SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What is a hotfix?
Here the administrator creates resource access policies and the users cannot modify them. These policies in turn will dictate which user(s) have access to which resource(s).
A combination of files geared - towards fixing one or more security issues with a given piece of software. Note that hotfixes are usually created shortly after a security hole is identified.
23
1. MAC - Mandatory Access Control 2. DAC - Discretionary Access Control 3. RBAC - Role-Based Access Control 4. NAC - Network Access Control 5. Physical
2. What is the name of Vista's hard drive encryption technology?
1. True Positive - Correctly identifies an attack 2. True Negative - Correctly identifies legitimate traffic 3. False Positive - Incorrectly identifies legitimate traffic as an attack 4. False Negative - Incorrectly identifies an attack as legitimate
A tool used to extract NTLM and LANMAN hashes from a Windows based targeted host.
A differential backup backs up all files that have changed since the last full backup - and is quicker to restore than multiple incremental backups.
BitLocker
3. How do you ensure an email comes from the person it advertises as being the sender?
In Windows NT 4 SP4.
1. DES - 64-bit block - 56-bit key - 16 rounds 2. 3DES - DES is used 3 times with 3 different keys 3. AES - 128-bit block - 128/192-bit key - 10/12/14 rounds 4. AES256 - AES used with a 256-bit key 5. RC5 - 32/64/128-bit block - 0-2040 key - 0-255 ro
22
Use a solution that supports nonrepudiation
4. What is the standard that covers PKI?
BitLocker
X.509 is the standard that covers PKI
An offline UPS remains idle until AC power is lost then it uses its' internal battery to provide power to attached equipment.
(2^number of host bits)-2 = number of hosts
5. Can a VLAN provide scalability?
1. DES - Data Encryption Standard 2. 3DES - Triple Data Encryption Standard 3. AES - Advanced Encryption Standard 4. AES256 - Advanced Encryption Standard 256-bit 5. RC5 - Rivest Cipher 5 6. RC6 - Rivest Cipher 6 7. Blowfish 8. IDEA - International D
Yes a VLAN can provide scalability because it is configured via software not hardware.
In Windows NT 4 SP4.
49
6. HTTP port number
1. S/MIME - Secure Multipurpose Internet Mail Extension 2. PGP - Pretty Good Privacy
53
1. Access Control - MAC Filtering 2. Encryption - WEP - WPA - WPA2 3. Authentication - RADIUS 4. Isolation - VLANs
80
7. IDS/IPS Alerts
A rootkit is a form of malicious software that grants full system control to the user. The term comes from the UNIX/Linux environment - where the highest level of system administrator is called the root user.
1. True Positive - Correctly identifies an attack 2. True Negative - Correctly identifies legitimate traffic 3. False Positive - Incorrectly identifies legitimate traffic as an attack 4. False Negative - Incorrectly identifies an attack as legitimate
1701
1. Represent the configuration of the system(s) to be tested. 2. Analyze the system(s) 3. Report the results
8. LDAP port number
1. Diffe-Hellman 2. Elliptic Curve (EC) 3. ElGamal 4. RSA - Rivest - Shamir - Aldeman 5. DSA - Digital Signature Algorithm
389
1. DES - Data Encryption Standard 2. 3DES - Triple Data Encryption Standard 3. AES - Advanced Encryption Standard 4. AES256 - Advanced Encryption Standard 256-bit 5. RC5 - Rivest Cipher 5 6. RC6 - Rivest Cipher 6 7. Blowfish 8. IDEA - International D
1. Signatures must be updated 2. Zero day exploits
9. DHCP port number
No - all hosts on a VLAN do not have to be connected to the same switch - a VLAN can span multiple switches.
67 - 68
119
Unsolicited Bulk Email or SPAM
10. How does the MAC model work?
Here the administrator creates resource access policies and the users cannot modify them. These policies in turn will dictate which user(s) have access to which resource(s).
