CompTIA Security+ Guide to Network Security Fundamentals Chapters 1-3 Review Questions

Ian recently earned his security certification and has been offered a promotion to a position that requires him to analyze and design security solutions as well as identifying users' needs. Which of these generally recognized security positions has Ian been offered?

Security administrator

Security technician

Security officer

Security manager

Security administrator

Alyona has been asked by her supervisor to give a presentation regarding reasons why security attacks continue to be successful. She has decided to focus on the issue of widespread vulnerabilities. Which of the following would Alyona NOT include in her presentation?

Large number of vulnerabilities

End-of-life systems

Lack of vendor support

Misconfigurations

Misconfigurations

Tatyana is discussing with her supervisor potential reasons why a recent attack was successful against one of their systems. Which of the following configuration issues would NOT covered?

Default configurations

Weak configurations

Vulnerable business processes

Misconfigurations

Vulnerable business processes

What is a race condition?

When a vulnerability is discovered and there is a race to see if it can be patched before it is exploited by attackers.

When two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.

When an attack finishes its operation before antivirus can complete its work.

When a software update is distributed prior to a vulnerability being discovered.

When two concurrent threads of executions access a shared resource simultaneously, resulting in unintended consequences.

Which the following is NOT a reason why it is difficult to defend against today's attackers?

Delays in security updating

Greater sophistication of defense tools

Increased speed of attacks

Simplicity of attack tools

Greater sophistication of defense tools

Which of the following is NOT true regarding security?

Security is a goal.

Security includes the necessary steps to protect from harm.

Security is a process.

Security is a war that must be won at all costs.

Security is a war that must be won at all costs.

Adone is attempting to explain to his friend the relationship between security and convenience. Which of the following statements would he use?

"Security and convenience are not related."

"Convenience always outweighs security."

"Security and convenience are inversely proportional."

"Whenever security and convenience intersect, security always wins."

"Security and convenience are inversely proportional."

Which of the following ensures that only authorized parties can view protected information?

Authorization

Confidentiality

Availability

Integrity

Confidentiality

Which of the following is NOT a successive layer in which information security is achieved?

Products

People

Procedures

Purposes

Purposes

Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information ____________________.

on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network.

through a long-term process that results in ultimate security.

using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources.

through products, people, and procedures on the devices that store, manipulate, and transmit the information.

through products, people, and procedures on the devices that store, manipulate, and transmit the information.

Which of the following is an enterprise critical asset?

System software

Information

Outsourced computing services

Servers, routers, and power supplies

Information

Gunnar is creating a document that explains risk response techniques. Which of the following would he NOT list and explain in his document?

Extinguish risk

Transfer risk

Mitigate risk

Avoid risk

Extinguish risk

Which act requires banks and financial institutions to alert their customers of their policies in disclosing customer information?

Sarbanes-Oxley Act (Sarbox)

Financial and Personal Services Disclosure Act

Health Insurance Portability and Accountability Act (HIPAA)

Gramm-Leach-Bliley Act (GLBA)

Gramm-Leach-Bliley Act (GLBA)

Why do cyberterrorists target power plants, air traffic control centers, and water systems?

These targets are government-regulated and any successful attack would be considered a major victory.

These targets have notoriously weak security and are easy to penetrate.

They can cause significant disruption by destroying only a few targets.

The targets are privately owned and cannot afford high levels of security.

They can cause significant disruption by destroying only a few targets.

Which tool is most commonly associated with nation state threat actors?

Closed-Source Resistant and Recurrent Malware (CSRRM)

Advanced Persistent Threat (APT)

Unlimited Harvest and Secure Attack (UHSA)

Network Spider and Worm Threat (NSAWT)

Advanced Persistent Threat (APT)

An organization that practices purchasing products from different vendors is demonstrating which security principle?

Obscurity

Diversity

Limiting

Layering

Diversity

What is an objective of state-sponsored attackers?

To right a perceived wrong

To amass fortune over of fame

To spy on citizens

To sell vulnerabilities to the highest bidder

To spy on citizens

Signe wants to improve the security of the small business where she serves as a security manager. She determines that the business needs to do a better job of not revealing the type of computer, operating system, software, and network connections they use. What security principle does Signe want to use?

Obscurity

Layering

Diversity

Limiting

Obscurity

What are industry-standard frameworks and reference architectures that are required by external agencies known as?

