COMPTIA Security +

What are the non-overlapping channels for 802.11g/n?

Channels 1, 6, and 11

Does the S/MIME protocol use certificates?

yes

Which two ports does FTP use?

ports 20 and 21

Which technique attempts to predict the likelihood that a threat will occur and assigns monetary values in the event a loss occurs?

quantitative risk analysis

Which IPSec mode is used to create a VPN between two gateways?

tunnel mode

What is the most likely cause of a single computer communicating with an unknown IRC server and scanning other systems on the network?

The computer is infected with a botnet.

What does the acronym IDS denote?

Intrusion Detection System

Which encryption method is more scalable?

Asymmetric Encryption

What is the purpose of DLP?

Data Loss Prevention (DLP) is a network system that monitors data on computers to ensure the data is not deleted or removed.

Which port number does NTP use?

port 123

Which backup method backs up every file on the server each time it is run?

A full backup

What is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?

missed detection or false negative

Which alternate computing facility is the least expensive to maintain before a disaster occurs?

a cold site

What are the three basic questions answered by the chain of custody?

who controlled the evidence, who secured the evidence, and who obtained the evidence

Which term refers to the assurance that data has not been altered in transmission?

data integrity

What is the purpose of Platform as a Service (PaaS) in cloud computing?

It provides not only a virtualized deployment platform but also a value-added solution stack and an application development platform.

What does the acronym FCoE denote?

Fibre Channel over Ethernet

At which OSI layer does IP Security (IPSec) operate?

the Network layer (Layer 3)

What is meant by the term hardening?

tightening control using security policies to increase system security

What do you use to control traffic from the Internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?

a firewall

According to CompTIA's Security+ examination blueprint, what are the four types of logs that you should monitor for mitigation and deterrence?

event logs, audit logs, security logs, and access logs

What are the two types of eye scans?

iris scans and retinal scans

What are alternate terms for cross-site request forgery (XSRF)?

session riding or one-click attack

What block cipher and key size (in bits) are used by the Clipper Chip?

The Skipjack block cipher and an 80-bit key length

Why is GPS tracking often disabled?

It is considered a security threat. As long as GPS tracking is enabled and the mobile device is powered on, the device (and possibly its user) can be located.

What is the name of the process for removing only the incriminating data from the audit logs?

scrubbing

What ensures that a user is who he claims to be?

identification

Which port number does SSH use?

port 22

On what does the Pretty Good Privacy (PGP) mail standard rely?

a web of trust

Which information do routers use to forward packets to their destinations?

the network address and subnet mask

Which account should you rename immediately after installing a new operating system (OS) to harden the OS?

the administrator account

Which error condition arises because data is not checked before input to ensure that it has an appropriate length?

buffer overflow errors

What is the component included with Windows Vista and higher operating systems that encrypts an entire volume with 128-bit encryption to prevent information from being read if the drive is lost or stolen?

BitLocker

What is the purpose of administrative controls?

to implement security policies based on procedures, standards, and guidelines

Which fire suppression method, formerly used to suppress fires involving electrical equipment or liquids, has been discontinued?

halon gas

On which standard is Lightweight Directory Access Protocol (LDAP) based

X.500

Which public-key algorithm was the first to allow two users to exchange a secret key over an insecure medium without any prior secret keys?

Diffie-Hellman

Which authentication protocol separates authentication and authorization: TACACS+ or RADIUS?

TACACS+

What was the first public-key algorithm ever used?

Diffie-Hellman

Which tool should you use to retrieve the contents of a GET request: a protocol analyzer or port scanner?

a protocol analyzer

Which type of controls is implemented to secure physical access to an object, such as a building, a room, or a computer?

a physical or operational control

Which protocol provides connectionless integrity, data origin authentication, replay protection, and confidentiality (encryption) using Authentication Header (AH) and Encapsulating Security Payload (ESP)?

Internet Protocol Security (IPSec)

What does the acronym MTTR denote?

mean time to repair

What is an entity that issues and manages certificates?

certification authority (CA)

According to CompTIA's Security+ examination blueprint, what are the three listed reporting techniques for mitigation and deterrence?

alarms, alerts, and trends

Which term is used when the amount of work that a computer has to do is divided between two or more computers so that more work is performed in the same amount of time?

load balancing

Which type of attack searches long lists of words for a particular language to match them to an encrypted password?

dictionary attack

What is spimming?

an instance of spam sent over an instant message application

What is a proxy server?

a server that caches and filters content

Which type of authentication combines two or more authentication methods, like something that a person knows (such as a password), something that a person owns (such as a smart card), and a characteristic about the person (such as a fingerprint)?

multi-factor authentication

Which services are usually provided by all-in-one security devices?

URL filtering, content inspection, and malware inspection

Which directory protocol does Directory-Enabled Networking (DEN) use?

Lightweight Directory Access Protocol (LDAP)

What is a honeypot?

a decoy system in your network installed to lure potential intruders away from legitimate systems

What is the term for a potential opening in network security that a hacker can exploit to attack a network?

a vulnerability

What is the most significant misuse of cookies?

misuse of personal data

Which setting ensures that repeated attempts to guess a user's password is not possible beyond the configured value?

account lockout

What is a smurf attack?

an attack where a ping request is sent to a broadcast network address with the aim of overwhelming the system

Is the Message Digest 5 (MD5) algorithm used with symmetric or asymmetric key algorithms?

asymmetric

What is the purpose of Infrastructure as a Service (IaaS) in cloud computing?

It provides computer and server infrastructure, typically through a virtualization environment.

