Comptia Security+ Exam with Complete
Solutions
A security administrator is implementing a security program that addresses
confidentiality and availability. What else should the administrator include? -AnswerEnsure sys
...
Comptia Security+ Exam with Complete
Solutions
A security administrator is implementing a security program that addresses
confidentiality and availability. What else should the administrator include? -AnswerEnsure systems are not susceptible to unauthorized changes
You need to transmit PII via email and you wan tot maintain its confidentiality. What
should you do? -Answer- Encrypt it before sending
Lisa manages network devices in your organization and maintains copies of the
configuration files for all the managed routers and switches. On a weekly basis, she
creates hashes for these files and compares them with the hashes she created on the
same files the previous week. Which security goal is she pursuing? -Answer- Integrity
An organization wants to provide protection against malware attacks. Administrators
have installed antivirus software on all computers. Additionally, they implemented a
firewall and an IDS on the network. What identifies this principle? -Answer- Layered
Security
Homer called into the help desk and says he forgot his password. What should the helpdesk professional do after Homer has verified his identity? -Answer- Reset the
password and configure the password to expire after the first use
Which type of authentication does a hardware token provide? -Answer- One-time
password
Which type of authentication is a retina scan? -Answer- Biometric
Users are required to log on to their computers with a smart card and a PIN. Which
describes this? -Answer- Multifactor authentication
Your company recently began allowing workers to telecommute from home one or more
days a week. However, your company doesn't currently have a remote access solution.
They want to implement an AAA solution that supports different vendors. Which of the
following is the BEST choice? -Answer- RADIUS
Your organization has implemented a system that stores user credentials in a central
database. Users log on once with their credentials. They can then access other systems
in the organization without logging on again. What does this describe? -Answer- Single
sign-on
Your organization issues users a variety of different mobile devices. However,
management wants to reduce potential data losses if the devices are lost or stolen.Which of the following is the BEST technical control to achieve this goal? -Answer- Disk
encryption
Your primary job activities include monitoring security logs, analyzing trend reports, and
installing CCTV systems. Which of the following choices BEST identifies your
responsibilities? -Answer- Detecting security incidents and implementing monitoring
controls
A security professional has reported an increase in the number of tailgating violations
into a secure data center. What can prevent this? -Answer- Mantrap
You are redesigning your password policy. You want to ensure that users change their
passwords regularly, but they are unable to reuse passwords. What settings should you
configure? -Answer- Maximum password age, password history, and minimum
password age
An outside security auditor recently completed an in-depth security audit on your
network. One of the issues he reported was related to passwords. Specifically, he found
the following passwords used on the network: Pa$$, 1@W2, and G7bT3. What should
be changed to avoid the problem shown with these passwords? -Answer- Password
length
A recent security audit discovered several apparently dormant user accounts. Although
users could log on to the accounts, no one had logged on to them for more than 60
days. You later discovered that these accounts are for contractors who work
approximately one week every quarter. What is the BEST response to this situation? -
Answer- Disable the accounts
Your organization routinely hires contractors to assist with different projects.
Administrators are rarely notified when a project ends and contractors leave. Which of
the following is the BEST choice to ensure that contractors cannot log on with their
account after they leave? -Answer- Enable account expiration
Developers are planning to develop an application using role-based access control.
