Security+ Mock Exam Questions Set 2
Securing Communication & other Infrastructure
- 1.
Which of the following is the most popular protocol that is used in dial-up connections?
- A.
SLIP
- B.
PPTP
- C.
POP3
- D.
PPP
Correct Answer
D. PPPExplanation
SLIP and PPP are the only two protocols that can be used for dial-up connections. SLIP is now obsolete. PPTP is a tunneling protocol and POP3 is used for mail retrieval.Rate this question:
-
- 2.
Which of the following protocols could a VPN make use of? Choose two.
- A.
PPTP
- B.
L2TP
- C.
HTTP
- D.
NNTP
Correct Answer(s)
A. PPTP
B. L2TPExplanation
A VPN tunnel requires tunneling protocols. L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol) are the only two relevant protocols that relate to VPN. HTTP and NNTP are services that are usually configured on a Web Server.Rate this question:
-
- 3.
When a remote user is dialing-in to the network, which of the following servers would be challenging his request for authentication first?
- A.
Authenticating server
- B.
RADIUS Server
- C.
HTTP Server
- D.
File Server
Correct Answer
B. RADIUS ServerExplanation
In the mentioned scenario, the RADIUS server would be challenging the users request first, the rest of the servers on the network, would then verify with this RADIUS server at a later stage when they receive a request for resource access from this dial-in or remote user.Rate this question:
-
- 4.
You are configuring a VPN whose tunnel passes through the public network. You are concerned for the security as your VPN may be connecting across the globe to several networks operating on different platforms. Which of the following would be ideal to secure your VPN? Choose the best answer.
- A.
PPTP
- B.
IPSec
- C.
Kerberos
- D.
Certificate
Correct Answer
B. IPSecExplanation
Since the only protocol that supports cross platform communication is IP, the best way to implement security in this scenario would be through IPSec. PPTP is a tunneling protocol and does not relate to security. Kerberos is a LAN security protocol. Certificates can help in this scenario provided the access limitation is acceptable.Rate this question:
-
- 5.
Which of the following would help with dedicated authentication to dial-in clients?
- A.
TACACS
- B.
RADIUS
- C.
IAS
- D.
None of the above
Correct Answer(s)
A. TACACS
B. RADIUS
C. IASExplanation
TACACS (Terminal Access Controller Access Control System), RADIUS are both dedicated authenticating services for dial in users. IAS (Internet Authentication Server) is not ideally meant for this purpose.Rate this question:
-
- 6.
Which of the following will be compulsory tasks to run on Web servers of your network? Choose two.
- A.
Run regular vulnerability checks
- B.
Update Virus definitions
- C.
Re-install OS at regular frequency
- D.
Disk management should be regular
Correct Answer(s)
A. Run regular vulnerability checks
B. Update Virus definitionsExplanation
There are web sites that keep updating vulnerability information for different platforms. It is ideal to constantly browse these sites and keep checking if it applicable for the platform and applications housed in your web server. Another mandatory task is to update virus definition files regularly.Rate this question:
-
- 7.
Which of the following virus types can be transmitted via email? Choose all that apply.
- A.
Worms
- B.
Trojan horse
- C.
Boot Record virus
- D.
EXE file virus
Correct Answer(s)
A. Worms
B. Trojan horseExplanation
Usually email attachments are documents, pictures or zip files. EXE files are usually too large to be sent as mail attachments hence EXE file virus is not appropriate. Boot record virus is deposited into a system through floppy media and not via email.Rate this question:
-
- 8.
When configuring antivirus for email, which of the following configurations must be applied? Choose two.
- A.
Scan before downloading
- B.
Scan before sending
- C.
Scan before opening
- D.
Scan after receiving
Correct Answer(s)
A. Scan before downloading
B. Scan before sendingExplanation
Scan before downloading will ensure the message that is infected will be deleted before actually downloading to the hard disk. Scan before sending will ensure that you are not inadvertently transmitting a virus along with the message tot the destination email Id.Rate this question:
-
- 9.
Which of the following port numbers is used by SMTP?
- A.
21
- B.
20
- C.
25
- D.
119
Correct Answer
C. 25Explanation
SMTP service uses port number 25.Rate this question:
-
- 10.
Which of the following statements about an email server is/are true? Choose only answer(s) that apply
- A.
Verifies if destination domain is self or not before transmitting a mail
- B.
Verifies if recipient is from local domain or not before receiving an email
- C.
Verifies if email is infected or not
- D.
