How Well You Know SEC+ Study Guide D Quiz

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Ctstravis

Ctstravis

Community Contributor

Quizzes Created: 8 | Total Attempts: 2,362

Questions: 100 | Attempts: 125 | Updated: Mar 21, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

A majority of people spends most of their time on the internet either doing research or just checking on their online presence. If you are a Sec+ student take this quiz to find how much you know about the subject and more.

Questions and Answers

1.

QUESTION NO: 301 Which of the following reduces the effectiveness of telephone social engineering?
- A.
  
  Automatic callback
- B.
  
  Monitoring outbound calls
- C.
  
  Awareness training
- D.
  
  Use of VoIP
Correct Answer
C. Awareness training

Explanation
Awareness training reduces the effectiveness of telephone social engineering by educating individuals about the tactics and techniques used by social engineers. This training helps individuals recognize and respond appropriately to suspicious or manipulative phone calls, reducing the likelihood of falling victim to social engineering attacks. By increasing awareness and knowledge, individuals are better equipped to identify and protect against social engineering attempts, ultimately reducing their effectiveness.

Rate this question:
2.

QUESTION NO: 302 Which of the following will execute malicious code at a pre-specified time?
- A.
  
  Logic Bomb
- B.
  
  DoS
- C.
  
  Worm
- D.
  
  Rootkit
Correct Answer
A. Logic Bomb

Explanation
A logic bomb is a type of malicious code that is designed to execute at a pre-specified time or when a specific condition is met. It is typically inserted into a computer system by a malicious insider, and its purpose is to cause harm or disruption to the system or its data. Once triggered, a logic bomb can delete files, corrupt data, or perform other malicious actions. Unlike a worm or a rootkit, which are designed to spread or gain unauthorized access, a logic bomb is specifically programmed to activate at a certain time or under certain conditions.

Rate this question:
3.

QUESTION NO: 303 All of the following are weaknesses of WEP EXCEPT:
- A.
  
  Lack of integrity checking
- B.
  
  Initialization vector.
- C.
  
  Replay attacks.
- D.
  
  Lack of strong keys
Correct Answer
A. Lack of integrity checking

Explanation
WEP (Wired Equivalent Privacy) is a security protocol used to secure wireless networks. It has several weaknesses, including the lack of integrity checking, which means that it does not verify the integrity of the data being transmitted. This weakness allows for the possibility of data tampering or modification during transmission. The other weaknesses mentioned in the options are valid weaknesses of WEP, such as the vulnerability of the initialization vector, susceptibility to replay attacks, and the use of weak keys.

Rate this question:
4.

QUESTION NO: 304 Which of the following is LEAST likely to help reduce single points of failure?
- A.
  
  Mandatory vacations
- B.
  
  Cross training
- C.
  
  Clustered servers
- D.
  
  Disaster recovery exercises
Correct Answer
A. Mandatory vacations

Explanation
Mandatory vacations are least likely to help reduce single points of failure because they do not directly address the technical or operational aspects of a system. While they may provide some level of redundancy by ensuring that multiple employees are familiar with a particular task, they do not directly mitigate the risk of a single point of failure. On the other hand, cross training, clustered servers, and disaster recovery exercises are all measures that can help minimize the impact of a single point of failure by providing redundancy, distributing workload, and ensuring the ability to recover from failures.

Rate this question:
5.

QUESTION NO: 305 Which of the following reduces the attack surface of an operating system?
- A.
  
  Patch management
- B.
  
  Installing antivirus
- C.
  
  Installing HIDS
- D.
  
  Disabling unused services
Correct Answer
D. Disabling unused services

Explanation
Disabling unused services reduces the attack surface of an operating system because it eliminates any potential vulnerabilities that may exist within those services. By disabling services that are not needed, the system reduces the number of entry points that attackers can exploit, thereby reducing the overall attack surface. This practice helps to minimize the potential for unauthorized access and compromises to the operating system.

Rate this question:
6.

QUESTION NO: 306 Which of the following is LEAST effective when hardening an operating system?
- A.
  
  Configuration baselines
- B.
  
  Limiting administrative privileges
- C.
  
  Installing HIDS
- D.
  
  Install a software firewall
Correct Answer
C. Installing HIDS

Explanation
Installing a Host Intrusion Detection System (HIDS) is the least effective method for hardening an operating system. While HIDS can help detect and prevent unauthorized access and malicious activities, it is not as effective as other measures such as configuration baselines, which provide a standardized and secure configuration for the system. Limiting administrative privileges helps minimize the risk of unauthorized access and reduces the attack surface. Installing a software firewall adds an additional layer of protection by controlling network traffic. Therefore, compared to these methods, installing HIDS is the least effective in hardening an operating system.

Rate this question:
7.

QUESTION NO: 307 Which of the following provides the MOST control when deploying patches?
- A.
  
  Hotfix
- B.
  
  Remote desktop
- C.
  
  Patch management
- D.
  
