SEC+ Study Guide E

Approved & Edited by ProProfs Editorial Team

The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.

Learn about Our Editorial Process

| By Ctstravis

Ctstravis

Community Contributor

Quizzes Created: 8 | Total Attempts: 2,482

Questions: 100 | Attempts: 147 | Updated: Aug 9, 2024

Quiz Flashcard

Questions

Settings

Feedback

During the Quiz End of Quiz

Create your own Quiz

Sec+ study guide E assesses knowledge on network security, risk management, and cryptographic techniques. It tests understanding of corporate security policies, USB security risks, and the importance of performance monitoring. Ideal for learners aiming to validate their cybersecurity skills.

Questions and Answers

1.

QUESTION NO: 401To facilitate compliance with the Internet use portion of the corporate acceptable use policy, an administrator implements a series of proxy servers and firewalls. The administrator furtherrecommends installation of software based firewalls on each host on the network. Which of the following would have provided an alternative simpler solution?
- A.
  
  Internet content filter
- B.
  
  Hardware IDS
- C.
  
  Software HIPS
- D.
  
  DMZ
Correct Answer
A. Internet content filter

Explanation
An internet content filter would have provided an alternative simpler solution to facilitate compliance with the Internet use portion of the corporate acceptable use policy. This type of filter allows the administrator to control and restrict access to certain websites and content, ensuring that employees adhere to the policy without the need for implementing proxy servers, firewalls, or additional software on each host. By using an internet content filter, the administrator can easily manage and enforce the acceptable use policy across the network.

Rate this question:
2.

QUESTION NO: 402The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive datA. The security administrator advises the marketing department not to distribute the USB pens due to which of the following?
- A.
  
  The risks associated with the large capacity of USB drives and their concealable nature
- B.
  
  The security costs associated with securing the USB drives over time
- C.
  
  The cost associated with distributing a large volume of the USB pens
- D.
  
  The security risks associated with combining USB drives and cell phones on a network
Correct Answer
A. The risks associated with the large capacity of USB drives and their concealable nature

Explanation
The risks associated with the large capacity of USB drives and their concealable nature pose a threat to the security of sensitive data. USB drives can easily be lost or stolen, and their large storage capacity makes it possible for a significant amount of data to be compromised. Additionally, their small size makes them easy to conceal and transport without detection. Given the client's history of social engineering attacks and data loss, the security administrator advises against distributing the USB pens to mitigate the risk of further data breaches.

Rate this question:
3.

QUESTION NO: 403 USB drives create a potential security risk due to which of the following?
- A.
  
  Operating system incompatibility
- B.
  
  Large storage capacity
- C.
  
  Widespread use
- D.
  
  Potential for software introduction
Correct Answer
D. Potential for software introduction

Explanation
USB drives create a potential security risk due to their potential for software introduction. USB drives can be easily infected with malware or viruses, and when inserted into a computer, they can transfer the malicious software onto the system. This can lead to unauthorized access, data breaches, and other security threats. Therefore, the potential for software introduction through USB drives poses a significant security risk.

Rate this question:
4.

QUESTION NO: 404 As a best practice, risk assessments should be based upon which of the following?
- A.
  
  A qualitative measurement of risk and impact
- B.
  
  A survey of annual loss, potential threats and asset value
- C.
  
  A quantitative measurement of risk, impact and asset value
- D.
  
  An absolute measurement of threats
Correct Answer
C. A quantitative measurement of risk, impact and asset value

Explanation
Risk assessments should be based on a quantitative measurement of risk, impact, and asset value. This means that the assessment should involve a numerical evaluation of the likelihood and potential consequences of risks, as well as the value of the assets that could be affected. This approach allows for a more objective and systematic analysis of risks, enabling organizations to prioritize and allocate resources effectively to mitigate and manage those risks. A qualitative measurement may not provide enough detail or precision, while an absolute measurement of threats may not consider the potential impact or value of assets.

Rate this question:
5.

QUESTION NO: 405 Which of the following is a cryptographic hash function?
- A.
  
  RSA
- B.
  
  SHA
- C.
  
  RC4
- D.
  
  ECC
Correct Answer
B. SHA

Explanation
SHA (Secure Hash Algorithm) is a cryptographic hash function. It is commonly used to ensure data integrity and security in various applications. SHA takes an input (message) and produces a fixed-size output (hash value) that is unique to the input. This hash value is used to verify the integrity of the data and detect any changes or tampering. SHA is widely used in digital signatures, password storage, and data verification processes. RSA, RC4, and ECC are encryption algorithms, not hash functions.

Rate this question:
6.

QUESTION NO: 406 From a security standpoint, which of the following is the BEST reason to implement performance monitoring applications on network systems?
- A.
  
  To detect network intrusions from external attackers
- B.
  
  To detect integrity degradations to network attached storage
- C.
  
  To detect host intrusions from external networks
- D.
  
