Comp TIA Security+ | FedVTE 64 Questions with Verified Answers
Which of the following should risk assessments be based upon as a best practice?
A
... [Show More] quantitative measurement of risk and impact and asset value
An absolute measurement of threats
A qualitative measurement of risk and impact
A survey of annual loss and potential threats and asset value - CORRECT ANSWER A quantitative measurement of risk and impact and asset value
Which of the following will not reduce EMI?
Humidity control
Physical shielding
Overhauling worn motors
Physical location - CORRECT ANSWER Humidity control
Which of the following mobile deployment models is the most security minded, where the organization purchases the device and personal use is prohibited?
Corporate owned, personally enabled
Choose your own device
Corporate owned
Bring your own, corporate managed - CORRECT ANSWER Corporate owned
Which of the following is an example of restricting access to files based on the identity of the user or group?
Mandatory Access Control
Discretionary Access Control
Certificate Revocation List
Public Key Infrastructure - CORRECT ANSWER Discretionary Access Control
The primary purpose of a load balancer is to:
Perform packet filtering
Block blacklisted content or web pages for a firewall
Expand servers and resources when needed
Capture packets for monitoring and analyzing - CORRECT ANSWER Expand servers and resources when needed
A conceptual framework that describes the functions of a networking or telecommunication system - CORRECT ANSWER Open Systems Interconnection (OSI) model
At which OSI model layer does the encryption and decryption of data for secure transmission occur? - CORRECT ANSWER Layer 6 - Presentation Layer
Which layer of the TCP/IP model is equivalent to the Session, Presentation, and Application layers of the OSI model?
Physical
Network
Transport
Application - CORRECT ANSWER D. Application
The MOST secured hashing algorithm is which of the following?
CHAP
MD5
SHA 1
LANMAN - CORRECT ANSWER MD5
Which of the following is NOT a Bluetooth threat?
Bluejacking
Smurf attack
Discovery mode
Bluesnarfing - CORRECT ANSWER Smurf attack
The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p.m. The file server crashes on Thursday afternoon. How many tapes will the technician need to restore the data on the file server for Friday morning?
Four
Three
Two
One - CORRECT ANSWER Four
Which of the following creates separate logical networks?
Subnetting
NAC
NAT
DMZ - CORRECT ANSWER Subnetting
Which of the following describes a tool used by organizations to verify whether or not a staff member has been participating in malicious activity?
Implicit deny
Time of day restrictions
Mandatory vacations
Implicit allow - CORRECT ANSWER Mandatory vacations
A new wireless network is being implemented by a technician for an organization. All of the following wireless vulnerabilities should be considered by the technician EXCEPT:
Weak encryption
Rogue access points
SSID broadcasts
802.11 mode - CORRECT ANSWER 802.11 mode
Which of the following roles is responsible for implementing security controls for access, storage, and transmission of data?
Data owner
Data steward
Data custodian
Data technician - CORRECT ANSWER Data custodian
A technique utilized by hackers to identify unsecured wireless network locations to other hackers is which of the following?
War chalking
Bluesnarfing
War driving
War dialing - CORRECT ANSWER War chalking
With Virtual Desktop Infrastructure, VDI, application deployment model, user applications and data are stored:
On a VM installed on the physical device
On a remote server
In the user's iCloud account
On the user's desktop workstation - CORRECT ANSWER On a remote server
Which type of intrusion detection may terminate processes or redirect traffic upon detection of a possible intrusion?
Active
Passive
Adaptive
Redirective - CORRECT ANSWER Active
Which of the following is responsible for the amount of residual risk?
The security officer of an organization
The DRP coordinator
Senior management
The security technician - CORRECT ANSWER Senior management
Someone that is dumpster diving would be MOST interested in which of the following?
List of expired usernames
Receipts from the supply store
User education manual
Business card of computer contractor - CORRECT ANSWER Business card of computer contractor
Which of the following is described as a practice where a variety of tools and applications are used to automatically detect, and alert, to suspected security concerns?
Continuous monitoring
Automated monitoring
Continuous validation
Secure automation - CORRECT ANSWER Continuous monitoring
A design flaw in a new application was discovered by a software manufacturer. Company management decided to continue manufacturing the product with the flaw rather than recalling the software. Which of the following risk management strategies was adopted?
