Download Security Concepts and Attacks: True/False and Answer Questions and more Exams Computer Security in PDF only on Docsity!
CompTIA Security+ Guide to Network
Security Fundamentals 2024 spring
exam completely solved
One of the challenges in combating cyberterrorism is that many of the prime targets are not owned and managed by the federal government. (true/false) - Answer>>True A vulnerability is a flaw or weakness that allows a threat to bypass security. (true/false) - Answer>>True The CompTIA Security+ certification is a vendor-neutral credential. (true/false) - Answer>>True Smart phones give the owner of the device the ability to download security updates. (true/false) - Answer>>False The Security Administrator reports directly to the CIO. (true/false) - Answer>>False What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments? - Answer>>Brokers Adone is attempting to explain to his friend the relationship between security and convenience. Which of the following statements would he use? - Answer>>"Security and convenience are inversely proportional." Which of the following is an enterprise critical asset? - Answer>>Information An organization that practices purchasing products from different vendors is demonstrating which security principle? - Answer>>Diversity
Which of the following is NOT true regarding security? - Answer>>Security is a war that must be won at all costs. What level of security access should a computer user have to do their job? - Answer>>least amount To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 billion. What was the name of this attack? - Answer>>Love Bug Which of the following is a common security framework? (Choose all that apply.) - Answer>>ISO, RFC, COBIT Select the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data. - Answer>>integrity In what kind of attack can attackers make use of millions of computers under their control in an attack against a single server or network? - Answer>>distributed Successful attacks are usually not from software that is poorly designed and has architecture/design weaknesses. (true/false) - Answer>>False As security is increased, convenience is often increased. (true/false) - Answer>>False Why do cyberterrorists target power plants, air traffic control centers, and water systems? - Answer>>They can cause significant disruption by destroying only a few targets. Gunnar is creating a document that explains risk response techniques. Which of the following would he NOT list and explain in his document? - Answer>>Extinguish risk
Two types of malware have the primary trait of circulation. These are viruses and worms. (true/false) - Answer>>True Social engineering impersonation means to masquerade as a real or fictitious character and then play out the role of that person on a victim. (true/false) - Answer>>True A virus self-replicates on the host computer and spreads to other computers by itself. (true/false) - Answer>>False Vishing is a false warning, often contained in an email message claiming to come from the IT department. (true/false) - Answer>>False Once the malware reaches a system through circulation, then it must embed itself into that system. (true/false) - Answer>>True A watering hole attack is directed against _____. - Answer>>a smaller group of specific users Ebba received a message from one of her tech support employees. In violation of company policy, a user had downloaded a free program to receive weather reports, but the program had also installed malware on the computer that gave the threat actor unrestricted access to the computer. What type of malware had been downloaded? - Answer>>RAT Which of these could NOT be defined as a logic bomb? - Answer>>Send spam email to Moa's inbox on Tuesday. Which statement regarding a keylogger is NOT true? - Answer>>Software keyloggers are generally easy to detect. Each of these is a reason why adware is scorned EXCEPT _____. - Answer>>it displays the attacker's programming skills
A virus that infects an executable program file is known as? - Answer>>program virus What social engineering principal frightens and coerces a victim by using threats? - Answer>>intimidation What term below is used to describe the process of gathering information for an attack by relying on the weaknesses of individuals? - Answer>>social engineering What type of system security malware allows for access to a computer, program, or service without authorization? - Answer>>backdoor What type of software can be installed in an individual's web browser to prevent ads from displaying? - Answer>>ad blocking Phishing is sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information. (true/false) - Answer>>True Vishing is a false warning, often contained in an email message claiming to come from the IT department. - Answer>>False A virus self-replicates on the host computer and spreads to other computers by itself. - Answer>>False Which of the following is not a primary trait of malware? - Answer>>diffusion What is the name of the threat actor's computer that gives instructions to an infected computer? - Answer>>Command and control (C&C) server
