SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When was NTLMv2 first introduced?
1. DES - 64-bit block - 56-bit key - 16 rounds 2. 3DES - DES is used 3 times with 3 different keys 3. AES - 128-bit block - 128/192-bit key - 10/12/14 rounds 4. AES256 - AES used with a 256-bit key 5. RC5 - 32/64/128-bit block - 0-2040 key - 0-255 ro
A combination of files geared - towards fixing one or more security issues with a given piece of software. Note that hotfixes are usually created shortly after a security hole is identified.
1. Technology Weakness 2. Configuration Weakness 3. Policy Weakness 4. Human Error or Malice
In Windows NT 4 SP4.
2. LDAP port number
23
A program that appears to be harmless but delivers malicious code to a computer NetBUS and BackOrrifice are two of the most popular trojans - they are typically embedded in benign looking programs - when the programs are executed a backdoor to the sy
In Windows NT 4 SP4.
389
3. SSH port number
Through the use of digital signatures
1. DES - 64-bit block - 56-bit key - 16 rounds 2. 3DES - DES is used 3 times with 3 different keys 3. AES - 128-bit block - 128/192-bit key - 10/12/14 rounds 4. AES256 - AES used with a 256-bit key 5. RC5 - 32/64/128-bit block - 0-2040 key - 0-255 ro
A program that appears to be harmless but delivers malicious code to a computer NetBUS and BackOrrifice are two of the most popular trojans - they are typically embedded in benign looking programs - when the programs are executed a backdoor to the sy
22
4. Secure Email Protocols
1. S/MIME - Secure Multipurpose Internet Mail Extension 2. PGP - Pretty Good Privacy
X.509 is the standard that covers PKI
Yes a VLAN can provide scalability because it is configured via software not hardware.
A system that has been compromised by malware and can be remote controlled by another computer during an attack - usually a DDoS attack. Zombies are also known as bots or network robots.
5. What is the SLE (Single Loss Expectancy)?
Unsolicited Bulk Email or SPAM
The asset value multiplied by the exposure factor asset value x exposure factor = SLE
3389
1. Offline/Standby - Power is taken from the AC source (wall) until a power failure occurs then it is switched to the battery. 2. Online (Double Conversion/Delta Conversion) - Power is taken from the battery at all times. 3. Line Interactive - Power
6. Human Behaviors that Social Engineering Will Exploit
1. Trust 2. Fear 3. Lack of konwledge
1. John the Ripper 2. Cain & Abel 3. THC Hydra
No - all hosts on a VLAN do not have to be connected to the same switch - a VLAN can span multiple switches.
23
7. What is a Rootkit?
1. Something you know2. Something you have 3. Something you are
A tool used to extract NTLM and LANMAN hashes from a Windows based targeted host.
An incremental backup backs up only those files that have changed since the backup of any type - and is quicker to complete the backup.
A rootkit is a form of malicious software that grants full system control to the user. The term comes from the UNIX/Linux environment - where the highest level of system administrator is called the root user.
8. What is a hotfix?
1. Online - The most available type of storage. Disk containing data is attached to the network or a system that is attached to the network. Examples include normal backup disk - RAID - and SAN. No direct physical human interaction is required to get
1. Represent the configuration of the system(s) to be tested. 2. Analyze the system(s) 3. Report the results
C:Windowssystem32driversetcservices
A combination of files geared - towards fixing one or more security issues with a given piece of software. Note that hotfixes are usually created shortly after a security hole is identified.
9. How do you ensure an email comes from the person it advertises as being the sender?
1. S/MIME - Secure Multipurpose Internet Mail Extension 2. PGP - Pretty Good Privacy
A rootkit is a form of malicious software that grants full system control to the user. The term comes from the UNIX/Linux environment - where the highest level of system administrator is called the root user.
Use a solution that supports nonrepudiation
X.500 is the standard that covers LDAP
10. Remote Desktop port number
The asset value multiplied by the exposure factor asset value x exposure factor = SLE
PGP can be used to both encrypt and digitally sign emails - because it can be used to digitally sign emails it provides nonrepudiation.
A tool used to extract NTLM and LANMAN hashes from a Windows based targeted host.
3389
11. Examples of Social Engineering Attacks
1. Phishing 2. Hoaxes 3. Dumpster Diving 4. Shoulder Surfing
The name of the file that tracks expired certificates is the CRL (Certificate Revocation List).
PGP can be used to both encrypt and digitally sign emails - because it can be used to digitally sign emails it provides nonrepudiation.
If one application is deployed to 100 workstations it needs to be patched 100 times but if the same application is deployed to 1 shared virtual host it only needs to be patched once.
12. In a Windows Doamin - How is a GPO Applied?
A combination of files geared - towards fixing one or more security issues with a given piece of software. Note that hotfixes are usually created shortly after a security hole is identified.