What is war driving?

the act of discovering unprotected wireless network by driving around with a laptop

What does the acronym DAC denote?

discretionary access control

Which audit category will audit all instances of users exercising their rights?

the Audit Privilege Use audit category

Which intrusion detection system (IDS) watches for intrusions that match a known identity?

signature-based IDS

Which security protocol was designed as an interim solution to replace WEP without requiring the replacement of legacy hardware?

Temporal Key Integrity Protocol (TKIP)

What is the recommended action when the cost of the safeguard exceeds the amount of the potential loss for a given risk?

to accept the risk

What is a VPN concentrator?

a device that creates a virtual private network (VPN)

Does each VLAN create its own collision domain or its own broadcast domain?

broadcast domain

What is a warm site?

an alternate computing facility with telecommunications equipment but no computers

What does the acronym POP denote?

Post Office Protocol

Which type of cryptography relies more on physics, rather than mathematics, as a key aspect of its security model?

quantum cryptography

What is the main difference between an IDS and an IPS?

An IDS detects intrusions. An IPS prevents intrusions.

What is the term for an authorized access that a network-based intrusion detection system (NIDS) incorrectly detects as an attack?

false positive

What is another name for RAID 5?

disk striping with parity

What is the key size, in bits, of the Data Encryption Standard (DES)?

56

What is another name for RAID 0?

disk striping

What are the two advantages of single sign-on (SSO)?

convenience and centralized administration

Which type of virus can change its signature to avoid detection?

polymorphic

Which type of attack is characterized by an attacker who takes over the session of an already authenticated user?

hijacking

Which term refers to voice communication over a network?

telephony or Voice over IP (VoIP)

Which type of disaster recovery site provides very little fault tolerance for the primary data center and relies on backups to bring the data center back online?

cold site

Which protocol does the Enterprise mode of WPA and WPA2 use for authentication?

Extensible Authentication Protocol (EAP)

Which type of cipher encrypts data in fixed-size blocks?

block

What is the name for a hole in the security of an application deliberately left in place by a designer?

back door

What is most commonly used to provide proof of a message's origin?

a digital signature

What is the key length used by a one-time pad?

The key length is the same length as the message that is to be encrypted. The message length determines the key length.

Which audit category tracks all attempts to log on with a domain user account when enabled on domain controllers?

the Audit Account Logon Events audit category

Would a certification authority (CA) revoke a certificate if the certificate owner's public key were exposed?

no

What are four common service models of cloud computing?

Infrastructure as a service (IaaS), Monitoring as a service (MaaS), Platform as a service (PaaS), Software as a service (SaaS)

Who can change a resource's category in a mandatory access control environment?

administrators only

Which access control model is based on the data's owner implementing and administering access control?

Discretionary Access Control (DAC)

Which type of controls dictates how security policies are implemented to fulfill the company's security goals?

an administrative or management control

What is phishing?

when an e-mail request for confidential information that appears to originate from a bank or other trusted institution is received

What is Protected Extensible Authentication Protocol (PEAP)?

a protocol that encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel

What is incident management?

the activities of an organization to identify, analyze, and correct risks as they are identified

What is the purpose of anti-spam applications or filters?

to prevent unsolicited e-mail

What is the name for a fix that addresses a specific Windows system problem or set of problems?

hotfix

Where is information on cancelled certificates retained?

in the certificate revocation list (CRL)

What does the acronym RBAC denote?

role-based access control

What is a service level agreement (SLA)?

a contract between a network service provider and a customer that specifies the services the network service provider will furnish

Why is the location of an alternate site important?

You do not want it to be affected by the same disaster as your primary facility.

What is the default PPTP port?

TCP port 1723

Which port number does SNMP use?

UDP port 161

Which type of access control associates roles with each user?

role-based access control (RBAC)

Is the Data Encryption Standard (DES) algorithm asymmetric or symmetric?

symmetric

Which authentication protocol encrypts the entire packet (not just the password): TACACS+ or RADIUS?

TACACS+

Which Linux file contains encrypted user passwords that only the root user can read?

/etc/shadow

How is a digital signature created from a message digest?

It is encrypted using the sender's private key.

Which type of fire suppression system is the safest for both computer equipment and personnel: FM-200 or Carbon Dioxide?

FM-200

Which backup method serves as the baseline for a backup set?

the full backup

According to CompTIA, why should you disable the SSID broadcast of your wireless router?

to improve your network's security

What is whaling?

a special type of phishing that targets a single power user, such as a Chief Executive Officer (CEO)

Which type of connectivity provides a remote user the ability to safely connect to his or her corporate network while maintaining data confidentiality and integrity?

a virtual private network (VPN)

Which Application-layer protocol supports public-key encryption and key distribution centers (KDCs)?

Internet Key Management Protocol (IKMP)

Which authentication protocol uses tickets to authenticate users?

Kerberos

Which type of controls includes access control mechanisms, password management, identification methods, authentication methods, and security devices?

technical or logical controls

Which port number does LDAP use for communications encrypted using SSL/TLS?

port 636

What are the four types of personally identifiable information (PII)?

Personal characteristics - such as full name, date of birth, height, ethnicity, place of birth, mother's maiden name, and biometric characteristics
�A unique set of numbers assigned to an individual - such as government ID number, telephone number, driver

According to CompTIA's Security+ examination blueprint, what are the three listed controls to provide availability?

redundancy, fault tolerance, and patching

According to CompTIA's Security+ examination blueprint, what are the four listed controls to provide integrity?

hashing, digital signatures, certificates, and non-repudiation

Which type of access control is the multi-level security mechanism used by the Department of Defense (DoD)?

mandatory access control (MAC)

What are the steps in the business continuity planning process?

