SEC 110 final (300 questions) – Flashcards
Unlock all answers in this set
Unlock answersquestion
(T/F) The first step in a vulnerability assessment is to determine the assets that need to be protected.
answer
True
question
What may be defined as the components required to identify, analyze, and contain an incident?
answer
Incident response
question
The IEEE 802.15.1-2005 standard is based on what version of the Bluetooth specifications?
answer
Bluetooth v1.2
question
(T/F) Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.
answer
False
question
What type of system security malware allows for access to a computer, program, or service without authorization?
answer
Backdoor
question
What is the most common type of P2P network?
answer
Bittorrent
question
(T/F) A due process policy is a policy that defines the actions users may perform while accessing systems and networking equipment.
answer
False
question
What layer of the OSI model is responsible for permitting two parties on a network to hold ongoing communications across the network?
answer
Session
question
(T/F) Because of the weaknesses of WEP, it is possible for an attacker to identify two packets derived from the same IV.
answer
True
question
(T/F) Because of how a rootkit replaces operating system files, it can be difficult to remove a rootkit from a system.
answer
True
question
What can be enabled to prevent a mobile device from being used until a user enters the correct passcode, such as a pin or password?
answer
Enable a lock screen
question
(T/F) TCP/IP uses its own five-layer architecture that includes Network Interface, Internet, Control, Transport, and Application.
answer
False
question
What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs?
answer
bridge trust
question
Script kiddies acquire which item below from other attackers to easily craft an attack:
answer
Exploit kit
question
Data that is in an unencrypted form is referred to as which of the following?
answer
Cleartext
question
The simplest type of stream cipher, one in which one letter or character is exchanged for another, is known as what?
answer
substitution
question
An early networking device that functioned at layer 1 of the OSI model and added devices to a single segment is known as which of the following choices?
answer
hub
question
What is another term used for a security weakness?
answer
vulnerability
question
What kind of networking device forwards packets across different computer networks by reading destination addresses?
answer
router
question
Which of the following is not a component of an IP packet that a firewall rule can use for filtering purposes?
answer
Intent
question
(T/F) The first phase of the security policy cycle involves a vulnerability assessment.
answer
True
question
(T/F) Bluetooth devices are not backward compatible with previous versions.
answer
False
question
An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:
answer
Session hijacking
question
What term is used to describe the operation of stockrooms where mobile devices are stored prior to their dispersal to employees?
answer
Inventory control
question
In a UAC prompt, what color is used to indicate the lowest level of risk?
answer
gray
question
What type of access point is configured by an attacker in such a manner that it mimics an authorized access point?
answer
evil twin
question
What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information?
answer
LDAP injection
question
What is the end result of a penetration test?
answer
penetration test report
question
What kind of server connects a remote system through the Internet to local serial ports using TCP/IP?
answer
Serial server
question
(T/F) A hash algorithm is designed to create a hash that represents the contents of a set of data that can later be decrypted.
answer
False
question
(T/F) XSS attacks occur when an attacker takes advantage of web applications that accept user input without validating it and then present it back to the user.
answer
True
question
What concept below is at the very heart of information security?
answer
risk
question
How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?
answer
DNS poisoning
question
(T/F) Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information.
answer
True
question
Select below the term that is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so:
answer
Script kiddies
question
HTML uses which option below within embedded brackets () causing a web browser to display text in a specific format?
answer
tags
question
(T/F) Keyed entry locks are much more difficult to defeat than deadbolt locks.
answer
False
question
Which of the following selections is not one of the features provided by a typical MDM?
answer
Track stolen devices
question
After the DES cipher was broken and no longer considered secure, what encryption algorithm was made as its successor?
answer
3DES
question
A person's fundamental beliefs and principals, which are used to define what is good, and how to distinguish right from wrong, are collectively called a person's:
answer
Values
question
Select below the technology that can be used to examine content through application-level filtering:
answer
Web security gateway
question
How many different Microsoft Windows file types can be infected with a virus?
answer
70
question
Select below the layer of the OSI model at which the route a packet is to take is determined, and the addressing of the packet is performed.
answer
Network
question
A firewall that keeps a record of the state of a connection between an internal computer and an external device is using what technology below?
answer
Stateful packet filtering
question
(T/F) Geolocation is the identification of the location of a person or object using technology, and can be used as part of an authentication method.
