SEC+ Study Guide I

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Ctstravis
C
Ctstravis
Community Contributor
Quizzes Created: 8 | Total Attempts: 2,492
| Attempts: 264
SettingsSettings
Please wait...
  • 1/99 Questions

    QUESTION NO: 814 Which of the following authentication methods increases the security of the authentication process because it must be in your physical possession?

    • Smart Cards
    • Kerberos
    • CHAP
    • Certificate
Please wait...
SEC+ Study Guide Quizzes & Trivia
About This Quiz

This 'Sec+ Study Guide I' enhances readiness for the CompTIA Security+ exam, focusing on topics like Mandatory Access Control, audit log protection, and malware identification, crucial for cybersecurity professionals.

Quiz Preview

  • 2. 

    QUESTION NO: 849 Which of the following is a major reason that social engineering attacks succeed?

    • Strong passwords are not required

    • Lack of security awareness

    • Multiple logins are allowed

    • Audit logs are not monitored frequently

    Correct Answer
    A. Lack of security awareness
    Explanation
    Social engineering attacks often succeed due to a lack of security awareness. This means that individuals and organizations may not be adequately educated or trained on how to identify and respond to these types of attacks. Without this awareness, people may be more susceptible to manipulation and deception by attackers who use psychological tactics to gain unauthorized access to sensitive information or systems. Therefore, increasing security awareness and providing proper training can help mitigate the risk of social engineering attacks.

    Rate this question:

  • 3. 

    QUESTION NO: 845 A user has received an email from a mortgage company asking for personal information including bank account numbers. This would BEST be described as:

    • Spam

    • Phishing

    • Packet sniffing

    • A hoax

    Correct Answer
    A. Phishing
    Explanation
    The email asking for personal information, including bank account numbers, is described as phishing. Phishing is a type of cyber attack where attackers impersonate legitimate organizations to trick users into revealing sensitive information or performing actions that could compromise their security. In this case, the email is attempting to deceive the user into providing personal and financial information, which could be used for fraudulent purposes.

    Rate this question:

  • 4. 

    QUESTION NO: 805 Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software?

    • Virus

    • Worm

    • Trojan horse

    • Logic bomb

    Correct Answer
    A. Worm
    Explanation
    A worm is a type of malicious software that can travel across computer networks without the need for user distribution. Unlike a virus, which requires a host file or program to replicate, a worm can independently spread itself through network connections. It can exploit vulnerabilities in network protocols or use social engineering techniques to trick users into executing it. Once inside a system, a worm can replicate itself and spread to other connected devices, causing damage or stealing information. Therefore, the correct answer is worm.

    Rate this question:

  • 5. 

    QUESTION NO: 810 Turnstiles, double entry doors and security guards are all prevention measures for which of the following types of social engineering?

    • Piggybacking

    • Looking over a co-workersshould'er to retrieve information

    • C. Looking through a co-worker's trash to retrieve information

    • Impersonation

    Correct Answer
    A. Piggybacking
    Explanation
    Turnstiles, double entry doors, and security guards are all prevention measures for piggybacking. Piggybacking refers to the act of unauthorized individuals following closely behind an authorized person to gain access to a secure area without proper authentication. These prevention measures are put in place to ensure that only authorized individuals are granted entry and to prevent unauthorized individuals from piggybacking on someone else's access.

    Rate this question:

  • 6. 

    QUESTION NO: 824 Which of the following portions of a company's network is between the Internet and an internal network?

    • IDS

    • Demilitarized zone (DMZ)

    • Filter router

    • Bastion host

    Correct Answer
    A. Demilitarized zone (DMZ)
    Explanation
    A demilitarized zone (DMZ) is a portion of a company's network that is located between the Internet and an internal network. It acts as a buffer zone, separating the internal network from the external network (Internet). The purpose of a DMZ is to provide an additional layer of security by placing public-facing servers, such as web servers or email servers, in the DMZ. This allows external users to access these servers while keeping the internal network protected from potential threats.

    Rate this question:

  • 7. 

    QUESTION NO: 806 Which of the following should be done if an audit recording fails in an information system?

    • Log off the user

    • Overwrite the oldest audit records

    • Stop generating audit records

    • Send an alert to the appropriate personnel

    Correct Answer
    A. Send an alert to the appropriate personnel
    Explanation
    If an audit recording fails in an information system, it is important to send an alert to the appropriate personnel. This is because failing audit recordings can indicate a potential security breach or system malfunction. By alerting the appropriate personnel, they can investigate the issue, identify the cause of the failure, and take necessary actions to rectify the problem and ensure the integrity and security of the system.

