Download Security+ Guide to Network Security Fundamentals (Chapter 7-12) Mark Ciampa question bank and more Exams Computer Security in PDF only on Docsity!
Security+ Guide to Network Security
Fundamentals (Chapter 7-12 Multiple
Choice Questions) Mark Ciampa (6th
Edition)2024 Completely and Accurately
Solved
Chapter 7 - Answer>>Administering a Secure Network Which of the following TCP/IP protocols do not relate to security? - Answer>>a. IP b. SNMP c. HTTPS d. FTP Aideen sent an email to her supervisor explaining the Domain Name System Security Extensions (DNSSEC). Which of the following statements would Aideen have NOT included in her email? - Answer>>a. It is fully supported in BIND9. b. It adds additional resource records. c. It adds message header information. d. It can prevent a DNS transfer attack. What is the recommended secure protocol for voice and video applications? - Answer>>a. Secure Real-time Transport Protocol (SRTP) b. Hypertext Transport Protocol Secure (HTTPS) c. Network Time Protocol (NTP) d. Secure/Multipurpose Internet Mail Extensions (S/MIME)
Which type of log can provide details regarding requests for specific files on a system? - Answer>>a. Audit log b. Event log c. Access log d. SysFile log Which type of device log contains the most beneficial security data? - Answer>>a. Firewall log b. Email log c. Switch log d. Router log Which type of cloud is offered to specific organizations that have common concerns? - Answer>>a. Public cloud b. Hybrid cloud c. Private cloud d. Community cloud Which of these is NOT correct about an SSL accelerator? - Answer>>a. It can be a separate hardware card that inserts into a web server. b. It can be a separate hardware module. c. It should reside between the user's device and the web servers. d. It can only handle the SSL protocol. Catriona needed to monitor network traffic. She did not have the resources to install an additional device on the network. Which of the following solutions would meet her needs? - Answer>>a. Network tap b. Port mirroring c. Aggregation switch
d. Infrastructure as a Service (IaaS) Eachna is showing a new security intern the log file from a firewall. Which of the following entries would she tell him do not need to be investigated? - Answer>>a. Suspicious outbound connections b. IP addresses that are being rejected and dropped c. Successful logins d. IP addresses that are being rejected and dropped Which type of hypervisor does not run on an underlying operating system? - Answer>>a. Type I b. Type II c. Type III d. Type IV Which application stores the user's desktop inside a virtual machine that resides on a server and is accessible from multiple locations? - Answer>>a. Application cell b. Container c. VDE d. VDI Kyle asked his supervisor which type of computing model was used when the enterprise first started. She explained that the organization purchased all the hardware and software necessary to run the company. What type of model was she describing to Kyle? - Answer>>a. Virtual services b. Off-premises c. On-premises d. Hosted services
DNSSEC adds additional and message header information, which can be used to verify that the requested data has not been altered in transmission. - Answer>>a. resource records b. field flags c. hash sequences d. zone transfers What functions of a switch does a software defined network separate? - Answer>>a. Host and virtual b. Control plane and physical plane c. RAM and hard drive d. Network level and resource level Which of the following is NOT a security concern of virtualized environments? - Answer>>a. Virtual machines must be protected from both the outside world and from other virtual machines on the same physical computer. b. Physical security appliances are not always designed to protect virtual systems. c. Virtual servers are less expensive than their physical counterparts. d. Live migration can immediately move one virtualized server to another hypervisor. Chapter 8 - Answer>>Wireless Network Security Which technology is predominately used for contactless payment systems? - Answer>>a. Near field communication (NFC) b. Wireless local area network (WLAN) c. Bluetooth d. Radio Frequency ID (RFID)
Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable? - Answer>>a. Push-button method b. PIN method c. Piconet method d. NFC method Flavio visits a local coffee shop on his way to school and accesses its free Wi-Fi. When he first connects, a screen appears that requires him to first agree to an Acceptable Use Policy (AUP) before continuing. What type of AP has he encountered? - Answer>>a. Captive portal b. Web-based portal c. Rogue portal d. Authenticated portal Which of the following is NOT a wireless peripheral protection option? - Answer>>a. Update or replacing any vulnerable device b. Switch to a more fully tested Bluetooth model c. Install a network sensor to detect an attack d. Substitute a wired device The primary design of a(n) _____ is to capture the transmissions from legitimate users. - Answer>>a. rogue access point b. WEP c. evil twin d. Bluetooth grabber Which of these is a vulnerability of MAC address filtering? - Answer>>a. APs use IP addresses instead of MACs.