1. Local computer GPO 2. Local administrator and non-administrator GPOs 3. Local user-specific GPO 4. Site GPO 5. Domain GPO 6. Organizational Unit GPO(s)
A differential backup backs up all files that have changed since the last full backup - and is quicker to restore than multiple incremental backups.
67 - 68
13. PPTP port number
1. S/MIME - Secure Multipurpose Internet Mail Extension 2. PGP - Pretty Good Privacy
A system that has been compromised by malware and can be remote controlled by another computer during an attack - usually a DDoS attack. Zombies are also known as bots or network robots.
1723
Are the same thing.
14. Can PGP be used to provide nonrepudiation?
Bastion Host
1701
1. LM - Local Area Network Manager (Used in XP and before - DES is the hash) 2. NTLMv1/v2 - New Technology LANMAN (Used in Vista - 7 - and Server 2008) 3. Kerberos - Used in Active Directory
PGP can be used to both encrypt and digitally sign emails - because it can be used to digitally sign emails it provides nonrepudiation.
15. How does an online/double conversion UPS provide power?
16. How does a differential backup work?
1701
1. Diffe-Hellman 2. Elliptic Curve (EC) 3. ElGamal 4. RSA - Rivest - Shamir - Aldeman 5. DSA - Digital Signature Algorithm
A differential backup backs up all files that have changed since the last full backup - and is quicker to restore than multiple incremental backups.
1. Voluntary Tunnel 2. Compulsory Tunnel - Incoming Call 3. Compulsory Tunnel - Remote Dial 4. Multi-Hop Connection Tunnel
17. How can you introduce nonrepudiation and authentication to Mutual SSL client authentication?
A rootkit is a form of malicious software that grants full system control to the user. The term comes from the UNIX/Linux environment - where the highest level of system administrator is called the root user.
Through the use of digital signatures
119
49
18. NNTP port number
The asset value multiplied by the exposure factor asset value x exposure factor = SLE
119
143
1. PPTP - Point to Point Tunneling Protocol 2. L2TP - Layer 2 Tunneling Protocol 3. IPSEC - Internet Protocol Security used to provide encryption for L2TP
19. L2TP port number
80
1701
A program that appears to be harmless but delivers malicious code to a computer NetBUS and BackOrrifice are two of the most popular trojans - they are typically embedded in benign looking programs - when the programs are executed a backdoor to the sy
1. Diffe-Hellman 2. Elliptic Curve (EC) 3. ElGamal 4. RSA - Rivest - Shamir - Aldeman 5. DSA - Digital Signature Algorithm
20. IMAP port number
Yes a VLAN can provide scalability because it is configured via software not hardware.
143
110
1. Voluntary Tunnel 2. Compulsory Tunnel - Incoming Call 3. Compulsory Tunnel - Remote Dial 4. Multi-Hop Connection Tunnel
21. The 3 Ss
1. Dictionary 2. Brute Force 3. Rainbow Tables 4. Masked Attack
An incremental backup backs up only those files that have changed since the backup of any type - and is quicker to complete the backup.
23
1. Something you know2. Something you have 3. Something you are
22. DNS port number
53
Bastion Host
X.509 is the standard that covers PKI
1. Dynamic NAT - A private IP address is mapped to a public IP address drawing from a pool of registered public IP addresses (one-to-many). 2. Static NAT - A private IP address is mapped to a public IP address the public IP address that is being mapp
23. User Account Control (UAC) is an Example of
1. Represent the configuration of the system(s) to be tested. 2. Analyze the system(s) 3. Report the results
1. Elevation Prompt 2. Privilege Elevation
A differential backup backs up all files that have changed since the last full backup - and is quicker to restore than multiple incremental backups.
C:Windowssystem32driversetcservices
24. The Primary Causes of Compromised Security
In Windows NT 4 SP4.
1. Online - The most available type of storage. Disk containing data is attached to the network or a system that is attached to the network. Examples include normal backup disk - RAID - and SAN. No direct physical human interaction is required to get
An offline UPS remains idle until AC power is lost then it uses its' internal battery to provide power to attached equipment.
1. Technology Weakness 2. Configuration Weakness 3. Policy Weakness 4. Human Error or Malice
25. DHCP port number
A tool used to extract NTLM and LANMAN hashes from a Windows based targeted host.
67 - 68
1. Technology Weakness 2. Configuration Weakness 3. Policy Weakness 4. Human Error or Malice
25
26. What do digital signatures prove?
No - all hosts on a VLAN do not have to be connected to the same switch - a VLAN can span multiple switches.
The integrity of a message.