    Rate this question:

  • 8. 

    QUESTION NO: 864 Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. The model with no single trusted root is known as:

    • Peer-to-peer

    • Downlevel

    • Hierarchical

    • Hybrid

    Correct Answer
    A. Peer-to-peer
    Explanation
    PGP uses a PKI Trust Model where no certificate authority (CA) is subordinate to another, meaning there is no single trusted root. This model is known as "peer-to-peer." In a peer-to-peer trust model, each participant in the system has equal trust and can independently verify the authenticity of other participants' certificates without relying on a central authority. This decentralized approach enhances security and reduces the risk of a single point of failure.

    Rate this question:

  • 9. 

    QUESTION NO: 822 A VPN typically provides a remote access link from one host to another over:

    • An intranet

    • A modem

    • A network interface card

    • The Internet

    Correct Answer
    A. The Internet
    Explanation
    A VPN (Virtual Private Network) typically provides a remote access link from one host to another over the Internet. This means that users can securely connect to a private network from a remote location using the public Internet as the medium. VPNs use encryption and other security measures to ensure that the data transmitted over the Internet remains secure and confidential. By using the Internet as the transport mechanism, VPNs offer a cost-effective and flexible solution for remote access connectivity.

    Rate this question:

  • 10. 

    QUESTION NO: 857 To keep an 802.11x network from being automatically discovered, a user should:

    • Turn off the SSID broadcast

    • Leave the SSID default.

    • Change the SSID name

    • Activate the SSID password

    Correct Answer
    A. Turn off the SSID broadcast
    Explanation
    Turning off the SSID broadcast is the correct answer because when the SSID broadcast is disabled, the network name is not visible to devices scanning for available networks. This makes it harder for unauthorized users to discover and connect to the network. Leaving the SSID default or changing the SSID name may provide some level of security, but it does not prevent automatic discovery of the network. Activating the SSID password is important for securing the network, but it does not directly address the issue of automatic discovery.

    Rate this question:

  • 11. 

    QUESTION NO: 870 A person pretends to be a telecommunications repair technician, enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. The person connects a packet sniffer to the network switch in the wiring closet and hides the sniffer behind the switch against a wall. This is an example of:

    • A vulnerability scan

    • Social engineering

    • A man in the middle attack

    • A penetration test

    Correct Answer
    A. Social engineering
    Explanation
    The given scenario describes a situation where the person uses deception and manipulation to gain unauthorized access to a building and network. This type of attack is known as social engineering. Social engineering involves exploiting human psychology and trust to deceive individuals into performing actions that may compromise security. In this case, the person pretends to be a technician and tricks the security guard into unlocking the wiring closet, allowing them to connect a packet sniffer to intercept network traffic. This highlights the importance of employee awareness and training to prevent social engineering attacks.

    Rate this question:

  • 12. 

    QUESTION NO: 823 Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received?

    • Anti-aliasing

    • Data integrity

    • Asymmetric cryptography

    • Non-repudiation

    Correct Answer
    A. Non-repudiation
    Explanation
    Non-repudiation is the correct answer because it provides evidence that a user has received an email and prevents them from denying its receipt. It ensures that the sender can prove that the email was successfully delivered and received by the intended recipient. This is typically achieved through the use of digital signatures or other cryptographic methods that provide authentication and non-repudiation of the message.

    Rate this question:

  • 13. 

    QUESTION NO: 852 The purpose of the SSID in a wireless network is to:

    • Define the encryption protocols used.

    • Secure the WAP

    • Identify the network

    • Protect the client

    Correct Answer
    A. Identify the network
    Explanation
    The purpose of the SSID in a wireless network is to identify the network. SSID stands for Service Set Identifier, and it is a unique name that is assigned to a wireless network. It allows devices to identify and connect to a specific network among multiple available networks in the vicinity. The SSID is broadcasted by the wireless access point (WAP), allowing devices to recognize and join the correct network. It does not define encryption protocols, secure the WAP, or protect the client.

    Rate this question:

  • 14. 

    QUESTION NO: 862 Which of the following access attacks would involve looking through your files in the hopes of finding something interesting?