b. The user must enter the MAC. c. MAC addresses are initially exchanged unencrypted. d. Not all operating systems support MACs. Which of these is NOT a limitation of turning off the SSID broadcast from an AP? - Answer>>a. Turning off the SSID broadcast may prevent users from being able to freely roam from one AP coverage area to another. b. Some versions of operating systems favor a network that broadcasts an SSID over one that does not. c. Users can more easily roam from one WLAN to another. d. The SSID can easily be discovered, even when it is not contained in beacon frames, because it still is transmitted in other management frames sent by the AP. What is the primary weakness of wired equivalent privacy (WEP)? - Answer>>a. It functions only on specific brands of APs. *b. Its usage creates a detectable pattern. * c. It slows down a WLAN from 104 Mbpsto 16 Mbps. d. Initialization vectors (IVs) are difficult for users to manage. WPA replaces WEP with _____. - Answer>>a. WPA b. Temporal Key Integrity Protocol (TKIP) c. cyclic redundancy check (CRC) d. Message Integrity Check (MIC) Adabella was asked by her supervisor to adjust the frequency spectrum settings on a new AP. She brought up the configuration page and looked through the different options. Which of the following frequency spectrum settings would she NOT be able to adjust? - Answer>>a. Frequency band
an EAP for a system that uses both passwords and tokens with TLS. Which should she recommend? - Answer>>a. EAP-TLS b. EAP-TTLS c. EAP-SSL d. EAP-FAST Which of these is NOT a type of wireless AP probe? - Answer>>a. Wireless device probe b. WNIC probe c. Dedicated probe d. AP probe Chapter 9 - Answer>>Client and Application Security Which of the following is NOT a reason why supply chain infections are considered especially dangerous? - Answer>>a. If the malware is planted in the ROM firmware of the device this can make it difficult or sometimes even impossible to clean an infected device. b. Users are receiving infected devices at the point of purchase and are completely unaware that a brand new device may be infected. c. It is virtually impossible to closely monitor every step in the supply chain. d. Supply chains take advantage of the trusted "chain of trust" concept. Which type of operating system runs on a firewall, router, or switch? - Answer>>a. Server OS b. Network OS c. Device OS d. Resource OS Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow? - Answer>>a. Barricade b. Fencing
c. Roller barrier d. Type V controls Which of the following is NOT a motion detection method? - Answer>>a. Magnetism b. Radio frequency c. Moisture d. Infrared Which type of residential lock is most often used for keeping out intruders? - Answer>>a. Encrypted key lock b. Keyed entry lock c. Privacy lock d. Passage lock A lock that extends a solid metal bar into the door frame for extra security is the _____. - Answer>>a. triple bar lock b. deadman's lock c. full bar lock d. deadbolt lock Which statement about a mantrap is true? - Answer>>a. It is illegal in the United States. b. It monitors and controls two interlocking doors to a room. c. It is a special keyed lock. d. It requires the use of a cipher lock. Which of the following is NOT a typical OS security configuration? - Answer>>a. Employing least functionality b. Restricting patch management
c. Agile model d. Secure model What allows for a single configuration to be set and then deployed to many or all users? - Answer>>a. Snap-In Replication (SIR) b. Active Directory c. Group Policy d. Command Configuration Which of the following is a cumulative package of all patches? - Answer>>a. Rollup b. Service pack c. Patch d. Hotfix Which of the following is NOT an advantage to an automated patch update service? - Answer>>a. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs. b. Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server. c. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service. d. Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available. How can an SDIO card be made secure? - Answer>>a. Using the security mechanisms on a standard Wi-Fi network. b. Turning on patch updates to the SDIO card. c. Requiring a username before accessing the SDIO card. d. SDIO cards are natively secure and no security settings are needed.
