CompTIA Security+ Questions (Lesson 1-10) Flashcards by Salewa Aderonmu

Consider the types of zones within a network’s topology and locate the zone considered semi-trusted and requires hosts to authenticate to join.

Private network
Extranet
Internet
Anonymous

Extranet

How well did you know this?

Not at all

Perfectly

Where should an administrator place an internet-facing host on the network?

DMZ
Bastion host
Extranet
Private network

DMZ

How well did you know this?

Not at all

Perfectly

There are several types of security zones on a network. Analyze network activities to determine which of the following does NOT represent a security zone.

DMZ
Screened host
Wireless
Guest network

Screened host

How well did you know this?

Not at all

Perfectly

Evaluate the typical weaknesses found in network architecture and determine which statement best aligns with a security weakness.

A company has a single network channel.
A company has many different systems to operate one service.
A company has a habit of implementing quick fixes.
A company has a flat network architecture.

A company has a flat network architecture.

How well did you know this?

Not at all

Perfectly

Evaluate the following choices based on their potential to lead to a network breach. Select the choice that is NOT a network architecture weakness.

The network architecture is flat.
Services rely on the availability of several different systems.
The network relies on a single hardware server.
Not all hosts on the network can talk to one another.

Not all hosts on the network can talk to one another.

How well did you know this?

Not at all

Perfectly

Identify the attack that can launch by running software against the CAM table on the same switch as the target.

MAC flooding
MAC spoofing
ARP poisoning attack
LLMNR

MAC flooding

MAC flooding is a variation of an ARP poisoning attack. While ARP poisoning is directed at hosts, MAC flooding is used to attack a switch.

How well did you know this?

Not at all

Perfectly

Given that layer 2 does not recognize Time to Live, evaluate the potential problems to determine which of the following options prevents this issue.

ICMP
L2TP
NTP
STP

STP

How well did you know this?

Not at all

Perfectly

Analyze the available detection techniques and determine which are useful in identifying a rogue system through software management. (Select all that apply.)

Visual inspection of ports and switches will prevent rogue devices from accessing the network.
Network mapping is an easy way to reveal the use of unauthorized protocols on the network or unusual traffic volume.
Intrusion detection and NAC are security suites and appliances that combine automated network scanning with defense and remediation suites to prevent rogue devices from accessing the network.
Wireless monitoring can reveal whether there are unauthorized access points.

Intrusion detection and NAC are security suites and appliances that combine automated network scanning with defense and remediation suites to prevent rogue devices from accessing the network.
Wireless monitoring can reveal whether there are unauthorized access points.

How well did you know this?

Not at all

Perfectly

An attacker tricks a host within a subnet into routing through an attacker’s machine, rather than the legitimate default gateway, allowing the attacker to eavesdrop on communications and perform a Man-in-the-Middle (MitM) attack. Compare the types of routing vulnerabilities and conclude what the attacker is exploiting in this scenario.

Route injection
Denial of service
ARP poisoning
Source routing

ARP poisoning

How well did you know this?

Not at all

Perfectly

Which statement regarding attacks on media access control (MAC) addresses accurately pairs the method of protection and what type of attack it guards against? (Select all that apply.)

MAC filtering guards against MAC snooping.
Dynamic Host Configuration Protocol (DHCP) snooping guards against MAC spoofing.
MAC filtering guards against MAC spoofing.
DAI guards against invalid MAC addresses

Dynamic Host Configuration Protocol (DHCP) snooping guards against MAC spoofing.
DAI guards against invalid MAC addresses

How well did you know this?

Not at all

Perfectly

Compare the characteristics of a rogue Access Point (AP) in wireless networks to determine which statements correctly summarize their attributes. (Select all that apply.)

An evil twin is a rogue AP, and an attacker can use a Denial of Service (DoS) to disconnect users from the legitimate AP and connect to the evil twin.
Sometimes referred to as an evil twin, a rogue AP masquerading as a legitimate AP, may have a similar name to a legitimate AP.
An attacker can set up a rogue AP with something as simple as a smartphone with tethering capabilities.
A Denial of Service (DoS) will bypass authentication security (enabled on the AP), so it is important to regularly scan for rogue APs on the network.

How well did you know this?

Not at all

Perfectly

A network manager suspects that a wireless network is undergoing a deauthentication attack. Applying knowledge of wireless network attacks, which scenario best supports the network manager’s suspicion?

A. A network experiences radio interference, which causes connectivity issues for users. The users disconnect from the network, and upon reauthenticating, they log on to an evil twin Access Point (AP).
B. An attacker creates an Access Point (AP) using a similar name as a legitimate AP, in an attempt to have users authenticate through the rogue AP in order to gain authentication information.
C. A rogue Access Point (AP) captures user logon attempts. The attacker uses this information to authenticate to the system and obtain critical data.
D. A group of users suddenly disconnects from the network. When the users reconnect, they actually connect to an evil twin Access Point (AP), which gives an attacker information about authentication.

D. A group of users suddenly disconnects from the network. When the users reconnect, they actually connect to an evil twin Access Point (AP), which gives an attacker information about authentication.

How well did you know this?

Not at all

Perfectly

A systems administrator is building a wireless network using WPA3 technology. Which of the following would NOT be considered a main feature of WPA3?

Simultaneous authentication of equals
RC4 stream cipher with TKIP
Management protection frames
Enhanced open

RC4 stream cipher with TKIP

How well did you know this?

Not at all

Perfectly

A company is reviewing the options for installing a new wireless network. They have requested recommendations for utilizing WEP, WPA, or WPA2. Differentiate between Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). Determine which of the following statements accurately distinguishes between the options. (Select all that apply.)

WEP and WPA use RC4 with a Temporal Key Integrity Protocol (TKIP), while WPA2 uses a 24-bit Initialization Vector (IV). WPA2 combines the 24-bit IV with an Advanced Encryption Standard (AES) to add security.
WEP is the strongest encryption scheme, followed by WPA2, then WPA. WEP is difficult to crack when protected by a strong password, or if deploying enterprise authentication. WPA2 is more vulnerable to decryption due to replay attack possibilities.
WPA and WEP use RC4, while WEP uses a 24-bit Initialization Vector (IV). WPA uses a Temporal Key Integrity Protocol (TKIP), and WPA2 uses an Advanced Encryption Standard (AES) for encryption.
WPA2 is the strongest encryption scheme, followed by WPA, then WEP. WPA2 is difficult to crack if protected by a strong password, or if deploying enterprise authentication. WEP is more vulnerable to decryption due to replay attack possibilities.

WPA and WEP use RC4, while WEP uses a 24-bit Initialization Vector (IV). WPA uses a Temporal Key Integrity Protocol (TKIP), and WPA2 uses an Advanced Encryption Standard (AES) for encryption.
WPA2 is the strongest encryption scheme, followed by WPA, then WEP. WPA2 is difficult to crack if protected by a strong password, or if deploying enterprise authentication. WEP is more vulnerable to decryption due to replay attack possibilities.

How well did you know this?

Not at all

Perfectly

A hotel guest opens their computer and logs into the Wi-Fi without prompting the guest for a username and password. Upon opening an internet browser, a splash page appears that requests the guest’s room number and last name for authentication. Which type of authentication is the hotel utilizing?

Protected
Extensive
Group
Open

Open

How well did you know this?

Not at all

Perfectly

An Internet Service Provider’s (ISP) customer network is under a Distributed Denial of Service (DDoS) attack. The ISP decides to use a blackhole as a remedy. How does the ISP justify their decision?

A blackhole drops packets for the affected IP address(es) and is in a separate area of the network that does not reach any other part of the network.
A blackhole makes the attack less damaging to the ISP’s other customers and continues to send legitimate traffic to the correct destination.
A blackhole routes traffic destined to the affected IP address to a different network. Here, the ISP can analyze and identify the source of the attack, to devise rules to filter it.
A blackhole is preferred, as it evaluates each packet in a multi-gigabit stream against an Access Control List (ACL) without overwhelming the processing resources.

