Best Websites

Since 1998 BestWebsites.com.my features thousands of best websites
in many categories of interest with descriptions/reviews given by leading
publications and webmasters.

Home

Google
 
Web BestWebsites.com.my

April 2006

Test Your Knowledge of Security+ Topics

by Emmett Dulaney

The Security+ exam from CompTIA is an entry-level certification for those wanting to authenticate their knowledge of basic computer/networking security concepts. It consists of 100 multiple choice questions that need to be answered within 90 minutes.

This sample test of 50 questions is intended to let you test your knowledge of the subject of basic security and your readiness for this, or a similar, certification test. It should also be pointed out that CompTIA offers a page of study tips for the exam, and it is worth skimming.

Answers are at the end of the article. Good luck!

1. What term is used to describe the inability of a sender to deny the sending of a message?

a. Integrity
b. Nonrepudiation
c. Labeling
d. Authenticity

2. Which of the following organizations is primarily concerned with military encryption systems?

a. NSA
b. NIST
c. IEEE
d. ITU

3. Which of the following authorization methods requires the client to be preauthenticated?

a. Certificates
b. Tokens
c. Kerberos
d. PAP

4. Which working group is responsible for the development of the X.509 certificate standard?

a. PKCS
b. PKIX
c. IEEE
d. ISOP

5. Which protocol provides security for terminal sessions to a remotely located Unix system?

a. SSL
b. TLS
c. SSH
d. PKI

6. Which of the following terms is used to describe an opening left in a program or application by a developer?

a. Back door
b. Window
c. Open latch
d. Black hole

7. Which of the following is a remote administration tool used by hackers to take control of Windows-based systems?

a. Netstat
b. BGP
c. Iwconfig
d. Back Orifice

8. Which of the following keys are needed to make a key recovery process work? (choose all that apply)

a. Current key
b. Previous key
c. Archived key
d. Escrow key

9. Which of the following statements is true?

a. Key renewal is a good practice.
b. Key renewal is a bad practice.
c. Rollovers automatically renew a key.
d. The suspension process automatically renews a key.

10. What is the process of creating new keys to replace expired keys called?

a. Key renewal
b. Rollover
c. Archival
d. Revocation

11. PKCS uses which key pairs for encryption?

a. Symmetric
b. Public/Private
c. Asymmetric/Symmetric
d. Private/Private

12. Which port does the TACACS authentication service utilize by default?

a. 80
b. 49
c. 25
d. 22

13. Which port does the NetBIOS session service utilize by default?

a. 389
b. 143
c. 139
d. 110

14. Which file extension should NOT be allowed with an email attachment?

a. .doc
b. .scr
c. .txt
d. .xls

15. Which port does IPSec use for ESP?

a. 50
b. 51
c. 52
d. 53

16. Which password attack can be used to successfully break the password 7Tt%kJ51&?

a. Dictionary
b. Man-in-the-middle
c. Brute force
d. Birthday

17. Which type of RAID mirrors drives?

a. RAID 0
b. RAID 1
c. RAID 3
d. RAID 5

18. What is the minimum number of disks needed for most deployments of RAID 5?

a. 1
b. 2
c. 3
d. 4

19. What type of system(s) does PGP utilize?

a. Symmetrical
b. Asymmetrical
c. Both symmetrical and asymmetrical
d. Neither symmetrical nor asymmetrical

20. In order for Kerberos to function properly, what must be working correctly?

a. Clustering
b. ODI
c. Time synchronization
d. Pair management

21. What can be used to slow the flow of individuals into a building and funnel them past security?

a. Mantrap
b. Honey pot
c. IDS
d. OSI

22. What is the condition in which unsoldered chips slowly work their way loose and out of a socket over time known as?

a. Firmware scramble
b. Chip creep
c. Shirting
d. Displacement

23. What type of virus modifies and alters other programs and databases?

a. Phish
b. Phat
c. Phage
d. Phart

24. A user you do not know frantically emails you with an urgent message. According to the message, there is a new virus going around that is resetting the dates on all computers to 1969, and they are worried that this might happen to all the systems on your network. What should you first do?

a. Disconnect all users and run a full backup.
b. Email a dozen other administrators and let them know of the problem.
c. Disconnect the network until it is safe again.
d. Verify that this is not a hoax.

