principles of computer security: comptia security+ and ...r2d2.cochise.edu/namuoc/160/160 study...
Post on 09-Mar-2018
219 Views
Preview:
TRANSCRIPT
Study Guide for: Principles of ComputerSecurity: CompTIASecurity+ and Beyond(Exam SY0-301), Third
Study Material for: Student 11/29/2012 2:32:05 PM
QuestionWhich security principle has to be combined with host security to avoid introducing oroverlooking vulnerabilities in a system?
Correct AnswerA: Network security
ReferencesEXPLANATION:A is correct. Network security must be combined with host-based security to close allpotential paths of attack.B, C, and D are incorrect as they all offer incomplete solutions. A is more comprehensive andthe best answer.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 12: Security Baselines
OBJECTIVE: Carry out appropriate procedures to establish host security
QuestionRemoving unnecessary services and applying service packs is an example of what?
Correct AnswerB: System hardening
ReferencesEXPLANATION:B is correct. Removing unnecessary services and applying service packs is an example ofsystem hardening.A, C, and D are common terms meant to distract.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 12: Security Baselines
OBJECTIVE: Carry out appropriate risk mitigation strategies
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 1
QuestionEnd users have responsibilities to protect information, and all of the following policies areinvolved in the comprehensive effort except:
Correct AnswerB: Sick leave policy
ReferencesEXPLANATION:B is correct; sick leave policies do not involve access issues.A is incorrect; leaving sensitive material on your desk when you are not there to safeguard itis a potential vulnerability. C is incorrect; passwords provide access to systems. D isincorrect; physical access by unauthorized personnel to materials and systems can createvulnerabilities.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 2: Operational Organizational Security
OBJECTIVE: Explain the importance of security-related awareness and training
QuestionWhat six-byte number is used to identify a Network Interface Card?
Correct AnswerB: Media Access Control address
ReferencesEXPLANATION:B is correct. The Media Access Control (MAC) address uniquely identifies Network InterfaceCards. The MAC address consists of a vendor number and serial number.A is incorrect. It is a nonsensical distractor. C and D are incorrect. They are technical termsnot related to layer 2 addressing.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 8: Infrastructure Security
OBJECTIVE: Distinguish and differentiate network design elements and compounds
QuestionA top-level CA exists in what type of PKI trust model?
Correct AnswerC: Hierarchical architecture
References
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 2
EXPLANATION:C is correct. A top-level CA is necessary to establish a hierarchical trust model.A and B are incorrect. They are nonsensical distractors. D is incorrect. Web of trust is a flatmodel dependent upon trust with peers.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 5: Public Key Infrastructure
OBJECTIVE: Implement PKI, certificate management, and associated components
QuestionWhich widely used protocol is available to vendors to establish their own customizedauthentication system?
Correct AnswerB: EAP
ReferencesEXPLANATION:B is correct; Extensible Authentication Protocol (EAP) allows vendors to customize their ownauthentication system.A is incorrect; ICMP is not used in authentication. C and D are incorrect; they are distractorsbuilt from protocols used in authentication.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 10: Wireless Security
OBJECTIVE: Distinguish and differentiate network design elements and compounds
QuestionTo sniff all network traffic connected to your computer, what is necessary?
Correct AnswerB: Your NIC card must be in promiscuous mode.
ReferencesEXPLANATION:B is correct; your NIC card must be able to examine all traffic on your network media, whichmeans it must be set to promiscuous mode.A is incorrect; it is always true, and not discriminatory. C is incorrect; it is not relevant. D isincorrect; it is a nonsensical distractor.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011.
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 3
Chapter 11: Intrusion Detection Systems
OBJECTIVE: Explain the security function and purpose of network devices and technologies.
QuestionWhich of the following security terms ensures that only authorized individuals are able tocreate or change information?
Correct AnswerB: Integrity
ReferencesEXPLANATION:B is correct; integrity refers to the protection of information from unauthorized alteration.A is incorrect; confidentiality refers to the protection of information disclosure to unauthorizedparties. C and D are incorrect; they are not related to changing of information.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 19: Privilege Management
OBJECTIVE: Exemplify the concepts of confidentiality, integrity, and availability (CIA)
QuestionWhich of the following is not a typical cloud-based offering?
Correct AnswerC: Authentication as a Service
ReferencesEXPLANATION:C is correct; authentication does not lend itself to the autoprovisioning aspects of cloudservices.A is incorrect; Platform as a Service (PaaS) is the autoprovisioning of platforms across anetwork. B is incorrect; Infrastructure as a Service (IaaS) is the autoprovisioning ofinfrastructure across a network. D is incorrect; Software as a Service (SaaS) is theautoprovisioning of software across a network.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 8: Infrastructure Security
OBJECTIVE: Distinguish and differentiate network design elements and compounds
QuestionWhich of the following elements is an environmental issue that could breach computer
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 4
security?
Correct AnswerC: Air conditioning
ReferencesEXPLANATION:C. Air conditioning failures can lead to overheating and system shutdowns, adverselyaffecting availability, one of the elements of security.A, B, and D are incorrect; they are security term distractors.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 7: Physical Security
OBJECTIVE: Explain the impact and proper use of environmental controls
QuestionWhich of the following models of computer security implements the principle, Protection =Prevention + (Detection + Response)?
Correct AnswerB: Operational Security
ReferencesEXPLANATION:B is correct; the Operational Security model is defined as: Protection = Prevention +(Detection + Response).A, C, and D are incorrect; they are access control models of differing types.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 2: Operational Organizational Security
OBJECTIVE: Explain the importance of security-related awareness and training
QuestionPrivilege auditing is not useful for:
Correct AnswerD: Identifying users with evil intentions
ReferencesEXPLANATION:D is correct; audits cannot determine user intentions, only what permissions the users shouldhave based on logical factors.A, B, and C are incorrect; these are all advantages of privilege auditing.