A blackhole drops packets for the affected IP address(es) and is in a separate area of the network that does not reach any other part of the network.

How well did you know this?

Not at all

Perfectly

During the planning/scoping phase of the kill chain, an attacker decides that a Distributed Denial of Service (DDoS) attack would be the best way to disrupt the target website and remain anonymous. Evaluate the following explanations to determine the reason the attacker chose a DDoS attack.

A DDoS attack can launch via covert channels
DDoS attacks utilize botnets
A DDoS attack creates a backdoor to a website
DDoS attacks use impersonation

DDoS attacks utilize botnets

How well did you know this?

Not at all

Perfectly

Given knowledge of load balancing and clustering techniques, which configuration provides consistent performance and partial fault tolerance for applications like streaming audio and video services?

Active/Passive clustering
Active/Active clustering
First in, First out (FIFO) clustering
Fault tolerant clustering

Active/Passive clustering

How well did you know this?

Not at all

Perfectly

Which statement best describes the difference between session affinity and session persistence?

With persistence, once a client device establishes a connection, it remains with the node that first accepted its request, while an application-layer load balancer uses session affinity to keep a client connected by setting up a cookie.
Session affinity makes node scheduling decisions based on health checks and processes incoming requests based on each node’s load. Session persistence makes scheduling decisions on a first in, first out (FIFO) basis.
With session affinity, when a client establishes a session, it remains with the node that first accepted its request, while an application-layer load balancer uses persistence to keep a client connected by setting up a cookie.
Session persistence makes scheduling decisions based on traffic priority and bandwidth considerations, while session affinity makes scheduling decisions based on which node is available next.

With session affinity, when a client establishes a session, it remains with the node that first accepted its request, while an application-layer load balancer uses persistence to keep a client connected by setting up a cookie.

How well did you know this?

Not at all

Perfectly

Analyze the following scenarios and determine which best simulates the use of a content filter. (Select all that apply.)

A system has broken down a packet containing malicious content, and erases the suspicious content, before rebuilding the packet.
A high school student is using the school library to do research for an assignment and cannot access certain websites due to the subject matter.
A system administrator builds a set of rules based on information found in the source IP address to allow access to an intranet.
A system administrator blocks access to social media sites after the CEO complains that work performance has decreased due to excessive social media usage at work.

A high school student is using the school library to do research for an assignment and cannot access certain websites due to the subject matter.
A system administrator blocks access to social media sites after the CEO complains that work performance has decreased due to excessive social media usage at work.

How well did you know this?

Not at all

Perfectly

Which statement regarding attacks on media access control (MAC) addresses accurately pairs the method of protection and what type of attack it guards against? (Select all that apply.)

Dynamic Host Configuration Protocol (DHCP) snooping guards against MAC spoofing.
DAI guards against invalid MAC addresses - Dynamic Address resolution protocol Inspection (DAI)

Note:
DHCP snooping inspects traffic arriving on access ports to ensure that a host is not trying to spoof its MAC address.
DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings.

How well did you know this?

Not at all

Perfectly

A networking administrator is reviewing available security products to further fine-tune the existing firewall and appliance settings. An administrator should analyze which system logs in order to tune firewall rulesets and remove or block suspect hosts and processes from the network?

Network-based intrusion detection system (NIDS)
Unified threat management (UTM) product
Network-based intrusion prevention system (IPS)
Network behavior and anomaly detection (NBAD) product

Network-based intrusion detection system (NIDS)

Analyzing NIDS logs allows an administrator to tune firewall rulesets, remove or block suspect hosts and processes from the network, or deploy additional security controls to mitigate any identified threats.

How well did you know this?

Not at all

Perfectly

Compare and contrast the characteristics of the various types of firewalls and select the correct explanation of a packet-filtering firewall.

An ACL only allows the minimum amount of traffic required for the operation of valid network services and no more
A firewall that maintains stateful information about the connection between two hosts
A firewall that analyzes HTTP headers and the HTML code to identify code that matches a pattern
A stand-alone firewall implemented with routed interfaces or as a virtual wire transparent firewall

An ACL only allows the minimum amount of traffic required for the operation of valid network services and no more

How well did you know this?

Not at all

Perfectly

Which of the following solutions best addresses data availability concerns that may arise with the use of application-aware next-generation firewalls (NGFW) and unified threat management (UTM) solutions?

Signature-based detection system
Secure web gateway (SWG)
Network-based intrusion prevention system (IPS)
Active or passive test access point (TAP)

Secure web gateway (SWG)

While complex NGFW and UTM solutions provide high confidentiality and integrity, lower throughput reduces availability. One solution to this is to treat security solutions for server traffic differently from that for user traffic. An SWG acts as a content filter, which applies user-focused filtering rules and also conducts threat analysis.

How well did you know this?

Not at all

Perfectly

A system administrator wants to install a mechanism to conceal the internal IP addresses of hosts on a private network. What tool can the administrator use to accomplish this security function? NAT gateway Reverse proxy server Virtual firewall Access Control List (ACL)

NAT gateway

Which of the following are types of log collection for SIEM? (Select all that apply.) Log aggregation Firewall Agent-based Listener/Collector

Agent-based Listener/Collector ??? Class Midterm exam Log aggregation - RIGHT Packet capture - RIGHT Agent-based - RIGHT Listener/Collector - RIGHT OSINT - RIGHT Agent-less based - WRONG

A network administrator wants to use a proxy server to prevent external hosts from connecting directly with application servers. Which proxy server implementation will best fit this need? Transparent proxy server Non-transparent proxy server Caching proxy server Reverse proxy server

Reverse proxy server

Compare and analyze the types of firewalls available to differentiate between them. Choose the answer with the most correct description. Packet filtering firewalls operate at layer 5 of the OSI model, while circuit-level stateful inspection firewalls operate at layer 3. An appliance firewall is also known as a stateful multilayer inspection or a deep packet inspection. An application aware firewall is a stand-alone hardware firewall that performs the function of a firewall only. A packet filtering firewall maintains stateful information about a connection between two hosts and implements an appliance firewall as a software application running on a single host. An application firewall can analyze the HTTP headers to identify code that matches a pattern, while an appliance firewall monitors all traffic passing into and out of a network segment.

An application firewall can analyze the HTTP headers to identify code that matches a pattern, while an appliance firewall monitors all traffic passing into and out of a network segment.

Evaluate the functions of a Network-Based Intrusion Detection System (NIDS) and conclude which statements are accurate. (Select all that apply.) Training and tuning are fairly simple, and there is a low chance of false positives and false negatives. A NIDS will identify and log hosts and application activity that the administrator can use to analyze and take further action. Training and tuning are complex, and there is a high chance of false positive and negative rates. A NIDS will identify attacks and block the traffic to stop the attack. The administrator will be able to review the reports for future prevention.

A NIDS will identify and log hosts and application activity that the administrator can use to analyze and take further action. Training and tuning are complex, and there is a high chance of false positive and negative rates.

Security information and event management (SIEM) collect data inputs from multiple sources. Which of the following is NOT one of the main types of log collection for SIEM? Agent-based Listener/collector Sensor (sniffer) Artificial intelligence (AI)

Artificial intelligence (AI)

A network administrator conducts a network assessment to determine where to implement a network intrusion detection system (NIDS). Which sensor deployment option is most ideal if the admin is concerned about system overloads and resiliency in the event of power loss? A. Passive test access point (TAP) B. Active test access point (TAP) C, Aggregation test access point (TAP) D. Switched port analyzer (SPAN)/mirror port

A. Passive test access point (TAP) With a passive TAP, the monitor port receives every frame—corrupt, malformed, or not—and load does not affect copying. Because it performs an active function, an active TAP becomes a point of failure for the links in the event of power loss. When deploying an active TAP, it is important to use a model with backup power options.