  Service packs
Correct Answer
C. Patch management

Explanation
Patch management provides the most control when deploying patches. Patch management refers to the process of acquiring, testing, and deploying patches or updates to software systems. It allows organizations to centrally manage and control the deployment of patches across multiple devices or systems. With patch management, organizations can schedule and automate patch deployments, prioritize critical patches, and ensure that patches are applied consistently and efficiently. This level of control ensures that patches are deployed in a controlled and organized manner, reducing the risk of system vulnerabilities and improving overall security.

Rate this question:
8.

QUESTION NO: 308 If a technician wants to know when a computer application is accessing the network, which of the following logs should be reviewed?
- A.
  
  Antivirus log
- B.
  
  RADIUS log
- C.
  
  Performance log
- D.
  
  Host firewall log
Correct Answer
D. Host firewall log

Explanation
The host firewall log should be reviewed if a technician wants to know when a computer application is accessing the network. The host firewall log keeps a record of all the network traffic that is allowed or blocked by the firewall on the computer. By reviewing this log, the technician can determine when and how the application is accessing the network, providing valuable information for troubleshooting or security purposes.

Rate this question:
9.

QUESTION NO: 309 All of the following are components of IPSec EXCEPT:
- A.
  
  Encapsulating security payload
- B.
  
  Internet key exchange.
- C.
  
  Temporal key interchange protocol.
- D.
  
  Authentication header (AH).
Correct Answer
C. Temporal key interchange protocol.

Explanation
IPSec (Internet Protocol Security) is a protocol suite used to secure IP communications. It consists of several components, including the encapsulating security payload (ESP), Internet Key Exchange (IKE), and authentication header (AH). The temporal key interchange protocol is not a component of IPSec. It is possible that the temporal key interchange protocol is a made-up term or a distractor option in this question.

Rate this question:
10.

QUESTION NO: 310 IPSec connection parameters are stored in which of the following?
- A.
  
  Security association database
- B.
  
  Security payload index
- C.
  
  Security parameter index
- D.
  
  Certificate authority
Correct Answer
A. Security association database

Explanation
IPSec connection parameters are stored in the Security Association Database (SAD). The SAD is a database that contains all the security parameters, such as encryption algorithms, authentication methods, and key management information, for each IPSec connection. It is used by the IPSec protocol to establish and maintain secure communication between two endpoints. The SAD keeps track of the security associations, which are the rules and policies that govern the IPSec connections. By storing the IPSec connection parameters in the SAD, the system can easily retrieve and apply the necessary security settings for each connection.

Rate this question:
11.

QUESTION NO: 311 Which of the following will provide a 128-bit hash?
- A.
  
  MD5
- B.
  
  AES128
- C.
  
  ROT13
- D.
  
  SHA-1
Correct Answer
A. MD5

Explanation
MD5 (Message Digest Algorithm 5) is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. It is commonly used to verify data integrity by generating a unique hash value for a given input. Despite its popularity, MD5 is considered to be weak and insecure for cryptographic purposes due to its vulnerability to collision attacks. However, it can still be used for non-cryptographic purposes such as checksums and fingerprinting.

Rate this question:
12.

QUESTION NO: 312 Which of the following describes a hash algorithms ability to avoid the same output from two guessed inputs?
- A.
  
  Collision avoidance
- B.
  
  Collision resistance
- C.
  
  Collision strength
- D.
  
  Collision metric
Correct Answer
B. Collision resistance

Explanation
Collision resistance is the ability of a hash algorithm to avoid producing the same output for two different inputs. In other words, it ensures that it is computationally infeasible to find two different inputs that result in the same hash value. This property is essential for the security of hash functions, as it prevents attackers from finding collisions and potentially exploiting vulnerabilities in systems that rely on hash functions for data integrity and authentication.

Rate this question:
13.

QUESTION NO: 313 Which of the following should be included in a forensic toolkit?
- A.
  
  Compressed air
- B.
  
  Tape recorder
- C.
  
  Fingerprint cards
- D.
  
  Digital camera
Correct Answer
D. Digital camera

Explanation
A digital camera should be included in a forensic toolkit because it allows forensic investigators to capture high-quality photographs of crime scenes, evidence, and other relevant details. These photographs can be used as visual documentation and can provide crucial information during the investigation and in court proceedings. Additionally, digital cameras offer the advantage of easily transferring and storing images, making them an essential tool for forensic analysis.

Rate this question:
14.

QUESTION NO: 314 Which of the following BEST describes the form used while transferring evidence?
- A.
  
  Booking slip
- B.
  
  Affidavit
- C.
  
  Chain of custody
- D.
  
  Evidence log
Correct Answer
C. Chain of custody

Explanation
The form used while transferring evidence is called the chain of custody. This form is used to document the movement and handling of evidence from the time it is collected until it is presented in court. It includes details such as who collected the evidence, where it was stored, who had access to it, and any changes or transfers that occurred. The chain of custody is crucial in maintaining the integrity and admissibility of the evidence in court.

Rate this question:
15.

QUESTION NO: 315 Which of the following is the primary incident response function of a first responder?
- A.
  
  To evaluate the scene and repair the problem
- B.
  