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 5
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 19: Privilege Management
OBJECTIVE: Carry out appropriate risk mitigation strategies
QuestionThe program TFTP uses what port for data transfer?
Correct AnswerD: UDP 69
ReferencesEXPLANATION:D is correct. Trivial File Transfer Program (TFTP) operates over UDP port 69.A is incorrect; this is the port for SSH. B is incorrect; TCP 443 is the HTTPS port. C isnonsensical. HTTP is over TCP port 80.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Authentication and Remote Access
OBJECTIVE: Identify commonly used default network ports
QuestionWhich of the following describes an attack in which an attacker tries to write more data thanallowed to a the memory of a victim's computer?
Correct AnswerA: Buffer overflow
ReferencesEXPLANATION:A is correct; a buffer overflow results when data is written beyond the allocated memory. Thedata may overwrite other data space, code space, registers, or stack space, resulting inunexpected behavior.B, C, and D are all attacks, but not ones that are the result of overwriting memory buffers.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 13: Types of Attacks and Malicious Software
OBJECTIVE: Carry out appropriate procedures to establish host security
Question
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 6
Instead of Telnet, what protocol is recommended?
Correct AnswerB: SSH
ReferencesEXPLANATION:B is correct, as Telnet sends messages in plaintext over the network. SSH is stronglyrecommended instead of Telnet.A and D are incorrect and built using distractors from common terms. C is incorrect as SSL isa transport-level encryption methodology and not used for command-level access.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Remote Access and Authentication
OBJECTIVE: Apply and implement secure network administration principles
QuestionAn Account Lockout Policy is an excellent countermeasure against which type of attack?
Correct AnswerD: Brute-force attack
ReferencesEXPLANATION:D is correct; an account lockout policy will typically require an account to be disabled for aperiod of time before the user can try their password again, making a brute force attacktime-consuming and more easily detectable.A, B, and C are incorrect. They are not account-based attacks.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Remote Access and Authentication
OBJECTIVE: Implement appropriate security controls when performing account management
QuestionOn mail servers, relaying occurs when:
Correct AnswerB: The server handles a message and neither the sender nor the recipient is a local user
ReferencesEXPLANATION:B is correct; on mail servers, relaying occurs when the server handles a message and neitherthe sender nor the recipient is a local user.A, C, and D are incorrect as they are all related to normal e-mail processing.
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 7
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 14: E-Mail and Instant Messaging
OBJECTIVE: Carry out appropriate risk mitigation strategies
QuestionClear text passwords are a weakness associated with which protocol?
Correct AnswerB: PAP
ReferencesEXPLANATION:B is correct; PAP is a two-way handshake involving the clear text transmission of apassword.A, C, and D are incorrect; they all involve encryption.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Remote Access and Authentication
OBJECTIVE: Use and apply appropriate cryptographic tools and products
QuestionWhich of the following is not a classification of a security control type?
Correct AnswerC: Auditable
ReferencesEXPLANATION:C is correct. Auditability is not a descriptive element associated with security controls.A, B, and D are incorrect. They are all types of security controls.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 17: Risk Management
OBJECTIVE: Explain risk-related concepts
QuestionWhich encryption scheme is used in cell phones and other mobile devices?
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 8
Correct AnswerB: ECC
ReferencesEXPLANATION:B is correct; ECC (elliptic curve cryptography) uses integers and is less processor-intensivethan other algorithms.A, C, and D are incorrect; these algorithms are more computationally intensive than ECC.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4: Cryptography
OBJECTIVE: Use and apply appropriate cryptographic tools and products
QuestionSmart Card Authentication can be described as using the following to verify identity:
Correct AnswerA: Something you have (token)
ReferencesEXPLANATION:A is correct. Smart cards are typically credit card-sized devices used to authenticate with aserver that individuals carry with them.B is incorrect. Something you are is related to biometrics, not smart cards. C and D areincorrect. Smart cards may use strong cryptography, but they are ultimately tokens.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Authentication and Remote Access
OBJECTIVE: Explain fundamental concepts of Authentication
QuestionWhich port should be opened on a firewall to permit e-mail traffic to pass?
Correct AnswerC: TCP 25
ReferencesEXPLANATION:C is correct; TCP port 25 is used by SMTP (Simple Mail Transport Protocol).A is incorrect; TCP 21 is for FTP. B is incorrect; UDP 88 is used with Kerberos. D is incorrect;TCP 139 is NetBIOS.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 9
All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 14: E-Mail and Instant Messaging
OBJECTIVE: Identify commonly used default network ports
QuestionWhich of the following correctly describes the TCP three-way handshake?
Correct AnswerA: SYN, SYN/ACK, ACK
ReferencesEXPLANATION:A is correct. The three-way handshake is as follows: SYN, SYN/ACK, ACK. Each of theseitems is represented as one bit in the TCP Header.B, C, and D are incorrect; they are IP flags used as distractors.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 13: Types of Attacks and Malicious Software
OBJECTIVE: Implement and use common protocols
QuestionAn attack that simultaneously involves many attackers in an attempt to shut down services isknown as what?
Correct AnswerA: DDoS
ReferencesEXPLANATION:A is correct; an attack that simultaneously involves many attackers in an attempt to shutdown services is known as a Distributed Denial of Service attack (DDoS). A DDoS attack isusually perpetrated by Zombie machines.B is incorrect; Denial of Service is not from multiple attackers. C is incorrect; war-chalking isthe leaving of visual clues as to wireless locations. D is incorrect; social engineering is anattack against the people element of security.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 13: Types of Attacks and Malicious Software
OBJECTIVE: Analyze and differentiate among types of attacks
Question
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 10
Loop protection involves which of the following?
