Do You Know About SEC+ Study Guide G Quiz

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Ctstravis

Ctstravis

Community Contributor

Quizzes Created: 8 | Total Attempts: 2,362

Questions: 100 | Attempts: 132 | Updated: Mar 21, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Do You Know About SEC+ Study Guide G Quiz - Quiz

To the entire tech crazy people out there who want to see how much they really know about sec+, take this quiz. It is specifically designed to help you find out your knowledge that is based on Sec+ study guide.

Questions and Answers

1.

QUESTION NO: 601 A user ID, PIN, and a palm scan are all required to authenticate a system. Which of the following is this an example of?
- A.
  
  SSO
- B.
  
  Two-factor authentication
- C.
  
  Single-factor authentication
- D.
  
  Three-factor authentication
Correct Answer
B. Two-factor authentication

Explanation
This is an example of two-factor authentication because it requires two different factors (user ID and PIN, and palm scan) to authenticate the system. Two-factor authentication provides an extra layer of security by combining something the user knows (PIN) with something the user has (palm scan) to verify their identity.

Rate this question:
2.

QUESTION NO: 602 Which of the following would be disabled to prevent SPIM?
- A.
  
  P2P
- B.
  
  ActiveX controls
- C.
  
  Instant messaging
- D.
  
  Internet mail
Correct Answer
C. Instant messaging

Explanation
Instant messaging would be disabled to prevent SPIM (spam over instant messaging). SPIM refers to unsolicited messages or advertisements sent through instant messaging platforms. By disabling instant messaging, users can prevent the influx of unwanted messages and reduce the risk of falling victim to scams or malware distributed through these channels.

Rate this question:
3.

QUESTION NO: 603 A user sees an MD5 hash number beside a file that they wish to download. Which of the following BEST describes a hash?
- A.
  
  A hash is a unique number that is generated based upon the TCP/IP transmission header and should be verified beforedownloaD.
- B.
  
  A hash is a unique number that is generated based upon the files contents and used as the SSL key duringdownloaD
- C.
  
  A hash is a unique number that is generated after the file has been encrypted and used as the SSL key duringdownloaD.
- D.
  
  A hash is a unique number that is generated based upon the files contents and should be verified after download.
Correct Answer
D. A hash is a unique number that is generated based upon the files contents and should be verified after download.

Explanation
A hash is a unique number that is generated based upon the files contents and should be verified after download. This means that the hash is calculated using the content of the file itself, and it serves as a way to ensure the integrity of the downloaded file. By comparing the calculated hash with the provided hash, the user can verify that the file has not been tampered with or corrupted during the download process.

Rate this question:
4.

QUESTION NO: 604 According to a good disaster recovery plan, which of the following must happen during a power outage before an uninterruptible power supply (UPS) drains its battery?
- A.
  
  The PKI CA is relocateD
- B.
  
  The backup generator activates.
- C.
  
  The single point of failure isremedieD
- D.
  
  Full electrical service isrestoreD
Correct Answer
B. The backup generator activates.

Explanation
During a power outage, a good disaster recovery plan states that the backup generator should activate before the uninterruptible power supply (UPS) drains its battery. This ensures that there is a continuous and reliable power source to keep critical systems and equipment operational until the electrical service is fully restored. By activating the backup generator, it helps to prevent any disruption or downtime that may occur during the power outage.

Rate this question:
5.

QUESTION NO: 605 Which of the following would give a technician the MOST information regarding an external attack on the network?
- A.
  
  Internet content filter
- B.
  
  Proxy server
- C.
  
  NIDS
- D.
  
  Firewall
Correct Answer
C. NIDS

Explanation
A Network Intrusion Detection System (NIDS) would provide the technician with the most information regarding an external attack on the network. NIDS monitors network traffic and analyzes it for signs of malicious activity or unauthorized access attempts. It can detect various types of attacks, such as port scanning, denial of service attacks, and malware infections. By analyzing network packets, NIDS can provide detailed information about the source, destination, and nature of the attack, allowing the technician to take appropriate actions to mitigate the threat.

Rate this question:
6.

Which of the following would BEST prevent night shift workers from logging in with IDs and passwords stolen from the day shift workers?
- A.
  
  Account expiration
- B.
  
  Time of day restriction
- C.
  
  Account lockout
- D.
  
  Domain password policy
Correct Answer
B. Time of day restriction

Explanation
Time of day restriction would be the best option to prevent night shift workers from logging in with IDs and passwords stolen from the day shift workers. By implementing time of day restrictions, the system would only allow access during specific hours designated for the night shift workers. This would prevent unauthorized access during other times of the day and limit the potential for misuse of stolen credentials.

Rate this question:
7.

QUESTION NO: 607 Which of the following would BEST ensure that users have complex passwords?
- A.
  
  ACL
- B.
  
  Domain password policy
- C.
  
  Logical tokens
- D.
  
  Time of day restrictions
Correct Answer
B. Domain password policy

Explanation
The domain password policy would be the best option to ensure that users have complex passwords. A domain password policy allows administrators to set specific requirements for passwords, such as minimum length, inclusion of numbers or special characters, and regular password changes. By implementing a domain password policy, users are forced to create passwords that are more complex and difficult to guess, which enhances the overall security of the system.

Rate this question:
8.

