This site is 100% ad supported. Please add an exception to adblock for this site.

Security+ Demo Questions

Terms

undefined, object
copy deck
1. Message authentication codes are used to provide which service?

A. Integrity
B. Fault recovery
C. Key recovery
D. Acknowledgement
A
2. When a change to user security policy is made, the policy maker should provide appropriate documentation to:

A. The security administrator.
B. Auditors
C. Users
D. All staff.
D
3. A major difference between a worm and a Trojan horse program is:

A. Worms are spread via e-mail while Trojan horses are not.
B. Worms are self replicating while Trojan horses are not.
C. Worms are a form of malicious code while T
B
4. A common algorithm used to verify the integrity of data from a remote user through a the creation of a 128-bit hash from a data input is:

A. IPSec (Internal Protocol Security)
B. RSA (Rivest Shamir Adelman)
C. Blowfish
D. MD
D
5. What is the best method of reducing vulnerability from dumpster diving?

A. Hiring addit ional security staff.
B. Destroying paper and other media.
C. Installing surveillance equipment.
D. Emptying the trash can frequently.
B
6. What is the best method of defence against IP (Internet Protocol) spoofing attacks?

A. Deploying intrusion detection systems.
B. Creating a DMZ (Demilitarized Zone).
C. Applying ingress filtering to routers.
D. Thee is not a
C
7. A need to know security policy would grant access based on:

A. Least privilege
B. Less privilege
C. Loss of privilege
D. Singe privilege
A
8. When a user digitally signs a document an asymmetric algorithm is used to encrypt:

A. Secret passkeys
B. File contents
C. Certificates
D. Hash results
D
9. The best way to harden an application that is developed in house is to:

A. Use an industry recommended hardening tool.
B. Ensure that security is given due considerations throughout the entire development process.
C. Try attackin
B
10. Security requirements for servers DO NOT typically include:

A. The absence of vulnerabilities used by known forms of attack against server hosts.
B. The ability to allow administrative activities to all users.
C. The ability to
B
11. How can an e-mail administrator prevent malicious users from sending e-mails from non-existent domains?

A. Enable DNS (Domain Name Service) reverse lookup on the e- mail server.
B. Enable DNS (Domain Name Service) forward lookup on t
A
12. A network attack that misuses TCP's (Transmission Control Protocol) three way handshake to overload servers and deny access to legitimate users is called a:

A. Man in the middle.
B. Smurf
C. Teardrop
D. SYN (Synchronize)
D
13. Which of the following options describes a challenge -response session?

A. A workstation or system that generates a random challenge string that the user enters when prompted along with the proper PIN (Personal Identification Number).
A
14. A server placed into service for the purpose of attracting a potential intruder's attention is known as a:

A. Honey pot
B. Lame duck
C. Teaser
D. Pigeon
A
15. A network administrator wants to restrict internal access to other parts of the network. The network restrictions must be implemented with the least amount of administrative overhead and must be hardware based.
What is the best solution?
B
16. Which one of the following would most likely lead to a CGI (Common Gateway Interface) security problem?

A. HTTP (Hypertext Transfer Protocol) protocol.
B. Compiler or interpreter that runs the CGI (Common Gateway Interface) script.
D
17. SSL (Secure Sockets Layer) session keys are available in what two lengths?

A. 40-bit and 64-bit.
B. 40-bit and 128-bit.
C. 64-bit and 128-bit.
D. 128-bit and 1,024-bit.
B
18. Which access control method provides the most granular access to protected objects?

A. Capabilities
B. Access control lists
C. Permission bits
D. Profiles
B
19. The primary DISADVANTAGE of symmetric cryptography is:

A. Speed
B. Key distribution
C. Weak algorithms
D. Memory management
B
20. Missing audit log entries most seriously affect an organization's ability to:

A. Recover destroyed data.
B. Legally prosecute an attacker.
C. Evaluate system vulnerabilities.
D. Create reliable system backups.
B
21. File encryption using symmetric cryptography satisfies what security requirement?

A. Confidentiality
B. Access control
C. Data integrity
D. Authentication
D
22. Which of the following provides privacy, data integrity and authentication for handles devices in a wireless network environment?

A. WEP (Wired Equivalent Privacy)
B. WAP (Wireless Application Protocol)
C. WSET (Wireless Secure
D
23. The integrity of a cryptographic system is considered compromised if which of the following conditions exist?

A. A 40-bit algorithm is used for a large financial transaction.
B. The public key is disclosed.
C. The private key is
C
24. The system administrator concerned about security has designated a special area in which to place the web server away from other servers on the network.
This area is commonly known as the?