  To detect availability degradations caused by attackers
Correct Answer
D. To detect availability degradations caused by attackers

Explanation
Implementing performance monitoring applications on network systems is important from a security standpoint because it helps in detecting availability degradations caused by attackers. By monitoring the performance of the network systems, any abnormalities or anomalies caused by attackers can be identified and addressed promptly. This ensures that the network remains available and accessible to authorized users, minimizing the impact of potential attacks and maintaining the overall security of the system.

Rate this question:
7.

QUESTION NO: 407 All of the following are methods used to conduct risk assessments EXCEPT:
- A.
  
  Penetration tests.
- B.
  
  Security audits.
- C.
  
  Vulnerability scans.
- D.
  
  Disaster exercises.
Correct Answer
D. Disaster exercises.

Explanation
Disaster exercises are not typically used as a method to conduct risk assessments. While penetration tests, security audits, and vulnerability scans are all commonly used techniques to identify and assess potential risks and vulnerabilities in a system or organization, disaster exercises are typically focused on testing and evaluating the preparedness and response capabilities in the event of an actual disaster or emergency situation. Therefore, they are not directly related to assessing risks in the same way as the other methods mentioned.

Rate this question:
8.

QUESTION NO: 408 After conducting a risk assessment, the main focus of an administrator should be which of the following?
- A.
  
  To report the results of the assessment to the users
- B.
  
  To ensure all threats are mitigated
- C.
  
  To ensure all vulnerabilities are eliminated
- D.
  
  To ensure risk mitigation activities are implemented
Correct Answer
D. To ensure risk mitigation activities are implemented

Explanation
After conducting a risk assessment, the main focus of an administrator should be to ensure that risk mitigation activities are implemented. This means taking action to reduce or eliminate the identified risks. While it is important to report the results of the assessment to the users, the primary goal is to address the risks and protect the system. Mitigating threats and eliminating vulnerabilities are important steps in this process, but the ultimate objective is to implement measures that will reduce the overall risk to an acceptable level.

Rate this question:
9.

QUESTION NO: 409 Which of the following is a BEST practice when implementing a new system?
- A.
  
  Disable unneeded services
- B.
  
  Use group policies
- C.
  
  Implement open source alternatives.
- D.
  
  Use default installations.
Correct Answer
A. Disable unneeded services

Explanation
Disabling unneeded services is a best practice when implementing a new system because it helps to minimize the attack surface and reduce the potential vulnerabilities. By disabling unnecessary services, the system becomes more secure as there are fewer entry points for attackers. This practice also helps to optimize system resources and improve performance by eliminating unnecessary background processes. Additionally, disabling unneeded services can help to simplify system management and reduce the overall complexity of the system.

Rate this question:
10.

QUESTION NO: 410 When installing and securing a new system for a home user which of the following are best practices? (Select THREE).
- A.
  
  Use a strong firewall.
- B.
  
  Block inbound access to port 80
- C.
  
  Apply all system patches
- D.
  
  Use input validation
- E.
  
  Install remote control software
- F.
  
  Apply all service packs.
Correct Answer(s)
A. Use a strong firewall.
C. Apply all system patches
F. Apply all service packs.

Explanation
The best practices for installing and securing a new system for a home user include using a strong firewall to protect against unauthorized access, applying all system patches to ensure the latest security updates are installed, and applying all service packs to keep the system up to date with the latest features and bug fixes. Blocking inbound access to port 80 can also be beneficial as it is commonly used for web traffic and can be a target for hackers. However, input validation and installing remote control software are not mentioned as best practices in this context and may not be relevant to securing a new system for a home user.

Rate this question:
11.

QUESTION NO: 411 Which of the following describes a logic bomb?
- A.
  
  A piece of malicious code that can spread on its own
- B.
  
  A piece of malicious code that is concealed from all detection
- C.
  
  A piece of malicious code that executes based on an event or date
- D.
  
  A piece of malicious code that exploits a race condition
Correct Answer
C. A piece of malicious code that executes based on an event or date

Explanation
A logic bomb is a piece of malicious code that is designed to execute based on a specific event or date. Once triggered, it can cause damage to a computer system or network. Unlike a virus or worm, a logic bomb does not have the ability to spread on its own. Instead, it remains dormant until the specified condition is met, such as a specific date or the occurrence of a particular event. When the condition is met, the logic bomb is activated and carries out its intended malicious actions.

Rate this question:
12.

QUESTION NO: 412 Which of the following is a prerequisite for privilege escalation to occur?
- A.
  
  The attacker has to create their own zero day attack for privilege escalation
- B.
  
  The attacker must already have physical access to the system.
- C.
  
  The attacker must use arootkit in conjunction with privilege escalation.
- D.
  
  The attacker must have already gained entry into the system
Correct Answer
D. The attacker must have already gained entry into the system

Explanation
Privilege escalation refers to the act of gaining higher levels of access or privileges on a system than originally intended. In order for privilege escalation to occur, the attacker must first have already gained entry into the system. This means that they have bypassed any initial security measures and have successfully infiltrated the system. Once inside, they can then attempt to escalate their privileges to gain even more control over the system.