QUESTION NO: 608 A technician finds that a malicious user has introduced an unidentified virus to a single file on the network. Which of the following would BEST allow for the user to be identified?
- A.
  
  Access logs
- B.
  
  Performance log
- C.
  
  Firewall logs
- D.
  
  Antivirus logs
Correct Answer
A. Access logs

Explanation
Access logs would be the best option to identify the malicious user who introduced the virus to the file on the network. Access logs record information about user activities, including login attempts, file access, and network connections. By analyzing the access logs, the technician can track the user's actions and determine who accessed the file at the time when the virus was introduced. This can help in identifying the malicious user and taking appropriate actions to prevent further incidents.

Rate this question:
9.

QUESTION NO: 609 Which of the following would BEST allow an administrator to find the IP address of an external attacker?
- A.
  
  Antivirus logs
- B.
  
  DNS logs
- C.
  
  Firewall logs
- D.
  
  Performance logs
Correct Answer
C. Firewall logs

Explanation
Firewall logs would be the best option to find the IP address of an external attacker. Firewall logs record all incoming and outgoing network traffic, including the IP addresses of the source and destination. By analyzing the firewall logs, an administrator can identify suspicious or unauthorized connections and determine the IP address of the attacker. Antivirus logs may provide information about detected threats, but they may not necessarily include the IP address of the attacker. DNS logs can help identify domain names associated with the attacker, but not their IP address. Performance logs are unlikely to provide any relevant information in this context.

Rate this question:
10.

QUESTION NO: 610 After performing a vulnerability analysis and applying a security patch, which of the following nonintrusive actions should an administrator take to verify that the vulnerability was truly removed?
- A.
  
  Apply a security patch from the vendor.
- B.
  
  Perform a penetration test.
- C.
  
  Repeat the vulnerability scan.
- D.
  
  Update the antivirus definition file.
Correct Answer
C. Repeat the vulnerability scan.

Explanation
After performing a vulnerability analysis and applying a security patch, repeating the vulnerability scan is the most appropriate nonintrusive action to verify that the vulnerability was truly removed. This is because a vulnerability scan checks for specific vulnerabilities in a system and identifies any weaknesses that may still exist. By repeating the scan, the administrator can ensure that the patch successfully addressed the vulnerability and that the system is now secure. Applying a security patch from the vendor is a necessary step, but it does not guarantee that the vulnerability is completely removed. Performing a penetration test and updating the antivirus definition file are unrelated to verifying the removal of the vulnerability.

Rate this question:
11.

QUESTION NO: 611 Which of the following could be used by a technician needing to send data while ensuring that any data tampering is easily detectible?
- A.
  
  NTLM
- B.
  
  LANMAN
- C.
  
  SHA-1
- D.
  
  AES
Correct Answer
C. SHA-1

Explanation
SHA-1 (Secure Hash Algorithm 1) could be used by a technician needing to send data while ensuring that any data tampering is easily detectable. SHA-1 is a cryptographic hash function that produces a fixed-size output (160 bits) from any given input. It is designed to be a one-way function, meaning that it is computationally infeasible to retrieve the original input from the output. Therefore, if any changes are made to the data during transmission, the resulting hash value will be different, making it easily detectable.

Rate this question:
12.

QUESTION NO: 612 Which of the following BEST allows for a high level of encryption?
- A.
  
  AES with ECC
- B.
  
  DES with SHA-1
- C.
  
  PGP with SHA-1
- D.
  
  3DES with MD5
Correct Answer
A. AES with ECC

Explanation
AES with ECC (Elliptic Curve Cryptography) is the best option for achieving a high level of encryption. AES (Advanced Encryption Standard) is a symmetric encryption algorithm widely recognized for its security and efficiency. ECC is a public-key cryptography algorithm that uses the mathematics of elliptic curves to provide strong encryption. Combining AES with ECC provides a high level of security and is commonly used in modern cryptographic systems. DES with SHA-1, PGP with SHA-1, and 3DES with MD5 are all older encryption algorithms that are considered less secure compared to AES with ECC.

Rate this question:
13.

QUESTION NO: 613 Which of the following is the primary security risk associated with removable storage?
- A.
  
  Availability
- B.
  
  Confidentiality
- C.
  
  Injection
- D.
  
  Integrity
Correct Answer
B. Confidentiality

Explanation
The primary security risk associated with removable storage is confidentiality. This means that there is a risk of unauthorized individuals gaining access to the data stored on the removable storage device. This could be through theft or loss of the device, or through hacking or unauthorized access to the device. If the data on the removable storage device contains sensitive or confidential information, such as personal or financial data, its confidentiality could be compromised if it falls into the wrong hands.

Rate this question:
14.

QUESTION NO: 614 After reading about the vulnerability issues with open SMTP relays, a technician runs an application to see if port 25 is open. This would be considered a:
- A.
  
  Networkmappe
- B.
  
  Protocol analyzer.
- C.
  
  Vulnerabilityscan.
- D.
  
  Port scan.
Correct Answer
D. Port scan.

Explanation
A port scan is a technique used to identify open ports on a network device. In this scenario, the technician is running an application to check if port 25, which is the default port for SMTP (Simple Mail Transfer Protocol), is open. This is done to determine if the network device has an open SMTP relay, which can be a vulnerability. Therefore, the action of checking if port 25 is open is considered a port scan.

