1. Home
  2. Flashcards
  3. Preview

Security +

  1. Which of the following is most often used to allow a client or partner access to a network?




    A. Extranet
  2. Which of the following statements is TRUE regarding the Security Token system?

    a. If your token does not grant you access to certain information, that information will
    either not be displayed or your access will be denied. The authentication system creates a
    token every time a user or a session begins. At the completion of a session, the token is
    destroyed.
    b. A certificate being handed from the server to the client once authentication has been
    established. If you have a pass, you can wander throughout the network. BUT limited
    access is allowed.
    c. The authentication process uses a Key Distribution Center (KDC) to orchestrate the
    entire process. The KDC authenticates the network. Principles can be users, programs, or
    systems. The KDC provides a ticket to the network. Once this ticket is issued, it can be
    used to authenticate against other principles. This occurs automatically when a request or
    service is performed by another network.
    d. The initiator sends a logon request from the client to the server. The server sends a
    challenge back to the client. The challenge is encrypted and then sent back to the server.
    The server compares the value from the client and if the information matches, the server
    grants authorization. If the response fails, the session fails and the request phase starts
    over.
  3. a. If your token does not grant you access to certain information, that information will
    • either not be displayed or your access will be denied. The authentication system creates a
    • token every time a user or a session begins. At the completion of a session, the token is
    • destroyed.
  4. A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. Which of the following network devices should be used?




    C. Switch
  5. Which method can be used to perform DoS attacks?




    A. Botnet
  6. Which item will most likely permit an attacker to make a switch function like a hub?




    A. MAC flooding
  7. Which of the following identifies the layer of the OSI model where SSL provides encryption?




    B. Session
  8. Which of the following can be used by a technician to detect staff members connecting to an unauthorized website?




    A. Protocol analyzer
  9. A company wants to connect the network to a manufacturer's network to be able to order parts. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection?




    D. Extranet

    The extranet can be viewed as part of a company's intranet which is shared, but still isolated from the internet. This is referred to as a business-to-business connection rather than a business-to-consumer connection, with limitations in effect.
  10. While hardening an operating system, which item is least effective?




    A. HIDS

    An HIDS does not harden the OS, it provides a means to detect intrusions.
  11. Which of the following common attacks would the attacker capture the user's login information and replay it again later?




    D. Replay attack

    The practice exam has this improperly attributed to c. Spoof.
  12. Which of the following attacks are being referred to if packets are not connection oriented and do not require the synchronization process?




    D. UDP attack

    This is a DoS attack using the User Datagram Protocol, which is sessionless and/or connectionless. The host under attack wastes time and CPU cycles checking for an application listening to the port, waits to see if a response comes, crafts an ICMP port unreachable message and sends it.
  13. Choose the attack which exploits session initiation between a TCP client and server within a network:




    B. SYN attack

    This is effective against older servers/OS's, in that the server used to dedicate resources before the ACK signal was received in the three-way handshake initiating a valid SYN connection, i.e., SYN--SYN/ACK--ACK. The attacker nevers listens for the SYN/ACK, just pummels the server under attack with SYN packets in a hope to overload the resource management on that server, binding resources which are waiting for an answer that never comes.
  14. From the listing of attacks, choose the attack which misuses the TCP 3-way handshake process in an attempt to overload network servers so that authorized users are denied access to network resources.




    C. SYN attack

    This is effective against older servers/OS's, in that the server used to dedicate resources before the ACK signal was received in the three-way handshake initiating a valid SYN connection, i.e., SYN--SYN/ACK--ACK. The attacker nevers listens for the SYN/ACK, just pummels the server under attack with SYN packets in a hope to overload the resource management on that server, binding resources which are waiting for an answer that never comes.
  15. Malicious code that enters a target system, lays dormant until a user opens the certain program, then deletes the contents of attached network drives and removable storage devices is known as a...




    C. logic bomb

    A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software.
  16. One type of network attack sends two different messages that use the same hash function to generate the same message digest. Which network attack does this?




    B. Birthday attack

    This attack is effected by a mal-formed message which has a matching hash for the correct message. When an individual discovers a matching hash, they can deceive the intended recipient with the mal-formed message.
  17. Which one of the following attacks is one which is launched from multiple zombie machines in an attempt to bring down a service?