Artificial intelligence (AI) and machine learning are especially important during which security information and event management (SIEM) task? Packet capture Analysis and report review Data aggregation Log collection

Analysis and report review Note: SIEM software can link individual events or data points (observables) into a meaningful indicator of risk, or Indicator of Compromise (IOC). Many SIEM solutions use artificial intelligence (AI) and machine learning as the basis for automated analysis.

Which of the following considerations is most important when employing a signature-based intrusion detection system? The system may produce false positives and block legitimate activity. The system must create a valid baseline signature of normal activity. Signatures and rules must be kept up to date to protect against emerging threats. Signatures and rules must be able to detect zero-day attacks.

Signatures and rules must be kept up to date to protect against emerging threats.

Analyze each statement and determine which describes a fundamental improvement on traditional log management that security information and event management (SIEM) offers. SIEM is completely automated; it requires no manual data preparation. SIEM logs ensure non-repudiation, whereas other logs cannot link a specific user to an action. SIEM can perform correlation, linking observables into meaningful indicators of risk or compromise. SIEM addresses the issue of sheer volume of alerts, using machine learning to facilitate threat hunting.

SIEM can perform correlation, linking observables into meaningful indicators of risk or compromise. Note: SIEM correlates individual events or data points (observables) into a meaningful indicator of risk, or Indicator of Compromise (IOC). Correlation is the principal factor distinguishing it from basic log management. Security orchestration, automation, and response (SOAR) is a solution to the problem of the volume of alerts overwhelming analysts' ability to respond. A security engineer may implement SOAR as a standalone technology or integrate it with a SIEM, using machine/deep learning techniques to enrich data for use in incident response and threat hunting.

A team is building a wireless network, and the company has requested the team to use a Wired Equivalent Privacy (WEP) encryption scheme. The team has developed a recommendation to utilize a different encryption scheme based on the problems with WEP. Analyze the features of WEP to determine what problems to highlight in the recommendation. WEP has the option to use either a 64-bit or a 128-bit key, which is not secure enough for the company. Packets use a checksum to verify integrity that is too difficult to compute. WEP allows for a 256-bit key but is still not secure. The Initialization Vector (IV) is not sufficiently large, thus is not always generated using a sufficiently random algorithm. WEP only allows the use of a 128-bit encryption key and is not secure. The Initialization Vector (IV) is too large to provide adequate security. WEP only allows the use of a 64-bit key, which is not secure enough for the company. The Initialization Vector (IV) is often not generated using a sufficiently random algorithm.

WEP allows for a 256-bit key but is still not secure. The Initialization Vector (IV) is not sufficiently large, thus is not always generated using a sufficiently random algorithm.

Compare and contrast the characteristics of the various types of firewalls and select the correct explanation of a packet filtering firewall. A stand-alone firewall implemented with routed interfaces or as a virtual wire transparent firewall A firewall that analyzes HTTP headers and the HTML code to identify code that matches a pattern An administrator configures an Access Control List (ACL) to deny access to IP addresses A firewall that maintains stateful information about the connection

An administrator configures an Access Control List (ACL) to deny access to IP addresses

Which security related phrase relates to the integrity of data? Availability Modification Confidentiality Risk

Modification

An engineer looks to implement security measures by following the five functions in the National Institute of Standards and Technology (NIST) Cybersecurity Framework. When documenting the “detect” function, what does the engineer focus on? Evaluate risks and threats Install, operate, and decommission assets Ongoing proactive monitoring Restoration of systems and data

Ongoing proactive monitoring

How might the goals of basic network management not align with the goals of security? Management focuses on confidentiality and availability. Management focuses on confidentiality over availability. Management focuses on integrity and confidentiality. Management focuses on availability over confidentiality.

Management focuses on availability over confidentiality.

Any external responsibility for an organization’s security lies mainly with which individuals? The senior executives Tech staff Managers Public relations

The senior executives

The National Institute of Standards and Technology (NIST) provides a framework that classifies security-related functions. Which description aligns with the "respond" function? Evaluate risks, threats, and vulnerabilities. Perform ongoing, proactive monitoring. Implement resilience to restore systems. Identify, analyze, and eradicate threats.

Identify, analyze, and eradicate threats.

A company has an annual contract with an outside firm to perform a security audit on their network. The purpose of the annual audit is to determine if the company is in compliance with their internal directives and policies for security control. Select the broad class of security control that accurately demonstrates the purpose of the audit. Managerial Technical Physical Compensating

Managerial

The _____ requires federal agencies to develop security policies for computer systems that process confidential information. Sarbanes-Oxley Act (SOX) Computer Security Act Federal information Security Management Act (FISMA) Gramm-Leach-Bliley Act (GLBA)

Computer Security Act

After a poorly handled security breach, a company updates its security policy to include an improved incident response plan. Which of the following security controls does this update address? Compensating Deterrent Corrective Detective

Corrective

The IT department head returns from an industry conference feeling inspired by a presentation on the topic of cybersecurity frameworks. A meeting is scheduled with IT staff to brainstorm ideas for deploying security controls by category and function throughout the organization. Which of the following ideas are consistent with industry definitions? (Select all that apply.) A. Deploy a technical control to enforce network access policies. B. Deploy an operational control to monitor compliance with external regulations. C. Schedule quarterly security awareness workshops as a preventive control to mitigate social engineering attacks. D. Deploy agents to file servers to perform continuous backups to cloud storage as a corrective control to mitigate the impact of malware.

A. Deploy a technical control to enforce network access policies. C. Schedule quarterly security awareness workshops as a preventive control to mitigate social engineering attacks. D. Deploy agents to file servers to perform continuous backups to cloud storage as a corrective control to mitigate the impact of malware.

Which of the following has a cyber security framework (CSF) that focuses exclusively on IT security, rather than IT service provisioning? A. National Institute of Standards and Technology (NIST) B. International Organization for Standardization (ISO) C. Control Objectives for Information and Related Technologies (COBIT) D. Sherwood Applied Business Security Architecture (SABSA)

A. National Institute of Standards and Technology (NIST)

A company technician goes on vacation. While the technician is away, a critical patch released for Windows servers is not applied. According to the National Institute of Standards and Technology (NIST), what does the delay in applying the patch create on the server? Control Risk Threat Vulnerability

Vulnerability

A system analyst is tasked with searching the dark web for harvested customer data. Because these sites cannot be found in a standard website search, what must the analyst have in order to search for the harvested information? The Onion Router (TOR) Dark web search engine Dark Website URL Open Source Intelligence (OSINT)

Dark Website URL

Which of the following can be a true insider threat? (Select all that apply.) A. Former employee B. Contractor C. Customer D. White hat hacker

Former employee Contractor

One aspect of threat modeling is to identify potential threat actors and the risks associated with each one. When assessing the risk that any one type of threat actor poses to an organization, what are the most critical factors to profile? (Select all that apply.) A. Education B. Socioeconomic status C. Intent D. Motivation

C. Intent D. Motivation

An unknowing user with authorized access to systems in a software development firm installs a seemingly harmless, yet unauthorized program on a workstation without the IT department's sanction. Identify the type of threat that is a result of this user's action. A. Unintentional insider threat B. Malicious insider threat C. Intentional attack vector D. External threat with insider knowledge

A. Unintentional insider threat

A contractor has been hired to conduct security reconnaissance on a company. The contractor browses the company's website to identify employees and then finds their Facebook pages. Posts found on Facebook indicate a favorite bar that employees frequently visit. The contractor visits the bar and learns details of the company's security infrastructure through small talk. What reconnaissance phase techniques does the contractor practice? (Select all that apply.) Open Source Intelligence (OSINT) Scanning Social engineering Persistence

Open Source Intelligence (OSINT) Social engineering

What is Open Source Intelligence (OSINT)? A. Obtaining information, physical access to premises, or even access to a user account through the art of persuasion B. The means the organization will take to protect the confidentiality, availability, and integrity of sensitive data and resources C. Using web search tools and social media to obtain information about the target D. Using software tools to obtain information about a host or network topology