Rate this question:
15.

QUESTION NO: 615 A companys accounting application requires users to be administrators for the software to function correctly. Because of the security implications of this, a network administrator builds a user profile which allows the user to still use the application but no longer requires them to have administrator permissions. Which of the following is this an example of?
- A.
  
  Configuration baseline
- B.
  
  Group policy
- C.
  
  Security template
- D.
  
  Privilege escalation
Correct Answer
C. Security template

Explanation
This is an example of a security template. A security template is a predefined configuration that sets the security settings for a system or application. In this case, the network administrator has created a security template that modifies the user profile to allow users to use the accounting application without needing administrator permissions. This ensures that the application can still function correctly while reducing the security implications of granting administrative access to all users.

Rate this question:
16.

QUESTION NO: 616 Which of the following backup techniques resets the archive bit and allows for the fastest recovery?
- A.
  
  Full backup
- B.
  
  Shadow copies
- C.
  
  Differential backup
- D.
  
  Incremental backup
Correct Answer
A. Full backup

Explanation
A full backup is a backup technique that copies all the data and files from a system. It resets the archive bit, which is a flag that indicates whether a file has been modified since the last backup. By resetting the archive bit, a full backup ensures that all the data is backed up, regardless of whether it has been modified or not. This allows for the fastest recovery because all the data is readily available in the backup, eliminating the need to restore multiple incremental or differential backups.

Rate this question:
17.

QUESTION NO: 617 The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p.m. The file server crashes on Wednesday afternoon; how many tapes will the technician need to restore the data on the file server for Thursday morning?
- A.
  
  One
- B.
  
  Two
- C.
  
  Three
- D.
  
  Four
Correct Answer
C. Three

Explanation
The technician will need three tapes to restore the data on the file server for Thursday morning. This is because the company policy requires full backups on Sunday and incremental backups each weeknight at 10 p.m. Since the file server crashed on Wednesday afternoon, the technician will need the full backup from Sunday, as well as the incremental backups from Monday and Tuesday night, to restore the data up until Thursday morning. Therefore, a total of three tapes will be needed.

Rate this question:
18.

QUESTION NO: 618 A company is addressing backup and recovery issues. The company is looking for a compromise between speed of backup and speed of recovery. Which of the following is the BEST recommendation?
- A.
  
  Full backups every day
- B.
  
  Daily differential backups
- C.
  
  Full backups weekly with differential backups daily
- D.
  
  Weekly differential with incremental backups daily
Correct Answer
C. Full backups weekly with differential backups daily

Explanation
Performing full backups weekly ensures that all data is backed up, providing a comprehensive backup solution. Additionally, performing daily differential backups captures any changes made since the last full backup, minimizing data loss in the event of a failure. This approach strikes a balance between the speed of backup (weekly) and the speed of recovery (daily differentials), offering a compromise between the two.

Rate this question:
19.

QUESTION NO: 619 Which of the following would define document destruction requirements?
- A.
  
  ACL
- B.
  
  User access and rights review policies
- C.
  
  Group policy
- D.
  
  Storage and retention policies
Correct Answer
D. Storage and retention policies

Explanation
Storage and retention policies would define document destruction requirements. These policies outline how long documents should be stored and when they should be destroyed. By following these policies, organizations can ensure that sensitive information is securely disposed of when it is no longer needed, reducing the risk of data breaches and unauthorized access.

Rate this question:
20.

QUESTION NO: 620 Part of a standard policy for hardening workstations and servers should include applying the company security template and:
- A.
  
  Installing the NIDS.
- B.
  
  Closing unnecessary network ports.
- C.
  
  Applying all updates, patches andhotfixes immediately.
- D.
  
  Disabling SSID broadcast.
Correct Answer
B. Closing unnecessary network ports.

Explanation
Applying the company security template helps to enforce consistent security configurations across workstations and servers. Installing the NIDS (Network Intrusion Detection System) is a separate security measure that helps to detect and prevent network-based attacks. Applying all updates, patches, and hotfixes immediately is also important for maintaining the security and stability of the systems. Disabling SSID broadcast is a measure specifically related to wireless network security. However, closing unnecessary network ports is a critical step in hardening workstations and servers as it reduces the attack surface and limits potential entry points for attackers.

Rate this question:
21.

QUESTION NO: 621 Setting a baseline is required in which of the following? (Select TWO).
- A.
  
  Anomaly-based monitoring
- B.
  
  NIDS
- C.
  
  Signature-based monitoring
- D.
  
  NIPS
- E.
  
  Behavior-based monitoring
Correct Answer(s)
A. Anomaly-based monitoring
D. NIPS

Explanation
Setting a baseline is required in anomaly-based monitoring and NIPS (Network Intrusion Prevention System). In anomaly-based monitoring, a baseline is established to determine what is considered normal behavior in a system or network. Any deviations from this baseline are flagged as potential anomalies or threats. Similarly, in NIPS, a baseline is set to establish the normal network traffic patterns and behavior. This baseline helps in identifying and preventing any abnormal or malicious activities on the network.

Rate this question:
22.

QUESTION NO: 622 Which of the following hidden programs gathers information with or without the users knowledge with the primary purpose of advertising?
- A.
  
  Worm
- B.
  