Compulsory

Mandatory

Required

Regulatory

Regulatory

What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?

Cyberterrorists

Competitors

Brokers

Resource managers

Brokers

Which of the following is NOT a primary trait of malware?

Diffusion

Circulation

Infection

Concealment

Diffusion

Which type of malware requires a user to transport it from one computer to another?

Worm

Rootkit

Adware

Virus

Virus

Which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed?

Betamorphic

Oligomorphic

Polymorphic

Metamorphic

Metamorphic

Ebba received a message from one of her tech support employees. In violation of company policy, a user had downloaded a free program to receive weather reports, but the program had also installed malware on the computer that gave the threat actor unrestricted access to the computer. What type of malware had been downloaded?

Virus

Ransomware

RAT

Trojan

RAT

Linnea's father called her to say that a message suddenly appeared on his screen that says his software license has expired and he must immediately pay $500 to have it renewed before control of the computer will be returned to him. What type of malware is this?

Persistent virusware

Trojanware

Blocking ransomware

Lockoutware

Blocking ransomware

Astrid's computer screen suddenly says that all files are now locked until money is transferred to a specific account, at which time she will receive a means to unlock the files. What type of malware has infected her computer?

Bitcoin malware

Crypto-malware

Blocking virus

Networked worm

Crypto-malware

What is the name of the threat actor's computer that gives instructions to an infected computer?

Command and control (C&C) server

Resource server

Regulating Net Server (RNS)

Monitoring and Infecting (M&I) server

Command and control (C&C) server

Which of these could NOT be defined as a logic bomb?

If the company's stock price drops below $100, then credit Juni's account with 10 additional years of retirement credit.

Erase all data if Matilda's name is removed from the list of employees.

Reformat the hard drive three months after Sigrid left the company.

Send spam email to Moa's inbox on Tuesday.

Send spam email to Moa's inbox on Tuesday.

Which of the following is NOT correct about a rootkit?

A rootkit is able to hide its presence or the presence of other malware.

A rootkit accesses "lower layers" of the operating system.

A rootkit is always the payload of a Trojan.

The risk of a rootkit is less today than previously.

A rootkit is always the payload of a Trojan.

Which of these is a general term used for describing software that gathers information without the user's consent?

Gatherware

Adware

Spyware

Scrapeware

Spyware

Which statement regarding a keylogger is NOT true?

Keyloggers can be used to capture passwords, credit card numbers, or personal information.

Software keyloggers are generally easy to detect.

Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port.

Software keyloggers can be designed to send captured information automatically back to the attacker through the Internet.

Software keyloggers are generally easy to detect.

A watering hole attack is directed against ____________________.

wealthy individuals

a smaller group of specific users

all users of a large corporation

attackers who send spam

a smaller group of specific users

____________________ sends phishing messages only to wealthy individuals.

Whaling

Spear phishing

Target phishing

Microing

Whaling

Lykke receives a call while working at the helpdesk from someone who needs his account reset immediately. When Lykke questions the caller, he says, "If you don't reset my account immediately, I will call your supervisor!" What psychological approach is the caller attempting to use on Lykke?

Familiarity

Scarcity

Intimidation

Consensus

Intimidation

Hedda pretends to be the help desk manager and calls Steve to trick him into giving her his password. What social engineering attack has Hedda performed?

Aliasing

Duplicity

Impersonation

Luring

Impersonation

How can an attacker use a hoax?

A hoax could convince a user that a bad Trojan is circulating and that he should change his security settings.

By sending out a hoax, an attacker can convince a user to read his email more often.

A user who receives multiple hoaxes could contact his supervisor for help.

Hoaxes are not used by attackers today.

A hoax could convince a user that a bad Trojan is circulating and that he should change his security settings.

Which of these items retrieved through dumpster diving would NOT provide useful information?

Calendars

Organizational charts

Memos

Books

Books

____________________ is following an authorized person through a secure door.

Tagging

Tailgating

Backpacking

Caboosing

Tailgating

Each of these is a reason why adware is scorned EXCEPT ____________________.

it displays objectionable content

it displays the attacker's programming skills

it can interfere with a user's productivity

it can cause a computer to crash or slow down

it displays the attacker's programming skills

What is the term used for a threat actor who controls multiple bots in a botnet?

