Practice Exam 1: CompTIA Security+ SY0-201
The 100 multiple-choice questions provided here help you to determine how prepared you are for the actual exam, and which topics you need to review further. Write down your answers on a separate sheet of paper so that you can take this exam again if necessary. Compare your answers against the answer key that follows this exam.
1. What are the three main goals of information security? (Select the three best answers.)
A. Auditing
B. Integrity
C. Nonrepudiation
D. Confidentiality
E. Risk Assessment
F. Availability
2. Which method would you use if you were disposing of hard drives as part of a company computer sale?
A. Destruction
B. Purging
C. Clearing
D. Formatting
3. Which of these governs the disclosure of financial data?
A. SOX
B. HIPAA
C. GLB
D. Top secret
4. Virtualization technology is often implemented as operating systems and/or applications that run in software. Quite often, it is implemented as a virtual machine. Of the following, which can be a security benefit when using virtualization?
A. Patching a computer will patch all virtual machines running on the computer.
B. If one virtual machine is compromised, none of the other virtual machines can be compromised.
C. If a virtual machine is compromised, the adverse effects can be compartmentalized.
D. Virtual machines cannot be affected by hacking techniques.
5. Jeff wants to employ a Faraday cage. What will this accomplish?
A. It will increase the level of wireless encryption.
B. It will reduce data emanations.
C. It will increase EMI.
D. It will decrease the level of wireless emanations.
6. Which of the following is the verification of a person’s identity?
A. Authorization
B. Accountability
C. Authentication
D. Password
7. If a fire occurs in the server room, which device is the best method to put it out?
A. Class A extinguisher
B. Class B extinguisher
C. Class C extinguisher
D. Class D extinguisher
8. Which of the following would you set up utilizing a router?
A. DMZ
B. DOS
C. OSI
D. ARP
9. Which of the following is a group of compromised computers that have software installed by a worm?
A. Botnet
B. Virus
C. Honeypot
D. Zombie
10. Which of the following is the strongest password?
A. |ocrian#
B. Marqu1sD3S0d
C. This1sV#ryS3cure
D. Thisisverysecure
11. Which of the following is an example of a nonessential protocol?
A. DNS
B. ARP
C. HTTPS
D. TFTP
12. Which of the following would fall into the category of “something a person is”?
A. Passwords
B. Passphrases
C. Fingerprints
D. Smart cards
13. What are some of the drawbacks to using HIDS instead of NIDS on a server? (Select the two best answers.)
A. HIDS may use a lot of resources that can slow server performance.
B. HIDS cannot detect operating system attacks.
C. HIDS have a low level of detection of operating system attacks.
D. HIDS cannot detect network attacks.
14. Which of these is a security component of Windows Vista?
A. UAC
B. UPS
C. Gadgets
D. Control Panel
15. What Windows key combination helps to secure the logon process?
A. Windows+R
B. Ctrl+Shift+Esc
C. Ctrl+Alt+Del
D. Alt+F4
16. Which of the following computer security threats can be updated automatically and remotely? (Select the best answer).
A. A Virus
B. A Worm
C. A Zombie
D. Malware
17. Which of the following is the best utility or process to use when scanning for viruses?
A. Safe Mode
B. Last Known Good Configuration
C. Command Prompt only
D. Boot into Windows normally
18. Which of the following is a common symptom of spyware?
A. Infected files
B. Computer shuts down
C. Applications freeze
D. Pop-up windows
19. Eric wants to install an isolated operating system. What is the best tool to use?
A. UAC
B. Virtualization
C. HIDS
D. NIDS
20. Which of the following is one way of preventing spyware?
A. Use firewall exceptions.
B. Adjust web browser security settings.
C. Adjust the web browser home page.
D. Remove the spyware from Add/Remove Programs.
21. What Windows key combination should be used to close a pop-up window?
A. Windows+R
B. Ctrl+Shift+Esc
C. Ctrl+Alt+Del
D. Alt+F4
22. Where would you turn off file sharing in Windows Vista?
A. Control Panel
B. Local area connection
C. Network and Sharing Center
D. Firewall properties
23. Which type of encryption technology is used with the BitLocker application?
A. Symmetric
B. Asymmetric
C. Hashing
D. WPA2
24. Which tool would you use if you want to view the contents of a packet?
A. TDR
B. Port scanner
C. Protocol analyzer
D. Loopback adapter
25. Which option enables you to hide ntldr?
A. Enable Hide protected operating system files
B. Disable Show hidden files and folders
C. Disable Hide protected operating system files
D. Remove the –R attribute
26. A person attempts to access a server during a zone transfer to get access to a zone file. What type of server is he trying to manipulate?
A. Proxy server
B. DNS server
C. File server
D. Web serverA
27. Which of the following is a private IP address?
A. 11.16.0.1
B. 127.0.0.1
C. 172.16.0.1
D. 208.0.0.1
28. Which of these hides an entire network of IP addresses?
A. SPI
B. NAT
C. SSH
D. FTP
29. Which command would display the following output?
A. Ping
B. Ipconfig
C. Nbtstat
D. Netstat
30. Which of the following is the most secure protocol to use when accessing a wireless network?
A. WEP
B. WPA
C. WPA2
D. WEP2
31. Which of the following are good practices for tracking user identities? (Select the two best answers.)
A. Video cameras
B. Key card door access systems
C. Sign-in sheets
D. Security guards
32. What are two examples of common single sign-on authentication configurations?
A. Biometrics-based
B. Multifactor authentication
C. Kerberos-based
D. Smart card-based
33. Which of the following answers are not part of IPSec? (Select the two best answers.)
A. TKIP
B. Key exchange
C. AES
D. Authentication header
34. Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP?