1. Develop the business continuity planning policy statement.
2. Conduct the business impact analysis (BIA).
3. Identify preventative controls.
4. Develop the recovery strategies.
5. Develop the contingency plans.
6. Test the plan, and train the users.
7.

What must you do for an effective security auditing policy, besides creating security logs?

analyze the logs

Which term refers to the loss potential of an asset for a single year?

annualized loss expectancy (ALE)

What is the purpose of hot and cold aisles?

to control airflow in the data center

Which audit category tracks access to all objects outside Active Directory?

the Audit Object Access audit category

What is the proper life cycle of evidence steps?

collection, analysis, storage, court presentation, and return to owner

What is the primary security advantage of using NAT?

Network Address Translation (NAT) hides internal IP addresses from the public network

What is the purpose of filters on a Web server?

They limit the traffic that is allowed through.

Why should a first responder be familiar with the incident response plan?

to ensure that the appropriate procedures are followed

What is the purpose of fuzz testing?

to identify bugs and security flaws within an application

What is the primary concern of RAID?

Redundant Array of Inexpensive Disks (RAID) is concerned with availability

Which term is used for an agreement that is signed by two partnering companies?

a business partners agreement (BPA)

What is the term for the method of determining which kinds of controls are needed to classify and protect a company's information assets?

risk assessment

Which type of attack sequentially generates every possible password and checks them all against a password file?

brute force attack

What is the purpose of screen locks on mobile devices?

to prevent users from accessing the mobile device until a password or other factor is entered

What is the best protection against cross-site scripting (XSS)?

Disable the running of scripts.

Which type of controls include developing policies and procedures, screening personnel, conducting security awareness training, and implementing change control?

administrative controls

On which standard are certificates based?

X.509

Which key is used to decrypt a digital signature: public or private?

public

What is the default L2TP port?

UDP port 1701

What is Fibre Channel?

a high-speed network technology (commonly running at 2-, 4-, 8- and 16-gigabit per second rates) that connects computer data storage

Which address is faked with IP spoofing attacks?

the source IP address

What is bluesnarfing?

the act of gaining unauthorized access to a device (and the network it is connected to) through its Bluetooth connection

What is another name for RAID 1?

disk mirroring

Is instant messaging vulnerable to packet sniffing?

yes

Which application hardening method requires that your organization periodically checks with the application vendor?

patch management

Are cameras and IDSs considered to be mitigation or prevention controls?

deterrence controls

Which type of eye scan is considered more intrusive than other eye scans?

retinal scan

Which port number does DHCP use?

port 67

What is the size, in bits, of a Message Digest version 5 (MD5) hash?

128

What is the purpose of a fail-safe error handler?

to ensure that the application stops working, reports the error, and closes down

What is Wireshark?

a protocol analyzer or packet sniffer

What are the two types of ciphers?

block and streaming

Which attack uses clients, handles, agents, and targets?

a distributed denial of service (DDoS) attack

What is the name for the process of tracking user activities by recording selected events in the server activity logs?

auditing

Which password attack does an account lockout policy protect against?

a brute force attack

What is the purpose of dumpster diving?

to discover confidential information, such as user passwords

What is a Trojan horse?

malware that is disguised as a useful utility, but is embedded with a malicious code to infect computer systems

Which alternate computing facility takes the least amount of time to become operational?

a hot site

What does the acronym MTBF denote?

mean time before failure

Which type of attack is characterized by an attacker who situates himself or herself in such a way that he or she can intercept all traffic between two hosts?

man-in-the-middle

Which security-server application and protocol implements authentication and authorization of users from a central server over TCP?

Terminal Access Controller Access Control System Plus (TACACS+)

What is an IV attack?

cracking the WEP secret key using the initialization vector (IV)

How many TCP/UDP ports are vulnerable to malicious attacks?

65,536

Which attack requires that the hacker compromise as many computers as possible to initiate the attack?

a distributed denial of service (DDoS) attack

Which document lists the steps to take in case of a disaster to your main IT site?

disaster recovery plan (DRP)

If Alice wants to encrypt a message using asymmetric encryption that only Bob can read, which key must she use?

Bob's public key

Which algorithms are asymmetric key algorithms?

Rivest, Shamir, and Adleman (RSA), elliptic curve cryptosystem (ECC), Diffie-Hellman, El Gamal, Digital Signature Algorithm (DSA), and Knapsack

What is the purpose of technical controls?

to restrict access to objects and protect availability, confidentiality, and integrity

Is the RC2 algorithm symmetric or asymmetric?

symmetric

Why should you periodically test an alternate site?

to ensure continued compatibility and recoverability

Is a DHCP server normally placed inside a DMZ?

no

Which type of code performs malicious acts only when a certain set of conditions occurs?

a logic bomb

What does the acronym PKI denote?

public key infrastructure

What portion(s) of the IP packet are encrypted in IPSec tunnel mode?

both the header and the payload

Which port number is used by SMB?

TCP port 445

How do you ensure that data is removed from a mobile device that has been stolen?

Use a remote wipe or remote sanitation program.

What is a malicious insider?

an employee who uses his access to the network and facility to obtain confidential information

Encrypting all files on a system hardens which major component of a server?

the file system

If a user needs administrative-level access, how many user accounts should be issued to the user?

two - one for normal tasks, one for administrative-level tasks

Which firewall port should you enable to allow IMAP4 traffic to flow through the firewall?

TCP port 143

Which port number does LDAP use when communications are NOT secured using SSL/TLS?

port 389

Which assessment examines physical and electronic information handling issues to determine whether security weaknesses exist?

an organizational risk assessment

Where should you physically store mobile devices to prevent theft?

in a locked cabinet or safe

What is the name for the framework for key exchange management?