Rate this question:
13.

QUESTION NO: 413 Which of the following is an example of an attack that executes once a year on a certain date?
- A.
  
  Virus
- B.
  
  Worm
- C.
  
  Logic bomb
- D.
  
  Rootkit
Correct Answer
C. Logic bomb

Explanation
A logic bomb is a type of malicious code that is designed to execute at a specific time or when certain conditions are met. It is often used by attackers to cause damage or disrupt systems. In this case, the logic bomb is set to execute once a year on a particular date, making it an example of an attack that occurs annually on a specific date.

Rate this question:
14.

QUESTION NO: 414 Which of the following is the GREATEST threat to highly secure environments?
- A.
  
  Network attached storage
- B.
  
  BIOS configuration
- C.
  
  RSA256
- D.
  
  USB devices
Correct Answer
D. USB devices

Explanation
USB devices pose the greatest threat to highly secure environments because they can be easily used to introduce malware or unauthorized software into the system. USB devices can also be used to steal sensitive data or bypass security measures. Even if the network and BIOS configurations are secure, USB devices can still be used to compromise the security of the environment. RSA256, on the other hand, is a cryptographic algorithm and not a threat to secure environments.

Rate this question:
15.

QUESTION NO: 415 Management has asked a technician to prevent data theft through the use of portable drives. Which of the following should the technician implement?
- A.
  
  Install a CCTV system
- B.
  
  Use security templates
- C.
  
  Implement a biometric system.
- D.
  
  Disable USB drives.
Correct Answer
D. Disable USB drives.

Explanation
The technician should implement the solution of disabling USB drives to prevent data theft through the use of portable drives. This solution will restrict the ability to connect any external storage devices, such as USB drives, to the system, thereby preventing unauthorized copying or transfer of data. This is a proactive measure that directly addresses the issue at hand and reduces the risk of data theft.

Rate this question:
16.

QUESTION NO: 416 A technician has been informed that many of the workstations on the network are flooding servers. Which of the following is the MOST likely cause of this?
- A.
  
  Worm
- B.
  
  Logic bomb
- C.
  
  Virus
- D.
  
  Spam
Correct Answer
A. Worm

Explanation
The most likely cause of the workstations flooding servers is a worm. Unlike viruses, worms do not require a host file or user interaction to spread. They can replicate themselves and spread across a network, consuming network resources and overwhelming servers. Worms are designed to exploit vulnerabilities in computer systems and can cause significant damage to network infrastructure.

Rate this question:
17.

QUESTION NO: 417 Which of the following BEST describes a way to prevent buffer overflows?
- A.
  
  Apply all security patches to workstations
- B.
  
  Apply security templates enterprisewidE.
- C.
  
  Apply group policy management techniques.
- D.
  
  Spam
Correct Answer
A. Apply all security patches to workstations

Explanation
Applying all security patches to workstations is the best way to prevent buffer overflows. Buffer overflows occur when a program tries to store more data in a buffer than it can hold, leading to the overflow of data into adjacent memory locations. By regularly applying security patches, any vulnerabilities or weaknesses in the software that could be exploited by attackers to cause buffer overflows can be addressed and fixed, reducing the risk of such attacks.

Rate this question:
18.

QUESTION NO: 418 Which of the following is a security reason to implement virtualization throughout the network infrastructure?
- A.
  
  To analyze the various network traffic with protocol analyzers
- B.
  
  To centralize the patch management of network servers
- C.
  
  To isolate the various network services and roles
- D.
  
  To implement additional network services at a lower cost
Correct Answer
C. To isolate the various network services and roles

Explanation
Implementing virtualization throughout the network infrastructure allows for the isolation of various network services and roles. By separating these services and roles into virtual machines, any potential security breaches or vulnerabilities in one service or role will not affect the others. This helps to prevent lateral movement within the network and limits the impact of an attack. Additionally, virtualization provides the ability to easily manage and control access to each virtual machine, enhancing overall network security.

Rate this question:
19.

QUESTION NO: 419 Which of the following is a reason to use a Faraday cage?
- A.
  
  To allow wireless usage
- B.
  
  To minimize weak encryption
- C.
  
  To mitigate data emanation
- D.
  
  To find rogue access points
Correct Answer
C. To mitigate data emanation

Explanation
A Faraday cage is a metallic enclosure that is designed to block electromagnetic fields. It is used to mitigate data emanation, which refers to the unintentional leakage of electromagnetic signals from electronic devices. By using a Faraday cage, the electromagnetic signals are contained within the enclosure, preventing unauthorized access or interception of sensitive information. This is especially important in environments where data security is crucial, such as government agencies, military facilities, or research labs.

Rate this question:
20.

QUESTION NO: 420 Weak encryption is a common problem with which of the following wireless protocols?
- A.
  
  WPA2-Enterprise
- B.
  
  WEP
- C.
  
  WPA2-Personal
- D.
  