Correct AnswerA: Switches
ReferencesEXPLANATION:A is correct; loops can be formed at layer 2, and the Spanning Tree Protocol is typically usedto prevent loops.B, C, and D are incorrect; they are distractors built using relevant terms.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 8: Infrastructure Security
OBJECTIVE: Apply and implement secure network administration principles
QuestionWhich of the following is not a cryptographic algorithm used for encryption?
Correct AnswerB: MD5
ReferencesEXPLANATION:B is correct; MD5 is a hash algorithm and is not used to encrypt information.A is incorrect; DES is the Data Encryption Standard. C is incorrect; ECC is elliptic curvecryptography. D is incorrect; AES is Advanced Encryption Standard.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4: Cryptography
OBJECTIVE: Use and apply appropriate cryptographic tools and products
QuestionTCP port 21 is typically associated with which protocol?
Correct AnswerC: FTP
ReferencesEXPLANATION:C is correct. FTP uses TCP port 21 for control channel.A is incorrect; SMTP uses port 25. B is incorrect; SSH uses port 22. D is incorrect; FTPSuses ports 989/990.
REFERENCES:
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 11
See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Remote Access and Authentication
OBJECTIVE: Identify commonly used default network ports
QuestionWhat kind of algorithm uses the same key to encrypt and decrypt a message?
Correct AnswerC: Symmetric algorithm
ReferencesEXPLANATION:C is correct. Symmetric algorithms use the same key to encrypt and decrypt.A, B, and D are incorrect: A is a nonsense term. B uses two different keys. D does not use akey.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4: Cryptography
OBJECTIVE: Summarize general cryptographic concepts
QuestionSpoofing can be described as:
Correct AnswerB: Pretending to be someone you are not
ReferencesEXPLANATION:B is correct. Spoofing can be described as pretending to be someone you are not.A is incorrect; this is flooding. C and D are not attacks, but rather are techniques to detectattacks.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 13: Types of Attacks and Malicious Software
OBJECTIVE: Analyze and differentiate among types of attacks
QuestionKerberos systems require which of the following item(s)?
Correct Answer
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 12
A: Key Distribution Center (KDC)
ReferencesEXPLANATION:A is correct; Kerberos uses a KDC, which is composed of two parts, an Authentication Server(AS) and a Ticket Granting Server (TGS).B, C, and D are incorrect; an RAS is not required, nor is a client certificate or a certificateauthority in the Kerberos scheme.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Remote Access and Authentication
OBJECTIVE: Explain the function and purpose of authentication services
QuestionThe term "Open Relay" refers to what?
Correct AnswerC: E-mail servers
ReferencesEXPLANATION:C is correct; Open Relay, also known as Open Mail Relay, refers to allowing anyone to sendmail through a mail server. This is the source of much of the spam people receive.A is incorrect; HTTP servers simply process requests. B is incorrect; FTP servers have aconnection for communication. D is incorrect; the answer "application servers" is a genericdistractor.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 14: E-Mail and Instant Messaging
OBJECTIVE: Carry out appropriate procedures to establish host security
QuestionWhich device does not segregate data-link traffic?
Correct AnswerB: Hub
ReferencesEXPLANATION:B is correct as hubs do not segregate any type of network traffic.A is incorrect; switches separate traffic based on layer 2 addresses. C is incorrect; bridgessplit traffic based on layer 2 addresses. D is incorrect; VLANs are implemented usingswitches and layer 2 addresses.
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 13
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 8: Infrastructure Security
OBJECTIVE: Explain the security function and purpose of network devices and technologies
QuestionConfiguring the operating system of a hard drive with RAID 1 is an example of what?
Correct AnswerC: Fault tolerance
ReferencesEXPLANATION:C is correct; configuring the operating system of a hard drive with RAID 1 is an example offault tolerance.A, B, and D are distractors made from common terms in this area of knowledge.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 16: Disaster Recovery and Business Continuity
OBJECTIVE: Execute disaster recovery plans and procedures
QuestionThe formula for Single Loss Expectancy (SLE) is
Correct AnswerD: Asset Value times EF
ReferencesEXPLANATION:D is correct; the formula for Single Loss Expectancy (SLE) is Asset Value times ExposureValue (EF).A, B, and C are incorrect; they are distractors constructed from risk quantification terms.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 16: Disaster Recovery and Business Continuity
OBJECTIVE: Explain risk-related concepts
Question
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 14
What is the best way to generate a complex password?
Correct AnswerC: Using a passphrase
ReferencesEXPLANATION:C is correct. A complex password is long and utilizes alphabetic and numeric characters. Thebest way to generate a complex password is as a passphrase.A is incorrect. A dictionary attack can concatenate two words. B is incorrect. Randompasswords are difficult to remember and their use often results in users writing them down. Dis incorrect. Concatenating known pieces of information can be guessed.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 2: General security concepts and models
OBJECTIVE: Implement appropriate security controls when performing account management
QuestionWhich of the following is not associated with authentication?
Correct AnswerD: Something you had
ReferencesEXPLANATION:D is correct. Authentication is usually accomplished by providing something you "have","know", or "are" (as in the case of biometrics). The key word is "had" as this implies pasttense, and is therefore not appropriate for authentication.A, B, and C are incorrect. These answers all relate to common items used for authentication.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Authentication and Remote Access
OBJECTIVE: Explain fundamental concepts of Authentication
QuestionAn evil twin attack is performed utilizing:
Correct AnswerC: A rogue access point
ReferencesEXPLANATION:C is correct. An evil twin is a rogue access point set up by an attacker that produces astronger signal than the legitimate access point, pulling in users by virtue of the stronger
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 15
signal.A is incorrect; the Fire sheep plug-in targets a different vulnerability. B is incorrect;credentials do not play a role in the evil twin attack. D is incorrect; spoofed packets are notinvolved in the evil twin attack.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 10: Wireless Security
OBJECTIVE: Analyze and differentiate among types of wireless attacks
QuestionWhat does ACL stand for?