Internet Security Association and Key Management Protocol (ISAKMP)

What are the three main protocols that can be used for wireless networks?

Wired Equivalent Privacy (WEP), WiFi Protected Access version 1 (WPAv1), WPA version 2 (WPAv2)

Which two fire suppression agents are used to suppress fires involving paper and wooden furniture?

water or soda acid

Which technology enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic, while hiding internal addresses or address space?

Network Address Translation (NAT)

Which policy defines the technical means that are used to protect data on a network?

security policy

Which type of IDS detects malicious packets on a network?

network intrusion detection system (NIDS)

What is the greatest security risk of instant messaging?

impersonation

What is the definition of maximum tolerable downtime (MTD)?

the maximum amount of time a business can tolerate a system remaining non-functional

Which category of IDS might increase logging activities, disable a service, or close a port as a response to a detected security breach?

active detection

Which access control model has the lowest cost?

role-based access control (RBAC)

Which port number does DNS use?

port 53

What is the purpose of NAC?

Network Access Control (NAC) ensures that the computer on the network meets an organization's security policies.

Why should you install a software firewall and the latest software patches and hotfixes on your computer?

to reduce security risks

What is a file considered in a mandatory access control environment?

an object

What does the acronym RADIUS denote?

Remote Authentication Dial-In User Service

What is the name for the array where hashed items are kept?

hash table

Which type of brute-force attack attempts to find any two hashed messages that have the same value?

a birthday attack

What is steganography?

a cryptography method in which data is hidden in another media type

Which port should you block at your network firewall to prevent Telnet access?

port 23

What is the purpose of Software as a Service (SaaS) in cloud computing?

It ensures on-demand, online access to an application suite without the need for local installation.

What bit length is the hash value provided by the Message Digest 2, (MD2), MD4, and MD5 algorithms?

128-bit

Which standard is a specification for secure e-mail, designed to prevent the decryption of e-mail messages?

Secure Multipurpose Internet Mail Extension (S/MIME)

What is the most secure implementation of File Transfer Protocol (FTP)?

Secure File Transfer Protocol (SFTP)

What are you trying to determine if you implement audit trails to ensure that users are not performing unauthorized functions?

accountability

What does the acronym HIDS denote?

host-based intrusion detection system

Which encryption method is faster?

symmetric encryption

According to CompTIA's Security+ examination blueprint, what are the seven listed methods for protecting static environments?

network segmentation, security layers, application firewalls, manual updates, firmware version control, wrappers, and control redundancy and diversity

What does the acronym TACACS denote?

Terminal Access Controller Access Control System

What is another name for public-key encryption?

asymmetric encryption

Which component of a computer use policy indicates that data stored on a company computer is not guaranteed to remain confidential?

a no expectation of privacy policy

What is the default automated key-management protocol for IPSec?

Internet Key Exchange (IKE)

What bit length is the hash value provided by the Secure Hash Algorithm (SHA)?

160-bit

Which authentication protocol incorporates the use of a random value, an ID, and a predefined secret that are concatenated, hashed, and used with a three-way handshake?

Challenge Handshake Authentication Protocol (CHAP)

Which port number is used by TFTP?

UDP port 69

What is the purpose of application hardening?

It ensures that an application is secure and unnecessary services are disabled.

Which authentication protocol is an open standard: TACACS+ or RADIUS?

RADIUS

What is key escrow?

when you maintain a secured copy of a user's private to ensure that you can recover the lost key

Is International Data Encryption Algorithm (IDEA) symmetric or asymmetric?

symmetric

Which function does a single sign-on (SSO) system provide?

It allows a user to present authentication credentials once and gain access to all computers within the SSO system.

What is spear phishing?

an e-mail request for confidential information that appears to come from your supervisor

Which port is used for LDAP authentication?

port 389

What defines the way in which a certification authority (CA) implements the creation of certificates?

the certificate practice statement

Which type of controls work to protect system access, network architecture and access, control zones, auditing, and encryption and protocols?

technical controls

Which key should be encrypted and protected with a password when stored: a public key or a private key?

a private key

Which two modes does IP Security (IPSec) provide to ensure confidentiality?

tunnel mode and transport mode

What is pharming?

traffic redirection to a Web site that looks identical to the intended Web site

What is the primary goal of business continuity planning?

to maintain the organization

In which type of attack is a user connected to a different Web server than the one intended by the user?

hyperlink spoofing attack

Which Internet protocol based on X.500 is used to access the data stored in a network directory?

Lightweight Directory Access Protocol (LDAP)

Is the Triple-DES (3DES) algorithm symmetric or asymmetric?

symmetric

What is the act of gaining unauthorized access to a facility by using another user's access credentials?

piggybacking or tailgating

What is the formula for determining ALE?

annualized loss expectancy (ALE) = single loss expectancy (SLE) x annualized rate of occurrence (ARO)

According to CompTIA's Security+ examination blueprint, what are the four hardening techniques for mitigation and deterrence?

Disable unnecessary services.
�Protect management interfaces and applications.
�Protect passwords.
�Disable unnecessary accounts.

Is the RSA algorithm symmetric or asymmetric?

asymmetric

What is the purpose of BitLocker To Go?

to ensure that USB flash drives issued by your organization are protected by encryption

Which protocol is used by network devices to transmit error messages?

Internet Control Message Protocol (ICMP)

Between which two OSI layers does Secure Sockets Layer (SSL) operate?

between the OSI Transport and Application layers (Layer 4 to Layer 7)

What is the name of the security process that involves recognition, verification, classification, containment, and analysis?

an incident response

What is an Internet Protocol (IP)-based storage networking standard for linking data storage facilities?