25. Which of the following is defined as any unwanted, unsolicited email?

a. Spoof
b. Spam
c. Hoax
d. Junk

26. What is the major difference between a revoked key and a suspended key?

a. There is no difference.
b. A suspended key can't be used again, but a revoked key can.
c. A revoked key can't be used again, but a suspended key can.
d. A key cannot be revoked, but can be suspended.

27. What type of policy is used to lay out guidelines and expectations for upgrades, monitoring, backups, and audits?

a. Administrative
b. Loquacious
c. Cryptographic
d. Associative

28. What would be the acceptable amount of downtime each year with a policy of 98 percent uptime?

a. 1 1/2 days
b. 3 1/4 days
c. 5 2/5 days
d. 7 1/3 days

29. Which of the following client IP addresses would indicate that NAT is likely used on the network?

a. 1.2.3.4
b. 12.34.45.56
c. 192.168.0.25
d. 200.1.1.1

30. Which type of firewalls are used to process requests from an outside network and make rules-based decisions about whether the request should be forwarded or refused?

a. Proxy
b. Deputy
c. Delegate
d. Representative

31. What are the three primary connectors used with coax?

a. Substitute
b. T-connector
c. Inline
d. Terminating

32. Which type of wireless communication allows a point-to-point connection to be made and requires a direct line of sight?

a. 802.11x
b. WEP
c. WAP
d. Infrared

33. Which model is similar in concept to the Bell La-Padula model, but is more concerned with information integrity?

a. Dome
b. Regulator
c. Biba
d. Grandfather

34. What type of device can authenticate a user based on a physical characteristic?

a. RBAC
b. Biometric
c. RFID
d. ARO

35. Which type of attack focuses on finding similar keys in MD5?

a. Birthday
b. Propitious
c. Fateful
d. Centenary

36. Which of the following types of backup sites is not immediately ready to use when a disaster strikes?

a. Chain
b. Round
c. Warm
d. Cold

37. How is information about you (and your preferences) stored within a cookie?

a. Plain text
b. RSA encrypted
c. Hashed
d. MD5 encrypted

38. You have inherited a network utilizing a proxy server that is "dual-homed". What does this mean?

a. It utilizes caching to store the most commonly requested files and serve them to clients.
b. It has two NIC cards — one on the internal network and one on the outside network.
c. It operates as both a proxy server and a client machine for an individual user.
d. It has failover redundancy in case one NIC card or connection fails.

39. Which of the following is the process of luring someone into your plan or trap?

a. Decoy concealing
b. Alluring
c. Enticement
d. Entrapment

40. What is the term used to describe any type of passive attack that intercepts data in an unauthorized manner?

a. Prying
b. Overhearing
c. Snooping
d. Eavesdropping

41. Your intrusion detection software signals that an attack is underway. When you go to investigate, however, you find that the system is functioning exactly as it should and there is no attack. What is this known as?

a. Double negative
b. False positive
c. False alarm
d. Filter error

42. According to CERT, which type of group may be ad hoc, but truly should exist before an incidence occurs?

a. Escalation lineup
b. Working party
c. Recommendation panel
d. Response team

43. The time between when the CRL is issued and when it reaches users may be too long for some applications. What is this time gap referred to as?

a. Latency
b. Deferral
c. Adjournment
d. Lag

44. Which of the following terms is used in conjunction with integrity levels that allow information to flow downward but not upward?