Correct AnswerC: Access Control List.
ReferencesEXPLANATION:C is correct. ACL stands for Access Control list.A and D are incorrect; they are distractors from unrelated technical terms. B is incorrect; it isa nonsensical distractor.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 19: Privilege Management
OBJECTIVE: Explain the fundamental concepts and best practices related to authentication,authorization, and access control
QuestionTwofish was designed to replace what algorithm?
Correct AnswerB: DES
ReferencesEXPLANATION:B is correct. Twofish was a candidate to replace DES as part of the AES competition.A, C, and D are incorrect. MD5 is a hashing algorithm, not an encryption algorithm; Twofishwas part of the AES competition; and Blowfish is a distractor.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4. Cryptography
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 16
OBJECTIVE: Apply appropriate cryptographic tools
QuestionTo help secure production web servers, sample files:
Correct AnswerB: Should be removed from production servers
ReferencesEXPLANATION:B is correct; to help secure production web servers, sample files should be removed from allproduction servers.A, C, and D are incorrect as they allow unneeded information to reside on production servers.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 12: Security Baselines
OBJECTIVE: Carry out appropriate procedures to establish host security
QuestionLockouts prevent what type of activity?
Correct AnswerB: 137, 138, 139
ReferencesEXPLANATION:B is correct; UDP 137 is NetBIOS name service, UDP 138 is NetBIOS Datagram service, andTCP 139 is NetBIOS connection.A and C are incorrect; as port 135 is not associated with NetBIOS. D is incorrect as it skipsport 138, which is part of NetBIOS.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Remote Access and Authentication
OBJECTIVE: Identify commonly used default network ports
QuestionPKI is used to manage identities through the use of:
Correct AnswerA: Certificates
References
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 17
EXPLANATION:A is correct; a PKI uses certificates to pass keys associated with identities.B is incorrect; digital signatures involve certificates and PKI, but they don't manage theidentities. C is incorrect; Kerberos can involve certificates and PKI, but it doesn't manage theidentities. D is a distractor using a security term.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 5: Public Key Infrastructure
OBJECTIVE: Explain the core concepts of public key infrastructure
QuestionWhich of the following is a tool designed to identify what devices are connected to a givennetwork and, where possible, the operating system in use on that device?
Correct AnswerD: Network mapper
ReferencesEXPLANATION:D is correct; a network mapper is a tool designed to identify what devices are connected to agiven network and, where possible, the operating system in use on that device.A, B, and C are tools for operational security, not for network discovery.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 11: Intrusion Detection Systems
OBJECTIVE: Implement assessment tools and techniques to discover security threats andvulnerabilities
QuestionProper humidity and temperature for information systems equipment is an example of whattype of security?
Correct AnswerA: Physical security
ReferencesEXPLANATION:A is correct. Environmental controls are an example of physical security.B, C and D are incorrect. These are all common distractors. They are relevant terms tosecurity, but not to this question.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 18
2011. Chapter 7: Physical Security
OBJECTIVE: Explain the impact and proper use of environmental controls
QuestionAn Access Control List (ACL) is
Correct AnswerC: A list that contains the subjects that have access rights to a particular object
ReferencesEXPLANATION:C is correct; an Access Control List is used to define which subjects have which accessrights to a particular object. The list identifies not only the subject but the specific accessgranted to the subject for the object.A is incorrect; a list of all users is not relevant to an object. B is incorrect as the current loginstatus is not relevant. D is incorrect as access control lists are based on positive criteria, notexceptions.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 19: Privilege Management
OBJECTIVE: Explain the fundamental concepts and best practices related to authentication,authorization, and access control
QuestionWhich Boolean operator is most commonly used in cryptographic applications?
Correct AnswerA: XOR
ReferencesEXPLANATION:A is correct; the Exclusive OR (XOR) is typically used to encrypt and decrypt data.B, C, and D are incorrect; they are built from logical distractors.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4: Cryptography
OBJECTIVE: Summarize general cryptography concepts
QuestionA one-way algorithm that creates a unique fixed-size number from a variable-length message
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 19
is known as what?
Correct AnswerD: Hash
ReferencesEXPLANATION:D is correct. A hash is a fixed-sized result of an algorithm that is generated based on thecontent of the input to an algorithm.A is incorrect; it is a nonsense term. B and C are cryptographic terms associated with othercryptographic items, not fixed block.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4: Cryptography
OBJECTIVE: Summarize general cryptographic concepts
QuestionWhich type of social engineering attack utilizes voice messaging to send unsolicited bulkmessages?
Correct AnswerB: SPIM
ReferencesEXPLANATION:B is correct. SPIM is basically SPAM sent via a messaging service.A is incorrect; vishing is basically a variation of phishing that uses voice communicationtechnology to obtain the information the attacker is seeking. C is incorrect; SPAM is notassociated directly with voice messaging. When it is, it is called SPIM, making B a betterchoice. D is incorrect; it is a nonsensical distractor.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 2: Operational Organizational Security
OBJECTIVE: Analyze and differentiate among types of attacks
QuestionWhich of the following is centralized security based on typical job types?
