Security+ ExamFlashcards
100 Questions
100 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the principle of least privilege?

A security rule that prevents users from accessing information and resources that lie beyond the scope of their responsibilities.

Which of the following acronyms refers to a risk assessment formula defining probable financial loss due to a risk over a one-year period?

  • UAT
  • ARO
  • ALE (correct)
  • SLE
  • The Exposure Factor (EF) in the formula for Single Loss Expectancy (SLE) refers to the impact of the risk over the asset, or percentage of asset lost when a specific threat is realized. What is the EF value for an asset that is entirely lost?

    1.0

    What is a firewall?

    <p>A software or hardware that checks information coming from the Internet and blocks or allows it based on configuration settings.</p> Signup and view all the answers

    What is a router?

    <p>A device designed to forward data packets between networks.</p> Signup and view all the answers

    What is an exception in the context of firewalls?

    <p>Allowing a connection through a firewall.</p> Signup and view all the answers

    What is a load balancer?

    <p>A network device designed for managing the optimal distribution of workloads across multiple computing resources.</p> Signup and view all the answers

    The last default rule on a firewall is to deny all traffic.

    <p>True</p> Signup and view all the answers

    What is a proxy?

    <p>A computer network service that allows clients to make indirect network connections to other network services.</p> Signup and view all the answers

    What does HIDS stand for?

    <p>Host-based Intrusion Detection System.</p> Signup and view all the answers

    One of the measures for securing networking devices includes the practice of disabling unused ports.

    <p>True</p> Signup and view all the answers

    Which of the following ensures the privacy of a VPN connection? (Select all that apply)

    <p>Authentication</p> Signup and view all the answers

    Which of the following refers to a dedicated device for managing secure connections over an untrusted network? (Select all that apply)

    <p>VPN concentrator</p> Signup and view all the answers

    Which of the following acronyms refers to a network or host based monitoring system designed to alert administrators of unauthorized activity? (Select all that apply)

    <p>IDS</p> Signup and view all the answers

    Which of the following terms refers to a software tool used for monitoring network traffic? (Select all that apply)

    <p>Packet sniffer</p> Signup and view all the answers

    Which of the following lists the protocol and port number used by a spam filter? (Select 2 answers)

    <p>25</p> Signup and view all the answers

    Which acronym refers to a network security solution that combines a firewall with additional functionalities? (Select all that apply)

    <p>UTM</p> Signup and view all the answers

    URL filtering restricts access based on which criteria? (Select all that apply)

    <p>Web address</p> Signup and view all the answers

    Which of the following network security solutions inspects traffic in real time? (Select all that apply)

    <p>NIPS</p> Signup and view all the answers

    Which of the following refers to a firewall controlling access to a web server? (Select all that apply)

    <p>WAF</p> Signup and view all the answers

    Which of the answers list a set of rules specifying which users can access objects? (Select all that apply)

    <p>ACL</p> Signup and view all the answers

    Which actions can be taken by passive IDS? (Select 2 answers)

    <p>Logging</p> Signup and view all the answers

    What does 802.1x define?

    <p>A standard for port-based network access control.</p> Signup and view all the answers

    What is Rule-Based Access Control?

    <p>An access control model where access is granted or denied based on ACL entries.</p> Signup and view all the answers

    A type of IDS that relies on a baseline of normal activity is a signature-based IDS.

    <p>False</p> Signup and view all the answers

    Which security solution provides a countermeasure against denial-of-service attacks? (Select all that apply)

    <p>Flood guard</p> Signup and view all the answers

    Which protocols protect against switching loops? (Select all that apply)

    <p>STP</p> Signup and view all the answers

    A type of IDS that relies on known attack patterns is known as a signature-based IDS.

    <p>True</p> Signup and view all the answers

    Which policy applies to requests falling outside the criteria defined in an ACL? (Select all that apply)

    <p>Implicit deny policy</p> Signup and view all the answers

    What is a Demilitarized Zone (DMZ)?

    <p>A lightly protected subnet placed outside a company's firewall with publicly available servers.</p> Signup and view all the answers

    Which part of the address 192.168.1.5/24 identifies its network ID?