A. SMTP
B. SPA
C. SAP
D. Exchange
35. What are two ways to secure the computer within the BIOS? (Select the two best answers.)
A. Configure a supervisor password.
B. Turn on BIOS shadowing.
C. Flash the BIOS.
D. Set the hard drive first in the boot order.
36. What type of cabling is the most secure for networks?
A. STP
B. UTP
C. Fiber optic
D. Coaxial
37. Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason?
A. Virus
B. Worm
C. Zombie
D. PHP script
38. Which one of the following can monitor and protect a DNS server?
A. Ping the DNS server.
B. Block port 53 on the firewall.
C. Purge PTR records daily.
D. Check DNS records regularly.
39. The honeypot concept is enticing to administrators because
A. It enables them to observe attacks.
B. It traps an attacker in a network.
C. It bounces attacks back at the attacker.
D. It traps a person physically between two locked doors.
40. Which of the following is not an example of malicious software?
A. Rootkits
B. Spyware
C. Viruses
D. Browser
41. Which of the following can provide an integrity check?
A. Public key
B. Private key
C. WEP
D. Hash
42. Which two devices do not work in a Faraday cage? (Select the two best answers.)
A. Cell phones
B. Computers
C. Pagers
D. TDR
43. Which of the following is a record of the tracked actions of users?
A. Performance Monitor
B. Audit trails
C. Permissions
D. System and event logs
44. Which of the following is the most common authentication model?
A. Username and password
B. Biometrics
C. Key cards
D. Tokens
45. Which of the following access control methods uses rules to govern whether object access will be allowed?
A. Discretionary access control
B. Role-based access control
C. Rule-based access control
D. Mandatory access control
46. Which TCP port does LDAP use?
A. 389
B. 80
C. 443
D. 143
47. When using the mandatory access control model, what component is needed?
A. Labels
B. Certificates
C. Tokens
D. RBAC
48. Which type of vulnerability assessments software checks for weak passwords on the network?
A. Antivirus software
B. Password cracker
C. Performance Monitor
D. Wireshark
49. Which of the following RAID versions provides for the least amount of downtime in the event of a disk failure?
A. RAID 0
B. RAID 1
C. RAID 4
D. RAID 5
50. Which of the following authentication methods uses a KDC?
A. Kerberos
B. SSL
C. CHAP
D. Biometrics
51. Of the following, which authentication model enables a user to access to multiple resources without giving multiple credentials?
A. Mandatory access control
B. Three-factor authentication
C. Single sign-on
D. DAC
52. Which ports are used for e-mail? (Select the two best answers.)
A. 110
B. 3389
C. 143
D. 389
53. Kerberos uses which of the following? (Select the two best answers.)
A. Ticket distribution service
B. The Faraday cage
C. Port 389
D. Authentication service
54. You go out the back door of your building and notice someone looking through your company’s trash. If this person were trying to acquire sensitive information, what is the type of attack?
A. Browsing
B. Dumpster diving
C. Phishing
D. Hacking
55. Why would a hacker use steganography?
A. To hide information
B. For data integrity
C. To encrypt information
D. For wireless access
56. You are told by your manager to keep evidence for later use at a court proceeding. Which of the following should you document?
A. Disaster recovery plan
B. Chain of custody
C. Key distribution center
D. Auditing
57. Which law protects your Social Security number and other pertinent information?
A. HIPAA
B. SOX
C. National Security Agency
D. Gramm-Leach-Bliley Act
58. What should you configure to improve wireless security?
A. Enable the SSID
B. IP spoofing
C. Remove repeaters
D. MAC filtering
59. Which type of attack uses more than one computer?
A. Virus
B. DoS
C. Worm
D. DDoS
60. To protect against malicious attacks, what should you think like?
A. Hacker
B. Network admin
C. Spoofer
D. CEO
61. Tom sends out many e-mails containing secure information to competing companies. What concept should be implemented to prove that Tom did indeed send the e-mails?
