Security+ ExamFlashcards

Questions and Answers

What is the principle of least privilege?

A security rule that prevents users from accessing information and resources that lie beyond the scope of their responsibilities.

Which of the following acronyms refers to a risk assessment formula defining probable financial loss due to a risk over a one-year period?

UAT

ARO

ALE (correct)

SLE

The Exposure Factor (EF) in the formula for Single Loss Expectancy (SLE) refers to the impact of the risk over the asset, or percentage of asset lost when a specific threat is realized. What is the EF value for an asset that is entirely lost?

1.0

What is a firewall?

A software or hardware that checks information coming from the Internet and blocks or allows it based on configuration settings.

What is a router?

A device designed to forward data packets between networks.

What is an exception in the context of firewalls?

Allowing a connection through a firewall.

What is a load balancer?

A network device designed for managing the optimal distribution of workloads across multiple computing resources.

The last default rule on a firewall is to deny all traffic.

True

What is a proxy?

A computer network service that allows clients to make indirect network connections to other network services.

What does HIDS stand for?

Host-based Intrusion Detection System.

One of the measures for securing networking devices includes the practice of disabling unused ports.

True

Which of the following ensures the privacy of a VPN connection? (Select all that apply)

Authentication

Which of the following refers to a dedicated device for managing secure connections over an untrusted network? (Select all that apply)

VPN concentrator

Which of the following acronyms refers to a network or host based monitoring system designed to alert administrators of unauthorized activity? (Select all that apply)

IDS

Which of the following terms refers to a software tool used for monitoring network traffic? (Select all that apply)

Packet sniffer

Which of the following lists the protocol and port number used by a spam filter? (Select 2 answers)

25

Which acronym refers to a network security solution that combines a firewall with additional functionalities? (Select all that apply)

UTM

URL filtering restricts access based on which criteria? (Select all that apply)

Web address

Which of the following network security solutions inspects traffic in real time? (Select all that apply)

NIPS

Which of the following refers to a firewall controlling access to a web server? (Select all that apply)

WAF

Which of the answers list a set of rules specifying which users can access objects? (Select all that apply)

ACL

Which actions can be taken by passive IDS? (Select 2 answers)

Logging

What does 802.1x define?

A standard for port-based network access control.

What is Rule-Based Access Control?

An access control model where access is granted or denied based on ACL entries.

A type of IDS that relies on a baseline of normal activity is a signature-based IDS.

False

Which security solution provides a countermeasure against denial-of-service attacks? (Select all that apply)

Flood guard

Which protocols protect against switching loops? (Select all that apply)

STP

A type of IDS that relies on known attack patterns is known as a signature-based IDS.

True

Which policy applies to requests falling outside the criteria defined in an ACL? (Select all that apply)

Implicit deny policy

What is a Demilitarized Zone (DMZ)?

A lightly protected subnet placed outside a company's firewall with publicly available servers.

Which part of the address 192.168.1.5/24 identifies its network ID?

192.168.1

Which acronym refers to a solution for managing internal call costs? (Select all that apply)

PBX

What technology allows making phone calls over a broadband Internet connection?

VoIP

Which of the following answers lists a /27 subnet mask? (Select all that apply)

255.255.255.224

What type of system can be compromised through phreaking?

PBX

What refers to a grouping of computers in the same broadcast domain regardless of physical location? (Select all that apply)

Virtual Local Area Network (VLAN)

Which measure is in place when a client is denied access due to outdated antivirus software? (Select all that apply)

NAC

Which technology allows multiple operating systems to run simultaneously on the same hardware? (Select all that apply)

Virtualization

What is post-admission NAC?

A security stance where permissions are granted or denied based on actions after network access has been provided.

Which solution hides internal IP addresses in IP packet headers? (Select all that apply)

NAT

VLAN membership can be set through: (Select all that apply)

Physical address

What does IaaS stand for?

Infrastructure as a Service.

Which cloud service type would best suit a web developer creating a web app? (Select all that apply)

PaaS

What is SaaS?

A cloud computing infrastructure type where applications are hosted over a network.

The biggest advantage of public cloud services is that all services are offered free of charge.

False

Which concept employs multiple tools and techniques for security? (Select 2 answers)

Defense in depth

Which IPsec mode provides entire packet encryption? (Select all that apply)

Tunnel

Which protocol is used in network management systems for monitoring network-attached devices? (Select all that apply)

SNMP

Which of the following transmit data in an unencrypted form? (Select all that apply)

FTP

What is an SNMP community?

A group that consists of SNMP devices and one or more SNMP managers.

Which protocol was designed as a secure replacement for Telnet? (Select all that apply)

SSH

What does DNS stand for?

Domain Name System.

What does AAAA record in a DNS database identify?

IPv6 address.

Which protocols are used for securing HTTP connections? (Select 2 answers)

TLS

Which suite of protocols is used for connecting hosts on the Internet? (Select all that apply)

TCP/IP

FTPS is an extension to FTP that adds support for TLS and SSL protocols.

True

What is the SCP protocol used for?

Secure file transfer.

Which protocol is used by the PING utility? (Select all that apply)

ICMP

Which answers lists the IPv6 loopback address? (Select all that apply)

::1

What does iSCSI stand for?

Internet Small Computer Systems Interface.

Which protocols facilitate communication between SAN devices? (Select all that apply)

iSCSI

What is FTP designed for?

File exchange.

What is SFTP?

A network protocol for secure file transfer over Secure Shell (SSH).

Which protocol does not provide authentication? (Select all that apply)

TFTP

Which protocols were designed as a secure replacement for Telnet? (Select all that apply)

SSH

FTP runs by default on ports: (Select 2 answers)

20

Which protocols run on port number 22? (Select all that apply)

SSH

What uses port number 23?

Telnet.