Risk acceptance
Risk mitigation
Risk transfer
Risk avoidance - CORRECT ANSWER Risk acceptance
Which of the following is a reason to use a Faraday cage?
To mitigate data emanation
To find rogue access points
To allow wireless usage
To minimize weak encryption - CORRECT ANSWER To mitigate data emanation
A possible security risk associated with mobile devices is which of the following?
Bluesnarfing
Domain kiting
Cross site scripting
Input validation - CORRECT ANSWER Bluesnarfing
New weapon research and development programs would MOST likely be classified as:
Top Secret
Confidential
For Official Use Only
Internal - CORRECT ANSWER Top Secret
An area of the network infrastructure that allows a technician to place public facing systems into it without compromising the entire infrastructure is which of the following?
DMZ
NAT
VPN
VLAN - CORRECT ANSWER DMZ
When would it be appropriate to use time of day restrictions on an account?
As an added security measure when employees work set schedules
To eliminate attack attempts of the network during peak hours
In order to ensure false positives are not received during baseline testing
To ensure the DMZ is not overloaded during server maintenance - CORRECT ANSWER As an added security measure when employees work set schedules
Which of the following is a true statement concerning NIDS?
A NIDS prevents certain types of traffic from entering a network.
A NIDS is installed on the proxy server.
A NIDS monitors and analyzes network traffic for possible intrusions.
A NIDS is normally installed on the email server. - CORRECT ANSWER A NIDS monitors and analyzes network traffic for possible intrusions.
Which of the following mobile device deployment models permits users to choose the device that the organization will purchase for them?
VDI
BYOD
CYOD
COPE - CORRECT ANSWER CYOD
The IP address and MAC address of a rogue device within the local network might best be revealed by which of the following logs?
Antivirus
Security
DHCP
DNS - CORRECT ANSWER C. DHCP
Which of the following provides the MOST comprehensive redundancy with the least amount of downtime for an entire site?
Mobile site
Hot site
Cold site
Warm site - CORRECT ANSWER Hot site
Implementing screen filters would reduce which of the following risks?
Phishing
Man in the middle attacks
Shoulder surfing
Replay attacks - CORRECT ANSWER Shoulder surfing
Which of the following encryption algorithms relies on the inability to factor large prime numbers?
SHA 1
Elliptic curve
AES256
RSA - CORRECT ANSWER RSA
Which of the following is a vulnerability scanner?
L0phtCrack
SolarWinds
AirSnort
Microsoft Baseline Security Analyzer - CORRECT ANSWER Microsoft Baseline Security Analyzer
Which of the following lists the software development phases in the correct order?
Development, Staging, Testing, Production
Production, Testing, Deployment, Staging
Development, Testing, Production, Staging
Development, Testing, Staging, Production - CORRECT ANSWER Development, Testing, Staging, Production
Which of the following ID a detailed collection of technical controls and requirements to accomplish the security objectives of an organization?
Network Flowchart
Reference Guides
Reference Architecture
Network Architecture - CORRECT ANSWER Reference Architecture
If an organization wants to ensure the demand for services is accommodated, and builds in the ability to provision or de-provision resources as needed to support those services, it has employed the concept of:
Scalability
Continuous monitoring
Fault tolerance
On-demand assets - CORRECT ANSWER Scalability
Which of the following contains hardware systems similar to the affected organization but does not host live data?
Uninterruptible Power Supply
Warm site
Cold site
Hot site - CORRECT ANSWER Warm site
An attacker can implant a rootkit into a picture by which of the following?
Virus
Steganography
Worm
Trojan Horse - CORRECT ANSWER Steganography
Which of the following would explain the difference between a public key and a private key?
The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption.
The private key is only used by the client and kept secret while the public key is available to all.
The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related.
The public key is only used by the client while the private key is available to all. Both keys are mathematically related. - CORRECT ANSWER The private key is only used by the client and kept secret while the public key is available to all.
A risk management concept where operations resume at some capacity, despite the presence of a failure, is known as:
Capacity building
Risk adverse
Risk redundancy
Fault tolerance - CORRECT ANSWER Fault tolerance
Which of the following attacks is MOST likely the cause when a user attempts to go to a website and notices the URL has changed?
DNS poisoning
DLL injection
ARP poisoning
DDoS attack - CORRECT ANSWER DNS poisoning
Which of the following is an example of the security mitigation technique of changing roles every couple of months?