    • Interception

    • Snooping

    • Eavesdropping

    • None of the above

    Correct Answer
    A. Snooping
    Explanation
    Snooping is an access attack that involves looking through someone's files with the intention of finding something interesting or valuable. It is a form of unauthorized access where an individual tries to gather information or gain insights into someone's personal or confidential data without their knowledge or consent. This can include searching through digital files, emails, documents, or any other type of stored information. Snooping is a common tactic used by hackers, malicious insiders, or individuals with malicious intent to gather sensitive information for personal gain or to exploit it in some way.

    Rate this question:

  • 15. 

    QUESTION NO: 865 Which of the following would be an effective way to ensure that a compromised PKI key can not access a system?

    • Reconfigure the key

    • Revoke the key

    • Delete the key

    • Renew the key

    Correct Answer
    A. Revoke the key
    Explanation
    Revoke the key would be an effective way to ensure that a compromised PKI key cannot access a system. By revoking the key, its validity is immediately terminated, preventing any further use or access to the system. This ensures that the compromised key cannot be used for any malicious activities and maintains the security of the system.

    Rate this question:

  • 16. 

    QUESTION NO: 807 Which of the following types of authentication BEST describes providing a username, password and undergoing a thumb print scan to access a workstation?

    • Multifactor

    • Mutual

    • Biometric

    • Kerberos

    Correct Answer
    A. Multifactor
    Explanation
    The given scenario describes the use of multiple factors for authentication. In this case, the user is required to provide a username, password, and undergo a thumbprint scan. This combination of factors, including something the user knows (password), something the user has (thumbprint), and something the user is (username), is known as multifactor authentication. It provides an additional layer of security by requiring multiple pieces of evidence to verify the user's identity before granting access to the workstation.

    Rate this question:

  • 17. 

    QUESTION NO: 838 Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with?

    • Authentication

    • Integrity

    • Non-repudiation

    • Confidentiality

    Correct Answer
    A. Integrity
    Explanation
    Integrity refers to the ability to be reasonably certain that data is not modified or tampered with. This means that the data remains intact and has not been altered in any unauthorized way. Ensuring data integrity is important for maintaining the accuracy and reliability of information.

    Rate this question:

  • 18. 

    QUESTION NO: 851 The authentication process where the user can access several resources without the need for multiple credentials is known as:

    • Discretionary Access Control (DAC).

    • Need to know

    • Decentralized management

    • Single sign-on

    Correct Answer
    A. Single sign-on
    Explanation
    Single sign-on is the authentication process that allows a user to access multiple resources or systems using a single set of credentials. This eliminates the need for the user to remember and enter multiple usernames and passwords, providing convenience and simplifying the authentication process. With single sign-on, once the user logs in to one system, they are automatically authenticated and granted access to other systems or resources without the need for additional credentials. This improves user experience, enhances security by reducing the risk of weak or reused passwords, and streamlines access management for both users and administrators.

    Rate this question:

  • 19. 

    QUESTION NO: 888 A representative from the human resources department informs a security specialist that an employee has been terminated. Which of the following would be the BEST action to take?

    • Disable the employee's user accounts and keep the data for a specified period of time

    • Disable the employee's user accounts and delete all data.

    • Contact the employee's supervisor regarding disposition of user accounts

    • Change the employee's user password and keep the data for a specified period.

    Correct Answer
    A. Disable the employee's user accounts and keep the data for a specified period of time
    Explanation
    When an employee is terminated, it is important to disable their user accounts to prevent unauthorized access. However, it is also necessary to keep the data for a specified period of time for legal and audit purposes. This allows the company to retain any necessary information or evidence that may be required in the future. Deleting all data could potentially result in the loss of important information or evidence. Contacting the employee's supervisor regarding the disposition of user accounts may not be the best action as the HR department is responsible for managing employee accounts. Changing the employee's user password may not be sufficient as the accounts should be disabled to ensure complete security.

    Rate this question:

  • 20. 

    QUESTION NO: 899 Which of the following are components of host hardening? (Select TWO).

    • Adding users to the administrator group.

    • Disabling unnecessary services

    • Configuring the Start menu and Desktop

    • Applying patches

    Correct Answer(s)
    A. Disabling unnecessary services
    A. Applying patches
    Explanation
    Host hardening is the process of securing a host or computer system by reducing its vulnerabilities. Disabling unnecessary services is an important component of host hardening as it helps to minimize the attack surface by shutting down any services that are not needed. Applying patches is also crucial as it ensures that any known vulnerabilities in the system are fixed and closed, making it less susceptible to attacks. Adding users to the administrator group and configuring the Start menu and Desktop are not directly related to host hardening.