A. Authenticity
B. Nonrepudiation
C. Confidentiality
D. Integrity
62. Which of the following does not apply to an x.509 certificate?
A. Certificate version
B. Issuer of the certificate
C. Public key information
D. Owner’s symmetric key
63. User education can help to defend against which of the following? (Select the three best answers.)
A. Social engineering
B. Phishing
C. Rainbow tables
D. Dumpster diving
64. What are the two ways that you can stop employees from using USB flash drives? (Select the two best answers.)
A. Use RBAC.
B. Disable USB devices in the BIOS.
C. Disable the USB root hub.
D. Employee MAC filtering.
65. Which of the following does not need updating?
A. HIDS
B. Antivirus software
C. Pop-up blockers
D. Antispyware
66. The Domain Name System uses which port number?
A. 53
B. 80
C. 110
D. 88
67. Which of the following are Bluetooth threats? (Select the two best answers.)
A. Blue snarfing
B. Blue bearding
C. Bluejacking
D. Distributed denial of service
68. A malicious attack that executes at the same time every week would be known as what?
A. Virus
B. Worm
C. Bluejacking
D. Logic bomb
69. Which of the following should be implemented to harden a Windows operating system? (Select the two best answers.)
A. Install the latest service pack.
B. Install Windows Defender.
C. Install a virtual operating system.
D. Execute PHP scripts.
70. Which of these is true for active inception?
A. When a computer is put between a sender and receiver
B. When a person overhears a conversation
C. What a person looks through files
D. When a person hardens an operating system
71. James has detected an intrusion in his company. What should he check first?
A. DNS logs
B. Firewall logs
C. The Event Viewer
D. Performance logs
72. Which of the following statements best describes a static NAT?
A. Static NAT uses a one-to-one mapping.
B. Static NAT uses a many-to-many mapping.
C. Static NAT uses a one-to-many mapping.
D. Static NAT uses a many-to-one mapping.
73. You need to encrypt and send a large amount of data. Which of the following would be the best option?
A. Symmetric encryption
B. Hashing algorithm
C. Asymmetric encryption
D. PKI
74. Which of the following can facilitate a full recovery within minutes?
A. Warm site
B. A Cold site
C. Reestablishing a mirror
D. Hot site
75. What does a virtual private network use to connect one host to another? Select the best answer.
A. Modem
B. Network adapter
C. Internet
D. Cell phone
76. Which of the following statements regarding the mandatory access control model is true?
A. Mandatory access control is a dynamic model.
B. Mandatory access control enables an owner to establish access privileges to a resource.
C. Mandatory access control is not restrictive.
D. Mandatory access control users cannot share resources dynamically.
77. Tim believes that his computer has a worm. What is the best tool to use to remove that worm?
A. Antivirus software
B. Antispyware software
C. HIDS
D. NIDS
78. Imagine that you are a hacker. Which would be most desirable when attempting to compromise encrypted data?
A. Weak key
B. Algorithm used by the encryption protocol
C. Captured traffic
D. Block cipher
79. What is the best practice to use to code applications in a secure manner?
A. Cross site scripting
B. Flash version 3
C. Input validation
D. HTML version 5
80. An SHA algorithm block size will have how many bits?
A. 64
B. 128
C. 512
D. 1024
81. Which of the following protocols is the least suitable for a VPN?
A. PPTP
B. L2TP
C. PPP
D. IPSec
82. In Windows XP and Windows Vista, what is the best file system to use?
A. FAT
B. NTFS
C. DFS
D. FAT32
83. In a wireless network, why is an SSID used?
A. To secure the wireless access point
B. To identify the network
C. To encrypt data
D. To enforce MAC filtering
84. In the DAC model, how are permissions identified?
A. Role membership.
B. Access control lists.
C. They are predefined.
D. It is automatic.
85. You are contracted to conduct a forensics analysis of the computer. What should you do first?
A. Back up the system.
B. Analyze the files.
C. Scan for viruses.
D. Make changes to the operating system.
86. This tool enables you to be alerted if a server’s processor trips a certain threshold.
A. TDR
B. Password cracker
C. Event Viewer
D. Performance Monitor
87. The IT director has asked you to install agents on several client computers and monitor them from a program at a server. What is this known as?
A. SNMP
B. SMTP
C. SMP
D. Performance Monitor
88. One of your coworkers complains to you that she cannot see any security events in the Event Viewer. What are three possible reasons for this? (Select the three best answers.)
A. Auditing has not been turned on.
B. The log file is only 512 KB.
C. The coworker is not an administrator.
D. Auditing for an individual object has not been turned on.
89. What is another term for secret key encryption?
A. PKI
B. Asymmetrical
C. Symmetrical
D. Public key
90. What two items are included in a digital certificate? (Select the two best answers.)
A. User’s private key
B. Certificate Authority’s digital signature
C. User’s public key
D. Certificate Authority’s IP address
91. What device should be used to ensure that a server does not shut down when a power outage occurs?
A. RAID 1 box
B. UPS
C. Redundant NIC
D. Hot site
92. Which of the following tape backup methods enables for daily backups, weekly full backups, and monthly full backups?
A. Towers of Hanoi
B. Incremental
C. Grandfather-father-son
D. Differential
93. Which tool can be instrumental in capturing FTP GET requests?
A. Vulnerability scanner
B. Port scanner
C. Performance Monitor
D. Protocol analyzer
94. What are two ways to secure Internet Explorer? (Select the two best answers.)
A. Set the Internet zone’s security level to High.
B. Disable the pop-up blocker.
C. Disable ActiveX controls.
D. Add malicious sites to the Trusted Sites zone.
95. Which of the following devices should you employ to protect your network? (Select the best answer)
A. Protocol analyzer
B. Firewall
C. DMZ
D. Proxy server
96. Which of the following is an example of two-factor authentication?
A. L2TP and IPSec
B. Username and password
C. Thumb print and key card
D. Client and server
97. Which of the following has schemas written in XML?
A. OVAL
B. 3DES
C. WPA
D. PAP
98. Your boss wants you to set up an authentication scheme in which employees will use smart cards to log into the company network. What kind of key should be used to accomplish this?
A. Private key
B. Public key
C. Cipher key
D. Shared key
99. When it comes to information security, what is the I in CIA?
A. Integrated
B. Interface
C. Integrity
D. Infrared
100. When is a system completely secure?
A. When it is updated
B. When it is assessed for vulnerabilities
C. When all anomalies have been removed
D. Never
Answers to Practice Exam 1
1. B, D, and F
2. B
3. A
4. C
5. B
6. C
7. C
8. A
9. A
10. C
11. D
12. C
13. A and D
14. A
15. C
16. C
17. A
18. D
19. B
20. B
21. D
22. C
23. A
24. C
25. A
26. B
27. C
28. B
29. D
30. C
31. A and B
32. C and D
33. A and C
34. B
35. A and D
36. C
37. B
38. D
39. A
40. D
41. D
42. A and C
43. B
44. A
45. C
46. A
47. A
48. B
49. B
50. A
51. C
52. A and C
53. A and D
54. B
55. A
56. B
57. D
58. D
59. D
60. A
61. B
62. D
63. A, B, and D
64. B and C
65. C
66. A
67. A and C
68. D
69. A and B
70. A
71. B
72. A
73. A
74. D
75. C
76. D
77. A
78. A
79. C
80. C
81. C
82. B
83. B
84. B
85. A
86. D
87. A
88. A, C, and D
89. C
90. B and C
91. B
92. C
93. D
94. A and C
95. B
96. C
97. A
98. A
99. C
100. D
Answers at a Glance
Answers with Explanations
- Answers: B, D, and F. Confidentiality, Integrity, and Availability (known as CIA or the CIA triad) are the three main goals of information security. Another goal within information security is Accountability. See the section titled “Security 101” in Chapter 1, “Introduction to Security,” for more information.
