Practice Qs SEC+ Flashcards by Christian Ramos

Which of the following describes the difference between a worm and a virus?

Worms are self-replicating.
Viruses are self-replicating.
Worms are often malicious.
Viruses are often malicious.

Worms are self-replicating.

How well did you know this?

Not at all

Perfectly

Which one of the following is not an example of a denial-of-service attack?

Gargomel
Smurf
Teardrop
Fraggle

Gargomel

How well did you know this?

Not at all

Perfectly

Which one of the following is not a type of phishing attack?

Spear phishing
Whaling
Wishing
Smishing

Wishing.

How well did you know this?

Not at all

Perfectly

At your place of employment, you are rushing to the door with your arms full of bags. As you approach, the woman before you scans her badge to gain entrance while holding the door for you, but not without asking to see your badge. What did she just prevent?

Phishing
Tailgating
Whaling
Door diving

Tailgaiting.

How well did you know this?

Not at all

Perfectly

Which of the following is an effective way to get information in crowded places such as airports, conventions, or supermarkets?

Shoulder surfing
Phishing
Vishing
Reverse social engineering

Shoulder Surfing.

How well did you know this?

Not at all

Perfectly

Which one of the following is designed to execute malicious actions when a certain event occurs or a specific time period elapses?

Logic bomb
Spyware
Botnet
DDoS

Logic Bomb

How well did you know this?

Not at all

Perfectly

Which one of the following best describes a polymorphic virus?

A virus that attacks the boot sector and then attacks the system files
A virus that infects EXE files
A virus that changes its form each time it is executed
A virus inserted into a Microsoft Office document such as Word or Excel

A virus that changes its form each time it is executed.

How well did you know this?

Not at all

Perfectly

You discover you are unable to access files on your computer. A message appears asking for payment to allow for the recovery of your files. Which of the following is most likely?

Your files have been moved to a remote server.
Your files have been copied.
Your files have been deleted.
Your files have been encrypted.

Your files have been encrypted.

How well did you know this?

Not at all

Perfectly

Which of the following types of attacks can result from the length of variables not being properly checked in the code of a program?

Buffer overflow
Denial of service
Replay
Spoofing

Buffer overflow

How well did you know this?

Not at all

Perfectly

Which one of the following is a best practice to prevent code injection attacks?

Implementing the latest security patches
Session cookies
Using unbound variables
Input validation

Input validation

How well did you know this?

Not at all

Perfectly

You are the security administrator for a bank. The users are complaining about the network being slow. It is not a particularly busy time of the day, however. You capture network packets and discover that hundreds of ICMP packets have been sent to the host. What type of attack is likely being executed against your network?

Spoofing
Man-in-the-middle attack
Denial-of-service attack
Password attack

Denial-of-service attack

How well did you know this?

Not at all

Perfectly

An initialization vector should be which of the following?

Unique and unpredictable
Repeatable and random
Repeatable and unique
Unique and predictable

Unique and unpredictable

How well did you know this?

Not at all

Perfectly

How do relationship and capability pertain to understanding specific threat actors?

They are characteristics associated with building a threat profile.
They describe attributes that apply equally to all threats.
They are the two most important attributes when analyzing threat actors.
They indicate the likelihood of vulnerabilities being discovered.

They are characteristics associated with building a threat profile.

How well did you know this?

Not at all

Perfectly

With which of the following is a “low and slow” attack most associated?

OSINT
Ransomware
Script kiddies
APT

APT

How well did you know this?

Not at all

Perfectly

After conducting a vulnerability assessment, which of the following is the best action to perform?

Disable all vulnerable systems until mitigating controls can be implemented
Contact the network team to shut down all identified open ports
Organize and document the results based on severity
Immediately conduct a penetration test against identified vulnerabilities

Organize and document the results based on severity

How well did you know this?

Not at all

Perfectly

You are conducting a penetration test on a software application for a client. The client provides you with details around some of the source code and development process. What type of test will you likely be conducting?

Both Black and White box
Vulnerability
White box
Black box

White box

How well did you know this?

Not at all

Perfectly

Which of the following is a reason to conduct a penetration test?