    Rate this question:

  • 21. 

    QUESTION NO: 812 Which of the following programming techniques should be used to prevent buffer overflow attacks?

    • Input validation

    • Nested loops

    • Signed applets

    • Automatic updates

    Correct Answer
    A. Input validation
    Explanation
    Input validation is the correct answer because it involves checking and validating user input to ensure that it meets certain criteria and is within the expected range. By validating input, potential buffer overflow attacks can be prevented because the input is checked for its length and content before it is processed. This helps to ensure that the input does not exceed the allocated buffer size, preventing the attacker from overwriting adjacent memory locations and executing malicious code.

    Rate this question:

  • 22. 

    QUESTION NO: 858 Which of the following BEST describes the baseline process of securing devices on a network infrastructure?

    • Enumerating

    • Hardening

    • Active prevention

    • Passive detection

    Correct Answer
    A. Hardening
    Explanation
    The baseline process of securing devices on a network infrastructure involves hardening the devices. Hardening refers to the process of configuring the devices to remove any unnecessary services or features, applying security patches and updates, and implementing security measures such as strong passwords and access controls. This helps to reduce vulnerabilities and make the devices more resistant to attacks.

    Rate this question:

  • 23. 

    QUESTION NO: 874 Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network?

    • Perform a vulnerability assessment

    • Run a port scan

    • Run a sniffer

    • Install and monitoran IDS

    Correct Answer
    A. Perform a vulnerability assessment
    Explanation
    Performing a vulnerability assessment is the most effective way for an administrator to determine what security holes reside on a network. A vulnerability assessment involves scanning the network infrastructure and systems to identify any weaknesses or vulnerabilities that could be exploited by attackers. This assessment provides a comprehensive view of the network's security posture, allowing the administrator to prioritize and address the identified vulnerabilities to enhance the network's overall security. Running a port scan, running a sniffer, or installing and monitoring an IDS can also provide valuable information, but they are more focused on specific aspects of network security rather than providing a holistic assessment of vulnerabilities.

    Rate this question:

  • 24. 

    QUESTION NO: 821 The employees at a company are using instant messaging on company networked computers. The MOST important security issue to address when using instant messaging is that instant messaging:

    • Communications are a drain on bandwidth

    • Communications are open and unprotected

    • Has no common protocol

    • Uses weak encryption

    Correct Answer
    A. Communications are open and unprotected
    Explanation
    The most important security issue to address when using instant messaging is that communications are open and unprotected. This means that the messages sent through instant messaging can be intercepted and read by unauthorized individuals. This lack of encryption and protection puts sensitive information at risk and can lead to data breaches or leaks. It is crucial to implement secure protocols and encryption methods to ensure the confidentiality and integrity of instant messaging communications.

    Rate this question:

  • 25. 

    QUESTION NO: 887 An organization has a hierarchical-based concept of privilege management with administrators having full access, human resources personnel having slightly less access and managers having access to their own department files only. This is BEST described as:

    • Discretionary Access Control (DAC).

    • Rule Based Access Control (RBAC).

    • Mandatory Access Control (MAC)

    • Role Based Access Control (RBAC)

    Correct Answer
    A. Role Based Access Control (RBAC)
    Explanation
    The given scenario describes a privilege management system where different roles have different levels of access. Administrators have full access, human resources personnel have slightly less access, and managers have access to their own department files only. This aligns with the concept of Role Based Access Control (RBAC), where access is granted based on the roles that individuals hold within the organization. RBAC is a commonly used access control model that provides a structured approach to managing privileges and ensuring that users have the appropriate level of access based on their roles and responsibilities.

    Rate this question:

  • 26. 

    QUESTION NO: 804 A user downloads and installs a new screen saver and the program starts to rename and delete random files. Which of the following would be the BEST description of this program?

    • Worm

    • Virus

    • Trojan horse

    • Logic bomb

    Correct Answer
    A. Trojan horse
    Explanation
    A Trojan horse is a type of malicious software that disguises itself as a legitimate program or file, tricking the user into downloading and installing it. Once installed, the Trojan horse can perform various malicious actions, such as renaming and deleting random files, as described in the question. Unlike viruses and worms, Trojan horses do not replicate themselves or spread to other systems. A logic bomb is a type of malware that is programmed to execute a malicious action at a specific time or under certain conditions. Therefore, the best description for the given scenario is a Trojan horse.