- Answer: B. Purging (or sanitizing) removes all the data from a hard drive so that it cannot be reconstructed by any known technique. See the section titled “Legislative and Organizational Policies” in Chapter 15, “Policies, Procedures, and People,” for more information.
- Answer: A. SOX, or Sarbanes-Oxley, governs the disclosure of financial and accounting data. See the section titled “Legislative and Organizational Policies” in Chapter 15, “Policies, Procedures, and People,” for more information.
- Answer: C. By using a virtual machine (which is one example of a virtual instance) any ill effects can be compartmentalized to that particular virtual machine, usually without any ill effects to the main operating system on the computer. This is because the virtual machine is isolated from the main OS. Patching a computer does not automatically patch virtual machines existing on the computer. Other virtual machines can be compromised, especially if nothing is done about the problem. If a particular piece of spyware finds its way to one virtual machine from the Internet, chances are the same spyware can do the same to other virtual machines. Finally, virtual machines can definitely be affected by hacking techniques. Be sure to secure them! See the section titled “Virtualization Technology” in Chapter 3, “OS Hardening and Virtualization,” for more information.
- Answer: B. The Faraday cage will reduce data emanations. The cage is essentially an enclosure (of which there are various types) of conducting material that can block external electric fields and stop internal electric fields from leaving the cage, thus reducing or eliminating data emanations devices such as cell phones. See the section titled “Environmental Controls” in Chapter 15, “Policies, Procedures, and People,” for more information.
- Answer: C. Authentication is the verification of a person’s identity. Authorization to specific resources cannot be accomplished without previous authentication of the user. See the section titled “Authentication Models and Components” in Chapter 8, “Physical Security and Authentication Models,” for more information.
- Answer: C. When you think Class C, think “Copper.” Class C extinguishers can suppress electrical fires, which are the most likely kind in a server room. See the section titled “Environmental Controls” in Chapter 15, “Policies, Procedures, and People,” for more information.
- Answer: A. A DMZ, or demilitarized zone, can be set up utilizing a router to create a sort of safe haven for servers. It is neither the LAN nor the Internet, but instead, a location in between, or parallel, to the two. See the section titled “Network Design” in Chapter 5, “Network Design Elements and Network Threats,” for more information.
- Answer: A. A botnet is a group of compromised computers, usually working together, with malware installed by a worm or a Trojan horse. See the section titled “Computer Systems Security Threats” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: C. This1sV#ryS3cure incorporates case-sensitive letters, numbers, and special characters and has 16 characters. See the section titled “Rights, Permissions, and Policies” in Chapter 9, “Access Control Methods and Models,” for more information.
- Answer: D. The Trivial File Transfer Protocol (TFTP) is a simpler version of FTP that uses a small amount of memory and is generally considered to be a nonessential protocol. The Domain Name System service (or DNS service) is required for Internet access and on Microsoft domains. The Address Resolution Protocol (ARP) is necessary in Ethernets that use TCP/IP. HTTPS (Hypertext Transfer Protocol Secure) uses the SSL or TLS protocols to protect the HTTP session. See the section titled “Ports, Protocols, and Malicious Attacks” in Chapter 5, “Network Design Elements and Network Threats,” for more information.
- Answer: C. Fingerprints are an example of something a person is. The process of measuring that characteristic is known as biometrics. See the section titled “Authentication Models and Components” in Chapter 8, “Physical Security and Authentication Models,” for more information.
- Answers: A and D. Host-based intrusion detection systems (HIDS) run within the operating system of a computer. Due to this, they can slow a computer’s performance. Most HIDS do not detect network attacks well (if at all). However, a HIDS can detect operating system attacks and will usually have a high level of detection when it comes to those attacks. See the section titled “Implementing Security Applications” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: A. User Account Control (UAC) adds a layer of security to Windows Vista to protect against malware and user error, and conserve resources. See the section titled “Access Control Models Defined” in Chapter 9, “Access Control Methods and Models,” for more information.
- Answer: C. Ctrl+Alt+Del is the key combination that is used to help secure the logon process. It can be added by configuring the Local Security policy. See the section titled “Rights, Permissions, and Policies” in Chapter 9, “Access Control Methods and Models,” for more information.
- Answer: C. Zombies (also known as zombie computers) are systems that have been compromised without the knowledge of the owner. A prerequisite is the computer must be connected to the Internet so that the hacker or malicious attack can make its way to the computer and be controlled remotely. Multiple zombies working in concert often form a botnet. See the section titled “Computer Systems Security Threats” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: A. Safe Mode should be used (if your AV software supports it) when scanning for viruses. See the section titled “Implementing Security Applications” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: D. Pop-up windows are common in spyware. The rest of the answers are more common symptoms of viruses. See the section titled “Computer Systems Security Threats” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: B. Virtualization enables a person to install operating systems (or applications) in an isolated area of the computer’s hard drive, separate from the computer’s main operating system. See the section titled “Virtualization Technology” in Chapter 3, “OS Hardening and Virtualization,” for more information.
- Answer: B. Adjust the web browser security settings so that security is at a higher level, and in Internet Explorer add trusted and restricted websites. See the section titled “Securing the Browser” in Chapter 4, “Application Security,” for more information.
- Answer: D. Alt+F4 is the key combination that closes an active window. Sometimes it is okay to click the X, but because malware creators are getting smarter all the time, the X could be a ruse. See the section titled “Securing other Applications” in Chapter 4, “Application Security,” for more information.
