Security + 5 (401-500) Trivia Quiz

100 Questions | Total Attempts: 39

SettingsSettingsSettings
Security Plus Quizzes & Trivia

If you like answering specifically designed questions that touch on security and well being in general then try out this quiz. It is quite simple and therefore it will be easy to answer. All the best.


Questions and Answers
  • 1. 
    The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as: 
    • A. 

      Stabilizing

    • B. 

      Reinforcing

    • C. 

      Hardening

    • D. 

      Toughening

  • 2. 
    What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)?
    • A. 

      Enticement

    • B. 

      Entrapment

    • C. 

      Deceit

    • D. 

      Sting

  • 3. 
    Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?
    • A. 

      PAP, MSCHAPv2

    • B. 

      CHAP, PAP

    • C. 

      MSCHAPv2, NTLMv2

    • D. 

      NTLM, NTLMv2

  • 4. 
    Which of the following is an advantage of implementing individual file encryption on a hard drive which already deploys full disk encryption?
    • A. 

      Reduces processing overhead required to access the encrypted files

    • B. 

      Double encryption causes the individually encrypted files to partially lose their properties

    • C. 

      Individually encrypted files will remain encrypted when copied to external media

    • D. 

      File level access control only apply to individually encrypted files in a fully encrypted drive

  • 5. 
    An IT director is looking to reduce the footprint of their company’s server environment. They have decided to move several internally developed software applications to an alternate environment, supported by an external company. Which of the following BEST describes this arrangement?
    • A. 

      Infrastructure as a Service

    • B. 

      Storage as a Service

    • C. 

      Platform as a Service

    • D. 

      Software as a Service

  • 6. 
    A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction. Which of the following types of controls is being used?
    • A. 

      Detective

    • B. 

      Deterrent

    • C. 

      Corrective

    • D. 

      Preventive

  • 7. 
    A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario?
    • A. 

      WPA2

    • B. 

      WPA

    • C. 

      IPv6

    • D. 

      IPv4

  • 8. 
    The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity?
    • A. 

      Application hardening

    • B. 

      Application firewall review

    • C. 

      Application change management

    • D. 

      Application patch management

  • 9. 
    An IT auditor tests an application as an authenticated user. This is an example of which of the following types of testing?
    • A. 

      Penetration

    • B. 

      White box

    • C. 

      Black box

    • D. 

      Gray box

  • 10. 
    The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Select TWO).
    • A. 

      Fire- or water-proof safe.

    • B. 

      Department door locks.

    • C. 

      Proximity card.

    • D. 

      24-hour security guard.

    • E. 

      Locking cabinets and drawers.

  • 11. 
    Which of the following is an important implementation consideration when deploying a wireless network that uses a shared password?
    • A. 

      Authentication server

    • B. 

      Server certificate

    • C. 

      Key length

    • D. 

      EAP method

  • 12. 
    Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?
    • A. 

      EAP-MD5

    • B. 

      WEP

    • C. 

      PEAP-MSCHAPv2

    • D. 

      EAP-TLS

  • 13. 
    Some customers have reported receiving an untrusted certificate warning when visiting the company’s website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem?
    • A. 

      The intermediate CA certificates were not installed on the server.

    • B. 

      The certificate is not the correct type for a virtual server.

    • C. 

      The encryption key used in the certificate is too short.

    • D. 

      The client’s browser is trying to negotiate SSL instead of TLS.

  • 14. 
    A security analyst needs to ensure all external traffic is able to access the company’s front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?
    • A. 

      DMZ

    • B. 

      Cloud computing

    • C. 

      VLAN

    • D. 

      Virtualization

  • 15. 
    A company’s business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model?
    • A. 

      Software as a Service

    • B. 

      DMZ

    • C. 

      Remote access support

    • D. 

      Infrastructure as a Service

  • 16. 
    Which of the following network devices is used to analyze traffic between various network interfaces?
    • A. 

      Proxies

    • B. 

      Firewalls

    • C. 

      Content inspection

    • D. 

      Sniffers

  • 17. 
    Layer 7 devices used to prevent specific types of html tags are called:
    • A. 

      Firewalls

    • B. 

      Content filters

    • C. 

      Routers

    • D. 

      NIDS

  • 18. 
    A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports?
    • A. 

      SNMP

    • B. 

      SNMPv3

    • C. 

      ICMP

    • D. 

      SSH

  • 19. 
    A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS+. This type of implementation supports which of the following risk mitigation strategies?
    • A. 

      User rights and permissions review

    • B. 

      Change management

    • C. 

      Data loss prevention

    • D. 

      Implement procedures to prevent data theft

  • 20. 
    Company A sends a PGP encrypted file to company B. If company A used company B’s public key to encrypt the file, which of the following should be used to decrypt data at company B?
    • A. 

      Registration

    • B. 

      Public key

    • C. 

      CRLs

    • D. 

      Private key

  • 21. 
    Which of the following types of authentication solutions use tickets to provide access to various resources from a central location?
    • A. 

      Biometrics

    • B. 

      PKI

    • C. 

      ACLs

    • D. 

      Kerberos

  • 22. 
    A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff?
    • A. 

      Virtualization

    • B. 

      Subnetting

    • C. 

      IaaS

    • D. 

      SaaS

  • 23. 
    After viewing wireless traffic, an attacker notices the following networks are being broadcasted by local access points: CorpnetCoffeeshopFreePublicWifi Using this information the attacker spoofs a response to make nearby laptops connect back to a malicious device. Which of the following has the attacker created?
    • A. 

      Infrastructure as a Service

    • B. 

      Load balancer

    • C. 

      Evil twin

    • D. 

      Virtualized network

  • 24. 
    Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by?
    • A. 

      Key escrow

    • B. 

      Non-repudiation

    • C. 

      Multifactor authentication

    • D. 

      Hashing

  • 25. 
    After a recent breach, the security administrator performs a wireless survey of the corporate network. The security administrator notices a problem with the following output: MAC SSID ENCRYPTION POWER BEACONS 00:10:A1:36:12:CC MYCORP WPA2 CCMP 60 120200:10:A1:49:FC:37 MYCORP WPA2 CCMP 70 9102FB:90:11:42:FA:99 MYCORP WPA2 CCMP 40 303100:10:A1:AA:BB:CC MYCORP WPA2 CCMP 55 202100:10:A1:FA:B1:07 MYCORP WPA2 CCMP 30 6044 Given that the corporate wireless network has been standardized, which of the following attacks is underway?
    • A. 

      Evil twin

    • B. 

      IV attack

    • C. 

      Rogue AP

    • D. 

      DDoS

Back to Top Back to top