    Rate this question:

  • 27. 

    QUESTION NO: 817 Which definition best defines what a challenge-response session is?

    • A challenge-response session is a workstation or system that produces a random challenge string that the user provides, when prompted, in conjunction with the proper PIN (Personal Identification Number).

    • A challenge-response session is a workstation or system that produces a random login ID that the user provides, when prompted, in conjunction with the proper PIN (Personal Identification Number)

    • A challenge-response session is a special hardware device used to produce random text in a cryptography system.

    • A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated.

    Correct Answer
    A. A challenge-response session is a workstation or system that produces a random challenge string that the user provides, when prompted, in conjunction with the proper PIN (Personal Identification Number).
    Explanation
    A challenge-response session refers to a workstation or system that generates a random challenge string. This challenge string is then presented to the user, who must provide it along with the correct PIN (Personal Identification Number) in order to authenticate themselves.

    Rate this question:

  • 28. 

    QUESTION NO: 840 A security specialist has downloaded a free security software tool from a trusted industry site. The source has published the MD5 hash values for the executable program. The specialist performs a successful virus scan  on the download but the MD5 hash is different. Which of the following steps should the specialist take?

    • Avoid executing the file and contact the source website administrator

    • Ignore the MD5 hash values because the values can change during IP fragmentation.

    • Re-run the anti-virus program to ensure that it contains no virus execute

    • Install the executable program because there was probably a mistake with the MD5 value.

    Correct Answer
    A. Avoid executing the file and contact the source website administrator
    Explanation
    The correct answer is to avoid executing the file and contact the source website administrator. This is because the MD5 hash values are used to verify the integrity of the downloaded file. If the MD5 hash is different, it means that the file has been modified or tampered with, and it may contain malicious code. Therefore, it is important to avoid executing the file and contact the source website administrator to report the issue and seek further guidance.

    Rate this question:

  • 29. 

    QUESTION NO: 885 An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following?

    • Faraday cage

    • Mantrap

    • Grounded wiring frame

    • TEMPEST

    Correct Answer
    A. Faraday cage
    Explanation
    A Faraday cage is an enclosure made of conductive material that blocks external electromagnetic fields and prevents radio frequency signals from escaping or entering the controlled environment. It works by redistributing the electromagnetic energy around the exterior of the cage, effectively canceling out the signals. This is useful in situations where electromagnetic interference needs to be minimized or prevented, such as in sensitive electronic equipment or secure communication systems. A Faraday cage is the best choice among the given options for preventing radio frequency signals from emanating out of a controlled environment.

    Rate this question:

  • 30. 

    QUESTION NO: 819 To reduce vulnerabilities on a web server, an administrator should adopt which of the following preventative measures?

    • Use packet sniffing software on all inbound communications

    • Apply the most recent manufacturer updates and patches to the server.

    • Enable auditing on the web server and periodically review the audit logs

    • Block all Domain Name Service (DNS) requests coming into the server.

    Correct Answer
    A. Apply the most recent manufacturer updates and patches to the server.
    Explanation
    Applying the most recent manufacturer updates and patches to the server is a preventative measure to reduce vulnerabilities on a web server. Manufacturers regularly release updates and patches to address security vulnerabilities and improve the server's overall security. By keeping the server up to date with these updates, the administrator ensures that any known vulnerabilities are patched, reducing the risk of exploitation by attackers. This measure is essential in maintaining the security and integrity of the web server.

    Rate this question:

  • 31. 

    QUESTION NO: 842 Which of the following would be the BEST reason to disable unnecessary services on a server?

    • Not starting a service will save system memory and reduce startup time.

    • If a service doesn't support the function of the server the service won't be missed.

    • Attack surface and opportunity for compromise are reduced

    • Services can be re-enabled if needed at a later time

    Correct Answer
    A. Attack surface and opportunity for compromise are reduced
    Explanation
    Disabling unnecessary services on a server reduces the attack surface, which refers to the potential entry points that attackers can exploit to gain unauthorized access. By disabling these services, the server's exposure to vulnerabilities and potential compromise is minimized. This is the best reason because it directly addresses the security aspect of server management and helps protect the server from potential attacks.