Which of the following would they MOST likely include in their planning? -Answer- A
matrix of functions matched with their required privileges
An organization has implemented an access control model that enforces permissions
based on data labels assigned at different levels. What type of model is this? -Answermandatory access control (MAC)
Your organization's security policy requires that PII data at rest and PII data in transit be
encrypted. Of the following choices? what would the organization use to achieve these
objectives? -Answer- Secure Shell (SSH) and Pretty Good Privacy / GNU Privacy
Guard (PGP/GPG)Which of the following list of protocols use TCP port 22 by default? -Answer- SSH, SCP,
SFTP
Bart wants to block access to all external web sites. Which port should he block at the
firewall? -Answer- TCP 80
You need to manage a remote server. Which of the following ports should you open on
the firewall between your system and the remote server? -Answer- 22 and 3389
While reviewing logs on a firewall, you see several requests for the AAAA record of
gcgapremium.com. What is the purpose of this request? -Answer- To identify the IPv6
address of gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the "A" record of
gcgapremium.com. What is the purpose of this request? -Answer- To identify the IPv4
address of gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the MX record of
gcgapremium.com. What is the purpose of this request? -Answer- To identify the mail
server for gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the CNAME record of
gcgapremium.com. What is the purpose of this request? -Answer- To identify any
aliases used by gcgapremium.com
Your organization has several switches used within the network. You need to implement
a security control to secure the switch from physical access. What should you do? -
Answer- Disable unused ports
You are configuring a switch and need to ensure that only authorized devices can
connect to it and access the network through this switch. Which of the following is the
BEST choice to meet this goal? -Answer- Implement 802.1x
An ______________ server provides port-based authentication and can prevent
unauthorized devices from connecting to a network. -Answer- 802.1x
__________________________ will prevent switching loop problems, but doesn't
authenticate clients. -Answer- Rapid Spanning Tree Protocol (RSTP)
You need to configure a UTM security appliance to restrict access to peer-to-peer file
sharing web sites. What are you MOST likely to configure? -Answer- URL filter
Your organization has implemented a network design that allows internal computers to
share one public IP address. Of the following choices, what did they MOST likely
implement? -Answer- Port Address Translation (PAT)Port Address Translation (PAT) is a form of __________________ and it allows many
internal devices to share one public IP address. -Answer- Network Address Translation
(NAT)
____________________________ uses multiple public IP addresses instead of just
one. -Answer- Dynamic Network Address Translation (DNAT)
__________________________ secures transmissions for data in transit. -AnswerTransport Layer Security (TLS)
What would you configure on a Layer 3 device to allow FTP traffic to pass through? -
Answer- Access Control List (ACL)
What type of device would have the following entries used to define its operation?
permit IP any any eq 80
permit IP any any eq 443
deny IP any any -Answer- Firewall
You are preparing to deploy an anomaly-based detection system to monitor network
activity. What would you create first? -Answer- Baseline
A security company wants to gather intelligence about current methods attackers are
using against its clients. What can it use? -Answer- Honeynet
________________ help protect against SYN flood attacks. -Answer- Flood guards
______________________ systems use signatures similar to antivirus software. -
Answer- Signature-based
A __________________ is a server designed to look valuable to an attacker and can
divert attacks. -Answer- Honeypot
Lisa oversees and monitors processes at a water treatment plant using SCADA
systems. Administrators recently discovered malware on her system that was
connected to the SCADA systems. Although they removed the malware, management
is still concerned. Lisa needs to continue using her system and it's not possible to
update the SCADA system. What can mitigate this risk? -Answer- Install a NIPS on the
border of the SCADA network
Your organization maintains a separate wireless network for visitors in a conference
room. However, you have recently noticed that people are connecting to this network
even when there aren't any visitors in the conference room. You want to prevent these
connections, while maintaining easy access for visitors in the conference room. Which
of the following is the BEST solution? -Answer- Reduce antenna powerWhich of the following represents the BEST action to increase security in a wireless
network? -Answer- Replace Temporal Key Integrity Protocol (TKIP) with Counter Mode
Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Your organization is hosting a wireless network with an 802.1x server using Protected
Extensible Authentication Protocol (PEAP). On Thursday, users report they can no
longer access the wireless network. Administrators verified the network configuration
matches the baseline, there aren't any hardware outages, and the wired network is
operational. Which of the following is the MOST likely cause for this problem? -AnswerThe RADIUS server certificate expired
You are planning a wireless network for a business. A core requirement is to ensure
that the solution encrypts user credentials when users enter their usernames and
passwords. Which of the following BEST meets this requirement? -Answer- WPA2 over
EAP-TTLS
A small business owner modified his wireless router with the following settings:
PERMIT 1A:2B:3C:4D:5E:6F
DENY 6F:5E:4D:3C:2B:1A
After saving his settings, an employee reports that he cannot access the wireless
network anymore. What is the most likely reason that the employee cannot access the
network? -Answer- Hardware address filtering
___________________ filtering can block or allow access based on a device's MAC
address, also known as the hardware address. -Answer- MAC address
Homer recently implemented a wireless network in his home using WEP. He asks you
for advice. Which of the following is the BEST advice you can give him? -Answer- He
should not use WEP because it implements weak IVs for encryption keys
Which of the following is an attack against a mobile device? -Answer- Bluejacking
A network administrator needs to open a port on a firewall to support a VPN using
PPTP. What ports should the administrator open? -Answer- TCP 1723
What protocol ID does IPsec use? -Answer- 50
Attackers recently attacked a web server hosted by your organization. Management has
tasked administrators with reducing the attack surface of this server to prevent future
attacks. Which of the following will meet this goal? -Answer- Disabling unnecessary
services
After disabling unnecessary services, what should you do next to reduce the attack
surface of a web server? -Answer- Identify the baselineNetwork administrators identified what appears to be malicious traffic coming from an
internal computer, but only when no one is logged on to the computer. You suspect the
system is infected with malware. It periodically runs an application that attempts to
connect to web sites over port 80 with Telnet. After comparing the computer with a list
of services from the standard image, you verify this application is very likely the
problem. What process allowed you to make this determination? -Answer- Baselining
An updated security policy defines what applications users can install and run on
company-issued mobile devices. Which of the following technical controls will enforce
this policy? -Answer- Whitelisting
You want to test new security controls before deploying them. Which of the following
technologies provides the MOST flexibility to meet this goal? -Answer- Virtualization
technologies
An organization recently suffered a significant outage after a technician installed an
application update on a vital server during peak hours. The server remained down until
administrators were able to install a previous version of the application on the server.
