponsive every time the embedded calendar control is used?

The ActiveX vulnerability is occurring.

The Cross-site scripting vulnerability is occurring.

The Cookies vulnerability is occurring.

The Common Gateway Interface (CGI) vulnerability is occurring.

The possible reason for a web page to become unresponsive every time the embedded calendar control is used is because of the ActiveX vulnerability. ActiveX is a technology used by Internet Explorer to run interactive content on web pages. However, it is known to have security vulnerabilities that can be exploited by malicious actors. In this case, it is likely that the embedded calendar control is utilizing ActiveX, and due to a vulnerability in the ActiveX implementation, it is causing the web page to become unresponsive.

Explanation

The possible reason for a web page to become unresponsive every time the embedded calendar control is used is because of the ActiveX vulnerability. ActiveX is a technology used by Internet Explorer to run interactive content on web pages. However, it is known to have security vulnerabilities that can be exploited by malicious actors. In this case, it is likely that the embedded calendar control is utilizing ActiveX, and due to a vulnerability in the ActiveX implementation, it is causing the web page to become unresponsive.

64. Which of the following network mapping tools uses ICMP (Internet Control Message Protocol)?

Port scanner.

Map scanner.

Ping scanner.

Share scanner.

Ping confirms a connection by sending and receiving ICMP packets.

Explanation

Ping confirms a connection by sending and receiving ICMP packets.

65. Which of the following is a VPN (Virtual Private Network) protocol that operates at the Network Layer (Layer 3) of the OSI (Open Systems Interconnect) model?

PPP (Point-to-Point Protocol)

SSL (Secure Sockets Layer)

L2TP (Layer Two Tunneling Protocol)

IPSec (Internet Protocol Security)

IPSec works at the network layer of the OSI layer model and is a key factor in VPNs.

Explanation

IPSec works at the network layer of the OSI layer model and is a key factor in VPNs.

66. Identify the best method when attacking encrypted information?

Block cipher will be more advantageous.

Weak key will be more advantageous.

Sniffed traffic will be more advantageous.

The algorithm used will be more advantageous.

A weak key will be more advantageous when attacking encrypted information because it refers to a key that is easily predictable or has a low level of entropy. This means that it can be more easily cracked or guessed by an attacker, making the encryption vulnerable. By exploiting a weak key, an attacker can potentially gain unauthorized access to the encrypted information.

Explanation

A weak key will be more advantageous when attacking encrypted information because it refers to a key that is easily predictable or has a low level of entropy. This means that it can be more easily cracked or guessed by an attacker, making the encryption vulnerable. By exploiting a weak key, an attacker can potentially gain unauthorized access to the encrypted information.

67. On a firewall, which ports must be open in order to support TACACS?

21

161

53

49

TACACS uses both TCP and UDP port 49

Explanation

TACACS uses both TCP and UDP port 49

68. What is the name of the trust model that will permit users to create and sign certificates for known people?

It is known as web-of-trust.

It is known as browser trust-list.

It is known as single certificate authority (CA).

It is known as hierarchical.

The correct answer is "web-of-trust". In a web-of-trust model, users have the ability to create and sign certificates for individuals they know and trust. This model relies on a decentralized network of trust relationships, where each user can independently verify the authenticity of certificates based on the trust they have established with other users. This allows for a more flexible and customizable approach to establishing trust compared to a centralized model like a single certificate authority or browser trust-list.

Explanation

The correct answer is "web-of-trust". In a web-of-trust model, users have the ability to create and sign certificates for individuals they know and trust. This model relies on a decentralized network of trust relationships, where each user can independently verify the authenticity of certificates based on the trust they have established with other users. This allows for a more flexible and customizable approach to establishing trust compared to a centralized model like a single certificate authority or browser trust-list.

69. Why is spam regard as a problem when deleted prior to opening it?

Spam installs the Trojan horse viruses

Spam authenticates the validity of email addresses

Spam alters the mail file.

Spam waste several company bandwidth.