  Trojan
- C.
  
  Spyware
- D.
  
  Virus
Correct Answer
C. Spyware

Explanation
Spyware is a type of hidden program that collects information from a user's device without their knowledge or consent. The primary purpose of spyware is to gather data for advertising purposes. It can track a user's browsing habits, collect personal information, and display targeted advertisements. Unlike viruses, worms, and Trojans, spyware is specifically designed to gather information rather than causing direct harm to a user's device.

Rate this question:
23.

QUESTION NO: 623 Which of the following provides best practice with a wireless network?
- A.
  
  WPA
- B.
  
  WPA with RADIUS
- C.
  
  3DES with RADIUS
- D.
  
  WEP 128-bit
Correct Answer
B. WPA with RADIUS

Explanation
WPA with RADIUS is considered the best practice for a wireless network because it combines the security features of WPA (Wi-Fi Protected Access) with the authentication and authorization capabilities of RADIUS (Remote Authentication Dial-In User Service). This combination provides stronger encryption and authentication, making it more difficult for unauthorized users to access the network. WPA with RADIUS also allows for centralized management and control of user access, making it easier to monitor and manage the network's security.

Rate this question:
24.

QUESTION NO: 624 Which of the following sites has the means (E. g. equipment, software, and communications) to facilitate a full recovery within minutes?
- A.
  
  Warm site
- B.
  
  Hot site
- C.
  
  Reciprocal site
- D.
  
  Cold site
Correct Answer
B. Hot site

Explanation
A hot site is a type of disaster recovery site that has all the necessary equipment, software, and communications in place to facilitate a full recovery within minutes. This means that in the event of a disaster, the hot site can quickly take over and resume operations with minimal downtime. Unlike other types of disaster recovery sites such as warm, reciprocal, or cold sites, a hot site is fully operational and ready to be used immediately.

Rate this question:
25.

QUESTION NO: 625 When conducting an environmental security assessment, which of the following items should be included in the assessment? (Select THREE).
- A.
  
  HVAC
- B.
  
  Card access system
- C.
  
  Off-site data storage
- D.
  
  Logical access
- E.
  
  Utilities
- F.
  
  Fire detection
Correct Answer(s)
A. HVAC
E. Utilities
F. Fire detection

Explanation
When conducting an environmental security assessment, it is important to include the assessment of HVAC (heating, ventilation, and air conditioning) systems as they can impact the overall security and safety of the environment. Utilities should also be included in the assessment as they play a crucial role in maintaining the functionality and security of the environment. Fire detection systems are essential for identifying and preventing fire hazards, making them an important component of the assessment.

Rate this question:
26.

QUESTION NO: 626 Which of the following security steps must a user complete before access is given to the network?
- A.
  
  Authentication and password
- B.
  
  Identification and authentication
- C.
  
  Identification and authorization
- D.
  
  Authentication and authorization
Correct Answer
B. Identification and authentication

Explanation
Before access is given to the network, a user must complete the steps of identification and authentication. Identification refers to the process of providing a unique identifier, such as a username or email address, to verify the user's identity. Authentication, on the other hand, involves validating the user's identity by providing a password or some other form of credentials. These two steps ensure that the user is who they claim to be before granting them access to the network.

Rate this question:
27.

QUESTION NO: 627 When placing a NIDS onto the network, the NIC has to be placed in which of the following modes to monitor all network traffic?
- A.
  
  Promiscuous
- B.
  
  Full-duplex
- C.
  
  Auto
- D.
  
  Half-duplex
Correct Answer
A. Promiscuous

Explanation
When placing a NIDS (Network Intrusion Detection System) onto the network, the NIC (Network Interface Card) has to be placed in promiscuous mode to monitor all network traffic. In promiscuous mode, the NIC captures all packets on the network, including those not addressed to its own MAC address. This allows the NIDS to analyze all network traffic and detect any suspicious or malicious activity. Full-duplex, auto, and half-duplex are not relevant to the question and do not allow the NIC to capture all network traffic.

Rate this question:
28.

QUESTION NO: 628 An administrator wants to obtain a view of the type of attacks that are being targeted against the network perimeter. The recommended placement of a NIDS would be:
- A.
  
  Inside the proxy.
- B.
  
  Inside the DMZ.
- C.
  
  Outside the proxy.
- D.
  
  Outside the firewall.
- E.
  
  Inside the firewall.
Correct Answer
D. Outside the firewall.

Explanation
Placing a Network Intrusion Detection System (NIDS) outside the firewall is the recommended placement to obtain a view of the type of attacks targeting the network perimeter. By positioning the NIDS outside the firewall, it can monitor traffic before it reaches the protected network, allowing for early detection and prevention of potential attacks. Placing the NIDS inside the firewall or DMZ would limit its visibility and effectiveness in detecting perimeter attacks. Similarly, placing it inside the proxy would only provide visibility into traffic that has already passed through the firewall. Therefore, the best placement for the NIDS is outside the firewall.

Rate this question:
29.

QUESTION NO: 629 Once a system has been compromised, often the attacker will upload various tools that can be used at a later date. The attacker could use which of the following to hide these tools?
- A.
  
  Logic bomb
- B.
  
  Rootkit
- C.
  
  Virus
- D.
  