1. Offline/Standby - Power is taken from the AC source (wall) until a power failure occurs then it is switched to the battery. 2. Online (Double Conversion/Delta Conversion) - Power is taken from the battery at all times. 3. Line Interactive - Power
The name of the file that tracks expired certificates is the CRL (Certificate Revocation List).
X.509 is the standard that covers PKI
11. How could a shared virtual machine reduce the workload for IT staff?
1. Represent the configuration of the system(s) to be tested. 2. Analyze the system(s) 3. Report the results
If one application is deployed to 100 workstations it needs to be patched 100 times but if the same application is deployed to 1 shared virtual host it only needs to be patched once.
The asset value multiplied by the exposure factor asset value x exposure factor = SLE
An incremental backup backs up only those files that have changed since the backup of any type - and is quicker to complete the backup.
12. NNTP port number
PGP can be used to both encrypt and digitally sign emails - because it can be used to digitally sign emails it provides nonrepudiation.
119
The name of the file that tracks expired certificates is the CRL (Certificate Revocation List).
Bastion Host
13. Telnet port number
An offline UPS remains idle until AC power is lost then it uses its' internal battery to provide power to attached equipment.
An incremental backup backs up only those files that have changed since the backup of any type - and is quicker to complete the backup.
23
443
14. Examples of Social Engineering Attacks
119
A differential backup backs up all files that have changed since the last full backup - and is quicker to restore than multiple incremental backups.
X.509 is the standard that covers PKI
1. Phishing 2. Hoaxes 3. Dumpster Diving 4. Shoulder Surfing
15. What is output validation?
16. What is a Zombie?
1. S/MIME - Secure Multipurpose Internet Mail Extension 2. PGP - Pretty Good Privacy
1. Confidentiality 2. Integrity 3. Authentication 4. Nonrepudiation
67 - 68
A system that has been compromised by malware and can be remote controlled by another computer during an attack - usually a DDoS attack. Zombies are also known as bots or network robots.
17. Protocols Used for VPN
In Windows NT 4 SP4.
1. Represent the configuration of the system(s) to be tested. 2. Analyze the system(s) 3. Report the results
1. Diffe-Hellman - Used in key exchange 2. Elliptic Curve - Used in OpenSSL and Bouncy Castle for Java & C# - .Net framework. 3. ElGamal - Used in PGP and GNU Privacy Guard 4. RSA - One of the best known public key ciphers - it was developed at MIT.
1. PPTP - Point to Point Tunneling Protocol 2. L2TP - Layer 2 Tunneling Protocol 3. IPSEC - Internet Protocol Security used to provide encryption for L2TP
18. UPS Types
49
1. Offline/Standby - Power is taken from the AC source (wall) until a power failure occurs then it is switched to the battery. 2. Online (Double Conversion/Delta Conversion) - Power is taken from the battery at all times. 3. Line Interactive - Power
1. Something you know2. Something you have 3. Something you are
A fast network authentication password cracker that can go after many different services.
19. What formula is used to find the number of hosts?
A fast network authentication password cracker that can go after many different services.
1. Online - The most available type of storage. Disk containing data is attached to the network or a system that is attached to the network. Examples include normal backup disk - RAID - and SAN. No direct physical human interaction is required to get
(2^number of host bits)-2 = number of hosts
443
20. Asymmetric Key Ciphers
1. Diffe-Hellman - Used in key exchange 2. Elliptic Curve - Used in OpenSSL and Bouncy Castle for Java & C# - .Net framework. 3. ElGamal - Used in PGP and GNU Privacy Guard 4. RSA - One of the best known public key ciphers - it was developed at MIT.
80
110
Yes a VLAN can provide scalability because it is configured via software not hardware.
21. Remote Desktop port number
Unsolicited Bulk Email or SPAM
3389
1. Diffe-Hellman 2. Elliptic Curve (EC) 3. ElGamal 4. RSA - Rivest - Shamir - Aldeman 5. DSA - Digital Signature Algorithm
An online or double conversion UPS will charge it's battery and provide power to any connected devices at the same time.
22. What is the standard that covers LDAP?
Yes a VLAN can provide scalability because it is configured via software not hardware.
