CompTIA Security+ Guide to Network Security Fundamentals Chapters 11-13 Review Questions

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/59

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

60 Terms

1
New cards

Which authentication factor is based on a unique talent that a user possesses?

What you have

What you are

What you do

What you know

What you do

2
New cards

Which of these is NOT a characteristic of a weak password?

A common dictionary word

A long password

Using personal information

Using a predictable sequence of characters

A long password

3
New cards

Each of the following accounts should be prohibited EXCEPT:

Shared accounts

Generic accounts

Privileged accounts

Guest accounts

Privileged accounts

4
New cards

Ilya has been asked to recommend a federation system technology that is an open-source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?

OAuth

Open ID Connect

Shibboleth

NTLM

OAuth

5
New cards

How is key stretching effective in resisting password attacks?

It takes more time to generate candidate password digests.

It requires the use of GPUs.

It does not require the use of salts.

The license fees are very expensive to purchase and use it.

It takes more time to generate candidate password digests.

6
New cards

Which of these is NOT a reason why users create weak passwords?

A lengthy and complex password can be difficult to memorize.

A security policy requires a password to be changed regularly.

Having multiple passwords makes it hard to remember all of them.

Most sites force users to create weak passwords even though they do not want to.

Most sites force users to create weak passwords even though they do not want to.

7
New cards

What is a hybrid attack?

An attack that uses both automated and user input

An attack that combines a dictionary attack with a mask attack

A brute force attack that uses special tables

An attack that slightly alters dictionary words

An attack that combines a dictionary attack with a mask attack

8
New cards

A TOTP token code is generally valid for what period of time?

Only while the user presses SEND

For as long as it appears on the device

For up to 24 hours

Until an event occurs

For as long as it appears on the device

9
New cards

What is a token system that requires the user to enter the code along with a PIN called?

Single-factor authentication system

Token-passing authentication system

Dual-prong verification system

Multifactor authentication system

Multifactor authentication system

10
New cards

Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel?

Personal Identity Verification (PIV) card

Secure ID Card (SIDC)

Common Access Card (CAC)

Government Smart Card (GSC)

Common Access Card (CAC)

11
New cards

Which of the following should NOT be stored in a secure password database?

Iterations

Password digest

Salt

Plaintext password

Plaintext password

12
New cards

Creating a pattern of where a user accesses a remote web account is an example of which of the following?

Keystroke dynamics

Geolocation

Time-Location Resource Monitoring (TLRM)

Cognitive biometrics

Geolocation

13
New cards

Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate?

Dictionary attack

Hybrid attack

Custom attack

Brute force attack

Brute force attack

14
New cards

Which human characteristic is NOT used for biometric identification?

Retina

Iris

Height

Fingerprint

Height

15
New cards

____________________ biometrics is related to the perception, thought processes, and understanding of the user.

Cognitive

Standard

Intelligent

Behavioral

Cognitive

16
New cards

Using one authentication credential to access multiple accounts or applications is known as ____________________.

single sign-on

credentialization

identification authentication

federal login

single sign-on

17
New cards

What is a disadvantage of biometric readers?

Speed

Cost

Weight

Standards

Cost

18
New cards

Which type of password attack is a more targeted brute force attack that uses placeholders for characters in certain positions of the password?

Rainbow attack

Mask attack

Rule attack

Pass the hash attack

Mask attack

19
New cards

Why should the account lockout threshold not be set too low?

It could decrease calls to the help desk.

The network administrator would have to reset the account manually.

The user would not have to wait too long to have her password reset.

It could result in denial of service (DoS) attacks.

It could result in denial of service (DoS) attacks.

20
New cards

Which one-time password is event-driven?

HOTP

TOTP

ROTP

POTP

HOTP

21
New cards

What is the current version of TACACS?

XTACACS

TACACS+

TACACS v9

TRACACS

TACACS+

22
New cards

How is the Security Assertion Markup Language (SAML) used?

It allows secure web domains to exchange user authentication and authorization data.

It is a backup to a RADIUS server.

It is an authenticator in IEEE 802.1x.

It is no longer used because it has been replaced by LDAP.

It allows secure web domains to exchange user authentication and authorization data.

23
New cards

A RADIUS authentication server requires the ____________________ to be authenticated first.

authenticator

user

authentication server

supplicant

supplicant

24
New cards

Which of the following is NOT true regarding how an enterprise should handle an orphaned or dormant account?

A formal procedure should be in place for disabling accounts for employees who are dismissed, resign, or retire from the organization.

Access should be ended as soon as the employee is no longer part of the organization.

Logs should be monitored because current employees are sometimes tempted to use an older dormant account instead of their own account.

All orphaned and dormant accounts should be deleted immediately whenever they are discovered.

All orphaned and dormant accounts should be deleted immediately whenever they are discovered.

25
New cards

With the development of IEEE 802.1x port security, what type of authentication server has seen even greater usage?

RADIUS

Lite RDAP

DAP

RDAP

RADIUS

26
New cards

Which of the following is NOT part of the AAA framework?

Authentication

Access

Authorization

Accounting

Access

27
New cards

What is the version of the X.500 standard that runs on a personal computer over TCP/IP?

Lite RDAP

DAP

LDAP

IEEE X.501

LDAP

28
New cards

Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking?

Privacy officer

End user

Custodian

Operator

Custodian

29
New cards

Which access control model is the most restrictive?

DAC

MAC

Role-Based Access Control

Rule-Based Access Control

MAC

30
New cards

Which type of access control model uses predefined rules that makes it flexible?

ABAC

DAC

MAC

Rule-Based Access Control

ABAC

31
New cards

Which can be used to establish geographical boundaries where a mobile device can and cannot be used?