Which TCP port is used by SMTP? (Select all that apply)

25

Which port does DNS run on?

Which port enables HTTP traffic?

Which ports enable retrieving email messages from a remote server? (Select all that apply)

143

Which port numbers are used by NetBIOS? (Select all that apply)

137

Which TCP port does IMAP use?

Which TCP port is used by HTTPS? (Select all that apply)

443

What is the default port number for a Microsoft-proprietary remote connection protocol?

Which protocols operate at layer 3 (the network layer) of the OSI model? (Select all that apply)

IPsec

In the OSI model, TCP resides at which layer?

Transport Layer.

Which wireless encryption scheme offers the highest level of protection? (Select all that apply)

WPA2

Which wireless security protocol has been deprecated due to known vulnerabilities? (Select all that apply)

WEP

What authentication framework is frequently used in wireless networks? (Select all that apply)

EAP

What does MAC filtering refer to?

A method using the 48-bit address of a network card to determine access.

What is SSID?

A wireless network name.

Which protocol was introduced to strengthen existing WEP implementations? (Select all that apply)

TKIP

Disabling SSID broadcast makes a WLAN harder to discover.

True

Which protocol encapsulates EAP within an encrypted and authenticated TLS tunnel? (Select all that apply)

PEAP

What is CCMP?

AES-based encryption mode implemented in WPA2.

Which measures counteract war driving? (Select 2 answers)

Site survey

Which WAP configuration setting allows adjusting the wireless signal's boundary range? (Select all that apply)

Power level controls

Which solution allows administrators to block Internet access for users until they perform a required action? (Select all that apply)

Captive portal

Which antenna types would provide the best coverage for workstations connecting to a WAP? (Select all that apply)

Omnidirectional

Which term refers to wireless site survey? (Select all that apply)

War driving

Which example falls under technical security controls? (Select all that apply)

Intrusion Detection System (IDS)

What is a false positive error?

An antivirus identifying a non-malicious file as a virus due to faulty signature.

Which example falls under operational security controls? (Select all that apply)

Change management

What does false negative refer to? (Select all that apply)

A situation where no alarm is raised during an attack.

What is a privacy policy?

A policy outlining ways of collecting and managing personal data.

What acronym refers to a set of rules enforced in a network? (Select all that apply)

AUP

One of the goals behind the mandatory vacations policy is to mitigate fraudulent activity within the company.

True

What does separation of duties refer to?

A concept requiring more than one person to complete a task.

Study Notes

Networking Devices and Security Components

• Firewall: Monitors and controls incoming and outgoing network traffic based on security rules, allowing or blocking data packets.
• Router: Connects and forwards data packets between different networks, facilitating communication.
• Load Balancer: Distributes workloads across multiple computing resources to optimize resource use and performance.
• Proxy: Acts as an intermediary for requests from clients seeking resources from other servers, providing anonymity and security.
• Demilitarized Zone (DMZ): A separate subnet between internal and external networks, hosting publicly accessible servers with limited protection.

Intrusion Detection and Prevention

• HIDS: Host-based Intrusion Detection System that monitors individual devices for suspicious activities or policy violations.
• NIPS: Network Intrusion Prevention System that inspects network traffic in real-time and can actively block attacks.
• Passive IDS Actions: Can log events and send alerts without taking direct action on the network.
• IDS: Monitors for unauthorized activities and alerts system administrators.

Security Policies and Access Control

• Implicit Deny Policy: Any requests that do not meet specified criteria in an Access Control List (ACL) are denied by default.
• Rule-Based Access Control: Access is granted or denied based on entries in an ACL determining user or system process permissions.
• Separation of Duties: Ensures that more than one person is required to complete sensitive tasks to reduce fraud.

Virtual Private Networks (VPNs)

• VPN Concentrator: A device that creates and manages secure connections over untrusted networks like the Internet.
• Tunneling: A method used to encrypt data for privacy in VPN connections.

Cloud Computing Models

• IaaS: Infrastructure as a Service, providing virtualized computing resources over the Internet.
• PaaS: Platform as a Service, enabling developers to build applications without managing underlying hardware.
• SaaS: Software as a Service, delivering applications through the Internet without requiring local installation.

Wireless Security and Protocols

• WPA2: A wireless security protocol utilizing AES encryption, considered secure against many attacks.
• WEP: An older wireless security protocol with known vulnerabilities, currently deprecated.
• SSID: The name of a wireless network, which can be hidden to improve security.

Port Numbers and Protocols

• FTP: Uses port numbers 20 and 21 for transferring files; port 21 is mainly for command and control.
• SMTP: Operates on port 25 for sending emails, while port 53 is used for DNS queries.
• HTTPS: Utilizes port 443 for secure web traffic.

Risk Management and Assessment

• ALE (Annual Loss Expectancy): Calculation of expected monetary loss due to identified risks in one year, based on threat probabilities and potential financial damage.
• Single Loss Expectancy (SLE): The financial impact of a single occurrence of a risk, calculated by the asset value (AV) multiplied by the exposure factor (EF).

Authentication and Security Frameworks

• EAP: Extensible Authentication Protocol, often used in wireless networks for secure authentication.
• MAC Filtering: Restricts network access based on the 48-bit MAC address of devices.

Miscellaneous Concepts

• Captive Portal: A web page that users must interact with before gaining broader access to a network.
• Change Management: A structured approach to managing changes in order to minimize disruptions or risks.
• False Negative: A scenario when an intrusion detection system fails to alert on an actual security breach.
• War Driving: The act of searching for Wi-Fi networks remotely while moving through an area, often used to identify unsecured networks.

Description

Test your knowledge of key terms related to the Security+ certification with these flashcards. Each card presents a word along with its definition to help reinforce your understanding of cybersecurity concepts. Perfect for exam preparation!