What could the organization implement to prevent a re-occurrence of this problem? -
Answer- Create a patch management policy
A ___________________ includes plans for identifying, testing, scheduling, and
deploying updates. -Answer- Patch Management Policy
A security analyst is evaluating a critical industrial control system. The analyst wants to
ensure the system has security controls to support availability. Which of the following
will BEST meet this need? -Answer- Implementing control redundancy and diversity
Of the following choices, what are valid security controls for mobile devices? -AnswerScreen locks, device encryption, and remote wipe
A new mobile device security policy has authorized the use of employee-owned
devices, but mandates additional security controls to protect them if devices are lost of
stolen. Which of the following meets this goal? -Answer- Screen locks and device
encryption
You want to deter an attacker from using brute force to gain access to a mobile device.
What would you configure? -Answer- Account lockout settings
________________________ can be used for automated inventory control to detect
movement of devices. -Answer- Radio-Frequency Identification (RFID)
Management within your company is considering allowing users to connect to the
corporate network with their personally owned devices. Which of the following
represents a security concern with this policy? -Answer- Inability to ensure devices are
up to date with current system patchesYour organization is planning to issue mobile devices to some employees, but they are
concerned about protecting the confidentiality of data if the devices are lost or stolen.
Which of the following are the BEST way to secure data at rest on a mobile device? -
Answer- Full device encryption
Your organization recently purchased several new laptop computers for employees.
You're asked to encrypt the laptop's hard drives without purchasing any additional
hardware. What would you use? -Answer- Trusted Platform Module (TPM)
Management within your organization wants to limit documents copied to USB flash
drives. Which of the following can be used to meet this goal? -Answer- Data Loss
Prevention (DLP)
Bart installed code designed to enable his account automatically, three days after
anyone disables it. What does this describe? -Answer- Logic Bomb
A logic bomb is code that executes in response to an event. If the logic bomb is set to
enable an account after it has been disabled, the logic bomb is creating a
______________________. -Answer- Back Door
Lisa recently completed an application used by the Personnel department to store PII
and other employee information. She programmed in the ability to access this
application with a username and password that only she knows, so that she can
perform remote maintenance on the application if necessary. What does this describe? -
Answer- Backdoor
A recent change in an organization's security policy states that monitors need to be
positioned so that they cannot be viewed from outside any windows. What is the
purpose of this policy? -Answer- Reduce success of shoulder surfing
You are troubleshooting an intermittent connectivity issue with a web server. After
examining the logs, you identify repeated connection attempts from various IP
addresses. You realize these connection attempts are overloading the server,
preventing it from responding to other connections. Which of the following is MOST
likely occurring? -Answer- DDoS
Your organization includes the following statement in the security policy:
"Security controls need to protect against both online and offline password brute force
attacks."
Which of the following controls is the LEAST helpful to meet these goals? -AnswerAccount Expiration
__________________ helps protect against brute force attacks. -Answer- Account
LockoutA code review of a web application discovered that the application is not performing
boundary checking. What should the web developer add to this application to resolve
this issue? -Answer- Input Validation
Input validation includes boundary or limit checking to validate data before using it.