XSS is like a phishing attack but without needing to trick the user into visiting a malicious website. (true or false) - Answer>>True What type of attack involves manipulating third-party ad networks? - Answer>>Malvertising What is a session token? - Answer>>a random string assigned by a web server What is the basis of an SQL injection attack? - Answer>>to insert SQL statements through unfiltered user input Newton is concerned that attackers could be exploiting a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. What type of attack is he worried about? - Answer>>Privilege escalation Which of the following adds new functionality to the web browser so that users can play music, view videos, or display special graphical images within the browser? - Answer>>Plug-ins The management in your corporate office needs to group users on the network together logically even though they are attached to separate network switches. How can this be done? - Answer>>Create a VLAN and add the users' computers / ports to the correct VLAN What specific type of hardware card inserts into a web server that contains one or more co- processors to handle SSL/TLS processing? - Answer>>SSL/TLS accelerator Which of the following is a system of security tools that are used to recognize and identify data that is critical to the organization and ensure that it is protected? - Answer>>data loss prevention What data unit is associated with the Open Systems Interconnection layer two? - Answer>>frame
When VPN network traffic is routing only some traffic over the secure VPN while other traffic directly accesses the Internet, what technology is being used? - Answer>>split tunneling One use of data loss prevention (DLP) is blocking the copying of files to a USB flash drive. (true or false) - Answer>>True NAT is not a specific device, technology, or protocol. It is a technique for substituting IP addresses. (true or false) - Answer>>True Workgroup switches must work faster than core switches. (true or false) - Answer>>False Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and signature-based monitoring by being more adaptive and proactive instead of reactive. (true or false) - Answer>>True A security advantage of VLANs is that they can be used to prevent direct communication between servers. (true or false) - Answer>>True Isabella is a security support manager for a large enterprise. In a recent meeting, she was asked which of the standard networking devices already present on the network could be configured to supplement the specific network security hardware devices that were recently purchased. Which of these standard networking devices would Isabella recommend? - Answer>>router Raul was asked to configure the VPN to preserve bandwidth. Which configuration would he choose? - Answer>>Split tunnel How does network address translation (NAT) improve security? - Answer>>It discards unsolicited packets.
Type I hypervisors run on the host operating system. (true or false) - Answer>>False A correlation engine aggregates and correlates content from different sources to uncover an attack. (true or false) - Answer>>True Which type of device log contains the most beneficial security data? - Answer>>firewall log Which of these is the most secure protocol for transferring files? - Answer>>SFTP Which of the following TCP/IP protocols do not relate to security? - Answer>>IP Which Domain Name System (DNS) attack replaces a fraudulent IP address for a symbolic name? - Answer>>DNS poisoning Which version of Simple Network Management Protocol (SNMP) is considered the most secure?
- Answer>>SNMPv A Bluetooth attack in which the attacker accesses unauthorized information from a wireless device using a Bluetooth connection, is known as which of the following terms? - Answer>>Bluesnarfing What device acts like a wireless base station in a network, acting as a bridge between wireless and wired networks? - Answer>>access Point An access point that is unauthorized and allows an attacker to bypass network security configurations is considered to be what type of access point? - Answer>>rogue Which of the following self-contained APs are autonomous, or independent, because they are separate from other network devices and even other autonomous APs? - Answer>>fat APs
Slave devices that are connected to a piconet and are sending transmissions are known as what? - Answer>>active slave Near field communication (NFC) is a set of standards used to establish communication between devices in very close proximity. (true or false) - Answer>>True In a bluesnooping attack, the attacker copies emails, calendars, contact lists, cell phone pictures, or videos by connecting to the Bluetooth device without the owner's knowledge or permission. (true or false) - Answer>>False The current Bluetooth version is Bluetooth 6. (true or false) - Answer>>False In ad hoc mode, devices can only communicate between themselves and cannot connect to another network. (true or false) - Answer>>True For IEEE WLANs, the maximum transmit power is 200 milliwatts (mW). (true or false) - Answer>>True The primary design of a(n) _____ is to capture the transmissions from legitimate users. - Answer>>evil twin WPA replaces WEP with _____. - Answer>>Temporal Key Integrity Protocol (TKIP) Minh has been asked to recommend an EAP for a system that uses both passwords and tokens with TLS. Which should she recommend? - Answer>>EAP-FAST What is a difference between NFC and RFID? - Answer>>RFID is designed for paper-based tags while NFC is not.
