A.2.1 Security+ SY0-701 Domain 1: General Security Concepts
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/42
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
43 Terms
Which of the following are often identified as the three main goals of security? (Select three.)
- Confidentiality
- Integrity
- Availability
You are a security manager for a mid-sized company and are considering using a third-party certificate authority (CA) to manage your company's certificates.
Which of the following would be the MOST significant benefit of using a third-party CA?
It would allow your company to set up different certificate policies through intermediate CAs.
Which of the following encryption mechanisms offers the least security because of weak keys?
DES
The success of asymmetric encryption is MOST dependent upon which of the following?
The secrecy of the key.
Which of the following BEST describes compensating controls?
Partial control solution that is implemented when a control cannot fully meet a requirement.
There are several block cipher modes of operation that can be utilized depending on the application or use.
Which of the following block cipher modes of operation uses a nonce combined with a counter that is encrypted?
Counter Mode (CTR)
What is a nonce?
A random string that is used for all blocks during the encryption process.
After encountering a cyber attack, an organization uses a monitoring solution that automatically restarts services after it has detected the system has crashed.
What type of functional security control is the company implementing?
Corrective
Which of the following is the weakest symmetric encryption method?
DES
Which of the following BEST describes the domain controller component of Active Directory?
A domain controller is a server that holds a copy of the Active Directory database that can be written to and is responsible for copying changes to Active Directory between the domain controllers.
What is an Active Directory (AD)?
is a database and set of services that connect users with the network resources they need to get their work done.
A newly launched online store wants to secure transactions between the store and customers. The store must guarantee the authenticity of transactions, provide confidentiality, and ensure that only authorized recipients can access the purchase details.
Which cryptographic technique would best meet these requirements?
Asymmetric encryption
As a network administrator, you are asked to recommend a secure method for transferring data between hosts on a network.
Which of the following protocols would you recommend? (Select two.)
- Secure File Transfer Protocol (SFTP)
- Secure Copy Protocol (SCP)
Which of the following statements accurately describes the root of trust model in a public key infrastructure (PKI)?
The root of trust model defines how users and different CAs can trust one another, with each CA (Certificate Authority) issuing itself a root certificate.
As part of enhancing its data protection strategy, a corporation's IT manager aims to ensure defense-in-depth by integrating a technical control alongside existing managerial and operational controls.
Which measure BEST exemplifies a technical security control according to the classification scheme?
Setting up a network intrusion detection system.
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files.
What should you do?
Implement BitLocker with a TPM.
What is BitLocker?
A Windows security feature that protects your data by encrypting your drives.
What is a Trusted Platform Module (TPM)?
A dedicated chip on a computer's motherboard that securely stores cryptographic keys and other security-related data.
A company transmits data across a network, ensuring the non-repudiation security principle.
What is the key benefit this provides to both the sender and the recipient of the data?
Neither party can deny the authenticity of the data.
What is a non-repudiation security principle?
A a security principle that ensures data originated from a verified sender and reached the intended recipient. This process means neither party can deny the authenticity of the data.
Hashing is the process of converting one value into another using a mathematical algorithm like MD5 or SHA. This fixed length of data is called the hash.
Which of the following are true statements about hashing? (Select two.)
- A hash cannot be decrypted
- Hashing is used on data that does not need to be decrypted, such as a password.
When two different messages produce the same hash value, what has occurred?
Collision
A network administrator responsible for managing the encryption keys used in the organization's secure communications had a new key management policy implemented by the organization, which included a provision for key escrow.
The administrator understands the role of key escrows in relation to private keys.
Which of the following BEST describes the purpose of key escrow in the context of private keys?
Key escrow involves securely storing a copy of the private key with a trusted third party for recovery purposes, ensuring availability in case of key loss or compromise.
Which of the following is a limitation of using a DNS sinkhole as a cybersecurity measure?
DNS sinkholes are ineffective if the malware uses a public DNS server or its own DNS server.
An organization frequently implements changes, reconfigurations, and patches to enhance its IT infrastructure's security and efficiency. The cybersecurity analyst must carefully analyze dependencies between services, applications, and interfaces to avoid unintended outages and disruptions during service restarts or downtime events.
How does understanding dependencies impact the change management process? (Select the three best options.)
- Supports the development of post-change performance monitoring to validate system functionality and quickly detect issues.
- Helps avoid unintended outages and disruptions during service restarts or downtime events.
- Guides the development of effective backout plans and downtime contingencies.
Which of the following is no longer valid for security purposes?
MD5
Which of the following are key benefits of using smart cards? (Select two.)
- They provide tamper-resistant storage for a user's private key and other personally identifying information (PII).
- They isolate security-related operations from the rest of the system.
The information technology department in a large organization is implementing a new system where the system allows, determines, and enforces various resources based on predefined company guidelines.
Which concept is the department implementing?
Policy-driven access control
You are a cybersecurity manager at a financial institution. Your team is responsible for managing the cryptographic keys used for secure transactions.
Recently, there has been an increase in attempted cyber attacks on your institution.
Which of the following key management strategies would be MOST effective in maintaining the security of your cryptographic keys under these circumstances?
You decide to set an expiration date for all current keys and inform users that they will need to renew their keys after this date.
Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it.
Which key would Mary use to create the digital signature?
Her private key
The cybersecurity team at a multinational corporation is collaborating with the facilities department to design a new data center. The team seeks to integrate top-tier physical security controls into the site layout to maximize protection against potential threats.
The discussions revolve around the BEST strategies to ensure the safety of the data center.
When designing the physical security controls for the site layout of the new data center, which strategy would be MOST effective in deterring unauthorized access and providing a comprehensive security layer?
Establishing a security perimeter with layered access controls
A recently breached company tasks the cyber team to further restrict end-user permissions.
What describes the use of an application allow list?
It enforces policies in computer systems and networks.
After an unauthorized access incident in the server room over the weekend, the IT department of a company decides to implement new security controls to deter similar future incidents.
Which of the following should they implement?
Placing visible signs indicating surveillance and severe penalties for unauthorized entry.
John, a security analyst, is using a smart card to gain access to a secure server room. He simply waves his card near the card reader and the door unlocks.
Later, he uses the same card to log into his computer by inserting it into a card reader.
Based on this information, is John using a contact or contactless smart card?
Both a contact and contactless smart card, because he used the card both by inserting it into a reader and by waving it near a reader.
A software patch was inadvertently pushed out early, during the middle of the workday, and has brought business to a halt. The chief executive officer (CEO) demands that the systems return to full operations immediately.
What part of the change plan will assist in this task?
Backout plan
Which of the following terms means a cryptography mechanism that hides secret communications within various forms of data?
Steganography
SSL (Secure Sockets Layer) operates at which layer of the OSI model?
Session
Due to the introduction of security vulnerabilities during a previous change, company leadership wants reassurance that the vulnerabilities will not happen again.
The IT department has made several changes to its change management plan.
What are items the IT department would add to this plan? (Select three.)
- Test results
- Impact analysis
- Backout plans
The security operations manager of a multinational corporation focuses on enhancing directive operational controls.
Which of the following should the manager implement?
User awareness and training programs.
A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender.
Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission?
Sender's public key
What is the purpose of identity and access management (IAM) automation in the onboarding process for new employees in an organization?
To automate the provisioning and access management tasks associated with new employees.
Which of the following are true concerning the one-time pad (OTP) concept on which a streaming cipher is based? (Select two.)
- OTP demonstrates what is called perfect secrecy.
- OTP uses a symmetric encryption key that is the same length as the data being encrypted.
Which of the following types of encryption is specifically designed to allow data to be worked on without decrypting it first?
Homomorphic encryption