    Rate this question:

  • 32. 

    QUESTION NO: 839 Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as:

    • A phishing attack

    • A Trojan horse

    • A man-in-the-middle attack

    • Social engineering

    Correct Answer
    A. Social engineering
    Explanation
    Disguising oneself as a reputable hardware manufacturer's field technician in order to pick up a server for repair is an example of social engineering. Social engineering refers to the manipulation of individuals to gain unauthorized access or obtain sensitive information. In this scenario, the attacker is using deception and impersonation to gain physical access to the server, exploiting the trust placed in the reputation of the hardware manufacturer and the legitimacy of their technicians. This tactic allows the attacker to bypass security measures and potentially gain access to sensitive data or compromise the server.

    Rate this question:

  • 33. 

    QUESTION NO: 844 Which of the following describes an attacker encouraging a person to perform an action in order to be successful?

    • Man-in-the-middle

    • Social engineering

    • Back door

    • Password guessing

    Correct Answer
    A. Social engineering
    Explanation
    Social engineering refers to the act of manipulating or deceiving individuals into performing certain actions that may compromise their security or provide unauthorized access to systems or information. In this context, an attacker encourages a person to perform an action in order to achieve their malicious objectives. This can involve techniques such as phishing, impersonation, or psychological manipulation to trick individuals into revealing sensitive information, clicking on malicious links, or installing malicious software.

    Rate this question:

  • 34. 

    QUESTION NO: 889 One of the below options are correct regarding the DDoS (Distributed Denial of Service) attack?

    • Listening or overhearing parts of a conversation

    • Placing a computer system between the sender and receiver to capture information

    • Use of multiple computers to attack a single organization

    • Prevention access to resources by users authorized to use those resources

    Correct Answer
    A. Use of multiple computers to attack a single organization
    Explanation
    The correct answer is "Use of multiple computers to attack a single organization." In a DDoS attack, multiple compromised computers are used to flood a target system or network with a high volume of traffic, overwhelming its resources and causing it to become inaccessible to legitimate users. This is done to disrupt the target's services and deny access to its resources.

    Rate this question:

  • 35. 

    QUESTION NO: 820 Which of the following is a common type of attack on web servers?

    • Birthday

    • Buffer overflow

    • Spam

    • Brute force

    Correct Answer
    A. Buffer overflow
    Explanation
    A buffer overflow is a common type of attack on web servers where an attacker sends more data than a buffer can handle, causing the excess data to overflow into adjacent memory. This can lead to the execution of malicious code or the crashing of the server.

    Rate this question:

  • 36. 

    QUESTION NO: 831 A system administrator reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take?

    • Notify management.

    • Determine the business impact.

    • Contact law enforcement officials.

    • Contain the problem.

    Correct Answer
    A. Contain the problem.
    Explanation
    The FIRST action to take when an unauthorized user has accessed the network is to contain the problem. This means isolating the affected systems or devices from the rest of the network to prevent further unauthorized access and potential damage. This step is crucial in order to minimize the impact and mitigate any potential harm caused by the unauthorized access. Once the problem is contained, further actions such as notifying management, determining the business impact, and contacting law enforcement officials can be taken.

    Rate this question:

  • 37. 

    QUESTION NO: 876 A small manufacturing company wants to deploy secure wireless on their network. Which of the following wireless security protocols could be used? (Select TWO).

    • WEP

    • IPX

    • WPA

    • WAN

    Correct Answer(s)
    A. WEP
    A. WPA
    Explanation
    WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) are both wireless security protocols that can be used to secure a wireless network. WEP was the original security protocol for wireless networks but is now considered to be weak and easily cracked. WPA, on the other hand, is a more secure protocol that provides stronger encryption and authentication. Therefore, both WEP and WPA can be used to deploy secure wireless on a network.

    Rate this question:

  • 38. 

    QUESTION NO: 818 For which reason are clocks used in Kerberos authentication?

    • Clocks are used to ensure proper connections.

    • Clocks are used to ensure that tickets expire correctly.

    • Clocks are used to generate the seed value for the encryptions keys.

    • Clocks are used to both benchmark and specify the optimal encryption algorithm.

    Correct Answer
    A. Clocks are used to ensure that tickets expire correctly.
    Explanation
    Clocks are used in Kerberos authentication to ensure that tickets expire correctly. Kerberos uses time-based tickets that have a limited validity period. The clocks on the client and server machines need to be synchronized to ensure that the tickets are valid and not expired. The clocks are used to track the time and determine when a ticket should expire, preventing unauthorized access to the system.

