CompTIA Security+ Practice Exam (1)

Violating the security

Strengthening the security policy

Hardening the system

Protecting the DMZ

IPSEC

TSTEC

PRVMIN

RBAC

Bootp

Tftp

Sunrpc

All of the Above

No Answer is Correct

Retention policies

Administrator preferences

MTTF

MTTR

All of the Above

Server based access control

Rule based access control

Token based access control

Role based access control

All of the Above

The use of tokens

The use of profiles

The use of information flow labels

The use of data flow diagrams

Rule based access control

Lattice based access control

Directory based access control

ID based access control

All of the Above

Objects

Scripts

Factors

Models

Both A and B

All that is expressly permitted is forbidden

All that is not expressly permitted is not forbidden

All that is not expressly permitted is forbidden

Both A and B

No Answer is Correct

Privilege

Subject

Sensitivity

Object

Mandatory controls

Discretionary controls

Secret controls

Corrective controls

Non of the Above

Preventive controls

Need-to-know controls

Mandatory adjustable controls

All of the Above

None of the Above

Something you have

Something you know

Something you are

All of the Above

None of the Above

Something you are

Something you know

Something you have

All of the Above

None of the Above

Passwords must be changed at least once every 60 days, depending on your environment.

Passwords must not be the same as user id or login id.

Password aging must be enforced on all systems.

Password must be easy to memorize.

All of the Above

Password history is used.

Password reuse is not allowed.

Any password used must not be word found in a dictionary.

All of the Above

None of the Above

Social Engineering attacks

Logical attacks

Physical attacks

Trojan Horse attacks

None of the Above

Logical attacks

Physical attacks

Trojan Horse attacks

Social Engineering attacks

None of the Above

RADIUS

PPTP

L2TP

IPSec

None of the Above

A Network Access Server

The end user

The authentication server

All of the Above

None of the Above

Host-based

Identity-based

Signature-based

Network-based

It is very costly to set up.

It is not effective.

It cannot analyze encrypted information.

It is very costly to manage.

All of the Above

Telnet

POP

FTP

SSH

All of the Above

CORBA

IPSec

PPTP

DCOM

Both A & D

PPTP

IPSEC

OSPF

L2TP

None of the Above

PPTP

L2TP

OSPF

IPSEC

All of the Above

TLS

SSH

SHTTP

SET

All of the Above

JVM

Bytecode

Interpreter

Just-in-time compiler

All of the Above

Java Applet

CGI

Sandbox

Authenticode

All of the Above

RADIUS

PAP

MS-CHAP

CHAP

Rootkit

Adware

Trojan

Adware

Group policy

Baseline configuration

Patch management

A security template

Most of the implementations use the x.500 directory model

Some of the implementations use default TCP ports 389 and 636

Some implementations use x.509 certificates for securing communications

All attributes will be encrypted

Both logon successes and logon failures

Only logon failures for non-existent users

Only logon success

Only logon failures

Detecting performance anomalies that may be due to security breaches

Assuring that systems are working to their optimal capacity

Knowing when security scans are going to finish

Predicting the end of useful life for the firewall

All of the Above

The login should be the same as the domain account for authentication purposes

The application should not be deployed if it is not fully tested

It is not considered best practice to have a user remember multiple logins

It can be used as a backdoor into the company’s databases

Have a protocol analyzer intercept traffic between two hosts

Know the IP addresses of both hosts and sequence numbers of the TCP/IP packets

Perform a man-in-the-middle attack and communicate directly with two hosts

Obtain the MAC address of the both hosts

A circuit-level firewall

A honeypot

A IDS

A system integrity verifier

Log file monitor (LFM)

System integrity verifier (SIV)

Host-based IDS

Network IDS

RBAC (Role Based Access Control)

DAC (Discretionary Access Control)

MAC (Mandatory Access Control)

All of the Above

None of the above.

DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse.

DAC (Discretionary Access Control) relies on certificates, allowing attackers to use those certificates.

DAC (Discretionary Access Control) does not rely on the identity of a user, allowing anyone to use an account.

DAC (Discretionary Access Control) has no known security flaws.

