click below
click below
Normal Size Small Size show me how
Security Plus 3
COMPTIA Security+ Q&A
Question | Answer |
---|---|
In order for an SSL connection to be established between a web client and a web server automatically, the web client and web server should have what? | Certificate signed by a trusted root CA (Certification Authority). |
What should a firewall employ to ensure that each packet is part of an established TCP session? | Stateful like inspection. |
Malicious code is installed on a server that will e-mail system keystrokes stored in a text file to the author and delete system logs every five days or whenever a backup is performed. What type of program is this? | Logic bomb. |
The start of the LDAP directory is called what? | Root |
Poor programming techniques and lack of code review can lead to what? | Buffer overflow |
A network attack method that uses ICMP and improperly formatted MTU’s to crash a computer is what? | Ping of death |
What provides privacy, data integrity, and authentication for hand held devices in a wireless network environment? | WTLS (Wireless Transport Layer Security) |
Technical security measures and countermeasures are primary intended to prevent what? | Unauthorized access, unauthorized modification, and denial of authorized access. |
What type of encryption is used for e-mail? | S/MIME |
You discover an unauthorized Access Point placed on your network under the desk of Accounting Department secretary. When questioned, she denies putting it there. What type of an attack occurred? | Social Engineering |
A system administrator of a company was terminated unexpectedly. When the administrator’s user ID is deleted, the system begins deleting files. This is an example of what type of malicious code? | Logic Bomb |
The greater the key space and complexity of a password, the longer an attacker may take to crack the password. This kind of attack would be what? | Brute force |
In the context of the Internet: What is tunneling? | Using the Internet as part of a private secure network. |
In a RBAC (Role-Based Access Control) contexts, what statement best describes the relation between users, roles, and operations? | Multiple users, multiple roles, and multiple operations. |
What are the different types of symmetric key algorithms? | AES, DES, 3DES, RC5, SSL |
What is a good practice in deploying a CA (certification authority)? | Create a CPS (Certificate Practice Statement) |
A well defined business continuity plan must consist of risk and analysis, business impact analysis, strategic planning, and mitigation, training, and awareness, maintenance, and audit and what? | Integration and validation. |
Asymmetric cryptography ensures what? | Encryption and authentication can take place without sharing private keys. |
Implementation of access control devices and technologies must fully reflect on organization’s security position as contained in what? | Information security policies |
What are two VPN protocols? | L2TP and PPTP |
What is considered the best technical solution for reducing the threat of a man-in-the-middle attacks? | PKI |
The best method of reducing vulnerability from dumpster diving is what? | Destroying paper and other media. |