To test the adequacy of security measures put in place
To passively test security controls
To steal data for malicious purposes
To identify the vulnerabilities

To test the adequacy of security measures put in place

How well did you know this?

Not at all

Perfectly

Which one of the following best describes a penetration test?

A passive evaluation and analysis of operational weaknesses using tools and techniques that a malicious source might use
A technique used to identify hosts and their associated vulnerabilities
The monitoring of network communications and examination of header and payload data
An evaluation mimicking real-world attacks to identify ways to circumvent security

An evaluation mimicking real-world attacks to identify ways to circumvent security

How well did you know this?

Not at all

Perfectly

Which one of the following best describes the four primary phases of a penetration test?

Planning, discovery, attack, reporting
Exploit, escalation, pivot, persistence
Discovery, attack, pivot, reporting
Planning, exploit, attack, persistence

Planning, discovery, attack, reporting

How well did you know this?

Not at all

Perfectly

Your team is tasked with conducting a vulnerability assessment and reports back with a high number of false positives. Which of the following might you recommend to reduce the number of false positives?

Have the team run a vulnerability scan using noncredentialed access
Have the team run a vulnerability scan using credentialed access
Have the team run a port scan across all ports
Have the team run a port scan across all common ports

Have the team run a vulnerability scan using credentialed access

How well did you know this?

Not at all

Perfectly

Which of the following are potential impacts of a race condition?

System malfunction
Denial of service
All answers are correct
Escalated privileges

All answers are correct

How well did you know this?

Not at all

Perfectly

Which one of the following is the term given to a fraudulent wireless access point that is configured to lure connections to it?

NFC
ARP replay attack
Bluejacking
Evil twin

Evil twin

How well did you know this?

Not at all

Perfectly

A small IT consulting firm has installed new wireless routers across all your small regional offices. Within days, you learn that you are unable to access the administrative interfaces of these routers due to an incorrect password. Which one of the following is most likely the reason?

The wireless routers are not powered on.
The wireless routers have been placed on end-of-life by the manufacturer and are no longer supported for remote login.
The wireless routers have been designed to allow improper input handling, resulting in failed password input.
The wireless routers were set up with the default configuration, which included a default password that was never changed.

The wireless routers were set up with the default configuration, which included a default password that was never changed.

How well did you know this?

Not at all

Perfectly

You identify a system that becomes progressively slower over a couple days until it is unresponsive. Which of the following is most likely the reason for this behavior?

Improper error handling
Untrained user
Race condition
Memory leak

Memory leak

How well did you know this?

Not at all

Perfectly

Which of the following is a use for a VPN concentrator? Load balancing Internet connectivity Intrusion detection Remote access

Remote access

If the organization requires a firewall feature that controls network activity associated with DoS attacks, which of the following safeguards should be implemented? Loop protection Flood guard Implicit deny Port security

Flood Guard

Wired traffic must be encrypted because there is concern about protecting the security of login and password information for internal high-level users. Which technology should you implement? NAT VPN VLAN DMZ

VPN

Which of the following are uses for proxy servers? (Choose all correct answers.) Internet connectivity Intrusion detection Web content caching Load balancing

Internet connectivity Web content caching Load balancing

If the organization requires a switch feature that makes additional checks in Layer 2 networks to prevent STP issues, which of the following safeguards should be implemented? Flood guard Implicit deny Port security Loop protection

Loop protection

You are setting remote access for users and want to be sure a secure channel is used. Which technology should you implement? NAT VLAN DMZ VPN

VPN

Which of the following uses a secure cryptoprocessor that accelerates cryptographic processes and provides strong access authentication for critical application encryption keys? Full disk encryption Hardware security module Public key infrastructure File-level encryption

Hardware security module (HSM)

You have recently had problems with clients in one particular area of the network not being able to connect to a server. Which of the following tools should you use to begin troubleshooting? Ping Nslookup Netstat Telnet

ping

You have been tasked with testing the strength of user passwords. Which of the following tools is the best choice to help accomplish this task? Nmap Brutus OpenPuff Metasploit