Location-based policies

Restricted access control policies

Geolocation policies

Mobile device policies

Location-based policies

32
New cards

Which statement about Rule-Based Access Control is true?

It requires that a custodian set all rules.

It is considered obsolete today.

It dynamically assigns roles to subjects based on rules.

It is considered a real-world approach by linking a user's job function with security.

It dynamically assigns roles to subjects based on rules.

33
New cards

Which of the following would NOT be considered as part of a clean desk policy?

Do not share passwords with other employees.

Lock computer workstations when leaving the office.

Place laptops in a locked filing cabinet.

Keep mass storage devices locked in a drawer when not in use.

Do not share passwords with other employees.

34
New cards

Which of these is a set of permissions that is attached to an object?

Access control list (ACL)

Subject Access Entity (SAE)

Object modifier

Security entry designator

Access control list (ACL)

35
New cards

Which Microsoft Windows feature provides group-based access control for centralized management and configuration of computers and remote users who are using Active Directory?

Windows Registry Settings

AD Management Services (ADMS)

Group Policy

Resource Allocation Entities

Group Policy

36
New cards

What can be used to provide both file system security and database security?

RBASEs

LDAPs

CHAPs

ACLs

ACLs

37
New cards

What is the least restrictive access control model?

DAC

ABAC

MAC

Rule-Based Access Control

DAC

38
New cards

What is the secure version of LDAP?

LDAPS

Secure DAP

X.500

802.1x

LDAPS

39
New cards

Which of the following is the Microsoft version of EAP?

EAP-MS

MS-CHAP

PAP-MICROSOFT

AD-EAP

MS-CHAP

40
New cards

Which of the following involves rights given to access specific resources?

Identification

Access

Authorization

Accounting

Access

41
New cards

At what point in a vulnerability assessment would an attack tree be utilized?

Vulnerability appraisal

Risk assessment

Risk mitigation

Threat evaluation

Threat evaluation

42
New cards

Which of the following is NOT true about privacy?

Today, individuals can achieve any level of privacy that is desired.

Privacy is difficult due to the volume of data silently accumulated by technology.

Privacy is freedom from attention, observation, or interference based on your decision.

Privacy is the right to be left alone to the degree that you choose.

Today, individuals can achieve any level of privacy that is desired.

43
New cards

Which of the following is NOT a risk associated with the use of private data?

Individual inconveniences and identity theft

Associations with groups

Statistical inferences

Devices being infected with malware

Devices being infected with malware

44
New cards

Which of the following is NOT an issue raised regarding how private data is gathered and used?

The data is gathered and kept in secret.

By law, all encrypted data must contain a "backdoor" entry point.

Informed consent is usually missing or is misunderstood.

The accuracy of the data cannot be verified.

By law, all encrypted data must contain a "backdoor" entry point.

45
New cards

Which of the following is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm?

Vulnerability assessment

Penetration test

Vulnerability scan

Risk appraisal

Vulnerability assessment

46
New cards

Which of these should NOT be classified as an asset?

Business partners

Buildings

Employee databases

Accounts payable

Accounts payable

47
New cards

Which of the following command-line tools tests a connection between two network devices?

Netstat

Ping

Nslookup

Ifconfig

Ping

48
New cards

Which statement regarding vulnerability appraisal is NOT true?

Vulnerability appraisal is always the easiest and quickest step.

Every asset must be viewed in light of each threat.

Each threat could reveal multiple vulnerabilities.

Each vulnerability should be cataloged.

Vulnerability appraisal is always the easiest and quickest step.

49
New cards

Which of the following constructs scenarios of the types of threats that assets can face to learn who the attackers are, why they attack, and what types of attacks may occur?

Vulnerability prototyping

Risk assessment

Attack assessment

Threat modeling

Threat modeling

50
New cards

Which of the following tools is a Linux command-line protocol analyzer?

Wireshark

Tcpdump

IP

Arp

Tcpdump

51
New cards

Which of the following is a command-line alternative to Nmap?

Netcat

Statnet

Mapper

Netstat

Netcat

52
New cards

Which of these is NOT a state of a port that can be returned by a port scanner?

Open

Busy

Blocked

Closed

Busy

53
New cards

Which of the following data sensitivity labels is the highest level of data sensitivity?

Ultra

Confidential

Private

Secret

Confidential

54
New cards

Which of the following data sensitivity labels has the lowest level of data sensitivity?

Unrestricted

Public

Free

Open

Public

55
New cards

Which of the following is NOT a function of a vulnerability scanner?

Detects which ports are served and which ports are browsed for each individual system

Alerts users when a new patch cannot be found

Maintains a log of all interactive network sessions

Detects when an application is compromised

Alerts users when a new patch cannot be found

56
New cards

Which of the following must be kept secure as mandated by HIPAA?

PII

PHI

PHIL

PLILP

PHI

57
New cards

Which statement regarding a honeypot is NOT true?

It is typically located in an area with limited security.

It is intentionally configured with security vulnerabilities.

It cannot be part of a honeynet.

It can direct an attacker's attention away from legitimate servers.

It cannot be part of a honeynet.

58
New cards

Which of the following sends "probes" to network devices and examines the responses to evaluate whether a specific device needs remediation?

Active scanner

Probe scanner

Passive scanner

Remote scanner

Active scanner

59
New cards

If a tester is given the IP addresses, network diagrams, and source code of customer applications, the tester is using which technique?

Black box

White box

Gray box

Blue box

White box

60
New cards

If a software application aborts and leaves the program open, which control structure is it using?

Fail-safe

Fail-secure

Fail-open

Fail-right

Fail-open