1. Dictionary 2. Brute Force 3. Rainbow Tables 4. Masked Attack
X.500 is the standard that covers LDAP
It can be identified by the use of a single quote character which is used to signal to the web server that what follows is a SQL query.
23. What is the SLE (Single Loss Expectancy)?
1. DES - Data Encryption Standard 2. 3DES - Triple Data Encryption Standard 3. AES - Advanced Encryption Standard 4. AES256 - Advanced Encryption Standard 256-bit 5. RC5 - Rivest Cipher 5 6. RC6 - Rivest Cipher 6 7. Blowfish 8. IDEA - International D
443
1. Represent the configuration of the system(s) to be tested. 2. Analyze the system(s) 3. Report the results
The asset value multiplied by the exposure factor asset value x exposure factor = SLE
24. Checksums
1. MD4 - Message Digest 4 (128-bit digest) 2. MD5 - Message Digest 5 (128-bit digest - used in NTLMv2) 3. SHA - Secure Hashing Algorithm (160/256/512-bit digest)
1. LM - Local Area Network Manager (Used in XP and before - DES is the hash) 2. NTLMv1/v2 - New Technology LANMAN (Used in Vista - 7 - and Server 2008) 3. Kerberos - Used in Active Directory
1. Authentication 2. Authorization 3. Accounting
1. Something you know2. Something you have 3. Something you are
25. Human Behaviors that Social Engineering Will Exploit
389
1. True Positive - Correctly identifies an attack 2. True Negative - Correctly identifies legitimate traffic 3. False Positive - Incorrectly identifies legitimate traffic as an attack 4. False Negative - Incorrectly identifies an attack as legitimate
1. Trust 2. Fear 3. Lack of konwledge
1. Confidentiality 2. Integrity 3. Availability
26. In Windows what is the path to the file that contains a list of well-known ports?
C:Windowssystem32driversetcservices
1. Authentication 2. Authorization 3. Accounting
1. LM - Local Area Network Manager (Used in XP and before - DES is the hash) 2. NTLMv1/v2 - New Technology LANMAN (Used in Vista - 7 - and Server 2008) 3. Kerberos - Used in Active Directory
A fast network authentication password cracker that can go after many different services.
27. How does a differential backup work?
A differential backup backs up all files that have changed since the last full backup - and is quicker to restore than multiple incremental backups.
Through the use of digital signatures
1. LM - Local Area Network Manager (Used in XP and before - DES is the hash) 2. NTLMv1/v2 - New Technology LANMAN (Used in Vista - 7 - and Server 2008) 3. Kerberos - Used in Active Directory
1. Trust 2. Fear 3. Lack of konwledge
28. Password Attacks
An incremental backup backs up only those files that have changed since the backup of any type - and is quicker to complete the backup.
1. Diffe-Hellman - Used in key exchange 2. Elliptic Curve - Used in OpenSSL and Bouncy Castle for Java & C# - .Net framework. 3. ElGamal - Used in PGP and GNU Privacy Guard 4. RSA - One of the best known public key ciphers - it was developed at MIT.
Bastion Host
1. Dictionary 2. Brute Force 3. Rainbow Tables 4. Masked Attack
29. What is UBE?
Unsolicited Bulk Email or SPAM
Through the use of digital signatures
A tool used to extract NTLM and LANMAN hashes from a Windows based targeted host.
1. Transport Mode - Packet data is encrypted but not the header information. 2. Tunnel Mode - Enitre packet (data & header information) is encrypted.
30. How does an incremental backup work?
A rootkit is a form of malicious software that grants full system control to the user. The term comes from the UNIX/Linux environment - where the highest level of system administrator is called the root user.
The integrity of a message.
An incremental backup backs up only those files that have changed since the backup of any type - and is quicker to complete the backup.
Through the use of digital signatures
31. Asymmetric Key Ciphers
Yes because all hosts connected to a VLAN are in the same broadcast domain - and DHCP works based on broadcast packets.