answer
True
question
Malware that locks or prevents a device from functioning properly until a fee has been paid is known as:
answer
Ransomware
question
If using the MD5 hashing algorithm, what is the length to which each message is padded?
answer
512 bits
question
A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as:
answer
Separation of duties
question
Instead of using a key or entering a code to open a door, a user can use an object, such as an ID badge, to identify themselves in order to gain access to a secure area. What term describes this type of object?
answer
physical token
question
(T/F) Self-encrypting HDD is commonly found in copiers and multifunction printers as well as point-of-sale systems used in government, financial, and medical environments.
answer
True
question
A snapshot of the current state of a computer that contains all current settings and data is known as what option below:
answer
system image
question
The comparison of the present state of a system to its baseline is known as what?
answer
Baseline reporting
question
Cipher locks are sometimes combined with what type of sensor, which uses infrared beams that are aimed across a doorway?
answer
Tailgate sensors
question
Choose the SQL injection statement example below that could be used to find specific users:
answer
whatever' OR full_name LIKE '%Mia%'
question
Cryptography that attempts to use the microscopic behaviors of objects to develop and share keys while also detecting eavesdropping is known as what type of cryptography?
answer
Quantum cryptography
question
Select below the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users:
answer
Kerberos
question
What kind of policy outlines how organizations use personal information it collects?
answer
privacy
question
Multiple sectors on a disk, when combined, are referred to as a:
answer
cluster
question
At what stage can a certificate no longer be used for any type of authentication?
answer
expiration
question
What type of filtering utilizes a an analysis of the content of spam messages in comparison to neutral / non-spam messages in order to make intelligent decisions as to what should be considered spam?
answer
Bayesian filtering
question
A web server must be accessible to untrusted outside users. What can be done to isolate this host and any additional hosts with similar requirements from more secured hosts on a network?
answer
Create a DMZ, add necessary hosts
question
What is the name of the cryptographic hash function that has international recognition and has been adopted by standards organizations such as the ISO, that creates a digest of 512 bits and will not be subject to patents?
answer
Whirlpool
question
Select below the secure alternative to the telnet protocol:
answer
SSH
question
Which hashing algorithm below is used with NTLMv2's Hashed Message Authentication Code?
answer
MD5
question
What MAC limiting configuration setting allows for MAC addresses to be automatically learned and stored along with any addresses that were learned prior to using the configuration setting?
answer
Sticky
question
What federated identity management (FIM) relies on token credentials?
answer
OAuth
question
What information security position reports to the CISO and supervises technicians, administrators, and security staff?
answer
manager
question
Under which law are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format?
answer
HIPAA
question
What is the maximum number of characters that can exist within an SSID name?
answer
32
question
A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a:
answer
password
question
In what type of server cluster can services fail over from downed servers to functional servers?
answer
symmetric server
question
The management in your corporate office want to group users on the network together logically even though they are attached to separate network switches. How can this be done?
answer
Create a VLAN and add the users' computers / ports to the VLAN.
question
Which of the following is not a benefit that can be provided by using IP telephony?
answer
Decreased network utilization
question
When a private network uses a single public IP address, and each outgoing TCP packet uses a different port to allow for proper translation, what networking technology is in use?
answer
NAT
question
Which network address below is not a private IP address network?
answer
172.63.255.0
question
(T/F) Group policy is a Unix feature that allows for the centralized management and configuration of computers and remote users using Unix Active Directory.
answer
False
question
On what principle did Julius Caesar's cyptographic messages function?
answer
Each alphabetic letter was shifted three places down in the alphabet
question
Which type of network below uses a direct connection between users, and involves each device simultaneously acting as a client and a server?
answer
P2P
question
The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?
answer
DAP
question
The goal of what type of threat evaluation is to better understand who the attackers are, why they attack, and what types of attacks might occur?
answer
threat modeling
question
What type of cryptographic algorithm is considered to be a one-way algorithm, in that its contents can't be used to reveal the original set of data?
answer
hash
question
A system such as a printer, smart TV, or HVAC controller, typically uses an operating system on what is called a:
answer
Embedded system
question
(T/F) Passwords provide strong protection.
answer
False
question
The use of one authentication credential to access multiple accounts or applications is referred to
answer
Single Sign On
question
What kind of software program delivers advertising content in a manner that is unexpected and unwanted by the user, and is typically included in malware?
answer
Adware
question
What country is now the number one source of attack traffic?
answer
Indonesia
question
(T/F) Mobile devices such as laptops are stolen on average once every 20 seconds.