1. Technology Weakness 2. Configuration Weakness 3. Policy Weakness 4. Human Error or Malice
1. MAC - Mandatory Access Control 2. DAC - Discretionary Access Control 3. RBAC - Role-Based Access Control 4. NAC - Network Access Control 5. Physical
27. What is the name of Vista's hard drive encryption technology?
53
BitLocker
X.500 is the standard that covers LDAP
1. True Positive - Correctly identifies an attack 2. True Negative - Correctly identifies legitimate traffic 3. False Positive - Incorrectly identifies legitimate traffic as an attack 4. False Negative - Incorrectly identifies an attack as legitimate
28. HTTPS port number
443
1. Phishing 2. Hoaxes 3. Dumpster Diving 4. Shoulder Surfing
1. MAC - Mandatory Access Control 2. DAC - Discretionary Access Control 3. RBAC - Role-Based Access Control 4. NAC - Network Access Control 5. Physical
1. Dictionary 2. Brute Force 3. Rainbow Tables 4. Masked Attack
29. The Goals of Security
22
143
A system that has been compromised by malware and can be remote controlled by another computer during an attack - usually a DDoS attack. Zombies are also known as bots or network robots.
1. Confidentiality 2. Integrity 3. Availability
30. UPS Types
1. Offline/Standby - Power is taken from the AC source (wall) until a power failure occurs then it is switched to the battery. 2. Online (Double Conversion/Delta Conversion) - Power is taken from the battery at all times. 3. Line Interactive - Power
A differential backup backs up all files that have changed since the last full backup - and is quicker to restore than multiple incremental backups.
1. True Positive - Correctly identifies an attack 2. True Negative - Correctly identifies legitimate traffic 3. False Positive - Incorrectly identifies legitimate traffic as an attack 4. False Negative - Incorrectly identifies an attack as legitimate
1701
31. How does an offline UPS provide power?
32. A web server that is located outside the DMZ is known as a...
Bastion Host
BitLocker
The integrity of a message.
1. PPTP - Point to Point Tunneling Protocol 2. L2TP - Layer 2 Tunneling Protocol 3. IPSEC - Internet Protocol Security used to provide encryption for L2TP
33. What is the standard that covers PKI?
1. Dictionary 2. Brute Force 3. Rainbow Tables 4. Masked Attack
49
It can be identified by the use of a single quote character which is used to signal to the web server that what follows is a SQL query.
X.509 is the standard that covers PKI
34. IDS/IPS Alerts
The asset value multiplied by the exposure factor asset value x exposure factor = SLE
Yes because all hosts connected to a VLAN are in the same broadcast domain - and DHCP works based on broadcast packets.
C:Windowssystem32driversetcservices
1. True Positive - Correctly identifies an attack 2. True Negative - Correctly identifies legitimate traffic 3. False Positive - Incorrectly identifies legitimate traffic as an attack 4. False Negative - Incorrectly identifies an attack as legitimate
35. SMTP port number
25
A system that has been compromised by malware and can be remote controlled by another computer during an attack - usually a DDoS attack. Zombies are also known as bots or network robots.
Here the administrator creates resource access policies and the users cannot modify them. These policies in turn will dictate which user(s) have access to which resource(s).
BitLocker
36. Password Attacks
67 - 68
An offline UPS remains idle until AC power is lost then it uses its' internal battery to provide power to attached equipment.
1. Online - The most available type of storage. Disk containing data is attached to the network or a system that is attached to the network. Examples include normal backup disk - RAID - and SAN. No direct physical human interaction is required to get
1. Dictionary 2. Brute Force 3. Rainbow Tables 4. Masked Attack
37. Telnet port number
23
A combination of files geared - towards fixing one or more security issues with a given piece of software. Note that hotfixes are usually created shortly after a security hole is identified.
C:Windowssystem32driversetcservices
Through the use of digital signatures
38. Types of Firewalls
C:Windowssystem32driversetcservices
1. SPI - Stateful Packet Inspection firewall 2. Stateless firewall
An offline UPS remains idle until AC power is lost then it uses its' internal battery to provide power to attached equipment.
1. MAC - Mandatory Access Control 2. DAC - Discretionary Access Control 3. RBAC - Role-Based Access Control 4. NAC - Network Access Control 5. Physical
39. What is the standard that covers LDAP?
1. MD4 - Message Digest 4 (128-bit digest) 2. MD5 - Message Digest 5 (128-bit digest - used in NTLMv2) 3. SHA - Secure Hashing Algorithm (160/256/512-bit digest)
X.500 is the standard that covers LDAP
80
A system that has been compromised by malware and can be remote controlled by another computer during an attack - usually a DDoS attack. Zombies are also known as bots or network robots.
40. In PKI what is the name of the file that tracks expired certificates?
A combination of files geared - towards fixing one or more security issues with a given piece of software. Note that hotfixes are usually created shortly after a security hole is identified.
119
389
The name of the file that tracks expired certificates is the CRL (Certificate Revocation List).