  To secure the scene and preserve evidence
- C.
  
  To evaluate the scene and determine the cause
- D.
  
  To gather evidence and write reports
Correct Answer
B. To secure the scene and preserve evidence

Explanation
The primary incident response function of a first responder is to secure the scene and preserve evidence. This involves taking immediate action to ensure the safety and security of the area where the incident occurred, as well as collecting and preserving any evidence that may be relevant to the investigation. By securing the scene and preserving evidence, the first responder helps to maintain the integrity of the incident and ensure that a thorough investigation can take place.

Rate this question:
16.

QUESTION NO: 316 Which of the following is the GREATEST problem with low humidity in a server room?
- A.
  
  Static electricity
- B.
  
  Power surge
- C.
  
  Electromagnetic interference
- D.
  
  Brown out
Correct Answer
A. Static electricity

Explanation
Low humidity in a server room can lead to an increase in static electricity. Static electricity can cause damage to sensitive electronic equipment, such as servers, by creating sparks that can disrupt or destroy circuitry. This can result in data loss, system failures, and potentially costly repairs or replacements. Therefore, the greatest problem with low humidity in a server room is the increased risk of static electricity and its potential impact on the equipment.

Rate this question:
17.

QUESTION NO: 317 Which of the following protocols is used to ensure secure transmissions on port 443?
- A.
  
  HTTPS
- B.
  
  Telnet
- C.
  
  SFTP
- D.
  
  SHTTP
Correct Answer
A. HTTPS

Explanation
HTTPS (Hypertext Transfer Protocol Secure) is the correct answer because it is the protocol used to ensure secure transmissions on port 443. HTTPS uses encryption to secure the communication between a client and a server, providing confidentiality and integrity of the transmitted data. It is commonly used for secure online transactions, such as e-commerce websites, where sensitive information like credit card details needs to be protected from unauthorized access.

Rate this question:
18.

QUESTION NO: 318 When should a technician perform disaster recovery testing?
- A.
  
  Immediately following lessons learned sessions
- B.
  
  Once a month, during peak business hours
- C.
  
  After the network is stable and online
- D.
  
  In accordance with the disaster recovery plan
Correct Answer
D. In accordance with the disaster recovery plan

Explanation
The correct answer is "In accordance with the disaster recovery plan". Disaster recovery testing should be performed according to the plan that has been developed and documented for the organization. This plan outlines the procedures and steps to be taken in the event of a disaster, including when and how testing should be conducted. Following the plan ensures that testing is done at the appropriate times and in the most effective way to ensure the organization's ability to recover from a disaster.

Rate this question:
19.

QUESTION NO: 319 Which of the following is the BEST backup method to restore the entire operating system and all related software?
- A.
  
  Weekly
- B.
  
  Incremental
- C.
  
  Disk Image
- D.
  
  Differential
Correct Answer
C. Disk Image

Explanation
A disk image is the best backup method to restore the entire operating system and all related software. A disk image is a complete copy of the entire hard drive, including the operating system, software, and data. It captures the exact state of the system at the time the backup was created, allowing for a complete restoration of the system to its previous state. This method is more comprehensive and reliable compared to other backup methods like weekly, incremental, or differential backups, which may only backup specific files or changes made since the last backup.

Rate this question:
20.

QUESTION NO: 320 How many keys are utilized in symmetric cryptography?
- A.
  
  One
- B.
  
  Two
- C.
  
  Three
- D.
  
  Four
Correct Answer
A. One

Explanation
Symmetric cryptography uses only one key for both encryption and decryption. This key is shared between the sender and the receiver, allowing them to communicate securely by encrypting and decrypting the messages using the same key. This differs from asymmetric cryptography, which uses a pair of keys (public and private) for encryption and decryption. In symmetric cryptography, the same key is used for both operations, making it faster and more efficient for encrypting large amounts of data.

Rate this question:
21.

QUESTION NO: 321 Which of the following terms is BEST associated with public key infrastructure (PKI)?
- A.
  
  MD5 hashing
- B.
  
  Symmetric key
- C.
  
  Symmetric algorithm
- D.
  
  Digital signatures
Correct Answer
D. Digital signatures

Explanation
Public key infrastructure (PKI) is a system that uses public key cryptography to provide secure communication and authentication. Digital signatures are a key component of PKI as they provide a way to verify the authenticity and integrity of digital documents or messages. By using a private key to sign a document, the recipient can use the corresponding public key to verify that the document has not been tampered with and that it was indeed signed by the expected sender. Therefore, digital signatures are the most closely associated term with PKI.

Rate this question:
22.

QUESTION NO: 322 Which of the following is the LAST step to granting access to specific domain resources?
- A.
  
  Validate the user
- B.
  
  Authorize the user
- C.
  
  Verify the user
- D.
  
  Authenticate the user
Correct Answer
B. Authorize the user

Explanation
The last step to granting access to specific domain resources is to authorize the user. Once the user has been authenticated and their identity has been verified, the next step is to determine if they have the necessary permissions and privileges to access the specific resources they are requesting. This involves checking the user's role, permissions, and any other access control mechanisms in place to ensure that the user is authorized to access the requested resources.