Internet Small Computer System Interface (iSCSI)

According to CompTIA's Security+ examination blueprint, what are the four listed network security techniques for mitigation and deterrence?

MAC limiting and filtering, 802.1x, disabling unused interfaces and unused application service ports, and rogue machine detection

Which port number is used by SSL, FTPS, and HTTPS?

TCP port 443

What is the purpose of SCADA?

To collect data from factories, plants, or other remote locations, and send the data to a central computer that manages and controls the data

Which protocol is the combination of PPTP and Cisco's Layer 2 Forwarding (L2F) technology?

Layer 2 Tunneling Protocol (L2TP)

Which program relies on understanding the corporate environment during its development?

security awareness program

What is the best method to preserve evidence on a computer: bit stream backup or standard backup?

bit stream backup

Which type of key management does Encryption File System (EFS) use: centralized or decentralized?

decentralized

Is the Skipjack algorithm symmetric or asymmetric?

symmetric

Which backup method backs up every file modified on the server since the last full backup, and resets the archive bit?

an incremental backup

According to CompTIA's Security+ examination blueprint, what are the three listed controls to provide confidentiality?

encryption, access controls, and steganography

What is a pop-up?

a Web site that opens in the foreground of the current browser window

Which setting ensures that accounts are not used beyond a certain date and/or time?

account expiration

Which assessment examines network resources and information to determine the probability of a successful attack by a hacker?

a network risk assessment

What is a flaw, loophole, or weakness in the system, software, or hardware?

a vulnerability

Scanning fingerprints is an example of which authentication technique?

biometrics

What is another term used for layered security?

defense in depth

Does Pretty Good Privacy (PGP) provide confidentiality?

yes

Which implementation of the File Transfer Protocol (FTP) provides the least security?

Trivial File Transfer Protocol (TFTP)

Which security concept ensures that data is protected from being accessed by unauthorized persons?

confidentiality

Which private-key encryption algorithm does Pretty Good Privacy (PGP) use to encrypt data?

International Data Encryption Algorithm (IDEA)

Which type of attack intercepts an established TCP session?

TCP hijacking or session hijacking

Which audit category monitors changes to user accounts and groups?

the Audit Account Management audit category

Which malicious software infects a system without relying upon other applications for its execution?

a worm

Which term is used for an agreement between two or more parties where the parties cannot create a legally enforceable agreement?

memorandum of understanding (MoU)

What does the acronym CHAP denote?

Challenge Handshake Authentication Protocol

What is the purpose of physical controls?

to work with administrative and technical controls to enforce physical access control

What is an XML injection?

when a user enters values in an XML query that takes advantage of security loopholes

What is a good solution if you need to separate two departments into separate networks?

VLAN segregation

Which cryptography technique is based on a combination of two keys: a secret (private) key and a public key?

public-key cryptography

Which port number is used by SSH, SCP, and SFTP?

port 22

What is an IP spoofing attack?

an attack in which the source IP address in an IP datagram is modified to imitate the IP address of a packet originating from an authorized source

What is the purpose of a spam filter?

to identify and block unwanted messages

Which type of attack does Challenge Handshake Authentication Protocol (CHAP) protect against?

replay

Which type of access control was originally developed for military use?

mandatory access control (MAC)

What is the purpose of a bollard?

A bollard is a physical security control that prevents cars from accessing certain areas. They are most often deployed in front of retail storefronts.

What is the top-most level of the LDAP hierarchy?

root

Who has the responsibility for configuring access rights in discretionary access control (DAC)?

the data owner or data custodian

What is the first step in a business impact analysis?

to identify all of the organization's business units

What does the acronym SMTP denote?

Simple Mail Transfer Protocol

What are flood guards?

devices that protect against Denial of Service (DoS) attacks

Should virtual servers have the same information security requirements as physical servers?

Yes

What is a command injection?

When an operating system command is submitted in an HTML string

Which algorithms are symmetric key algorithms?

Data Encryption Standard (DES), Triple DES (3DES), Blowfish, IDEA, RC4, RC5, RC6, and Advanced Encryption Standard (AES)

Which security device requires physical possession and has passwords that can only be used once?

a token

Which authentication protocol uses UDP: TACACS+ or RADIUS?

RADIUS

What is the purpose of input validation?

to ensure that data being entered into a database follows certain parameters

Which error occurs when the length of the input data is more than the length that processor buffers can handle?

buffer overflow

What is a phishing attack?

an attack where a user is sent an e-mail that appears to come from a valid entity asking for personally identifiable information (PII)

Which access control model requires assigning security clearance levels to users, such as secret, top-secret, and confidential?

mandatory access control (MAC)

Are instant messages typically encrypted?

no

Which type of key management does Secure Multipurpose Internet Mail Extensions (S/MIME) use: centralized or decentralized?

centralized

What is Microsoft Baseline Security Analyzer?

Microsoft application that creates security reports

What is the purpose of a mantrap?

to prevent people from piggybacking on the credentials of legitimate personnel to gain entry to your building

According to CompTIA's Security+ examination blueprint, what are the seven listed static environments that you need to know how to protect?

SCADA, embedded (printer, smart TV, HVAC control), Android, iOS, mainframes, game consoles, and in-vehicle computing systems

Which document should never be stored in a public area: acceptable use policy or system architecture diagram?

system architecture diagram

Which firewall port should you enable to allow POP3 traffic to flow through the firewall?

TCP port 110

Which type of attack runs code within another process's address space by making it load a dynamic link library?

a DLL injection attack

Which principle ensures that users are given the most restrictive user rights to complete their authorized job duties?

the principle of least privilege

What is the purpose of RADIUS?