    C. DDoS

    Distributed Denial of Service. Army of zombie machines all attacking at the same time from numerous locations.
  18. You work as the security administrator at Chanakya.com. You must configure the firewall to support TACACS. Which port should you open on the firewall?




    D. port 49
  19. Which of the following best describes ARP?




    D. Discovering the MAC address of a device from the IP address

    TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. TACACS uses either TCP or UDP port 49 by default.
  20. Which of the following should be implemented to have all workstations and servers isolated in their own broadcast domains?




    B. VLANs
  21. Who is responsible for establishing access permissions to network resources in the DAC access control model?




    C. the owner of the resource
  22. Which access control system allows the system administrator to establish access permissions to network resources?




    A. MAC
  23. What does the DAC access control model use to identify the users who have permissions to a resource?




    C. Access control lists
  24. What does the MAC access control model use to identify the users who have permissions to a resource?




    A. predefined access privileges
  25. Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item.




    C. MACs method
  26. Choose the terminology or concept which best describes a MAC model.




    B. Lattice
  27. Which authentication method follows this sequence: Logon request, encrypts value response, server, challenge, compare encrypted results, authorize or fail.




    A. CHAP

    In computing, the Challenge-handshake authentication protocol authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet service provider.

    CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network.
  28. Which of the following will restrict access to files according to the identity of the user or group?




    C. DAC

    In computer security, discretionary access control (DAC) is a kind of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong
  29. Which of the following access decsions are based on a MAC environment?




    D. Access control lists

    The Trusted Computer System Evaluation Criteria (TCSEC), the seminal work on the subject which is often referred to as the "Orange Book", defines MAC as "a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity".
  30. Kerberos uses which of the following ports by default?




    A. 88
  31. Which definition best defines what a challenge-response session is?


    a. A challenge-response session is a workstation or system that produces a random
    challenge string that the user provides, when prompted, in conjunction with the proper
    PIN (Personal Identification Number).
    b. A challenge-response session is a workstation or system that produces a random login
    ID that the user provides, when prompted, in conjunction with the proper PIN (Personal
    Identification Number).
    c. A challenge-response session is a special hardware device used to produce random
    text in a cryptography system.
    d. A challenge-response session is the authentication mechanism in the workstation or
    system that does not determine whether the owner should be authenticated.
    a. A challenge-response session is a workstation or system that produces a random challenge string that the user provides, when prompted, in conjunction with the proper PIN (Personal Identification Number).
  32. A newly hired security specialist is asked to evaluate a company's network security. The
    security specialist discovers that users have installed personal software; the network OS
    has default settings and no patches have been installed and passwords are not required to
    be changed regularly. Which of the following would be the first step to take?




    A. Enforce the security policy
  33. Which of the following can be used to implement a procedure to control inbound and outbound traffic on a network segment?




    B. ACL

    On some types of proprietary computer hardware, an Access Control List refers to rules that are applied to port numbers or network daemon names that are available on a host or other layer 3, each with a list of hosts and/or networks permitted to use the service. Both individual servers as well as routers can have network ACLs. Access control lists can generally be configured to control both inbound and outbound traffic, and in this context they are similar to firewalls.
  34. CHAP sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does CHAP perform the handshake process?

    a. At the stage when the connection is established and at whichever time after the
    connection has been established.
    b. At the stage when the connection is established and when the connection is
    disconnected.
    c. At the stage when the connection is established.
    d. At the stage when the connection is disconnected.
    a. At the stage when the connection is established and at whichever time after the connection has been established.

    CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link, and may happen again at any time afterwards. The verification is based on a shared secret (such as the client user's password).
  35. Which of the following will allow a technician to restrict user access to the GUI?




    A. Group policy implementation
  36. Which authentication method will prevent a replay attack from occurring?




    D. Kerberos

    Kerberos is a centralized access control method, requiring a third party key.
  37. Access controls based on security labels associated with each data item and each user are known as:




    A. MAC
  38. A user is assigned access rights explicitly. This is a feature of which of the following access control models?




    A. DAC
  39. During which phase of identification and authentication does proofing occur?




    D. Identification

    Identification and authentication (I&A) is the process of verifying that an identity is bound to the entity that makes an assertion or claim of identity. The I&A process assumes that there was an initial validation of the identity, commonly called identity proofing.
  40. Why do security researchers often use virtual machines?





    equipment and software
    C. To offer an environment where malware can be executed with minimal risk to equipment and software.
  41. Which security action should be finished before access is given to the network?