A. Honey pot
B. Hybrid subnet
C.
C
25. An administrator of a web server notices many port scans to a server. To limit exposure and vulnerability exposed by these port scans the administrator should:

A. Disable the ability to remotely scan the registry.
B. Leave all proces
D
26. Which encryption scheme relies on both the sender and receiver to use different keys to encrypt and decrypt messages?

A. Symmetric
B. Blowfish
C. Skipjack
D. Asymmetric
D
27. Which tunneling protocol only works on IP networks?

A. IPX
B. L2TP
C. PPTP
D. SSH
C
28. What functionality should be disallowed between a DNS server and untrusted node?

A. name resolutions
B. reverse ARP requests
C. system name resolutions
D. zone transfers
D
29. A document written by the CEO that outlines PKI use, management and deployment is a: _______.

A. PKI policy
B. PKI procedure
C. PKI practice
D. best practices guideline
A
30. Which one does not use Smart Card Technology?

A. CD Player
B. Cell Phone
C. Satellite Cards
D. Handheld Computer
A
31. What port does SNMP use?

A. 21
B. 161
C. 53
D. 49
B
32. What port does TACACS use?

A. 21
B. 161
C. 53
D. 49
D
33. What type of authentication may be needed when a stored key and memorized password are not strong enough and additional layers of security is needed?

A. Mutual
B. Multi-factor
C. Biometric
D. Certificate
B
34. You are the first to arrive at a crime scene in which a hacker is accessing unauthorized data on a file server from across the network.
To secure the scene, which of the followings actions should you perform?

A. Prevent members of t
A,D
35. You are the first person to arrive at a crime scene. An investigator and crime scene technician arrive afterwards to take over the investigation.
Which of the following tasks will the crime scene technician be responsible for performing?
D
36. A ___________ occurs when a string of data is sent to a buffer that is larger than the buffer was designed to handle.

A. Brute Force attack
B. Buffer owerflow
C. Man in the middle attack
D. Blue Screen of Death
E. SYN
B
37. Packet sniffing can be used to obtain username and password information in clear text from which one of the following?

A. SSH (Secure Shell)
B. SSL (Secure Sockets Layer)
C. FTP (File Transfer Protocol)
D. HTTPS (Hypertext
C
38. A company uses WEP (Wired Equivalent Privacy) for wireless security.
Who may authenticate to the company's access point?

A. Only the administrator.
B. Anyone can authenticate.
C. Only users within the company.
D. Only
D
39. As the Security Analyst for your companies network, you become aware that your systems may be under attack. This kind of attack is a DOS attack and the exploit sends more traffic
to a node than anticipated. What kind of attack is this?
<
D
40. Following a disaster, while returning to the original site from an alternate site, the first process to resume at the original site would be the:

A. Least critical process
B. Most critical process.
C. Process most expensive to m
A
41. In order to establish a secure connection between headquarters and a branch office over a public network, the router at each location should be configured to use IPSec (Internet Protocol Security) in .......... mode.

A. Secure
B. Tun
B
42. The primary purpose of NAT (Network Address Translation) is to:

A. Translate IP (Internet Protocol) addresses into user friendly names.
B. Hide internal hosts from the public network.
C. Use on public IP (Internet Protocol) addr
B
43. Users of Instant Messaging clients are especially prone to what?

A. Theft of root user credentials.
B. Disconnection from the file server.
C. Hostile code delivered by file transfer.
D. Slow Internet connections.
C
44. Which two of the following are symmetric-key algorithms used for encryption?

A. Stream-cipher
B. Block
C. Public
D. Secret
A,B
45. Computer forensics experts collect and analyze data using which of the following guidelines so as to minimize data loss?

A. Evidence
B. Chain of custody
C. Chain of command
D. Incident response
B
46. A DMZ (Demilitarized Zone) typically contains:

A. A customer account database
B. Staff workstations
C. A FTP (File Transfer Protocol) server
D. A SQL (Structured Query Language) based database server
C
47. What kind of attack is a type of security breach to a computer system that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system?

A. CRL
B. DOS
C. ACL
D. MD
B
48. User A needs to send a private e-mail to User B. User A does not want anyone to have the ability to read the e-mail except for User B, thus retaining privacy.
Which tenet of information security is User A concerned about?

A. Authent
C
49. You are researching the ARO and need to find specific data that can be used for risk assessment.
Which of the following will you use to find information?

A. Insurance companies
B. Stockbrokers
C. Manuals included with soft
A
50. Giving each user or group of users only the access they need to do their job is an example of which security principal?