    Rate this question:

  • 39. 

    QUESTION NO: 837 Which of the following describes a server or application that is accepting more input than the server or application is expecting?

    • Denial of service (DoS)

    • Syntax error

    • Buffer overflow

    • Brute force

    Correct Answer
    A. Buffer overflow
    Explanation
    A buffer overflow occurs when a server or application is accepting more input than it is expecting, causing the excess data to overflow into adjacent memory. This can lead to the corruption of data, system crashes, and potentially allow attackers to execute malicious code. It is a common vulnerability that can be exploited to gain unauthorized access to a system or cause it to become unresponsive.

    Rate this question:

  • 40. 

    QUESTION NO: 808 Which of the following steps is MOST often overlooked during the auditing process?

    • Reviewing event logs regularly

    • Enabling auditing on the system

    • Auditing every system event

    • Deciding what events to audit

    Correct Answer
    A. Reviewing event logs regularly
    Explanation
    Reviewing event logs regularly is often overlooked during the auditing process. Event logs contain valuable information about system activities and can help identify any suspicious or unauthorized activities. Regularly reviewing event logs allows auditors to detect and investigate any potential security breaches or anomalies. However, it is a step that is often neglected, leading to missed opportunities for identifying and addressing security issues.

    Rate this question:

  • 41. 

    QUESTION NO: 900 Which of the following common attacks would the attacker capture the user's login information and replay it again later?

    • Back Door Attacks

    • Replay Attack

    • Spoofing

    • ManIn The Middle

    Correct Answer
    A. Replay Attack
    Explanation
    A replay attack is a type of attack where the attacker captures the user's login information and then replays it at a later time to gain unauthorized access. This attack takes advantage of the fact that login information, such as usernames and passwords, are often sent in plain text or easily decrypted formats. By capturing this information, the attacker can impersonate the user and gain access to their accounts or sensitive information.

    Rate this question:

  • 42. 

    QUESTION NO: 882 Non-repudiation is enforced by which of the following?

    • Secret keys

    • Digital signatures

    • PKI

    • Cipher block chaining

    Correct Answer
    A. Digital signatures
    Explanation
    Digital signatures are used to enforce non-repudiation. Non-repudiation ensures that the sender of a message cannot deny sending it, and the recipient cannot deny receiving it. Digital signatures provide a way to verify the authenticity and integrity of a message by using a cryptographic algorithm. The sender signs the message with their private key, and the recipient can verify the signature using the sender's public key. This ensures that the message has not been tampered with and can be attributed to the sender, thus enforcing non-repudiation.

    Rate this question:

  • 43. 

    QUESTION NO: 890 An SMTP server is the source of email spam in an organization. Which of the following is MOST likely the cause?

    • The administrator account was not secured.

    • X.400 connectors have not been password protected.

    • Remote access to the email application's install directory has not been removed.

    • Anonymous relays have not been disabled.

    Correct Answer
    A. Anonymous relays have not been disabled.
    Explanation
    The most likely cause of an SMTP server being the source of email spam in an organization is that anonymous relays have not been disabled. Anonymous relays allow anyone to send emails through the SMTP server without authentication, making it easy for spammers to abuse the server. By disabling anonymous relays, only authenticated users will be able to send emails, reducing the risk of spam being sent from the server.

    Rate this question:

  • 44. 

    QUESTION NO: 894 Which of the following types of programs autonomously replicates itself across networks?

    • Trojan horse

    • Worm

    • Virus

    • Spyware

    Correct Answer
    A. Worm
    Explanation
    A worm is a type of program that can autonomously replicate itself across networks. Unlike viruses, worms do not need to attach themselves to a host file or program in order to spread. They can spread independently by exploiting vulnerabilities in computer systems or by using network connections. This allows them to quickly infect multiple computers and networks, causing widespread damage. Unlike Trojan horses or spyware, worms focus on replication and spreading rather than on stealing information or gaining unauthorized access.

    Rate this question:

  • 45. 

    QUESTION NO: 854 Which of the following is often misused by spyware to collect and report a user's activities?