    C. Identification and authentication
  42. Which item in not a logical access control method?




    D. biometrics

    Logical access control refers to the collection of policies, procedures, organizational structure and electronic access controls designed to enable safe access to computer software and data files as well as to networking.
  43. Which of the following definitions fit correctly in TACACS?

    a. is an older protocol that was used in early remote access environments.
    b. has largely replaced SLIP and offers multiple protocol support including AppleTalk,
    IPX, and DECnet.
    c. are used to make connections between private networks across a public network, such
    as the Internet.
    d. It allows credentials to be accepted from multiple methods, including Kerberos.
    d. It allows credentials to be accepted from multiple methods, including Kerberos.

    TACACS supports practically any authentication mechanism, including PAP, CHAP, MS-CHAP, EAP, token cards, and Kerberos.
  44. Job rotation is a cross-training technique where organizations minimized collusion amongst staff.

    a. True
    b. False
    b. False

    Personnel are cross-trained in different functional areas in order to detect fraud, not collusion.
  45. The Lightweight Directory Access Protocol or LDAP is an application protocol for
    querying and modifying directory services running over TCP/IP. A user needs to
    implement secure LDAP on the network. Which port number will secure LDAP use by
    default?




    B. 636
  46. An end-to-end traffic performance guarantee made by a service provider to a customer is:




    A. SLA

    Service level agreement
  47. Which tool can best monitor changes to the approved system baseline?




    D. Enterprise performance monitoring software
  48. In computer programming, DLL injection is a technique used to run code within the address space of another process by forcing it to load a dynamic-link library. Which activity is most closely associated with DLL injection?




    B. penetration testing

    Although SQL servers appears most logically associated with an injection attack, the question is asking which activity. Penetration testing is an activity, "SQL servers" are an object of attack.
  49. Network utilization is the ratio of current network traffic to the maximum traffic that the port can handle. Which of the following can most effectively determine whether network utilization is abnormal?




    C. Performance baseline

    This question is worded illogically, as it is asking for an action vice an object. Which can be used to most effectively...comparison to the performance baseline will provide the best insight when used in conjunction with the systems monitor.
  50. An Intrusion detection system (IDS) is software and/or hardware designed to detect
    unwanted attempts at accessing, manipulating, and/or disabling of computer systems,
    mainly through a network, such as the Internet. Which of the following is referred to when an IDS is configured to match a specific traffic pattern?




    D. Signature-based

    A specific, pre-defined pattern is a signature.
  51. A network intrusion detection system (NIDS) is an intrusion detection system that tries to
    detect malicious activity such as denial of service attacks, port scans or even attempts to
    crack into computers by monitoring network traffic. Which NIDS configuration is solely
    based on specific network traffic?




    D. Signature-based

    "Specific" network traffic is referring to the known signature of a file.
  52. What is the port number for the Domain Name Service on a server?




    D. 53
  53. Which one of the following optins is a vulnerability assessment tool?




    A. Nessus

    Nessus is a proprietary comprehensive vulnerability scanning program. Its goal is to detect potential vulnerabilities on the tested systems. For example:

    • --Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
    • --Misconfiguration (e.g. open mail relay, missing patches, etc).
    • --Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
    • --Denials of service against the TCP/IP stack by using mangled packets
  54. Which of the following best describes an attempt to transfer DNS zone data?




    A. Reconnaissance

    This reconnaissance method allows a potential intruder to obtain a complete map of an internal network, including hostnames and IP addresses. Since Domain Name Servers are designed to accept requests, the DNS itself is often allowed to remain fairly open by running optional services such as zone transfer. This type of poking around can be detected by unusual connections to or from the DNS. However, the issue can become a bit cloudy if the DNS is not controlled by the system administrator using the simulation.
  55. Which auditing log will show unauthorized usage attempts?




    A. Security
  56. Look at the following intrusion detection systems carefully, which one uses well defined models of how an attack occurs?




    C. signature
  57. One of the below is a description for a password cracker, which one is it?




    A. A program that performs comparative analysis

    If passwords were stored in plain text, reading them would be easy; as a result, they are encrypted. In order to counter the securing effects of encryption, the password cracker will run the wordlists through the same cryptographic algorithm as the original passwords before comparative analysis until a match is established. In other words, the password-cracker adopts the same cryptographic configuration as the password, and then runs the word lists in comparison to the password.
  58. Which of the following will require setting a baseline?