  WPA
Correct Answer
B. WEP

Explanation
Weak encryption is a common problem with WEP (Wired Equivalent Privacy) wireless protocol. WEP is known for its vulnerabilities and has been deprecated due to its weak security measures. It uses a 40-bit or 104-bit encryption key, which can be easily cracked by attackers. This makes WEP susceptible to various attacks, such as packet sniffing and unauthorized access to the network. As a result, it is not recommended to use WEP for securing wireless networks.

Rate this question:
21.

QUESTION NO: 421 Which of the following describes a tool used by organizations to verify whether or not a staff member has been involved in malicious activity?
- A.
  
  Mandatory vacations
- B.
  
  Implicit deny
- C.
  
  Implicit allow
- D.
  
  Time of day restrictions
Correct Answer
A. Mandatory vacations

Explanation
Mandatory vacations are a tool used by organizations to verify whether or not a staff member has been involved in malicious activity. By requiring employees to take regular vacations, it allows for other employees to step in and perform the duties of the absent employee, potentially uncovering any suspicious or unauthorized activities that may have been taking place. This practice also helps to prevent fraud, as it becomes difficult for an employee to maintain a fraudulent scheme if they are required to take time off.

Rate this question:
22.

QUESTION NO: 422 Which of the following is a cross-training technique where organizations minimize collusion amongst staff?
- A.
  
  Least privilege
- B.
  
  Job rotation
- C.
  
  Cross-site scripting
- D.
  
  Separation of duties
Correct Answer
B. Job rotation

Explanation
Job rotation is a cross-training technique where employees are moved between different roles and responsibilities within an organization. This technique helps to minimize collusion among staff by preventing individuals from becoming too familiar or comfortable with a specific role or task. By rotating employees, organizations can reduce the risk of collusion and promote transparency and accountability within the workforce.

Rate this question:
23.

QUESTION NO: 423 Which of the following will allow a technician to restrict a users access to the GUI?
- A.
  
  Access control lists
- B.
  
  Group policy implementation
- C.
  
  Use of logical tokens
- D.
  
  Password policy enforcement
Correct Answer
B. Group policy implementation

Explanation
Group policy implementation allows a technician to restrict a user's access to the GUI. Group policies are a feature in Windows operating systems that allow administrators to control the settings and configurations of multiple computers in a network. By implementing group policies, administrators can define specific access rights and permissions for users, including restricting their access to the graphical user interface (GUI). This can be useful in situations where certain users should only have limited access to certain features or applications on a computer.

Rate this question:
24.

QUESTION NO: 424 Which of the following is the MOST common logical access control method?
- A.
  
  Access control lists
- B.
  
  Usernames and password
- C.
  
  Multifactor authentication
- D.
  
  Security ID badges
Correct Answer
B. Usernames and password

Explanation
Usernames and passwords are the most common logical access control method because they are widely used and easy to implement. They provide a basic level of security by requiring users to enter a unique username and password combination to access a system or resource. This method is commonly used for online accounts, computer logins, and other digital systems. While it is not the most secure method, it is the most common due to its simplicity and familiarity to users.

Rate this question:
25.

QUESTION NO: 425 Which of the following verifies control for granting access in a PKI environment?
- A.
  
  System administrator
- B.
  
  Certificate authority
- C.
  
  Recovery agent
- D.
  
  Certificate revocation list
Correct Answer
B. Certificate authority

Explanation
A certificate authority (CA) is responsible for verifying the identity of individuals or entities in a PKI environment and issuing digital certificates to them. These digital certificates are used to authenticate and authorize access to resources. The CA ensures that only authorized individuals or entities are granted access by verifying their identity through a rigorous process. The CA plays a crucial role in maintaining the security and integrity of the PKI environment by controlling the granting of access.

Rate this question:
26.

QUESTION NO: 426 Which of the following explains the difference between a public key and a private key?
- A.
  
  The public key is only used by the client while the private key is available to all. Both keys are mathematically related
- B.
  
  The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related
- C.
  
  The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption.
- D.
  
  The private key is only used by the client and kept secret while the public key is available to all
Correct Answer
D. The private key is only used by the client and kept secret while the public key is available to all

Explanation
The explanation for the given correct answer is that the private key is only used by the client and kept secret, while the public key is available to all. This is because in asymmetric encryption, the private key is used for decryption and is kept confidential by the client, while the public key is used for encryption and can be freely shared with others. The keys are mathematically related, but their usage and accessibility differ.

Rate this question:
27.

QUESTION NO: 427 Which of the following is a countermeasure when power must be delivered to critical systems no matter what?
- A.
  
  Backup generator
- B.
  
  Redundant power supplies
- C.
  
  Uninterruptible power supplies (UPSs)
- D.
  
  Warm site
Correct Answer
A. Backup generator

Explanation
A backup generator is a countermeasure that ensures power can be delivered to critical systems even in the event of a power outage or failure. It serves as an alternative power source, providing electricity when the primary power source is unavailable. This helps to prevent disruptions and downtime in critical systems, ensuring their continuous operation and minimizing the impact of power failures. Backup generators are commonly used in industries and organizations where uninterrupted power supply is crucial for the functioning of critical systems.