A. Least privilege
B. Defense in depth
C. Separation of duties
D. Access control
A
51. Documenting change levels and revision information is most useful for:

A. Theft tracking
B. Security audits
C. Disaster recovery
D. License enforcement
C
52. One way to limit hostile sniffing on a LAN (Local Area Network is by installing:

A. An ethernet switch.
B. An ethernet hub.
C. A CSU/DSU (Channel Service Unit/Data Service Unit).
D. A firewall.
A
53. Notable security organizations often recommend only essential services be provided by a particular host, and any unnecessary services be disabled.
Which of the following does NOT represent a reason supporting this recommendation?

A.
D
54. Which of the following backup methods copies only modified files since the last full backup?

A. Full
B. Differential
C. Incremental
D. Archive
B
55. You are compiling estimates on how much money the company could lose if a risk occurred one time in the future.
Which of the following would these amounts represent?

A. ARO
B. SLE
C. ALE
D. Asset identification
B
56. The term "due care" best relates to:

A. Policies and procedures intended to reduce the likelihood of damage or injury.
B. Scheduled activity in a comprehensive preventative maintenance program.
C. Techniques and method
A
57. Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies.
What type of encryption is it from the list below?

A. WTLS
B. Symmetric
C. Multifa
B
58. You are the first person to respond to the scene of an incident involving a computer being hacked. After determining the scope of the crime scene and securing it, you attempt to preserve evidence at the scene.
Which of the following tasks will
A,B
59. At what stage of an assessment would an auditor test systems for weaknesses and attempt to defeat existing encryption, passwords and access lists?

A. Penetration
B. Control
C. Audit planning
D. Discovery
A
60. When examining the server's list of protocols that are bound and active on each network interface card, the network administrator notices a relatively large number of protocols.
Which actions should be taken to ensure network security?
C
61. Which of the following describes the concept of data integrity?

A. A means of determining what resources a user can use and view.
B. A method of security that ensures all data is sequenced, and numbered.
C. A means of minimizing
B
62. In a decentralized privilege management environment, user accounts and passwords are stored on:

A. One central authentication server.
B. Each individual server.
C. No more than two servers.
D. One server configured for dece
B
63. In context of wireless networks, WEP (Wired Equivalent Privacy) was designed to:

A. Provide the same level of security as a wired LAN (Local Area Network).
B. Provide a collision preventive method of media access.
C. Provide a w
A
64. What two functions does IPSec perform? (Choose two)

A. Provides the Secure Shell (SSH) for data confidentiality.
B. Provides the Password Authentication Protocol (PAP) for user authentication.
C. Provides the Authentication Head
C,F
65. A primary drawback to using shared storage clustering for high availability and disaster recover is:

A. The creation of a single point of vulnerability.
B. The increased network latency between the host computers and the RAID (Redund
A
66. What are two common methods when using a public key infrastructure for maintaining access to servers in a network?

A. ACL and PGP.
B. PIM and CRL.
C. CRL and OCSP.
D. RSA and MD2
C
67. After installing a new operating system, what configuration changes should be implemented?

A. Create application user accounts.
B. Rename the guest account.
C. Rename the administrator account, disable the guest accounts.
D
C
68. Users who configure their passwords using simple and meaningful things such as pet names or birthdays are subject to having their account used by an intruder after what type of attack?

A. Dictionary attack
B. Brute Force attack
A
69. By definition, how many keys are needed to lock and unlock data using symmetric- key encryption?

A. 3+
B. 2
C. 1
D. 0
C
70. What kind of attack are hashed password vulnerable to?

A. Man in the middle.
B. Dictionary or brute force.
C. Reverse engineering.
D. DoS (Denial of Service)
B
71. What is one advantage if the NTFS file system over the FAT16 and FAT32 file systems?

A. Integral support for streaming audio files.
B. Integral support for UNIX compatibility.
C. Integral support for dual-booting with Red Hat Li
D
72. You have identified a number of risks to which your company's assets are exposed, and want to implement policies, procedures, and various security measures.
In doing so, what will be your objective?

A. Eliminate every threat that ma
B
73. Which of the following results in a domain name server resolving the domain name to a different and thus misdirecting Internet traffic?