    • B. Anomaly-based monitoring
    • and
    • d. Behavior-based monitoring
  59. Choose the most effective method of preventing computer viruses from spreading throughout the network.




    C. You should enable scanning of all email attachments

    If a virus makes in onto your network, this should halt or slow down the spread of the virus.
  60. An auditing system is necessary to prevent attacks on what part of the system?




    A. The files.

    auditing will track the users accessing the files, providing a means to monitor usage.
  61. Choose the network mapping tool (scanner) which uses ICMP




    D. A ping scanner

    Ping uses ICMP
  62. Which of the following would be most useful in determining which internal user was the source of an attack that compromised another computer in its network?




    B. The target computer's audit logs
  63. Which of the following can best be used to determine the topology of a network and discover unknown devices?




    B. Network mapper
  64. The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and
    procedures needed to create, manage, store, distribute, and revoke digital certificates. The
    public key infrastructure is based on which encryption schemes?




    B. Asymmetric

    Unlike symmetric key algorithms, it does not require a secure initial exchange of one or more secret keys to both sender and receiver. The asymmetric key algorithms are used to create a mathematically related key pair: a secret private key and a published public key.
  65. Which of the following refers to the ability to be reasonably certain that data is not disclosed to unintended persons?




    D. confidentiality
  66. CRL is short for Certificate Revocation List. Which types of keys are included in a CRL?




    A. both public and private keys
  67. Secret key encryption is also known as:




    B. symmetrical
  68. Which statement is true about the cryptographic algorithm employed by TLS to establish a session key?




    B. Diffie-Hellman

    Cryptographic application protocols often use one or more underlying key agreement methods, which are also sometimes themselves referred to as "cryptographic protocols". For instance, TLS employs what is known as the Diffie-Hellman key exchange, which although it is only a part of TLS per se, Diffie-Hellman may be seen as a complete cryptographic protocol in itself for other applications.
  69. Which of the following would be an easy way to determine whether a secure web page has a vallid certificate?




    B. Right click...
  70. In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash
    function with a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been
    employed in a wide variety of security applications, and is also commonly used to check
    the integrity of files. A user sees an MD5 hash number beside a file that they wish to
    download. Which description is true about a hash?

    a. A hash is a unique number that is generated after the file has been encrypted and used
    as the SSL key during download.
    b. A hash is a unique number that is generated based upon the TCP/IP transmission
    header and should be verified before download.
    c. A hash is a unique number that is generated based upon the files contents and used as
    the SSL key during download.
    d. A hash is a unique number that is generated based upon the files contents and should
    be verified after download.
    d. A hash is a unique number that is generated based upon the files contents and should be verified after download.
  71. Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Which of the following is considered the weakest encryption?




    B. DES
  72. Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with?




    A. Integrity
  73. Which description is correct about a way to prevent buffer overflows?




    D. Apply all security patches to workstations

    The patches will prevent known vulnerabilities from attack
  74. Which algorithms can best encrypt large amounts of data?




    D. Symmetric
  75. Which of the following connectivities is required for a web server that is hosting an SSL based web site?




    A. Port 443 inbound
  76. Which item will effectively all for fast, highly secure encryption of a USB flash drive?




    D. AES256
  77. Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header?




    C. NAT
  78. How does one make sure that when an employee leaves the company permanently, that the company will have access to their private keys?




    A. Store the keys in escrow
  79. Which of the following provides the most secure form of encryption?




    D. AES
  80. Which of the following describe the validation of a message's origin?




    C. non-repudiation
  81. A company has instituted a VPN to allow remote users to connect to the office. As time
    progresses multiple security associations are created with each association being more
    secure. Which of the following should be implemented to automate the selection of the
    BEST security association for each user?




    A. IKE

    Internet Key Exchange is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE uses a Diffie–Hellman key exchange to set up a shared session secret, from which cryptographic keys are derived. Public key techniques or, alternatively, a pre-shared key, are used to mutually authenticate the communicating parties.
  82. Which of the following is the most significant flaw in (PGP) authentication?




    B. A user must trust the public key that is received.
  83. Which port must be open to allow a user to login remotely onto a workstation?




    A. 3389

    Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which concerns providing a user with a graphical interface to another computer. By default the server listens on TCP port 3389.
  84. The Diffie-Hellman encryption algorithm relies on which of the following?