answer
False
question
A metallic enclosure that prevents the entry or escape of an electromagnetic field is known as a:
answer
Faraday cage
question
The process of identifying exposure to threats, creating preventive and recovery procedures, and then testing them to determine if they are sufficient, is known as:
answer
Business continuity planning and testing
question
During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?
answer
authentication request
question
What cryptographic method, first proposed in the mid-1980s, makes use of sloping curves instead of large prime numbers?
answer
ECC
question
A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as a:
answer
Service Level Agreement (SLA)
question
What kind of data can be lost when a computer is turned off?
answer
Volatile
question
What is the name for a standard or checklist against which systems can be evaluated and audited for their level of security (security posture)?
answer
baseline
question
Mobile Device Management systems that allow users to store usernames and passwords within a device are said to be using:
answer
Credential management
question
Which of the following is not one of the types of settings that would be included in a Microsoft Windows security template?
answer
Resolution settings
question
(T/F) If TCP port 20 is open, then an attacker can assume that FTP is being used.
answer
True
question
How can an administrator keep devices powered when power is interrupted?
answer
uninterruptible power supply
question
What RAID type below utilizes parity data across all drives instead of using a separate drive to hold parity error checking information?
answer
RAID 5
question
A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as:
answer
A macro
question
An access point that is unauthorized and allows an attacker to bypass network security configurations is considered to be what type of access point?
answer
rogue
question
The process by which keys are managed by a third party, such as a trusted CA, is known as?
answer
Key escrow
question
Slave devices that are connected to a piconet and are sending transmissions are known as what?
answer
Active slave
question
Which of the following is not one of the four methods for classifying the various types of malware?
answer
Source
question
The physical procedure whereby an unauthorized person gains access to a location by following an authorized user is known as?
answer
Tailgating
question
What transport protocol is used by Windows operating systems to allow applications on separate computers to communicate over a LAN?
answer
NetBIOS
question
What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted?
answer
HTTP header
question
Select below the option that is not one of the SD format card families:
answer
Extreme Capacity (SDXC)
question
In what type of cloud computing does the customer have the highest level of control?
answer
Cloud Infrastructure as a Service
question
What term below is used to describe a means of gathering information for an attack by relying on the weaknesses of individuals?
answer
Social engineering
question
(T/F) Most organizations follow a three-phase cycle in the development and maintenance of a security policy.
answer
True
question
Which term below describes a component or entity in a system which, if it no longer functions, will disable an entire system?
answer
single point of failure
question
Which of the three protections ensures that only authorized parties can view information?
answer
Confidentiality
question
What term is used to describe a documentation of control over evidence, which is used to ensure that no unauthorized person was given the opportunity to corrupt the evidence?
answer
chain of custody
question
When setting up a server virtualization environment, what component below manages the virtual machine operating systems and supports one or more guest systems?
answer
hypervisor
question
The PC Card and CardBus devices are being replaced by what technology?
answer
ExpressCard
question
When using SNMPv1 or SNMPv2, what piece of information is needed to view information from an agent?
answer
community string
question
A user or a process functioning on behalf of the user that attempts to access an object is known as the:
answer
subject
question
What term below describes a prearranged purchase or sale agreement between a government agency and a business?
answer
Blanket Purchase Agreement (BPA)
question
(T/F) Spreading similarly to a virus, a worm inserts malicious code into a program or data file.
answer
False
question
A key that is generated by a symmetric cryptographic algorithm is said to be a:
answer
private key
question
(T/F) Because PEAP can be vulnerable to specific types of attacks, Cisco now recommends that users migrate to a more secure EAP than PEAP.
answer
False
question
A location that has all the equipment installed but does not have active Internet or telecommunications facilities, and does not have current backups of data, is an example of a:
answer
warm site
question
The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below?
answer
C:Inetpub wwwroot
question
What type of attack involves an attacker stealing a file containing password digests and comparing the digests with digests created by the attacker?
answer
offline cracking
question
(T/F) Simply using a mobile device in a public area can be considered a risk.
answer
True
question
What term is used to describe a loose network of attackers, identity thieves, and financial fraudsters?
answer
Cybercriminals
question
(T/F) Security is enhanced by subnetting a single network into multiple smaller subnets in order to isolate groups of hosts.
answer
True
question
What is the term for a network set up with intentional vulnerabilities?