Proper input validation also prevents many problems such as cross-site request forgery
(XSRF), ______________________, buffer overflow, and command injection attacks. -
Answer- Cross-Site Scripting (XSS)
A web developer is using methods to validate user input in a web site application. This
ensures the application isn't vulnerable to XSS, SQL Injection, Buffer Overflow, and
Command Injection. What attack is not prevented by validating user input? -AnswerWhaling
Checking the logs of a web server, you see the following entry:
192.252.69.129 --[1/Sep/2013:05:20]"GET /index.php?
username=ZZZZZZZZZZZZZZZZZZZZZBBBBBBBBBBBBBBBBBBCCCCCCCCCCCC
CHTTP/1.1"
"http://gcgapremium.com/security/" "Chrome3 1"
Which of the following is the BEST choice to explain this entry? -Answer- A buffer
overflow attack
A _____________ attack uses specific SQL code, not random letters or characters. -
Answer- SQL Injection
A _______________ attack attempts to redirect users from one web site to another web
site. -Answer- pharming
Looking at logs for an online web application, you see that someone has entered the
following phrase into several queries:
'or '1'='1'--
Which of the following is the MOST likely explanation for this? -Answer- An SQL
Injection attack
A security tester is using fuzzing techniques to test a software application. Which of the
following does fuzzing use to test the application? -Answer- Unexpected Input
_____________________ sends random or unexpected input into an application to test
the application's ability to handle it. -Answer- Fuzzing
_______________attacks use formatted input. -Answer- Command Injection
An organization has purchased fire insurance to manage the risk of a potential fire.
What method are they using? -Answer- Risk Transference___________________ attempts to discourage attacks with preventative controls such
as a security guard. -Answer- Risk Deterrence
____________________ reduces risks through internal controls. -Answer- Risk
Mitigation
You are asked to identify the number of times a specific type of incident occurs per
year. Which of the following BEST identifies this? -Answer- Annual Rate of Occurrence
(ARO)
__________________ identifies the expected monetary loss for an incident. -AnswerAnnual Loss Expectancy (ALE)
_________________________ identifies the expected monetary loss for a single
incident. -Answer- Single Loss Expectancy (SLE)
Security experts at your organization have determined that your network has been
repeatedly attacked from multiple entities in a foreign country. Research indicates these
are coordinated and sophisticated attacks. What BEST describes this activity? -AnswerAdvanced Persistent Threat
Bart is performing a vulnerability assessment. Which of the following BEST represents
the goal of this task? -Answer- Identify the system's security posture
You need to ensure that several systems have all appropriate security controls and
patches. However, your supervisor specifically told you not to attack or compromise any
of these systems. Which of the following is the BEST choice to meet these goals? -
Answer- Vulnerability Scan
Which of the following tools is the MOST invasive type of testing? -Answer- Pentest
__________________________ identifies hosts on a network. -Answer- Host
Enumeration
A security professional is testing the functionality of an application, but does not have
any knowledge about the internal coding of the application. What type of test is this
tester performing? -Answer- Black Box
Testers are analyzing the web application your organization is planning to deploy. They
have full access to product documentation, including the code and data structures used
by the application. What type of test will they MOST likely perform? -Answer- White Box
A network administrator is attempting to identify all traffic on an internal network. Which
of the following tools is the BEST choice? -Answer- Protocol AnalyzerYour organization security policy requires that personnel notify security administrators if
an incident occurs. However, this is not occurring consistently. Which of the following
could the organization implement to ensure security administrators are notified in a
timely manner? -Answer- Routine Auditing
A security administrator is reviewing an organization's security policy and notices that
the policy does not define a time frame for reviewing user rights and permissions. Which
of the following is the MINIMUM time frame that she should recommend? -Answer- At
least one year
Security personnel recently performed a security audit. They identified several
employees who had permissions for previously held jobs within the company. What
should the organization implement to prevent this in the future? -Answer- Account
Management Controls
A ____________________________ model uses group-based permissions, but it
doesn't force administrators to take a user out of a security group when the user moves
to a different job. -Answer- role-based access control (role-BAC)
You are a technician at a small organization. You need to add fault-tolerance
capabilities within the business to increase the availability of data. However, you need
to keep costs as low as possible. Which of the following is the BEST choice to meet
these needs? -Answer- RAID-6
A ____________________ provides fault tolerance for servers and can increase data
availability but is significantly more expensive than a RAID subsystem. -Answer- Failover Cluster
An organization needs to identify a continuity of operations plan that will allow it to
provide temporary IT support during a disaster. The organization does not want to have
a dedicated site. Which of the following provides the best solution? -Answer- Mobile Site
Monty Burns is the CEO of the Springfield Nuclear Power Plant. What would the
company have in place in case something happens to him? -Answer- Succession
Planning
A continuity of operations plan for an organization includes the use of a warm site. The
BCP coordinator wants to verify that the organization's backup data center is prepared
to implement the warm site if necessary. Which of the following is the BEST choice to
meet this need? -Answer- Perform a disaster recovery exercise
Users are complaining of intermittent connectivity issues. When you investigate, you
discover that new network cables for these user systems were run across several