None of the above
Correct Answer(s)
A. Verifies if destination domain is self or not before transmitting a mail
C. Verifies if email is infected or notExplanation
Before transmitting any email, the mail server is bound to verify the domain in the destination address of the email to see if it the domain name is self or not before it actually sends the mail out. Before receiving any email its primary security function is to ensure that the email is not infected. In case of the email being infected it is supposed to be discarded.Rate this question:
-
- 11.
Which of the following statements regarding Infrared communication is true? Choose three.
- A.
It requires line of sight
- B.
It requires the same radio frequency at the transmitting and receiving end.
- C.
It is least secure.
- D.
Interception is possible if the tapping devices is also in the line of sight
- E.
Interception is possible if the tapping device is also tuned to the same radio frequency as the main communicating devices.
Correct Answer(s)
A. It requires line of sight
C. It is least secure.
D. Interception is possible if the tapping devices is also in the line of sightExplanation
Infrared and Radio frequency are two different communication media. The Infrared communication requires line of sight. If the device that intends interception is placed in the line of sight as the main devices then interception will be very easy. This mode of communication is least secure.Rate this question:
-
- 12.
Which of the following statements about a Modem are true? Choose two.
- A.
It steps us AC voltage
- B.
It steps down DC voltage
- C.
It modulates and demodulates signals for the Computer and the telephone line.
- D.
It converts Analog signals to digital and vice versa.
Correct Answer(s)
C. It modulates and demodulates signals for the Computer and the telephone line.
D. It converts Analog signals to digital and vice versa.Explanation
As the name suggests the modem mainly modulates and demodulates signals. Seated (logically) between the telephone line and the PC, it is responsible for converting the analog signals of the telephone to the digital signals required by the PC and vice versa.Rate this question:
-
- 13.
To which layer do the following communicating devices belong? Switch, Ethernet Card.
- A.
Physical layer
- B.
Datalink layer
- C.
Network Layer
- D.
None of the above
Correct Answer
B. Datalink layerExplanation
The mentioned devices� purpose is media access. Media access is the responsibility of Layer 2 or the data link layer. Hence the devices belong to data link layer.Rate this question:
-
- 14.
Which of the following communications use the 2.4 GHz frequency? Choose three.
- A.
Wireless 802.11b and g
- B.
Microwave
- C.
Blue tooth
- D.
Radio frequency
Correct Answer(s)
A. Wireless 802.11b and g
B. Microwave
C. Blue toothExplanation
The microwave operates on the 2.4 GHz range, which is why is it is necessary to place the Wireless 802.11b and g devices slightly apart from Microwave device when used in homes. Blue-tooth as well as Wireless 802.11b and g devices operate on 2.4 GHz frequency.Rate this question:
-
- 15.
If you wish to block FTP access to your Web server, which of the following Firewall types should you consider?
- A.
Stateful Inspection
- B.
Port filtering
- C.
Packet filtering
- D.
Application filtering
Correct Answer
C. Packet filteringExplanation
Stateful inspection is a type of filtering used when complex security is required and header information of packets will have to be read to perform filtering. In the above mentioned scenario, you just need filtering based on port numbers. This type of filtering is done in packet filtering firewall types. Port filtering is a function and not a firewall type. Application filtering is irrelevant.Rate this question:
-
- 16.
Which of the following are capable of functioning as a Firewall? Choose two
- A.
Proxy
- B.
Router
- C.
PC
- D.
Switch
Correct Answer(s)
A. Proxy
B. RouterExplanation
Proxy service as well as the Router is both capable of Network Address translation (NAT) which is the basic function of a firewall.Rate this question:
-
- 17.
Which of the following about the Stateful inspection firewall is true? Choose two.
- A.
It maintains a state table
- B.
It maintains a routing table
- C.
It functions on the network layer
- D.
It functions on the application layer.
Correct Answer(s)
A. It maintains a state table
C. It functions on the network layerExplanation
The Stateful inspection firewall, monitors connection status based on the state table. It functions on the network layer and monitors connection status for the entire network.Rate this question:
-
- 18.
Stateful inspection firewall will operate on all the 7 layers of the OSI reference model. T/F?
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
Stateful Inspection firewall will not operate on all the & layers of OSI reference mode.Rate this question:
-
- 19.
Which of the following will relates to how the external world can access the internal network resources?
- A.
Network policy
- B.
Firewall policy
- C.
Access policy
- D.