Remote Access Dial-In User Service (RADIUS) enables remote access users to log on to a network through a shared authentication database.

What is Nessus?

a network vulnerability scanner

Which protocol will provide loop protection?

spanning tree protocol

What is the name for a small piece of information that is saved on a client machine on the hard disk to enable tracking of user information on future Web visits?

a cookie

What is the purpose of audit logs?

to document actions taken on a computer network and the party responsible for those actions

Which attack is an extension of the denial-of-service (DoS) attack and uses multiple computers?

a distributed DoS (DDoS) attack

Which type of attack involves flooding a recipient e-mail address with identical e-mails?

a spamming attack

What is the difference between TPM and HSM chips?

Trusted Platform Module (TPM) chips are part of the motherboard. Hardware Security Module (HSM) chips are part of a PCI card that is mounted in a slot on the motherboard.

What are the non-overlapping channels for 802.11b?

Channels 1, 6, 11, and 14

Which standard developed by RSA offers encryption of e-mail messages and authentication of received e-mail using digital signatures?

S/MIME

What are the two most important security needs that are met using Secure Multipurpose Internet Mail Extensions (S/MIME)?

authentication and confidentiality

When should you install a software patch on a production server?

after the patch has been tested

What is the name for the list of locations where software can check to see whether a user's certificate has been revoked?

CRL Distribution Point (CDP)

What does the acronym SCADA denote?

Supervisory control and data acquisition

What is Lightweight Extensible Authentication Protocol (LEAP)?

a proprietary wireless LAN authentication method developed by Cisco Systems

What does the acronym MAC denote?

mandatory access control

Which risk response strategy does not implement any countermeasures, but allows risks to remain?

acceptance

Which PKI object do you use to verify that a user sending a message is who he or she claims to be?

a digital certificate

Who is responsible for most security incidents in an organization?

employees

Which two protocols provide encryption for HTTP/S?

Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

Which wireless mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients?

isolation mode

Which log in Event Viewer should you open to view events that are generated based on your auditing settings?

the Security log

Which devices can limit the effectiveness of sniffing attacks: switches or routers?

switches

Which certification authority (CA) has the highest level of trust in a trust hierarchy?

root CA

Which protocol provides real-time, online revocation information about certificates?

Online Certificate Status Protocol (OCSP)

Which two security protocols does IP Security (IPSec) use?

Authentication Header (AH) and Encapsulating Security Payload (ESP)

What is a pop-under?

Web site that opens in the background of the current browser window

What is the process by which a system determines that a specific user is authorized to perform certain functions?

authorization

What should you identify about a user before implementing the principle of least privilege?

the user's job functions

What is the safest method for creating and managing key pairs: centralized or de-centralized key management?

centralized key management

What is cross-site request forgery (XSRF)?

unauthorized commands coming from a trusted user to a user or Web site, usually through social networking

What is the most common type of system used to detect intrusions into a computer network?

network intrusion detection system (NIDS)

What are the two major types of intrusion detection systems (IDS)?

network IDS (NIDS) and host IDS (HIDS)

Is Advanced Encryption Standard (AES) symmetric or asymmetric?

symmetric

Which type of attack is characterized by an attacker who records an encrypted transmission between a client and a server computer so that he or she can then send it to the server to gain access?

a replay attack

What are the four types of water sprinklers?

wet pipe, dry pipe, preaction, and deluge

What is the purpose of load balancing?

to distribute the workload across multiple devices

Which technique is used to prevent network bridging?

network separation

Are guards and IPSs considered to be mitigation or prevention controls?

prevention controls

What is fault generation?

a smart card attack that allows a hacker to uncover the encryption key using reverse engineering

What are two other names for single-key cryptography?

symmetric key encryption and secret-key encryption

Which type of IDS or IPS uses an initial database of known attack types but dynamically alters their signatures base on learned behavior?

heuristic

Which servers are susceptible to the same type of attacks as their hosts, including denial-of-service attacks, detection attacks, and escape attacks?

virtual servers

What does the acronym NIDS denote?

network-based intrusion detection system

Which encryption algorithm uses an 80-bit key to encrypt 64-bit blocks of data?

Skipjack

What is the name of the group of people appointed to respond to security incidents?

incident response team

Which self-replicating computer program sends copies of itself to other devices on the network?

a worm

What is the opposite of confidentiality?

disclosure

Upon which report does the business continuity plan depend most?

Business Impact Analysis (BIA)

What does the acronym ACL denote?

access control list

What is the name for a hash algorithm that translates plaintext into an intermediate form?

a cipher

Would a certification authority (CA) revoke a certificate if the certificate owner's private key were exposed?

yes

Which three security features do digital certificates provide?

authentication, data integrity, non-repudiation

What is a baseline?

the minimum level of security and performance of a system in an organization

What is bluejacking?

an attack that sends unsolicited messages over a Bluetooth connection

In asymmetric encryption for a digital signature, which key is used for encryption: public or private?

public

Which security-server application and protocol implement authentication of users from a central server over UDP?

Remote Authentication Dial-In User Service (RADIUS)

Which assessment determines whether network security is properly configured to rebuff hacker attacks?

a penetration test

Which type of attack can turn a switch into a hub?

MAC flooding

What does PKCS stand for?

Public-Key Cryptography Standard

Which fingerprint scan will analyze fingerprint ridge direction?

minutiae matching

Which type of controls includes controlling access to different parts of a building, implementing locking systems, installing fencing, implementing environmental controls, and protecting the facility perimeter?

physical controls

Which setting ensures that users periodically change their account passwords?

password expiration

When should an administrative account be used?

when performing administrative-level tasks

Which port number does NNTP use?