a. Hierarchy
b. Lattice
c. Stepladder
d. Tree

45. Which of the following is the correct formula for computing Annual Loss Expectancy?

a. ALE = SLE / ARO
b. ALE = ARO / SLE
c. ALE = SLE x ARO
d. ALE = SLE + ARO

46. Which encryption protocol is replacing DES as the current standard?

a. AES
b. DSE
c. CAST
d. CASE

47. Which type of attack captures encryption keys by passively monitoring LAN communications and then uses the keys to impersonate authorized users and take over their sessions?

a. Hijacking
b. DoS
c. Multiheaded hydra
d. Kerberos

48. The International Organization for Standardization (ISO) publishes the "Code of Practice for Information Security Management". What is this known as?

a. ISO 23459
b. ISO 17799
c. ISO 443
d. ISO 110

49. What is the name given to software designed with a malicious intent?

a. Spyware
b. Malware
c. Orphanware
d. Harmware

50. Within IPSec, AH and ESP have two modes. What are they? (choose two)

a. Transport mode
b. Tunnel mode
c. Encrypt mode
d. Decrypt mode

Answers

1. Nonrepudiation is a requirement for many cryptographic applications. The sender or receiver, using an electronic signature, can't repudiate a message. Answer: B

2. The NSA is primarily responsible for military encryption systems. The NSA designs, evaluates, and implements encryption systems for the military and government agencies with high security needs. Answer: A

3. Tokens are issued to authenticated users, and they provide a list of the permissions attached to the user. For example, the token issued in a Microsoft NOS contains the user's Security Identifier (SID) and the SIDs of all the groups to which the user belongs. These SIDs are compared to an access control list (ACL) to determine authorization and access. Answer: B

4. The PKIX working group is responsible for the X.509 certificate standard. The PKIX committee reports to the Internet Engineering Task Force (IETF). Answer: B

5. SSH is the most commonly used protocol for secure connections for terminal sessions. SSH operates similarly to a Unix shell, and it allows for similar functionality. Answer: C

6. A back door is an opening left in a program or application by a developer. Answer: A

7. Back Orifice is a remote administration tool used by hackers to take control of Windows-based systems. Answer: D

8. The current, previous, and archived keys must be accessible for a key recovery process to work. If information is encrypted using a key that has expired or been revoked, the information won't be accessible. Answer: A & B & C

9. Key renewal is considered a bad practice. The longer a key is used, the more susceptible it is to decryption. However, key renewal processes may be necessary in a dire situation where a rollover isn't wanted. Answer: B

10. A rollover process is used to issue new keys when a key is about to expire. Answer: B

11. Public Key Cryptographic Systems use a public and private key. The public key can be sent to others to encrypt messages for you. The private key is used to decrypt messages. Answer: B

12. The TACACS authentication service, by default, uses port 49. Port 80 is used by HTTP. Port 25 is used by SMTP. Port 22 is used by SSH. Answer: B

13. The NetBIOS session service, by default, uses port 139. Port 389 is used by LDAP. Port 143 is used by IMAP, and port 110 is used by POP3. Answer: C

14. The .scr extension is used for screen savers. Screensavers, as executables, actually have the ability to do a number of nasty things, such as lock the screen, and wreak havoc. Answer: B

15. The two main wire-level protocols used by IPSec are AH (Authentication Header) and ESP (Encapsulating Security Payload). IPSec uses port 50 for ESP. Answer: A

16. Dictionary, guessing, and birthday attacks work only against passwords that are actual words or dates. A brute-force attack works best against a password that is a series of letters, numbers, and symbols. Answer: C

17. In a RAID 1 array, the drives are mirrored. Answer: B

18. Most RAID 5 implementations require a minimum of three disks. Answer: C

19. PGP (Pretty Good Privacy) uses both symmetrical and asymmetrical systems. Answer: C

20. In order for Kerberos to function properly, time synchronization must be working correctly. If clocks drift from the correct time, problems can occur with trying to compare timestamps and authenticate. Answer: C

21. Mantraps require visual identification, as well as authentication, to gain access. A mantrap makes it difficult for a facility to be accessed in number, because it allows only one or two people into the facility at a time. Answer: A

