Download Security+ Practice Exam Questions and Answers and more Exams Securities Regulation in PDF only on Docsity!
Security + Practice Exam Questions and
Answers Rated A+
- In which of the following types of architecture is the user responsible for the creation of the private and public key?
A. Decentralized key management
B. Centralized key management
C. Revocation key management
D. Multilevel key management โโA
- Which of the following standards ensures privacy between communicating applications and clients on the Web and has been designed to replace SSL?
A. Secure Sockets Layer 4
B. Point-to-Point Tunneling Protocol
C. Transport Layer Security
D. Internet Protocol Security โโC
- Lynn needs access to the Accounting order-entry application but keeps getting an error that indicates inadequate access permissions. Bob assigns Lynn's account to the Administrator's group to overcome the error until he can work on the problem. Which access control constraint was violated by this action?
A. Implicit denial
B. Least privilege
C. Separation of duties
D. Account expiration โโB
- An authentication system relies on an RFID chip embedded in a plastic key together with the pattern of blood vessels in the back of an authorized user's hand. What types of authentication are being employed in this system?
A. Something you have and something you are
B. Something you do and something you know
C. Something you know and something you are
D. Somewhere you are and something you have โโA
B. The NoSQL design uses server-side validation.
C. NoSQL databases lack confidentiality and integrity.
D. NoSQL databases are lacking in areas of scalability and performance. โโC
- Which one of the following is a holding area between two entry points that gives security personnel time to view a person before allowing him into the internal building?
A. Mantrap
B. Biometric
C. Honeypot
D. Honeynet โโA
- Bluejacking and bluesnarfing make use of which wireless technology?
A. Wi-Fi
B. Bluetooth
C. Blu-Fi
D. All of the above โโB
- If an organization takes a full backup every Sunday morning and a daily differential backup each morning, what is the fewest number of backups that must be restored following a disaster on Friday?
A. 1
B. 2
C. 5
D. 6 โโB
- Which risk reduction policy does not aid in identifying internal fraud?
A. Mandatory vacations
B. Least privilege
C. Separation of duties
D. Job rotation โโB
A. Password length set to 6 characters
B. Require password change at 90 days
C. Maximum password age set to zero
D. Account lockout threshold set to zero โโB
- You manage a network on which there are mixed vendor devices and are required to implement a strong authentication solution for wireless communications. Which of the following would best meet your requirements? (Select two correct answers.)
A. EAP
B. WEP
C. LEAP
D. PEAP โโA and D
- Which of the following makes it difficult for an eavesdropper to spot patterns and contains a message integrity method to ensure that messages have not been tampered with?
A. ICMP
B. CCMP
C. WEP
D. LEAP โโB
- Which risk management response is being implemented when a company decides to close a little-used legacy web application identified as vulnerable to SQL Injection?
A. Acceptance
B. Avoidance
C. Mitigation
D. Transference โโB
- A video surveillance system is a form of which type of access control?
A. Quantitative
B. Management
C. Technical
D. Physical โโD
A. TCP handshake
B. UDP handshake
C. Juggernaut
D. All of the above โโA
- Which of the following best describes why a requesting device might believe that incoming ARP replies are from the correct devices?
A. ARP requires validation.
B. ARP does not require validation.
C. ARP is connection oriented.
D. ARP is connectionless. โโB
- Which of the following describes a network of systems designed to lure an attacker away from another critical system?
A. Bastion host
B. Honeynet
C. Vulnerability system
D. Intrusion-detection system โโB
- An organization has agreed to collaborate on a business project with another organization. Which of the following documents would outline the terms and details of an agreement between parties, including each party's requirements and responsibilities?
A. SLA
B. BPA
C. MOU
D. ISA โโC
- An organization has had a rash of malware infections. Which of the following can help mitigate the number of successful attacks?
A. Application baselining
B. Patch management
C. Network monitoring
D. Input validation โโB
B. Voice encryption
C. Remote wipe
D. Passcode policy โโD
- Which of the following is the formal process of assessing risk involved in discarding particular information?
A. Sanitization
B. Declassification
C. Degaussing
D. Overwriting โโB
- Which of the following is the most useful when you're dealing with data that is stored in a shared cloud environment?
A. Full disk encryption
B. File-level encryption
C. Media-level encryption
D. Application-level encryption โโD
- If Bob wants to send a secure message to Val using public key encryption without sender validation, what does Val need?
A. Bob's private key
B. Bob's public key
C. Val's private key
D. Val's public key โโC
- Which category of authentication includes your ATM card?
A. Something you are
B. Something you do
C. Somewhere you are
D. Something you have โโD
- Which is the best access control constraint to protect against accidental unauthorized access?
C. Hashing algorithm
D. Certificate authority โโC
- Which of the following is true of Pretty Good Privacy (PGP)? (Select the two best answers.)
A. It uses a web of trust.
B. It uses a hierarchical structure.
C. It uses public key encryption.
D. It uses private key encryption. โโA and C
- Which one of the following best identifies the system of digital certificates and certification authorities used in public key technology?
A. Certificate practice system (CPS)
B. Public key exchange (PKE)
C. Certificate practice statement (CPS)
D. Public key infrastructure (PKI) โโD
- Which of the following is not a certificate trust model for the arranging of certificate authorities?
A. Bridge CA architecture
B. Sub-CA architecture
C. Single-CA architecture
D. Hierarchical CA architecture โโB
- Which of the following is a term describing the process of registering an asset and provisioning the asset so it can be used to access the corporate network?
A. Mobile application management
B. Onboarding
C. Mobile device management
D. Device access controls โโB
- Which of the following are advantages of honeypots and honeynets? (Select all correct answers.)
C. Bridge
D. Linked โโB
- Which of the following are types of updates applied to systems? (Select all correct answers.)
A. Hotfix
B. Service packs
C. Patches
D. Coldfix โโA, B, and C
- Which of the following types of cloud computing is designed to meet industryspecific needs such as healthcare, public sector, or energy?
A. Public
B. Private
C. Hybrid
D. Community โโD
- What is a potential concern to weaker encryption algorithms as time goes on? (Select the best answer.)
A. Performance of the algorithm worsens over time.
B. Keys generated by users start to repeat on other users' systems.
C. Hackers using distributed computing might be able to finally crack algorithms.
D. All options are correct. โโC
- Which of the following is not a common quality of quantitative risk analysis?
A. Difficult for management to understand
B. Less precise
C. Labor intensive
D. Time-consuming โโB
- Which of the following should be implemented if the organization wants to monitor unauthorized transfers of confidential information?
A. Content inspection