Rate this question:
23.

QUESTION NO: 323 After an attacker has successfully gained remote access to a server with minimal privileges, which of the following is their next step?
- A.
  
  Elevate system privileges.
- B.
  
  Monitor networktraffiC.
- C.
  
  Capture private keys.
- D.
  
  Begin key recovery
Correct Answer
A. Elevate system privileges.

Explanation
After an attacker has gained remote access to a server with minimal privileges, their next step would be to elevate their system privileges. By doing so, the attacker can gain higher levels of access and control over the server, allowing them to carry out more advanced attacks and potentially gain access to sensitive information or perform malicious activities. Monitoring network traffic, capturing private keys, and beginning key recovery may be subsequent steps that the attacker takes, but elevating system privileges is the immediate priority to gain more control over the compromised server.

Rate this question:
24.

QUESTION NO: 324 Which of the following should the technician recommend as a way to logically separate various internal networks from each other?
- A.
  
  NIDS
- B.
  
  VLAN
- C.
  
  NAT
- D.
  
  HIDS
Correct Answer
B. VLAN

Explanation
A VLAN (Virtual Local Area Network) is a logical network that allows for the segmentation and separation of different internal networks. By creating separate VLANs, the technician can ensure that each network remains isolated and secure, while still being able to communicate with each other when necessary. This can help to prevent unauthorized access and improve network performance by reducing broadcast traffic. VLANs can be configured on network switches, and devices within the same VLAN can communicate with each other as if they were connected to the same physical network, even if they are physically located in different areas.

Rate this question:
25.

QUESTION NO: 325 An organization has requested the ability to monitor all network traffic as it traverses their network. Which of the following should a technician implement?
- A.
  
  Content filter
- B.
  
  Protocol analyzer
- C.
  
  Honeypot
- D.
  
  HIDS
Correct Answer
B. Protocol analyzer

Explanation
A protocol analyzer is a tool that allows technicians to capture and analyze network traffic. By implementing a protocol analyzer, the organization will be able to monitor all network traffic as it traverses their network. This tool will provide detailed information about the protocols being used, the source and destination of the traffic, and any potential issues or security threats. It is an effective solution for network monitoring and troubleshooting purposes.

Rate this question:
26.

QUESTION NO: 326 A large amount of viruses have been found on numerous domain workstations. Which of the following should the technician implement?
- A.
  
  Decentralized antivirus
- B.
  
  Host based intrusion detection
- C.
  
  Centralized antivirus
- D.
  
  Spyware detection
Correct Answer
C. Centralized antivirus

Explanation
The technician should implement centralized antivirus. This solution allows for the management and monitoring of antivirus software from a central location, making it easier to deploy updates and patches to all workstations. It also provides a centralized view of virus activity, allowing for quicker detection and response to any threats. Decentralized antivirus would not be as effective as it lacks centralized management and monitoring capabilities. Host-based intrusion detection and spyware detection are important security measures but do not specifically address the issue of viruses on domain workstations.

Rate this question:
27.

QUESTION NO: 327 Which of the following is the MOST difficult security concern to detect when contractors enter a secured facility?
- A.
  
  Rogue access points being installed
- B.
  
  Copying sensitive information with cellular phones
- C.
  
  Removing mass storagei SCSI drives
- D.
  
  Removing network attached storage
Correct Answer
B. Copying sensitive information with cellular phones

Explanation
Copying sensitive information with cellular phones is the most difficult security concern to detect when contractors enter a secured facility because it can be done discreetly and without any physical evidence. Unlike installing rogue access points or removing storage devices, copying sensitive information with cellular phones does not require any additional hardware or obvious actions. Contractors can easily use their personal phones to take pictures or record confidential information without raising suspicion. This makes it challenging for security personnel to detect and prevent this type of security breach.

Rate this question:
28.

QUESTION NO: 328 When are port scanners generally used on systems?
- A.
  
  At the middle of a vulnerability assessment
- B.
  
  At the beginning of a vulnerability assessment
- C.
  
  When there is a need to documen tvulnerabilities
- D.
  
  At the end of a penetration test assessment
Correct Answer
B. At the beginning of a vulnerability assessment

Explanation
Port scanners are generally used at the beginning of a vulnerability assessment. This is because port scanning is a method used to identify open ports on a system, which can help determine potential vulnerabilities. By conducting a port scan at the beginning of the assessment, the tester can gather information about the target system's network services and identify any potential entry points for exploitation. This information is then used to prioritize and focus on areas that require further investigation and testing.

Rate this question:
29.

QUESTION NO: 329 The staff must be cross-trained in different functional areas so that fraud can be detected. Which of the following is this an example of?
- A.
  
  Separation of duties
- B.
  
  Implicit deny
- C.
  
  Least privilege
- D.
  