    C. Key exchange

    Diffie–Hellman key exchange (D–H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. It is a type of key exchange.
  85. Which item can easily create an unencrypted tunnel between two devices?




    D. L2TP

    L2TP is a tunneling protocol used to support VPNs. It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy.
  86. Which of the following encryption algorithms relies on the inability to factor large prime numbers?




    A. RSA
  87. Which of the following would be the most common method for attackers to spoof email?




    B. Open relays
  88. Which statement correctly describes the difference between a secure cipher and secure hash?




    C. A cipher can be reversed, a hash cannot

    Not necessarily true; if the key can be guessed or regenerated, the hash can be reversed in order to attempt a birthday attack.
  89. Recently, your company has implemented a work from home program. Employees should
    connect securely from home to the corporate network. Which encryption technology can
    be used to achieve this goal?




    A. IPSec

    Internet Protocol Security (IPsec) is a protocol suite for securing IP communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers), between a pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host.
  90. Which of the following defines PPTP:




    C. It supports encapsulation in a single point-to-point environment

    PPTP is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
  91. Which encryption algorithms can be used to encrypt and decrypt data?




    B. RC5

    In cryptography, RC5 is a block cipher notable for its simplicity. Designed by Ronald Rivest in 1994, RC stands for "Rivest Cipher", or alternatively, "Ron's Code" (compare RC2 and RC4). The Advanced Encryption Standard (AES) candidate RC6 was based on RC5.
  92. Which of the following would allow for secure key exchange over an unsecured network without a pre-shared key?




    C. DH-ECC

    Diffie–Hellman key exchange (D–H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. It is a type of key exchange.
  93. What will be implemented by a technician to mitigate the changes of a successful attack against the wireless network?




    D. Implement an authentication system and WPA
  94. Documentation describing a group of expected minimum behaviors is known as:




    A. a code of ethics
  95. The risks of social engineering can be decreased by implementing: (Select TWO)




    • C. security awareness training
    • d. identity verification methods
  96. Which of the following would be considered a detrimental effect of a virus hoax? (Select
    TWO).

    a. The email server capacity is consumed by message traffic.
    b. Technical support resources are consumed by increased user calls.
    c. Users are tricked into changing the system configuration.
    d. Users are at risk for identity theft.
    • b. Technical support resources are consumed by increased user calls
    • c. Users are tricked into changing the system configuration
  97. The main objective of risk management in an organization is to reduce risk to a level:




    C. the organization will accept
  98. Following a disaster, which of the following functions should be returned FIRST from
    the backup facility to the primary facility?




    C. Least critical functions

    After an outage, the primary site must be stress-tested before the mission critical functions of the organization can be transferred back to it.
  99. Which security measure should be used while implementing access control?




    A. Password complexity requirements
  100. Refer to the following statement, which one best describes a host-based system that
    provides access control?




    C. Personal software firewalls

    Port control is a form of access control
  101. It is possible to gather reconnaissance information from a printer resource via:




    B. SNMP
  102. Which of the following should be utilized by an administrator to avoid the use of
    stolen PKI certificates on web servers?




    A. CRL
  103. The Security Log is a log containing records of login/logout activity and/or other
    security-related events specified by the system's audit policy. Which of the following
    does not appear in a security log?




    B. false negative
  104. IPsec is a protocol suite for securing Internet Protocol IP communications by authenticating and encrypting each IP packet of a data stream.

    As an administrator, you want to deploy an IPSec VPN connection between two routers across a
    WAN. You have to make sure that the VPN is encrypted in the most secure fashion as possible as you can. What are the correct IPSec mode and the proper configuration?




    A. IPSec in tunnel mode, using both the ESP and AH protocols


    Authentication Header (AH) provides connectionless integrity and data origin authentication for IP datagrams and provides protection against replay attacks.

    Encapsulating Security Payload (ESP) provides confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.
  105. So as to facilitate communications in the office of a small call center business, an email
    system to is going to be installed. As part of the upgrade, the vendor offered to supply
    anti-malware software of $5,000 per year. However, if it is not adequately protected,
    there was a 90% chance each year that workstations would be compromised. Under that
    circumstance, it will take 30 staff three hours to restore services and the staff members in
    the call center are paid $90 per hour. What is the Annual Loss Expectancy (an IT risk
    assessment methodology)?