  Trojan
Correct Answer
B. Rootkit

Explanation
A rootkit is a type of malicious software that is designed to hide itself and other malicious tools or activities on a compromised system. It is often used by attackers to maintain unauthorized access to a system while avoiding detection. Rootkits can modify system files, processes, and configurations to conceal their presence and make it difficult for security tools to detect and remove them. Therefore, a rootkit is the most suitable option for hiding the tools uploaded by an attacker on a compromised system.

Rate this question:
30.

QUESTION NO: 630 Which of the following is the perfect encryption scheme and is considered unbreakable when properly used?
- A.
  
  Running key cipher
- B.
  
  Concealment cipher
- C.
  
  One-time pad
- D.
  
  Steganography
Correct Answer
C. One-time pad

Explanation
The one-time pad is considered the perfect encryption scheme and is considered unbreakable when properly used. This is because it uses a random key that is as long as the plaintext, making it impossible for an attacker to decipher the message without the key. The key is only used once and then discarded, hence the name "one-time pad." This ensures that there are no patterns or repetitions that could be exploited by an attacker.

Rate this question:
31.

QUESTION NO: 631 When using a digital signature, the message digest is encrypted with which of the following keys?
- A.
  
  Receivers private key
- B.
  
  Receivers public key
- C.
  
  Senders public key
- D.
  
  Senders private key
Correct Answer
D. Senders private key

Explanation
When using a digital signature, the message digest is encrypted with the sender's private key. This is because the sender's private key is used to create the digital signature, which is a unique encrypted representation of the message digest. By encrypting the message digest with the sender's private key, it ensures that only the sender, who possesses the corresponding private key, could have created the digital signature. This provides authentication and integrity to the message, as the receiver can verify the digital signature using the sender's public key.

Rate this question:
32.

QUESTION NO: 632 Which of the following is the MOST basic form of IDS?
- A.
  
  Signature
- B.
  
  Behavioral
- C.
  
  Statistical
- D.
  
  Anomaly
Correct Answer
A. Signature

Explanation
Signature-based IDS is the most basic form of IDS. It works by comparing network traffic or system activity against a database of known attack patterns or signatures. When a match is found, it alerts the system administrator. This type of IDS is effective in detecting known attacks but may not be able to detect new or unknown attacks.

Rate this question:
33.

QUESTION NO: 633 Which of the following BEST applies to steganography?
- A.
  
  Algorithms are not used to encryptdatA.
- B.
  
  Algorithms are used to encryptdatA.
- C.
  
  Keys are used to encryptdatA.
- D.
  
  Keys are concealed in thedatA.
Correct Answer
A. Algorithms are not used to encryptdatA.

Explanation
Steganography is the practice of hiding information within other information in such a way that it is not easily detectable. Unlike encryption, which uses algorithms to scramble data, steganography does not involve encryption algorithms. Instead, it focuses on concealing the existence of the hidden data. Therefore, the statement "Algorithms are not used to encrypt data" is the best description of steganography.

Rate this question:
34.

QUESTION NO: 634 Which of the following can steganography be used for?
- A.
  
  Watermark graphics for copyright.
- B.
  
  Decrypt data in graphics.
- C.
  
  Encrypt a message in WAV files.
- D.
  
  Encrypt data in graphics.
Correct Answer
A. Watermark graphics for copyright.

Explanation
Steganography can be used to embed hidden information within digital media, such as images or audio files, without altering the perceptual quality. In this case, watermarking graphics for copyright protection involves hiding a unique identifier or ownership information within an image, making it difficult for unauthorized users to remove or claim ownership of the image. Steganography does not involve decrypting or encrypting data, but rather focuses on concealing information within media files.

Rate this question:
35.

QUESTION NO: 635 Steganography could be used by attackers to
- A.
  
  Encrypt and conceal messages in microdots
- B.
  
  Decrypt data stored in unused disk spacE
- C.
  
  Encrypt and decrypt messages in graphics
- D.
  
  Hide and conceal messages in WAV files
Correct Answer
D. Hide and conceal messages in WAV files

Explanation
Steganography is a technique used to hide and conceal messages within different types of media files, such as images, audio files, or videos. In this case, the correct answer states that steganography can be used by attackers to hide and conceal messages specifically in WAV files. WAV files are audio files commonly used for storing high-quality audio recordings. Attackers can exploit the unused space within the WAV file to embed secret messages, making it difficult to detect the presence of the hidden information.

Rate this question:
36.

QUESTION NO: 636 Which of the following BEST describes how steganography can be accomplished in graphic files?
- A.
  
  Replacing the most significant byte of each bit
- B.
  
  Replacing the least significant byte of each bit
- C.
  
  Replacing the most significant bit of each byte
- D.
  
  Replacing the least significant bit of each byte
Correct Answer
D. Replacing the least significant bit of each byte

Explanation
Steganography in graphic files can be accomplished by replacing the least significant bit of each byte. This method allows for hiding information within the image without significantly altering its appearance. By replacing the least significant bit, the changes made to the image are minimal and difficult to detect, making it an effective technique for concealing information.

Rate this question:
37.

QUESTION NO: 637 An application developer is looking for an encryption algorithm which is fast and hard to break if a large key size is used. Which of the following BEST meets these requirements?
- A.
  
  Transposition
- B.
  
  Substitution
- C.
  