D. Using software tools to obtain information about a host or network topology

A security engineer is investigating a potential system breach. When compiling a report of the incident, how does the engineer classify the actor and the vector? Threat Vulnerability Risk Exploit

Threat

An IT manager in the aviation sector checks the industry's threat intelligence feed to keep up on the latest threats and ensure the work center implements the best practices in the field. What type of threat intelligence source is the IT manager most likely accessing? Open Source Intelligence (OSINT) An Information Sharing and Analysis Center (ISAC) A vendor website, such as Microsoft's Security Intelligence blog A closed or proprietary threat intelligence platform

An Information Sharing and Analysis Center (ISAC)

A Department of Defense (DoD) security team identifies a data breach in progress, based on some anomalous log entries, and take steps to remedy the breach and harden their systems. When they resolve the breach, they want to publish the cyber threat intelligence (CTI) securely, using standardized language for other government agencies to use. The team will transmit threat data feed via which protocol? Structured Threat Information eXpression (STIX) Automated Indicator Sharing (AIS) Trusted Automated eXchange of Indicator Information (TAXII) A code repository protocol

Trusted Automated eXchange of Indicator Information (TAXII)

Identify the command that can be used to detect the presence of a host on a particular IP address. ipconfig ifconfig ip ping

ping

A network manager needs a map of the network's topology. The network manager is using Network Mapper (Nmap) and will obtain the visual map with the Zenmap tool. If the target IP address is 192.168.1.1, determine the command within Nmap that will return the necessary data to build the visual map of the network topology. nmap -sn --ipconfig 192.168.1.1 nmap -sn --ifconfig 192.168.1.1 nmap -sn --traceroute 192.168.1.1 nmap -sn --nslookup 192.168.1.1

nmap -sn --traceroute 192.168.1.1

A system administrator must scan the company’s web-based application to identify which ports are open and which operating system can be seen from the outside world. Determine the syntax that should be used to yield the desired information if the administrator will be executing this task from a Linux command line. netstat -a nmap -O nmap -sS 10.1.0.0/24 netstat -n

nmap -O

Select the appropriate methods for packet capture. (Select all that apply.) Wireshark Packet analyzer Packet injection tcpdump

Wireshark tcpdump

Analyze and eliminate the item that is NOT an example of a reconnaissance technique. Initial exploitation Open Source Intelligence (OSINT) Social engineering Scanning

Initial exploitation

Select the statement which best describes the difference between a zero-day vulnerability and a legacy platform vulnerability. A legacy platform vulnerability is typically unpatchable, while a zero-day vulnerability may be exploited before a developer can create a patch for it. A zero-day vulnerability is unpatchable, while a legacy platform vulnerability can always be patched, once detected. A zero-day vulnerability can be mitigated by responsible patch management, while a legacy platform vulnerability cannot likely be patched. A legacy platform vulnerability can always be mitigated by responsible patch management, while a zero-day vulnerability does not yet have a patch solution.

A legacy platform vulnerability is typically unpatchable, while a zero-day vulnerability may be exploited before a developer can create a patch for it.

Examine each attack vector. Which is most vulnerable to escalation of privileges? Software Operating System (OS) Applications Ports

Operating System (OS)

An outside security consultant updates a company’s network, including data cloud storage solutions. The consultant leaves the manufacturer’s default settings when installing network switches, assuming the vendor shipped the switches in a default-secure configuration. Examine the company’s network security posture and select the statements that describe key vulnerabilities in this network. (Select all that apply.) A. The network is open to third-party risks from using an outside contractor to configure cloud storage settings. B. The default settings in the network switches represent a weak configuration. C. The use of network switches leaves numerous unused ports open. D, The recommended settings in the network switches represent secured protocols.

A. The network is open to third-party risks from using an outside contractor to configure cloud storage settings. B. The default settings in the network switches represent a weak configuration.

Encryption vulnerabilities allow unauthorized access to protected data. Which component is subject to brute-force enumeration? A. An unsecured protocol B. A software vulnerability C. A weak cipher D. A lost decryption key

C. A weak cipher

Following a data breach at a large retail company, their public relations team issues a statement emphasizing the company’s commitment to consumer privacy. Identify the true statements concerning this event. (Select all that apply.) A. The data breach must be an intentional act of corporate sabotage. B. The privacy breach may allow the threat actor to sell the data to other malicious actors. C. The data breach can cause data to be exfiltrated. D. The data breach event may compromise data integrity, but not information availability.

B. The privacy breach may allow the threat actor to sell the data to other malicious actors. C. The data breach can cause data to be exfiltrated.

Compare and contrast vulnerability scanning and penetration testing. Select the true statement from the following options. Vulnerability scanning is conducted by a “white hat” and penetration testing is carried out by a “black hat.” Vulnerability scanning by eavesdropping is passive, while penetration testing with credentials is active. Penetration testing and vulnerability scanning are considered “black hat” practices. Vulnerability scanning is part of network reconnaissance, but penetration testing is not.

Vulnerability scanning by eavesdropping is passive, while penetration testing with credentials is active.

An IT director reads about a new form of malware that targets a system widely utilized in the company’s network. The director wants to discover whether the network has been targeted, but also wants to conduct the scan without disrupting company operations or tipping off potential attackers to the investigation. Evaluate vulnerability scanning techniques and determine the best tool for the investigation. Credentialed scan Configuration review Penetration testing Threat hunting

Threat hunting

A network administrator uses an automated vulnerability scanner. It regularly updates with the latest vulnerability feeds. If the system regularly performs active scans and returns the presence of vulnerabilities when they do not exist, what type of error is the system most likely making? False positive False negative Validation error Configuration error

False positive

Which of the following statements summarizes a disadvantage to performing an active vulnerability scan? (Select all that apply.) Active scanning consumes more network bandwidth. Active scanning runs the risk of causing an outage. Active scanning will identify all of a system’s known vulnerabilities. Active scanning techniques do not use system login.

Active scanning consumes more network bandwidth. Active scanning runs the risk of causing an outage.

In which of these situations might a non-credentialed vulnerability scan be more advantageous than a credentialed scan? (Select all that apply.) When active scanning poses no risk to system stability External assessments of a network perimeter Detection of security setting misconfiguration Web application scanning

External assessments of a network perimeter Web application scanning

A contractor has been hired to conduct penetration testing on a company's network. They have decided to try to crack the passwords on a percentage of systems within the company. They plan to annotate the type of data that is on the systems that they can successfully crack to prove the ease of access to data. Evaluate the penetration steps and determine which are being utilized for this task. (Select all that apply.) Test security controls Bypass security controls Verify a threat exists Exploit vulnerabilities

Test security controls Exploit vulnerabilities

A manufacturing company hires a pentesting firm to uncover any vulnerabilities in their network with the understanding that the pen tester receives no information about the company’s system. Which of the following penetration testing strategies is the manufacturing company requesting? Black box Sandbox Gray box White box

Black box

A hacker set up a Command and Control network to control a compromised host. What is the ability of the hacker to use this remote connection method as needed known as? Weaponization Persistence Reconnaissance Pivoting

Persistence

Which statement best explains the differences between black box, white box, and gray box attack profiles used in penetration testing? A. A black box pen tester acts as a privileged insider and must perform no reconnaissance. A white box pen tester has no access, and reconnaissance is necessary. A gray box actor is a third-party actor who mediates between a black box and white box pen tester. B. A black box pen tester acts as the adversary in the test, while the white box pen tester acts in a defensive role. A gray box pen tester is a third-party actor who mediates between a black box pen tester and a white box pen tester. C. In a black box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a white box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance. D. In a white box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a black box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance.

C. In a black box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a white box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance.

During a penetration test, systems administrators for a large company are tasked to play on the white team for an affiliated company. Examine each of the following roles and determine which role the systems admins will fill. A. The systems admins will arbitrate the exercise, setting rules of engagement and guidance. B. The systems admins will try to infiltrate the target system. C. The systems admins will operate monitoring and alerting controls to detect and prevent the infiltration. D. The systems admins will collaborate with attackers and defenders to promote constructive developments.