fluorescent lights. What environmental control will resolve this issue? -Answer- EMI
ShieldingA software company occasionally provides application updates and patches via its web
site. It also provides a checksum for each update and patch. Which of the following
BEST describes the purpose of the checksum? -Answer- Integrity of updates and
patches
The checksum (also known as a ____________) provides integrity for patches and
updates so users can verify they have not been modified. -Answer- Hash
Humidity controls provide protection against condensation and ___________. -AnswerElectro-Static Discharge (ESD)
A function converts data into a string of characters and the string of characters cannot
be reversed to re-create the original data. What type of function is this? -AnswerHashing
A hash function is typically displayed in a _____________________. -Answerhexadecimal
_____________________ (including symmetric, asymmetric, and stream ciphers)
create ciphertext from plain-text data, but they include decryption algorithms to re-create
the original data. -Answer- Encryption Algorithms
Which of the following is a symmetric encryption algorithm that encrypts data one bit at
a time and is more efficient when the size of the data is unknown, such as streaming
audio or video? -Answer- Stream Cipher
A ______________________ (such as AES and DES) encrypts data in specific-sized
blocks, such as 64-bit blocks or 128-bit blocks. -Answer- Block Cipher
____________________ is a hashing algorithm. -Answer- MD5
A supply company has several legacy systems connected together within a warehouse.
An external security audit discovered the company is using DES and mandated the
company upgrade DES to meet minimum security requirements. The company plans to
replace the legacy systems next year, but needs to meet the requirements from the
audit. Which of the following is the MOST likely to be the simplest upgrade for these
systems.? -Answer- 3DES
Network administrators in your organization need to administer firewalls, security
appliances, and other network devices. These devices are protected with strong
passwords, and the passwords are stored in a file listing these passwords. Which of the
following is the BEST choice to protect this password list? -Answer- File Encryption
Bart, an employee at your organization, is suspected of leaking data to a competitor.
Investigations indicate he sent several email messages containing pictures of his dog.Investigators have not been able to identify any other suspicious activity. Which of the
following is MOST likely occurring? -Answer- Bart is leaking data using steganography
You are planning to encrypt data in transit with IPsec. Which of the following is MOST
likely to be used with IPsec? -Answer- Hash-based Message Authentication Code
(HMAC)
_____________________ mandates the use of HMAC for authentication and integrity
when encrypting data in transit with IPsec. -Answer- RFC 4835
When encryption is used, RFC 4835 mandates the use of either ________________. -
Answer- AES or 3DES
Bart wants to send a secure email to Lisa, so he decides to encrypt it. He wants to
ensure that only Lisa can decrypt it. What does Lisa need to meet this requirement? -
Answer- Lisa's Private Key
Bart wants to send a secure email to Lisa, so he decides to encrypt it. What would Bart
use to encrypt the email? -Answer- Lisa's Public Key
Bart wants to send a secure email to Lisa. If Bart wanted Lisa to have verification that
he sent it, what would he do? -Answer- Create a digital signature with his private key
If Bart sent a secure email to Lisa and created a digital signature with his private key so
Lisa would have verification that he sent it, how would Lisa decrypt it? -Answer- Lisa
would decrypt the private key with Bart's public key
An organization requested bids for a contract and asked companies to submit their bids
via email. After winning the bid, Acme realized it couldn't meet the requirements of the
contract. Acme instead stated that it never submitted the bid. Which of the following
would provide proof to the organization that Acme did submit the bid? -Answer- Digital
Signature
_____________ provide verification of who sent a message, non-repudiation preventing
them from denying it, and integrity verifying the message wasn't modified. -AnswerDigital Signatures
Application developers are creating an application that requires users to log on with
strong passwords. The developers want to store the passwords in such a way that it will
thwart brute force attacks. Which of the following is the BEST solution? -AnswerPassword-Based Key Derivation Function 2 (PBKDF2)
Password-Based Key Derivation Function 2 (PBKDF2) is a ________________
technique designed to protect against brute force attempts. -Answer- key stretchingPassword-Based Key Derivation Function 2 (PBKDF2) and bcrypt _______________
the password with additional bits. -Answer- Salt
Passwords stored using _____________________ are easy to crack because they
don't use salts. -Answer- MD5
A web site is using a certificate. Users have recently been receiving errors from the web
site indicating that the web site's certificate is revoked. Which of the following includes a
list of certificates that has been revoked. -Answer- Certificate Revocation List (CRL)
A Certificate Revocation List (CRL) is a list of certificates that a ___________________
has revoked. -Answer- Certificate Authority (CA)
The __________________________ validates trust with certificates, but only returns
short responses such as good, unknown, or revoked. -Answer- Online Certificate Status
Protocol (OCSP)
A ___________________________ is used to request certificates. -Answer- Certificate
Signing Request (CSR)
Which of the following is a management control? -Answer- Security Policy
Written security policies are ___________________. -Answer- Management Controls
Encryption and principle of least privilege are ______________. -Answer- Technical
Controls
Change management is an ______________________. -Answer- Operational Control
Security personnel recently identified potential fraud committed by a network
administrator. Investigators discovered this administrator performs several job functions
within the organization, including database administration and application development.