Brutus

Which of the following is used for penetrating testing and risk assessments? Banner grabbing Configuration compliance scanner Honeypot Exploitation framework

Exploitation framework

Which of the following is used to help troubleshoot network issues by gathering packet-level information across the network? Data sanitation tools Protocol analyzer Vulnerability scanner Port scanner

Protocol analyzer

You have recently had problems with clients not being able to resolve domain names correctly. Which of the following tools should you use? Nslookup Netstat Ifconfig Ping

nslookup

It has been reported that some weak user passwords from your organization have shown up on the Internet. Which of the following tools would provide information to confirm or deny this allegation? Camouflage Tcpdump Cain and Abel SolarWinds

Cain and Abel

Which of the following is used to identify the level of aggressive attention directed at a network and to study and learn from an attacker’s common methods of attack? Vulnerability scanner Configuration compliance scanner Banner grabbing Honeypot

Honeypot

You are required to check user permissions for the finance group that includes specific registry keys. Which of the following should you choose? Content filter Audit user permissions DNS HTTPS

Audit user permissions

Which of the following is associated with certificate issues? Release of private or confidential information Prevention of legitimate content Algorithm mismatch error Unauthorized transfer of data

Algorithm mismatch error

You are required to implement a solution to identify baseline deviations for varying workloads across different days. Which of the following should you choose? Alarms Static baselining Alerts Dynamic baselining

Dynamic baselining

Recently, some employees have fallen victim to social engineering. Which of the following is the best way to manage this personnel issue? Awareness training Termination A new policy Written warning

Awareness training

It has been reported that some clear-text passwords are being transmitted within your organization. Which of the following can mitigate this situation? Auditing of user permissions DNS Content filtering HTTPS

HTTPS

Which of the following best describes data exfiltration? Algorithm mismatch error Prevention of legitimate content Release of private or confidential information Unauthorized transfer of data

Unauthorized transfer of data

An organization is looking to add a layer of security by implementing a solution that protects hosts against known and unknown malicious attacks from the network layer up through the application layer. Which of the following fulfills this requirement? Whitelisting Encryption DLP HIPS

HIPS

Which of the following types of antivirus scanning looks for instructions or commands that are not typically found in application programs? Pattern matching Heuristic Static Manual

Heuristic

Which of the following is useful in preventing users and attackers from executing unauthorized applications but does not prevent malicious code from executing? Application whitelisting Patch management DLP Malware inspection filter

Application whitelisting

An organization is looking to add a layer of security by maintaining strict control over the devices employees are approved to use. Which of the following fulfills this requirement? HIPS Encryption DLP Whitelisting

DLP

Advanced malware tools use which of the following analysis methods? Context based Static analysis Manual analysis Signature analysis

Context based

A Windows system is software DEP-enabled. An attacker runs an exploit that injects code into a program, and the program uses known memory space. What will the result be? The malware code will run because it was injected into a known process. The machine will automatically blue-screen and shut down. The malware will be blocked from running the injected code. The code will run with limited functionality.

The malware will be blocked from running the injected code.

Which of the following enables decentralized authentication through trusted agents? Transitive trusts Key management Credential management Data ownership

Transitive trusts

An organization wants to be sure that certain application data is protected. Which of the following fulfills this requirement? Lockout Blacklisting Whitelisting Encryption

Encryption

An organization is looking for a mobile solution that will allow data to be deleted if a device is lost or stolen. Which of the following fulfills this requirement? Passcode policy Remote wipe Voice encryption GPS tracking

Remote wipe

Which of the following are used as a most basic form of security in handheld devices? (Choose two correct answers.) Passcode Encryption PIN Fingerprint biometrics

PIN | Passcode

Which of the following is included in a BYOD, CYOD, or COPE policy? Data ownership Transitive trusts Credential management Key management

Data Ownership

An organization is looking to add a layer of security and maintain strict control over the apps employees are approved to use. Which of the following fulfills this requirement? Encryption Lockout Whitelisting Blacklisting

Whitelisting

Which of the following is necessary to implement an effective BYOD, CYOD, or COPE program? (Choose two correct answers.) Infrastructure considerations Legal considerations Storage limitations Key management