  Symmetric
- D.
  
  Asymmetric
Correct Answer
C. Symmetric

Explanation
Symmetric encryption algorithms are fast and provide strong security when a large key size is used. In symmetric encryption, the same key is used for both encryption and decryption, making it efficient for large amounts of data. The encryption and decryption processes are relatively simple and quick, making it a suitable choice for applications that require speed. Additionally, by using a large key size, the encryption becomes harder to break, providing a higher level of security. Therefore, symmetric encryption is the best choice for the application developer's requirements.

Rate this question:
38.

QUESTION NO: 638 Which of the following if used incorrectly would be susceptible to frequency analysis?
- A.
  
  Asymmetric algorithms
- B.
  
  Transposition ciphers
- C.
  
  Symmetric algorithms
- D.
  
  Stream ciphers
Correct Answer
B. Transposition ciphers

Explanation
Transposition ciphers would be susceptible to frequency analysis if used incorrectly. Frequency analysis is a technique used to analyze the frequency of letters or characters in a ciphertext to determine the underlying plaintext. Transposition ciphers, unlike symmetric and asymmetric algorithms, do not change the letters themselves but rearrange their positions. If the transposition cipher is used incorrectly, the frequency patterns of the original plaintext may still be visible in the ciphertext, making it vulnerable to frequency analysis.

Rate this question:
39.

QUESTION NO: 639 An administrator in an organization with 33,000 users would like to store six months of Internet proxy logs on a dedicated logging server for analysis and content reporting. The reports are not time critical, but are required by upper management for legal obligations. All of the following apply when determining the requirements for the logging server EXCEPT:
- A.
  
  Log details and level of verbose logging.
- B.
  
  Time stamping and integrity of the logs.
- C.
  
  Performance baseline and audit trails.
- D.
  
  Log storage and backup requirements.
Correct Answer
C. Performance baseline and audit trails.

Explanation
The given correct answer is "performance baseline and audit trails." This means that when determining the requirements for the logging server, factors such as log details and level of verbose logging, time stamping and integrity of the logs, and log storage and backup requirements should be considered. However, the performance baseline and audit trails are not mentioned as factors to consider.

Rate this question:
40.

QUESTION NO: 640 Which of the following BEST describes when a hashing algorithm generates the same hash for two different messages?
- A.
  
  A hashing chain occurred
- B.
  
  A deviation occurred.
- C.
  
  A collision occurred.
- D.
  
  A one-way hash occurred.
Correct Answer
C. A collision occurred.

Explanation
A collision occurred when a hashing algorithm generates the same hash for two different messages. This means that two different inputs produce the same output, which is undesirable in a hashing algorithm. A collision can happen due to the limited number of possible outputs for a given hash function compared to the infinite number of possible inputs. It is important for hashing algorithms to minimize the likelihood of collisions to ensure the integrity and security of the data.

Rate this question:
41.

QUESTION NO: 641 Which of the following is BEST known for self-replication in networks?
- A.
  
  Spyware
- B.
  
  Worm
- C.
  
  Spam
- D.
  
  Adware
Correct Answer
B. Worm

Explanation
A worm is a type of malicious software that is best known for self-replicating in networks. Unlike viruses, worms do not need to attach themselves to a host program or file in order to spread. Instead, they can independently replicate and spread across a network, taking advantage of vulnerabilities in computer systems. This ability to self-replicate and spread quickly makes worms a particularly dangerous form of malware. Spyware, spam, and adware are different types of malicious software that do not have the same self-replicating capabilities as worms.

Rate this question:
42.

QUESTION NO: 642 Which of the following security threats affects PCs and can have its software updated remotely by a command and control center?
- A.
  
  Zombie
- B.
  
  Worm
- C.
  
  Virus
- D.
  
  Adware
Correct Answer
A. Zombie

Explanation
A zombie is a type of malware that infects PCs and allows them to be controlled remotely by a command and control center. This means that the software on the infected PC can be updated and manipulated by the attackers without the user's knowledge or consent. Unlike other types of malware such as worms, viruses, and adware, zombies specifically refer to infected PCs that are under the control of a remote attacker.

Rate this question:
43.

QUESTION NO: 643 Multiple web servers are fed from a load balancer. Which of the following is this an example of?
- A.
  
  RAID
- B.
  
  Backup generator
- C.
  
  Hot site
- D.
  
  Redundant servers
Correct Answer
D. Redundant servers

Explanation
This scenario is an example of redundant servers. Multiple web servers are being used to distribute the workload and provide backup in case one server fails. This setup increases reliability and availability of the system, as if one server goes down, the load balancer can redirect traffic to the remaining servers. RAID refers to a data storage technology, backup generator is unrelated to web servers, and a hot site is a backup location for disaster recovery, none of which are applicable in this context.

Rate this question:
44.

QUESTION NO: 644 An outside auditor has been contracted to determine if weak passwords are being used on the network. To do this, the auditor is running a password cracker against the master password file. Which of the following is this an example of?
- A.
  
  Vulnerability assessment
- B.
  
  Fingerprinting
- C.
  
  Malware scan
- D.
  