Rate this question:
28.

QUESTION NO: 428 Which of the following is the MOST important step to conduct during a risk assessment of computing systems?
- A.
  
  The identification of USB drives
- B.
  
  The identification of missing patches
- C.
  
  The identification of mantraps
- D.
  
  The identification of disgruntled staff members
Correct Answer
B. The identification of missing patches

Explanation
The identification of missing patches is the most important step to conduct during a risk assessment of computing systems. This is because missing patches can leave systems vulnerable to security breaches and attacks. By identifying and addressing these missing patches, organizations can ensure that their systems are up to date with the latest security updates and minimize the risk of potential vulnerabilities being exploited.

Rate this question:
29.

QUESTION NO: 429 Which of the following tools will allow a technician to detect security-related TCP connection anomalies?
- A.
  
  Logical token
- B.
  
  Performance monitor
- C.
  
  Public key infrastructure
- D.
  
  Trusted platform module
Correct Answer
B. Performance monitor

Explanation
Performance monitor is a tool that allows a technician to detect security-related TCP connection anomalies. It provides real-time monitoring and analysis of system performance, including network activity. By monitoring TCP connections, the technician can identify any abnormal or suspicious behavior that may indicate a security breach or attack. This tool helps in identifying and addressing security issues promptly, enhancing the overall security of the system.

Rate this question:
30.

QUESTION NO: 430 Which of the following monitoring methodologies will allow a technician to determine when there is a security related problem that results in an abnormal condition?
- A.
  
  Signature-based
- B.
  
  NIDS
- C.
  
  Anomaly-based
- D.
  
  NIPS
Correct Answer
C. Anomaly-based

Explanation
Anomaly-based monitoring methodologies are designed to detect abnormal behavior or patterns that deviate from the expected or normal behavior. This means that when there is a security-related problem that results in an abnormal condition, an anomaly-based monitoring methodology will be able to identify and alert the technician about it. Unlike signature-based monitoring, which relies on known patterns or signatures of attacks, anomaly-based monitoring is more effective in detecting new or unknown threats. Therefore, it is the most appropriate choice for determining security-related problems that result in abnormal conditions.

Rate this question:
31.

QUESTION NO: 431 Which of the following systems is BEST to use when monitoring application activity and modification?
- A.
  
  RADIUS
- B.
  
  OVAL
- C.
  
  HIDS
- D.
  
  NIDS
Correct Answer
C. HIDS

Explanation
HIDS, or Host-based Intrusion Detection System, is the best system to use when monitoring application activity and modification. HIDS operates on individual hosts and monitors the activities and changes occurring on that specific host. It can detect suspicious behavior, unauthorized access, and modifications made to applications on the host. By monitoring at the host level, HIDS provides a more detailed and comprehensive view of the application activity, making it the ideal choice for this purpose.

Rate this question:
32.

QUESTION NO: 432 Which of the following is the MOST important thing to consider when implementing an IDS solution?
- A.
  
  The cost of the device
- B.
  
  Distinguishing between false negatives
- C.
  
  Distinguishing between false positives
- D.
  
  The personnel to interpret results
Correct Answer
D. The personnel to interpret results

Explanation
The personnel to interpret results is the most important thing to consider when implementing an IDS solution. This is because even with the most advanced technology and accurate detection capabilities, the effectiveness of an IDS ultimately depends on the ability of trained personnel to interpret and respond to the results. Without skilled individuals to analyze the data and take appropriate action, the IDS solution would be ineffective in detecting and responding to potential threats. Therefore, having knowledgeable and experienced personnel is crucial for the successful implementation and operation of an IDS solution.

Rate this question:
33.

QUESTION NO: 433 Which of the following is the FIRST step in the implementation of an IDS?
- A.
  
  Decide on thetypE.
- B.
  
  Decide on the model.
- C.
  
  Purchase the equipment.
- D.
  
  Document the existing network.
Correct Answer
D. Document the existing network.

Explanation
The first step in the implementation of an IDS is to document the existing network. This involves gathering information about the network infrastructure, including the network topology, devices, and their configurations. By documenting the existing network, organizations can gain a better understanding of their network environment and identify potential vulnerabilities or areas where an IDS may be needed. This information is crucial for effectively implementing an IDS and ensuring its proper functioning.

Rate this question:
34.

QUESTION NO: 434 Which of the following encryption algorithms is used for encryption and decryption of data?
- A.
  
  MD5
- B.
  
  SHA-1
- C.
  
  NTLM
- D.
  
  RC5
Correct Answer
D. RC5

Explanation
RC5 is an encryption algorithm that is used for both encryption and decryption of data. It is a symmetric key block cipher that operates on fixed-size blocks of data. RC5 uses a variable block size, key size, and number of rounds, making it flexible and adaptable to different security needs. It is known for its simplicity and efficiency, making it suitable for a wide range of applications that require secure data encryption and decryption.