TCP port 119

What are the two modes of WPA and WPA2?

Personal (also called Preshared Key or WPA-PSK / WPA2-PSK) and Enterprise

What is the name of the top-most level certification authority (CA)?

root authority or root CA

What is the name of the area that connects to a firewall and offers services to untrusted networks?

demilitarized zone (DMZ)

What is risk deterrence?

any action that you take to prevent a risk from occurring

What defines the allowed uses for a certificate issued by a certification authority (CA)?

the certificate policy

Which type of risk analysis is based on the expert judgment and intuition of members of an organization?

qualitative risk analysis

When evidence is seized, which principle should be emphasized?

chain of custody

What is a trusted OS?

An operating system that provides support for multilevel security

Which security protocol is best used for connection-oriented systems such as an intranet?

Secure Sockets Layer/Transport Layer Security (SSL/TLS)

In which situation will you accept a risk?

when the cost of the safeguard exceeds the amount of the potential loss

Which type of attack enables an intruder to capture and modify data traffic by rerouting the traffic from a network device to the intruder's computer?

network address hijacking

What are the three issues that symmetric data encryption fails to address?

data integrity, repudiation, scalable key distribution

What occurs when a user provides a password or proof of identity to a system?

authentication

Which wireless protocol provides the best security: WEP, WAP, WPA, or WPA2?

Wi-Fi Protected Access IIversion 2 (WPA2) with CCMP

What does the subject field in an X.509 v3 certificate contain?

the name of the certificate owner

Which two chips are used to implement hardware-based encryption?

Trusted Platform Module (TPM) and Hardware Security Module (HSM) chips

Which risk response strategy involves modifying the security plan to eliminate the risk or its impact?

avoidance

What is a honeynet?

when two or more honeypots are implemented on a network

If the user is NOT prompted for credentials when connected to a Network Access Control (NAC) server, what is the user's computer missing?

the authentication agent

What is an Xmas attack?

an attack that looks for open ports

Which method of gaining access to controlled-access areas is usually thwarted using turnstiles, double-door systems, and security guards?

piggybacking or tailgating

Which security standard is an enhanced version of Secure Sockets Layer (SSL)?

Transport Layer Security (TLS)

What can you do to ensure that staff understands which data they are handling?

proper labeling

What is the name for a collection of hotfixes that have been combined into a single patch?

a service pack

Which eye scan measures the pattern of blood vessels at the back of the eye?

retinal scan

What is a replay attack?

an attack where an intruder records the communication between a user and a server, and later plays the recorded information back to impersonate the user

According to CompTIA's Security+ examination blueprint, what are the eight listed controls to provide safety?

fencing, lighting, locks, CCTV, escape plans, drills, escape routes, and testing controls

Which type of virus attempts to hide from antivirus software and from the operating system by remaining in memory?

stealth

Which access control model uses security labels for each resource?

mandatory access control (MAC)

What does the acronym CA denote?

certification authority

Which term is used to describe a product that provides network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting?

unified threat management (UTM)

What does the acronym L2TP denote?

Layer 2 Tunneling Protocol

Which IPSec mode is used mostly in host-to-host communications?

transport mode

What does the acronym DDoS denote?

Distributed Denial of Service

Which port number is used by Microsoft SQL Server?

TCP port 1433

Which type of attack do privacy screens protect against?

shoulder surfing

What would a certification authority (CA) do if a private key associated with a certificate had been compromised?

revoke the certificate

What is the purpose of content inspection?

to search for malicious code or behavior

Why is it important to limit the use of flash drives and portable music devices by organization employees?

to prevent users from copying data to their personnel devices and possibly causing data leakage or from transferring malware to corporate computers

What is the purpose of secure code review?

It examines all written code for any security holes that may exist.

Which element of the CIA triad ensures that data transferred is not altered?

integrity

Which port numbers are used by NetBIOS?

ports 137-139

What is the purpose of a sandbox in a Java applet?

It prevents Java applets from accessing unauthorized areas on a user's computer.

What does the acronym IPSec denote?

Internet Protocol Security

What occurs during white-box testing?

A security firm is provided with a production-like test environment, login details, production documentation, and source code.

Regarding mean time before failure (MTBF) and mean time to repair (MTTR) as they relate to system reliability, which metrics are desirable?

a high MTBF and a low MTTR

Why is password disclosure a significant security issue in a single sign-on network?

it could compromise the entire system because authentication grants access to ANY systems on the network to which the actual user may have permission.

Which key is included in an X.509 v3 certificate?

the certificate owner's public key

Which policy should be reviewed by the security administrator to determine what data is allowed to be collected from users of the corporate Internet-facing Web application?

a company's privacy policy

What is the most important biometric system characteristic?

accuracy

Which team is responsible for restoring critical business functions at an alternate site in the event of disruption?

the recovery team

Which risk response strategy involves reducing the probability or impact of a risk to an acceptable risk threshold?

mitigation

What is the term for a device that acts as a concentrator for a wireless LAN?

wireless access point (WAP)

What is another term for logical controls?

technical controls

What is the term for a server that has been configured specifically to distract an attacker from production systems?

honeypot

What is a zero-day exploit?

an attack that exploits a security vulnerability on the day the vulnerability becomes generally known

Using role-based access control (RBAC), which entities are assigned roles?

users or subjects

Which product uses public and private keys to digitally sign e-mail messages and files?

Pretty Good Privacy (PGP)

Which TCP port number does Secure Sockets Layer (SSL) use?

port 443

What is vishing?

a special type of phishing that uses Voice over IP (VoIP)

Which type of attack on a cryptographic algorithm uses brute force methods to encrypt text strings until the output matches the ciphertext?

a mathematical attack

What is the primary concern of the BIA?

