SG: Ch 22: Security Concepts Flashcards Preview

CompTIA A+ 220-1002 > SG: Ch 22: Security Concepts > Flashcards

Flashcards in SG: Ch 22: Security Concepts Deck (20)
Loading flashcards...
1
Q

Which component of physical security addresses outer-level access control?

A. Perimeter security

B. Mantraps

C. Multifactor authentication

D. Strong passwords

A

A. Perimeter security

Perimeter security is intended to delay or deter entrance into a facility. Mantraps are used for mid-layer access control to prevent tailgating. Multifactor authentication is used for mid- and inner-layer access control. Strong passwords are used for mid- and inner-layer access control.

2
Q

Which of the following is different from a virus in that it can reproduce itself, is self-contained, and doesn’t need a host application to be transported?

A. Worm

B. Smurf

C. Phish

D. Trojan

A

A. Worm

A worm is different from a virus in that it can reproduce itself, is self-contained, and doesn’t need a host application to be transported. A smurf attack is a type of distributed denial-of-service (DDoS). A phishing attack is an attempt to gain a user’s credentials to a network resource. Trojan horses are programs that enter a system or network under the guise of another program.

3
Q

Which type of attack denies authorized users access to network resources?

A. DoS

B. Worm

C. Trojans

D. Social engineering

A

A. DoS

Although the end result of any of these attacks may be denying authorized users access to network resources, a denial-of-service (DoS) attack is specifically intended to prevent access to network resources by overwhelming or flooding a service or network. Worms reproduce and move throughout the network to infect other systems. Trojans are programs that enter a system or network under the guise of another program. Social engineering is a process in which an attacker attempts to acquire information about your network and system by social means, such as talking to people in the organization.

4
Q

As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim?

A. DoS

B. DDoS

C. Worm

D. Rookits

A

B. DDoS

A distributed denial-of-service (DDoS) attack uses multiple computer systems to attack a server or host in the network. A denial-of-service (DoS) is a one-on-one attack to disrupt service. Worms reproduce and move throughout the network to infect other systems, and therefore do not attack one victim. Rootkits are software programs that have the ability to hide themselves from the operating system.

5
Q

You’re in the process of securing the IT infrastructure by adding fingerprint scanners to your existing authentication methods. This type of security is an example of which of the following?

A. Access control

B. Physical barriers

C. Biometrics

D. Softening

A

C. Biometrics

A fingerprint scanner, or any device that identifies a person by a physical trait, is considered a biometric security control. Access control is the system that controls access for users. Physical barriers are structures that limit physical access. Softening refers to weakening of security.

6
Q

Your boss needs you to present to upper management the need of a firewall for the network. What is the thesis of your presentation?

A. The isolation of one network from another

B. The scanning of all packets for viruses

C. Preventing password attacks

D. The hardening of physical security

A

A. The isolation of one network from another

The thesis of your presentation should outline the need of a firewall to isolate the external network from the internal network. Firewalls will not scan packets for viruses. Firewalls will not prevent password attacks. Firewalls will not harden physical security.

7
Q

Your help desk has informed you that they received an urgent call from the vice president last night requesting his login ID and password. When you talk with the VP today, he says he never made that call. What type of attack is this?

A. Spoofing

B. Replay

C. Social engineering

D. Trojan horse

A

C. Social engineering

Spear phishing is a type of social engineering, where someone is trying to con your organization into revealing account and password information by pretending to be a high-level person. A spoofing attack is an attempt by someone or something to masquerade as someone else, with the intent of disrupting access. A replay attack is a form of a man-in-the-middle attack, where packets are replayed a critical time. Trojan horses are programs that enter a system or network under the guise of another program.

8
Q

A vice president of your company calls a meeting with the IT department after a recent trip to competitors’ sites. She reports that many of the companies she visited granted access to their buildings only after fingerprint scans, and she wants your company to use a similar technology. Of the following, which technology relies on a physical attribute of the user for authentication?