- Answer: C. The Network and Sharing Center is where you would disable file sharing in Windows Vista. See the section titled “Hardening Operating Systems” in Chapter 3, “OS Hardening and Virtualization,” for more information.
- Answer: A. BitLocker uses symmetric encryption technology based off of AES. See the section titled “Encryption Algorithms” in Chapter 12, “Encryption and Hashing Concepts,” for more information.
- Answer: C. A protocol analyzer has the capability to “drill” down through a packet and show the contents of that packet as they correspond to the OSI model. See the section titled “Protocol Analyzers” in Chapter 6, “Network Perimeter Security,” for more information.
- Answer: A. To hide ntldr you need to enable the Hide protected operating system files check box. Keep in mind that you should have already enabled the Show hidden files and folders radio button. See the section titled “Hardening Operating Systems” in Chapter 3, “OS Hardening and Virtualization,” for more information.
- Answer: B. DNS servers are the only types of servers listed that do zone transfers. The purpose of accessing the zone file is to find out what hosts are on the network. See the section titled “Ports, Protocols, and Malicious Attacks” in Chapter 5, “Network Design Elements and Network Threats,” for more information.
- Answer: C. 172.16.0.1 is the only private address. The private assigned ranges can be seen in Table 1 listed after this explanation. 11.16.0.1 is a public IP address, as is 208.0.0.1; 127.0.0.1 is the loopback address. See the section titled “Network Design” in Chapter 5, “Network Design Elements and Network Threats,” for more information.
- Answer: B. Network Address Translation hides an entire network of IP Addresses. SPI, or Stateful Packet Inspection, is the other type of firewall that today’s SOHO routers incorporate. See the section titled “Network Design” in Chapter 5, “Network Design Elements and Network Threats,” for more information.
- Answer: D. Netstat shows sessions like the preceding output, including the local computer and remote computer. It shows these connections by computer name (or IP) and port name (or number). See the section titled “Assessing Vulnerability with Security Tools” in Chapter 10, “Vulnerability and Risk Assessment,” for more information.
- Answer: C. Wi-Fi Protected Access 2 (WPA2) is the most secure protocol listed for connecting to wireless networks. It is more secure than WPA and WEP. Wired Equivalent Privacy (WEP) is actually a deprecated protocol that should be avoided, as is WEP2. The WEP and WEP2 algorithms are considered deficient when it comes to encrypted wireless networks. See the section titled “Securing Wireless Networks” in Chapter 7, “Securing Network Media and Devices,” for more information.
- Answers: A and B. Video cameras enable a person to view and visually identify users as they enter and traverse through a building. Key card access systems can be configured to identify a person as well, as long as the right person is carrying the key card! See the section titled “Physical Security” in Chapter 8, “Physical Security and Authentication Models,” for more information.
- Answers: C and D. Kerberos and smart card setups are common single sign-on configurations. See the section titled “Authentication Models and Components” in Chapter 8, “Physical Security and Authentication Models,” for more information.
- Answers: A and C. IPSec contains a key exchange and an authentication header (in addition to many other components). TKIP and AES are other encryption protocols. See the section titled “Authentication Models and Components” in Chapter 8, “Physical Security and Authentication Models,” for more information.
- Answer: B. SPA (Secure Password Authentication) is a Microsoft protocol used to authenticate e-mail clients. S/MIME and PGP can be used to secure the actual e-mail transmissions. See the section titled “Securing other Applications” in Chapter 4, “Application Security,” for more information.
- Answers: A and D. Configuring a supervisor password in the BIOS disallows any other user from entering the BIOS and make changes. Setting the hard drive first in the BIOS boot order disables any other devices from being booted off of floppy drives, optical drives, and USB flash drives. BIOS shadowing doesn’t have anything to do with computer security, and although flashing the BIOS may include some security updates, it’s not the best answer. See the section titled “Securing Computer Hardware and Peripherals” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: C. Fiber optic is the most secure because it cannot be tapped like the other three copper-based cables; it does not emit EMI. Although shielded twisted pair (STP) offers a level of security due to it’s shielding, it is not as secure as fiber optic and is not the best answer. See the section titled “Securing Wired Networks and Devices” in Chapter 7, “Securing Network Media and Devices,” for more information.
- Answer: B. A worm is most likely the reason that the server is bombarded with information by the clients; perhaps it is perpetuated by a botnet. Because worms self-replicate, the damage can quickly become critical. See the section titled “Computer Systems Security Threats” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: D. By checking a DNS server’s records regularly, a security admin can monitor and protect it. Blocking port 53 on a firewall might protect it (it also might make it inaccessible depending on the network configuration) but won’t allow you to monitor it. Pinging the server will simply tell you if the server is alive. Purging pointer records (PTR) will not help to secure or monitor the server. See the section titled “Ports, Protocols, and Malicious Attacks” in Chapter 5, “Network Design Elements and Network Threats,” for more information.
- Answer: A. By creating a honeypot, the administrator can lure potential attackers away and monitor attacks without sustaining damage to a server or other computer. Don’t confuse this with a honeynet (answer B), which is meant to attract and trap malicious attackers in an entire false network. Answer C is not something that an administrator would normally do, and answer D is defining a man trap. See the section titled “Firewalls and Network Security” in Chapter 6, “Network Perimeter Security,” for more information.
- Answer: D. A web browser (for example, Internet Explorer) is the only one listed that is not an example of malicious software. Although a browser can be compromised in a variety of ways by malicious software, the application itself is not the malware. See the section titled “Computer Systems Security Threats” in Chapter 2, “Computer Systems Security,” and the section titled “Securing the Browser” in Chapter 4, “Application Security,” for more information.