1. S/MIME - Secure Multipurpose Internet Mail Extension 2. PGP - Pretty Good Privacy
1. Dynamic NAT - A private IP address is mapped to a public IP address drawing from a pool of registered public IP addresses (one-to-many). 2. Static NAT - A private IP address is mapped to a public IP address the public IP address that is being mapp
1. Diffe-Hellman 2. Elliptic Curve (EC) 3. ElGamal 4. RSA - Rivest - Shamir - Aldeman 5. DSA - Digital Signature Algorithm
32. Windows Password Authentication Protocols
1. LM - Local Area Network Manager (Used in XP and before - DES is the hash) 2. NTLMv1/v2 - New Technology LANMAN (Used in Vista - 7 - and Server 2008) 3. Kerberos - Used in Active Directory
1. Online - The most available type of storage. Disk containing data is attached to the network or a system that is attached to the network. Examples include normal backup disk - RAID - and SAN. No direct physical human interaction is required to get
A fast network authentication password cracker that can go after many different services.
110
33. What do digital signatures prove?
The integrity of a message.
110
Earlier versions of PGP relied on public key cryptography but not X.509 - it used a web of trust instead. Current versions of PGP include both models through a key management server - X.509 using a hierarchical approach based on a Certificate Authori
Are the same thing.
34. Ways to Secure a WiFi Access Point
1. Confidentiality 2. Integrity 3. Availability
Yes because all hosts connected to a VLAN are in the same broadcast domain - and DHCP works based on broadcast packets.
119
1. Access Control - MAC Filtering 2. Encryption - WEP - WPA - WPA2 3. Authentication - RADIUS 4. Isolation - VLANs
35. The Goals of Security
An offline UPS remains idle until AC power is lost then it uses its' internal battery to provide power to attached equipment.
1. Confidentiality 2. Integrity 3. Availability
443
Here the administrator creates resource access policies and the users cannot modify them. These policies in turn will dictate which user(s) have access to which resource(s).
36. The Primary Causes of Compromised Security
Yes because all hosts connected to a VLAN are in the same broadcast domain - and DHCP works based on broadcast packets.
The asset value multiplied by the exposure factor asset value x exposure factor = SLE
1. Technology Weakness 2. Configuration Weakness 3. Policy Weakness 4. Human Error or Malice
1. Dictionary 2. Brute Force 3. Rainbow Tables 4. Masked Attack
37. DNS port number
1701
143
Bastion Host
53
38. Storage Types
23
1. Online - The most available type of storage. Disk containing data is attached to the network or a system that is attached to the network. Examples include normal backup disk - RAID - and SAN. No direct physical human interaction is required to get
No - all hosts on a VLAN do not have to be connected to the same switch - a VLAN can span multiple switches.
1. Local computer GPO 2. Local administrator and non-administrator GPOs 3. Local user-specific GPO 4. Site GPO 5. Domain GPO 6. Organizational Unit GPO(s)
39. How can you introduce nonrepudiation and authentication to Mutual SSL client authentication?
1. Local computer GPO 2. Local administrator and non-administrator GPOs 3. Local user-specific GPO 4. Site GPO 5. Domain GPO 6. Organizational Unit GPO(s)
A tool used to extract NTLM and LANMAN hashes from a Windows based targeted host.
PGP can be used to both encrypt and digitally sign emails - because it can be used to digitally sign emails it provides nonrepudiation.
Through the use of digital signatures
40. POP3 port number
1. Offline/Standby - Power is taken from the AC source (wall) until a power failure occurs then it is switched to the battery. 2. Online (Double Conversion/Delta Conversion) - Power is taken from the battery at all times. 3. Line Interactive - Power
119
110
443
41. Goals of Email Security
1. Confidentiality 2. Integrity 3. Authentication 4. Nonrepudiation
An online or double conversion UPS will charge it's battery and provide power to any connected devices at the same time.
143
Yes because all hosts connected to a VLAN are in the same broadcast domain - and DHCP works based on broadcast packets.
42. HTTPS port number
C:Windowssystem32driversetcservices
An online or double conversion UPS will charge it's battery and provide power to any connected devices at the same time.