A. The systems admins will arbitrate the exercise, setting rules of engagement and guidance.

A system administrator has just entered their credentials to enter a secure server room. As the administrator is entering the door, someone is walking up to the door with their hands full of equipment and appears to be struggling to move items around while searching for their credentials. The system administrator quickly begins to assist by getting items out of the person's hands, and they walk into the room together. This person is not an employee, but someone attempting to gain unauthorized access to the server room. What type of social engineering has occurred? A. Familiarity/liking B. Consensus/social proof C. Authority and intimidation D. Identity fraud

B. Consensus/social proof

An employee is having coffee at an outdoor coffee shop and is not taking precautions against someone watching their screen while working on a company project. A person a few tables over watches the employee enter their credentials and then takes photos of the work they are completing with their smartphone. Which form of social engineering is being used in this situation? Vishing Lunchtime attack Shoulder surfing Man-in-the-middle attack

Shoulder surfing

Which of the following depict ways a malicious attacker can gain access to a target's network? (Select all that apply.) Ethical hacking Phishing Shoulder surfing Influence campaign

Phishing Shoulder surfing

Analyze the following attacks to determine which best illustrates a pharming attack. A customer gets an email that appears to be from their insurance company. The email contains a link that takes the user to a fake site that looks just like the real insurance company site. An employee gets a call from someone claiming to be in the IT department. The caller says there was a problem with the network, so they need the employee's password in order to restore network privileges. A company's sales department often has after-hour training sessions, so they order dinner delivery online from the restaurant across the street. An attacker is able to access the company's network by compromising the restaurant's unsecure website. A customer enters the correct URL address of their bank, which should point to the IP address 172.1.24.4. However, the browser goes to 168.254.1.1, which is a fake site designed to look exactly like the real bank site.

A customer enters the correct URL address of their bank, which should point to the IP address 172.1.24.4. However, the browser goes to 168.254.1.1, which is a fake site designed to look exactly like the real bank site.

An individual receives a text message that appears to be a warning from a well-known order fulfillment company, informing them that the carrier has tried to deliver his package twice, and that if the individual does not contact them to claim it, the package will not be delivered. Analyze the scenario and select the social engineering technique being used. SMiShing Phishing Vishing Prepending

SMiShing

Which situation would require keyboard encryption software be installed on a computer? To set up single sign-on privileges To comply with input validation practices For the purpose of key management To protect against spyware

To protect against spyware

A malicious party adds malware to a popular video game and offers free copies to users. The party's objective is to require the CD to be inserted during use. This software will gain administrative rights, change system files, and may hide from detection without the knowledge or consent of the user. Consider the malware characteristics and determine which may be used. (Select all that apply) Spyware Keylogger Rootkit Trojan

Rootkit Trojan

A hacker is able to install a keylogger on a user's computer. What is the hacker attempting to do in this situation? Key management Encryption Obfuscation Steal confidential information

Steal confidential information

A user's PC is infected with a virus that appears to be memory resident and loads anytime it is booted from an external universal serial bus (USB) thumb drive. Examine the following options and determine which describes the infection type. Script virus Boot virus Worm Spyware

Boot virus

An employee calls IT personnel and states that they received an email with a PDF document to review. After the PDF was opened, the system has not been performing correctly. An IT admin conducted a scan and found a virus. Determine the two classes of viruses the computer most likely has. (Select all that apply.) Boot sector Macro Script Non-resident

Macro Script

Which of the following is NOT a use of cryptography? Non-repudiation Obfuscation Security through obscurity Resiliency

Security through obscurity

Evaluate the differences between stream and block ciphers and select the true statement. A block cipher is suitable for communication applications. A stream cipher is subjected to complex transposition and substitution operations, based on the value of the key used. A block cipher is padded to the correct size if there is not enough data in the plaintext. A stream cipher's plaintext is divided into equal-sized blocks.

A block cipher is padded to the correct size if there is not enough data in the plaintext.

Which statement best describes key differences between symmetric and asymmetric cryptographic ciphers? A. Symmetric encryption is used for confidentiality, and uses the same key for encryption and decryption. B. Asymmetric encryption is primarily used for confidentiality, and uses different keys for encryption and decryption. C. Symmetric encryption is used for authentication, and is the most efficient method of encryption for large data transfers. D. Asymmetric encryption is used for non-repudiation and is the most efficient method of encryption for large data transfers.

A. Symmetric encryption is used for confidentiality, and uses the same key for encryption and decryption.

A security technician needs to transfer a large file to another user in a data center. Which statement best illustrates what type of encryption the technician should use to perform the task? A. The technician should use symmetric encryption for authentication and data transfer. B. The technician should use asymmetric encryption to verify the data center user’s identity and agree on a symmetric encryption algorithm for the data transfer. C. The technician should use asymmetric encryption for authentication and data transfer. D. The technician should use symmetric encryption to verify the data center user’s identity and agree on an asymmetric encryption algorithm for the data transfer.

B. The technician should use asymmetric encryption to verify the data center user’s identity and agree on a symmetric encryption algorithm for the data transfer.

Which of the following statements best describes the trade-off when considering which type of encryption cipher to use? A. Asymmetric encryption is the strongest hashing algorithm, which produces longer and more secure digests than symmetric encryption. B. Asymmetric encryption requires substantially more overhead computing power than symmetric encryption. Asymmetric encryption is inefficient when transferring or encrypting large amounts of data. C. Symmetric encryption requires substantially more overhead computing power than asymmetric encryption. Symmetric encryption is inefficient when transferring or encrypting large amounts of data. D. Symmetric encryption is not considered as safe as asymmetric encryption, but it might be required for compatibility between security products.

B. Asymmetric encryption requires substantially more overhead computing power than symmetric encryption. Asymmetric encryption is inefficient when transferring or encrypting large amounts of data.

Compare and contrast the modes of operation for block ciphers. Which of the following statements is true? A. ECB and CBC modes allow block ciphers to behave like stream ciphers. B. CTM mode allows block ciphers to behave like stream ciphers. C. ECB allows block ciphers to behave like stream ciphers. D. CBC and CTM modes allow block ciphers to behave like stream ciphers.

B. CTM mode allows block ciphers to behave like stream ciphers.

An employee works on a small team that shares critical information about the company's network. When sending emails that have this information, what would be used to provide the identity of the sender and prove that the information has not been tampered with? A. Private key B. Digital signature C. Public key D. RSA algorithm

B. Digital signature

Which of the following utilizes both symmetric and asymmetric encryption? A. Digital envelope B. Digital certificate C. Digital evidence D. Digital signature

A. Digital envelope

When using a digital envelope to exchange key information, the use of what key agreement mitigates the risk inherent in the Rivest–Shamir–Adleman (RSA) algorithm, and by what means? A. Perfect forward secrecy (PFS) uses Diffie-Hellman (DH) key agreement to create ephemeral session keys without using the server's private key. B. The Cipher Block Chaining (CBC) key agreement mode uses an initialization vector (IV) to create ephemeral session keys without using the server’s private key. C. Counter mode in key agreement makes the advanced encryption standard (AES) algorithm work as a stream cipher, by applying an initialization vector to issue a security certificate. D. A certificate authority (CA) validates the public key’s owner and creates an initialization vector to protect the exchange from snooping.

A. Perfect forward secrecy (PFS) uses Diffie-Hellman (DH) key agreement to create ephemeral session keys without using the server's private key.