  Job rotation
Correct Answer
D. Job rotation

Explanation
Job rotation is the practice of moving employees between different roles or departments within an organization. This helps to prevent fraud by ensuring that no single individual has complete control over a particular area of the business. By cross-training staff in different functional areas, organizations can detect and deter fraudulent activities as employees are able to identify irregularities or suspicious behavior more easily. This also helps to foster a culture of accountability and transparency within the organization.

Rate this question:
30.

QUESTION NO: 330 Human Resources has requested that staff members be moved to different parts of the country into new positions. Which of the following is this an example of?
- A.
  
  Implicit deny
- B.
  
  Separation of duties
- C.
  
  Least privilege
- D.
  
  Job rotation
Correct Answer
D. Job rotation

Explanation
Job rotation refers to the practice of moving employees to different positions or departments within an organization. This can be done for various reasons, such as providing employees with new learning opportunities, preventing burnout, or enhancing their skills and knowledge. In this case, Human Resources has requested staff members to be moved to different parts of the country into new positions, which aligns with the concept of job rotation.

Rate this question:
31.

QUESTION NO: 331 An administrator is worried about an attacker using a compromised user account to gain administrator access to a system. Which of the following is this an example of?
- A.
  
  Man-in-the-middle attack
- B.
  
  Protocol analysis
- C.
  
  Privilege escalation
- D.
  
  Cross-site scripting
Correct Answer
C. Privilege escalation

Explanation
This scenario describes a privilege escalation attack, where an attacker exploits a compromised user account to gain higher privileges, such as administrator access, on a system. This allows the attacker to perform unauthorized actions and potentially compromise the entire system.

Rate this question:
32.

QUESTION NO: 332 Which of the following is used to deny authorized users access to services?
- A.
  
  Botnets
- B.
  
  Adware
- C.
  
  Spyware
- D.
  
  Trojans
Correct Answer
A. Botnets

Explanation
Botnets are a network of compromised computers that are controlled by a malicious actor. These computers, also known as "zombies" or "bots," can be used to launch coordinated attacks on websites or services, overwhelming them with traffic and denying access to legitimate users. By utilizing the power of multiple computers, botnets can generate a significant amount of traffic, making it difficult for authorized users to access the targeted services. Therefore, botnets are used to deny authorized users access to services.

Rate this question:
33.

QUESTION NO: 333 An administrator recommends implementing whitelisting, blacklisting, closing-open relays, and strong authentication techniques to a server administrator. Which of the following threats are being addressed?
- A.
  
  Adware
- B.
  
  Spyware
- C.
  
  Spam
- D.
  
  Viruses
Correct Answer
C. Spam

Explanation
The recommended measures of implementing whitelisting, blacklisting, closing-open relays, and strong authentication techniques are aimed at addressing the threat of spam. Whitelisting and blacklisting help filter out unwanted emails, while closing-open relays prevent unauthorized use of the email server. Strong authentication techniques ensure that only authorized users can access the server, reducing the risk of spam being sent from unauthorized accounts. Therefore, by implementing these measures, the server administrator can effectively mitigate the threat of spam.

Rate this question:
34.

QUESTION NO: 334 An administrator is asked to improve the physical security of a data center located inside the office building. The data center already maintains a physical access log and has a video surveillance system. Which of the following additional controls could be implemented?
- A.
  
  Defense-in-depth
- B.
  
  Logical token
- C.
  
  ACL
- D.
  
  Mantrap
Correct Answer
D. Mantrap

Explanation
A mantrap is an additional control that could be implemented to improve the physical security of a data center. A mantrap is a small enclosed area with two or more doors, where one door must be closed and locked before the other door can be opened. This prevents unauthorized individuals from entering the data center by only allowing one person at a time and ensuring that the doors cannot be opened simultaneously. Implementing a mantrap adds an extra layer of security to the data center, enhancing the overall physical security measures already in place.

Rate this question:
35.

QUESTION NO: 335 In regards to physical security, which of the following BEST describes an access control system which implements a non-trusted but secure zone immediately outside of the secure zone?
- A.
  
  Smart card
- B.
  
  Defense-in-depth
- C.
  
  Mantrap
- D.
  
  DMZ
Correct Answer
C. Mantrap

Explanation
A mantrap is an access control system that creates a secure zone with two or more interlocking doors. It is designed to prevent unauthorized access by allowing only one person to enter or exit at a time. This physical security measure ensures that individuals cannot bypass the secure zone by tailgating or piggybacking. The non-trusted but secure zone immediately outside of the secure zone adds an extra layer of protection by creating a buffer area where individuals must be authenticated or verified before gaining access to the secure zone.

Rate this question:
36.

QUESTION NO: 336 A technician notices delays in mail delivery on the mail server. Which of the following tools could be used to determine the cause of the service degradation?
- A.
  
  Port scanner
- B.
  
  Performance monitor
- C.
  
  Ipconfig /all
- D.
  
  TFTP
Correct Answer
B. Performance monitor

Explanation
Performance monitor is the correct answer because it is a tool that can be used to monitor and analyze the performance of a system, including network performance. By using performance monitor, the technician can track various performance metrics such as CPU usage, memory usage, disk activity, and network traffic. This will help the technician identify any bottlenecks or issues that may be causing the delays in mail delivery on the mail server.