When spam emails are deleted prior to opening them, they still consume company bandwidth because the emails need to be downloaded and processed by the email server before they can be deleted. This can lead to a waste of resources and slower email performance for the company.

Explanation

When spam emails are deleted prior to opening them, they still consume company bandwidth because the emails need to be downloaded and processed by the email server before they can be deleted. This can lead to a waste of resources and slower email performance for the company.

70. What makes Instant Messaging extremely insecure compared to other messaging systems?

It is a peer-to-peer network that offers most organizations virtually no control over it.

Most IM clients are actually Trojan Horses.

It is a centrally managed system that can be closely monitored.

It uses the insecure Internet as a transmission medium.

A seems to be the most correct of these answer.
B. Is incorrect because IM client are not Trojan Horses, but they can be compromised by Trojan Horses.
C. Is incorrect because the answer would make IM secure.
D. All IM messaging system that transverse the Internet uses it as a medium.

Explanation

A seems to be the most correct of these answer.
B. Is incorrect because IM client are not Trojan Horses, but they can be compromised by Trojan Horses.
C. Is incorrect because the answer would make IM secure.
D. All IM messaging system that transverse the Internet uses it as a medium.

71. You work as the security administrator at Certkiller .com. You notice that an e-mail server is currently relaying e-mail (including spam) for any e-mail server requesting relaying. On further investigation you discover the existence of /etc/mail/relay domains. How should you modify the relay domains file to prevent relaying for non-explicitly named domains?

Move the .* entry to the bottom of the relay domains file and restart the e-mail process

Move the .* entry to the top of the relay domains file and restart the e-mail process.

Delete the .* entry in the relay domains file and restart the e-mail process.

Delete the relay domains file from the /etc/mail folder and restart the e-mail process.

The symbol: *.* is known as a wild card mask, and just like in poker when a file matches a wild card anything goes. By deleting the wild card, it prevents ANY email server (including the SPAM servers) from relaying information.

Explanation

The symbol: *.* is known as a wild card mask, and just like in poker when a file matches a wild card anything goes. By deleting the wild card, it prevents ANY email server (including the SPAM servers) from relaying information.

72. On a firewall, which ports must be open in order to support L2TP (Layer Two Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol) connections respectively?

TCP (Transmission Control Protocol) port 635 and UDP (User Datagram Protocol) port 654

TCP (Transmission Control Protocol) port 749 and UDP (User Datagram Protocol) port 781

UDP (User Datagram Protocol) port 1701 and TCP (transmission Control Protocol) port 1723

TCP (Transmission Control Protocol) port 1812 and UDP (User Datagram Protocol) port 1813

L2TP uses UDP port 1701 while PPTP uses TCP port 1723

Explanation

L2TP uses UDP port 1701 while PPTP uses TCP port 1723

73. Identify the error that will arise if an HTML-based e-mail has a mislabeled MIME type .exe attachment?

It will result in the executable being able to execute automatically.

It will result in the unreadable e-mail.

It will result in the mail server constantly resending the e-mail.

It will result in the e-mail client will delete the e-mail.

If an HTML-based e-mail has a mislabeled MIME type .exe attachment, it will result in the executable being able to execute automatically. This means that the attachment, which is supposed to be a non-executable file, will be treated as an executable file by the computer, potentially causing harm or executing malicious code without the user's consent or knowledge.

Explanation

If an HTML-based e-mail has a mislabeled MIME type .exe attachment, it will result in the executable being able to execute automatically. This means that the attachment, which is supposed to be a non-executable file, will be treated as an executable file by the computer, potentially causing harm or executing malicious code without the user's consent or knowledge.

74. You work as the security administrator at Certkiller .com. You want to configure the Certkiller network to allow only HTTP (Hypertext Transfer Protocol) traffic for outbound Internet connections. You also want to set permissions to allow only certain users to browse the web. Which of the following should you use?

A packet filtering firewall.

A protocol analyzer.

A proxy server.