Infrastructure considerations | Legal considerations

Which standard port is used to establish an FTP connection? 21 443 80 8250

Which of the following is a protocol that incorporates enhanced security features for VoIP (Voice over IP) or video network communications? HTTPS LDAPS NTP SRTP

SRTP

Which of the following should be used to establish a session between client and host computers using an authenticated and encrypted connection? SSH SFTP SNMP S/MIME

SSH

Which of the following is a use case for subnetting? Reduced risks during data exchanges Subscription services Host arrangement into the different logical groups that isolate each subnet Regulatory mandates that require accurate time stamping

Host arrangement into the different logical groups that isolate each subnet

Which standard port is used to establish a web connection using the 40-bit RC4 encryption protocol? 21 443 80 8250

443

Which of the following protocols is used to secure email? SNMP SFTP S/MIME SSH

S/MIME

Which of the following is a use case for subscription services? Network automation and data analytics Regulatory mandates that require accurate time stamping Arrangement of hosts into the different logical groups that isolate each subnet Reduced risks during data exchanges

Network automation and data analytics

Using a combination of firewalls, intrusion detection systems, content filters, encryption, and auditing procedures in the organization for protection against intrusions is an example of which of the following? Layered security Defense in depth Infrastructure as a Service Community cloud

Layered security

Which of the following types of control is a surveillance system? Technical control Physical control Management control Logical control

Physical control

Which of the following are the most compelling reasons that secure configuration baselines have been established? (Select all correct answers.) Regulatory bodies Organizational requests Governmental mandates Industry standards

Regulatory bodies Governmental mandates Industry standards

Which of the following devices is used to accept encrypted connections from users and then send the connection to the server unencrypted? DMZ SSL accelerator VPN DDoS mitigation appliance

SSL accelerator

You are setting up a switched network and want to group users by department. Which technology should you implement? VPN NAT DMZ VLAN

VLAN

You are setting up a web server that both the internal employees and external customers need to access. What type of architecture should you implement? VLAN DMZ VPN NAT

DMZ

An organization has a sensitive network that needs to have physically isolated machines. Which of the following practices would be used to meet this requirement? Air gap Honeynet VLAN RAS

Air gap

An organization is experiencing a large amount of electromagnetic interference (EMI). Which of the following is the best method to provide continuous operations? A generator A RAID configuration A redundant electric connection Extra shielding

Extra shielding

Which of the following best describes the result of adding an email address to the blocked list? It is considered part of the whitelist. It is considered part of the graylist. It is considered part of the blacklist. It is considered part of the brownlist.

It is considered part of the blacklist.

Which of the following can result in the exploitation of a BIOS vulnerability? (Select all correct answers.) Hard drive failure occurs System cannot boot System locks up Denial of service occurs

System cannot boot | Denial of service occurs

Which of the following uses a secure cryptoprocessor to authenticate hardware devices such as a PC or laptop? Public key infrastructure File-level encryption Full disk encryption Trusted platform module

Trusted platform module

Which of the following provides a sandboxed environment that can be used to investigate unsafe executables? Network storage Virtualization Application baselining Host software baselining

Virtualization

Which of the following is considered good practice for separation of development and test environments? (Select two correct answers.) Different physical locations VLAN VPN Firewall

VLAN | Firewall

In which of the following are attestation challenges from computed hashes of system or application information used to obtain confidence in the trustworthiness and identity of a platform or software? Sandboxing Application baselines Staging environments Integrity measurement

Integrity measurement

A vulnerability assessment has revealed that legacy internal heart monitors of a hospital’s intensive care unit (ICU) are visibly exposed to the Internet. Which of the following should be implemented? Network segmentation Manual updates Code wrappers Control diversity

Network segmentation

Which of the following operating systems is run in a SoC environment? RedHat Enterprise Linux (RHEL) RTOS CAN bus Windows Server 2016

RTOS

Which of the following is most likely to use network segmentation as a security method? Mainframes Gaming consoles Android devices SCADA systems

SCADA systems

In which of the following phases should code security first be implemented? Testing Review Design Implementation