Rate this question:
37.

QUESTION NO: 337 Penetration testing should only be used once which of the following items is in place?
- A.
  
  Acceptable use policy
- B.
  
  Data retention and disclosure policy
- C.
  
  Service level agreement
- D.
  
  Written permission
Correct Answer
D. Written permission

Explanation
Penetration testing involves simulating an attack on a system to identify vulnerabilities. It is a highly invasive and potentially disruptive process. Therefore, it should only be conducted with proper authorization. Written permission ensures that the organization is aware of and has approved the testing, and it helps establish clear boundaries and expectations for the testing process. Without written permission, there is a risk of unauthorized testing, which can lead to legal and security issues. Therefore, written permission is a crucial requirement before conducting penetration testing.

Rate this question:
38.

QUESTION NO: 338 An administrator recommends that management establish a trusted third party central repository to maintain all employees private keys. Which of the following BEST describes the administrators recommendation?
- A.
  
  Registration
- B.
  
  Certificate authority
- C.
  
  Recovery agent
- D.
  
  Key escrow
Correct Answer
D. Key escrow

Explanation
The administrator's recommendation is to establish a trusted third party central repository to maintain all employees' private keys. This is known as key escrow. Key escrow involves storing encryption keys with a trusted third party in case they need to be recovered or accessed in the future. This ensures that the keys are securely stored and can be retrieved if necessary.

Rate this question:
39.

QUESTION NO: 339 To combat transaction fraud, a bank has implemented a requirement that all bank customers enter a different, unique code to confirm every transaction. Which of the following is the MOST effective method to accomplish this?
- A.
  
  ATM PIN code
- B.
  
  Elliptic curve
- C.
  
  One-time password
- D.
  
  Digital certificate
Correct Answer
C. One-time password

Explanation
A one-time password is the most effective method to combat transaction fraud because it provides a unique code that can only be used for a single transaction. This means that even if the password is intercepted or stolen, it cannot be used again to authorize any other transactions. This adds an extra layer of security to the banking system and reduces the risk of fraudulent transactions.

Rate this question:
40.

QUESTION NO: 340 All of the following should be identified within the penetration testing scope of work EXCEPT:
- A.
  
  A complete list of all network vulnerabilities.
- B.
  
  IP addresses of machines from which penetration testing will be executed.
- C.
  
  A list of acceptable testing techniques and tools to be utilized.
- D.
  
  Handling of information collected by the penetration testing team.
Correct Answer
A. A complete list of all network vulnerabilities.

Explanation
The question asks for an exception to be identified within the penetration testing scope of work. The correct answer is "a complete list of all network vulnerabilities." This means that a complete list of all network vulnerabilities should not be included in the scope of work. Instead, the scope should include identifying the IP addresses of machines from which penetration testing will be executed, a list of acceptable testing techniques and tools to be utilized, and the handling of information collected by the penetration testing team.

Rate this question:
41.

QUESTION NO: 341 Which of the following is the MOST efficient way that an administrator can restrict network access to certain ports enterprise wide?
- A.
  
  HIDS
- B.
  
  Personal software firewall
- C.
  
  NIDS
- D.
  
  ACL
Correct Answer
D. ACL

Explanation
An ACL (Access Control List) is the most efficient way for an administrator to restrict network access to certain ports enterprise-wide. ACLs are used to filter network traffic based on predetermined rules, allowing or denying access to specific ports or IP addresses. By implementing ACLs, the administrator can control and manage network traffic at a granular level, ensuring that only authorized users or systems have access to the desired ports while blocking unauthorized access. This helps to enhance network security and prevent potential threats or attacks.

Rate this question:
42.

QUESTION NO: 342 An administrator is responsible for a server which has been attacked repeatedly in the past. The only recourse has been to reload the server from scratch. Which of the following techniques could be used to decrease the recovery time following an incident?
- A.
  
  Implement the server as a honeypot.
- B.
  
  Implement the server as a virtual server instance
- C.
  
  Load balance between two identical servers.
- D.
  
  Install the server on a separate VLAN segment.
Correct Answer
B. Implement the server as a virtual server instance

Explanation
Implementing the server as a virtual server instance would decrease the recovery time following an incident. This is because a virtual server can be easily backed up and restored, allowing for quick recovery in the event of an attack. Additionally, virtual servers can be easily replicated and deployed on different physical servers, providing redundancy and minimizing downtime.

Rate this question:
43.

QUESTION NO: 343 Validating the users claimed identity is called which of the following?
- A.
  
  Authentication
- B.
  
  Identification
- C.
  
  Verification
- D.
  
  Validation
Correct Answer
A. Authentication

Explanation
Authentication is the process of verifying the claimed identity of a user. It involves confirming the user's identity through the use of credentials such as passwords, biometrics, or security tokens. This ensures that the user is who they claim to be before granting them access to a system or resource. Identification refers to the act of identifying a user, while verification is the process of confirming the accuracy of the information provided. Validation, on the other hand, typically refers to the process of checking the integrity and validity of data.