A stateful firewall

A proxy server is a server that is situated between a client and a server; that intercessors requests. Proxy servers are used for two reasons:
* To filter requests, so a strict parent or company can prevent their kids or employees from viewing the wrong sties.
* The increase performance, so multiple users accessing the same information (like a school, or a library,) can fetch common information from the proxy server.

Explanation

A proxy server is a server that is situated between a client and a server; that intercessors requests. Proxy servers are used for two reasons:
* To filter requests, so a strict parent or company can prevent their kids or employees from viewing the wrong sties.
* The increase performance, so multiple users accessing the same information (like a school, or a library,) can fetch common information from the proxy server.

75. Which of the following is the biggest problem associated with Instant Messaging?

It is widely deployed and difficult to control.

It was created without security in mind.

It is easily spoofed.

It is created with file sharing enabled.

Instant messaging was created for speed and simplicity. They wanted a program that was feature rich, but not memory intensive so more people could be online more often. Since the text is unencrypted, it's very easy for someone to eavesdrop on a message, hijack the conversation and send a virus that's disguised as an innocent graphic file.

Explanation

Instant messaging was created for speed and simplicity. They wanted a program that was feature rich, but not memory intensive so more people could be online more often. Since the text is unencrypted, it's very easy for someone to eavesdrop on a message, hijack the conversation and send a virus that's disguised as an innocent graphic file.

76. Why should e-mail server be configured to prevent e-mail relay?

Untraceable, unwanted e-mail can be sent

An attacker can gain access and take over the server.

Confidential information in the server's e-mail boxes can be read using the relay

The open relay can be used to gain control of nodes on additional networks.

If someone can find a way to relay email through the relay server, they can send thousands of unsolicited emails a day without the recipients having a way to pinpoint the source.

Explanation

If someone can find a way to relay email through the relay server, they can send thousands of unsolicited emails a day without the recipients having a way to pinpoint the source.

77. On which TCP/IP model will IPSec work?

IPSec will work on the Transport layer.

IPSec will work on the Network layer.

IPSec will work on the Application layer.

IPSec will work on the Data link layer.

IPSec (Internet Protocol Security) is a protocol suite used to secure internet communication by authenticating and encrypting IP packets. It operates at the Network layer of the TCP/IP model, providing security services such as data confidentiality, integrity, and authentication. By working at the Network layer, IPSec can secure all traffic passing through the network, regardless of the application or transport protocol being used.

Explanation

IPSec (Internet Protocol Security) is a protocol suite used to secure internet communication by authenticating and encrypting IP packets. It operates at the Network layer of the TCP/IP model, providing security services such as data confidentiality, integrity, and authentication. By working at the Network layer, IPSec can secure all traffic passing through the network, regardless of the application or transport protocol being used.

78. Which of the following represents the main advantage of using SSL (Secure Sockets Layer) has over HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer)?

SSL (Secure Sockets Layer) and HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) are transparent to the application

SSL (Secure Sockets Layer) supports user authentication and HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) does not.

SSL on its own works at the session layer (layer 5) so it has more versatility in protocols that it supports.

Explanation

SSL on its own works at the session layer (layer 5) so it has more versatility in protocols that it supports.

79. What is the important defect in Pretty Good Privacy (PGP) authentication?

The most important defect is that the client has to trust the public key that is received.

The most important defect is that the private keys can be compromised.

The most important defect is that it is subject to a man-in-the-middle attack.

The most important defect is that the weak encryption can easily be broken.

The important defect in Pretty Good Privacy (PGP) authentication is that the client has to trust the public key that is received. This means that if an attacker is able to intercept and modify the public key, they can impersonate the intended recipient and decrypt any messages sent to them. This vulnerability makes PGP susceptible to a man-in-the-middle attack, where an attacker can intercept and modify the communication between the sender and recipient without their knowledge. It is crucial for the client to verify the authenticity of the public key to ensure secure communication.