    C. $7,290

    • ALE = Repair Cost x failure expectancy rate
    • ALE = (30x3x$90) x .9
    • ALE = $8,100 x .9
    • ALE = $7,290
  106. A network intrusion detection system (NIDS) is an intrusion detection system that tries to
    detect malicious activity such as denial of service attacks, port scans or even attempts to
    crack into computers by monitoring network traffic. Which of the following is placed in
    promiscuous mode to allow that in line with the data flow?




    C. sensor

    In a network-based intrusion-detection system (NIDS), the sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. The sensor captures all network traffic and analyzes the content of individual packets for malicious traffic.
  107. Which one of the following is the most common logical access control method?




    D. username and password

    logical access control method refers to computers
  108. Which of the follwoing should be the first step to complete when deploying 50 new workstations on the network?




    C. Apply the baseline configuration
  109. In an unsecured network, which of the following allows for secure key exchange without a pre-shared key?




    D. DH-ECC
  110. Refer to the following options, which one is the best practice to mass deploy security
    configurations to a group of workstations?




    D. Security templates
  111. If a long term failure occurs, which of the following systems will could cause physical damage to a device?




    B. HVAC
  112. X.509 is an ITU-T standard for a PKI for SSO and Privilege Management Infrastructure (PMI).
    Which of the following is not an attribute of an x.509 certificate?




    A. The symmetric key of the owner

    fake...no such thing
  113. Which of the following definitions would be corret regarding Active Inception?




    D. Placing a computer system between the sender and receiver to capture information

    This is misspelled in the exam bank. The original question calls in Active "Inception".
  114. Which of the following does not provide a host active protection?




    C. HIDS

    Intrusion Detection just detects, it doesn't do anything active to prevent.
  115. Which of the following is an intrusion detection system which installs an application on
    every desktop in a company's network that monitors possible intrusions?




    B. HIDS

    Host-based, loaded on a computer, server or desktop. Not monitoring a network (NIDS). It's an IDS in the question, so those are the only two possible answers. Hardening is just wrong, and a firewall is not a "detector", it is active protection.
  116. Refer to the following algorithms, which one has the smallest key space?




    A. DES

    Smaller key space, typically lower level of encryption.
  117. Simple Network Management Protocol (SNMP) is used in network management systems
    to monitor network-attached devices for conditions that warrant administrative attention.
    It runs on port:




    A. 161
  118. Refer to the following malicious activities, which one is possible to leave traces in a
    Domain Name System log file?




    A. Poisoning
  119. A vulnerability scanner is a computer program designed to search for and map systems
    for weaknesses in an application, computer or network. Which of the following is not a
    limitation of a vulnerability scanner?




    A. It generates less network traffic than port scanning

    • Does not generate less...double negative...watch for that
    • Wouldn't really call that a limitation, either...generating more port traffic is not what I would consider a "limitation", more like an enhancement.
  120. To receive digitally signed and encrypted email messages from a remote office, which of the following protocols should be supported by the system?




    B. S/MIME

    S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data.
  121. Automated pay per print copiers and printers are available in a library. The problem is that
    an employee has been embezzling money from the coin boxes for years. Which of the
    following method will be helpful to detect this earlier?




    A. Improve employee auditing procedures
  122. The most common exploits of Internet-exposed network services are due to:




    A. buffer overflows
  123. Which of the following is a cryptographic protocol that provides security for
    communications over networks and is in wide-spread use in applications like web
    browsing, electronic mail?




    D. SSL
  124. Referring to the following options, which is the one that uses a key ring?




    A. PGP

    Referring to the key used, not an actual key ring...which could be an RSA token generator. The question is misspelled, should be keyring, not key ring. Ask the people who created it. duh.

    Keys are stored in encrypted form. PGP stores the keys in two files on your hard disk; one for public keys and one for private keys. These files are called keyrings.
  125. The Public Key Infrastructure (PKI) is an arrangement that binds public keys with
    respective user identities by means of a certificate authority. Which of the following is
    best associated with it?




    D. Digital signatures

    An alternative approach to the problem of public authentication of public key information is the web of trust scheme, which uses self-signed certificates and third party attestations of those certificates.
  126. When malware uses virtualization techniques, why is it more difficult to detect?




    B. The malware may be running at a more privileged level than the antivirus software
  127. Which of the following utilities allows better insight into the websites that employees are visiting?