- Answer: D. A hash provides integrity checks, for example, MD5 hash algorithms. See the section titled “Hashing Basics” in Chapter 12, “Encryption and Hashing Concepts,” for more information.
- Answers: A and C. Signals cannot emanate outside a Faraday cage. Therefore, cell phones and pagers do not work inside the Faraday cage. See the section titled “Environmental Controls” in Chapter 15, “Policies, Procedures, and People,” for more information.
- Answer: B. Audit trails are records showing the tracked actions of users. See the section titled “Conducting Audits” in Chapter 11, “Monitoring and Auditing,” for more information.
- Answer: A. By far, the username and password combination is the most common authentication model. Although biometrics, key cards, and tokens are also used, the password is still the most common. See the section titled “Rights, Permissions, and Policies” in Chapter 9, “Access Control Methods and Models,” for more information.
- Answer: C. Rule-based access control (RBAC) uses rules to govern if an object can be accessed. See the section titled “Access Control Models Defined” in Chapter 9, “Access Control Methods and Models,” for more information.
- Answer: A. The Lightweight Directory Access Protocol (LDAP) uses port TCP 389. Port 80 is used by HTTP. Port 443 is used by HTTPS. Port 143 is used by IMAP. See the section titled “Ports, Protocols, and Malicious Attacks” in Chapter 5, “Network Design Elements and Network Threats,” for more information.
- Answer: A. Labels are required in the mandatory access control model (MAC). See the section titled “Access Control Models Defined” in Chapter 9, “Access Control Methods and Models,” for more information.
- Answer: B. A password cracker checks for weak passwords on the network. Antivirus software can scan for viruses on a computer. Performance Monitor enables you to create baselines to check the performance of a computer. Wire shark is a protocol analyzer. See the section titled “Assessing Vulnerability with Security Tools” in Chapter 10, “Vulnerability and Risk Assessment,” for more information.
- Answer: B. RAID 1 is known as mirroring. If one drive fails the other will still function and there will be no downtime. All the rest of the answers have downtime associated with them. See the section titled “Redundancy Planning” in Chapter 14, “Redundancy and Disaster Recovery,” for more information.
- Answer: A. The KDC or key distribution center is used by Kerberos. None of the other answers use KDC. See the section titled “Security Protocols” in Chapter 13, “PKI and Encryption Protocols,” for more information.
- Answer: C. Single sign-on is used so that a user does not have to give multiple credentials. The single sign-on could be a signature, voice print, key code, or username and password, and so on. If a user uses three of these credentials, it would be known as three-factor authentication. See the section titled “Authentication Models and Components” in Chapter 8, “Physical Security and Authentication Models,” for more information.
- Answers: A. and C. POP3 uses port 110; IMAP uses port 143; 3389 is used by the remote desktop protocol; and 389 is used by LDAP. See the section titled “Ports, Protocols, and Malicious Attacks” in Chapter 5, “Network Design Elements and Network Threats,” for more information.
- Answers: A. and D. Kerberos uses a ticket distribution service and an authentication service. This is provided by the Key Distribution Center. A Faraday cage is used to block data emanations. Port 389 is used by LDAP. One of the more common ports that Kerberos uses is port 88. See the section titled “Security Protocols” in Chapter 13, “PKI and Encryption Protocols,” for more information.
- Answer: B. Dumpster diving is when a person goes through a company’s trash to find sensitive information about an individual or a company. Browsing is not an attack but something you do when connecting to the Internet. Phishing is known as acquiring sensitive information through the use of electronic communication. Nowadays, hacking is a general term used with many different types of attacks. See the section titled “Social Engineering” in Chapter 15, “Policies, Procedures, and People,” for more information.
- Answer: A. Steganography is the act of writing hidden messages so that only the intended recipients know of the existence of the message. This is a form of security through obscurity. See the section titled “Cryptography Concepts” in Chapter 12, “Encryption and Hashing Concepts,” for more information.
- Answer: B. A chain of custody is the chronological documentation or paper trail of evidence. See the section titled “Legislative and Organizational Policies” in Chapter 15, “Policies, Procedures, and People,” for more information.
- Answer: D. The Gramm-Leach-Bliley Act protects private information such as Social Security numbers. HIPAA deals with health information privacy. SOX, or the Sarbanes-Oxley Act of 2002, applies to publicly held companies and accounting firms and protects shareholders in the case of fraudulent practices. See the section titled “Legislative and Organizational Policies” in Chapter 15, “Policies, Procedures, and People,” for more information.
- Answer: D. MAC filtering disallows connections from any wireless clients unless the wireless client’s MAC address is on the MAC filtering list. See the section titled “Securing Wireless Networks” in Chapter 7, “Securing Network Media and Devices,” for more information.
- Answer: D. DDoS, or distributed denial of service attack, uses multiple computers to make its attack, usually perpetuated on a server. None of the other answers use multiple computers. See the section titled “Computer Systems Security Threats” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: A. To protect against malicious attacks, think like a hacker; then protect and secure like a network security administrator. See the section titled “Think Like a Hacker” in Chapter 1, “Introduction to Security,” for more information.
- Answer: B. You should use nonrepudiation to prevent Tom from denying that he sent the e-mails. See the section titled “Security 101” in Chapter 1, “Introduction to Security,” for more information.
- Answer: D. In x.509, the owner does not use a symmetric key. All the other answers apply to x.509. See the section titled “Public Key Infrastructure” in Chapter 13, “PKI and Encryption Protocols,” for more information.
- Answers: A, B, and D. Rainbow tables are lookup tables used when recovering passwords. User education and awareness can help defend against social engineering attacks, phishing, and dumpster diving. See the section titled “Social Engineering” in Chapter 15, “Policies, Procedures, and People,” for more information.
