



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A practice exam or study guide for the comptia security+ certification exam. It covers a wide range of cybersecurity topics, including network protocols, cryptography, vulnerability management, incident response, and various types of attacks and mitigation strategies. Definitions, explanations, and multiple-choice questions to test the reader's understanding of these concepts. By studying this document, a student or candidate preparing for the security+ exam could gain valuable knowledge and practice to improve their chances of passing the certification exam. The level of detail and breadth of topics covered suggest this document could be useful as study notes, lecture notes, or a summary for individuals pursuing the security+ certification or related cybersecurity coursework at the university level.
Typology: Exams
1 / 6
This page cannot be seen from the preview
Don't miss anything!
An attacker makes processes execute out of sequence to control the result in a way that accomplishes the attackers goals. * A. Pre-emptive attack B. Logic Bomb C. Race Condition D. SaaS - ANSWER-Race Condition Another name for hashing is? * 3 points A. Authentication B. Authority C. Integrity D. Public Key Cryptography - ANSWER-Integrity Average time it would take to repair a component * 3 points A. MTTR B. MTTB C. MTTF D. MTBF - ANSWER-MTTR DNS Port - ANSWER- FTP Port numbers - ANSWER-20, 21 HTTP - ANSWER- Keyword for SIEM - ANSWER-Aggregate Port Number DHCP - ANSWER- Port Number HTTPS - ANSWER- Port Number IMAP - ANSWER- Port Number SMTP - ANSWER- Port Number SNMP - ANSWER- Port Number TACAS - ANSWER- Port Number Telnet - ANSWER-
Port RDP - ANSWER- SFTP Port number - ANSWER- SSH Port number - ANSWER- The chance of harm coming to an asset * 3 points A. Vulnerability B. Threat C. Risk D. Mitigation - ANSWER-Risk TLS/SSL Port - ANSWER- True or False. Banner grabbing is a technique used to gain information about a computer system on a network and the services running on its open ports - ANSWER- True True or False. Cross-site scripting is a type of computer security vulnerability typically found in web applications. - ANSWER-True True or False. SMIME encrypts email in the DoD - ANSWER-True True or False. When using WEP you use RC4 - ANSWER-True Used to find collisions in a cryptographic Environment * 3 points A. Rainbow Attack B. Birthday Attack C. Xmas Attack D. XXS - ANSWER-Birthday Attack What are some asymmetric key algorithms? - ANSWER-DH, RSA What are symmetric encryption algorithms? A. AES B. Twofish C. Blowfish D. RSA E. DH - ANSWER-AES Twofish Blowfish What are the 3 things associated with a digital signature? * 3 points
C. Locks D. SOP - ANSWER-Locks What is an example of a technical control? * 3 points A. Management B. Firewall C. Locks D. SOP - ANSWER-Firewall What is an example of risk transference? * 3 points A. Insurance B. IDS C. MTTR D. Locks - ANSWER-Insurance What is another name for a protocol analyzer? * 3 points A. TCPDump B. S/MIME C. Sniffer D. nslookup - ANSWER-Sniffer What is involved with patch management? * 3 points A. Perform system hardening B. Updates Security Baseline C. All the updates and patches are pushed down by server D. All systems are current on patches - ANSWER-• Perform system hardening
C. Method of encryption Required - ANSWER-A Message inside a message hidden messages What is the definition of a spam and hoax? * 3 points A. Irrelevant or inappropriate messages sent on the internet to a large number of recipients. B. Email sent from internet to a large number of recipients. C. Malicious code sent on the internet to a large number of recipients. D. Phishing. - ANSWER-Irrelevant or inappropriate messages sent on the internet to a large number of recipients. What is the difference between an incident and an event? * 3 points A. Incident- Signal that an event is an incident B. Incident- Event that is unexpected that poses a threat C. Alert- Signal that an event is an incident D. Alert- Event that is unexpected that poses a threat - ANSWER-Incident- Event that is unexpected that poses a threat Alert- Signal that an event is an incident What is the difference between credentialed and non credentialed scanning? * - ANSWER-Credentialed vulnerability scan you have the credentials to access the systems in your environment. Non-credentialed scans can only observe responses from the outside. What is the difference between qualitative and quantitative? - ANSWER-Qualitative are measured by observations and experience. Quantitative are measured by monetary value. What is the difference between spear phishing and whaling? - ANSWER-Spear phishing targets a specific group. Whaling targets high profile targets. What is the mitigation for tailgating/piggybacking? * 0 points A. Security Guards B. Locks C. WAF D. Fence - ANSWER-Security Guards What is the strongest encryption - ANSWER-AES What is the weakest hash - ANSWER-MD What is used as a detective deterrence? *