A. Smart card

B. Biometrics

C. Geo-fencing

D. Tokens

A

B. Biometrics

Biometrics relies on a physical characteristic of the user to verify identity. Biometric devices typically use either a hand pattern or a retinal scan to accomplish this. Smart cards contain a private certificate key and are protected with a passphrase. Geo-fencing uses your GPS coordinates to assure that the authentication happens when you are in a defined geographic area. Tokens are rotating numerical keys that you must physically have with you.

9
Q

You want to mitigate the threat of someone attaching a wireless access point to your wired network. What should you use to mitigate this threat?

A. Firewall

B. Data loss prevention (DLP)

C. Active Directory

D. Port security

A

D. Port security

Implementing port security on your switches will allow you to restrict the MAC addresses that can communicate on a switch port. This allows you to mitigate this threat. A firewall will not prevent access to your internal network. Data loss prevention (DLP) is used to limit the exposure of your data, usually through email. Active Directory provides centralized authentication in a Windows Server–based domain environment.

10
Q

A junior administrator comes to you in a panic. After looking at the log files, he has become convinced that an attacker is attempting to use a legitimate IP address to disrupt access elsewhere on the network. Which type of attack is this?

A. Spoofing

B. Social engineering

C. Worm

D. Password

A

A. Spoofing

A spoofing attack is an attempt by someone or something to masquerade as someone else (IP address) and is often used to disrupt access. Social engineering is a process in which an attacker attempts to acquire information about your network and system by social means, such as talking to people in the organization. Worms reproduce and move throughout the network to infect other systems. Password attacks are used in an attempt to guess passwords.

11
Q

As part of your training program, you’re trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks, you explain, take advantage of human shortcomings to gain access that should otherwise be denied. Which term do you use to describe attacks of this type?

A. Social engineering

B. IDS system

C. Perimeter security

D. Biometrics

A

A. Social engineering

Social engineering uses the inherent trust in the human species, as opposed to technology, to gain access to your environment. IDS systems are network-based systems that detect intrusions. Perimeter security describes physical security. Biometrics describes an authentication method based on human physical traits.

12
Q

You need to protect your users from potentially being phished via email. What of the following should you use to protect them?

A. Antivirus software

B. End-user education

C. SecureDNS

D. The principle of least privilege

A

B. End-user education

End-user education is the best way to protect your users from the threat of phishing via email. Antivirus software is used to prevent viruses, not phishing attempts. SecureDNS can be useful in protecting your users, but not from phishing emails. The principle of least privilege assigns only the permissions for that user’s need to do their work, and no more.

13
Q

You’re the administrator for a large bottling company. At the end of each month, you routinely view all logs and look for discrepancies. This month, your email system error log reports a large number of unsuccessful attempts to log in. It’s apparent that the email server is being targeted. Which type of attack is most likely occurring?

A. Brute-force

B. Backdoor

C. Worm

D. TCP/IP hijacking

A

A. Brute-force

A brute-force attack is a type of password attack in which a password is guessed over and over, until the right password is guessed. A backdoor attack is an embedded account that allows unauthorized access through an unpatched coding hole. A worm is different from a virus in that it can reproduce itself, is self-contained, and doesn’t need a host application to be transported. A TCP/IP hijacking attempt is an attack that attempts to redirect the TCP/IP conversation to the threat agent.

14
Q

Which wireless encryption protocol provides Advanced Encryption Standard (AES) encryption?

A. Wired Equivalent Privacy (WEP)

B. Wi-Fi Protected Access (WPA)

C. Wi-Fi Protected Access 2 (WPA2)

D. Temporal Key Integrity Protocol (TKIP)

A

C. Wi-Fi Protected Access 2 (WPA2)

Wi-Fi Protected Access 2 (WPA2) offers the Advanced Encryption Standard (AES) for encrypting wireless communications. Wired Equivalent Privacy (WEP) offers weak 64- or 128-bit encryption. Wi-Fi Protected Access (WPA) uses the RC4 encryption algorithm. Temporal Key Integrity Protocol (TKIP) is a part of the WPA encryption protocol.