Explanation

The important defect in Pretty Good Privacy (PGP) authentication is that the client has to trust the public key that is received. This means that if an attacker is able to intercept and modify the public key, they can impersonate the intended recipient and decrypt any messages sent to them. This vulnerability makes PGP susceptible to a man-in-the-middle attack, where an attacker can intercept and modify the communication between the sender and recipient without their knowledge. It is crucial for the client to verify the authenticity of the public key to ensure secure communication.

80. Who manages the IPSec Security Association?

The IPSec Security Association is managed by ESP

The IPSec Security Association is managed by ISAKMP.

The IPSec Security Association is managed by AH.

The IPSec Security Association is managed by IEEE.

The IPSec Security Association is managed by ISAKMP. ISAKMP (Internet Security Association and Key Management Protocol) is a protocol used to establish, negotiate, modify, and delete security associations (SAs) between IPSec devices. It provides a framework for authentication, key exchange, and secure communication. ISAKMP manages the IPSec SAs, which are used to secure the communication between two IPSec devices.

Explanation

The IPSec Security Association is managed by ISAKMP. ISAKMP (Internet Security Association and Key Management Protocol) is a protocol used to establish, negotiate, modify, and delete security associations (SAs) between IPSec devices. It provides a framework for authentication, key exchange, and secure communication. ISAKMP manages the IPSec SAs, which are used to secure the communication between two IPSec devices.

81. Identify the port used by Encapsulating Security Payload (ESP) in IPSec?

Port 51 is used.

Port 50 is used.

Port 20 is used.

Port 25 is used.

The Encapsulating Security Payload (ESP) is a protocol used in IPSec to provide confidentiality, integrity, and authentication of data packets. It operates at the IP layer and is responsible for encrypting the payload of the IP packet. The correct answer is "Port 50 is used" because ESP does not use any specific port number for communication. Instead, it encapsulates the entire IP packet and adds its own ESP header, which is identified by the protocol number 50.

Explanation

The Encapsulating Security Payload (ESP) is a protocol used in IPSec to provide confidentiality, integrity, and authentication of data packets. It operates at the IP layer and is responsible for encrypting the payload of the IP packet. The correct answer is "Port 50 is used" because ESP does not use any specific port number for communication. Instead, it encapsulates the entire IP packet and adds its own ESP header, which is identified by the protocol number 50.

82. Which of the following types of encryption does SSL (Secure Sockets Layer) use?

Asymmetric

Symmetric

Public Key

Secret

The Secure Sockets Layer (SSL) protocol uses both asymmetric and symmetric key exchange. It uses asymmetric keys for the SSL handshake. During the handshake, the master key, is encrypted with the receivers public passes from the client to the server. The client and server make their own session keys using the master key. The session keys encrypt and decrypt data for the remainder of the session. Symmetric key exchange occurs during the exchange of the cipher specification, or encryption level.

Explanation

The Secure Sockets Layer (SSL) protocol uses both asymmetric and symmetric key exchange. It uses asymmetric keys for the SSL handshake. During the handshake, the master key, is encrypted with the receivers public passes from the client to the server. The client and server make their own session keys using the master key. The session keys encrypt and decrypt data for the remainder of the session. Symmetric key exchange occurs during the exchange of the cipher specification, or encryption level.

83. Which of the following is a tunneling protocol that only works on IP networks?

IPX

L2TP

PPTP

SSH

Point-to-Point Tunneling Protocol You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP). Developed as an extension of the Point-to-Point Protocol (PPP), PPTP tunnels and/or encapsulates, IP, IPX, or NetBEUI protocols inside of PPP datagrams PPTP does not require a dial-up connection. It does, however, require IP connectivity between your computer and the server. Not B: L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP). Like PPTP, L2TP encapsulates Point-to-Point Protocol (PPP) frames, which in turn encapsulate IP, IPX, or NetBEUI protocols

Explanation

Point-to-Point Tunneling Protocol You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP). Developed as an extension of the Point-to-Point Protocol (PPP), PPTP tunnels and/or encapsulates, IP, IPX, or NetBEUI protocols inside of PPP datagrams PPTP does not require a dial-up connection. It does, however, require IP connectivity between your computer and the server. Not B: L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP). Like PPTP, L2TP encapsulates Point-to-Point Protocol (PPP) frames, which in turn encapsulate IP, IPX, or NetBEUI protocols

84. What is the main purpose of an e-mail relay server?

It is used to prevent viruses from entering the network.