A. DoS (Denial of Service)
B. Spoofing
C. Brure force attack
D. Reverse DNS (Domain Nam
B
74. Active detection IDS systems may perform which of the following when a unauthorized connection attempt is discovered? (Choose all that apply)

A. Inform the attacker that he is connecting to a protected network.
B. Shut down the serve
B,D
75. Honey pots are useful in preventing attackers from gaining access:

A. to critical systems
B. all systems
C. It depends on the style of attack used
D. it depends upon the PKI
A
76. An autonomous agent that copies itself into one or more host programs, then propagates when the host is run, is best described as a:

A. Trojan horse
B. Back door
C. Logic bomb
D. Virus
D
77. What technology was originally designed to decrease broadcast traffic but is also beneficial in reducing the likelihood of having information compromised by sniffers?

A. VPN (Virtual Private Network)
B. DMZ (Demilitarized Zone)
C
78. Of the following services, which one determines what a user can change or view?

A. Data integrity
B. Data confidentiality
C. Data authentication
D. Access control
D
79. IMAP4 requires port ___________ to be open.

A. 80
B. 53
C. 22
D. 21
E. 23
F. 25
G. 110
H. 143
I. 443
H
80. What are access decisions based on in a MAC (Mandatory Access Control) environment?

A. Access control lists
B. Ownership
C. Group membership
D. Sensitivity labels
D
81. As the Security Analyst for your companies network, you want to implement AES. What algorithm will it use?

A. Rijndael
B. Nagle
C. Spanning Tree
D. PKI
A
82. When securing a FTP (File Transfer Protocol) server, what can be done to ensure that only authorized users can access the server?

A. Allow blind authentication.
B. Disable anonymous authentication.
C. Redirect FTP (File Transfer
B
83. Asymmetric cryptography ensures that:

A. Encryption and authentication can take place without sharing private keys.
B. Encryption of the secret key is performed with the fastest algorithm available.
C. Encryption occurs only whe
A
84. You are promoting user awareness in forensics, so users will know what to do when incidents occur with their computers.
Which of the following tasks should you instruct users to perform when an incident occurs? (Choose all that apply)
B,C
85. When a session is initiated between the Transport Control Program (TCP) client and server in a network, a very small buffer space exist to handle the usually rapid "hand-shaking" exchange of messages that sets up the session.
What kin
B
86. A program that can infect other programs by modifying them to include a version of itself is a:

A. Replicator
B. Virus
C. Trojan horse
D. Logic bomb
B
87. A collection of information that includes login, file access, other various activities, and actual or attempted legitimate and unauthorized violations is a(n):

A. Audit
B. ACL (Access Control List)
C. Audit trail
D. Syslog
C
88. Forensic procedures must be followed exactly to ensure the integrity of data obtained in an investigation.
When making copies of data from a machine that us being examined, which of the following tasks should be done to ensure it is an exact du
A
89. DAC (Discretionary Access Control) system operate which following statement:

A. Files that don't have an owner CANT NOT be modified.
B. The administrator of the system is an owner of each object.
C. The operating system is an ow
D
90. You have decided to implement biometrics as part of your security system. Before purchasing a locking system that uses biometrics to control access to secure areas, you need to decide what will be used to authenticate users.
Which of the follow
C
91. As the Security Analyst for your companies network, you want to implement Single Signon technology.
What benefit can you expect to get when implementing Single Signon?

A. You will need to log on twice at all times.
B. You can a
D
92. Many intrusion detection systems look for known patterns or ______ to aid in detecting attacks.

A. Viruses
B. Signatures
C. Hackers
D. Malware
B
93. What type of authentication may be needed when a stored key and memorized password are not strong enough and additional layers of security is needed?

A. Mutual
B. Multi-factor
C. Biometric
D. Certificate
B
94. You are the first to arrive at a crime scene in which a hacker is accessing unauthorized data on a file server from across the network.
To secure the scene, which of the followings actions should you perform?

A. Prevent members of t
A,D
95. You are the first person to arrive at a crime scene. An investigator and crime scene technician arrive afterwards to take over the investigation.
Which of the following tasks will the crime scene technician be responsible for performing?
D
96. The defacto IT (Information Technology) security evaluation criteria for the international community is called?

A. Common Criteria
B. Global Criteria
C. TCSEC (Trusted Computer System Evaluation Criteria)
D. ITSEC (Informat
A
97. Which of the following is a technical solution that supports high availability?

A. UDP (User Datagram Protocol)
B. Anti-virus solution
C. RAID (Redundant Array of Independent Disks)
D. Firewall
C
98. Which of the following is an example of an asymmetric algorithm?

A. CAST (Carlisle Adams Stafford Tavares)
B. RC5 (Rivest Cipher 5)
C. RSA (Rivest Shamir Adelman)
D. SHA-1 (Secure Hashing Algorithm 1)
C
99. Dave is increasing the security of his Web site by adding SSL (Secure Sockets Layer).
Which type of encryption does SSL use?