An offline UPS remains idle until AC power is lost then it uses its' internal battery to provide power to attached equipment.
443
43. Can PGP be used to provide nonrepudiation?
PGP can be used to both encrypt and digitally sign emails - because it can be used to digitally sign emails it provides nonrepudiation.
1. Confidentiality 2. Integrity 3. Availability
1. True Positive - Correctly identifies an attack 2. True Negative - Correctly identifies legitimate traffic 3. False Positive - Incorrectly identifies legitimate traffic as an attack 4. False Negative - Incorrectly identifies an attack as legitimate
C:Windowssystem32driversetcservices
44. What is a Trojan?
C:Windowssystem32driversetcservices
A program that appears to be harmless but delivers malicious code to a computer NetBUS and BackOrrifice are two of the most popular trojans - they are typically embedded in benign looking programs - when the programs are executed a backdoor to the sy
1. Diffe-Hellman 2. Elliptic Curve (EC) 3. ElGamal 4. RSA - Rivest - Shamir - Aldeman 5. DSA - Digital Signature Algorithm
1. Diffe-Hellman - Used in key exchange 2. Elliptic Curve - Used in OpenSSL and Bouncy Castle for Java & C# - .Net framework. 3. ElGamal - Used in PGP and GNU Privacy Guard 4. RSA - One of the best known public key ciphers - it was developed at MIT.
45. Do all hosts on a VLAN have to be connected to the same switch?
No - all hosts on a VLAN do not have to be connected to the same switch - a VLAN can span multiple switches.
119
1. Confidentiality 2. Integrity 3. Availability
The asset value multiplied by the exposure factor asset value x exposure factor = SLE
46. When was NTLMv2 first introduced?
1. DES - Data Encryption Standard 2. 3DES - Triple Data Encryption Standard 3. AES - Advanced Encryption Standard 4. AES256 - Advanced Encryption Standard 256-bit 5. RC5 - Rivest Cipher 5 6. RC6 - Rivest Cipher 6 7. Blowfish 8. IDEA - International D
Use a solution that supports nonrepudiation
In Windows NT 4 SP4.
The asset value multiplied by the exposure factor asset value x exposure factor = SLE
47. Types of L2TP Tunnels
Anything that impacts or edits the way in which a server/application responds/answers a user's request.
C:Windowssystem32driversetcservices
1. Voluntary Tunnel 2. Compulsory Tunnel - Incoming Call 3. Compulsory Tunnel - Remote Dial 4. Multi-Hop Connection Tunnel
25
48. Symmetric Key Ciphers
1. Technology Weakness 2. Configuration Weakness 3. Policy Weakness 4. Human Error or Malice
1. DES - 64-bit block - 56-bit key - 16 rounds 2. 3DES - DES is used 3 times with 3 different keys 3. AES - 128-bit block - 128/192-bit key - 10/12/14 rounds 4. AES256 - AES used with a 256-bit key 5. RC5 - 32/64/128-bit block - 0-2040 key - 0-255 ro
1. SPI - Stateful Packet Inspection firewall 2. Stateless firewall
1. Dynamic NAT - A private IP address is mapped to a public IP address drawing from a pool of registered public IP addresses (one-to-many). 2. Static NAT - A private IP address is mapped to a public IP address the public IP address that is being mapp
49. A web server that is located outside the DMZ is known as a...
Use a solution that supports nonrepudiation
80
Bastion Host
It can be identified by the use of a single quote character which is used to signal to the web server that what follows is a SQL query.
50. IPSEC Encryption Modes
1. Transport Mode - Packet data is encrypted but not the header information. 2. Tunnel Mode - Enitre packet (data & header information) is encrypted.
1. Dictionary 2. Brute Force 3. Rainbow Tables 4. Masked Attack
1. Voluntary Tunnel 2. Compulsory Tunnel - Incoming Call 3. Compulsory Tunnel - Remote Dial 4. Multi-Hop Connection Tunnel
1. Something you know2. Something you have 3. Something you are