    <p>192.168.1</p> Signup and view all the answers

    Which acronym refers to a solution for managing internal call costs? (Select all that apply)

    <p>PBX</p> Signup and view all the answers

    What technology allows making phone calls over a broadband Internet connection?

    <p>VoIP</p> Signup and view all the answers

    Which of the following answers lists a /27 subnet mask? (Select all that apply)

    <p>255.255.255.224</p> Signup and view all the answers

    What type of system can be compromised through phreaking?

    <p>PBX</p> Signup and view all the answers

    What refers to a grouping of computers in the same broadcast domain regardless of physical location? (Select all that apply)

    <p>Virtual Local Area Network (VLAN)</p> Signup and view all the answers

    Which measure is in place when a client is denied access due to outdated antivirus software? (Select all that apply)

    <p>NAC</p> Signup and view all the answers

    Which technology allows multiple operating systems to run simultaneously on the same hardware? (Select all that apply)

    <p>Virtualization</p> Signup and view all the answers

    What is post-admission NAC?

    <p>A security stance where permissions are granted or denied based on actions after network access has been provided.</p> Signup and view all the answers

    Which solution hides internal IP addresses in IP packet headers? (Select all that apply)

    <p>NAT</p> Signup and view all the answers

    VLAN membership can be set through: (Select all that apply)

    <p>Physical address</p> Signup and view all the answers

    What does IaaS stand for?

    <p>Infrastructure as a Service.</p> Signup and view all the answers

    Which cloud service type would best suit a web developer creating a web app? (Select all that apply)

    <p>PaaS</p> Signup and view all the answers

    What is SaaS?

    <p>A cloud computing infrastructure type where applications are hosted over a network.</p> Signup and view all the answers

    The biggest advantage of public cloud services is that all services are offered free of charge.

    <p>False</p> Signup and view all the answers

    Which concept employs multiple tools and techniques for security? (Select 2 answers)

    <p>Defense in depth</p> Signup and view all the answers

    Which IPsec mode provides entire packet encryption? (Select all that apply)

    <p>Tunnel</p> Signup and view all the answers

    Which protocol is used in network management systems for monitoring network-attached devices? (Select all that apply)

    <p>SNMP</p> Signup and view all the answers

    Which of the following transmit data in an unencrypted form? (Select all that apply)

    <p>FTP</p> Signup and view all the answers

    What is an SNMP community?

    <p>A group that consists of SNMP devices and one or more SNMP managers.</p> Signup and view all the answers

    Which protocol was designed as a secure replacement for Telnet? (Select all that apply)

    <p>SSH</p> Signup and view all the answers

    What does DNS stand for?

    <p>Domain Name System.</p> Signup and view all the answers

    What does AAAA record in a DNS database identify?

    <p>IPv6 address.</p> Signup and view all the answers

    Which protocols are used for securing HTTP connections? (Select 2 answers)

    <p>TLS</p> Signup and view all the answers

    Which suite of protocols is used for connecting hosts on the Internet? (Select all that apply)

    <p>TCP/IP</p> Signup and view all the answers

    FTPS is an extension to FTP that adds support for TLS and SSL protocols.

    <p>True</p> Signup and view all the answers

    What is the SCP protocol used for?

    <p>Secure file transfer.</p> Signup and view all the answers

    Which protocol is used by the PING utility? (Select all that apply)

    <p>ICMP</p> Signup and view all the answers

    Which answers lists the IPv6 loopback address? (Select all that apply)

    <p>::1</p> Signup and view all the answers

    What does iSCSI stand for?

    <p>Internet Small Computer Systems Interface.</p> Signup and view all the answers

    Which protocols facilitate communication between SAN devices? (Select all that apply)

    <p>iSCSI</p> Signup and view all the answers

    What is FTP designed for?

    <p>File exchange.</p> Signup and view all the answers

    What is SFTP?

