1. Your manager asks you to implement a system that can filter out unwanted content, such as viruses and unproductive Internet content. The best way to accomplish this would be through a system that implements a:
a. Circuit-level gateway
b. Proxy server
c. Packet filtering firewall
d. DMZ host
e. Bastion host
2. Which of the following is the function of PGP?
a. Filter unwanted Internet traffic
b. Create a buffered security zone
c. Provide access control functionality
d. Boot a *Nix server that is not operational as the result of an attack
e. Provide message encryption services
3. How do mandatory access controls protect access to restricted resources?
a. Sensitivity labeling
b. User-level share permissions
c. Server-level share permissions
d. Role-oriented permissions
e. ACL lists
4. You notice a rapid increase in the number of ICMP requests coming from a single host. The requests are continuous and have been occurring for minutes. What kind of attack are you likely experiencing?
a. Ping flood
d. Buffer overflow
e. You are not experiencing an attack
5. Your company requires secure remote access through a terminal to a server. Which of the following would provide such secure access?
6. Which of the following is an advantage of symmetric-key cryptography in comparison to asymmetric-key cryptography?
a. Symmetric keys are stronger than asymmetric keys
b. Symmetric key systems are more scalable than asymmetric systems
c. Symmetric key systems are faster than their asymmetric counterparts
d. Symmetric key systems can operate in more than layers of the OSI model than can asymmetric systems
e. None of the above
7. Which of the following is not a way that IDS systems are commonly classified?
8. Which of the following provides tunneling over the data-link layer?
9. Which of the following authentication factors is considered the strongest?
a. Type 1
b. Type 2
c. Type 3
d. Type 4
e. Type 5
10. You setup a packet-filtering firewall that accepts or rejects traffic based on the IP address of the source. What kind of attack is this firewall specifically vulnerable to?
a. Buffer overflow
b. Man-in-the-Middle attack
e. Distributed denial of service
11. Your manager complains that he cannot remember his password. You have also lost your copy of the password, but the MD5 hash of the password is stored in the database. How can you use the MD5 hash to recover the password?
a. Decrypt the hash using a shared secret key
b. Decrypt the hash using a public encryption system
c. Encrypt the hash using a shared secret key
d. Encrypt the hash of the hash using a shared secret key
e. You cannot recover the password from the hash
12. Which of the following parts of the CIA triangle are effectively ensured by cryptography?
a. Confidentiality Only
b. Integrity Only
c. Accessibility Only
d. Accessibility and Integrity Only
e. Confidentiality and Integrity Only
13. Which of the following is not a parameter of a security association in IPSec?
b. Source IP Address
c. Destination IP Address
d. Security Protocol ID
14. Which of the following is not considered a physical security threat?
c. Severe Weather
e. Buffer Overflow
15. Which of the following is a layer-3 device that connects two dissimilar network segments?
1. Answer: B. A proxy server is the best way to filter content because it prevents a direct connection between a local and remote host and therefore can effectively filter incoming and outgoing traffic.
2.Answer: E. PGP, which stands for “Pretty Good Privacy,” is used to provide message signing and encryption services.
3. Answer: A. Mandatory is the key word in mandatory access control, which means that the sensitivity of information is determined at the top of the decision-making tree rather than up to the user’s discretion. To accomplish such a task, sensitivity labeling is necessary.
4.Answer: A. Unusually large numbers of ICMP packets are usually employed in a ping flood attack. In this attack, the number of packets is supposed to be so great that the system is overwhelmed and succumbs to the attack, denying availability.
5. Answer: B. Only SSH provides secure access through the Internet to a terminal. Telnet provides remote access over cleartext.
6. Answer: C. While symmetric key systems can prove difficult to manage and are cumbersome for many users, they offer a greater degree of speed as fewer and less complex calculations are involved in the process.
7. Answer: C. IDS systems are not classified by latency, as such a concept makes no sense in that context.
8. Answer: B. L2TP stands for “Layer 2 Tunneling Protocol.” This should help you remember that L2TP indeed provides tunneling over Layer 2, or the Data Link layer of the OSI model.
9. Answer: C.As Types 4 and 5 are fictitious types of authentication factors, we are left with a choice between Types 1, 2, and 3. Although Types 1 and 2 can offer strong factors, biometric identification (“what you are”) is usually considered the strongest, as it is difficult to impersonate a fingerprint.
10.Answer: D. Because the firewall discerns traffic by IP address, the best way to circumvent this firewall would be to make it appear that your IP address is different than it really is. To do this, you would have to “spoof” your IP address.
11.Answer: E. A hash, by definition, is a one-way function that encrypts a message for digesting. Therefore, it is impossible to actually “decrypt” the hash.
12.Answer: E. Cryptography can both protect the contents of a message and ensure that a message remains the same as when it was sent. Therefore, cryptography can be used to ensure confidentiality and integrity. Availability, or the idea that systems should be available, is not ensured by cryptography.
13. Answer: C. Because the destination IP address is not a security interest in IPSec transmissions, it is not included on the security association.
14.Answer: E. A buffer overflow, while a serious threat to system stability, is a logical rather than a physical vulnerability.
15. Answer: D. A router operates in the Network layer of the OSI model and is typically used to adjoin two dislike network segments together (and forward packets based on IP address).
Your Progress and Final Thoughts
If you scored between 0 and 7 questions correct, you need to study the entire guide again. Obviously, you are lacking in mulitple areas of the security+ examination and could therefore benefit from reading all of the subject areas in depth.
If you scored between 8 and 11 questions correct, you should take a close look at the subject areas of the questions that you missed and carefully re-read and review the lessons in the guide concerning those specific areas. If you took the exam today, you would probably not pass with this sort of score.
If you scored between 12 and 15 questions correct, great job! You should probably glance over some of the questions that you missed and the corresponding guide article, but you are most likely ready to move on to our cram sheet. If you took the exam today, you would likely pass it.
We wish you the best of luck in your pursuit of Security+ certification. Be sure to check out our and take plenty of practice exams! We hope you do well.
Source by: <www.proprofs.com>
To Become Certified For CompTIA Security+ Please Visit This Link ;