Security+ Questions 2-22-2009

February 22, 2009

Hello All,

Here are some Compia Security+ exam topics/questions that I had some difficulties with.

The questions in this coffee-break size quiz were created by me in an effort to make the items easier to remember.

If any questions are incorrect please let me know; I hate making mistakes.

I am using Sybex’s book as a guide.
1) What is a MITM attack?

A) An attack that attempts to guess passwords.
B) A layer in the TCP/IP Protocol suite.
C) An attack that tries to transfer financial funds from one bank account to another using sophisticated software.
D) A method of attack that tries to put a piece of software between a server and a client that neither the administrator nor the client are aware of.

2) What is a Dictionary Attack?

A) There is no such thing as a Dictionary Attack.
B) An attack that uses a dictionary of common words in an attempt to find a user’s password.
C) A method of counter-attack that is designed to confuse an attacker by filling the Buffer with random words from the dictionary.
D) The methodology of an IDS to recognize attacks and respond accordingly.

3) The TCP/IP Protocol Suite is broken down into four layers; name them.

A) Physical, Mental, Informational, Electrical
B) Application, MITM, Network, Physical
C) Application, Transport, Internet, Network
D) Application, Transport, Internet, Datalink

4) FTP Data and regular FTP use what common port?

A) 20, 21
B) 22, 23
C) 23, 24
D) 389, 390

5) Netbios runs on three ports — one port used TCP the other two use UDP. Name the three ports

A) 22, 23, 24
B) 137, 138, 139
C) 701, 702, 703
D) 443, 448, 501

6) SNMP runs on which two ports?

A) 161, 162
B) 901, 902
C) 137, 138
D) 88, 89
7) A smurf attack is?

A) A made up attack that the author of this quiz is throwing in randomly just to confuse me.
B) A form of Replay attack
C) A software program that has the ability to hide certain things from the operating system.
D) An attack that uses IP spoofing and a broadcast to send a ping to a group of hosts on a network.

8 ) What is an armored virus?

A) A virus with a tough outer shell and a crunchy inside.
B) A virus that attaches itself to legitimate programs and then creates a program with a different file extension. When a user clicks on the legitimate program the virus executes instead of the real program
C) A virus that is designed to make itself difficult to detect by using a protective code that stops anti-virus programs from examining critical elements of the virus.
D) An anti-virus virus.

The answers:










1) D
2) B
3) C
4) A
5) B
6) A
7) D
8) C

Security+ Questions

February 17, 2009

Welcome to my Security+ miniature quiz (only 10 questions)

As I am studying for my Security+ exam I create questions to test myself with; this in turn helps me to learn more.

So as I plod through chapter by chapter (Sybex’s book) I will create my own questions and post it here in my blog.

If there are any errors/mistakes blame me (also correct me please) and not the books I use.

1) Which policy outlines the guidelines and expectations for computer upgrades, backups and audits?

B) Information Policies
C) Administrative Policies
D) Business Relations Policies.

2) What policy deals with all aspects of information security; including data storage, classification levels, data transmission,
and the destruction of sensitive information?

A) Incident-Response Policies
B) Information Policies
C) Usage Policies
D) Accountability Policies

3) Which policy defines the network and systems configuration of an organization? This policy also deals with identification
and authentication (I&A).

C) Security Policies
D) Hardware Redundancy Policies

4) Which policy covers how a company’s information and resources can be used? This policy covers statements about privacy, ownership,
and the consequences of improper actions.

A) Usage Policies
B) Management Control Policies
C) Information Policies
D) Administrative Policies.

5) Which Access Control Method uses labels?


6) Which Access Control Method allows an employee to act in a certain predetermined manner based on their role in an organization?


7) Which authentication protocol uses a Key Distribution Center?

C) Kerberos

8 ) Which of the follow can NOT be used for a biometric system?

A) Retinal Scans
B) Keystroke Patterns
C) Fingerprints
D) Passwords

9) You want to let a remote business partner access some data on your servers; what should you set up to make this data available?

A) Internet
B) Extranet
C) Intranet
D) Ohmnet

10) You want to give the general public access to your web servers, while at the same time protecting your business network.
Where should you put the web servers to keep them isolated while still granting access to the public?

B) SHA-1

The answers:




1) C
2) B
3) C
4) A
5) A
6) D
7) C
9) D
9) B