answer
honeynet
question
Which of the following choices is not one of the four types of packets used by EAP?
answer
Error
question
Computer code that is typically added to a legitimate program but lies dormant until it is triggered by a specific logical event is known as a?
answer
logic bomb
question
(T/F) Defense in depth, or layered security, involves the use of multiple types of network hardware within a network.
answer
True
question
(T/F) The strength of RADIUS is that messages are always directly sent between the wireless device and the RADIUS server.
answer
False
question
To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 billion. What was the name of this attack?
answer
Love Bug
question
(T/F) Vulnerability scans are usually performed from outside the security perimeter.
answer
False
question
A written document that states how an organization plans to protect the company's information technology assets is a:
answer
security policy
question
(T/F) Steganography hides the existence of data within images by dividing and hiding portions of a file within the image.
answer
True
question
A list of the available nonkeyboard characters can be seen in Windows by opening what utility?
answer
charmap.exe
question
(T/F) Digital signatures actually only show that the public key labeled as belonging to the person was used to encrypt the digital signature.
answer
True
question
(T/F) The vulnerability discovered in IPsec in early 2014 was nicknamed Heartbleed, due to an issue with a heartbeat extension in the protocol.
answer
False
question
(T/F) Audits serve to verify that the security protections enacted by an organization are being followed and that corrective actions can be swiftly implemented before an attacker exploits a vulnerability.
answer
True
question
The capability for devices to exchange low-level control messages is provided by what protocol below?
answer
ICMP
question
What can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments?
answer
Ethics
question
What security goal do the following common controls address: hashing, digital signatures, certificates, nonrepudiation tools?
answer
Integrity
question
The deployment of this technology below can be used as a defense against DoS and DDoS SYN flood attacks:
answer
flood guard
question
(T/F) A Hardware Security Module (HSM) is essentially a chip on the motherboard of the computer that provides cryptographic services.
answer
False
question
Select the EAP protocol supported by WPA2 Enterprise that securely tunnels any credential form for authentication using TLS:
answer
EAP-FAST
question
The standard TCP/IP protocol uses IP addresses which are how many bytes in length?
answer
4
question
The asymmetric cryptography algorithm most commonly used is:
answer
RSA
question
A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as:
answer
service level agreement
question
(T/F) Token credentials can be revoked at any time by the user without affecting other token credentials issued to other sites.
answer
True
question
(T/F) APs use antennas that radiate a signal in all directions.
answer
True
question
What type of undocumented yet benign hidden feature launches after a special set of commands, key combinations, or mouse clicks, and was no longer included in Microsoft software after the start of their Trustworthy Computing initiative?
answer
Easter egg
question
One of the armored virus infection techniques utilizes encryption to make virus code more difficult to detect, in addition to separating virus code into different pieces and inject these pieces throughout the infected program code. What is the name for this technique?
answer
Swiss cheese
question
A framework for all of the entities involved in digital certificates for digital certificate management is known as:
answer
Public key infrastructure
question
Instead of trying to make a match, modern AV techniques are beginning to use a type of detection that attempts to identify the characteristics of a virus. What is the name for this technique?
answer
heuristic detection
question
(T/F) IEEE 802.1x is commonly used on wireless networks.
answer
True
question
A Bluetooth attack in which the attacker accesses unauthorized information from a wireless device using a Bluetooth connection, is known as?
answer
Bluesnarfing
question
What type of cryptographic algorithm can be used to ensure the integrity of a file's contents?
answer
Hashing
question
What type of monitoring compares network traffic, activities, transactions, or behavior against a database of known attack patterns?
answer
Signature
question
What term below describes a hand-held mobile device that was intended to replace paper systems, and typically included an appointment calendar, an address book, a "to-do" list, a calculator, and the ability to record limited notes?
answer
Personal digital assistant (PDA)
question
Entries within a Directory Information Base are arranged in a tree structure called the:
answer
DIT
question
In information security, an example of a threat agent can be ____.
answer
All of the above
question
(T/F) DLP agent sensors are installed on each host device, and monitor for actions such as printing, copying to a USB flash drive, and burning to a CD or DVD.
answer
True
question
What type of attack is targeted against a smaller group of specific individuals, such as the major executives working for a manufacturing company?
answer
Watering Hole
question
The NTRUEncrypt cryptographic algorithm makes use of which of the following cryptographic techniques?
answer
lattice-based
question
Which type of attack below is similar to a passive man-in-the-middle attack?
