Review Questions

Previous page
Table of content
Next page

1. 

Which of the following is primarily concerned with the theft of a server?

  1. Physical security

  2. Operational security

  3. Management and policy

  4. Authentication

a. physical security is primarily concerned with the loss or theftof physical assets. this would include theft, fire, and other acts thatphysically deny a service or information to the organization.

2. 

Which access method is primarily based on preestablished access?

  1. MAC

  2. DAC

  3. RBAC

  4. Kerberos

a. mandatory access control (mac) is oriented toward preestablished access. this access is typically established by the networkadministrators and cannot be changed by users.

3. 

Your office administrator is being trained to perform server backups. Which authentication method would be ideal for this situation?

  1. MAC

  2. DAC

  3. RBAC

  4. Security tokens

c. role based access control allows specific people to be assigned tospecific roles with specific privileges. a backup operator would needadministrative privileges to back up a server. this privilege wouldbe limited to the role and would not be present during the employeesnormal job functions.

4. 

Which of the authentication method uses a KDC to accomplish authentication?

  1. CHAP

  2. Kerberos

  3. Biometrics

  4. Smart cards

b. kerberos uses a key distribution center to authenticate a principle.the kdc provides a credential that can be used by all kerberos enabledservers and applications.

5. 

Which authentication method sends a challenge back to the client that is encrypted and sent back to the server?

  1. Kerberos

  2. Security tokens

  3. DAC

  4. CHAP

d. challenge handshake authentication protocol (chap) sends achallenge back to the originating client. this challenge is sent backto the server and encryption results are compared. if the challenge issuccessful the client is logged on.

6. 

Which authentication uses more than one authentication process for logon?

  1. Multi-factor

  2. Biometrics

  3. Smart card

  4. Kerberos

a. a multi-factor authentication process uses two or more processesfor logon. a two-factor method might use smart cards and biometricsfor logon.

7. 

Which of the following services or protocols should be avoided in a network if possible?

  1. E-mail

  2. Telnet

  3. WWW

  4. ICMP

b. telnet should not be used if possible. telnet sends user id andpassword information to the telnet server unencrypted. this creates apotential security problem in an internet environment.

8. 

Which of the following is not an example of a security zone?

  1. Internet

  2. Intranet

  3. Extranet

  4. NAT

d. network address translation is a method of hiding tcp/ipaddresses from other networks. internets, intranets, and extranets arethe three most common security zones in use.

9. 

Which of the following protocols allows an organization to present a single TCP/IP Address to the Internet?

  1. NAT

  2. VLAN

  3. DMZ

  4. Extranet

a. network address translation allows an organization to present asingle address to the internet. typically, this is accomplished by therouter or nat server. the router or nat server maps all inbound andoutbound requests and maintains a table for returned messages.

10. 

A popular method for breaking a network into smaller private networks is called?

  1. VLAN

  2. NAT

  3. MAC

  4. Security zone

a. virtual local area networks break a large network into smallernetworks. these networks can coexist on the same wiring and beunaware of each other. a router or other routing type device wouldbe needed to connect these vlans together.

11. 

Which of the following services would most likely utilize a retinal scan?

  1. Auditing

  2. Authentication

  3. Access control

  4. Data confidentiality

b. authentication is a service that requests the principal user provideproof of their identity. a retinal scan is a very secure form of evidenceused in high-security companies and government agencies.

12. 

Which technology relies on a physical attribute of the user for authentication?

  1. Smart card

  2. Biometrics

  3. Mutual authentication

  4. Tokens

b. biometric technologies rely on a physical characteristic of the userto verify identity. biometric devices typically use either a hand patternor a retinal scan to accomplish this.

13. 

The technology that allows a connection to be made between two networks using a secure protocol is called what?

  1. Tunneling

  2. VLAN

  3. Internet

  4. Extranet

a. tunneling allows a network to make a secure connection toanother network through the internet or other network. tunnels areusually secure and present themselves as extensions of both networks.

14. 

The process of determining the value of information or equipment in an organization is referred to as what?

  1. Asset identification

  2. Risk assessment

  3. Thread identification

  4. Vulnerabilities scan

a. asset identification is the process of identifying the types andvalues of assets in an organization.

15. 

You have been asked to present the types of threats your organization could face from hackers. Which of the following would best categorize this information?

  1. Asset identification

  2. Risk assessment

  3. Threat identification

  4. Vulnerabilities

c. a threat assessment would examine the potential for internal andexternal threats to your systems and information.

16. 

What is the process of determining who owns a particular database file called?