Correct AnswerB: RBAC
ReferencesEXPLANATION:B is correct; Role-based Access Control (RBAC) grants access based on the type of work the
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 20
user is granted.A is incorrect; Mandatory Access Control is based on data, not job type. C is incorrect;Realm-based is not based on job types. D is incorrect; Discretionary Access Control is basedon data, not job type.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 19: Privilege Management
OBJECTIVE: Apply and implement secure network administration principles
QuestionWhat type of device stores and issues certificates?
Correct AnswerA: CA
ReferencesEXPLANATION:A is correct. A certificate authority (CA) stores and issues certificates.B, C, and D are incorrect; they are security acronyms and terms used to distract.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 5: Public Key Infrastructure
OBJECTIVE: Explain the core concepts of public key infrastructure
QuestionWhich of the following measures will NOT improve the physical security of a computer?
Correct AnswerA: Insuring the server
ReferencesEXPLANATION:A is correct; insuring the server only provides a financial method of recovering from someaspect of loss; it does not improve the security posture.B, C, and D are incorrect; they all improve the level of physical security.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 7: Physical Security
OBJECTIVE: Explain risk-related concepts
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 21
QuestionThe first and most critical step of auditing is:
Correct AnswerB: To ensure the correct things are being audited
ReferencesEXPLANATION:B is correct; the first and most critical step of logging is to ensure that the correct things arebeing audited.A is incorrect; this wastes space. C is incorrect; as it is a necessary item, just not first. D isincorrect; again, not a first step.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 12: Security Baselines
OBJECTIVE: Analyze and differentiate among types of mitigation and deterrent techniques
QuestionWhich of the following steps will an attacker often take to attack a computer system?
Correct AnswerD: Perform a port scan to identify all open ports.
ReferencesEXPLANATION:D is correct; attackers will often perform a port scan to identify all open ports on a system todetermine which potential vulnerabilities may be exploited.A is incorrect; this is a nonsensical answer. B is incorrect; attackers will not install all patches.C is incorrect; this is a mitigation effort, not an attacker effort.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 20: Computer Forensics
OBJECTIVE: Analyze and differentiate among types of attacks
QuestionIn which of the following attacks does the attacker ensure that all communication going to orfrom the target machine passes through the attacker's machine?
Correct AnswerD: Man-in-the-middle attack
ReferencesEXPLANATION:
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 22
D is correct; in the man-in-the-middle attack, the attacking machine inserts itself in the path ofcommunications between the target machine and its connections.A is incorrect; in replay attacks, the replay packets do not involve all data. B is incorrect;spoofing is falsifying content fields. C is incorrect; the brute force method alleviates theimportance of the positioning of the attacker with respect to their pattern of attack.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 13: Types of Attacks and Malicious Software
OBJECTIVE: Analyze and differentiate among types of attacks
QuestionQuantum cryptography is best used for:
Correct AnswerA: Secure Key Distribution
ReferencesEXPLANATION:A is correct. Quantum cryptography is best utilized for secure key distribution.B, C, and D are incorrect. Quantum cryptography is computationally challenging (bad formobile), and its strength is in detecting interception and in strength of encryption-ruling out Cand D.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4: Cryptography
OBJECTIVE: Summarize general cryptographic concepts
QuestionAll employees should be expected to read and understand which of the following documentsassociated with end-user responsibilities?
Correct AnswerA: Acceptable Use agreement
ReferencesEXPLANATION:A is correct. All employees should read and understand the firm's acceptable use policy.B, C, and D are common security elements used as distractors. Not all choices would applyto all employees.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011.
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 23
Chapter 2: Operational Organizational Security
OBJECTIVE: Explain the importance of security related awareness and training
QuestionAn advantage of symmetric key-based encryption over asymmetric key encryption is:
Correct AnswerA: Speed of operation for bulk encryption/decryption
ReferencesEXPLANATION:A is correct; symmetric key is faster than asymmetric key cryptography, hence it is better forbulk operations.B is incorrect; symmetric vs. asymmetric has no relation to complexity of algorithms. C isincorrect; symmetric vs. asymmetric has no relation to level of security. D is incorrect;asymmetric algorithms solve key distribution issues.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4: Cryptography
OBJECTIVE: Summarize general cryptography concepts
QuestionAn application that executes malicious code when a predetermined event occurs is calledwhat?
Correct AnswerD: Logic bomb
ReferencesEXPLANATION:D is correct; logic bombs will execute based on predetermined events.A is incorrect; evil twin is a wireless attack. B is incorrect; root kits are a means of changingthe system files and operation of an OS. C is incorrect; back doors are alternative means ofentry.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 11: Intrusion Detection Systems
OBJECTIVE: Analyze and differentiate among types of malware
QuestionWho is responsible for access control on objects in the Mandatory Access Control (MAC)
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 24
model?
Correct AnswerC: System administrator
ReferencesEXPLANATION:C is correct; the system administrator is responsible for Mandatory Access Control modelimplementation on the system.A and B are incorrect; owners and creators can administer Discretionary Access Control(DAC) systems. D is incorrect; it is a simple distractor.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 19: Privilege Management
OBJECTIVE: Explain the fundamental concepts and best practices related to authentication,authorization, and access control
QuestionA web application firewall is designed to detect and stop which of the following?
Correct AnswerA: SQL injection attacks
ReferencesEXPLANATION:A is correct; web security gateways are intended to address the security threats and pitfallsunique to web-based traffic such as SQL injection attacks.B, C, and D are incorrect; although these are potential attacks, they are not against webapplications.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 11: Intrusion Detection Systems
OBJECTIVE: Explain the security function and purpose of network devices and technologies
QuestionAn example of attacking the inherent trust a web browser imparts to a web session is:
Correct AnswerA: Cross-site scripting
ReferencesEXPLANATION:A is correct. Cross-site scripting is an attack methodology; while all are attacks, this answer ismost closely related to the web.