15
Q

You’re working late one night and notice that the hard drive on your new computer is very active even though you aren’t doing anything on the computer and it isn’t connected to the Internet. What is the most likely suspect?

A. A spear phishing attack is being performed.

B. A virus is spreading in your system.

C. Your system is under a DoS attack.

D. TCP/IP hijacking is being attempted.

A

B. A virus is spreading in your system.

A symptom of many viruses is unusual activity on the system disk. The virus spreading to other files on your system causes this. A disk failure will not create high disk activity A spear phishing attack is a social engineering attack and will not create high disk activity. A denial-of-service attack will not create high disk activity. A TCP/IP hijacking attack will not create high disk activity.

16
Q

Internal users suspect repeated attempts to infect their systems, as reported to them by pop-up messages from their antivirus software. According to the pop-up messages, the virus seems to be the same in every case. What is the most likely culprit?

A. A server is acting as a carrier for a virus.

B. A password attack is being carried out.

C. Your antivirus software has malfunctioned.

D. A DoS attack is underway.

A

A. A server is acting as a carrier for a virus.

Some viruses won’t damage a system in an attempt to spread into all the other systems in a network. These viruses use that system as the carrier of the virus. A password attack would not prompt your antivirus software to notify you. Your antivirus software could be malfunctioning, but it would not suggest the same virus is infecting you over and over again. A denial-of-service (DoS) attack would not prompt your antivirus to notify you.

17
Q

You’ve discovered that credentials to a specific application have been stolen. The application is only accessed from one computer on the network. Which type of attack is this most likely to be?

A. Man-in-the-middle

B. Zero-day

C. Denial-of-service (DoS)

D. Smurf

A

A. Man-in-the-middle

A man-in-the-middle attack intercepts data and then sends the information to the server as if nothing were wrong, while collecting the information. Zero-day attacks are attacks in which a developer has not properly patched a hole yet and is unaware of the hole. A denial-of-service (DoS) attack is used to disrupt legitimate requests from being answered. A smurf attack is a type of distributed denial-of-service (DDoS).

18
Q

You have a very small network in a home-based office, and you want to limit network access to only those hosts that you physically own. What should you utilize to make this possible?

A. Static IP addresses

B. Disabled DNS

C. Default subnet mask

D. Empty default gateway

A

A. Static IP addresses

The advantage to assigning the IP addresses statically is that you can make certain which host is associated with which IP address, and then utilize filtering to limit network access to only those hosts. Disabling DNS will limit all hosts on a network from getting to the Internet and will not limit network access. A default subnet mask will not limit network access and will cause other problems. An empty default gateway will not limit network access.

19
Q

A smurf attack attempts to use a broadcast ping on a network. The return address of the ping may be that of a valid system in your network. Which protocol does a smurf attack use to conduct the attack?

A. TCP

B. IP

C. UDP

D. ICMP

A

D. ICMP

A smurf attack attempts to use a broadcast ping (ICMP) on a network. The return address of the ping may be that of a valid system in your network. The Transmission Control Protocol (TCP) is not used with a smurf attack. The Internet Protocol (IP) is a suite of protocols and solely used with a smurf attack. The User Datagram Protocol (UDP) is not used with a smurf attack.

20
Q

Which Active Directory component maps printers and drives during login?

A. Home folders

B. Organizational unit

C. Login script

D. Microsoft Management Console (MMC)

A

C. Login script

A login script is used by Active Directory during login to map drives and printers. A home folder is a private network location in which the user can store their personal files. Organizational units (OUs) are used to group computers and users so that Group Policy can be applied. The MMC is used to manage various aspects of Active Directory and the local operating system.