  1. Auditing

  2. Access control

  3. Threat analysis

  4. Accountability

d. accountability identifies who owns or is responsible for the accuracy of certain information in an organization. the department orindividual that is accountable for certain information would also beresponsible for verifying accuracy in the event of a data tamperingincident.

17. 

Your user just complained to you that his system has been infected with a new virus. Which of the following would be a first step in correcting this problem?

  1. Verifying the most current Virus Definition File is installed

  2. Reformatting the hard disk

  3. Reinstalling the operating system

  4. Disabling his e-mail account

a. your first step would be to verify that his antivirus software isthe most current version. this would include checking his virusdefinition files.

18. 

Which of the following would be useful in determining what was accessed during an external attack?

  1. System logs

  2. Antivirus software

  3. Kerberos

  4. Biometrics

a. system logs will frequently tell you what was accessed and in whatmanner. these logs can usually be very explicit in describing the eventsthat occurred in a security violation.

19. 

You want to install a server in the network area that provides web services to Internet clients. You do not want to expose your internal network to additional risks. Which method would accomplish this?

  1. Install the server in an Intranet

  2. Install the server in a DMZ

  3. Install the server in a VLAN

  4. Install the server in an Extranet

b. a dmz is an area in a network that allows access to outside userswhile not exposing your internal users to additional threats.

20. 

Which authentication method provides credentials that are only valid during a single session?

  1. Tokens

  2. Certificate

  3. Smart card

  4. Kerberos

a. tokens are created when a user or system successfully authenticates.the token is destroyed when the session is over.

Answers

1. 

A. Physical security is primarily concerned with the loss or theft of physical assets. This would include theft, fire, and other acts that physically deny a service or information to the organization.

2. 

A. Mandatory Access Control (MAC) is oriented toward preestablished access. This access is typically established by the network administrators and cannot be changed by users.

3. 

C. Role Based Access Control allows specific people to be assigned to specific roles with specific privileges. A backup operator would need administrative privileges to back up a server. This privilege would be limited to the role and would not be present during the employees normal job functions.

4. 

B. Kerberos uses a Key Distribution Center to authenticate a principle. The KDC provides a credential that can be used by all Kerberos enabled servers and applications.

5. 

D. Challenge Handshake Authentication Protocol (CHAP) sends a challenge back to the originating client. This challenge is sent back to the server and encryption results are compared. If the challenge is successful the client is logged on.

6. 

A. A multi-factor authentication process uses two or more processes for logon. A two-factor method might use smart cards and biometrics for logon.

7. 

B. Telnet should not be used if possible. Telnet sends user ID and password information to the Telnet server unencrypted. This creates a potential security problem in an Internet environment.

8. 

D. Network Address Translation is a method of hiding TCP/IP addresses from other networks. Internets, Intranets, and Extranets are the three most common security zones in use.

9. 

A. Network Address Translation allows an organization to present a single address to the Internet. Typically, this is accomplished by the router or NAT server. The router or NAT server maps all inbound and outbound requests and maintains a table for returned messages.

10. 

A. Virtual Local Area Networks break a large network into smaller networks. These networks can coexist on the same wiring and be unaware of each other. A router or other routing type device would be needed to connect these VLANs together.

11. 

B. Authentication is a service that requests the principal user provide proof of their identity. A retinal scan is a very secure form of evidence used in high-security companies and government agencies.

12. 

B. Biometric technologies rely on a physical characteristic of the user to verify identity. Biometric devices typically use either a hand pattern or a retinal scan to accomplish this.

13. 

A. Tunneling allows a network to make a secure connection to another network through the Internet or other network. Tunnels are usually secure and present themselves as extensions of both networks.

14. 

A. Asset Identification is the process of identifying the types and values of assets in an organization.

15. 

C. A threat assessment would examine the potential for internal and external threats to your systems and information.

16. 

D. Accountability identifies who owns or is responsible for the accuracy of certain information in an organization. The department or individual that is accountable for certain information would also be responsible for verifying accuracy in the event of a data tampering incident.

17. 

A. Your first step would be to verify that his antivirus software is the most current version. This would include checking his virus definition files.

18. 

A. System logs will frequently tell you what was accessed and in what manner. These logs can usually be very explicit in describing the events that occurred in a security violation.

19. 

B. A DMZ is an area in a network that allows access to outside users while not exposing your internal users to additional threats.

20. 

A. Tokens are created when a user or system successfully authenticates. The token is destroyed when the session is over.


Previous page
Table of content
Next page
CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167
Authors: Michael A. Pastore
BUY ON AMAZON
Lotus Notes and Domino 6 Development (2nd Edition)
SQL Hacks
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Sap Bw: a Step By Step Guide for Bw 2.0
Extending and Embedding PHP
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy