SEC+ Study Guide I

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Ctstravis

Ctstravis

Community Contributor

Quizzes Created: 8 | Total Attempts: 2,372

Questions: 99 | Attempts: 257 | Updated: Mar 21, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

801-900

Questions and Answers

1.

QUESTION NO: 801 Which of the following access decisions are based on a Mandatory Access Control (MAC) environment?
- A.
  
  Access control lists
- B.
  
  Ownership
- C.
  
  Group membership
- D.
  
  Sensitivity labels
Correct Answer
D. Sensitivity labels

Explanation
Sensitivity labels are used in a Mandatory Access Control (MAC) environment to determine access decisions. MAC is a security model where access controls are based on labels assigned to subjects (users, processes) and objects (files, resources). Sensitivity labels indicate the level of sensitivity or classification of an object, and access decisions are made based on the comparison of the sensitivity labels of subjects and objects. Access control lists, ownership, and group membership are typically used in discretionary access control (DAC) environments, where access decisions are based on the discretion of the owner or the group.

Rate this question:
2.

QUESTION NO: 802 Audit log information can BEST be protected by: (Select TWO).
- A.
  
  Using a VPN
- B.
  
  An IDS
- C.
  
  Access controls that restrict usage
- D.
  
  An intrusion prevention system (IPS)
- E.
  
  Recording to write-once media.
- F.
  
  Firewall that creates an enclave
Correct Answer(s)
C. Access controls that restrict usage
E. Recording to write-once media.

Explanation
Audit log information can be best protected by implementing access controls that restrict usage and recording the logs to write-once media. Access controls ensure that only authorized individuals can access and modify the audit logs, reducing the risk of unauthorized tampering or deletion. Recording the logs to write-once media, such as a read-only DVD or a write-once hard drive, prevents any modifications to the logs once they have been recorded, ensuring their integrity and reliability for future analysis and investigation. Using a VPN, IDS, IPS, or firewall can provide additional security measures but may not directly address the protection of audit log information.

Rate this question:
3.

QUESTION NO: 803 Non-essential services are often appealing to attackers because non-essential services: (Select TWO)
- A.
  
  Consume less bandwidth
- B.
  
  Are not visible to an IDS
- C.
  
  Provide root level access
- D.
  
  Decrease the surface area for the attack
- E.
  
  Are not typically configured correctly or secured
- F.
  
  Sustain attacks that go unnoticed
Correct Answer(s)
E. Are not typically configured correctly or secured
F. Sustain attacks that go unnoticed

Explanation
Non-essential services are often appealing to attackers because they are not typically configured correctly or secured. This means that they may have weak security measures in place, making them easier for attackers to exploit. Additionally, non-essential services may sustain attacks that go unnoticed because they are not as closely monitored or prioritized by security systems. This allows attackers to potentially gain unauthorized access or carry out malicious activities without being detected.

Rate this question:
4.

QUESTION NO: 804 A user downloads and installs a new screen saver and the program starts to rename and delete random files. Which of the following would be the BEST description of this program?
- A.
  
  Worm
- B.
  
  Virus
- C.
  
  Trojan horse
- D.
  
  Logic bomb
Correct Answer
C. Trojan horse

Explanation
A Trojan horse is a type of malicious software that disguises itself as a legitimate program or file, tricking the user into downloading and installing it. Once installed, the Trojan horse can perform various malicious actions, such as renaming and deleting random files, as described in the question. Unlike viruses and worms, Trojan horses do not replicate themselves or spread to other systems. A logic bomb is a type of malware that is programmed to execute a malicious action at a specific time or under certain conditions. Therefore, the best description for the given scenario is a Trojan horse.

Rate this question:
5.

QUESTION NO: 805 Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software?
- A.
  
  Virus
- B.
  
  Worm
- C.
  
  Trojan horse
- D.
  
  Logic bomb
Correct Answer
B. Worm

Explanation
A worm is a type of malicious software that can travel across computer networks without the need for user distribution. Unlike a virus, which requires a host file or program to replicate, a worm can independently spread itself through network connections. It can exploit vulnerabilities in network protocols or use social engineering techniques to trick users into executing it. Once inside a system, a worm can replicate itself and spread to other connected devices, causing damage or stealing information. Therefore, the correct answer is worm.

Rate this question:
6.

QUESTION NO: 806 Which of the following should be done if an audit recording fails in an information system?
- A.
  
  Log off the user
- B.
  
  Overwrite the oldest audit records
- C.
  
  Stop generating audit records
- D.
  
  Send an alert to the appropriate personnel
Correct Answer
D. Send an alert to the appropriate personnel

Explanation
If an audit recording fails in an information system, it is important to send an alert to the appropriate personnel. This is because failing audit recordings can indicate a potential security breach or system malfunction. By alerting the appropriate personnel, they can investigate the issue, identify the cause of the failure, and take necessary actions to rectify the problem and ensure the integrity and security of the system.

Rate this question:
7.

QUESTION NO: 807 Which of the following types of authentication BEST describes providing a username, password and undergoing a thumb print scan to access a workstation?
- A.
  
  Multifactor
- B.
  
  Mutual
- C.
  
  Biometric
- D.
  
  Kerberos
Correct Answer
A. Multifactor

Explanation
The given scenario describes the use of multiple factors for authentication. In this case, the user is required to provide a username, password, and undergo a thumbprint scan. This combination of factors, including something the user knows (password), something the user has (thumbprint), and something the user is (username), is known as multifactor authentication. It provides an additional layer of security by requiring multiple pieces of evidence to verify the user's identity before granting access to the workstation.

Rate this question:
8.

QUESTION NO: 808 Which of the following steps is MOST often overlooked during the auditing process?
- A.
  
  Reviewing event logs regularly
- B.
  
  Enabling auditing on the system
- C.
  
  Auditing every system event
- D.
  
  Deciding what events to audit
Correct Answer
A. Reviewing event logs regularly

Explanation
Reviewing event logs regularly is often overlooked during the auditing process. Event logs contain valuable information about system activities and can help identify any suspicious or unauthorized activities. Regularly reviewing event logs allows auditors to detect and investigate any potential security breaches or anomalies. However, it is a step that is often neglected, leading to missed opportunities for identifying and addressing security issues.

Rate this question:
9.

QUESTION NO: 809 Kerberos uses which of the following ports by default?
- A.
  
  23
- B.
  
  88
- C.
  
  139
- D.
  
  443
Correct Answer
B. 88

Explanation
Kerberos uses port 88 by default. Kerberos is a network authentication protocol that works on the basis of tickets to allow secure communication between clients and servers. Port 88 is specifically designated for Kerberos authentication services. This port is used for the exchange of authentication messages between the client and the Key Distribution Center (KDC), which is the central authentication server in a Kerberos environment.

Rate this question:
10.

QUESTION NO: 810 Turnstiles, double entry doors and security guards are all prevention measures for which of the following types of social engineering?
- A.
  
  Piggybacking
- B.
  
  Looking over a co-workersshould'er to retrieve information
- C.
  
  C. Looking through a co-worker's trash to retrieve information
- D.
  
  Impersonation
Correct Answer
A. Piggybacking

Explanation
Turnstiles, double entry doors, and security guards are all prevention measures for piggybacking. Piggybacking refers to the act of unauthorized individuals following closely behind an authorized person to gain access to a secure area without proper authentication. These prevention measures are put in place to ensure that only authorized individuals are granted entry and to prevent unauthorized individuals from piggybacking on someone else's access.

Rate this question:
11.

QUESTION NO: 811 Spam is considered a problem even when deleted before being opened because spam:
- A.
  
  Verifies the validity of an email address
- B.
  
  Corrupts the mail file
- C.
  
  Wastes company bandwidth
- D.
  
  Installs Trojan horse viruses
Correct Answer
C. Wastes company bandwidth

Explanation
Spam wastes company bandwidth because it consumes network resources and slows down internet speed. When spam emails are received, they take up storage space and require data to be transferred across the network, which can cause congestion and reduce the overall performance of the network. This can negatively impact productivity and increase costs for the company.

Rate this question:
12.

QUESTION NO: 812 Which of the following programming techniques should be used to prevent buffer overflow attacks?
- A.
  
  Input validation
- B.
  
  Nested loops
- C.
  
  Signed applets
- D.
  
  Automatic updates
Correct Answer
A. Input validation

Explanation
Input validation is the correct answer because it involves checking and validating user input to ensure that it meets certain criteria and is within the expected range. By validating input, potential buffer overflow attacks can be prevented because the input is checked for its length and content before it is processed. This helps to ensure that the input does not exceed the allocated buffer size, preventing the attacker from overwriting adjacent memory locations and executing malicious code.

Rate this question:
13.

QUESTION NO: 813 Which of the following authentication systems make use of the KDC Key Distribution Center?
- A.
  
  Certificates
- B.
  
  Security Tokens
- C.
  
  CHAP
- D.
  
  Kerberos
Correct Answer
D. Kerberos

Explanation
Kerberos is the correct answer because it is an authentication protocol that uses a Key Distribution Center (KDC) to authenticate users and provide them with tickets for accessing network services. The KDC acts as a trusted third party that authenticates users and issues session keys that are used for secure communication between the user and the network services. This allows for secure authentication and authorization in a network environment. Certificates, security tokens, and CHAP are not directly related to the use of a KDC for authentication.

Rate this question:
14.

QUESTION NO: 814 Which of the following authentication methods increases the security of the authentication process because it must be in your physical possession?
- A.
  
  Smart Cards
- B.
  
  Kerberos
- C.
  
  CHAP
- D.
  
  Certificate
Correct Answer
A. Smart Cards

Explanation
Smart Cards increase the security of the authentication process because they must be physically possessed by the user. Smart cards are small plastic cards that contain an embedded chip, which stores and processes data securely. The user must insert the smart card into a card reader and provide a PIN or biometric authentication to access the data stored on the card. This physical possession requirement makes it difficult for unauthorized individuals to gain access to the authentication credentials, enhancing the overall security of the authentication process.

Rate this question:
15.

QUESTION NO: 815 Which of the following statements regarding authentication protocols is FALSE?
- A.
  
  PAP is insecure because usernames and passwords are sent over the network in clear text.
- B.
  
  CHAP is more secure than PAP because it encrypts usernames and passwords before they are sent over the network
- C.
  
  RADIUS is a client/server-based system that provides authentication, authorization, and accounting services for remote dial-up access
- D.
  
  MS-CHAP version 1 is capable of mutual authentication of both the client and the server.
Correct Answer
D. MS-CHAP version 1 is capable of mutual authentication of both the client and the server.

Explanation
MS-CHAP version 1 is not capable of mutual authentication of both the client and the server. It only provides authentication of the client to the server.

Rate this question:
16.

QUESTION NO: 816 Which password management system best provides for a system with a large number of users?
- A.
  
  Self service password reset management systems
- B.
  
  Locally saved passwords management systems
- C.
  
  Multiple access methods management systems
- D.
  
  Synchronized passwords management systems
Correct Answer
A. Self service password reset management systems

Explanation
Self service password reset management systems are the best option for a system with a large number of users because they allow users to reset their own passwords without the need for IT support. This reduces the burden on IT staff and increases efficiency. Users can easily reset their passwords through a self-service portal, which saves time and resources. Additionally, self service password reset management systems often include security features such as multi-factor authentication, ensuring that only authorized users can reset their passwords.

Rate this question:
17.

QUESTION NO: 817 Which definition best defines what a challenge-response session is?
- A.
  
  A challenge-response session is a workstation or system that produces a random challenge string that the user provides, when prompted, in conjunction with the proper PIN (Personal Identification Number).
- B.
  
  A challenge-response session is a workstation or system that produces a random login ID that the user provides, when prompted, in conjunction with the proper PIN (Personal Identification Number)
- C.
  
  A challenge-response session is a special hardware device used to produce random text in a cryptography system.
- D.
  
  A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated.
Correct Answer
A. A challenge-response session is a workstation or system that produces a random challenge string that the user provides, when prompted, in conjunction with the proper PIN (Personal Identification Number).

Explanation
A challenge-response session refers to a workstation or system that generates a random challenge string. This challenge string is then presented to the user, who must provide it along with the correct PIN (Personal Identification Number) in order to authenticate themselves.

Rate this question:
18.

QUESTION NO: 818 For which reason are clocks used in Kerberos authentication?
- A.
  
  Clocks are used to ensure proper connections.
- B.
  
  Clocks are used to ensure that tickets expire correctly.
- C.
  
  Clocks are used to generate the seed value for the encryptions keys.
- D.
  
  Clocks are used to both benchmark and specify the optimal encryption algorithm.
Correct Answer
B. Clocks are used to ensure that tickets expire correctly.

Explanation
Clocks are used in Kerberos authentication to ensure that tickets expire correctly. Kerberos uses time-based tickets that have a limited validity period. The clocks on the client and server machines need to be synchronized to ensure that the tickets are valid and not expired. The clocks are used to track the time and determine when a ticket should expire, preventing unauthorized access to the system.

Rate this question:
19.

QUESTION NO: 819 To reduce vulnerabilities on a web server, an administrator should adopt which of the following preventative measures?
- A.
  
  Use packet sniffing software on all inbound communications
- B.
  
  Apply the most recent manufacturer updates and patches to the server.
- C.
  
  Enable auditing on the web server and periodically review the audit logs
- D.
  
  Block all Domain Name Service (DNS) requests coming into the server.
Correct Answer
B. Apply the most recent manufacturer updates and patches to the server.

Explanation
Applying the most recent manufacturer updates and patches to the server is a preventative measure to reduce vulnerabilities on a web server. Manufacturers regularly release updates and patches to address security vulnerabilities and improve the server's overall security. By keeping the server up to date with these updates, the administrator ensures that any known vulnerabilities are patched, reducing the risk of exploitation by attackers. This measure is essential in maintaining the security and integrity of the web server.

Rate this question:
20.

QUESTION NO: 820 Which of the following is a common type of attack on web servers?
- A.
  
  Birthday
- B.
  
  Buffer overflow
- C.
  
  Spam
- D.
  
  Brute force
Correct Answer
B. Buffer overflow

Explanation
A buffer overflow is a common type of attack on web servers where an attacker sends more data than a buffer can handle, causing the excess data to overflow into adjacent memory. This can lead to the execution of malicious code or the crashing of the server.

Rate this question:
21.

QUESTION NO: 821 The employees at a company are using instant messaging on company networked computers. The MOST important security issue to address when using instant messaging is that instant messaging:
- A.
  
  Communications are a drain on bandwidth
- B.
  
  Communications are open and unprotected
- C.
  
  Has no common protocol
- D.
  
  Uses weak encryption
Correct Answer
B. Communications are open and unprotected

Explanation
The most important security issue to address when using instant messaging is that communications are open and unprotected. This means that the messages sent through instant messaging can be intercepted and read by unauthorized individuals. This lack of encryption and protection puts sensitive information at risk and can lead to data breaches or leaks. It is crucial to implement secure protocols and encryption methods to ensure the confidentiality and integrity of instant messaging communications.

Rate this question:
22.

QUESTION NO: 822 A VPN typically provides a remote access link from one host to another over:
- A.
  
  An intranet
- B.
  
  A modem
- C.
  
  A network interface card
- D.
  
  The Internet
Correct Answer
D. The Internet

Explanation
A VPN (Virtual Private Network) typically provides a remote access link from one host to another over the Internet. This means that users can securely connect to a private network from a remote location using the public Internet as the medium. VPNs use encryption and other security measures to ensure that the data transmitted over the Internet remains secure and confidential. By using the Internet as the transport mechanism, VPNs offer a cost-effective and flexible solution for remote access connectivity.

Rate this question:
23.

QUESTION NO: 823 Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received?
- A.
  
  Anti-aliasing
- B.
  
  Data integrity
- C.
  
  Asymmetric cryptography
- D.
  
  Non-repudiation
Correct Answer
D. Non-repudiation

Explanation
Non-repudiation is the correct answer because it provides evidence that a user has received an email and prevents them from denying its receipt. It ensures that the sender can prove that the email was successfully delivered and received by the intended recipient. This is typically achieved through the use of digital signatures or other cryptographic methods that provide authentication and non-repudiation of the message.

Rate this question:
24.

QUESTION NO: 824 Which of the following portions of a company's network is between the Internet and an internal network?
- A.
  
  IDS
- B.
  
  Demilitarized zone (DMZ)
- C.
  
  Filter router
- D.
  
  Bastion host
Correct Answer
B. Demilitarized zone (DMZ)

Explanation
A demilitarized zone (DMZ) is a portion of a company's network that is located between the Internet and an internal network. It acts as a buffer zone, separating the internal network from the external network (Internet). The purpose of a DMZ is to provide an additional layer of security by placing public-facing servers, such as web servers or email servers, in the DMZ. This allows external users to access these servers while keeping the internal network protected from potential threats.

Rate this question:
25.

QUESTION NO: 825 Which of the following is MOST often used to allow a client or partner access to a network?
- A.
  
  Extranet
- B.
  
  Intranet
- C.
  
  VLAN
- D.
  
  Demilitarized zone (DMZ)
Correct Answer
A. Extranet

Explanation
An extranet is a private network that allows external clients or partners to access certain parts of a company's network. It provides a secure and controlled way for these external users to connect and collaborate with the company's internal network and resources. This is often used when there is a need for collaboration, sharing of information, or providing access to specific services to external parties while maintaining security and privacy.

Rate this question:
26.

QUESTION NO: 826 Which of the following types of firewalls provides inspection at layer 7 of the OSI model?
- A.
  
  Application-proxy
- B.
  
  Network address translation (NAT)
- C.
  
  Packet filters
- D.
  
  Stateful inspection
Correct Answer
A. Application-proxy

Explanation
An application-proxy firewall provides inspection at layer 7 of the OSI model. This type of firewall acts as an intermediary between the client and server, allowing it to examine and filter application-layer traffic. It can analyze the content of the traffic, including specific protocols and applications, to make more informed decisions about allowing or blocking certain connections. This level of inspection offers greater control and security compared to other types of firewalls that operate at lower layers of the OSI model.

Rate this question:
27.

QUESTION NO: 827 A newly hired security specialist is asked to evaluate a company's network security. The security specialist discovers that users have installed personal software; the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Which of the following would be the FIRST step to take?
- A.
  
  Install software patches.
- B.
  
  Disable non-essential services.
- C.
  
  Enforce the security policy.
- D.
  
  Password management
Correct Answer
C. Enforce the security policy.

Explanation
The first step to take in this situation would be to enforce the security policy. This is because the security specialist has identified several security vulnerabilities, such as the installation of personal software, default settings on the network OS, lack of software patches, and no requirement for regular password changes. Enforcing the security policy would address these vulnerabilities by implementing measures such as removing personal software, configuring appropriate settings on the network OS, installing software patches, and implementing password management policies. By doing so, the security specialist can improve the overall network security posture of the company.

Rate this question:
28.

QUESTION NO: 828 Giving each user or group of users only the access they need to do their job is an example of which of the following security principals?
- A.
  
  Least privilege
- B.
  
  Defense in depth
- C.
  
  Separation of duties
- D.
  
  Access control
Correct Answer
A. Least privilege

Explanation
Giving each user or group of users only the access they need to do their job is an example of the principle of least privilege. This principle ensures that users are granted the minimum necessary privileges required to perform their tasks, reducing the potential for unauthorized access or accidental misuse of resources. By limiting access rights, organizations can minimize the risk of data breaches and unauthorized actions, enhancing overall security posture.

Rate this question:
29.

QUESTION NO: 829 A company implements an SMTP server on their firewall. This implementation would violate which of the following security principles?
- A.
  
  Keep the solution simple
- B.
  
  Use a device as intended
- C.
  
  Create an in-depth defense
- D.
  
  Address internal threats
Correct Answer
B. Use a device as intended

Explanation
The implementation of an SMTP server on a firewall violates the principle of "Use a device as intended." Firewalls are designed to control and monitor network traffic based on predetermined rules, not to function as email servers. By using the firewall as an SMTP server, the company is not utilizing the device for its intended purpose, which could lead to security vulnerabilities and potential breaches.

Rate this question:
30.

QUESTION NO: 830 A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. Which of the following network devices should be used?
- A.
  
  Router
- B.
  
  Hub
- C.
  
  Switch
- D.
  
  Firewall
Correct Answer
C. Switch

Explanation
A switch should be used to reduce the ability of users on the same floor and network segment to see each other's traffic. Unlike a hub, which broadcasts traffic to all connected devices, a switch directs traffic only to the intended recipient. This improves network security by preventing unauthorized access to data packets. A router is used to connect different networks, while a firewall is a security device that filters network traffic. Therefore, a switch is the most appropriate network device for this scenario.

Rate this question:
31.

QUESTION NO: 831 A system administrator reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take?
- A.
  
  Notify management.
- B.
  
  Determine the business impact.
- C.
  
  Contact law enforcement officials.
- D.
  
  Contain the problem.
Correct Answer
D. Contain the problem.

Explanation
The FIRST action to take when an unauthorized user has accessed the network is to contain the problem. This means isolating the affected systems or devices from the rest of the network to prevent further unauthorized access and potential damage. This step is crucial in order to minimize the impact and mitigate any potential harm caused by the unauthorized access. Once the problem is contained, further actions such as notifying management, determining the business impact, and contacting law enforcement officials can be taken.

Rate this question:
32.

QUESTION NO: 832 A companys security' specialist is securing a web server that is reachable from the Internet. The web server is located in the core internal corporate network. The network cannot be redesigned and the server cannot be moved. Which of the following should the security specialist implement to secure the web server? (Select TWO).
- A.
  
  Router with an IDS module
- B.
  
  Network-based IDS
- C.
  
  Router with firewall rule set
- D.
  
  Host-based IDS
- E.
  
  Network-based firewall
- F.
  
  Host-based firewall
Correct Answer(s)
D. Host-based IDS
F. Host-based firewall

Explanation
The security specialist should implement a host-based IDS (Intrusion Detection System) to monitor and detect any suspicious activity on the web server itself. This will help in identifying any potential attacks or breaches on the server. Additionally, a host-based firewall should be implemented to control and filter the incoming and outgoing traffic specifically for the web server. This will provide an additional layer of protection by allowing only authorized traffic to access the server and blocking any unauthorized attempts.

Rate this question:
33.

QUESTION NO: 833 The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer.
- A.
  
  At the stage when the connection is established and at whichever time after the connection has been established.
- B.
  
  At the stage when the connection is established and when the connection is disconnected
- C.
  
  At the stage when the connection is established
- D.
  
  At the stage when the connection is disconnected
Correct Answer
A. At the stage when the connection is established and at whichever time after the connection has been established.

Explanation
The CHAP protocol performs the handshake process at the stage when the connection is established and at whichever time after the connection has been established. This means that the handshake process can occur multiple times during the duration of the connection, providing an additional layer of authentication and security.

Rate this question:
34.

QUESTION NO: 834 Which of the following are nonessential protocols and services?
- A.
  
  Network News Transfer Protocol (NNTP)
- B.
  
  TFTP (Trivial File Transfer Protocol).
- C.
  
  Domain Name Service (DNS)
- D.
  
  Internet Control Message Protocol (ICMP)
Correct Answer
B. TFTP (Trivial File Transfer Protocol).

Explanation
TFTP (Trivial File Transfer Protocol) is a nonessential protocol and service. It is a simplified version of FTP (File Transfer Protocol) and is primarily used for transferring small files. Unlike other protocols like NNTP, DNS, and ICMP, TFTP is not essential for the basic functioning of a network. It is commonly used in situations where a lightweight and basic file transfer mechanism is required, such as in network booting or firmware updates.

Rate this question:
35.

QUESTION NO: 835 Which of the following protocols are not recommended due to them supplying passwords and information over the network?
- A.
  
  Network News Transfer Protocol (NNTP)
- B.
  
  SNMP (Simple Network Management Protocol).
- C.
  
  Domain Name Service (DNS)
- D.
  
  Internet Control Message Protocol (ICMP)
Correct Answer
B. SNMP (Simple Network Management Protocol).

Explanation
SNMP (Simple Network Management Protocol) is not recommended due to its capability of supplying passwords and information over the network. This protocol is primarily used for managing and monitoring network devices, but it lacks proper security measures to protect sensitive data. SNMP utilizes community strings for authentication, which can be easily intercepted and exploited by malicious actors. Therefore, it is advised to avoid using SNMP for transmitting passwords and confidential information to ensure network security.

Rate this question:
36.

QUESTION NO: 836 Most key fob based identification systems use which of the following types of authentication mechanisms?(Select TWO).
- A.
  
  Kerberos
- B.
  
  Biometrics
- C.
  
  Username/password
- D.
  
  Certificates
- E.
  
  Token
Correct Answer(s)
C. Username/password
E. Token

Explanation
Most key fob based identification systems use username/password and token authentication mechanisms. The username/password mechanism requires the user to enter a unique username and password combination to authenticate their identity. The token mechanism involves the use of a physical device, such as a key fob, that generates a unique code or password that is used for authentication. These two mechanisms provide an additional layer of security to ensure that only authorized individuals can access the system.

Rate this question:
37.

QUESTION NO: 837 Which of the following describes a server or application that is accepting more input than the server or application is expecting?
- A.
  
  Denial of service (DoS)
- B.
  
  Syntax error
- C.
  
  Buffer overflow
- D.
  
  Brute force
Correct Answer
C. Buffer overflow

Explanation
A buffer overflow occurs when a server or application is accepting more input than it is expecting, causing the excess data to overflow into adjacent memory. This can lead to the corruption of data, system crashes, and potentially allow attackers to execute malicious code. It is a common vulnerability that can be exploited to gain unauthorized access to a system or cause it to become unresponsive.

Rate this question:
38.

QUESTION NO: 838 Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with?
- A.
  
  Authentication
- B.
  
  Integrity
- C.
  
  Non-repudiation
- D.
  
  Confidentiality
Correct Answer
B. Integrity

Explanation
Integrity refers to the ability to be reasonably certain that data is not modified or tampered with. This means that the data remains intact and has not been altered in any unauthorized way. Ensuring data integrity is important for maintaining the accuracy and reliability of information.

Rate this question:
39.

QUESTION NO: 839 Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as:
- A.
  
  A phishing attack
- B.
  
  A Trojan horse
- C.
  
  A man-in-the-middle attack
- D.
  
  Social engineering
Correct Answer
D. Social engineering

Explanation
Disguising oneself as a reputable hardware manufacturer's field technician in order to pick up a server for repair is an example of social engineering. Social engineering refers to the manipulation of individuals to gain unauthorized access or obtain sensitive information. In this scenario, the attacker is using deception and impersonation to gain physical access to the server, exploiting the trust placed in the reputation of the hardware manufacturer and the legitimacy of their technicians. This tactic allows the attacker to bypass security measures and potentially gain access to sensitive data or compromise the server.

Rate this question:
40.

QUESTION NO: 840 A security specialist has downloaded a free security software tool from a trusted industry site. The source has published the MD5 hash values for the executable program. The specialist performs a successful virus scan on the download but the MD5 hash is different. Which of the following steps should the specialist take?
- A.
  
  Avoid executing the file and contact the source website administrator
- B.
  
  Ignore the MD5 hash values because the values can change during IP fragmentation.
- C.
  
  Re-run the anti-virus program to ensure that it contains no virus execute
- D.
  
  Install the executable program because there was probably a mistake with the MD5 value.
Correct Answer
A. Avoid executing the file and contact the source website administrator

Explanation
The correct answer is to avoid executing the file and contact the source website administrator. This is because the MD5 hash values are used to verify the integrity of the downloaded file. If the MD5 hash is different, it means that the file has been modified or tampered with, and it may contain malicious code. Therefore, it is important to avoid executing the file and contact the source website administrator to report the issue and seek further guidance.

Rate this question:
41.

QUESTION NO: 841 Which of the following identifies the layer of the OSI model where SSL provides encryption?
- A.
  
  Application
- B.
  
  Network
- C.
  
  Session
- D.
  
  Transport
Correct Answer
C. Session

Explanation
SSL (Secure Sockets Layer) provides encryption at the Session layer of the OSI model. The Session layer is responsible for establishing, managing, and terminating sessions between applications. SSL ensures secure communication by encrypting the data exchanged between the client and the server, protecting it from unauthorized access or tampering. This layer also handles authentication and establishes a secure connection before data transmission begins. Therefore, SSL operates at the Session layer to provide encryption for secure communication.

Rate this question:
42.

QUESTION NO: 842 Which of the following would be the BEST reason to disable unnecessary services on a server?
- A.
  
  Not starting a service will save system memory and reduce startup time.
- B.
  
  If a service doesn't support the function of the server the service won't be missed.
- C.
  
  Attack surface and opportunity for compromise are reduced
- D.
  
  Services can be re-enabled if needed at a later time
Correct Answer
C. Attack surface and opportunity for compromise are reduced

Explanation
Disabling unnecessary services on a server reduces the attack surface, which refers to the potential entry points that attackers can exploit to gain unauthorized access. By disabling these services, the server's exposure to vulnerabilities and potential compromise is minimized. This is the best reason because it directly addresses the security aspect of server management and helps protect the server from potential attacks.