Which two cryptographic functions can be combined to authenticate a sender and prove the integrity of a message? A. Hashing and symmetric encryption B. Public key cryptography and digital enveloping C. Hashing and digital enveloping D. Public key cryptography and hashing

D. Public key cryptography and hashing

A system administrator downloads and installs software from a vendor website. Soon after installing the software, the administrator’s computer is taken over remotely. After closer investigation, the software package was modified, probably while it was downloading. What action could have prevented this incident from occurring? Validate the software using a checksum Validate the software using a private certificate Validate the software using a key signing key Validate the software using Kerberos

Validate the software using a checksum

A security team is in the process of selecting a cryptographic suite for their company. Analyze cryptographic implementations and determine which of the following performance factors is most critical to this selection process if users primarily access systems on mobile devices. Speed Latency Computational overhead Cost

Computational overhead

Which statement best illustrates the importance of a strong true random number generator (TRNG) or pseudo-random number generator (PRNG) in a cryptographic implementation? A weak number generator leads to many published keys sharing a common factor. A weak number generator creates numbers that are never reused. A strong number generator creates numbers that are never reused. A strong number generator adds salt to encryption values.

A weak number generator leads to many published keys sharing a common factor.

A client contacts a server for a data transfer. Instead of requesting TLS1.3 authentication, the client claims legacy systems require the use of SSL. What type of attack might a data transfer using this protocol facilitate? Credential harvesting Key stretching Phishing Man-in-the-middle

Man-in-the-middle

Which statement describes the mechanism by which encryption algorithms help protect against birthday attacks? A. Encryption algorithms utilize key stretching. B. Encryption algorithms use secure authentication of public keys. C. Encryption algorithms add salt when computing password hashes. D. Encryption algorithms must utilize a blockchain.

C. Encryption algorithms add salt when computing password hashes.

An attacker uses a cryptographic technology to create a covert message channel in transmission control protocol (TCP) packet data fields. What cryptographic technique does this attack strategy employ? Homomorphic encryption Blockchain Steganography Key stretching

Steganography

Examine each statement and determine which most accurately describes a major limitation of quantum computing technology. Presently, quantum computers do not have the capacity to run useful applications. Quantum computing is not yet sufficiently secure to run current cryptographic ciphers. Quantum computing is not sufficiently agile to update the range of security products it most frequently uses. Attackers may exploit a crucial vulnerability in quantum computing to covertly exfiltrate data.

Presently, quantum computers do not have the capacity to run useful applications.

Which statement most accurately describes the mechanisms by which blockchain ensures information integrity and availability? A. Blockchain ensures availability by cryptographically linking blocks of information, and integrity through decentralization. B. Blockchain ensures availability through decentralization, and integrity through cryptographic hashing and timestamping. C. Blockchain ensures availability through cryptographic hashing and timestamping, and integrity through decentralization. D. Blockchain ensures both availability and integrity through decentralization and peer-to-peer (P2P) networking.

B. Blockchain ensures availability through decentralization, and integrity through cryptographic hashing and timestamping.

A hospital must balance the need to keep patient privacy information secure and the desire to analyze the contents of patient records for a scientific study. What cryptographic technology can best support the hospital’s needs? Blockchain Quantum computing Perfect forward security (PFS) Homomorphic encryption

Homomorphic encryption

During a penetration test, an adversary operator sends an encrypted message embedded in an attached image. Analyze the scenario to determine what techniques the operator is relying on to hide the message. (Select all that apply.) Security by obscurity Integrity Prepending Confidentiality

Security by obscurity Confidentiality

Consider the life cycle of an encryption key. Which of the following is NOT a stage in a key's life cycle? Storage Verification Expiration and renewal Revocation

Verification

A web administrator visits a website after installing its certificate to test the SSL binding. The administrator's client computer did not trust the website's certificate. The administrator views the website's certificate from the browser to determine which certificate authority (CA) generated the certificate. Which certificate field would assist with the troubleshooting process? Subject alternative name Signature algorithm Issuer Subject

Issuer

An employee has requested a digital certificate for a user to access the Virtual Private Network (VPN). It is discovered that the certificate is also being used for digitally signing emails. Evaluate the possible extension attributes to determine which should be modified so that the certificate only works for VPN access. Valid from/to Extended key usage Serial number Public key

Extended key usage

A website with many subdomains has been issued a web server certificate for domain validation. This certificate verifies the parent domain and all subdomains (to a single level). This certificate is also known as which of the following? SAN certificate Wildcard certificate Root certificate Code signing certificate

Wildcard certificate

Digital certificates are based on the X.509 standard that defines the fields (or information) about a subject (or entity using the certificate) and the certificate’s issuer. Which of the following fields would not be included in a standard public certificate? Extensions Public key Endorsement key Subject

Endorsement key

What is the purpose of a web server certificate? Sign and encrypt email messages. Guarantee the validity of a browser plug-in. Provide identification of the certificate authority. Guarantee the identity of a website.

Guarantee the identity of a website.

If not managed properly, certificate and key management can represent a critical vulnerability. Assess the following statements about key management and select the true statements. (Select all that apply.) A. If a key used for signing and encryption is compromised, it can be easily destroyed with a new key issued. B. It is exponentially more difficult to ensure the key is not compromised with multiple backups of a private key. C. If a private key, or secret key, is not backed up, the storage system represents a single point of failure. D. A compromised private key that encrypts data is of no concern if the same key signs documents.

B. It is exponentially more difficult to ensure the key is not compromised with multiple backups of a private key. C. If a private key, or secret key, is not backed up, the storage system represents a single point of failure

An employee handles key management and has learned that a user has used the same key pair for encrypting documents and digitally signing emails. Prioritize all actions that should be taken and determine the first action that the employee should take. Revoke the keys. Recover the encrypted data. Generate a new key pair. Generate a new certificate.

Recover the encrypted data.

An employee handling key management discovers that a private key has been compromised. Evaluate the stages of a key's life cycle and determine which stage the employee initiates upon learning of the compromise. Certificate generation Key generation Expiration and renewal Revocation

Revocation

A company has a critical encryption key that has an M-of-N control configuration for protection. Examine the examples and select the one that correctly illustrates the proper configuration for this type of protection of critical encryption keys. M=1 and N=5 M=3 and N=5 M=6 and N=5 M=0 and N=5

M=3 and N=5

A Certificate Revocation List (CRL) has a publish period set to 24 hours. Based on the normal procedures for a CRL, what is the most applicable validity period for this certificate? 26 hours 1 hour 23 hours 72 hours

26 hours

Analyze each scenario and determine which best describes the authentication process in an Identity and Access Management (IAM) system. An account is created that identifies a user on the network. A user logs into a system using a control access card (CAC) and PIN number. An Access Control List (ACL) is updated to allow a new user access to only the databases that are required to perform their job. A report is reviewed that shows every successful and unsuccessful login attempt on a server.

A user logs into a system using a control access card (CAC) and PIN number.

Evaluate the following controls that have been set by a system administrator for an online retailer. Determine which statement demonstrates the identification control within the Identity and Access Management (IAM) system. A control is set to force a customer to log into their account prior to reviewing and editing orders. A control is set to cancel automatic shipments for any customer that has an expired credit card on file. A control is set to ensure that billing and primary delivery addresses are valid. A control is set to record the date, time, IP address, customer account number, and order details for each order.

A control is set to ensure that billing and primary delivery addresses are valid.

An Identity and Access Management (IAM) system has four main processes. Which of the following is NOT one of the main processes? Accounting Identification Integrity Authentication

Integrity

Which of the following options represents Two-Factor Authentication (2FA)? A user logs in using a password and a PIN. A user logs in using a password and a smart card. A user logs in using a fingerprint and retina scanner. A user logs in using a smart card and a key fob.

A user logs in using a password and a smart card.

Evaluate how identification and authentication are distinct in their functions. Which of the following scenarios best illustrates a user being authenticated? A user accesses a system by having their face scanned. A system administrator sets up a user account for a new employee after HR sends employment verification. An administrator sends an initial password to a new telecommuting employee through a VPN. A user is assigned an SID.

A user accesses a system by having their face scanned.