Which of the following is the BEST solution to reduce risk associated with this activity? -
Answer- Separation of Duties
A __________________________ policy is useful to discover fraud committed by an
individual. -Answer- Mandatory Vacation
__________________________ ensures changes are reviewed before being
implemented. -Answer- Change Management
Security experts want to reduce risks associated with updating critical operating
systems. Which of the following will BEST meet this goal? -Answer- Change
ManagementYour company is considering implementing SSO capabilities to company applications
and linking them to a social media site. When implemented, users can log on to
Facebook and then access company applications without logging on again. What is a
potential risk related to this plan? -Answer- A data breach exposing passwords on the
social media site will affect the company application.
You work as a help-desk professional in a large organization. You have begun to
receive an extraordinary number of calls from employees related to malware. Using
common incident response procedures, what should be your FIRST response? -
Answer- Identification
In Incident Response procedures, the __________________ phase is performed before
the incident, and includes steps to prevent incidents. -Answer- Prevention
After identifying an incident is valid, the next step is ________________ and notification
and then mitigation steps. -Answer- Escalation
A technician confiscated an employee's computer after management learned the
employee had unauthorized material on his system. Later, a security expert captured a
forensic image of the system disk. However, the security expert reported the computer
was left unattended for several hours before he captured the image. Which of the
following is a potential issue if this incident goes to court? -Answer- Chain of Custody
Social engineers have launched several successful phone-based attacks against your
organization resulting in several data leaks. Which of the following would be the MOST
effective at reducing the success of these attacks? -Answer- Implement a program to
increase security awareness.
Homer needs to send an email to his HR department with an attachment that includes
PII. He wants to maintain the confidentiality of this attachment. Which of the following
choices is the BEST choice to meet his needs? -Answer- Encryption
Hashing, digital signatures, and certificates all provide integrity, but not
____________________. -Answer- Confidentiality
You want to ensure that messages sent from administrators to managers arrive
unchanged. Which security goal are you addressing? -Answer- Integrity
Integrity provides assurances that data has not been modified and is commonly
enforced with ________________. -Answer- Hashing
___________________________ prevents unauthorized disclosure of data but does
not address modifications of data. -Answer- Confidentiality
_________________________ ensures systems are up and operational when needed
and uses fault tolerance and redundancy methods. -Answer- Availability____________________ provides proof that users are who they say they claim to be. -
Answer- Authentication
Your organization recently implemented two servers that act as failover devices for each
other. Which security goal is your organization pursuing? -Answer- Availability
A ____________________ uses redundant servers to ensure a service will continue to
operate even if one of the servers fail. -Answer- Failover Cluster
______________________ provide safety for personnel and other assets. -AnswerSafety Methods
________________________ ensure that data has not been modified. -AnswerIntegrity Methods
____________________ such as encryption, prevent the unauthorized disclosure of
data. -Answer- Confidentiality Methods
Management at your company recently decided to implement additional lighting and
fencing around the property. Which security goal is your company MOST likely
pursuing? -Answer- Safety
Confidentiality is enhanced with encryption and ________________. -Answer- Access
Controls
Integrity is enhanced with _________________________. -Answer- hashing,
certificates and digital signatures
Availability is enhanced with ___________________________ procedures. -Answerredundancy and fault-tolerance
You are logging on to your bank's web site using your email address and password.
What is the purpose of the email address in this example? -Answer- Identification
You are logging on to your bank's web site using your email address and password.