Business impact analysis (BIA) identifies all business resources that could be lost

According to the Security+ exam guide from CompTIA, what are the four steps in a vulnerability test?

Passively test security controls.
�Identify vulnerabilities.
�Identify lack of security controls.
�Identify common misconfigurations.

What is the name for the data structure that maintains a list of certificates that have been revoked before their expiration date?

a certificate revocation list (CRL)

What are the two components of the Kerberos Key Distribution Center?

authentication server (AS) and ticket-granting server (TGS)

What is an evil twin?

an access point with the same SSID as the legitimate access point

What is a cookie?

a Web client test file that stores persistent settings for a Web server

What is the name for an encryption key that can be easily reverse-engineered from the encrypted data by brute force methods?

weak key

What is war chalking?

leaving signals about a wireless network on the outside of the building where it is housed

Which type of IDS detects attacks on individual devices?

host intrusion detection system (HIDS)

Which Ethernet standard uses a wireless access point with a Remote Authentication Dial-In User Service (RADIUS) server to authenticate wireless users?

802.1x

Using role-based access control (RBAC), which entities are assigned roles?

users or subjects

Can an expired digital certificate be renewed?

No

Which application or services uses TCP/UDP port 3389?

Remote Desktop Protocol (RDP)

Which type of attack allows an attacker to redirect Internet traffic by setting up a fake DNS server to answer client requests?

DNS spoofing

Which assessment examines whether network security practices follow a company's security policy?

an audit

Which three security features does Authentication Header (AH) provide?

integrity, authentication, and anti-replay service

What is the purpose of MAC filtering?

to restrict the clients that can access a wireless network

What is the default rule found in a firewall's access control list (ACL)?

Deny All

According to CompTIA's Security+ examination blueprint, what are the three listed security posture techniques for mitigation and deterrence?

initial baseline configuration, continuous security monitoring, and remediation

What is an attempt by someone to get one or more users to believe that a specific computer virus exists?

a hoax

Which risk response strategy involves purchasing insurance to protect the organization should the risk occur?

transference

What is header manipulation?

when a hacker is able to manipulate a packet header to deface, hijack, or poison the packet

What is the purpose of a file's MD5 hash value?

to verify file integrity

What is the primary function of LDAP?

Lightweight Directory Access Protocol (LDAP) controls client access to directories

Certificate enrollment procedures typically require a user to provide proof of identify and which other item to a certification authority (CA)?

public key

Which Kerberos component holds all users' and services' cryptographic keys and generates tickets?

Key Distribution Center (KDC)

What is a Web security gateway?

a device that filters Web content

Do certificates provide encryption?

no

What is the purpose of GPS tracking on a mobile device?

It allows a mobile device to be located.

What portion(s) of the IP packet are encrypted in IPSec transport mode?

the payload

In which location should all changes made to your organization's network and computers be listed?

in the change management system

Which security protocol is the standard encryption protocol for use with the WPA2 standard?

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (often abbreviated CCMP)

Which type of system identifies suspicious patterns that may indicate a network or system attack?

intrusion detection system (IDS)

What does the acronym KDC denote?

key distribution center

Which type of authentication is accomplished by authenticating both the client and server sides of a connection through the encrypted exchange of credentials?

mutual authentication

What should you do to ensure that a wireless access point signal does not extend beyond its needed range?

Reduce the power levels.

What is a hot site?

an alternate computing facility with telecommunications equipment and computers

What is the main difference between virtualization and cloud computing?

the location and ownership of the physical components

What is the purpose of embedding a timestamp within ciphertext?

It will decrease the chance of the message being replayed.

Why should the proper chain of custody be ensured?

so that evidence will be admissible in court

Which firewall port should you enable to allow SMTP traffic to flow through the firewall?

port 25

What is the primary purpose of Tripwire?

to monitor the baseline configuration of a system and the changes made to it

Which hashing algorithm produces a message digest of 160 bits in length?

Secure Hash Algorithm (SHA-1)

What are the four types of cloud computing based on management type?

public, private, hybrid, and community

In a secure network, what should be the default permission position?

implicit deny

Which type of cryptography is more secure: symmetric or asymmetric?

asymmetric

Which security control is lost when using cloud computing?

physical control of the data

When does fuzzing occur?

when unexpected values are provided as input to an application in an effort to make the application crash

Which policy forces all users to organize their work areas to reduce the risk of data theft?

a clean desk policy

Which security measure prevents fraud by reducing the chances of collusion?

separation of duties

What is the length of an IDEA key?

128 bits

What is a cold site?

an alternate computing facility with no telecommunications equipment or computers

Which virus creates many variants by modifying its code to deceive antivirus scanners?

a polymorphic virus

What occurs during grey-box testing?

Security professionals with limited inside knowledge of the network attempt to hack into the network.

Which type of malware appears to perform a valuable function, but actually performs malicious acts?

a Trojan horse

To provide checks and balances and to prevent one person from gaining too much power over a system, which type of security policy should you implement?

separation of duties

What is the purpose of MAC?

Message Authentication Cod helps protect against fraud in electronic fund transfers

Which Layer 3 device allows different logical networks to communicate?

router

What is the purpose of mobile device encryption?

to ensure that the contents of he mobile device are confidential

Which port number does HTTP use?

port 80

What is the term for the process that applies one-way communication function called a mesaage digest to an arbitrary amount of data?

hashing

Which type of access control is most suitable or top-secret information?

Mandatory access control (MAC)

What is microphobing?

an intrusive smart card attack in which the card is physically manipulated until the ROM chip can be accessed.