How does heuristic detection detect a virus? - Answer>>a. A virtualized environment is created and the code is executed in it. b. A string of bytes from the virus is compared against the suspected file. c. The bytes of a virus are placed in different "piles" and then used to create a profile. d. The virus signature file is placed in a suspended chamber before streaming to the CPU. Which of these is a list of approved email senders? - Answer>>a. Blacklist b. Whitelist c. Bluelist d. Yellowlist Which of the following types of testing uses unexpected or invalid inputs? - Answer>>a. Stress testing b. Dynamic analysis c. Static analysis d. Runtime testing Chapter 10 - Answer>>Mobile and Embedded Device Security Which technology is NOT a core feature of a mobile device? - Answer>>a. Physical keyboard b. Small form factor c. Local non-removable data storage d. Data synchronization capabilities Agape was asked to make a recommendation regarding short-range wireless technologies to be supported in a new conference room that was being renovated. Which of the following would she NOT consider due to its slow speed and its low deployment levels today? - Answer>>a. ANT
What is the process of identifying the geographical location of a mobile device? - Answer>>a. Geotracking b. Geolocation c. geoID d. Geomonitoring Which of these is NOT a risk of connecting a mobile device to a public network? - Answer>>a. Public networks are beyond the control of the employee's organization. b. Replay attacks can occur on public networks. c. Public networks may be susceptible to man-in-the-middle attacks. d. Public networks are faster than local networks and can spread malware more quickly to mobile devices. Paavo was reviewing a request by an executive for a new subnotebook computer. The executive said that he wanted USB OTG support and asked Paavo's opinion regarding its security. What would Paavo tell him about USB OTG security? - Answer>>a. USB OTG uses strong security and the executive should have no concerns. b. Subnotebooks do not support USB OTG. c. An unsecured mobile device could infect other tethered mobile devices or the corporate network. d. Connecting a mobile device as a peripheral to an infected computer could allow malware to be sent to that device. A friend of Ukrit told him that he has just downloaded and installed an app that allows him to circumvent the built-in limitations on his Apple iOS smartphone. What is this called? - Answer>>a. Rooting b. Sideloading c. Jailbreaking d. Ducking
Which of the following technologies provides for pictures, video, or audio to be included in text messages? - Answer>>a. MMS b. QR c. SMS d. ANT What prevents a mobile device from being used until the user enters the correct passcode? - Answer>>a. Swipe identifier (SW-ID) b. Screen lock c. Screen timeout d. Touch swipe Gaetan has attempted to enter the passcode for his mobile device but keeps entering the wrong code. Now he is asked to enter a special phrase to continue. Which configuration setting is enabled on Gaetan's mobile device? - Answer>>a. Reset to factory settings b. Extend lockout period c. Enable high security d. :Lock device What does containerization do? - Answer>>a. It splits operating system functions only on specific brands of mobile devices. b. It places all keys in a special vault. c. It slows down a mobile device to half speed. d. It separates personal data from corporate data. What allows a device to be managed remotely? - Answer>>a. Mobile device management (MDM) b. Mobile application management (MAM)
b. MDM c. MCM d. MFM Which type of OS is typically found on an embedded system? - Answer>>a. SoC b. RTOS c. OTG d. COPE Chapter 11 - Answer>>Authentication and Account Management Which authentication factor is based on a unique talent that a user possesses? - Answer>>a. What you have b. What you are c. What you do d. What you know Which of these is NOT a characteristic of a weak password? - Answer>>a. A common dictionary word b. A long password c. Using personal information d. Using a predictable sequence of characters Each of the following accounts should be prohibited EXCEPT: - Answer>>a. Shared accounts b. Generic accounts c. Privileged accounts d. Guest accounts
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? - Answer>>a. OAuth b. Open ID Connect c. Shibboleth d. NTLM How is key stretching effective in resisting password attacks? - Answer>>a. It takes more time to generate candidate password digests. b. It requires the use of GPUs. c. It does not require the use of salts. d. The license fees are very expensive to purchase and use it. Which of these is NOT a reason why users create weak passwords? - Answer>>a. A lengthy and complex password can be difficult to memorize. b. A security policy requires a password to be changed regularly. c. Having multiple passwords makes it hard to remember all of them. d. Most sites force users to create weak passwords even though they do not want to. What is a hybrid attack? - Answer>>a. An attack that uses both automated and user input b. An attack that combines a dictionary attack with a mask attack c. A brute force attack that uses special tables d. An attack that slightly alters dictionary words A TOTP token code is generally valid for what period of time? - Answer>>a. Only while the user presses SEND b. For as long as it appears on the device c. For up to 24 hours d. Until an event occurs