What does the password combined with the email provide? -Answer- Authentication
Your organization has a password policy with a password history value of 12. What
does this indicate? -Answer- Twelve different passwords must be used before reusing
the same password.
Password _________________________ identifies the length of time that must pass
before users can change a password again. -Answer- minimum ageA user calls into the help desk and asks the help-desk professional to reset his
password. Which of the following choices is the BEST choice for what the help-desk
professional should do before resetting the password? -Answer- Verify the user's
identity.
Your organization is planning to implement remote access capabilities. Management
wants strong authentication and wants to ensure that passwords expire after a
predefined time interval. Which of the following choices BEST meets this requirement? -
Answer- Time-Based One-Time Password (TOTP)
Which type of authentication is a fingerprint scan? -Answer- Biometric
When users log on to their computers, they are required to enter a username, a
password, and a PIN. Which of the following choices BEST describes this? -AnswerSingle-Factor Authentication
_____________________________ is when both entities in the authentication process
authenticate with each other. -Answer- Mutual Authentication
The security manager at your company recently updated the security policy. One of the
changes requires dual-factor authentication. Which of the following will meet this
requirement? -Answer- Hardware Token and PIN
Your network infrastructure requires users to authenticate with something they are and
something they know. Which of the following choices BEST describes this
authentication method? -Answer- Dual-factor
_______________________ is a remote access authentication service that supports
Extensible Authentication Protocol (EAP). -Answer- Diameter
Which of the following authentication services uses tickets for user credentials? -
Answer- Kerberos
A network includes a ticket-granting ticket server. Which of the following choices is the
primary purpose of this server? -Answer- Authentication
Your network uses an authentication service based on the X.500 specification. When
encrypted, it uses TLS. Which authentication service is your network using? -AnswerLightweight Directory Access Protocol (LDAP)
Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML)
used for ________________________. -Answer- Single Sign-On (SSO)
When you log on to your online bank account, you are also able to access a partner's
credit card site, check-ordering services, and a mortgage site without entering your
credentials again. What does this describe? -Answer- SSOYour organization recently made an agreement with third parties for the exchange of
authentication and authorization information. The solution uses an XML-based open
standard. Which of the following is the MOST likely solution being implemented? -
Answer- SAML
Terminal Access Controller Access-Control System Plus (TACACS+) is an
___________________ that replaces the older TACACS protocol. -AnswerAuthentication Service
Which of the following provides authentication services and uses PPP? -Answer- PAP
and CHAP
Users in your organization access your network from remote locations. Currently, the
remote access solution uses RADIUS. However, the organization wants to implement a
stronger authentication service that supports Extensible Authentication Protocol (EAP).
Which of the following choices BEST meets this goal? -Answer- Diameter
What provide authentication services for remote users and devices? -Answer- RADIUS
and Diameter
Which of the following accurately identifies the primary security control classifications? -
Answer- Technical, Management, and Operational
________________________ are role-based, rule-based, mandatory, and
discretionary. -Answer- Access Control Methods
You need to reduce the attack surface of a web surface. Which of the following is a
preventative control that will assist with this goal? -Answer- Disabling unnecessary
services
Initial _______________________ is useful to determine the security posture of a
system, but doesn't prevent attacks. -Answer- baseline configuration
A security expert is identifying and implementing several different physical deterrent
controls to protect an organization's server room. Which of the following choices would
BEST meet this objective? -Answer- Using hardware locks
_______________________ is a technical control designed to protect data. -AnswerData encryption
You need to secure access to a data center. Which of the following choices provides the
BEST physical security to meet this need? -Answer- Biometrics, CCTV, and MantrapA security professional needs to identify a physical security control that will identify and
authenticate individuals before allowing them to pass, and restrict passage to a single
person at a time. What should the professional recommend? -Answer- mantrap
Your company wants to control access to a restricted area of the building by adding an
additional physical security control that includes facial recognition. Which of the
following provides the BEST solution? -Answer- Guards
________________________ are effective barricades to block vehicles. -AnswerBollards
Employees access a secure area by entering a cipher code, but this code does not
identify individuals. After a recent security incident, management has decided to
implement a key card system that will identify individuals who enter and exit this secure
area. However, the installation might take six months or longer. Which of the following
choices can the organization install immediately to identify individuals who enter or exit
the secure area? -Answer- CCTV
Thieves recently rammed a truck through the entrance of your company's main building.