    D. Proxy server
  128. The best practice auditing procedure is to:




    C. review user access and rights
  129. Which of the following is a list or register of discrete entities that are being provided a particular privilege, service, mobility, access or recognition and are known to be benign?




    C. Whitelist

    Whitelist good, Blacklist bad...why's it got to be black?
  130. What is the primary security risk with removable storage?




    C. Confidentiality

    Think: some stupid PFC in the Army stealing government secrets, putting it on a thumb drive, and then giving it to his fascist friends, enemies, and anybody else with an Internet connection. That introduces the risk of confidential data being lost.
  131. The best description about the difference between RADIUS and TACACS is that:




    D. TACACS encrypts client-server negotiation dialog
  132. If one of the following is disabled, which one will lower but not eliminate the risk of LAN jumping?




    B. DTP on all ports

    Disabling Dynamic Trunking Protocol on all ports allows the system administrator the option to enable trunking only on desired ports to fight attacks and more closely monitor system usage.
  133. A user would like to edit documents on a particular shared folder by accessing to a drive.
    What is the right of the user in accordance with the rule of least privilege?




    C. Read and write to a shared folder
  134. Refer to the following trust models, which one is applicable when a certificate becomes
    trusted by a group of trusted sources?




    C. Trusted introducer

    This is actually Web of Trust, which is the trust model. A Trusted Introducer is only a portion of the model, not a model in and of itself.

    From Wikipedia, "Web of Trust":

    "As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys."
  135. Refer to the following options, which one is the best practice to read system logs?




    B. Filter logs using software and focus on only those of importance
  136. Refer to the following methods, which one creates a secure test server for a programmer
    with the quickest speed?




    C. Create a virtual server on existing equipment.

    Not with the quickest speed, but the quickest way. Wording is terrible.
  137. Refer to the following options, which two should be taken into consideration when
    implementing logging controls on multiple systems?

    A. VLAN segment of the systems
    B. Systems clock synchronization
    C. Systems capacity and performance
    D. Network security zone of the systems
    • B. Systems clock synchronization
    • C. Systems capacity and performance

    Clock sync to match log times more easily, capacity and performance to log without bogging down the system and using up too much space.
  138. Risk assessment is the determination of quantitative or qualitative value of risk related to
    a concrete situation and a recognized threat. Which one of the following cannot be used
    to conduct risk assessments?

    A. security audits.
    B. penetration tests.
    C. vulnerability scans.
    D. disaster exercises
    d. Disaster exercises

    Doesn't apply to concrete situations for computer security
  139. A digital signature is a mathematical scheme for demonstrating the authenticity of a
    digital message or document, which is used for:




    A. Non-repudiation
  140. Which of the following is a kind of access control as a means of restricting access to
    objects based on the identity of subjects and/or groups to which they belong?




    C. Discretionay Access Control

    Discretionary access control (DAC) is a kind of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong".
  141. An attacker will upload various tools which are able to be used later under the
    circumstance that a system has been compromised. Where should the attacker hide these
    tools?




    C. Rootkit
  142. Devices attached to the same switch are possible to have separate broadcast domains via:




    A. VLAN

    By dividing switch ports into VLANs, separate broadcast domains are created. For example, if we have groups of users connected to Ethernet ports 1 through 24 on a switch, each group would be a member of the same broadcast domain. By configuring each switch port as a separate VLAN, we could divide the broadcast domains into 24 separate VLANS.

    From Techrepublic
  143. Refer to the following authentication methods, which one is most likely to prevent an
    attacker from being able to successfully deploy a replay attack?




    A. Kerberos

    Certificates are one-use only
  144. Which one of the following options overwrites the return address within a program to
    execute malicious code?




    B. Buffer overflow

    A technically inclined and malicious user may exploit stack-based buffer overflows to manipulate the program by overwriting the return address in a stack frame. Once the function returns, execution will resume at the return address as specified by the attacker, usually a user input filled buffer.
  145. What should be taken into serious consideration when executing a disaster recovery plan?




    D. Safety and welfare of personnel

    This is from way out of left field. Everything else on this test is directly related to computer security and neglects safety. By the time a disaster recovery plan is put into effect, personnel safety precautions are pretty much out the window. This is recovery, and company personnel do not take part in disaster recovery of people.
  146. When evaluating DNS logs, which three events would be taken into serious consideration?