None of the above
Correct Answer
C. Access policyExplanation
The access policy or the Service access policy will dictate to what extend the external users can access internal network resources or which of the internal resources will be totally inaccessible to the outside world.Rate this question:
-
- 20.
Which of the following firewall policies is most restrictive?
- A.
Any any
- B.
Deny all
- C.
Permit all
- D.
None of the above
Correct Answer
B. Deny allExplanation
The �deny all� is the most restrictive statement that is implicitly defined in the fireall when no other statement is configured. This will get applied to all packets that do not match with the criteria mentioned in the list above the �deny all� statement.Rate this question:
-
- 21.
When faced with an outgoing packet, which of the following header components would a firewall look at first?
- A.
Protocol information
- B.
Source address
- C.
Destination address
- D.
No of bytes in the header
Correct Answer
C. Destination addressExplanation
The firewall will first look at the destination address.Rate this question:
-
- 22.
If you have implemented a DHCP in your network and you would wish to secure this service so that no external user will be able to become a DHCP client, which of the following would you ensure?
- A.
Block port numbers 20 and 21 on the external interface for incoming connections
- B.
Block port numbers 20 and 21 on the internal interface.
- C.
Block port numbers 67 and 68 on the external interface for incoming connections
- D.
Block port numbers 67 and 68 on the internal interface
Correct Answer
C. Block port numbers 67 and 68 on the external interface for incoming connectionsExplanation
Blocking port numbers 67 and 68 on the external interface of the firewall for incoming connections will ensure that no external user will be able to access the internal DHCP service.Rate this question:
-
- 23.
If you wish to allow the external users access your Web server you must block port number 110. T/F?
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
If you wish to allow the external users access your Web server you must unblock port number 80.Rate this question:
-
- 24.
Which of the following can secure your internal server best, against external attacks? Choose all that apply.
- A.
Perform OS hardening by blocking all access to this server
- B.
Perform OS hardening by verify and terminating all un used service
- C.
Regularly check for unused usernames and disable or delete them.
- D.
Ensure you are running a vulnerability check on this server at regular intervals.
Correct Answer(s)
B. Perform OS hardening by verify and terminating all un used service
C. Regularly check for unused usernames and disable or delete them.
D. Ensure you are running a vulnerability check on this server at regular intervals.Explanation
The best way to preserve an internal server from external attacks is to make sure there are no unnecessary services running on the server, no unused user names are existing in the user database, all vulnerabilities are being verified and monitored at required intervals.Rate this question:
-
- 25.
Which of the following is true about providing security to database servers? Choose two.
- A.
Do not host a database server on the same server as your web server.
- B.
Do not host a database server on a server based system
- C.
Employ a three-tier model
- D.
Employ a centralized administration model.
Correct Answer(s)
A. Do not host a database server on the same server as your web server.
B. Do not host a database server on a server based systemExplanation
It is always safe that you host a database server on a server resource internal to the network rather than on the same server as your Web server. A three-tier model ensures security to your database server as the database server cannot be directly accessed in this model. Centralized or distributed administration will not be a security concern here.Rate this question:
-
- 26.
Which of the following is an ideal practice to ensure network resources� safety? Choose three.
- A.
Rename guest accounts
- B.
Rename administrator accounts.
- C.
Ensure there is just one administrator account present.
- D.
Ensure the administrator account does not have a blank password
- E.
None of the above
Correct Answer(s)
A. Rename guest accounts
B. Rename administrator accounts.
D. Ensure the administrator account does not have a blank passwordExplanation
It is not wise to have just one administrator account in case that administrator gets locked out. It is always safe to rename guest and administrator accounts renamed. Administrator passwords must be difficult to guess and should not be blank.Rate this question:
-
- 27.
To prevent internal Web servers from being accessed you must block TCP port 20. T/F?
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
The port number 443 must also be blocked.Rate this question:
-
- 28.
Authorized update is one way of securing DNS serer. T/F?
- A.
True
- B.
False
Correct Answer
A. TrueExplanation
Authorizing the sender of the update and then checking for verification purpose is one way of securing the DNS server database and service availability.Rate this question:
-
- 29.
Does NTFS provide file system security?
- A.
Yes
- B.
No
Correct Answer
A. YesExplanation
NTFS supports EFS (Encrypted File System) which allows data stored on a mass storage device to be saved in encrypted format.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 17, 2022Quiz Edited by
ProProfs Editorial Team -
Dec 05, 2006Quiz Created by
Vaibhav Agarwal
Back to top