    <p>A network protocol for secure file transfer over Secure Shell (SSH).</p> Signup and view all the answers

    Which protocol does not provide authentication? (Select all that apply)

    <p>TFTP</p> Signup and view all the answers

    Which protocols were designed as a secure replacement for Telnet? (Select all that apply)

    <p>SSH</p> Signup and view all the answers

    FTP runs by default on ports: (Select 2 answers)

    <p>20</p> Signup and view all the answers

    Which protocols run on port number 22? (Select all that apply)

    <p>SSH</p> Signup and view all the answers

    What uses port number 23?

    <p>Telnet.</p> Signup and view all the answers

    Which TCP port is used by SMTP? (Select all that apply)

    <p>25</p> Signup and view all the answers

    Which port does DNS run on?

    <ol start="53"> <li></li> </ol> Signup and view all the answers

    Which port enables HTTP traffic?

    <ol start="80"> <li></li> </ol> Signup and view all the answers

    Which ports enable retrieving email messages from a remote server? (Select all that apply)

    <p>143</p> Signup and view all the answers

    Which port numbers are used by NetBIOS? (Select all that apply)

    <p>137</p> Signup and view all the answers

    Which TCP port does IMAP use?

    <ol start="143"> <li></li> </ol> Signup and view all the answers

    Which TCP port is used by HTTPS? (Select all that apply)

    <p>443</p> Signup and view all the answers

    What is the default port number for a Microsoft-proprietary remote connection protocol?

    <ol start="3389"> <li></li> </ol> Signup and view all the answers

    Which protocols operate at layer 3 (the network layer) of the OSI model? (Select all that apply)

    <p>IPsec</p> Signup and view all the answers

    In the OSI model, TCP resides at which layer?

    <p>Transport Layer.</p> Signup and view all the answers

    Which wireless encryption scheme offers the highest level of protection? (Select all that apply)

    <p>WPA2</p> Signup and view all the answers

    Which wireless security protocol has been deprecated due to known vulnerabilities? (Select all that apply)

    <p>WEP</p> Signup and view all the answers

    What authentication framework is frequently used in wireless networks? (Select all that apply)

    <p>EAP</p> Signup and view all the answers

    What does MAC filtering refer to?

    <p>A method using the 48-bit address of a network card to determine access.</p> Signup and view all the answers

    What is SSID?

    <p>A wireless network name.</p> Signup and view all the answers

    Which protocol was introduced to strengthen existing WEP implementations? (Select all that apply)

    <p>TKIP</p> Signup and view all the answers

    Disabling SSID broadcast makes a WLAN harder to discover.

    <p>True</p> Signup and view all the answers

    Which protocol encapsulates EAP within an encrypted and authenticated TLS tunnel? (Select all that apply)

    <p>PEAP</p> Signup and view all the answers

    What is CCMP?

    <p>AES-based encryption mode implemented in WPA2.</p> Signup and view all the answers

    Which measures counteract war driving? (Select 2 answers)

    <p>Site survey</p> Signup and view all the answers

    Which WAP configuration setting allows adjusting the wireless signal's boundary range? (Select all that apply)

    <p>Power level controls</p> Signup and view all the answers

    Which solution allows administrators to block Internet access for users until they perform a required action? (Select all that apply)

    <p>Captive portal</p> Signup and view all the answers

    Which antenna types would provide the best coverage for workstations connecting to a WAP? (Select all that apply)

    <p>Omnidirectional</p> Signup and view all the answers

    Which term refers to wireless site survey? (Select all that apply)

    <p>War driving</p> Signup and view all the answers

    Which example falls under technical security controls? (Select all that apply)

    <p>Intrusion Detection System (IDS)</p> Signup and view all the answers

    What is a false positive error?

    <p>An antivirus identifying a non-malicious file as a virus due to faulty signature.</p> Signup and view all the answers

    Which example falls under operational security controls? (Select all that apply)

    <p>Change management</p> Signup and view all the answers

    What does false negative refer to? (Select all that apply)

    <p>A situation where no alarm is raised during an attack.</p> Signup and view all the answers

    What is a privacy policy?