  Baselining
Correct Answer
A. Vulnerability assessment

Explanation
This scenario is an example of a vulnerability assessment. The outside auditor is conducting a systematic evaluation of the network to identify any weak passwords. By running a password cracker against the master password file, the auditor is actively searching for vulnerabilities in the network's security. This assessment helps to identify potential weaknesses and allows for appropriate measures to be taken to strengthen the network's password security.

Rate this question:
45.

QUESTION NO: 645 Password crackers:
- A.
  
  Are sometimes able to crack both passwords and physical tokens
- B.
  
  Cannot exploit weaknesses in encryption algorithms.
- C.
  
  Cannot be run remotely.
- D.
  
  Are sometimes able to crack both Windows and UNIX passwords
Correct Answer
D. Are sometimes able to crack both Windows and UNIX passwords

Explanation
Password crackers are software tools or programs that are designed to guess or crack passwords. They use various techniques such as brute force attacks, dictionary attacks, and rainbow table attacks to try and guess the password. In some cases, password crackers are able to crack passwords for both Windows and UNIX systems. This means that they can be used to gain unauthorized access to user accounts on both types of operating systems. However, it is important to note that password crackers cannot exploit weaknesses in encryption algorithms and they cannot be run remotely.

Rate this question:
46.

QUESTION NO: 646 Logic bombs differ from worms in that:
- A.
  
  Logic bombs cannot be sent through email.
- B.
  
  Logic bombs cannot spread from computer to computer.
- C.
  
  Logic bombs always contain a Trojan component.
- D.
  
  Logic bombs always have a date or time component.
Correct Answer
D. Logic bombs always have a date or time component.

Explanation
Logic bombs are malicious code that are programmed to execute a harmful action when a specific condition is met, such as a certain date or time. Unlike worms, logic bombs do not have the ability to spread from computer to computer or be sent through email. While logic bombs can potentially contain a Trojan component, this is not a defining characteristic of logic bombs. Therefore, the correct answer is that logic bombs always have a date or time component.

Rate this question:
47.

QUESTION NO: 647 A firewall differs from a NIDS in which of the following ways?
- A.
  
  A firewall attempts to detect patterns and a NIDS operates on a rule list.
- B.
  
  A firewall operates on a rule list and a NIDS attempts to detect patterns.
- C.
  
  A firewall prevents inside attacks and a NIDS prevents outside attacks.
- D.
  
  A firewall prevents outside attacks and a NIDS prevents inside attacks.
Correct Answer
B. A firewall operates on a rule list and a NIDS attempts to detect patterns.

Explanation
A firewall operates on a rule list, meaning that it uses a set of predetermined rules to allow or block network traffic. On the other hand, a NIDS (Network Intrusion Detection System) attempts to detect patterns in network traffic that may indicate an intrusion or attack. This means that a NIDS analyzes the content and behavior of network packets to identify any suspicious activity. Therefore, the correct answer is that a firewall operates on a rule list and a NIDS attempts to detect patterns.

Rate this question:
48.

QUESTION NO: 648 A vulnerability has recently been identified for a servers OS. Which of the following describes the BEST course of action?
- A.
  
  Shutdown all affected servers until management can benotifieD.
- B.
  
  Visit a search engine and search for a possible patch.
- C.
  
  Wait for an automatic update to be pushed out to the server from the manufacturer.
- D.
  
  Visit the operating systemmanufacturers website for a possible patch.
Correct Answer
D. Visit the operating systemmanufacturers website for a possible patch.

Explanation
The best course of action is to visit the operating system manufacturer's website for a possible patch. This is because the manufacturer's website is the most reliable source for obtaining patches and updates for the operating system. Searching for a patch on a search engine may lead to unreliable or malicious sources. Waiting for an automatic update may take longer and leave the server vulnerable in the meantime. Shutting down all affected servers without proper notification from management may disrupt operations unnecessarily.

Rate this question:
49.

QUESTION NO: 649 Personal software firewalls can be updated automatically using:
- A.
  
  Group policy.
- B.
  
  Cookies.
- C.
  
  Cross-site scripting.
- D.
  
  Corporate hardware firewalls.
Correct Answer
A. Group policy.

Explanation
Personal software firewalls can be updated automatically using group policy. Group policy is a feature in Windows operating systems that allows administrators to manage and control settings for multiple computers in a network. By using group policy, administrators can centrally manage and update the settings of personal software firewalls installed on multiple computers, ensuring that they are up to date and providing the necessary protection against threats.

Rate this question:
50.

QUESTION NO: 650 An accountant has logged onto the company's external banking website. An administrator using a TCP/IP monitoring tool discovers that the accountant was actually using a spoofed banking website. Which of the following could have caused this attack? (Select TWO).
- A.
  
  Altered hosts file
- B.
  
  Networkmapper
- C.
  
  Packet sniffing
- D.
  
  DNS poisoning
- E.
  
  Bluesnarfing
Correct Answer(s)
A. Altered hosts file
D. DNS poisoning

Explanation
The accountant could have fallen victim to an attack involving an altered hosts file, which redirects the user to a fake banking website instead of the legitimate one. This can be done by modifying the hosts file on the accountant's computer to point to the IP address of the spoofed website. Additionally, DNS poisoning could have been used to redirect the accountant's requests for the legitimate banking website to the spoofed website, leading them to believe they were accessing the real site.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 21, 2023

Quiz Edited by
ProProfs Editorial Team
Dec 29, 2010

Quiz Created by
Ctstravis

Do You Know About SEC+ Study Guide G Quiz

QUESTION NO: 601 A user ID, PIN, and a palm scan are all required to authenticate a system. Which of the following is this an example of?