Bot herder

Zombie shepherd

Rogue IRC

Cyber-robot

Bot herder

The Hashed Message Authentication Code (HMAC) ____________________.

encrypts only the message

encrypts only the key

encrypts the key and the message

encrypts the DHE key only

encrypts the key and the message

What is the latest version of the Secure Hash Algorithm?

SHA-2

SHA-3

SHA-4

SHA-5

SHA-3

Alexei was given a key to a substitution cipher. The key showed that the entire alphabet was rotated 13 steps. What type of cipher is this?

AES

XAND13

ROT13

Alphabetic

ROT13

Abram was asked to explain to one of his coworkers the XOR cipher. He showed his coworker an example of adding two bits, 1 and 1. What is the result of this sum?

2

1

0

16

0

Which of the following key exchanges uses the same keys each time?

Diffie-Hellman-RSA (DHRSA)

Diffie-Hellman Ephemeral (DHE)

Diffie-Hellman (DH)

Elliptic Curve Diffie-Hellman (ECDH)

Diffie-Hellman (DH)

Public key systems that generate random public keys that are different for each session are called ____________________.

Public Key Exchange (PKE)

perfect forward secrecy

Elliptic Curve Diffie-Hellman (ECDH)

Diffie-Hellman (DH)

perfect forward secrecy

What is data called that is to be encrypted by inputting it into a cryptographic algorithm?

Opentext

Plaintext

Cleartext

Ciphertext

Plaintext

Which of these is NOT a basic security protection for information that cryptography can provide?

Authenticity

Risk loss

Integrity

Confidentiality

Risk loss

Which areas of a file cannot be used by steganography to hide data?

In areas that contain the content data itself

In the file header fields that describe the file

In data that is used to describe the content or structure of the actual data

In the directory structure of the file system

In the directory structure of the file system

Proving that a user sent an email message is known as ____________________.

Non-repudiation

Repudiation

Integrity

Availability

Non-repudiation

A(n) ____________________ is not decrypted but is only used for comparison purposes.

Key

Stream

Digest

Algorithm

Digest

Which of these is NOT a characteristic of a secure hash algorithm?

Collisions should be rare.

A message cannot be produced from a predefined hash.

The results of a hash function should not be reversed.

The hash should always be the same fixed size.

Collisions should be rare.

Alyosha was explaining to a friend the importance of protecting a cryptographic key from cryptoanalysis. He said that the key should not relate in a simple way to the cipher text. Which protection is Alyosha describing?

Diffusion

Confusion

Integrity

Chaos

Confusion

Which of these is the strongest symmetric cryptographic algorithm?

Data Encryption Standard

Triple Data Encryption Standard

Advanced Encryption Standard

RC 1

Advanced Encryption Standard

If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?

Alice's private key

Bob's public key

Alice's public key

Bob's private key

Alice's public key

Egor wanted to use a digital signature. Which of the following benefits will the digital signature not provide?

Verify the sender

Prove the integrity of the message

Verify the receiver

Enforce nonrepudiation

Verify the receiver

Illya was asked to recommend the most secure asymmetric cryptographic algorithm to his supervisor. Which of the following did he choose?

SHA-2

ME-312

BTC-2

RSA

RSA

At a staff meeting one of the technicians suggested that the enterprise protect its new web server by hiding it and not telling anyone where it is located. Iosif raised his hand and said that security through obscurity was a poor idea. Why did he say that?

It is an unproven approach and has never been tested.

It would be too costly to have one isolated server by itself.

It would be essentially impossible to keep its location a secret from everyone.

It depends too heavily upon non-repudiation in order for it to succeed.

It would be essentially impossible to keep its location a secret from everyone.

What is a characteristic of the Trusted Platform Module (TPM)?

It provides cryptographic services in hardware instead of software.

It allows the user to boot a corrupted disk and repair it.

It is available only on Windows computers running BitLocker.

It includes a pseudorandom number generator (PRNG).

It provides cryptographic services in hardware instead of software.

Which of these has an onboard key generator and key storage facility, as well as accelerated symmetric and asymmetric encryption, and can back up sensitive material in encrypted form?

Trusted Platform Module (TPM)

Hardware Security Module (HSM)

Self-encrypting hard disk drives (SED)

Encrypted hardware-based USB devices

Hardware Security Module (HSM)