It is used to defend the primary e-mail server and limit the effects of any attack.

It is used to eliminate e-mail vulnerabilities since all e-mail is passed through the relay first.

An email relay will essentially make your mail server invisible to the internet, so you can protect yourself from port scans, viruses, and arbitrary access.

Explanation

An email relay will essentially make your mail server invisible to the internet, so you can protect yourself from port scans, viruses, and arbitrary access.

85. Determine the security links in an IPSec encrypted session for every direction?

There are six security links

There are one security links.

There are four security links.

There are eight security links.

not-available-via-ai

Explanation

not-available-via-ai

86. What are the possible results of a malformed MIME (Multipurpose Internet Mail Extensions) header?

It can create a back door that will allow an attacker free access to a company's private network.

It can create a virus that infects a user's computer.

It can cause an unauthorized disclosure of private information.

It can cause an e-mail server to crash.

Microsoft Exchange Server 5.0 & 5.5 had a vulnerability that made it suspect to crashes following a malformed MIME header. Patches have since been released.

Explanation

Microsoft Exchange Server 5.0 & 5.5 had a vulnerability that made it suspect to crashes following a malformed MIME header. Patches have since been released.

87. How many steps are used during the SSL (Secure Sockets Layer) handshake process?

5

6

7

8

The handshake begins when a browser connects to an SSL-enabled server, and asks the server to send back its identification, a digital certificate that usually contains the server name, the trusted certifying authority, and the server public encryption key. The browser can contact the server of the trusted certifying authority and confirm that the certificate is authentic before proceeding. The browser then presents a list of encryption algorithms and hashing functions (used to generate a number from another); the server picks the strongest encryption that it also supports and notifies the client of the decision. In order to generate the session keys used for the secure connection, the browser uses the server public key from the certificate to encrypt a random number and send it to the server. The client can encrypt this data, but only the server can decrypt it: this is the one fact that makes the keys hidden from third parties, since only the server and the client have access to this data. The server replies with more random data (which doesn't have to be encrypted), and then both parities use the selected hash functions on the random data to generate the session keys. This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the session keys. The SSL handshake allows the establishment of a secured connection over an insecure channel. Even if a third party were to listen to the conversation, it would not be able to obtain the session keys. The process of creating good random numbers and applying hash functions can be quite slow, but usually the session keys are cached, so the handshake occurs only on the first connection between the parties. This process works on top of HTTP, so its portable to any platform that supports it, and is in principle applicable to other protocols as well (Welling 2001, p.334). The process described is part of SSL version 2.0, but version 3.0 is supposed to replace it soon. Another standard, Transport Layer Security (TSL) is still in draft and is supposed to replace SSL in the future.

Explanation

The handshake begins when a browser connects to an SSL-enabled server, and asks the server to send back its identification, a digital certificate that usually contains the server name, the trusted certifying authority, and the server public encryption key. The browser can contact the server of the trusted certifying authority and confirm that the certificate is authentic before proceeding. The browser then presents a list of encryption algorithms and hashing functions (used to generate a number from another); the server picks the strongest encryption that it also supports and notifies the client of the decision. In order to generate the session keys used for the secure connection, the browser uses the server public key from the certificate to encrypt a random number and send it to the server. The client can encrypt this data, but only the server can decrypt it: this is the one fact that makes the keys hidden from third parties, since only the server and the client have access to this data. The server replies with more random data (which doesn't have to be encrypted), and then both parities use the selected hash functions on the random data to generate the session keys. This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the session keys. The SSL handshake allows the establishment of a secured connection over an insecure channel. Even if a third party were to listen to the conversation, it would not be able to obtain the session keys. The process of creating good random numbers and applying hash functions can be quite slow, but usually the session keys are cached, so the handshake occurs only on the first connection between the parties. This process works on top of HTTP, so its portable to any platform that supports it, and is in principle applicable to other protocols as well (Welling 2001, p.334). The process described is part of SSL version 2.0, but version 3.0 is supposed to replace it soon. Another standard, Transport Layer Security (TSL) is still in draft and is supposed to replace SSL in the future.