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 25
B, C, and D are incorrect. They are not tied directly to web browser activity.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 15: Web Components
OBJECTIVE: Analyze and differentiate among types of application attacks
QuestionImplicit deny in a firewall rule set means:
Correct AnswerC: Any traffic not expressly permitted is denied.
ReferencesEXPLANATION:C is correct; implicit deny means that any traffic not expressly permitted by a rule in thefirewall's rule set or ACL is denied and rejected by the firewall.A and B are incorrect; implementation would be equivalent to a disconnection, not a firewall.D is incorrect; this is an implicit allow.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 11: Intrusion Detection Systems
OBJECTIVE: Apply and implement secure network administration principles
QuestionData classification allows an organization to determine what?
Correct AnswerC: Data security policy: how much protection does the data need?
ReferencesEXPLANATION:C is correct; data classification is the cornerstone of determining what the securityrequirements are for the data.A is incorrect; retention is not strictly determined by data sensitivity (classification). B isincorrect; storage is not strictly determined by data sensitivity (classification). D is incorrect;duplication is not strictly determined by data sensitivity (classification).
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 2: Operational Organizational Security
OBJECTIVE: Explain the importance of data security
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 26
QuestionThe activity of searching for unsecured wireless networks is known as what?
Correct AnswerC: War-driving
ReferencesEXPLANATION:C is correct; the activity of searching for unsecured wireless networks is known aswar-driving.A, B, and D are incorrect; they are distractors using wireless terms and the "war-" prefix.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 10: Wireless Security
OBJECTIVE: Implement a wireless network in a secure manner
QuestionA disadvantage of a Full backup is:
Correct AnswerB: It takes the longest time to restore.
ReferencesEXPLANATION:B is correct; a full backup takes the longest to restore as it contains all information.A is incorrect; full backups can be stored on a variety of media. C is incorrect; it is not adisadvantage. D is incorrect; all backups can backup malware infections, it is not unique tofull backups.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 16: Disaster Recovery and Business Continuity
OBJECTIVE: Execute disaster recovery plans and procedures
QuestionWhat type of survey is performed to assess the optimal location of Wireless Access Points?
Correct AnswerB: Site survey
ReferencesEXPLANATION:B is correct; a site survey is performed to assess the optimal location of Wireless Access
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 27
Points.A, C, and D are distractors built from common wireless terms.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 10: Wireless Security
OBJECTIVE: Implement wireless network in a secure manner
QuestionYou have created a file on a remote server that is confidential. You wish to assign permissionto access the file to selected members of your team. You will be choosing which of thefollowing type of access control systems?
Correct AnswerC: Discretionary Access Control
ReferencesEXPLANATION:C is correct; Discretionary Access Control gives the user the option of setting controls.A is incorrect as Mandatory Access Control does not provide for user control. B and D areincorrect as they are created from nonsense terms.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 19: Privilege Management
OBJECTIVE: Explain the fundamental concepts and best practices related to authentication,authorization and access control
QuestionA _________ refers to a bootable media device left in the open with an enticing title.
Correct AnswerC: Road apple
ReferencesEXPLANATION:C is correct. "Road apple" is the term used to describe the social engineering attackassociated with leaving bootable media for people to pick up and use.A and B are incorrect; they can be bootable media, but are not necessarily an attack. D is anonsense distractor.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 7: Physical Security
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 28
OBJECTIVE: Analyze and differentiate among types of social engineering
QuestionWhat is tailgating?
Correct AnswerD: Following another individual through an open door
ReferencesEXPLANATION:D is correct. Following an individual through a normally locked door is called tailgating.A is incorrect, it is a form of social engineering called shoulder surfing. B and C are incorrect.They are nonsensical distractors.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 7: Physical Security
OBJECTIVE: Analyze and differentiate among types of social engineering attacks
QuestionCallback can be exploited by what means?
Correct AnswerD: Call Forwarding
ReferencesEXPLANATION:D is correct. Call Forwarding will route the legitimate call from the Remote Access Server tothe attacker's phone number.A, B, and C are incorrect; they are all distractors built using terms that are relevant to thesubject.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Remote Access and Authentication
OBJECTIVE: Explain the fundamental concepts and best practices related to authentication,authorization, and access control
QuestionECC is particularly suited to
Correct AnswerD: Mobile devices
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 29
ReferencesEXPLANATION:D is correct. ECC requires very little power, making it ideal for low-power devices, such asmobile devices.A, B, and C are incorrect. Although used on mainframes, ECC is primarily designed and usedin low-power situations where transmission errors may occur, as in mobile devices.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4. Cryptography
OBJECTIVE: Explain general cryptography concepts.
QuestionWhich of the following sends unguaranteed or best-effort data transfers?
Correct AnswerD: UDP
ReferencesEXPLANATION:D is correct. User Datagram Protocol (UDP) sends data without guaranteeing delivery.A is incorrect. DNS is not a data transfer protocol. B and C are both guaranteed deliveryprotocols.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 8: Infrastructure Security
OBJECTIVE: Implement and use common protocols
QuestionFlood guards are related to which elements of network security?
Correct AnswerB: IDS/IPS
ReferencesEXPLANATION:B is correct. Flooding-type attacks can be caught using an intrusion detection (or prevention)system.A is incorrect. Spanning Tree Algorithm is related to loop protection. C and D are incorrect.Both are legitimate terms, but not related to flooding attacks and prevention.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011.
