Security + 10 (801-900)

100 Questions | Total Attempts: 20

SettingsSettingsSettings
Security Plus Quizzes & Trivia

Questions and Answers
  • 1. 
    The fundamental information security principals include confidentiality, availability and which of the following?
    • A. 

      The ability to secure data against unauthorized disclosure to external sources

    • B. 

      The capacity of a system to resist unauthorized changes to stored information

    • C. 

      The confidence with which a system can attest to the identity of a user

    • D. 

      The characteristic of a system to provide uninterrupted service to authorized users

  • 2. 
    Which of the following is the MOST likely cause of users being unable to verify a single user’s email signature and that user being unable to decrypt sent messages?
    • A. 

      Unmatched key pairs

    • B. 

      Corrupt key escrow

    • C. 

      Weak public key

    • D. 

      Weak private key

  • 3. 
    Full disk encryption is MOST effective against which of the following threats?
    • A. 

      Denial of service by data destruction

    • B. 

      Eavesdropping emanations

    • C. 

      Malicious code

    • D. 

      Theft of hardware

  • 4. 
    Which of the following may cause Jane, the security administrator, to seek an ACL work around?
    • A. 

      Zero day exploit

    • B. 

      Dumpster diving

    • C. 

      Virus outbreak

    • D. 

      Tailgating

  • 5. 
    In order to use a two-way trust model the security administrator MUST implement which of the following?
    • A. 

      DAC

    • B. 

      PKI

    • C. 

      HTTPS

    • D. 

      TPM

  • 6. 
    Which of the following would a security administrator use to verify the integrity of a file? 
    • A. 

      Time stamp

    • B. 

      MAC times

    • C. 

      File descriptor

    • D. 

      Hash

  • 7. 
    Which of the following is a best practice when securing a switch from physical access?
    • A. 

      Disable unnecessary accounts

    • B. 

      Print baseline configuration

    • C. 

      Enable access lists

    • D. 

      Disable unused ports

  • 8. 
    A security administrator needs to image a large hard drive for forensic analysis. Which of the following will allow for faster imaging to a second hard drive?
    • A. 

      Cp /dev/sda /dev/sdb bs=8k

    • B. 

      Tail -f /dev/sda > /dev/sdb bs=8k

    • C. 

      Dd in=/dev/sda out=/dev/sdb bs=4k

    • D. 

      Locate /dev/sda /dev/sdb bs=4k

  • 9. 
    Sara, an employee, tethers her smartphone to her work PC to bypass the corporate web security gateway while connected to the LAN. While Sara is out at lunch her PC is compromised via the tethered connection and corporate data is stolen. Which of the following would BEST prevent this from occurring again?
    • A. 

      Disable the wireless access and implement strict router ACLs.

    • B. 

      Reduce restrictions on the corporate web security gateway.

    • C. 

      Security policy and threat awareness training.

    • D. 

      Perform user rights and permissions reviews.

  • 10. 
    Which of the following can be implemented if a security administrator wants only certain devices connecting to the wireless network? 
    • A. 

      Disable SSID broadcast

    • B. 

      Install a RADIUS server

    • C. 

      Enable MAC filtering

    • D. 

      Lowering power levels on the AP

  • 11. 
    Which of the following malware types typically allows an attacker to monitor a user’s computer, is characterized by a drive-by download, and requires no user interaction?
    • A. 

      Virus

    • B. 

      Logic bomb

    • C. 

      Spyware

    • D. 

      Adware

  • 12. 
    Which of the following malware types may require user interaction, does not hide itself, and is commonly identified by marketing pop-ups based on browsing habits?
    • A. 

      Botnet

    • B. 

      Rootkit

    • C. 

      Adware

    • D. 

      Virus

  • 13. 
    Which of the following is characterized by an attack against a mobile device? 
    • A. 

      Evil twin

    • B. 

      Header manipulation

    • C. 

      Blue jacking

    • D. 

      Rogue AP

  • 14. 
    Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?
    • A. 

      Rogue access point

    • B. 

      Zero day attack

    • C. 

      Packet sniffing

    • D. 

      LDAP injection

  • 15. 
    Which of the following protocols allows for the LARGEST address space?
    • A. 

      IPX

    • B. 

      IPv4

    • C. 

      IPv6

    • D. 

      Appletalk

  • 16. 
    Who should be contacted FIRST in the event of a security breach?
    • A. 

      Forensics analysis team

    • B. 

      Internal auditors

    • C. 

      Incident response team

    • D. 

      Software vendors

  • 17. 
    A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the following attack types has occurred?
    • A. 

      Buffer overflow

    • B. 

      Cross-site scripting

    • C. 

      XML injection

    • D. 

      SQL injection

  • 18. 
    Which of the following is an example of a false negative?
    • A. 

      The IDS does not identify a buffer overflow.

    • B. 

      Anti-virus identifies a benign application as malware.

    • C. 

      Anti-virus protection interferes with the normal operation of an application

    • D. 

      A user account is locked out after the user mistypes the password too many times.

  • 19. 
    Which of the following access controls enforces permissions based on data labeling at specific levels?
    • A. 

      Mandatory access control

    • B. 

      Separation of duties access control

    • C. 

      Discretionary access control

    • D. 

      Role based access control

  • 20. 
    Sara, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days’ hashes. Which of the following security concepts is Sara using?
    • A. 

      Confidentiality

    • B. 

      Compliance

    • C. 

      Integrity

    • D. 

      Availability

  • 21. 
    Which of the following would be used to identify the security posture of a network without actually exploiting any weaknesses?
    • A. 

      Penetration test

    • B. 

      Code review

    • C. 

      Vulnerability scan

    • D. 

      Brute Force scan

  • 22. 
    Which of the following authentication services uses a ticket granting system to provide access?
    • A. 

      RADIUS

    • B. 

      LDAP

    • C. 

      TACACS+

    • D. 

      Kerberos

  • 23. 
    Matt, a security administrator, wants to configure all the switches and routers in the network in order to securely monitor their status. Which of the following protocols would he need to configure on each device? 
    • A. 

      SMTP

    • B. 

      SNMPv3

    • C. 

      IPSec

    • D. 

      SNMP

  • 24. 
    Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).
    • A. 

      Disable the wired ports

    • B. 

      Use channels 1, 4 and 7 only

    • C. 

      Enable MAC filtering

    • D. 

      Disable SSID broadcast

    • E. 

      Switch from 802.11a to 802.11b

  • 25. 
    The public key is used to perform which of the following? (Select THREE).
    • A. 

      Validate the CRL

    • B. 

      Validate the identity of an email sender

    • C. 

      Encrypt messages

    • D. 

      Perform key recovery

    • E. 

      Decrypt messages

    • F. 

      Perform key escrow

Back to Top Back to top