Least privilege
Separation of duties
Job rotation
Mandatory vacations - CORRECT ANSWER Job rotation
Which of the following could adversely impact an entire network if it were unavailable when using single sign-on?
Web server
Authentication server
Biometrics
Workstation - CORRECT ANSWER Authentication server
The antivirus software on a server repeatedly flags an approved application that the HR department has installed on their local computers as a threat. This is an example of:
True positive
False negative
True negative
False positive - CORRECT ANSWER False positive
Administrators should always investigate or refer to which of the following to block the use of previously issued PKI credentials that have expired or otherwise become invalid?
CA
PKI
Escrow
CRL - CORRECT ANSWER CRL
The cloud computing delivery model that is owned, managed and operated by the organization is:
Community
Organizational
Private
Public - CORRECT ANSWER Private
A technique utilized by hackers to identify unsecured wireless network locations to other hackers is which of the following?
War chalking
Bluesnarfing
War driving
War dialing - CORRECT ANSWER War chalking
Which of the following is described as a high-level blueprint outlining accepted practices to help build sound policies and procedures for an organization?
Reference Architecture
Reference Topology
Standards Architecture
Standards Framework - CORRECT ANSWER Standards Framework
Which of the following encryption algorithms relies on the inability to factor large prime numbers?
SHA 1
Elliptic curve
AES256
RSA - CORRECT ANSWER RSA
Which of the following tools can be used to confirm that multiple PCs are infected with a zombie?
Recovery agent
Antivirus
Port scan
Spyware - CORRECT ANSWER Antivirus
Which procedure should be done first if a remote attack on a system is detected by a technician?
Follow the incident management procedure in place
Disconnect the system from the network
Contain the attack
Respond to the attacker - CORRECT ANSWER Follow the incident management procedure in place
The marketing staff wants to supply pens with attached USB drives to clients. In the past this client has been victimized by social engineering attacks that led to a loss of sensitive data. The security administrator instructs the marketing staff not to supply the USB pens due to which of the following?
The cost associated with distributing a large volume of the USB pens
The security costs associated with securing the USB drives over time
The security risks associated with combining USB drives and cell phones on a network
The risks associated with the large capacity of USB drives and their concealable nature - CORRECT ANSWER The risks associated with the large capacity of USB drives and their concealable nature
Which of the following describes when the claimed identity of a user is validated?
Verification
Validation
Authentication
Identification - CORRECT ANSWER Authentication
Which of the following would you use to provide partners access to services without granting access to an organizations entire network?
Internet
Intranet
Extranet
Externalnet - CORRECT ANSWER Extranet
As a DMZ is a publicly accessible network containing servers with public information, strong security and monitoring are not required.
True
False - CORRECT ANSWER False
Which of the following labels describes information that does not have access restrictions?
Public
Nonclassified
Unclassified
All of the above
None of the above - CORRECT ANSWER D. All of the above
Which of the following attacks would allow an attacker to capture HTTP requests and send back a spoofed page?
TCPIP hijacking
Replay
Phishing
Teardrop - CORRECT ANSWER TCPIP hijacking
Which of the following is the MOST proficient for encrypting large amounts of data?
ECC algorithms
Hashing algorithms
Symmetric key algorithms
Asymmetric key algorithms - CORRECT ANSWER Symmetric key algorithms
Which of the following is a common correlation engine that aggregates logs and events from multiple devices on a network into one system?
SIM
Firewall
IDS
SIEM - CORRECT ANSWER SIEM (Security Information and Event Management)
Which of the following intrusion detection systems uses statistical analysis to detect intrusions?
Knowledge
Signature
Honeynet
Anomaly - CORRECT ANSWER Anomaly
Which of the following must be used when setting up a DMZ?
Router
NIDS
Proxy
Honeypot - CORRECT ANSWER Router
Which of the following would be a best practice to prevent users from being vulnerable to social engineering?
Provide thorough and frequent user awareness training
Provide a service level agreement that addresses social engineering issues
Have a solid acceptable use policy in place with a click through banner
Have users sign both the acceptable use policy and security based HR policy - CORRECT ANSWER Provide thorough and frequent user awareness training
The MOST difficult security concern to detect when contractors enter a secured facility is which of the following?
Removing network attached storage
Rogue access points being installed
Removing mass storage iSCSI drives
Copying sensitive information with cellular phones - CORRECT ANSWER Copying sensitive information with cellular phones [Show Less]