88. Which one of the following would most likely lead to a CGI (Common Gateway Interface) security problem?

HTTP (Hypertext Transfer Protocol) protocol.

Compiler or interpreter that runs the CGI (Common Gateway Interface) script.

The web browser.

External data supplied by the user.

Common Gateway Interface is an older form of scripting that was used extensively in early web systems. CGI scripts could be used to capture data from a user using simple forms. The CGI script ran on the web server, and it interacted with the client browser. CGI is frowned upon in new applications because of its security issues, but it still widely used in older systems. Although the answer is not given in the paragraph from the book, the answer would be D.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 136

Explanation

Common Gateway Interface is an older form of scripting that was used extensively in early web systems. CGI scripts could be used to capture data from a user using simple forms. The CGI script ran on the web server, and it interacted with the client browser. CGI is frowned upon in new applications because of its security issues, but it still widely used in older systems. Although the answer is not given in the paragraph from the book, the answer would be D.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 136

89. Determine how you can contain the outbreak of a work infested organization? (Choose TWO)

Your best option would be to block the VoIP access.

Your best option would be to block the remote procedure calls.

Your best option would be to block the NTP access.

Your best option would be to block the DNS queries.

Your best option would be to block the instant messaging.

Blocking remote procedure calls can help contain the outbreak by preventing the spread of malware or malicious code through network communications. Similarly, blocking instant messaging can limit the transfer of infected files or links that can further propagate the infestation. Blocking VoIP access, NTP access, or DNS queries may not directly address the outbreak of a work-infested organization.

Explanation

Blocking remote procedure calls can help contain the outbreak by preventing the spread of malware or malicious code through network communications. Similarly, blocking instant messaging can limit the transfer of infected files or links that can further propagate the infestation. Blocking VoIP access, NTP access, or DNS queries may not directly address the outbreak of a work-infested organization.

Submit

90. Identify the port number that will ensure a secure LDAP usage by default?

Port 389 will secure LDAP.

Port 443 will secure LDAP.

Port 53 will secure LDAP.

Port 636 will secure LDAP.

Port 636 is the correct answer because it is the default port for secure LDAP (LDAPS). LDAPS is an encrypted version of LDAP (Lightweight Directory Access Protocol) that provides secure communication between clients and LDAP servers. By using port 636, data transmitted between the client and server is encrypted, ensuring confidentiality and preventing unauthorized access to sensitive information.

Explanation

Port 636 is the correct answer because it is the default port for secure LDAP (LDAPS). LDAPS is an encrypted version of LDAP (Lightweight Directory Access Protocol) that provides secure communication between clients and LDAP servers. By using port 636, data transmitted between the client and server is encrypted, ensuring confidentiality and preventing unauthorized access to sensitive information.

91. Which of the following does PGP use to encrypt data?

An asymmetric scheme

A symmetric scheme

A symmetric key distribution system

An asymmetric key distribution

PGP (Pretty Good Privacy) uses a symmetric scheme to encrypt data. In a symmetric encryption scheme, the same key is used for both encryption and decryption. This means that the sender and the recipient of the encrypted data must have the same key. PGP uses a symmetric encryption algorithm, such as AES (Advanced Encryption Standard), to encrypt the data. The symmetric key is then encrypted with the recipient's public key, which is part of the asymmetric encryption scheme used by PGP. This combination of symmetric and asymmetric encryption provides a secure way to encrypt data in PGP.

Explanation

PGP (Pretty Good Privacy) uses a symmetric scheme to encrypt data. In a symmetric encryption scheme, the same key is used for both encryption and decryption. This means that the sender and the recipient of the encrypted data must have the same key. PGP uses a symmetric encryption algorithm, such as AES (Advanced Encryption Standard), to encrypt the data. The symmetric key is then encrypted with the recipient's public key, which is part of the asymmetric encryption scheme used by PGP. This combination of symmetric and asymmetric encryption provides a secure way to encrypt data in PGP.