answer
replay
question
In cryptography, which of the five basic protections ensures that the information is correct and no unauthorized person or malicious software has altered that data?
answer
Integrity
question
According to the Federal Bureau of Investigation (FBI), what percentage of crime committed today leaves behind digital evidence that can be retrieved via computer forensics?
answer
85
question
Which of the three Cloud computing service models allows a customer to access software provided by a vendor using a web browser, without any installation, configuration, upgrading, or management from the user?
answer
Cloud Software as a Service
question
On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?
answer
Privilege escalation
question
What device operates at the Network Layer (layer 3) of the OSI model and forwards packets across computer networks?
answer
router
question
Select below the decentralized open-source FIM that does not require specific software to be installed on the desktop:
answer
OpenID
question
What cryptographic transport algorithm is considered to be significantly more secure than SSL?
answer
TLS
question
(T/F) Workgroup switches must work faster than core switches.
answer
False
question
Of the three types of mutating malware, what type changes its internal code to one of a set number of predefined mutations whenever it is executed?
answer
Oligomorphic malware
question
What type of malware is heavily dependent on a user in order to spread?
answer
virus
question
Using what mechanism below can the non-repudiation of an e-mail and it's content be enforced?
answer
Asymmetric encryption
question
Which term below is frequently used to describe the tasks of securing information that is in a digital format?
answer
information security
question
Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?
answer
whatever' AND email IS NULL; --
question
Select below the hashing algorithm that takes plaintext of any length and generates a digest 128 bits in length:
answer
MD2
question
What are values that are attributed to a system of beliefs that help the individual distinguish right from wrong called?
answer
Morals
question
To what specific directory are users generally restricted to on a web server?
answer
root
question
(T/F) RAM slack can contain any information that has been created, viewed, modified, downloaded, or copied since the computer was last booted.
answer
True
question
What PIN is considered to be the most commonly used PIN?
answer
1234
question
What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face?
answer
Standard biometrics
question
A spiked collar that extends horizontally for up to 3 feet from the pole is an example of what kind of technology?
answer
Anti-climb
question
According to the U.S. Bureau of Labor Statistics, what percentage of growth is the available job outlook supposed to reach by the end of the decade?
answer
22
question
What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?
answer
Mandatory Access Control
question
Policies that include statements regarding how an employee's information technology resources will be addressed are part of a:
answer
security-related human resource policy
question
When using AES-CCMP, the AES-256 bit key requires how many rounds?
answer
13
question
Mobile devices with global positioning system (GPS) abilities typically make use of:
answer
Location services
question
What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?
answer
TACACS
question
What term below is used to describe an attack that sends unsolicited messages to Bluetooth enabled devices?
answer
Bluejacking
question
What is the name of the open source asymmetric cryptography system that runs on Windows, UNIX, and Linux systems, and is compatible with PGP?
answer
GPG
question
Which encryption protocol below is used in the WPA2 standard?
answer
AES-CCMP
question
(T/F) A QR code can store website URLs, plain text, phone numbers, e-mail addresses, or virtually any alphanumeric data up to 4296 characters.
answer
True
question
(T/F) Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.
answer
True
question
An administrator running a port scan wants to ensure that no processes are listening on port 23. What state should the port be in?
answer
closed port
question
A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as?
answer
Certificate practice statement (CPS)
question
What is the name for a cumulative package of all patches and hotfixes as well as additional features up to a given point?
answer
service pack
question
In order to minimize vulnerabilities in software, code should be subject to and analyzed while it is being written in what option below?
answer
code review
question
The security protection item that ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter is known as?
answer
Authentication
question
What is the name for an organization that receives, authenticates, and processes certificate revocation requests?
answer
Registration Authority
question
What is the name for the code that can be executed by unauthorized users within a software product?
answer
attack surface
question
Which tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications?
answer
white box
question
Using technology to search for computer evidence of a crime in order to retrieve information, even if it has been altered or erased, that can be used in pursuit of an attacker or criminal is an example of:
answer
Computer forensics
question
What is the name of the process that takes a snapshot of the current security of an organization?
answer
vulnerability appraisal
question
An independently rotating large cup affixed to the top of a fence prevents the hands of intruders from gripping the top of a fence to climb over it. What is the name for this technology?
answer
roller barrier
question
(T/F) A block cipher works on a single character at a time, and is faster than a stream cipher.