Design

Buffer overflows, format string vulnerabilities, and utilization of shell escape codes can be mitigated by using which of the following practices to test an application? Testing Fuzzing Browser-initiated token request Input validation

Input validation

The organization is building a new application and is more interested in being able to use a rigorous methodical process to verify each phase along the way than it is in selecting a fast delivery method. Which of the following should the organization choose? Waterfall Agile Continuous integration IaC

Waterfall

An organization is interested in using a vendor SaaS application but is concerned about the lack of cloud security. What type of cloud architecture is the most appropriate? Community Public Private Hybrid

Hybrid

Which of the following methods of cloud computing allows the client to literally outsource everything that would normally be in a typical IT department? SaaS IaaS PaaS DaaS

IaaS

An organization wants to use a service provider to implement processes for the organization such as identity and access management (IAM) and encryption. Which of the following should the organization choose? SaaS IaaS SecaaS DRaaS

SecaaS

An organization that operates a small web-based photo backup business is evaluating single points of failure. The organization has three servers, four switches, and 100 client systems. Which of the following is the most likely component(s) to be the single point of failure? Switches Client systems Servers ISP connection

ISP connection

An organization is implementing a data availability solution based on a striped disk array without redundancy. Which of the following best describes this implementation? RAID 1 RAID 0 RAID 5 RAID 10

RAID 0

Because of seasonal business fluctuations, an organization uses cloud environments to purchase resources for a short period of time based on demand. Which of the following terms best describes this principle? Elasticity Snapshots Scalability Server redundancy

Elasticity

Which type of fire extinguisher is best for putting out burning wires? Sodium chloride Water Carbon dioxide Copper powder

Carbon dioxide

What is the plenum? A type of dry-pipe fire control system A mesh enclosure designed to block EMI A mechanism for thermal management A mechanism for controlling condensation

A mechanism for thermal management

The ASHRAE recommends humidity levels in which range? 40%–55% 70%–85% 25%–40% 55%–70%

40%–55%

An organization that has several small branches in North Dakota, Minnesota, and Ontario, Canada, is planning for a fire-suppression system installation. Which of the following best fits the needs of the organization? Dry pipe Deluge Wet pipe Preaction

Dry pipe

If you have a smart card that contains details of your iris coloring and retinal patterns, which two types of authentication would be involved in a successful access request? Something you have and something you do Something you have and something you are Something you are and something you know Something you do and something you are

Something you have and something you are

Which of the following best describes the Policy Enforcement Point (PEP) component of AAA functions? Data holder Authenticator Final decision maker Auditor

Authenticator

If an organization wants to implement an enterprise access solution that does not require a user to remember passwords across multiple distinct business units, which of the following is the best choice? Federation Single sign-on Transitive trusts Retinal scanning

Federation

Which of the following processes occurs when the user provides appropriate credentials such as the correct password and a username? Accounting Authorization Authentication Identification

Authentication

Which of the following best describes the Policy Decision Point (PDP) component of AAA functions? Auditor Authenticator Data holder Final decision maker

Final decision maker

Which of the following processes occurs first when a user or device presents information such as a username, a process ID, a smart card, or another unique identifier? Accounting Authentication Authorization Identification

Identification

An organization that relies heavily on cloud and SaaS service providers, such as Salesforce.com (Links to an external site.), WebEx, or Google, would have security concerns about which of the following? TACACS+ OpenID Connect SAML LDAP

SAML

An educational institution requires a secure solution that is capable of interfacing with state systems and other state-run universities. Which of the following is the best solution? Shibboleth OAuth OpenID Connect SAML

Shibboleth

An organization is implementing a server-side application using OAuth 2.0. Which of the following grant types should be used? Authorization code Implicit Password credentials Client credentials

Authorization code

Which of the following is used with OAuth 2.0 as an extension to the authorization process? LDAP NTLM Shibboleth OpenID Connect

OpenID Connect

An organization is implementing an application that needs service access to its own resources using OAuth 2.0. Which of the following grant types should be used? Authorization code Client credentials Implicit Password credentials

