click below
click below
Normal Size Small Size show me how
Security Plus 6
COMPTIA Security+ 6
Question | Answer |
---|---|
What functionality should be disallowed between a DNS server and un-trusted node? | Zone transfers |
An attacker can determine what network services are enabled on a target system by? | Running a port scan against the target machine. |
Weakest link in the security of an organization are typically? | People |
The most costly method of an authentication is the use of what? | Biometrics |
You’re running cable through a boiler room where the furnace and some other heavy machinery reside. You’re concerned about interference. What type of cabling provides the best protection from interference? | Fiber-Optic |
How many bits are employed when using DES encryption? | 56-bits |
Extranet would be best defined as an area or zone: | That allows a business to securely transact with other businesses. |
An administrator of a web server notices many port scans to the server. To limit exposure and vulnerability exposed by these port scans the administrator should? | Un-install or disable any program or processes that are not needed for the proper use of the server. |
What protocol is used to negotiate and provide authenticated keying material for security associations in a protected manner? | ISAKMP |
Management wants to track personnel who visit unauthorized web sites. What type of detection will this be? | Misuse detection |
A need to know security policy would grant access based on? | Principal of Least privilege. |
Forging an IP address to impersonate another machine is best defined as? | IP Spoofing |
What type of security process will allow others to verify the originator of an e-mail message? | Non-repudiation |
What is the best method to secure a web browser? | Disable any unused features of the web browser. |
Digital certificates can contain what items? | The certificate’s public key. |
What are the three main components of a Kerberos server? | Authentication server, security database, and privilege server. |
How many keys are needed to lock and unlock data using symmetric key encryption? | 1 (one) |
What is the main advantage SSL has over HTTPS? | SSL supports additional layer protocols such as FTP and NNTP while HTTPS does not. |
As it relates to digital certificates, SSLv3.0 added what key functionalities? | The ability to force client side authentication via digital certificates. |
What access control model introduces user security clearance and data classification? | MAC (Mandatory Access Control) |
In a typical file encryption process, the asymmetric algorithm is used to do what? | Encrypt symmetric keys. |
Loki, NetCAT, Masters Paradise, and NetBus are all considered what type of attack? | Back Door |
What do you use to decrease broadcast traffic and is also beneficial in reducing the likelihood of having information compromised by sniffers? | VLAN (Virtual Local Area Network) |
File encryption using symmetric cryptography satisfies what security requirement? | Confidentiality |
A DoS attack which takes advantage of TCP’s three way handshake for new connections is known as? | SYN Flood |
What are three tunneling protocols? | PPTP, L2TP, IPSec |
When using a public key infrastructure, what are two common methods for maintaining access to servers on the network that utilize certificates? | CRL and OCSP |
The Bell La-Padula access control model consists of four elements. What are these elements? | Subjects, objects, access modes, and security levels. |
What are the three entities of the SQL (Structured Query Language) security model? | Actions, objects, and users. |
What finger printing technique relies on the fact that operating system differs in the amount of information that is quoted when ICMP errors are encountered? | ICMP message quoting |
Advanced Encryption Standard (AES) is what type of encryption? | Symmetric |
The Diffie-Hellman algorithm allows what? | A secret key exchange over an insecure medium without any prior secrets. |
As a security administrator, what are the three categories of active responses relating to intrusion detection? | Collect additional information, change the environment, and take action against the intruder. |
Advanced Encryption Standard (AES) was developed by? | Rijndael |