Rate this question:
43.

QUESTION NO: 843 A user is assigned access rights explicitly. This is a feature of which of the following access control models?
- A.
  
  Discretionary Access Control (DAC)
- B.
  
  Mandatory Access Control (MAC)
- C.
  
  Rule Based Access Control (RBAC)
- D.
  
  Role Based Access Control (RBAC)
Correct Answer
A. Discretionary Access Control (DAC)

Explanation
In Discretionary Access Control (DAC), access rights are assigned explicitly by the owner or administrator of the resource. This means that the user has the discretion to grant or revoke access to others. In contrast, in Mandatory Access Control (MAC), access rights are determined by system policies and cannot be overridden by individual users. Rule Based Access Control (RBAC) and Role Based Access Control (RBAC) are different models that also define access rights, but they are not based on explicit assignment by individual users.

Rate this question:
44.

QUESTION NO: 844 Which of the following describes an attacker encouraging a person to perform an action in order to be successful?
- A.
  
  Man-in-the-middle
- B.
  
  Social engineering
- C.
  
  Back door
- D.
  
  Password guessing
Correct Answer
B. Social engineering

Explanation
Social engineering refers to the act of manipulating or deceiving individuals into performing certain actions that may compromise their security or provide unauthorized access to systems or information. In this context, an attacker encourages a person to perform an action in order to achieve their malicious objectives. This can involve techniques such as phishing, impersonation, or psychological manipulation to trick individuals into revealing sensitive information, clicking on malicious links, or installing malicious software.

Rate this question:
45.

QUESTION NO: 845 A user has received an email from a mortgage company asking for personal information including bank account numbers. This would BEST be described as:
- A.
  
  Spam
- B.
  
  Phishing
- C.
  
  Packet sniffing
- D.
  
  A hoax
Correct Answer
B. Phishing

Explanation
The email asking for personal information, including bank account numbers, is described as phishing. Phishing is a type of cyber attack where attackers impersonate legitimate organizations to trick users into revealing sensitive information or performing actions that could compromise their security. In this case, the email is attempting to deceive the user into providing personal and financial information, which could be used for fraudulent purposes.

Rate this question:
46.

QUESTION NO: 846 Which of the following connectivity is required for a web server that is hosting an SSL based web site?
- A.
  
  Port 443 inbound
- B.
  
  Port 443 outbound
- C.
  
  Port 80 inbound
- D.
  
  Port 80 outbound
Correct Answer
A. Port 443 inbound

Explanation
For a web server hosting an SSL based website, inbound connectivity on port 443 is required. Port 443 is the default port for HTTPS traffic, which is used to securely transmit data over the internet. Inbound connectivity on this port allows the server to receive incoming requests from clients and respond with the requested web pages or resources. It is important for SSL based websites as SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser, ensuring that the data transmitted remains confidential and secure.

Rate this question:
47.

QUESTION NO: 847 Malicious port scanning is a method of attack to determine which of the following?
- A.
  
  Computer name
- B.
  
  The fingerprint of the operating system
- C.
  
  The physical cabling topology of a network
- D.
  
  User IDs and passwords
Correct Answer
B. The fingerprint of the operating system

Explanation
Malicious port scanning is a technique used by attackers to identify the fingerprint of the operating system. By scanning the open ports on a system, the attacker can gather information about the services and protocols running on the system, which can help them determine the operating system being used. This information can be used to exploit vulnerabilities specific to that operating system and launch targeted attacks.

Rate this question:
48.

QUESTION NO: 848 Which of the following is used to determine equipment status and modify the configuration or settings of network devices?
- A.
  
  SNMP
- B.
  
  DHCP
- C.
  
  SMTP
- D.
  
  CHAP
Correct Answer
A. SNMP

Explanation
SNMP (Simple Network Management Protocol) is used to determine the status of network equipment and make changes to their configuration or settings. It is a protocol that allows network administrators to manage and monitor network devices, such as routers, switches, and servers. SNMP enables the collection and organization of information about network devices, including their performance, availability, and health. It also provides a means for remote management and configuration of these devices, making it an essential tool for network administration. DHCP (Dynamic Host Configuration Protocol) is used for automatically assigning IP addresses to devices on a network. SMTP (Simple Mail Transfer Protocol) is used for sending emails. CHAP (Challenge Handshake Authentication Protocol) is a security protocol used in PPP (Point-to-Point Protocol) for authentication purposes.

Rate this question:
49.

QUESTION NO: 849 Which of the following is a major reason that social engineering attacks succeed?
- A.
  
  Strong passwords are not required
- B.
  
  Lack of security awareness
- C.
  
  Multiple logins are allowed
- D.
  