    <p>A policy outlining ways of collecting and managing personal data.</p> Signup and view all the answers

    What acronym refers to a set of rules enforced in a network? (Select all that apply)

    <p>AUP</p> Signup and view all the answers

    One of the goals behind the mandatory vacations policy is to mitigate fraudulent activity within the company.

    <p>True</p> Signup and view all the answers

    What does separation of duties refer to?

    <p>A concept requiring more than one person to complete a task.</p> Signup and view all the answers

    Study Notes

    Networking Devices and Security Components

    • Firewall: Monitors and controls incoming and outgoing network traffic based on security rules, allowing or blocking data packets.
    • Router: Connects and forwards data packets between different networks, facilitating communication.
    • Load Balancer: Distributes workloads across multiple computing resources to optimize resource use and performance.
    • Proxy: Acts as an intermediary for requests from clients seeking resources from other servers, providing anonymity and security.
    • Demilitarized Zone (DMZ): A separate subnet between internal and external networks, hosting publicly accessible servers with limited protection.

    Intrusion Detection and Prevention

    • HIDS: Host-based Intrusion Detection System that monitors individual devices for suspicious activities or policy violations.
    • NIPS: Network Intrusion Prevention System that inspects network traffic in real-time and can actively block attacks.
    • Passive IDS Actions: Can log events and send alerts without taking direct action on the network.
    • IDS: Monitors for unauthorized activities and alerts system administrators.

    Security Policies and Access Control

    • Implicit Deny Policy: Any requests that do not meet specified criteria in an Access Control List (ACL) are denied by default.
    • Rule-Based Access Control: Access is granted or denied based on entries in an ACL determining user or system process permissions.
    • Separation of Duties: Ensures that more than one person is required to complete sensitive tasks to reduce fraud.

    Virtual Private Networks (VPNs)

    • VPN Concentrator: A device that creates and manages secure connections over untrusted networks like the Internet.
    • Tunneling: A method used to encrypt data for privacy in VPN connections.

    Cloud Computing Models

    • IaaS: Infrastructure as a Service, providing virtualized computing resources over the Internet.
    • PaaS: Platform as a Service, enabling developers to build applications without managing underlying hardware.
    • SaaS: Software as a Service, delivering applications through the Internet without requiring local installation.

    Wireless Security and Protocols

    • WPA2: A wireless security protocol utilizing AES encryption, considered secure against many attacks.
    • WEP: An older wireless security protocol with known vulnerabilities, currently deprecated.
    • SSID: The name of a wireless network, which can be hidden to improve security.

    Port Numbers and Protocols

    • FTP: Uses port numbers 20 and 21 for transferring files; port 21 is mainly for command and control.
    • SMTP: Operates on port 25 for sending emails, while port 53 is used for DNS queries.
    • HTTPS: Utilizes port 443 for secure web traffic.

    Risk Management and Assessment

    • ALE (Annual Loss Expectancy): Calculation of expected monetary loss due to identified risks in one year, based on threat probabilities and potential financial damage.
    • Single Loss Expectancy (SLE): The financial impact of a single occurrence of a risk, calculated by the asset value (AV) multiplied by the exposure factor (EF).

    Authentication and Security Frameworks

    • EAP: Extensible Authentication Protocol, often used in wireless networks for secure authentication.
    • MAC Filtering: Restricts network access based on the 48-bit MAC address of devices.

    Miscellaneous Concepts

    • Captive Portal: A web page that users must interact with before gaining broader access to a network.
    • Change Management: A structured approach to managing changes in order to minimize disruptions or risks.
    • False Negative: A scenario when an intrusion detection system fails to alert on an actual security breach.
    • War Driving: The act of searching for Wi-Fi networks remotely while moving through an area, often used to identify unsecured networks.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge of key terms related to the Security+ certification with these flashcards. Each card presents a word along with its definition to help reinforce your understanding of cybersecurity concepts. Perfect for exam preparation!

    More Like This

    Module (1-3) Partie 3
    32 questions
    Understanding MikroTik Firewalls
    5 questions
    Router Configuration Basics Quiz
    12 questions
    Use Quizgecko on...
    Browser
    Browser