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 30
Chapter 8: Infrastructure Security
OBJECTIVE: Apply and implement secure network administration principles
QuestionAcceptable use policies are used to define
Correct AnswerD: All user responsibilities
ReferencesEXPLANATION:D is correct; an acceptable use policy defines all user responsibilities with respect to using ITresources.A, B, and C are incorrect; they are security term distractors.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 2: Operational Organizational Security
OBJECTIVE: Explain the importance of security-related awareness and training
QuestionWhat type of firewall works primarily on port and IP addresses?
Correct AnswerD: Packet-filtering firewall
ReferencesEXPLANATION:D is correct. A packet-filtering firewall works primarily on ports and IP addresses.A and B are incorrect. They are different types of firewalls that require additional packetinspection. C is incorrect. This is a simple distractor.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 8: Infrastructure Security
OBJECTIVE: Implement assessment tools and techniques to discover security threats andvulnerabilities
QuestionWhich of the following documents is used to determine your most critical business functionsand is used to help build your DRP?
Correct AnswerD: Business Impact Analysis
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 31
ReferencesEXPLANATION:D is correct; the BIA outlines what the loss of any of your critical functions will mean to theorganization and is used in the development of the Disaster Recovery Plan (DRP).A is incorrect; it is high level. B is incorrect; it is a nonsensical distractor. C is incorrect; itdoes not directly address the question.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 16: Disaster Recovery and Business Continuity
OBJECTIVE: Explain and apply physical access security methods.
QuestionWhat is the term given to the process of returning to an earlier release of a softwareapplication in the event that a new release causes either a partial or complete failure?
Correct AnswerC: Backout
ReferencesEXPLANATION:C is correct; a backout plan is the steps to restore a system in the event of a failure of anupgrade.A, B, and D are incorrect; they are distractors constructed from relevant terms.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 16: Disaster Recovery and Business Continuity
OBJECTIVE: Identify and apply industry best practices for access control methods.
QuestionThe attribute that prevents someone from later denying their actions is called what?
Correct AnswerA: Nonrepudiation
ReferencesEXPLANATION:A is correct. Nonrepudiation prohibits people from denying their actions.B, C, and D are incorrect. These are all terms used in cryptography but do not relate to theconcept of repudiation and nonrepudiation.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011.
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 32
Chapter 4: Cryptography
OBJECTIVE: Summarize general cryptographic concepts
QuestionWhich protocol is a countermeasure for network sniffing?
Correct AnswerB: SSH
ReferencesEXPLANATION:B is correct; Secure Shell (SSH) encrypts traffic, making the traffic not available to sniffers.A, C, and D are incorrect; they are all plaintext protocols, with their traffic available forsniffing.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Remote Access and Authentication
OBJECTIVE: Apply and implement secure network administration principles
QuestionTesters who have full access to design and coding elements in developing their test plan areusing which methodology?
Correct AnswerD: White-box testing
ReferencesEXPLANATION:D is correct; white box testing refers to testing schemes where design and coding decisionsare open to inspection.A is incorrect; black-box testing refers to testing in which the testers have no knowledge ofwhat is inside. B is incorrect; grey-box testing refers to partial knowledge. C is incorrect; it is acombination of terms meant to distract.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 13: Types of Attacks and Malicious Software
OBJECTIVE: Within the realm of vulnerability assessments, explain the proper use ofpenetration testing versus vulnerability scanning
QuestionTo help secure DNS servers, zone transfers should:
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 33
Correct AnswerA: Be limited to DNS servers that need access to the entire zone information for update andreplication purposes
ReferencesEXPLANATION:A is correct; zone transfers should be limited to DNS servers that need access to the entirezone information for update and replication purposes.B, C, and D are incorrect as they would impair DNS operations.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 12: Security Baselines
OBJECTIVE: Apply and implement secure network administration principles
QuestionWhich type of social engineering attack targets only specific individuals high up in anorganization, such as the corporate officers, with e-mail attempting to get them to revealpersonal or sensitive information?
Correct AnswerB: Whaling
ReferencesEXPLANATION:B is correct; whaling refers to the use of more senior execs to create trust in lower levels toany unauthorized users.A, C, and D are incorrect. They are all social engineering attacks, but with differentmethodologies.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 2: Operational Organizational Security
OBJECTIVE: Analyze and differentiate among types of social engineering attacks
QuestionA key element in using PKI certificate-based security is the use of which of the following?
Correct AnswerD: CRL
ReferencesEXPLANATION:D is correct. CRL (Certificate Revocation List) is the best answer. The CRL determineswhether the issuer has revoked the certificate.A and C are incorrect; they are involved, but not in any fashion that provides better security
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 34
than a CRL. B is incorrect; it is not involved in PKI certificate trust decisions.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 5: Public Key Infrastructure
OBJECTIVE: Implement PKI, certificate management, and associated components
QuestionFor a security policy to be effective, it must be understood by:
Correct AnswerA: All employees
ReferencesEXPLANATION:A is correct because security is an all-hands effort; all employees must understand theeffects of a security breach and the company policy associated with security.B, C, and D are incorrect; as they are subsets of "All employees," which is a better answer.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 2: Operational Organizational Security
OBJECTIVE: Explain risk-related concepts
QuestionWhich of the following is not a method to implement 802.1X?
Correct AnswerA: EAP-RC2
ReferencesEXPLANATION:A is correct; RC2 is not a valid crypto scheme for 802.1X.B, C, and D are incorrect. B uses MD5 for encryption, C is Tunneling TLS, and D is TLS.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 10: Wireless Security
OBJECTIVE: Implement assessment tools and techniques to discover security threats andvulnerabilities
Question
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 35
Escalation auditing is the process of looking for:
Correct AnswerC: An increase in privilege
ReferencesEXPLANATION:C is correct; escalation auditing is the process of looking for an increase in privilege.A is incorrect; this is a nonsensical distractor. B is incorrect; this is not an escalation issue.The audit searches for threats that can come from an increase in privilege. D is incorrect;although unauthorized logins are a security issue, they are not related to this topic.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 19: Privilege Management
OBJECTIVE: Implement assessment tools and techniques to discover security threats andvulnerabilities
QuestionWhich of the following does not secure e-mail?