  Audit logs are not monitored frequently
Correct Answer
B. Lack of security awareness

Explanation
Social engineering attacks often succeed due to a lack of security awareness. This means that individuals and organizations may not be adequately educated or trained on how to identify and respond to these types of attacks. Without this awareness, people may be more susceptible to manipulation and deception by attackers who use psychological tactics to gain unauthorized access to sensitive information or systems. Therefore, increasing security awareness and providing proper training can help mitigate the risk of social engineering attacks.

Rate this question:
50.

QUESTION NO: 850 Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media?
- A.
  
  Incremental
- B.
  
  Differential
- C.
  
  Full
- D.
  
  Delta
Correct Answer
B. Differential

Explanation
Differential backups require that files and software that have been changed since the last full backup be copied to storage media. This means that only the files that have been modified or added since the last full backup are included in the backup, making it faster and requiring less storage space compared to a full backup.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 21, 2023

Quiz Edited by
ProProfs Editorial Team
Jan 03, 2011

Quiz Created by
Ctstravis

SEC+ Study Guide I

QUESTION NO: 801 Which of the following access decisions are based on a Mandatory Access Control (MAC) environment?

QUESTION NO: 802 Audit log information can BEST be protected by: (Select TWO).

QUESTION NO: 803 Non-essential services are often appealing to attackers because non-essential services: (Select TWO)

QUESTION NO: 804 A user downloads and installs a new screen saver and the program starts to rename and delete random files. Which of the following would be the BEST description of this program?

QUESTION NO: 805 Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software?

QUESTION NO: 806 Which of the following should be done if an audit recording fails in an information system?

QUESTION NO: 807 Which of the following types of authentication BEST describes providing a username, password and undergoing a thumb print scan to access a workstation?

QUESTION NO: 808 Which of the following steps is MOST often overlooked during the auditing process?

QUESTION NO: 809 Kerberos uses which of the following ports by default?

QUESTION NO: 810 Turnstiles, double entry doors and security guards are all prevention measures for which of the following types of social engineering?

QUESTION NO: 811 Spam is considered a problem even when deleted before being opened because spam:

QUESTION NO: 812 Which of the following programming techniques should be used to prevent buffer overflow attacks?

QUESTION NO: 813 Which of the following authentication systems make use of the KDC Key Distribution Center?

QUESTION NO: 814 Which of the following authentication methods increases the security of the authentication process because it must be in your physical possession?

QUESTION NO: 815 Which of the following statements regarding authentication protocols is FALSE?

QUESTION NO: 816 Which password management system best provides for a system with a large number of users?

QUESTION NO: 817 Which definition best defines what a challenge-response session is?

QUESTION NO: 818 For which reason are clocks used in Kerberos authentication?

QUESTION NO: 819 To reduce vulnerabilities on a web server, an administrator should adopt which of the following preventative measures?

QUESTION NO: 820 Which of the following is a common type of attack on web servers?

QUESTION NO: 821 The employees at a company are using instant messaging on company networked computers. The MOST important security issue to address when using instant messaging is that instant messaging:

QUESTION NO: 822 A VPN typically provides a remote access link from one host to another over:

QUESTION NO: 823 Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received?

QUESTION NO: 824 Which of the following portions of a company's network is between the Internet and an internal network?

QUESTION NO: 825 Which of the following is MOST often used to allow a client or partner access to a network?

QUESTION NO: 826 Which of the following types of firewalls provides inspection at layer 7 of the OSI model?

QUESTION NO: 828 Giving each user or group of users only the access they need to do their job is an example of which of the following security principals?

QUESTION NO: 829 A company implements an SMTP server on their firewall. This implementation would violate which of the following security principles?

QUESTION NO: 830 A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. Which of the following network devices should be used?

QUESTION NO: 831 A system administrator reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take?

QUESTION NO: 833 The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer.

QUESTION NO: 834 Which of the following are nonessential protocols and services?

QUESTION NO: 835 Which of the following protocols are not recommended due to them supplying passwords and information over the network?

QUESTION NO: 836 Most key fob based identification systems use which of the following types of authentication mechanisms?(Select TWO).

QUESTION NO: 837 Which of the following describes a server or application that is accepting more input than the server or application is expecting?

QUESTION NO: 838 Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with?

QUESTION NO: 839 Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as:

QUESTION NO: 841 Which of the following identifies the layer of the OSI model where SSL provides encryption?

QUESTION NO: 842 Which of the following would be the BEST reason to disable unnecessary services on a server?

QUESTION NO: 843 A user is assigned access rights explicitly. This is a feature of which of the following access control models?

QUESTION NO: 844 Which of the following describes an attacker encouraging a person to perform an action in order to be successful?

QUESTION NO: 845 A user has received an email from a mortgage company asking for personal information including bank account numbers. This would BEST be described as:

QUESTION NO: 846 Which of the following connectivity is required for a web server that is hosting an SSL based web site?

QUESTION NO: 847 Malicious port scanning is a method of attack to determine which of the following?

QUESTION NO: 848 Which of the following is used to determine equipment status and modify the configuration or settings of network devices?

QUESTION NO: 849 Which of the following is a major reason that social engineering attacks succeed?

QUESTION NO: 850 Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media?