    • Persistent cookie

    • Web bug

    • Tracking cookie

    • Session cookie

    Correct Answer
    A. Tracking cookie
    Explanation
    Tracking cookies are often misused by spyware to collect and report a user's activities. Tracking cookies are small text files that are stored on a user's computer by websites they visit. These cookies are used to track the user's browsing behavior and collect information such as search history, visited websites, and online preferences. Spyware can exploit tracking cookies to gather personal information without the user's consent or knowledge. This misuse of tracking cookies by spyware poses a significant privacy and security risk for users.

    Rate this question:

  • 46. 

    QUESTION NO: 855 Choose the figure which represents the number of ports in the TCP/IP (Transmission Control Protocol/Internet Protocol) which are vulnerable to being scanned, attacked, and exploited.

    • 32 ports

    • 1,024 ports

    • 65,535 ports

    • 16,777,216 ports

    Correct Answer
    A. 65,535 ports
    Explanation
    The correct answer is 65,535 ports. This is because TCP/IP uses a 16-bit address field in its header, which allows for a maximum of 65,535 different port numbers. These port numbers are used to identify specific processes or services running on a device, and some of them may be vulnerable to scanning, attacking, or exploitation if not properly secured.

    Rate this question:

  • 47. 

    QUESTION NO: 861 Fiber optic cable is considered safer than CAT5 because fiber optic cable: (Select TWO).

    • Is not susceptible to interference

    • Is hard to tap in to.

    • Is made of glass rather than copper

    • Can be run for a longer distance

    • Is more difficult to install

    Correct Answer(s)
    A. Is not susceptible to interference
    A. Is hard to tap in to.
    Explanation
    Fiber optic cable is considered safer than CAT5 because it is not susceptible to interference. Unlike copper-based cables, fiber optic cables transmit data using light signals, which are not affected by electromagnetic interference or radio frequency interference. Additionally, fiber optic cables are hard to tap into. Since they transmit data as light pulses through thin strands of glass or plastic, any attempt to tap into the cable and intercept the data would cause the light signal to be disrupted, making it difficult for unauthorized access.

    Rate this question:

  • 48. 

    QUESTION NO: 803 Non-essential services are often appealing to attackers because non-essential services: (Select TWO)

    • Consume less bandwidth

    • Are not visible to an IDS

    • Provide root level access

    • Decrease the surface area for the attack

    • Are not typically configured correctly or secured

    • Sustain attacks that go unnoticed

    Correct Answer(s)
    A. Are not typically configured correctly or secured
    A. Sustain attacks that go unnoticed
    Explanation
    Non-essential services are often appealing to attackers because they are not typically configured correctly or secured. This means that they may have weak security measures in place, making them easier for attackers to exploit. Additionally, non-essential services may sustain attacks that go unnoticed because they are not as closely monitored or prioritized by security systems. This allows attackers to potentially gain unauthorized access or carry out malicious activities without being detected.

    Rate this question:

  • 49. 

    QUESTION NO: 871 Which of the following definitions would be correct regarding Active Inception?

    • Someone looking through your files

    • Involve someone who routinely monitors network traffic

    • Listening or overhearing parts of a conversation

    • Placing a computer system between the sender and receiver to capture information.

    Correct Answer
    A. Placing a computer system between the sender and receiver to capture information.
    Explanation
    Active Inception refers to the act of placing a computer system between the sender and receiver to capture information. This involves intercepting and monitoring the communication between two parties without their knowledge or consent. It allows the interceptor to gather sensitive data, such as passwords, credit card information, or other confidential details. This definition distinguishes Active Inception from the other options, which involve activities like looking through files, monitoring network traffic, or listening to conversations, but not necessarily intercepting information in the same way.

    Rate this question:

Quiz Review Timeline (Updated): Mar 21, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Jan 03, 2011
    Quiz Created by
    Ctstravis

Recent Quizzes

Security Plus Questions: Comptia Quiz! Security Plus Questions: Comptia Quiz!
CompTIA Security+ SY0-501 Practice Test 02 CompTIA Security+ SY0-501 Practice Test 02
CompTIA Security+ SY0-501 Practice Test 01 CompTIA Security+ SY0-501 Practice Test 01
Quiz on CompTIA Security+ Certification! Trivia Questions Quiz on CompTIA Security+ Certification! Trivia Questions
Comptia Security+ Practice Exam Comptia Security+ Practice Exam
Comptia Security PLUS Practice Exam Comptia Security PLUS Practice Exam
Back to Top Back to top
Advertisement