Correct AnswerC: MIME
ReferencesEXPLANATION:C is correct, as S/MIME, PGP, and OpenPGP are all methods of securing e-mail viaencryption. MIME is not encrypted.A, B, and D are incorrect, as they all enable encryption with e-mail.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4: Cryptography
OBJECTIVE: Use and apply appropriate cryptographic tools and products
QuestionWhich of the following is a reason given for limiting an object's privileges as part of theprinciple of least privilege?
Correct AnswerB: It limits the amount of harm that can be caused, thus limiting an organization's exposure todamage.
ReferencesEXPLANATION:B is correct; this is the primary reason given for implementing the concept of least privilege.
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 36
A is incorrect; the opposite is more true, with least privilege, you limit the user base that canbe responsible. C is incorrect; least privilege adds to the preparation work, but makesresponse easier. D is incorrect as it is has no relationship to the actual number of permittedparties, just the correct ones.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 1: General Security Concepts
OBJECTIVE: Explain risk-related concepts
QuestionWhich of the following services allows a client to retrieve email from a mail server?
Correct AnswerB: POP3
ReferencesEXPLANATION:B is correct; POP3 (Post Office Protocol) is the only correct answer.A is incorrect; SNMP is Simple Network Management Protocol. C is incorrect; FTP is for filetransfers. D is incorrect; HTTP is used to communicate to a web server, not the e-mail server.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 14: E-Mail and Instant Messaging
OBJECTIVE: Implement and use common protocols
QuestionWhat was described as the chief drawback to the security principle of separation of duties?
Correct AnswerC: The cost required in terms of both time and money.
ReferencesEXPLANATION:C is correct; the chief drawback with the principle of separation of duties is the perceived costinvolved.A is incorrect; while it may not be popular among users, this is not a chief drawback. B and Dare incorrect, as the principle is not hard to understand, and it doesn't make it easier forinsiders to take advantage of security holes.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 1: General Security Concepts
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 37
OBJECTIVE: Identify and explain applicable legislation and organizational policies.
QuestionInternet content filter appliances can be used to:
Correct AnswerB: Block end-user access to specific types of data based on content
ReferencesEXPLANATION:B is correct; Internet content filters act to restrict the types of information being accessed byweb users.A is incorrect; this is data loss prevention. C is incorrect; this is load balancing. D is incorrect;this is done by web application firewalls.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 11: Intrusion Detection Systems
OBJECTIVE: Explain the security function and purpose of network devices and technologies
QuestionWhen comparing two different implementations of the same algorithms for cryptographicstrength, what is the best guide?
Correct AnswerD: Key length in bits
ReferencesEXPLANATION:D is correct. The strength of an implementation is directly related to keyspace (number ofpotential keys).A, B, and C are incorrect. These are all common distractors.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4: Cryptography
OBJECTIVE: Summarize general cryptographic Concepts
QuestionA root kit does what?
Correct AnswerA: Helps malicious users gain unauthorized administrative access to computers
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 38
ReferencesEXPLANATION:A is correct. Rootkits are designed to help malicious users, including unauthorized users,gain unauthorized administrative access to computers.B, C, and D are incorrect. They are all distractors based on relevant terms.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 13: Types of Attacks and Malicious Software
OBJECTIVE: Analyze and differentiate among types of malware
QuestionWhen a certificate authority signs a certificate, it uses what to do so?
Correct AnswerC: The CA's private key
ReferencesEXPLANATION:C is correct; the CA uses its private key, allowing users to use the public key to authenticatethe origin of the signature.A is incorrect; it is false-CAs do sign certificates. B is incorrect; it would require the release ofthe CA's private key for validation of the signature. D is incorrect: because the CA does notknow who the requestor is at the time of signing, one signature is used for many requests.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 5: Public Key Infrastructure
OBJECTIVE: Explain the core concepts of public key infrastructure
QuestionWhich of the following addresses is an example of a MAC address?
Correct AnswerD: 00:07:e9:7c:c8:aa
ReferencesEXPLANATION:D is correct; it is a MAC address and is a hexadecimal representation of 48 bits.A is incorrect; it is an IP address. B is incorrect; it is a common subnet mask for IPv4. C isincorrect; it is an IPv6 address.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011.
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 39
Chapter 8: Infrastructure Security
OBJECTIVE: Distinguish and differentiate network design elements and compounds
QuestionWhich media is most susceptible to EMI?
Correct AnswerB: Unshielded Twisted-Pair
ReferencesEXPLANATION:B is correct. Unshielded Twisted-Pair (UTP) is most susceptible to electromagneticinterference.A and D are incorrect. Both of these media are outside the typical frequency range of EMI,and in the case of fiber optics, shielded as well. C is incorrect as it is a shielded cable.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 7: Physical Security
OBJECTIVE: Explain the impact and proper use of environmental controls
QuestionWhich of the following protocols cannot traverse NAT?
Correct AnswerC: L2TP
ReferencesEXPLANATION:C is correct; L2TP cannot traverse NAT. One recommended option is to have the VPNterminate at the firewall instead of traversing it.A, B, and D are incorrect; SMTP, NTP, and FTP applications can communicate across NAT.
REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Remote Access and Authentication
OBJECTIVE: Explain the security function and purpose of network devices and technologies
LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 40
top related