Analyze the types of password cracker attacks to determine which scenario best describes a brute force attack. An attacker guesses the password using software that enumerates values in the dictionary An attacker uses a precomputed lookup table of all possible passwords and their matching hashes An attacker attempts every possible combination in the key space in order to derive a plaintext password from a hash An attacker tests dictionary words and names in combination with several numeric prefixes

An attacker attempts every possible combination in the key space in order to derive a plaintext password from a hash

Which of the following password cracker attacks are combined to create a typical hybrid password attack? (Select all that apply.) Brute force Dictionary Salt PTH

Brute force Dictionary

A company receives a massive flood of requests which throttles their network traffic to the internet. How would restricting the number of connections be categorized as a vulnerability? The user is exposed to a replay attack. The user is exposed to a brute force attack. The user is exposed to a DoS attack. The user is exposed to an offline attack.

The user is exposed to a DoS attack.

Select the explanations that accurately describe the Ticket Granting Ticket (TGT) role within the Authentication Service (AS). (Select all that apply.) A. The AS responds with a TGT containing information about the client, including their name and IP address, timestamp, and validity period. The TGT is encrypted with the secret key of the Authentication Server (AS). B. The TGT is a credential that the client issues to authenticate to the AS, and it contains a session key that is shared only between the client and the TGS. C. The client sends the AS a request for a TGT that is composed by encrypting the date and time on the local computer with the user's password hash as the key. D. The TGT responds with a service session key for use between the client and the application server.

A. The AS responds with a TGT containing information about the client, including their name and IP address, timestamp, and validity period. The TGT is encrypted with the secret key of the Authentication Server (AS). B. The TGT is a credential that the client issues to authenticate to the AS, and it contains a session key that is shared only between the client and the TGS.

Based on the known facts of password attacks, critique the susceptibility of the password "DogHouse23" to an attack. A. This is a sufficient password. It is ten characters and contains uppercase characters, lowercase characters, and numbers. B. This is an insufficient password. There are not enough uppercase characters within the password. C. This is a sufficient password. The password is easy for the user to remember yet long enough to meet character requirements. D. This is an insufficient password. The password contains words that are found in the dictionary and does not contain special characters.

D. This is an insufficient password. The password contains words that are found in the dictionary and does not contain special characters.

A user presents a smart card to gain access to a building. Authentication is handled through integration to a Windows server that's acting as a certificate authority on the network. Review the security processes and conclude which are valid when using Kerberos authentication. (Select all that apply.) A. Inputting a correct PIN authorizes the smart card's cryptoprocessor to use its private key to create a Ticket Granting Ticket (TGT) request. B. The smart card generates a one-time use Ticket Granting Service (TGS) session key and certificate. C. The Authentication Server (AS) trusts the user's certificate as it was issued by a local certification authority. D. The Authentication Server (AS) is able to decrypt the request because it has a matching certificate.

A. Inputting a correct PIN authorizes the smart card's cryptoprocessor to use its private key to create a Ticket Granting Ticket (TGT) request. C. The Authentication Server (AS) trusts the user's certificate as it was issued by a local certification authority.

Based on knowledge of the fundamentals of One-time Passwords (OTP), which of the following choices represents the problem that exists with HMAC-based One-time Password Algorithm (HOTP) and is addressed by Time-based One-time Password Algorithm (TOTP)? A. HOTP is not configured with a shared secret. B. The server is not configured with a counter in HOTP. C. Only the HOTP server computes the hash. D. Tokens can be allowed to continue without expiring in HOTP.

D. Tokens can be allowed to continue without expiring in HOTP.

Both Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access-Control System (TACACS+) provide authentication, authorization, and accounting using a separate server (the AAA server). Based on the protocols' authentication processes, select the true statements. (Select all that apply.) A. TACACS+ is open source and RADIUS is a proprietary protocol from Cisco. B. RADIUS uses TCP or UDP by default and TACACS+ uses TCP. C. TACACS+ encrypts the whole packet (except the header) and RADIUS only encrypts the password. D. RADIUS is primarily used for network access and TACACS+ is primarily used for device administration.

B. RADIUS uses TCP or UDP by default and TACACS+ uses TCP. C. TACACS+ encrypts the whole packet (except the header) and RADIUS only encrypts the password. D. RADIUS is primarily used for network access and TACACS+ is primarily used for device administration. ??? Class Midterm Exam: TACACS+ is open source and RADIUS is a proprietary protocol from Cisco. RIGHT TACACS+ encrypts the whole packet (except the header) and RADIUS only encrypts the password. WRONG RADIUS uses UDP and TACACS+ uses TCP. WRONG RADIUS is primarily used for network access and TACACS+ is primarily used for device administration. RIGHT

When a network uses Extensible Authentication Protocol (EAP) as the authentication method, what access control standard restricts local traffic to authentication data when a client connects over a Virtual Private Network (VPN) gateway IEEE 802.1X Kerberos Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-in User Service (RADIUS)

IEEE 802.1X

Consider biometric methods that are used to authenticate a user. Knowing that errors are possible, which of the following would most likely result in a security breach? False positive False negative A low Crossover-Error-Rate (CER) A low throughput

False positive

Regarding the various tools of biometric authentication and their capabilities/limitations, which statement is accurate? Retinal scanning is less intrusive than iris scanning. Fingerprint scanners are the most widely used biometric authentication method. Fingerprint scanners are more expensive but use a straightforward process. Sensor modules are the most preferred biometric authentication method.

Fingerprint scanners are the most widely used biometric authentication method.

Analyze the features of behavioral technologies for authentication, and choose the statements that accurately depict this type of biometric authentication. (Select all that apply.) A. Behavioral technologies are cheap to implement, but have a higher error rate than other technologies. B. Signature recognition is popular within this technology because everyone has a unique signature that is difficult to replicate. C. Obtaining a voice recognition template for behavioral technologies is rather easy and can be obtained quickly. D. Behavior technologies may use typing as a template, which matches the speed and pattern of a user's input of a passphrase.

A. Behavioral technologies are cheap to implement, but have a higher error rate than other technologies. D. Behavior technologies may use typing as a template, which matches the speed and pattern of a user's input of a passphrase.

Biometric authentication methods have different error rates, with some methods being easier to fool than others. An unauthorized user is unlikely to fool which of the following methods? Fingerprint scan Retinal scan Facial recognition Voice recognition

Retinal scan

A security team has just added iris scanners to two access control points in a secure facility. They are in the process of making adjustments to ensure authorized users have access, while unauthorized users cannot get through. Analyze the scenario and determine what metric the team is in the process of fine-tuning. Crossover error rate (CER) False rejection rate (FRR) False acceptance rate (FAR) Type II error

Crossover error rate (CER)

Consider the challenges with providing privileged management and authorization on an enterprise network. Which of the following would the network system administrator NOT be concerned with when configuring directory services? A. Confidentiality B. Integrity C. Non-repudiation D. DoS

D. DoS

An employee has arrived to work and logged into the network with their smart card. This employee now has access to the company databases, email, and shared network resources. Evaluate all of the basic authorization policies and determine the policy best illustrated in this scenario. Least privilege Implicit deny Single Sign-On (SSO) Access key

Single Sign-On (SSO)

Compare all of the functions within directory services and determine which statement accurately reflects the function of group memberships. A. The key provided at authentication lists a user's group memberships, which in turn allows certain access to resources on the network. B. The system compares group memberships with the user's logon credentials to determine if the user has access to the network resources. C. Group memberships contain entries for all usernames and groups that have permission to use the resource. D. Group memberships are like a database, where an object is similar to a record, and the attributes known about the object are similar to the fields.

A. The key provided at authentication lists a user's group memberships, which in turn allows certain access to resources on the network.

What are the most common baseline account and password policies that system administrators implement? (Select all that apply.) A. Use upper- and lower-case letters, numbers, and special characters for passwords. B. Set a lockout duration period. C. Disable enforcement of a password history policy for unique passwords. D. Use a shared account for administrative work on the network.

A. Use upper- and lower-case letters, numbers, and special characters for passwords. B. Set a lockout duration period.

Windows has several service account types, typically used to run processes and background services. Which of the following statements about service accounts is FALSE? The Network service account and the Local service account have the same privileges as the standard user account. Any process created using the system account will have full privileges over the local computer. The local service account creates the host processes and starts Windows before the user logs on. The Local Service account can only access network resources as an anonymous user.