A. Asymmetric
B. Symmetric
C. Public Key
D. Secret
B
100. What would NOT improve the physical security of workstations?

A. Lockable cases, keyboards, and removable media drives.
B. Key or password protected configuration and setup.
C. Password required to boot.
D. Strong password
D
101. What are the four major components of ISAKMP (Internet Security Association and Key Management Protocol)?

A. Authentication of peers, threat management, communication ma nagement, and cryptographic key establishment.
B. Authenticati
C
102. Security training should emphasise that the weakest links in the security of an organization are typically:

A. Firewalls
B. Polices
C. Viruses
D. users
D
103. IEEE (Institute of Electrical and Electronics Engineers) 802.11b is capable of providing data rates of:

A. 10 Mbps (Megabits per second)
B. 10.5 Mbps (Megabits per second)
C. 11 Mbps (Megabits per second)
D. 12 Mbps (Megab
C
104. The standard encryption algorithm based on Rijndael is known as:

A. AES (Advanced Encryption Standard)
B. 3DES (Triple Data Encryption Standard)
C. DES (Data Encryption Standard)
D. Skipjack
A
105. Security controls may become vulnerabilities in a system unless they are:

A. Designed and implemented by the system vendor.
B. Adequately tested.
C. Implemented at the application layer in the system.
D. Designed to use mu
B
106. Which of the following is considered the best technical solution for reducing the treat of a man in the middle attack?

A. Virtual LAN (Local Area Network)
B. GRE (Generic Route Encapsulation) tunnel IPIP (Internet Protocol- within-
C
107. Access controls based on security labels associated with each data item and each user are known as:

A. MACs (Mandatory Access Control)
B. RBACs (Role Based Access Control)
C. LBACs (List Based Access Control)
D. DACs (Disc
A
108. An extranet would be best defined as an area or zone:

A. Set aside for business to store extra servers for internal use.
B. Accessible to the general public for accessing the business' web site.
C. That allows a business to sec
C
109. What authentication problem is addressed by single sign on?

A. Authorization through multiple servers.
B. Multiple domains.
C. Multi-factor authentication.
D. Multiple usernames and passwords.
D
110. An administrator is concerned with viruses in e-mail attachments being distributed and inadvertently installed on user's workstations.
If the administrator sets up and attachment filter, what types of attachments should be filtered from e-mail
D
111. When an ActiveX control is executed, it executes with the privileges of the:

A. Current user account
B. Administrator account
C. Guest account
D. System account
A
112. IDEA (International Data Encryption Algorithm), Blowfish, RC5 (Rivest Cipher 5) and CAST-128 are encryption algorithms of which type?

A. Symmetric
B. Asymmetric
C. Hashing
D. Elliptic curve
A
113. An example of a physical access barrier would be:

A. Video surveillance
B. Personnel traffic pattern management
C. Security guard
D. Motion detector
C
114. Which of the following is likely to be found after enabling anonymous FTP (File Transfer Protocol) read/write access?

A. An upload and download directory for each user.
B. Detailed logging information for each user.
C. Storage
C
115. A network attack method that uses ICMP (Internet Control Message Protocol) and improperly formatted MTUs (Maximum Transmission Unit) to crash a target computer is known as a:

A. Man in the middle attack
B. Smurf attack
C. Ping
C
116. What is NOT an acceptable use for smart card technology?

A. Mobile telephones
B. Satellite television access cards
C. A PKI (Public Key Infrastructure) token card shared by multiple users
D. Credit cards
C
117. An effective method of preventing computer viruses from spreading is to:

A. Require root/administrator access to run programs.
B. Enable scanning of e-mail attachments.
C. Prevent the execution of .vbs files.
D. Install a
B
118. A PKI (Public Key Infrastructure) document that serves as the vehicle on which to base common interoperability standards and common assurance criteria on an industry wide basis is a certificate:

A. Policy
B. Practice
C. Procedu
A
119. Currently, the most costly method of an authentication is the use of:

A. Passwords
B. Tokens
C. Biometrics
D. Shared secrets
C
120. Which systems should be included in a disaster recover plan?

A. All systems.
B. Those identified by the board of directors, president or owner.
C. Financial systems and human resources systems.
D. Systems identified in a f
D
121. What is the best defense against man in the middle attacks?

A. A firewall
B. Strong encryption
C. Strong authentication
D. Strong passwords
B
122. One of the most effective ways for an administrator to determine what security holes reside on a network is to:

A. Perform a vulnerability