Rate this question:
35.

QUESTION NO: 435 Which of the following are the authentication header modes?
- A.
  
  Encrypt and Route
- B.
  
  Transport and Tunnel
- C.
  
  Tunnel and Encrypt
- D.
  
  Transport and Encrypt
Correct Answer
B. Transport and Tunnel

Explanation
The correct answer is "Transport and Tunnel". These are the two modes of the authentication header (AH) protocol used in IPsec. The Transport mode is used to protect the payload of an IP packet, while the Tunnel mode is used to protect the entire IP packet by encapsulating it within a new IP packet. Both modes provide authentication and integrity protection for the IP packet, ensuring that it has not been modified during transit.

Rate this question:
36.

QUESTION NO: 436 Which of the following would a technician use to check data integrity?
- A.
  
  Digital signature algorithm
- B.
  
  Encapsulating security protocol
- C.
  
  Rivest cipher 4
- D.
  
  Message authentication code
Correct Answer
D. Message authentication code

Explanation
A technician would use a message authentication code (MAC) to check data integrity. A MAC is a cryptographic checksum that is generated using a secret key and appended to a message. When the message is received, the recipient can recompute the MAC using the same key and compare it to the received MAC. If the two MACs match, it indicates that the message has not been tampered with during transmission and that the data integrity is intact.

Rate this question:
37.

QUESTION NO: 437 Which of the following are the functions of asymmetric keys?
- A.
  
  Decrypt,decipher, encode and encrypt
- B.
  
  Sign,validate, encrypt and verify
- C.
  
  Decrypt,validate, encode and verify
- D.
  
  Encrypt, sign, decrypt and verify
Correct Answer
D. Encrypt, sign, decrypt and verify

Explanation
Asymmetric keys are used in public key cryptography, where a pair of keys (public and private) are generated. The public key is used for encryption and verification, while the private key is used for decryption and signing. Therefore, the correct answer is "Encrypt, sign, decrypt and verify."

Rate this question:
38.

QUESTION NO: 438 Which of the following is the purpose of the AH?
- A.
  
  Provides non-repudiation
- B.
  
  Provides integrity
- C.
  
  Provides authorization
- D.
  
  Provides confidentiality
Correct Answer
B. Provides integrity

Explanation
The purpose of the AH (Authentication Header) is to provide integrity. It ensures that the data has not been tampered with during transmission by calculating a hash value of the data and including it in the header. This allows the recipient to verify the integrity of the data by recalculating the hash value and comparing it to the one in the header. The AH does not provide non-repudiation, authorization, or confidentiality.

Rate this question:
39.

QUESTION NO: 439 Which of the following describes the insertion of additional bytes of data into a packet?
- A.
  
  Header injection
- B.
  
  TCP hijacking
- C.
  
  Encapsulating
- D.
  
  Padding
Correct Answer
D. Padding

Explanation
Padding refers to the process of adding extra bytes of data into a packet. This is commonly done to ensure that the packet meets a specific size requirement or to align the packet with a particular boundary. Padding can also be used for security purposes, such as to prevent attackers from being able to analyze the packet and determine its contents.

Rate this question:
40.

QUESTION NO: 440 Which of the following is true regarding authentication headers (AH)?
- A.
  
  The authentication information is a keyed hash based on all of the bytes in the packet.
- B.
  
  The authentication information hash will increase by one if the bytes remain the same on transfer.
- C.
  
  The authentication information hash will remain the same if the bytes change on transfer.
- D.
  
  The authentication information may be the same on different packets if the integrity remains in place.
Correct Answer
A. The authentication information is a keyed hash based on all of the bytes in the packet.

Explanation
The authentication information in AH is a keyed hash that is calculated based on all of the bytes in the packet. This means that any change in the packet's content will result in a different authentication information hash. Therefore, if the bytes change on transfer, the authentication information hash will also change. It is not possible for the authentication information to remain the same if the bytes change. Additionally, the authentication information will be different for different packets, even if the integrity remains intact.

Rate this question:
41.

QUESTION NO: 441 Which of the following will allow wireless access to network resources based on certain ports?
- A.
  
  80211n
- B.
  
  80211g
- C.
  
  8021x
- D.
  
  80211a
Correct Answer
C. 8021x

Explanation
802.1x is a network authentication protocol that allows wireless access to network resources based on certain ports. It provides a way for devices to authenticate themselves before they are granted access to the network. By using 802.1x, network administrators can control which devices can connect to the network and what resources they can access based on the ports they use. This helps to enhance network security and prevent unauthorized access to sensitive information.

Rate this question:
42.

QUESTION NO: 442 The method of controlling how and when users can connect in from home is called which of the following?
- A.
  
  Remote access policy
- B.
  
  Terminal access control
- C.
  
  Virtual Private Networking (VPN)
- D.
  