answer
False
question
(T/F) Digital certificates cannot be used to identify objects other than users.
answer
False
question
The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
answer
Gramm-Leach-Bliley
question
What language below is designed to display data, with a primary focus on how the data looks?
answer
HTML
question
Due to the potential impact of changes that can affect all users in a organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes?
answer
change management team
question
A QR code can't contain which of the following items directly?
answer
A video
question
Select below the type of computing device that uses a limited version of the Linux operating system and uses a web browser with an integrated media player:
answer
Web-based
question
What SD card family can be used to transmit pictures over a wireless network to a laptop hard drive or wireless printer?
answer
Secure Digital Input Output (SDIO)
question
A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):
answer
ACL
question
Which layer of the OSI model contains TCP protocol, which is used for establishing connections and reliable data transport between devices?
answer
Transport Layer
question
Piconets in which connections exist between different piconets are known as a:
answer
scatternet
question
Passwords that are transmitted can be captured by what type of software?
answer
protocol analyzer
question
(T/F) An evil twin AP is an AP that is set up by an attacker to mimic an authorized AP, with the intent to redirect client devices.
answer
False
question
Which option below is responsible for the issuing of EAP request packets?
answer
authenticator
question
A load balancer that works with the File Transfer Protocol is operating at what layer of the OSI model?
answer
Layer 4
question
(T/F) A shield icon warns users if they attempt to access any feature that requires UAC permission.
answer
True
question
What is the term used for a device that requests permission from an authenticator to join a network?
answer
Supplicant
question
(T/F) Today's software attack tools do not require any sophisticated knowledge on the part of the attacker.
answer
True
question
Despite its promise to dramatically impact IT, cloud computing raises significant security concerns.
answer
True
question
A laptop may have multiple hardware ports. Which of the following is not a typical port included on a laptop?
answer
RS232
question
How can an administrator force wireless clients to use a standard web browser to provide information, and require a user to agree to a use policy or present valid login credentials?
answer
Captive portal access point
question
Select below the type of malware that appears to have a legitimate use, but actually contains or does something malicious:
answer
Trojan
question
(T/F) Authorization and access are viewed as synonymous and in access control, they are the same step.
answer
False
question
(T/F) A macro is a series of instructions that can be grouped together as a single command.
answer
True
question
The Google Android mobile operating system is a proprietary system, for use on only approved devices.
answer
False
question
Select below the string of characters that can be used to traverse up one directory level from the root directory:
answer
../
question
A collection of suggestions that should be implemented are referred to as a:
answer
guideline
question
When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:
answer
DNS
question
(T/F) Public keys can be stored by embedding them within digital certificates, while private keys can be stored on the user's local system.
answer
True
question
The Temporal Key Integrity Protocol (TKIP) encryption technology increases IVs to what length?
answer
48 bits
question
What is the maximum range of most Bluetooth devices?
answer
33 ft
question
What technology enables authorized users to use an unsecured public network, such as the Internet, as if were a secure private network?
answer
VPN
question
What type of video surveillance is typically used by banks, casinos, airports, and military installations, and commonly employs guards who actively monitor the surveillance?
answer
CCTV
question
What protocol, developed by Netscape in 1994, is designed to create an encrypted data path between a client and server that could be used on any platform or operating system?
answer
SSL
question
Anti-virus products typically utilize what type of virus scanning analysis?
answer
Static analysis
question
Those who wrongfully disclose individually identifiable health information can be fined up to what amount per calendar year?
answer
$1,500,000
question
What device acts like a wireless base station in a network, acting as a bridge between wireless and wired networks?
answer
Access Point
question
When a company needs to identify mission-critical business functions and quantify the impact a loss of such functions may have on the organization in terms of it's operational and financial position, what should be performed?
answer
Business impact analysis (BIA)
question
What is the maximum effective range of a typical passive RFID tag?
answer
19
question
What language below is used to view and manipulate data that is stored in a relational database?
answer
SQL
question
(T/F) The CardBus is a 64-bit bus in the PC card form factor.
answer
False
question
Which scan examines the current security, in a passive method?
answer
vulnerability scan
question
A sensitive connection between a client and a web server uses what class of certificate?
answer
Class 2
question
What is the name for an image that consists of an evidence-grade backup because its accuracy meets evidence standards?
answer
mirror image
question
Broadcast storms can be prevented by using loop prevention technology. Which item below can be used to help prevent loops?