Client credentials

Which of the following is a nonproprietary protocol that provides authentication and authorization in addition to accounting of access requests against a centralized service for the authorization of access requests? SAML OAuth TACACS+ LDAP

TACACS+

Which type of “something you have” factor do U.S. federal governmental employees and contractors use under HSPD 12? SecurID Smart card PIV CAC

PIV

Which of the following token-based solutions is considered the most secure? OATH OTP TOTP HOTP

TOTP

Which of the following is the best way to secure NoSQL databases such as MongoDB? Use the default port Bind the interface to multiple IPs Implement separate authentication methods Encrypt the data after it is written to the database

Implement separate authentication methods

Which of the following best describes a biometric false acceptance rate (FAR)? The point at which acceptances and rejections are equal Failure to identify a biometric image Access allowed to an unauthorized user Rejection of an authorized user

Access allowed to an unauthorized user

Which of the following best describes a biometric false rejection rate (FRR)? Access allowed to an unauthorized user The point at which acceptances and rejections are equal Rejection of an authorized user Failure to identify a biometric image

Rejection of an authorized user

Which directory services protocol should be implemented to protect against man-in-the-middle data interception attacks? Shibboleth Kerberos LDAP NTLM

Kerberos

Which of the following is a type of “something you have” that uses a time-shifting key token? SecurID CAC PIV Smart card

SecurID

Which type of password policy protects against reuse of the same password? Expiration Password complexity Password history Account lockout

Password history

A user calls the help desk saying that she changed her password yesterday. She did not get any email on her mobile phone last night and she cannot log on this morning. Which password policy is most likely at fault for her difficulties? Expiration Account lockout Password history Password complexity

Account lockout

Which of the following reduces the effectiveness of a good password policy? Password recovery Account lockout Password reuse Account disablement

Password reuse

Which of the following is considered best practice when formulating minimum standards for developing password policies? Account lockout threshold set to 0 Password length set to six characters Maximum password age set to 0 Required password change at 90 days

Required password change at 90 days

Which of the following is one of the first steps that must be taken to provide a secure account access environment? Implement user access reviews Initiate continuous account monitoring Eliminate the use of shared accounts Set user-assigned privileges

Eliminate the use of shared accounts

Which of the following is used to create a user identity profile and get the necessary information required to describe the identity? Least privilege Onboarding Recertification Offboarding

Onboarding

Which of the following policies addresses the need for other employees who can do the job of each employee so that corruption does not occur, and also helps minimize the impact when personnel leave their jobs? Least privilege Acceptable use Privacy policy Mandatory vacations

Mandatory vacations

An organization is partnering with another organization that requires shared systems. Which of the following documents outlines how the shared systems will interface? ISA SLA MOU BPA

ISA

Which of the following are steps an organization can take to be sure compliance and performance standards are met in third-party or partner agreements? (Select two correct answers.) Review third-party arrangements and performance annually Implement an acceptable use policy Sign a data ownership agreement Take appropriate action if the relationship presents elevated risk

Review third-party arrangements and performance annually | Take appropriate action if the relationship presents elevated risk

Which of the following requires users to remove sensitive and confidential materials from workspaces and lock items that are not in use when they leave their workstations? Clean desk policy Tailgating training Data handling policy Phishing attack training

Clean desk policy

Which of the following designates the amount of data loss that is sustainable and up to what point in time data recovery could happen before business is disrupted? RTO MTTF RPO MTBF

RPO

Eliminating email to avoid the risk of email-borne viruses is an effective solution but is not likely to be a realistic approach for which of the following? Risk acceptance Risk transference Risk mitigation Risk avoidance

Risk avoidance

Which of the following parties typically are notified first when a confirmed incident has occurred? (Select two correct answers.) Press CISO End users Legal

CISO | Legal

In which of the following types of analysis might an examiner have difficulty proving that the evidence is original? Log files Big data Disk-to-disk image Disk-to-image file

Big data

Which of the following information should be collected when collecting volatile data? (Select all correct answers.) System date and time Full disk image Current open ports and applications listening on those ports Current network connections

System date and time Current open ports and applications listening on those ports Current network connections