  Remote authentication
Correct Answer
A. Remote access policy

Explanation
A remote access policy is a method of controlling how and when users can connect in from home. It outlines the rules and guidelines for remote access to a network, including the authentication methods, encryption protocols, and user permissions. This policy helps ensure the security and integrity of the network by defining who can access it remotely and under what conditions. It also helps prevent unauthorized access and protects sensitive data from being compromised.

Rate this question:
43.

QUESTION NO: 443 Which of the following is the main limitation with biometric devices?
- A.
  
  The false rejection rate
- B.
  
  They are expensive and complex
- C.
  
  They can be easily fooled or bypassed
- D.
  
  The error human factor
Correct Answer
B. They are expensive and complex

Explanation
The main limitation with biometric devices is that they are expensive and complex. This means that the cost of implementing and maintaining biometric devices can be high, making it a less viable option for some organizations. Additionally, the complexity of these devices can make them difficult to set up and use, requiring specialized knowledge and expertise.

Rate this question:
44.

QUESTION NO: 444 Who is ultimately responsible for the amount of residual risk?
- A.
  
  The senior management
- B.
  
  The security technician
- C.
  
  The organizations security officer
- D.
  
  The DRP coordinator
Correct Answer
A. The senior management

Explanation
The senior management is ultimately responsible for the amount of residual risk. They are responsible for making strategic decisions and setting the overall direction and priorities of the organization. This includes determining the acceptable level of risk and ensuring that appropriate measures are in place to mitigate and manage that risk. The senior management has the authority and accountability to allocate resources and make decisions that impact the organization's overall risk posture.

Rate this question:
45.

QUESTION NO: 445 Which of the following typically use IRC for command and control activities?
- A.
  
  Trojan
- B.
  
  Logic bombs
- C.
  
  Worms
- D.
  
  Botnets
Correct Answer
D. Botnets

Explanation
Botnets typically use IRC (Internet Relay Chat) for command and control activities. IRC provides a platform for communication between the botmaster (the person controlling the botnet) and the compromised computers (known as bots) within the botnet. The botmaster can issue commands to the bots through IRC channels, allowing them to coordinate and control the activities of the botnet, such as launching DDoS attacks, sending spam emails, or stealing sensitive information. IRC offers anonymity and a decentralized structure, making it a popular choice for botnet command and control.

Rate this question:
46.

QUESTION NO: 446 When designing a firewall policy, which of the following should be the default action?
- A.
  
  Least privilege
- B.
  
  Implicit allow
- C.
  
  DMZ
- D.
  
  Implicit deny
Correct Answer
D. Implicit deny

Explanation
The default action for designing a firewall policy should be "Implicit deny". This means that unless explicitly allowed, all traffic should be denied by default. This approach follows the principle of least privilege, where only necessary and authorized traffic is allowed through the firewall. Implicit deny ensures that any traffic that is not specifically permitted is automatically blocked, providing an extra layer of security for the network.

Rate this question:
47.

QUESTION NO: 447 If hashing two different files creates the same result, which of the following just occurred?
- A.
  
  A duplication
- B.
  
  A collision
- C.
  
  A pseudo-random event
- D.
  
  Amirror
Correct Answer
B. A collision

Explanation
A collision just occurred. Hashing is a process of converting data into a fixed-size value, and it is expected that different inputs will produce different hash values. However, if two different files produce the same hash value, it indicates a collision, meaning that the hash function has generated the same output for different inputs. This can happen due to the limited range of hash values compared to the infinite number of possible inputs.

Rate this question:
48.

QUESTION NO: 448 Which of the following type of protection is hashing used to provide?
- A.
  
  Integrity
- B.
  
  Cryptographic randomness
- C.
  
  Collision
- D.
  
  Confidentiality
Correct Answer
A. Integrity

Explanation
Hashing is used to provide integrity protection. Hashing is a process that takes input data and produces a fixed-size string of characters, which is known as a hash value or hash code. This hash value is unique to the input data, so even a small change in the input data will result in a completely different hash value. By comparing the hash values of the original and received data, integrity can be verified. If the hash values match, it means that the data has not been tampered with and its integrity is intact.

Rate this question:
49.

QUESTION NO: 449 All of the following are part of the disaster recovery plan EXCEPT:
- A.
  
  Obtaining management buy-in.
- B.
  
  Identifying all assets.
- C.
  
  System backups.
- D.
  
  Patch management software.
Correct Answer
D. Patch management software.

Explanation
The disaster recovery plan includes obtaining management buy-in, identifying all assets, and system backups. Patch management software, however, is not part of the disaster recovery plan. Patch management software is typically used to keep software and systems up to date with the latest patches and updates, but it is not directly related to recovering from a disaster.

Rate this question:
50.

QUESTION NO: 450 Which of the following is MOST likely to make a disaster recovery exercise valuable?
- A.
  
  Revising the disaster recovery plan during the exercise
- B.
  
  Conducting intricate, large-scale mock exercises
- C.
  
  Learning from the mistakes of the exercise
- D.
  