Capabilities

Access control lists

Permission bits

Profiles

User B has read, write and execute permissions on the file

User B has read and write permissions on the file.

User B has no permissions on the file.

User B has read permissions on the file.

None of the Above

File, printer, and mailbox roles

Sales, marketing, management, and production roles

User and workstation roles

Allow access and deny access roles

Files that don't have an owner CANNOT be modified.

The administrator of the system is an owner of each object.

The operating system is an owner of each object.

Each object has an owner, which has full control over the object.

None of the Above

Sensitivity labels

Group membership

Ownership

Access control lists

MACs (Mandatory Access Control)

RBACs (Role Based Access Control)

LBACs (List Based Access Control)

DACs (Discretionary Access Control)

RBAC (Role Based Access Control).

NDAC (Non-Discretionary Access Control).

MAC (Mandatory Access Control).

DAC (Discretionary Access Control).

Use levels of security to classify users and data

Allow owners of documents to determine who has access to specific documents

Use access control lists which specify a list of authorized users

Use access control lists which specify a list of unauthorized users

Lattice

Bell La-Padula

BIBA

Clark and Wilson

. You should make use of the Role Based Access Control (RBAC) model.

You should make use of the Mandatory Access Control (MAC) model.

You should make use of the Rule Based Access Control (RBAC) model.

You should make use of the Discretionary Access Control (DAC) model.

It is an example of Rule Based Access Control (RBAC).

It is an example of Mandatory Access Control (MAC).

It is an example of Role Based Access Control (RBAC).

It is an example of Discretionary Access Control (DAC).

You should identify Rule Based Access Control (RBAC)

You should identify Mandatory Access Control (MAC)

You should identify Discretionary Access Control (DAC)

You should identify Role Based Access Control (RBAC)

Assigning access rights to a client is a Discretionary Access Control (DAC) characteristic.

Assigning access rights to a client is a Rule Based Access Control (RBAC) characteristic.

Assigning access rights to a client is a Mandatory Access Control (MAC) characteristic.

Assigning access rights to a client is a Role Based Access Control (RBAC) characteristic.

Sensitivity labels are based on a Mandatory Access Control (MAC) environment.

Access control lists are based on a Mandatory Access Control (MAC) environment.

Group membership is based on a Mandatory Access Control (MAC) environment.

Ownership is based on a Mandatory Access Control (MAC) environment.

It is an example of a Discretionary Access Control (DAC) model

It is an example of a Role Based Access Control (RBAC) model.

It is an example of a Mandatory Access Control (MAC) model.

It is an example of a Rule Based Access Control (RBAC) model.

You should place a File and print server on the private network.

You should place a Remote Access Server (RAS) on the private network.

You should place an E-mail server on the private network.

You should place a Web server on the private network.

You should identify the Discretionary Access Control (DAC) access control model.

You should identify the Role Based Access Control (RBAC) access control model.

You should identify the Mandatory Access Control (MAC) access control model.

You should identify the Rule Based Access Control (RBAC) access control model.

None of the Above

The Discretionary Access Control (DAC) access control model would be most suitable.

The Rule Based Access Control (RBAC) access control model would be most suitable.

The Role Based Access Control (RBAC) access control model would be most suitable.

The Mandatory Access Control (MAC) access control model would be most suitable.

You should identify Mandatory Access Control (MAC).

You should identify Role Based Access Control (RBAC).

You should identify Discretionary Access Control (DAC).

You should identify List Based Access Control (LBAC).

This is a feature of Discretionary Access Control (DAC).

This is a feature of Rule Based Access Control (RBAC).

This is a feature of Role Based Access Control (RBAC).

This is a feature of Mandatory Access Control (MAC).

Asynchronous

Synchronous

Cryptographic keys

Smart cards

Self service password resets

Locally saved passwords

Multiple access methods

Synchronized passwords

VPN (Virtual Private Network).

PPTP (Point-to-Point Tunneling Protocol).

One time password.

Complex password requirement.

Dynamic IP (Internet Protocol) routing protocols for routers and servers.

Separate network segments for the realms

Token authentication devices.