The local service account creates the host processes and starts Windows before the user logs on.

A network administrator regularly reviews group membership and access control lists for each resource. The administrator also looks for unnecessary accounts to disable. What is the administrator executing in this situation? Recertification Logging Permission auditing Usage auditing

Permission auditing

A system administrator has configured a security log to record unexpected behavior and review the logs for suspicious activity. Consider various types of audits to determine which type aligns with this activity. Permission auditing Usage auditing Information security audit Compliance audit

Usage auditing

Analyze the following scenarios and determine which cases call for account disablement over account lockout. (Select all that apply.) Audit logs reveal suspicious activity on a privileged user’s account. A user’s company laptop and key fob are stolen at an airport. A user enters an incorrect password multiple times. A privileged user attempts to log onto a company server outside of authorized hours.

Audit logs reveal suspicious activity on a privileged user’s account. A user’s company laptop and key fob are stolen at an airport.

An employee recently retired, and the employee received an exit interview, returned a company-issued laptop, and had company-specific programs and applications removed from a personal PC. Evaluate this employee’s offboarding process and determine what, if anything, remains to be done. The offboarding process is complete; no further action is necessary. IT needs to disable the employee’s user account and privileges. IT needs to delete any company data encrypted with the employee’s key. The employee must sign a nondisclosure agreement (NDA).

IT needs to disable the employee’s user account and privileges.

Examine the tradeoff between traditional password policy complexity requirements and updated practical suggestions from the National Institute of Standards and Technology (NIST) and select the statement that fits both practical password management and traditional complexity requirements. Passwords should be easy to remember and can include spaces and repetitive strings of numbers (like 987654). Passwords should be easy to remember, but should never use spaces. Passwords should be written in plain text in a common password repository held secure by an IT staff member. Passwords should not contain dictionary words or contextual information, such as a username or the company name.

Passwords should not contain dictionary words or contextual information, such as a username or the company name.

Many Internet companies, such as Google and Facebook, allow users to share a single set of credentials between multiple services providers. For example, a user could login to Amazon using their Facebook credentials. Which term correctly defines this example? Federation Single sign-on Permission Access control

Federation

Which of the following methods allows subjects to determine who has access to their objects? RBAC DAC MAC ABAC

DAC

Consider the role trust plays in federated identity management and determine which models rely on networks to establish trust relationships. (Select all that apply.) SAML OAuth OpenID LDAP

SAML OAuth OpenID

An employee is working on a team to build a directory of systems they are installing in a classroom. The team is using the Lightweight Directory Access Protocol (LDAP) to update the X.500 directory. Utilizing the standards of an X.500 directory, which of the following distinguished names is the employee most likely to recommend? OU=Univ,DC=local,CN=user,CN=system1 CN=system1,CN=user,OU=Univ,DC=local CN=user,DC=local,OU=Univ,CN=system1 DC=system1,OU=Univ,CN=user,DC=local

CN=system1,CN=user,OU=Univ,DC=local

A senior administrator is teaching a new technician how to properly develop a standard naming convention in Active Directory (AD). Examine the following responses and determine which statements are sound advice for completing this task. (Select all that apply.) Create as many root-level containers and nest containers as deeply as needed Consider grouping Organizational Units (OU) by location or department Build groups based on department, and keep all accounts, both standard and administrative, in the same group Within each root-level Organizational Unit (OU), use separate child OUs for different types of objects

Consider grouping Organizational Units (OU) by location or department Within each root-level Organizational Unit (OU), use separate child OUs for different types of objects

A company is instituting role-based training. Which type of training will the company require the data owner to most likely complete? Expert knowledge of IT security and network design Training to ensure technical understanding of access controls Training on data management and PII plus regulatory and compliance frameworks Training on compliance issues and data classification systems

Training on compliance issues and data classification systems

A member of the IT team at a company launches a simulated phishing attack email to users across the organization. Which of these statements most accurately describes the purpose of such an attack? The attack simulated an insider attack and alerted other members of the IT team to the presence of an attack. The attack is a bug bounty, which identifies individuals in the organization who recognize the attack, who then make attempts to enhance security. The attack identifies those users who respond to the phishing attempt as individuals who may require more training. The attack prepares users for upcoming training, with users who respond appropriately, designated as teachers.

The attack identifies those users who respond to the phishing attempt as individuals who may require more training.

Which statement best describes the purpose of an acceptable use policy (AUP)? An AUP governs how employees may use company equipment and internet services. An AUP establishes ethical standards for employee behavior. An AUP communicates a company’s values and expectations to its employees and customers. An AUP defines security roles and training requirements for different types of employees.

An AUP governs how employees may use company equipment and internet services.

Which type of employee training utilizes gaming and/or scenario-based techniques to emphasize training objectives? (Select all that apply.) Capture the flag (CTF) Computer-based training (CBT) Penetration Testing audit Role-based training

Capture the flag (CTF) Computer-based training (CBT)

A company's clean desk policy will most likely feature which of the following clauses? Employees must not use multiple tabs in a browser window. Employees must keep their workplace tidy and professional in appearance. Employees may not use personally-owned electronic devices in the office. Employees must not leave documents unattended in their workspace.

Employees must not leave documents unattended in their workspace.

Analyze and compare the access control models in terms of how Access Control Lists (ACL) are written and determine which statement accurately explains the Discretionary Access Control (DAC) model. A. A DAC model is the most flexible and weakest access control model. Administrative accounts have control of the resource and grants rights to others. B. A DAC model is the least flexible and strongest access control model. The owner has full control over the resource and grants rights to others. C. A DAC model is the least flexible and strongest access control model. Administrative accounts have control of the resource and grant rights to others. D. A DAC model is the most flexible and weakest access control model. The owner has full control over the resource and grants rights to others.

D. A DAC model is the most flexible and weakest access control model. The owner has full control over the resource and grants rights to others.

Considering how to mitigate password cracking attacks, how would restricting the number of failed logon attempts be categorized as a vulnerability? The user is exposed to a replay attack The user is exposed to a brute force attack. The user is exposed to a DoS attack. The user is exposed to an offline attack.

The user is exposed to a DoS attack.

What is the purpose of a server certificate? What is the purpose of a server certificate? Provide identification for the certificate authority. Guarantee the validity of a browser plug-in or software application. Guarantee the identity of e-commerce sites and other websites that gather and store confidential information.

Guarantee the identity of e-commerce sites and other websites that gather and store confidential information.

Compare X.509 certificates with Pretty Good Privacy (PGP) certificates and identify which of the following is NOT true. X.509 links the identity of a user to a public key, while PGP links that identity to a private key. X.509 and PGP are both implementations of the PKI Trust Model. X.509 operates under a hierarchical trust model, where PGP uses a web of trust. X.509 certificates are signed by a single Certificate Authority, where PGPs are signed by multiple users.

X.509 links the identity of a user to a public key, while PGP links that identity to a private key.

Consider the process of obtaining a digital certificate and determine which of the following statements is incorrect. When a subject wants to obtain a certificate, it completes a CSR. Registration is the process where end users create an account with the domain administrator. CAs ensure the validity of certificates and the identity of those applying for them. The registration function may be delegated by the CA to one or more RAs.

Registration is the process where end users create an account with the domain administrator.

Consider the Public Key Infrastructure (PKI) Trust Model. In which of the following is the root NOT the single point of failure? Intermediate CA Single CA Self-signed CA Root CA Offline CA

Offline CA

What is Open Source Intelligence (OSINT)? A. Obtaining information, physical access to premises, or even access to a user account through the art of persuasion. B. Using software tools to obtain information about a host or network topology. C. The means the organization will take to protect the confidentiality, availability, and integrity of sensitive data and resources. D. Using web search tools and social media to obtain information about the target.

D. Using web search tools and social media to obtain information about the target.

CompTIA Security+ Questions (Lesson 1-10) Flashcards

(163 cards)