Rate this question:
44.

QUESTION NO: 344 Which of the following is planted on an infected system and deployed at a predetermined time?
- A.
  
  Logic bomb
- B.
  
  Trojan horse
- C.
  
  Worm
- D.
  
  Rootkit
Correct Answer
A. Logic bomb

Explanation
A logic bomb is a malicious code that is planted on an infected system and is programmed to execute a specific action at a predetermined time or when certain conditions are met. Unlike a Trojan horse or a worm, which are designed to spread and infect other systems, a logic bomb remains dormant until triggered. Once triggered, it can cause damage to the system, such as deleting files, stealing data, or disrupting operations. Therefore, a logic bomb fits the description of being planted on an infected system and deployed at a predetermined time.

Rate this question:
45.

QUESTION NO: 345 Which of the following allows a user to float a domain registration for a maximum of five days?
- A.
  
  DNS poisoning
- B.
  
  Domain hijacking
- C.
  
  Spoofing
- D.
  
  Kiting
Correct Answer
D. Kiting

Explanation
Kiting allows a user to float a domain registration for a maximum of five days. Kiting refers to the practice of registering a domain name and then canceling the registration within the grace period, which is typically five days. This allows the user to temporarily use the domain without actually paying for it. It is a deceptive practice that takes advantage of the grace period offered by domain registrars.

Rate this question:
46.

QUESTION NO: 346 According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?
- A.
  
  NIDS
- B.
  
  DMZ
- C.
  
  NAT
- D.
  
  VLAN
Correct Answer
D. VLAN

Explanation
A VLAN (Virtual Local Area Network) would be the simplest way to logically separate the Human Resources department from the Accounting department. VLANs allow for the creation of separate virtual networks within a physical network infrastructure, allowing for different departments to be isolated from each other while still sharing the same physical resources. This would ensure that the two departments remain separate and their network traffic does not mix, in accordance with the company policy.

Rate this question:
47.

QUESTION NO: 347 Which of the following is an attack which is launched from multiple zombie machines in attempt to bring down a service?
- A.
  
  DoS
- B.
  
  Man-in-the-middle
- C.
  
  DDoS
- D.
  
  TCP/IP hijacking
Correct Answer
C. DDoS

Explanation
A DDoS (Distributed Denial of Service) attack is launched from multiple zombie machines, which are compromised computers or devices controlled by an attacker. The goal of a DDoS attack is to overwhelm a targeted service or website with a flood of traffic, making it unavailable to legitimate users. This attack is different from a DoS (Denial of Service) attack, which is launched from a single source, as it utilizes multiple sources to amplify the impact and make it harder to defend against. A DDoS attack can cause significant disruption and financial loss for the targeted organization.

Rate this question:
48.

QUESTION NO: 348 Which of the following will MOST likely allow an attacker to make a switch function like a hub?
- A.
  
  MAC flooding
- B.
  
  ARP poisoning
- C.
  
  DNS poisoning
- D.
  
  DNS spoofing
Correct Answer
A. MAC flooding

Explanation
MAC flooding is a technique in which an attacker floods a switch with fake MAC addresses, causing the switch to enter into a fail-open mode and behave like a hub. This allows the attacker to intercept and view all network traffic passing through the switch, compromising the security of the network. ARP poisoning, DNS poisoning, and DNS spoofing are all different attack techniques that can be used to manipulate network traffic, but they do not specifically cause a switch to function like a hub.

Rate this question:
49.

QUESTION NO: 349 Which of the following is commonly programmed into an application for ease of administration?
- A.
  
  Back door
- B.
  
  Worm
- C.
  
  Zombie
- D.
  
  Trojan
Correct Answer
A. Back door

Explanation
A back door is commonly programmed into an application for ease of administration. It allows authorized individuals to bypass normal authentication processes and gain access to the system or application. This can be useful for system administrators or developers who need to troubleshoot or make changes without going through the usual authentication steps. However, back doors can also be exploited by unauthorized individuals, making them a potential security risk if not properly managed and secured.

Rate this question:
50.

QUESTION NO: 350 Which of the following is a technique used by hackers to identify unsecured wireless network locations to other hackers?
- A.
  
  Bluesnarfing
- B.
  
  War dialing
- C.
  
  War chalking
- D.
  
  War driving
Correct Answer
C. War chalking

Explanation
War chalking is a technique used by hackers to identify unsecured wireless network locations to other hackers. It involves marking or drawing symbols on public spaces, such as walls or pavements, to indicate the presence of an unsecured Wi-Fi network. These symbols serve as a signal to other hackers that the network is vulnerable and can be easily exploited. By using war chalking, hackers can quickly identify and target unsecured networks for unauthorized access or malicious activities.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 21, 2023

Quiz Edited by
ProProfs Editorial Team
Dec 22, 2010

Quiz Created by
Ctstravis

How Well You Know SEC+ Study Guide D Quiz

QUESTION NO: 301 Which of the following reduces the effectiveness of telephone social engineering?