Time synchronization services for clients and servers.

To ensure proper connections.

To ensure tickets expire correctly.

To generate the seed value for the encryptions keys.

To benchmark and set the optimal encryption algorithm.

Which of the following factors must be considered when implementing Kerberos authentication?

Kerberos tickets can be spoofed using replay attacks to network resources.

Kerberos requires a centrally managed database of all user and resource passwords.

Kerberos uses clear text passwords.

PPTP (Point-to-Point Tunneling Protocol)

SMTP (Simple Mail Transfer Protocol)

Kerberos

CHAP (Challenge Handshake Authentication Protocol)

Authentication server, security database and privilege server.

SAM (Sequential Access Method), security database and authentication server.

Application database, security database and system manager.

Authentication server, security database and system manager.

When establishing a connection and at anytime after the connection is established.

Only when establishing a connection and disconnecting.

Only when establishing a connection.

Only when disconnecting.

Authentication

Authorization

Certification

Accountability

Passwords

Tokens

Biometrics

Shared secrets

Many-to-one mapping is a type of certificate-based authentication

One-to-one mapping is a type of certificate-based authentication.

One-to-many mapping is a type of certificate-based authentication.

Many-to-many mapping is a type of certificate-based authentication.

You make use of message authentication codes to provide the Key recovery service.

You make use of message authentication codes to provide the Fault recovery service.

You make use of message authentication codes to provide the Acknowledgement service.

You make use of message authentication codes to provide the Integrity service.

It is known as the TCP/IP hijacking attack.

It is known as the Man in the middle attack.

It is known as the Replay attack.

It is known as the Back door attack

Challenge Handshake Authentication Protocol (CHAP) is used to access multiple systems within a company.

Single Sign-on is used to access multiple systems within a company.

Kerberos is used to access multiple systems within a company.

Mandatory Access Control (MAC) is used to access multiple systems within a company.

You should make use of the Mutual authentication method.

You should make use of the Biometric authentication method.

You should make use of the Username/password authentication method.

You should make use of the Multifactor authentication method.

The authentication process is known as need to know.

The authentication process is known as decentralized management.

The authentication process is known as Discretionary Access Control (DAC).

The authentication process is known as single sign-on.

You should identify ATM card and PIN.

You should identify Photo ID and PIN.

You should identify Retina scan and mantrap.

You should identify Username and password.

You should make use of the Kerberos authentication method.

You should make use of the Challenge Handshake Authentication Protocol (CHAP) authentication method.

You should make use of the Username/password authentication method

You should make use of the Multifactor authentication method.

The Biometric authentication best illustrates this scenario.

The Kerberos authentication best illustrates this scenario.

The Mutual authentication best illustrates this scenario.

The Multifactor authentication best illustrates this scenario.

Kerberos uses key fob based identification systems.

Token uses key fob based identification systems.

Biometrics uses key fob based identification systems.

Username/password uses key fob based identification systems.

Certificates uses key fob based identification systems.

You should identify the fingerprint scanner

You should identify the hand scanner.

You should identify the facial scanner.

You should identify the retina scanner.

Kerberos requires a Key Distribution Center.

Kerberos requires POP-3.

Kerberos requires extranets.

Kerberos requires accurate network time.

Kerberos requires SSL/TLS.

You should identify the Biometric authentication model.

You should identify the Multifactor authentication model.

You should identify the Mutual authentication model.

You should identify the Tokens authentication model.

Do not upgrade, as new versions tend to have more security flaws.

Disable any unused features of the web browser.

Connect to the Internet using only a VPN (Virtual Private Network) connection.

Implement a filtering policy for illegal, unknown and undesirable sites.

1,024

32

16,777,216

65,535

21

23

53

55

Non-essential services are often appealing to attackers since less bandwidth is used.

Non-essential services are often appealing to attackers since the surface area for the attack is reduced.

Non-essential services are often appealing to attackers since root level access is offered.

Non-essential services are often appealing to attackers since attacks are maintained that go unnoticed.

Non-essential services are often appealing to attackers since it's not typically configured correctly or secured.