During the chaos, their partners proceeded to steal a significant amount of IT
equipment. Which can you do to prevent this from happening again? -Answer- Install
Bollards
You maintain a training lab with 18 computers. You have enough rights and permissions
on these machines so that you can configure them as needed for classes. However,
you do not have the rights to add them to your organization's domain. Which of the
following choices BEST describes this example? -Answer- Least Privilege
Developers in your organization have created an application designed for the sales
team. Salespeople can log on to the application using a simple password of 1234.
However, this password does not meet the organization's password policy. What is the
BEST response by the security administrator after learning about this? -Answer- Direct
the application team manager to ensure the application adheres to the organization's
password policy.
You are redesigning your password policy to increase the security of the passwords.
Which of the following choices provides the BEST security? -Answer- Password
complexity and length
A company's account management policy dictates that administrators should disable
user accounts instead of deleting them when an employee leaves the company. What
security benefit does this provide? -Answer- Ensures that user keys are retained
Disabling an account instead of deleting it, helps ensure that access to files is retained,
but does not directly retain _________________. -Answer- user filesYou need to create an account for a contractor who will be working at your company for
90 days. Which of the following is the BEST security step to take when creating this
account? -Answer- Configure an expiration date on the account
You're asked to identify who is accessing a spreadsheet containing employee salary
data. Detailed logging is configured correctly on this file. However, you are unable to
identify a specific person who is accessing the file. What is the MOST likely reason? -
Answer- Shared accounts are not prohibited.
When shared accounts are not prohibited, ________________are allowed to access
the same file. For example, if the Guest account is enabled and used as a shared
account by all users, the logs will indicate the Guest account accessed the file, but won't
identify specific individuals. -Answer- multiple users
Members of a project team came in on the weekend to complete some work on a key
project. However, they found that they were unable to access any of the project data.
Which of the following choices is the MOST likely reason why they can't access this
data? -Answer- Time-of-day access control
An administrator needs to grant users access to different servers based on their job
functions. Which access control model is the BEST choice to use? -Answer- Role-based
access control
A ___________________________________ specifies that every object has an owner
and owners have full control over objects. -Answer- discretionary access control
______________________________ uses labels and a lattice to grant access rather
than job functions. -Answer- Mandatory access control
A ________________________________ model uses rules that trigger in response to
events. -Answer- rule-based access control
Interns from a local college frequently work at your company. Some interns work with
the database developers, some interns work with the web application developers, and
some interns work with both developers. Interns working with the database developers
require specific privileges, and interns working with the web application developers
require different privileges. What is the simplest method to meet these requirements? -
Answer- Use group-based privileges
Your organization wants to reduce the administrative workload related to account
management. Which of the following is the BEST choice? -Answer- Implement groupbased privileges
___________________________ are extremely tedious and time consuming because
privileges are assigned to all users individually. -Answer- User-based privilegesBart has read access to an accounting database and Lisa has both read and write
access to this database. A database application automatically triggers a change in
permissions so that Bart has both read and write access when Lisa is absent. What type
of access control system is in place? -Answer- Rule-based Access Control System
(Rule-BAC)
The ______________________ model uses labels to identify users and data, and is
used in systems requiring a need to know. -Answer- Mandatory Access Control (MAC)
Your organization hosts several classified systems in the data center. Management
wants to increase security with these systems by implementing two-factor
authentication. Management also wants to restrict access to these systems to
employees who have a need to know. Which of the following choices should
management implement for authorization? -Answer- Mandatory Access Control (MAC)
What protocol does IPv6 use for hardware address resolution? -Answer- Neighbor
Discovery Protocol (NDP)
What protocol does IPv4 use for hardware address resolution? -Answer- Address
Resolution Protocol (ARP)
_______________________ is used to connect to remote systems over port TCP 3389.
-Answer- Remote Desktop Protocol (RDP)
______________________ is used to monitor and manage network devices. -AnswerSimple Network Management Protcol (SNMP)
What protocol does IPv6 use for hardware address resolution? -Answer- NDP
What is the default port for SSH? -Answer- 22
You are configuring a host-based firewall so that it will allow SFTP connections. Which
of the following is required? -Answer- Allow TCP 22
You need to send several large files containing proprietary data to a business partner.
Which of the following is the BEST choice for this task? -Answer- SFTP
Your organization is planning to establish a secure link between one of your mail
servers and a business partner's mail server. The connection will use the Internet. What
protocol is the BEST choice? -Answer- TLS
Transport Layer Security (TLS) is a good protocol choice to create a _____________
between two systems over the Internet. -Answer- secu
[Show More]