QUESTION NO: 302 Which of the following will execute malicious code at a pre-specified time?

QUESTION NO: 303 All of the following are weaknesses of WEP EXCEPT:

QUESTION NO: 304 Which of the following is LEAST likely to help reduce single points of failure?

QUESTION NO: 305 Which of the following reduces the attack surface of an operating system?

QUESTION NO: 306 Which of the following is LEAST effective when hardening an operating system?

QUESTION NO: 307 Which of the following provides the MOST control when deploying patches?

QUESTION NO: 308 If a technician wants to know when a computer application is accessing the network, which of the following logs should be reviewed?

QUESTION NO: 309 All of the following are components of IPSec EXCEPT:

QUESTION NO: 310 IPSec connection parameters are stored in which of the following?

QUESTION NO: 311 Which of the following will provide a 128-bit hash?

QUESTION NO: 312 Which of the following describes a hash algorithms ability to avoid the same output from two guessed inputs?

QUESTION NO: 313 Which of the following should be included in a forensic toolkit?

QUESTION NO: 314 Which of the following BEST describes the form used while transferring evidence?

QUESTION NO: 315 Which of the following is the primary incident response function of a first responder?

QUESTION NO: 316 Which of the following is the GREATEST problem with low humidity in a server room?

QUESTION NO: 317 Which of the following protocols is used to ensure secure transmissions on port 443?

QUESTION NO: 318 When should a technician perform disaster recovery testing?

QUESTION NO: 319 Which of the following is the BEST backup method to restore the entire operating system and all related software?

QUESTION NO: 320 How many keys are utilized in symmetric cryptography?

QUESTION NO: 321 Which of the following terms is BEST associated with public key infrastructure (PKI)?

QUESTION NO: 322 Which of the following is the LAST step to granting access to specific domain resources?

QUESTION NO: 323 After an attacker has successfully gained remote access to a server with minimal privileges, which of the following is their next step?

QUESTION NO: 324 Which of the following should the technician recommend as a way to logically separate various internal networks from each other?

QUESTION NO: 325 An organization has requested the ability to monitor all network traffic as it traverses their network. Which of the following should a technician implement?

QUESTION NO: 326 A large amount of viruses have been found on numerous domain workstations. Which of the following should the technician implement?

QUESTION NO: 327 Which of the following is the MOST difficult security concern to detect when contractors enter a secured facility?

QUESTION NO: 328 When are port scanners generally used on systems?

QUESTION NO: 329 The staff must be cross-trained in different functional areas so that fraud can be detected. Which of the following is this an example of?

QUESTION NO: 330 Human Resources has requested that staff members be moved to different parts of the country into new positions. Which of the following is this an example of?

QUESTION NO: 331 An administrator is worried about an attacker using a compromised user account to gain administrator access to a system. Which of the following is this an example of?

QUESTION NO: 332 Which of the following is used to deny authorized users access to services?

QUESTION NO: 333 An administrator recommends implementing whitelisting, blacklisting, closing-open relays, and strong authentication techniques to a server administrator. Which of the following threats are being addressed?

QUESTION NO: 334 An administrator is asked to improve the physical security of a data center located inside the office building. The data center already maintains a physical access log and has a video surveillance system. Which of the following additional controls could be implemented?

QUESTION NO: 335 In regards to physical security, which of the following BEST describes an access control system which implements a non-trusted but secure zone immediately outside of the secure zone?

QUESTION NO: 336 A technician notices delays in mail delivery on the mail server. Which of the following tools could be used to determine the cause of the service degradation?

QUESTION NO: 337 Penetration testing should only be used once which of the following items is in place?

QUESTION NO: 338 An administrator recommends that management establish a trusted third party central repository to maintain all employees private keys. Which of the following BEST describes the administrators recommendation?

QUESTION NO: 339 To combat transaction fraud, a bank has implemented a requirement that all bank customers enter a different, unique code to confirm every transaction. Which of the following is the MOST effective method to accomplish this?

QUESTION NO: 340 All of the following should be identified within the penetration testing scope of work EXCEPT:

QUESTION NO: 341 Which of the following is the MOST efficient way that an administrator can restrict network access to certain ports enterprise wide?

QUESTION NO: 342 An administrator is responsible for a server which has been attacked repeatedly in the past. The only recourse has been to reload the server from scratch. Which of the following techniques could be used to decrease the recovery time following an incident?

QUESTION NO: 343 Validating the users claimed identity is called which of the following?

QUESTION NO: 344 Which of the following is planted on an infected system and deployed at a predetermined time?

QUESTION NO: 345 Which of the following allows a user to float a domain registration for a maximum of five days?

QUESTION NO: 346 According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?

QUESTION NO: 347 Which of the following is an attack which is launched from multiple zombie machines in attempt to bring down a service?

QUESTION NO: 348 Which of the following will MOST likely allow an attacker to make a switch function like a hub?

QUESTION NO: 349 Which of the following is commonly programmed into an application for ease of administration?

QUESTION NO: 350 Which of the following is a technique used by hackers to identify unsecured wireless network locations to other hackers?