Which enterprise deployment model requires employees to choose from a selection of company owned and approved devices? - Answer>>COPE MDM tools cannot provide the ability to detect and restrict jailbroken and rooted devices. (True or False) - Answer>>False Mobile devices using location services are at increased risk of targeted physical attacks. (True or False) - Answer>>True What enforces the location in which an app can function by tracking the location of the mobile device? - Answer>>geofencing Which of these is considered the strongest type of passcode to use on a mobile device? - Answer>>password Gaetan has attempted to enter the passcode for his mobile device but keeps entering the wrong code. Now he is asked to enter a special phrase to continue. Which configuration setting is enabled on Gaetan's mobile device? - Answer>>reset to factory settings An independently rotating large cup affixed to the top of a fence prevents the hands of intruders from gripping the top of a fence to climb over it. What is the name for this technology? - Answer>>roller barrier What is the name for a cumulative package of all patches and hot-fixes as well as additional features up to a given point? - Answer>>service pack Which of the following are application development stages? - Answer>>staging, testing Static program analyzers are tools that examine the software without actually executing the program; instead, the source code is reviewed and analyzed. (True or False) - Answer>>True
An access log is a record or list of individuals who have permission to enter a secure area, along with the time they entered and the time they left the area. (True or False) - Answer>>True How can an SDIO card be made secure? - Answer>>Using the security mechanisms on a standard Wi-Fi network. Which of these is a list of approved email senders? - Answer>>Whitelist Which type of residential lock is most often used for keeping out intruders? - Answer>>Keyed entry lock What type of software is specifically designed for a SoC in an embedded system? - Answer>>RTOS Which of the following systems is located in a satellite and regenerates a signal that is sent back to earth at another frequency? - Answer>>repeater Virtual machines store sensitive applications and data on a remote server that is accessed through a smartphone. (True or False) - Answer>>False As a class, tablets are devices that closely resemble standard desktop computers. (True of False)
- Answer>>False Paavo was reviewing a request by an executive for a new subnotebook computer. The executive said that he wanted USB OTG support and asked Paavo's opinion regarding its security. What would Paavo tell him about USB OTG security? - Answer>>Connecting a mobile device as a peripheral to an infected computer could allow malware to be sent to that device. In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the
Which of these is NOT a reason why users create weak passwords? - Answer>>Most sites force users to create weak passwords even though they do not want to. Which type of password attack is a more targeted brute force attack that uses placeholders for characters in certain positions of the password? - Answer>>Mask attack A TOTP token code is generally valid for what period of time? - Answer>>For as long as it appears on the device What is a token system that requires the user to enter the code along with a PIN called? - Answer>>Multifactor authentication system Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? - Answer>>OAuth Which of the following is a category of group password settings in Microsoft Windows? - Answer>>Account Lockout Policy, Password Policy Settings What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters? - Answer>>hybrid What federated identity management (FIM) relies on token credentials? - Answer>>OAuth A TOTP changes after a set period. (True or False) - Answer>>True A hardware security token is typically a small device with a window display. (True or False) - Answer>>True
Voice recognition is identical to speech recognition. (True or False) - Answer>>False Most password attacks today are an offline attack. (True or False) - Answer>>True Hash algorithms like MD5 and SHA are considered secure for creating digests because these hashing algorithms are designed to create a digest as strong as possible. (True or False) - Answer>>False Which authentication factor is based on a unique talent that a user possesses? - Answer>>What you do _____ biometrics is related to the perception, thought processes, and understanding of the user. - Answer>>Cognitive Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? - Answer>>Brute force attack Which human characteristic is NOT used for biometric identification? - Answer>>Height Which major types of access involving system resources are controlled by ACLs? - Answer>>system access, user access, application access When using Role Based Access Control (RBAC), permissions are assigned to which of the following? - Answer>>Roles What framework is used for transporting authentication protocols instead of the authentication protocol itself? - Answer>>EAP
Which statement about Rule-Based Access Control is true? - Answer>>It dynamically assigns roles to subjects based on rules. Which of the following involves rights given to access specific resources? - Answer>>Access The action that is taken by a subject over an object is called a(n): - Answer>>operation When LDAP traffic is made secure by using Secure Sockets Layer (SSL) or Transport Layer Security (TLS), what is this process called? - Answer>>LDAPS What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware? - Answer>>access control model What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information? - Answer>>LDAP injection ACLs provide file system security for protecting files managed by the user. (True or False) - Answer>>False Least privilege in access control means that only the minimum amount of privileges necessary to perform a job or function should be allocated. (True or False) - Answer>>True Authorization is granting permission for admittance. (True or False) - Answer>>True Which can be used to establish geographical boundaries where a mobile device can and cannot be used? - Answer>>Location-based policies What is the least restrictive access control model? - Answer>>DAC
What is the version of the X.500 standard that runs on a personal computer over TCP/IP? - Answer>>LDAP Which of the following would NOT be considered as part of a clean desk policy? - Answer>>Do not share passwords with other employees. Which of the following is the Microsoft version of EAP? - Answer>>MS-CHAP