- Answers: B. and C. By disabling all USB devices in the BIOS, users cannot utilize their flash drive. Also, users cannot use the device if you disable the USB root hub within the operating system. See the section titled “Securing Computer Hardware and Peripherals” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: C. Pop-up blockers do not require updating to be accurate. However, host-based intrusion detection systems, antivirus software, and antispyware all need to be updated to be accurate. See the section titled “Implementing Security Applications” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: A. The Domain Name System, or DNS, uses port 53. Port 80 is used by HTTP, port 110 is used by POP3, and port 88 is used by Kerberos. See the section titled “Ports, Protocols, and Malicious Attacks” in Chapter 5, “Network Design Elements and Network Threats,” for more information.
- Answers: A and C. Blue snarfing and bluejacking are the names of a couple of Bluetooth threats. Another attack could be aimed at a Bluetooth device’s discovery mode. To date, there is no such thing as blue bearding, and a distributed denial of service attack is one that uses multiple computers attacking one host. See the section titled “Computer Systems Security Threats” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: D. A logic bomb is a malicious attack that executes at a specific time. Viruses normally execute when a user inadvertently runs them. Worms can self-replicate at will. And bluejacking deals with Bluetooth devices. See the section titled “Computer Systems Security Threats” in Chapter 2, “Computer Systems Security,” for more information.
- Answers: A and B. Two ways to harden an operating system include installing the latest service pack and installing Windows Defender. However, virtualization is a separate concept altogether, and PHP scripts are generally not used to harden an operating system. See the section titled “Hardening Operating Systems” in Chapter 3, “OS Hardening and Virtualization,” for more information.
- Answer: A. Active inception (aka active interception) normally includes a computer placed between the sender and the receiver to capture information. See the section titled “Computer Systems Security Threats” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: B. If you find that there was an intrusion, the first thing you should check are the firewall logs. DNS logs in the Event Viewer and the performance logs will most likely not show intrusions to the company. The best place to look first is the firewall logs. See the section titled “Firewalls and Network Security” in Chapter 6, “Network Perimeter Security,” for more information.
- Answer: A. Static network address translation normally uses a one-to-one mapping when dealing with IP addresses. See the section titled “Network Design” in Chapter 5, “Network Design Elements and Network Threats,” for more information.
- Answer: A. Symmetric encryption is the best option for sending large amounts of data. It is superior to asymmetric encryption. PKI is considered an asymmetric encryption type, and hashing algorithms don’t play into sending large amounts of data. See the section titled “Cryptography Concepts” in Chapter 12, “Encryption and Hashing Concepts,” for more information.
- Answer: D. A hot site can facilitate a full recovery of communications software and equipment within minutes. Warm and cold sites cannot facilitate a full recovery but might have some of the options necessary to continue business. Reestablishing a mirror will not necessarily implement a full recovery of data communications or equipment. See the section titled “Redundancy Planning” in Chapter 14, “Redundancy and Disaster Recovery,” for more information.
- Answer: C. The Internet connects hosts to each other in virtual private networks. A particular computer will probably also use a VPN adapter and/or a network adapter. Modems are generally used in dial-up connections and are less commonly used in VPNs. See the section titled “Network Design” in Chapter 5, “Network Design Elements and Network Threats,” for more information.
- Answer: D. In MAC (mandatory access control), users cannot share resources dynamically. MAC is not a dynamic model, it is a static model. Owners cannot establish access privileges to a resource; this would be done by the administrator. MAC is indeed very restrictive, as restrictive as the administrator wants it to be. See the section titled “Access Control Models Defined” in Chapter 9, “Access Control Methods and Models,” for more information.
- Answer: A. Antivirus software is the best option when removing a worm. It may be necessary to boot into safe mode to remove this worm when using antivirus software. See the section titled “Implementing Security Applications” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: A. The easiest way for a hacker to get at encrypted data is if that encrypted data has a weak encryption key. See the section titled “Cryptography Concepts” in Chapter 12, “Encryption and Hashing Concepts,” for more information.
- Answer: C. Input validation is the best practice to use when coding applications. This is important when creating web applications or web pages that require information to be inputted by the user. See the section titled “Implementing Security Applications” in Chapter 2, “Computer Systems Security,” for more information.
- Answer: C. SHA algorithm blocks will have 512 bits. All other answers are incorrect. See the section titled “Hashing Basics” in Chapter 12, “Encryption and Hashing Concepts,” for more information.
- Answer: C. PPP, or point-to-point protocol, does not provide security and is not used in VPN connections. You will see PPP used in dial-up connections. L2TP, PPTP, and IPSec are all used in VPN connections. See the section titled “Network Design” in Chapter 5, “Network Design Elements and Network Threats,” for more information.
- Answer: B. NTFS is the most secure file system for use with Windows XP and Windows Vista. FAT and FAT32 are older file systems, and DFS is the distributed file system used in more advanced networking. See the section titled “Hardening Operating Systems” in Chapter 3, “OS Hardening and Virtualization,” for more information.
- Answer: B. The SSID is used to identify the wireless network. It does not secure the wireless access point; one of the ways to secure a wireless access point is by masking the SSID or disabling the SSID broadcast. The SSID does not encrypt data or enforce MAC filtering. See the section titled “Securing Wireless Networks” in Chapter 7, “Securing Network Media and Devices,” for more information.
- Answer: B. In the discretionary access control model, permissions to files are identified by access control lists, or ACLs. Role membership is used in RBAC. The mandatory access control model predefines permissions. Either way, it is not identified automatically. See the section titled “Access Control Models Defined” in Chapter 9, “Access Control Methods and Models,” or more information.