Which of the following provides a clear record of the path evidence takes from acquisition to disposal? Witness statements Video capture Chain of custody Hashes

Chain of custody

Which recovery site has only power, telecommunications, and networking active all the time? Shielded site Hot site Warm site Cold site

Warm site

If an organization takes a full backup every Sunday morning and a daily differential backup each morning, what is the fewest number of backups that must be restored following a disaster on Friday? 5 6 1 2

Which one of the following best provides an example of detective controls versus prevention controls? IDS/camera versus IPS/guard IPS versus guard IPS/camera versus IDS/guard IDS/IPS versus camera/guard

IDS/camera versus IPS/guard

Which one of the following federal laws addresses privacy, data protection, and breach notification? HIPAA Gramm-Leach-Bliley Act All answers are correct Children’s Online Privacy Protection Act

All answers are correct

Which of the following individual items are examples of PII? (Choose all correct answers.) Home address Gender State of residence Social security number

Home address | Social security number

Which of the following is information that is unlikely to result in a high-level financial loss or serious damage to the organization but whose confidentiality should still be protected? Confidential data Private data Public data Sensitive data

Private data

Which one of the following best describes diffusion? A principle that states only secrecy of the key provides security A key stretching technique in which a password is used as part of a KDF A principle that if the plain text is changed, no matter how minor, then at least half of the cipher text should change A principle that the plain-text input should be significantly changed in the resulting cipher text

A principle that if the plain text is changed, no matter how minor, then at least half of the cipher text should change

Which of the following are elements provided by nonrepudiation? (Choose three correct answers.) Proof of submission Proof of concept Proof of delivery Proof of origin

Proof of submission Proof of delivery Proof of origin

Which of the following algorithms are examples of a symmetric encryption algorithm? (Choose three correct answers.) Rijndael Diffie-Hellman AES RC6

Rijndael AES RC6

Which of the following algorithms are examples of an asymmetric encryption algorithm? (Choose two correct answers.) Elliptic curve AES 3DES RSA

Elliptic curve | RSA

You are tasked with configuring your web server with strong cipher suites. Which of the following should you choose as part of your cipher suite? (Choose three correct answers.) AES SHA RC4 RSA

AES SHA RSA

Which one of the following EAP authentication protocols should you deploy to avoid having to deploy client or server certificates? PEAP EAP-TTLS EAP-TLS EAP-FAST

EAP-FAST

Which of the following statements is true when comparing CCMP and TKIP? TKIP is more resource-intensive than CCMP, but it supports longer keys. CCMP is less resource-intensive than TKIP, and it supports longer keys. CCMP is more resource-intensive than TKIP, but it supports longer keys. TKIP is less resource-intensive than CCMP, and it supports longer keys.

CCMP is more resource-intensive than TKIP, but it supports longer keys

To check the validity of a digital certificate, which one of the following is used? Corporate security policy Certificate policy Certificate revocation list Expired domain names

Certificate revocation list

Which of the following is not a certificate trust model for arranging Certificate Authorities? Bridge CA architecture Sub-CA architecture Single-CA architecture Hierarchical CA architecture

Sub-CA architecture

Which of the following are included within a digital certificate? (Choose all the correct answers.) User’s public key Digital signature of the issuing CA User’s private key Information about the user

User’s public key Digital signature of the issuing CA Information about the user

Which of the following is not true about the expiration dates of certificates? Certificates are issued only at 1-year intervals. Certificates may be issued for 20 years. Certificates must always have an expiration date. Certificates may be issued for a week.

Certificates are issued only at 1-year intervals.

What type of certificate supplies mechanisms to help prevent phishing attacks and provides the highest level of trust? EV OV SAN DV

Which one of the following is not true regarding DER-encoded certificates? They are common to Java platforms. The .cer and .crt extensions can be used instead of .der. They include the BEGIN CERTIFICATE header. They are binary-encoded.

They include the BEGIN CERTIFICATE header.

Which one of the following mechanisms places the responsibility for handling certificate status requests on the web server instead of the CA? OCSP pinning CRL stapling OCSP stapling CRL pinning

OCSP stapling

Practice Qs SEC+ Flashcards

(149 cards)