QUESTION NO: 602 Which of the following would be disabled to prevent SPIM?

QUESTION NO: 603 A user sees an MD5 hash number beside a file that they wish to download. Which of the following BEST describes a hash?

QUESTION NO: 604 According to a good disaster recovery plan, which of the following must happen during a power outage before an uninterruptible power supply (UPS) drains its battery?

QUESTION NO: 605 Which of the following would give a technician the MOST information regarding an external attack on the network?

Which of the following would BEST prevent night shift workers from logging in with IDs and passwords stolen from the day shift workers?

QUESTION NO: 607 Which of the following would BEST ensure that users have complex passwords?

QUESTION NO: 608 A technician finds that a malicious user has introduced an unidentified virus to a single file on the network. Which of the following would BEST allow for the user to be identified?

QUESTION NO: 609 Which of the following would BEST allow an administrator to find the IP address of an external attacker?

QUESTION NO: 610 After performing a vulnerability analysis and applying a security patch, which of the following nonintrusive actions should an administrator take to verify that the vulnerability was truly removed?

QUESTION NO: 611 Which of the following could be used by a technician needing to send data while ensuring that any data tampering is easily detectible?

QUESTION NO: 612 Which of the following BEST allows for a high level of encryption?

QUESTION NO: 613 Which of the following is the primary security risk associated with removable storage?

QUESTION NO: 614 After reading about the vulnerability issues with open SMTP relays, a technician runs an application to see if port 25 is open. This would be considered a:

QUESTION NO: 616 Which of the following backup techniques resets the archive bit and allows for the fastest recovery?

QUESTION NO: 617 The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p.m. The file server crashes on Wednesday afternoon; how many tapes will the technician need to restore the data on the file server for Thursday morning?

QUESTION NO: 618 A company is addressing backup and recovery issues. The company is looking for a compromise between speed of backup and speed of recovery. Which of the following is the BEST recommendation?

QUESTION NO: 619 Which of the following would define document destruction requirements?

QUESTION NO: 620 Part of a standard policy for hardening workstations and servers should include applying the company security template and:

QUESTION NO: 621 Setting a baseline is required in which of the following? (Select TWO).

QUESTION NO: 622 Which of the following hidden programs gathers information with or without the users knowledge with the primary purpose of advertising?

QUESTION NO: 623 Which of the following provides best practice with a wireless network?

QUESTION NO: 624 Which of the following sites has the means (E. g. equipment, software, and communications) to facilitate a full recovery within minutes?

QUESTION NO: 625 When conducting an environmental security assessment, which of the following items should be included in the assessment? (Select THREE).

QUESTION NO: 626 Which of the following security steps must a user complete before access is given to the network?

QUESTION NO: 627 When placing a NIDS onto the network, the NIC has to be placed in which of the following modes to monitor all network traffic?

QUESTION NO: 628 An administrator wants to obtain a view of the type of attacks that are being targeted against the network perimeter. The recommended placement of a NIDS would be:

QUESTION NO: 629 Once a system has been compromised, often the attacker will upload various tools that can be used at a later date. The attacker could use which of the following to hide these tools?

QUESTION NO: 630 Which of the following is the perfect encryption scheme and is considered unbreakable when properly used?

QUESTION NO: 631 When using a digital signature, the message digest is encrypted with which of the following keys?

QUESTION NO: 632 Which of the following is the MOST basic form of IDS?

QUESTION NO: 633 Which of the following BEST applies to steganography?

QUESTION NO: 634 Which of the following can steganography be used for?

QUESTION NO: 635 Steganography could be used by attackers to

QUESTION NO: 636 Which of the following BEST describes how steganography can be accomplished in graphic files?

QUESTION NO: 637 An application developer is looking for an encryption algorithm which is fast and hard to break if a large key size is used. Which of the following BEST meets these requirements?

QUESTION NO: 638 Which of the following if used incorrectly would be susceptible to frequency analysis?

QUESTION NO: 640 Which of the following BEST describes when a hashing algorithm generates the same hash for two different messages?

QUESTION NO: 641 Which of the following is BEST known for self-replication in networks?

QUESTION NO: 642 Which of the following security threats affects PCs and can have its software updated remotely by a command and control center?

QUESTION NO: 643 Multiple web servers are fed from a load balancer. Which of the following is this an example of?

QUESTION NO: 644 An outside auditor has been contracted to determine if weak passwords are being used on the network. To do this, the auditor is running a password cracker against the master password file. Which of the following is this an example of?

QUESTION NO: 645 Password crackers:

QUESTION NO: 646 Logic bombs differ from worms in that:

QUESTION NO: 647 A firewall differs from a NIDS in which of the following ways?

QUESTION NO: 648 A vulnerability has recently been identified for a servers OS. Which of the following describes the BEST course of action?

QUESTION NO: 649 Personal software firewalls can be updated automatically using:

QUESTION NO: 650 An accountant has logged onto the company's external banking website. An administrator using a TCP/IP monitoring tool discovers that the accountant was actually using a spoofed banking website. Which of the following could have caused this attack? (Select TWO).