22. Major fluctuations in AC power can contribute to a condition known as chip creep. With creep, unsoldered chips slowly work their way loose and out of a socket over time. Answer: B

23. A phage virus modifies and alters other programs and databases. Answer: C

24. When you receive an email you suspect is a hoax, check the CERT site before forwarding the message to anyone else. The creator of the hoax wants to create widespread panic, and if you blindly forward the message to co-workers and acquaintances, you're helping the creator accomplish that task. Answer: D

25. Spam is defined as any unwanted, unsolicited email, and not only can the sheer volume of it be irritating, but it can often provide the door to larger problems. Answer: B

26. The major difference is that a revoked key can't be used again, whereas the status of a suspended key can be changed to allow the key to be used again. Once a key is revoked, a new key is required. Answer: C

27. Administrative policies lay out guidelines and expectations for upgrades, monitoring, backups, and audits. Answer: A

28. With 98% uptime, there is a 2% downtime of the 525,600 minutes in a year. That means the data would be down for 10,512 minutes, or 7 1/3 days. Answer: D

29. NAT uses private addresses. The private address ranges are: 10.0.0.0?10.255.255.255, 172.16.0.0?172.31.255.255, and 192.168.0.0?192.168.255.255. Answer: C

30. Proxy firewalls are used to process requests from an outside network; the proxy firewall examines the data and makes rules-based decisions about whether the request should be forwarded or refused. The proxy intercepts all the packages and reprocesses them for use internally. Answer: A

31. The three primary connections used with coax are the T-connector, the inline connector, and the terminating connector. Answer: B & C & D

32. Infrared requires a direct line of sight and allows a point-to-point connection to be made between two IR transceiver-equipped devices. Answer: D

33. The Biba model is similar in concept to the Bell La-Padula model, but it's more concerned with information integrity. Answer: C

34. Biometric devices can authenticate users based on a physical characteristic. Answer: B

35. A birthday attack focuses on finding similar keys in MD5. Answer: A

36. A cold site is not immediately ready to use when a disaster strikes. Answer: D

37. Cookies store information in a plain text file. Answer: A

38. A dual-homed server has two NIC cards — one on the internal network and one on the outside network. Answer: B

39. Enticement is the process of luring someone into your plan or trap. Answer: C

40. Eavesdropping is the term used to describe any type of passive attack that intercepts data in an unauthorized manner. Answer: D

41. A false positive is any flagged event that isn't really an event and has been falsely triggered. Answer: B

42. An incident response team may be ad hoc, but truly should exist before an incidence occurs. Answer: D

43. Latency refers to the time between when the CRL is issued and when it reaches users. Answer: C

44. The term lattice is used in conjunction with integrity levels that allow information to flow downward but not upward. Answer: B

45. Annual Loss Expectancy (ALE) is equal to Single Loss Expectancy (SLE) multiplied by Annualized Rate of Occurrence (ARO). Answer: C

46. The AES encryption protocol is replacing DES as the current standard. Answer: A

47. Hijacking attacks capture encryption keys by passively monitoring LAN communications and then using those keys to impersonate an authorized user and take over their session. Answer: A

48. The International Organization for Standardization (ISO) published the ISO 17799 standard, which is referred to as the "Code of Practice for Information Security Management".Answer: B

49. Malware is the name given to software designed with a malicious intent, including spyware, viruses, and other miscreants. Answer: B

50. The two main wire-level protocols used by IPSec are AH (Authentication Header) and ESP (Encapsulation Security Payload). Both can operate in transport mode or tunnel mode. Answer: A&B.

Emmett Dulaney is the co-author of the Security+ Study Guide, Third Edition (ISBN: 0-4700-3668-0) and author of several books on Linux/Unix and certification as well as a columnist for UnixReview. Emmett's blog can be found at http://edulaney.blogspot.com, and he can be reached (and welcomes your comments) at edulaney@iquest.net.

Source: UnixReview.com

Home

Copyright © 2006 BestWebsites.com.my a collection of Best Websites