answer
802.1d
question
(T/F) Because of the minor role it plays, DNS is never the focus of attacks.
answer
False
question
What technology allows users to share resources stored on one site with a second site without forwarding their authentication credentials to the other site?
answer
OAuth
question
An ultrabook is an example of what type of a portable computer?
answer
Subnotebook
question
What protocol below supports two encryption modes: transport and tunnel?
answer
IPSec
question
(T/F) Successful attacks on computers today consist of a single element, malicious software programs that are created to infiltrate computers with the intent to do harm.
answer
False
question
Select below the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data.
answer
Integrity
question
Which of the following is not one of the functions of a digital signature?
answer
Protect the public key
question
What type of learner learns best through hands-on approaches?
answer
Kinesthetic
question
How can an area be made secure from a non-secured area via two interlocking doors to a small room?
answer
Using a mantrap
question
(T/F) IP telephony and Voice over IP (VoIP) are identical.
answer
False
question
Which type of cryptographic algorithm takes an input string of any length, and returns a string of any requested variable length?
answer
Sponge
question
Which position below is considered an entry-level position for a person who has the necessary technical skills?
answer
security technician
question
Which term below describes the art of helping an adult learn?
answer
andragogical
question
The two types of malware that require user intervention to spread are:
answer
Viruses and trojans
question
What type of cryptography uses two keys instead of just one, generating both a private and a public key?
answer
Asymmetric
question
What is the block cipher algorithm that operates on 64-bit blocks and can have a key length from 32 to 448 bits known as?
answer
Blowfish
question
A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?
answer
drive-by-download
question
What type of management system below can help facilitate asset tracking?
answer
Mobile Device Management (MDM)
question
The SHA-1 hashing algorithm creates a digest that is how many bits in length?
answer
160 bits
question
Which access control model is considered to be the least restrictive?
answer
Discretionary Access Control
question
What kind of slack is created from information stored on a hard drive, which can contain remnants of previously deleted files or data?
answer
Drive file slack
question
Proximity readers utilize a special type of tag that can be affixed to the inside of an ID badge. What is the name for this type of tag?
answer
Radio Frequency Identification tag (RFID)
question
A virus that infects an executable program file is known as?
answer
program virus
question
The use of a single authentication credential that is shared across multiple networks is called:
answer
Identity management
question
Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?
answer
RADIUS
question
What proprietary EAP method developed by Cisco requires mutual authentication for WLAN encryption using Cisco client software?
answer
LEAP
question
Select below the option that represents a wearable technology:
answer
Google Glass
question
Why is IPsec considered to be a transparent security protocol?
answer
IPsec is designed to not require modifications of programs, or additional training, or additional client setup
question
(T/F) The CompTIA Security+ Certification is aimed at an IT security professional with the recommended background of a minimum of two years experience in IT administration, with a focus on security.
answer
True
question
Websites that group individuals and organizations into clusters or groups based on some sort of affiliation are considered to be what type of websites?
answer
social networking
question
How can a network of physical devices be grouped into logical units, regardless of what network switches they may be connected to?
answer
VLAN
question
Most portable devices, and some computer monitors, have a special steel bracket security slot built into the case, which can be used in conjunction with a:
answer
cable lock
question
Which term below describes the time it takes for a key to be pressed and then released?
answer
Dwell time
question
Select below the standard that is based on the Rijndael algorithm, and was approved by NIST in late 2000 as a replacement for DES:
answer
AES
question
What is the center of the weakness of passwords?
answer
human memory
question
What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?
answer
access control model
question
User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?
answer
Orphaned
question
Select below the TCP/IP protocol that resolves a symbolic name to its corresponding IP address using a database consisting of an organized hierarchy tree.
answer
DNS
question
The action that is taken by a subject over an object is called a(n):
answer
operation
question
Which access control model can dynamically assign roles to subjects based on a set of defined rules?
answer
Rule Based Access Control
question
(T/F) Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and signature-based monitoring by being more adaptive and proactive instead of reactive.
answer
True
question
What is the name for a computer or application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user?
answer
proxy server
question
Because of the limitations of a hierarchical trust model, what type of trust model is used for CAs on the Internet?
answer
distributed trust
question
What type of plans include procedures to address redundancy and fault tolerance as well as data backups?
answer
Disaster recovery
question
The exchange of information among DNS servers regarding configured zones is known as:
answer
zone transfer
question
Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment?
answer
Acceptable use policies