92. What does S/MIME use to execute public key exchange and authentication?

S/MIME makes use of RSA.

S/MIME makes use of 3DES.

S/MIME makes use of RC2.

S/MIME makes use of X.509.

S/MIME uses X.509 to execute public key exchange and authentication. X.509 is a widely used standard for digital certificates, which are used to verify the authenticity of public keys. It provides a framework for the secure exchange of public key information and ensures the integrity and confidentiality of the exchanged data.

Explanation

S/MIME uses X.509 to execute public key exchange and authentication. X.509 is a widely used standard for digital certificates, which are used to verify the authenticity of public keys. It provides a framework for the secure exchange of public key information and ensures the integrity and confidentiality of the exchanged data.

93. Which of the following is a key function introduced SSLv3.0 (Secure Sockets Layer version 3.0)?

The ability to act as a CA (Certificate Authority).

The ability to force client side authentication via digital certificates.

The ability to use x.400 certificates.

The ability to protect transmissions with 1024-bit symmetric encryption.

There are three versions of SSL out right now: SSL v.2, SSL v.3, and TLSv1 which is still going through standardization. SSL v.2 ensures encrypted data between client and serer. The server can authenticate the client, and the client can option to authenticate the server. SSL v.3 was enhanced for security and efficiency. It includes data compression, the ability of either the client or server requesting a renegotiation of the ciphers and shared key at any moment, and the use of certificate chains.

Explanation

There are three versions of SSL out right now: SSL v.2, SSL v.3, and TLSv1 which is still going through standardization. SSL v.2 ensures encrypted data between client and serer. The server can authenticate the client, and the client can option to authenticate the server. SSL v.3 was enhanced for security and efficiency. It includes data compression, the ability of either the client or server requesting a renegotiation of the ciphers and shared key at any moment, and the use of certificate chains.

94. When hosting a web server with CGI (Common Gateway Interface) scripts, which permissions should the directories for public view have?

Read

Execute

Read and Write

Read, Write, and Execute

Full Control

Common Gateway Interface is an older form of scripting that was used extensively in early web systems. CGI scripts could be used to capture data from a user using simple forms. The CGI script ran on the web server, and it interacted with the client browser. CGI is frowned upon in new applications because of its security issues, but it still widely used in older systems.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 136

Explanation

Common Gateway Interface is an older form of scripting that was used extensively in early web systems. CGI scripts could be used to capture data from a user using simple forms. The CGI script ran on the web server, and it interacted with the client browser. CGI is frowned upon in new applications because of its security issues, but it still widely used in older systems.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 136

95. What is the function of an auditing record on an information system? (Choose TWO)

You should identify printing as the function of the auditing record.

You should identify troubleshooting as the function of the auditing record.

You should identify investigations as the function of the auditing record.

You should identify performance as the function of the auditing record.

You should identify installing as the function of the auditing record.

The function of an auditing record on an information system is to facilitate troubleshooting and investigations. By maintaining a record of all activities and events on the system, auditing records can be used to identify and resolve issues or errors that may arise. They also serve as a valuable resource for conducting investigations into any suspicious or unauthorized activities on the system.

Explanation

The function of an auditing record on an information system is to facilitate troubleshooting and investigations. By maintaining a record of all activities and events on the system, auditing records can be used to identify and resolve issues or errors that may arise. They also serve as a valuable resource for conducting investigations into any suspicious or unauthorized activities on the system.

Submit

96. Determine the OSI model layer where SSL offers encryption?

SSL offers encryption at the Session layer.

SSL offers encryption at the Application layer.

SSL offers encryption at the Transport layer

SSL offers encryption at the Network layer.