  Management participation
Correct Answer
C. Learning from the mistakes of the exercise

Explanation
Learning from the mistakes of the exercise is likely to make a disaster recovery exercise valuable because it allows for identifying and addressing any weaknesses or gaps in the plan. By analyzing the mistakes made during the exercise, organizations can make improvements to their disaster recovery plan, ensuring it is more effective and efficient in the event of a real disaster. This continuous improvement process helps to enhance the organization's preparedness and response capabilities, ultimately increasing the likelihood of successful recovery in the face of a disaster.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Aug 09, 2024

Quiz Edited by
ProProfs Editorial Team
Dec 26, 2010

Quiz Created by
Ctstravis

SEC+ Study Guide E

QUESTION NO: 403 USB drives create a potential security risk due to which of the following?

QUESTION NO: 404 As a best practice, risk assessments should be based upon which of the following?

QUESTION NO: 405 Which of the following is a cryptographic hash function?

QUESTION NO: 406 From a security standpoint, which of the following is the BEST reason to implement performance monitoring applications on network systems?

QUESTION NO: 407 All of the following are methods used to conduct risk assessments EXCEPT:

QUESTION NO: 408 After conducting a risk assessment, the main focus of an administrator should be which of the following?

QUESTION NO: 409 Which of the following is a BEST practice when implementing a new system?

QUESTION NO: 410 When installing and securing a new system for a home user which of the following are best practices? (Select THREE).

QUESTION NO: 411 Which of the following describes a logic bomb?

QUESTION NO: 412 Which of the following is a prerequisite for privilege escalation to occur?

QUESTION NO: 413 Which of the following is an example of an attack that executes once a year on a certain date?

QUESTION NO: 414 Which of the following is the GREATEST threat to highly secure environments?

QUESTION NO: 415 Management has asked a technician to prevent data theft through the use of portable drives. Which of the following should the technician implement?

QUESTION NO: 416 A technician has been informed that many of the workstations on the network are flooding servers. Which of the following is the MOST likely cause of this?

QUESTION NO: 417 Which of the following BEST describes a way to prevent buffer overflows?

QUESTION NO: 418 Which of the following is a security reason to implement virtualization throughout the network infrastructure?

QUESTION NO: 419 Which of the following is a reason to use a Faraday cage?

QUESTION NO: 420 Weak encryption is a common problem with which of the following wireless protocols?

QUESTION NO: 421 Which of the following describes a tool used by organizations to verify whether or not a staff member has been involved in malicious activity?

QUESTION NO: 422 Which of the following is a cross-training technique where organizations minimize collusion amongst staff?

QUESTION NO: 423 Which of the following will allow a technician to restrict a users access to the GUI?

QUESTION NO: 424 Which of the following is the MOST common logical access control method?

QUESTION NO: 425 Which of the following verifies control for granting access in a PKI environment?

QUESTION NO: 426 Which of the following explains the difference between a public key and a private key?

QUESTION NO: 427 Which of the following is a countermeasure when power must be delivered to critical systems no matter what?

QUESTION NO: 428 Which of the following is the MOST important step to conduct during a risk assessment of computing systems?

QUESTION NO: 429 Which of the following tools will allow a technician to detect security-related TCP connection anomalies?

QUESTION NO: 430 Which of the following monitoring methodologies will allow a technician to determine when there is a security related problem that results in an abnormal condition?

QUESTION NO: 431 Which of the following systems is BEST to use when monitoring application activity and modification?

QUESTION NO: 432 Which of the following is the MOST important thing to consider when implementing an IDS solution?

QUESTION NO: 433 Which of the following is the FIRST step in the implementation of an IDS?

QUESTION NO: 434 Which of the following encryption algorithms is used for encryption and decryption of data?

QUESTION NO: 435 Which of the following are the authentication header modes?

QUESTION NO: 436 Which of the following would a technician use to check data integrity?

QUESTION NO: 437 Which of the following are the functions of asymmetric keys?

QUESTION NO: 438 Which of the following is the purpose of the AH?

QUESTION NO: 439 Which of the following describes the insertion of additional bytes of data into a packet?

QUESTION NO: 440 Which of the following is true regarding authentication headers (AH)?

QUESTION NO: 441 Which of the following will allow wireless access to network resources based on certain ports?

QUESTION NO: 442 The method of controlling how and when users can connect in from home is called which of the following?

QUESTION NO: 443 Which of the following is the main limitation with biometric devices?

QUESTION NO: 444 Who is ultimately responsible for the amount of residual risk?

QUESTION NO: 445 Which of the following typically use IRC for command and control activities?

QUESTION NO: 446 When designing a firewall policy, which of the following should be the default action?

QUESTION NO: 447 If hashing two different files creates the same result, which of the following just occurred?

QUESTION NO: 448 Which of the following type of protection is hashing used to provide?

QUESTION NO: 449 All of the following are part of the disaster recovery plan EXCEPT:

QUESTION NO: 450 Which of the following is MOST likely to make a disaster recovery exercise valuable?