- Answer: A. Back up the system before you do anything else. This way, you have a backup copy in the case that anything goes wrong when you analyze or make changes to the system. See the section titled “Assessing Vulnerability with Security Tools” in Chapter 10, “Vulnerability and Risk Assessment,” or more information.
- Answer: D. The Performance Monitor can be configured in such a way where alerts can be set for any of the objects (processor, RAM, paging file) in a computer. For example, if the processor was to go beyond 90% usage for more than a minute, an alert would be created and could be sent automatically to an administrator. See the section titled “Using Tools to Monitor Systems and Networks” in Chapter 11, “Monitoring and Auditing,” for more information.
- Answer: A. The Simple Network Management Protocol (SNMP) is used when a person installs agents on client computers to monitor those systems from a single remote location. SMTP is used by e-mail clients and servers. SMP is Symmetric Multi-Processing, which is not covered in the Security+ exam objectives. Performance Monitor enables a person to monitor a computer and create performance baselines. See the section titled “Using Tools to Monitor Systems and Networks” in Chapter 11, “Monitoring and Auditing,” for more information.
- Answers: A, C, and D. To audit events on a computer, an administrator would need to enable auditing within the computer’s policy, turn on auditing for an individual object (folder, file, and so on), and then view the events within the Security log of the Event Viewer. 512 KB is big enough for many events to be written to it. See the section titled “Conducting Audits” in Chapter 11, “Monitoring and Auditing,” for more information.
- Answer: C. Symmetric key encryption uses a secret key. PKI and public keys at their core are asymmetrical. See the section titled “Cryptography Concepts” in Chapter 12, “Encryption and Hashing Concepts,” for more information.
- Answers: B and C. A digital certificate will include the Certificate Authority’s (CA) digital signature and the user’s public key. A user’s private key should be kept private and should not be within the digital certificate. The IP address of the CA should have been known to the user’s computer before obtaining the certificate. See the section titled “Public Key Infrastructure” in Chapter 13, “PKI and Encryption Protocols,” for more information.
- Answer: B. An Uninterruptible Power Supply (UPS) ensures that a computer keeps running even if a power outage occurs. The amount of minutes the computer can continue in this fashion depends on the type of UPS and battery it contains. A backup generator can also be used but do not guarantee 100% uptime, because there might be a delay between when the power outage occurs and when the generator comes online. RAID 1 has to do with the fault tolerance of data. Redundant NICs (network adapters) are used on servers in the case that one of them fails. Hot sites are completely different places that a company can inhabit. Although the hot site can be ready in minutes, and although it may have a mirror of the server in question, they do not ensure that the original server will not shut down during a power outage. See the section titled “Redundancy Planning” in Chapter 14, “Redundancy and Disaster Recovery,” for more information.
- Answer: C. The grandfather-father-son (GFS) backup scheme generally uses daily backups (the son), weekly backups (the father), and monthly backups (the grandfather). The Towers of Hanoi is a more complex strategy based on a puzzle. Incremental backups are simply one-time backups that back up all data that has changed since the last incremental backup. These might be used as the son in a GFS scheme. Differential backups back up everything since the last differential or full backup. See the section titled “Disaster Recovery Planning and Procedures” in Chapter 14, “Redundancy and Disaster Recovery,” for more information.
- Answer: D. A protocol analyzer captures data including things such as GET requests initiated from an FTP client. See the section titled “Using Tools to Monitor Systems and Networks” in Chapter 11, “Monitoring and Auditing,” for more information.
- Answers: A and C. By increasing the Internet zone security level to high, you employ the maximum safeguards for that zone. ActiveX controls can be used for malicious purposes; disabling them makes it so that they do not show up in the browser. Disabling a pop-up blocker and adding malicious sites to the Trusted Sites zone would make Internet Explorer less secure. See the section titled “Securing the Browser” in Chapter 4, “Application Security,” for more information.
- Answer: B. Install a firewall to protect the network. Protocol analyzers will not help to protect a network but are valuable as vulnerability assessment and monitoring tools. Although a DMZ and a proxy server could possibly help to protect a portion of the network to a certain extent, the best answer is a firewall. See the section titled “Firewalls and Network Security” in Chapter 6, “Network Perimeter Security,” for more information.
- Answer: C. Two-factor authentication (or dual-factor) means that two pieces of identity are needed prior to authentication. A thumb print and key card would fall into this category. L2TP and IPSec are protocols used to connect through a VPN, which by default require only a username and password. Username and password is considered one-factor authentication. There is no client and server authentication model. See the section titled “Authentication Models and Components” in Chapter 8, “Physical Security and Authentication Models,” for more information.
- Answer: A. OVAL (Open Vulnerability and Assessment Language) uses XML as a framework for the language. It is a community standard dealing with the standardization of information transfer. 3DES is an encryption algorithm. WPA is a wireless encryption standard, and the deprecated PAP is the Password Authentication Protocol used for identifying users to a server. See the section titled “Assessing Vulnerability with Security Tools” in Chapter 10, “Vulnerability and Risk Assessment,” for more information.
- Answer: A. A private key should be used by users when logging in to the network with their smart card. The key should certainly not be public. A key actually determines the function of a cipher. Shared key is another term for symmetric-key encryption. See the section titled “Cryptography Concepts” in Chapter 12, “Encryption and Hashing Concepts,” for more information.
- Answer: C. The “I” in CIA stands for Integrity. Together CIA stands for Confidentiality, Integrity, and Availability. Accountability is also a core principle of information security. See the section titled “Security 101” in Chapter 1, “Introduction to Security,” for more information.
- Answer: D. A system can never truly be completely secure. The scales are always tipping back and forth; a hacker develops a way to break into a system, an administrator finds a way to block that attack, the hacker looks for an alternative method, and so on. See the section titled “Think Like a Hacker” in Chapter 1, “Introduction to Security,” for more information.