SSL (Secure Sockets Layer) offers encryption at the Session layer of the OSI model. The Session layer is responsible for establishing, managing, and terminating connections between applications. SSL operates at this layer by creating a secure session between the client and server, encrypting the data exchanged during the session. This encryption ensures the confidentiality and integrity of the data transmitted over the network.

Explanation

SSL (Secure Sockets Layer) offers encryption at the Session layer of the OSI model. The Session layer is responsible for establishing, managing, and terminating connections between applications. SSL operates at this layer by creating a secure session between the client and server, encrypting the data exchanged during the session. This encryption ensures the confidentiality and integrity of the data transmitted over the network.

97. In which lengths are SSL (Secure Sockets Layer) session keys available? (Choose two)

40-bit

64-bit.

128-bit.

1,024-bit.

SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the "session key" generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. Reference: http://wp.netscape.com/security/techbriefs/ssl.html

Explanation

SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the "session key" generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. Reference: http://wp.netscape.com/security/techbriefs/ssl.html

Submit

98. Between which layers of the OSI (Open Systems Interconnection) model does SSL (Secure Sockets Layer) operate? (Choose all that apply)

The Application Layer.

The Transport Layer

The Network Layer

The Data Link Layer

The Physical Layer

SSL is associated with secure transactions (credit card purchases and online banking) over your web browser, so naturally it operates between the top two layers of the OSI model.

Explanation

SSL is associated with secure transactions (credit card purchases and online banking) over your web browser, so naturally it operates between the top two layers of the OSI model.

Submit

99. What are the damaging consequences of a virus hoax? (Choose TWO)

It results in the capacity of the e-mail server to be consumed by message traffic.

It results in the system configuration being changed by clients.

It results in the risk for identity theft.

It results in the consumption of technical support resources by increased client calls.

A virus hoax can have damaging consequences in two ways. Firstly, it can result in the system configuration being changed by clients. This means that users may unknowingly make changes to their system settings or install malicious software, which can compromise the security and stability of their devices. Secondly, a virus hoax can lead to an increased number of client calls to technical support. This can consume valuable resources and time for support staff, diverting their attention from other important tasks and potentially causing delays in addressing genuine technical issues.

Explanation

A virus hoax can have damaging consequences in two ways. Firstly, it can result in the system configuration being changed by clients. This means that users may unknowingly make changes to their system settings or install malicious software, which can compromise the security and stability of their devices. Secondly, a virus hoax can lead to an increased number of client calls to technical support. This can consume valuable resources and time for support staff, diverting their attention from other important tasks and potentially causing delays in addressing genuine technical issues.

Submit

100. Identify the symmetric encryptions of message data and hashing methods uses Pretty Good Privacy (PGP)? (Choose TWO)

Pretty Good Privacy (PGP) makes use of Blowfish.

Pretty Good Privacy (PGP) makes use of NTLM

Pretty Good Privacy (PGP) makes use of 3DES.

Pretty Good Privacy (PGP) makes use of SHA-1.

Pretty Good Privacy (PGP) makes use of Diffie-Hellman.

The correct answers are "Pretty Good Privacy (PGP) makes use of Blowfish" and "Pretty Good Privacy (PGP) makes use of NTLM". PGP uses symmetric encryption algorithms like Blowfish to encrypt the message data. Blowfish is a symmetric key block cipher that operates on 64-bit blocks and can have a variable key length of up to 448 bits. PGP also uses NTLM (NT LAN Manager) as a hashing method. NTLM is a suite of protocols used for authentication and security on Microsoft Windows systems. It is used to hash passwords and verify the integrity of data.

Explanation

The correct answers are "Pretty Good Privacy (PGP) makes use of Blowfish" and "Pretty Good Privacy (PGP) makes use of NTLM". PGP uses symmetric encryption algorithms like Blowfish to encrypt the message data. Blowfish is a symmetric key block cipher that operates on 64-bit blocks and can have a variable key length of up to 448 bits. PGP also uses NTLM (NT LAN Manager) as a hashing method. NTLM is a suite of protocols used for authentication and security on Microsoft Windows systems. It is used to hash passwords and verify the integrity of data.

Submit