41. Steps in the OVAL Assessment Process
1. John the Ripper 2. Cain & Abel 3. THC Hydra
1. Represent the configuration of the system(s) to be tested. 2. Analyze the system(s) 3. Report the results
It can be identified by the use of a single quote character which is used to signal to the web server that what follows is a SQL query.
1. Phishing 2. Hoaxes 3. Dumpster Diving 4. Shoulder Surfing
42. What is a Zombie?
It can be identified by the use of a single quote character which is used to signal to the web server that what follows is a SQL query.
1. DES - 64-bit block - 56-bit key - 16 rounds 2. 3DES - DES is used 3 times with 3 different keys 3. AES - 128-bit block - 128/192-bit key - 10/12/14 rounds 4. AES256 - AES used with a 256-bit key 5. RC5 - 32/64/128-bit block - 0-2040 key - 0-255 ro
25
A system that has been compromised by malware and can be remote controlled by another computer during an attack - usually a DDoS attack. Zombies are also known as bots or network robots.
43. What is PWDUMP?
25
It can be identified by the use of a single quote character which is used to signal to the web server that what follows is a SQL query.
A tool used to extract NTLM and LANMAN hashes from a Windows based targeted host.
Anything that impacts or edits the way in which a server/application responds/answers a user's request.
44. Asymmetric Key Ciphers
1. Diffe-Hellman - Used in key exchange 2. Elliptic Curve - Used in OpenSSL and Bouncy Castle for Java & C# - .Net framework. 3. ElGamal - Used in PGP and GNU Privacy Guard 4. RSA - One of the best known public key ciphers - it was developed at MIT.
Yes because all hosts connected to a VLAN are in the same broadcast domain - and DHCP works based on broadcast packets.
1. PPTP - Point to Point Tunneling Protocol 2. L2TP - Layer 2 Tunneling Protocol 3. IPSEC - Internet Protocol Security used to provide encryption for L2TP
The name of the file that tracks expired certificates is the CRL (Certificate Revocation List).
45. Weaknesses of Antivirus Software
1. Dynamic NAT - A private IP address is mapped to a public IP address drawing from a pool of registered public IP addresses (one-to-many). 2. Static NAT - A private IP address is mapped to a public IP address the public IP address that is being mapp
1. Signatures must be updated 2. Zero day exploits
Are the same thing.
1. Dictionary 2. Brute Force 3. Rainbow Tables 4. Masked Attack
46. How does an incremental backup work?
1. Trust 2. Fear 3. Lack of konwledge
1. Elevation Prompt 2. Privilege Elevation
An incremental backup backs up only those files that have changed since the backup of any type - and is quicker to complete the backup.
X.509 is the standard that covers PKI
47. What is THC Hydra?
1. DES - Data Encryption Standard 2. 3DES - Triple Data Encryption Standard 3. AES - Advanced Encryption Standard 4. AES256 - Advanced Encryption Standard 256-bit 5. RC5 - Rivest Cipher 5 6. RC6 - Rivest Cipher 6 7. Blowfish 8. IDEA - International D
A fast network authentication password cracker that can go after many different services.
Unsolicited Bulk Email or SPAM
A rootkit is a form of malicious software that grants full system control to the user. The term comes from the UNIX/Linux environment - where the highest level of system administrator is called the root user.
48. Does PGP rely on X.509 (Digital Certificates - PKI)?
PGP can be used to both encrypt and digitally sign emails - because it can be used to digitally sign emails it provides nonrepudiation.
1. Transport Mode - Packet data is encrypted but not the header information. 2. Tunnel Mode - Enitre packet (data & header information) is encrypted.
Earlier versions of PGP relied on public key cryptography but not X.509 - it used a web of trust instead. Current versions of PGP include both models through a key management server - X.509 using a hierarchical approach based on a Certificate Authori
Use a solution that supports nonrepudiation
49. Windows Password Authentication Protocols
The integrity of a message.
X.500 is the standard that covers LDAP
443
1. LM - Local Area Network Manager (Used in XP and before - DES is the hash) 2. NTLMv1/v2 - New Technology LANMAN (Used in Vista - 7 - and Server 2008) 3. Kerberos - Used in Active Directory
50. What is the difference between an online UPS and a double conversion UPS?
1. Diffe-Hellman 2. Elliptic Curve (EC) 3. ElGamal 4. RSA - Rivest - Shamir - Aldeman 5. DSA - Digital Signature Algorithm
Are the same thing.
PGP can be used to both encrypt and digitally sign emails - because it can be used to digitally sign emails it provides nonrepudiation.
A tool used to extract NTLM and LANMAN hashes from a Windows based targeted host.
Sorry, Topic not found.:)Seach or Brouse Basicversity:
Search
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests
//
//