    A. A zone transfer made to an unknown external system
    B. A denied zone transfer request from one of the secondary DNS servers
    C. A denied zone transfer request from an unknown system
    D. A zone transfer made to one of the internal secondary DNS servers
    a, b, and c

    The odd man out, D., is a normal function of your LAN or DMZ
  147. Network Access Control (NAC) is an approach to computer network security that
    attempts to unify endpoint security technology, user or system authentication and
    network security enforcement. Refer to the following NAC scanning types. Which one has
    the minimum intrusiveness to the client?




    A. Agentless

    Basically, takes up less space and requires less memory.
  148. What is the last step in secure disposal of magnetic media so as to protect the
    confidentiality of data?




    C. Verification

    C. is a method, not the last step in a process of disposal.
  149. All bank customers must enter a different and unique code to confirm every
    transaction so as to avoid transaction fraud. How is this most effectively accomplished?




    D. One-time password

    The key to this question is in the wording, different and unique.
  150. Which of the following options periodically authenticates a user or network host to an
    authenticating entity?




    A. CHAP
  151. What is the potential danger of using a vulnerability scanner?





    traffic
    A. The scan may result in instability on the targeted system.

    • A. not likely to have that happen coincidentally
    • B. Nope, not directed at a public network with responses to the scan
    • D. Not killing the network, just looking for holes that need plugged.
  152. So as to facilitate communications in the office of a small call center business, an email
    system to is going to be installed. As part of the upgrade, the vendor offered to supply
    anti-malware software of $5,000 per year. However, if it is not adequately protected,
    there was a 90% chance each year that workstations would be compromised. Under that
    circumstance, it will take 30 staff three hours to restore services and the staff members in
    the call center are paid $90 per hour. What is the expected net savings if we purchase the
    anti-malware software?
    b. $2,290

    • Expected Net Savings
    • ==============
    • (Staff x hours x per hour rate) x expected failure rate - software cost
    • (30 x 3 x $90) x .9 -$5,000
    • $8,100 x .9 -$5,000
    • $7,290 - $5,000
    • ==========
    • $2,290
  153. Refer to the following statements. Which one correctly describes the difference between
    identification and authentication of a user?

    A. Identification proves who the user is and authentication tells the user what they are
    allowed to do.
    B. Identification tells who the user is and authentication proves it.
    C. Identification proves who the user is and authentication is used to keep the users data
    secure.
    D. Identification tells who the user is and authentication tells whether the user is allowed
    to logon to a system.
    B. Identification tells who the user is and authentication proves it.
  154. In which place can a technician generate the key pairs with the use of an asymmetric key
    cryptography system?




    A. A certificate authority
  155. Refer to the following type of attacks. Which one sends out multiple MAC resolution requests so as to create a buffer overflow attack?




    C. ARP poisoning

    The principle of ARP spoofing is to send fake ARP messages to an Ethernet LAN. Generally, the aim is to associate the attacker's MAC address with the IP address of another node (such as the default gateway). Any traffic meant for that IP address would be mistakenly sent to the attacker instead. The attacker could then choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack). The attacker could also launch a denial-of-service attack against a victim by associating a nonexistent MAC address to the IP address of the victim's default gateway.
  156. Which choice is configured within a router?




    D. DMZ

    WITHIN the router
  157. A virtual private network (VPN) is a computer network in which the links between nodes
    are formed over logical connections or virtual circuits between hosts of a larger network.
    Which of the following description is correct about VPNs?




    D. Encapsulated packets are obfuscated
  158. For the following items, which is a security limitation of virtualization technology?




    A. If an attack occurs, it could potentialy disrupt multiple servers.
  159. Which of the following definitions BEST suit Java Applet?

    A. It is a programming language that allows access to system resources of the system
    running the script.
    B. The client browser must have the ability to run Java applets in a virtual machine on the
    client.
    C. It can also include a digital signature to verify authenticity.
    D. It allows customized controls, icons, and other features to increase the usability of web
    enabled systems.
    B. The client browser must have the ability to run Java applets in a virtual machine on the client.
  160. Tom is a network administrator of his company. He guesses that PCs on the internal
    network may be acting as zombies participating in external DDoS attacks. Which item
    will most effectively confirm the administrator's suspicions?




    A. Firewall logs
Author
tim.wenzel
ID
26656
Card Set
Security +
Description
CompTIA Security + SYO-201
Updated

  1. Home
  2. Flashcards
  3. Preview