BR0-001 - CompTIA Bridge Exam- Security+

Go back to CompTIA

Example Questions

Why malware that uses virtualization techniques is difficult to detect? Many unauthorized staff have been entering the data center by piggybacking authorized staff. The CIO has mandated to stop this behavior. Which technology should be installed at the data center to prevent piggybacking? Virtualized applications, such as virtualized browsers, can protect the underlying operating system from which of the following? Which intrusion detection system will use well defined models of how an attack occurs? A company wants to monitor all network traffic as it traverses their network. Which item will be used by the technician? You work as a network administrator for your company. Taking personal safety into consideration, what fire suppression substances types can effectively prevent damage to electronic equipment? Why implement virtualization technology? (Select TWO). Which of the following sequences is correct regarding the flow of the CHAP system? After analyzing vulnerability and applying a security patch, which non-intrusive action should be taken to verify that the vulnerability was truly removed? While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in. The pop-up window is a certificate which validates the identity of the plug-in developer. Which of the following BEST describes this type of certificate? Which tool can help the technician to find all open ports on the network? Which item best describes an instance where a biometric system identifies legitimate users as being unauthorized? In computer networking, network address translation (NAT) is the process of modifying network address information in datagram packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another. Which description is true about a static NAT? Patch management must be combined with full-featured systems management to be effective. Determining which patches are needed, applying the patches and which of the following are three generally accepted activities of patch management? In computing, a stateful firewall (any firewall that performs stateful packet inspection (SPI) or stateful inspection) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. You have been studying stateful packet inspection and want to perform this security technique on the network. Which device will you use to BEST utilize stateful packet inspection? Which key can be used by a user to log into their network with a smart card? Why does a technician use a password cracker? A digital signature or digital signature scheme is a type of asymmetric cryptography. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key? Which item will allow for fast, highly secure encryption of a USB flash drive? Which item specifies a set of consistent requirements for a workstation or server? Choose the mechanism that is NOT a valid access control mechanism. Which security applications require frequent signature updates? (Select TWO). Which method could identify when unauthorized access has occurred? Identify the service provided by message authentication code (MAC) hash: Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Which of the following is considered the weakest encryption? Page 13 of 25 Bridge Exam - Security+ Total Questions 121 The IPSec Security Association is managed by Which one of the following options is an attack launched from multiple zombie machines in attempt to bring down a service? The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option that describes this flaw. Which description is correct about a virtual server implementation attack? After the maximum number attempts have failed, which of the following could set an account to lockout for 30 minutes? An important component of a good data retention policy is: Documentation describing a group expected minimum behavior is known as:Documentation describing a group? expected minimum behavior is known as: Which of the following can help an administrator to implement a procedure to control inbound and outbound traffic on a network segment? You work as the network administrator at certways .com. The certways .com network uses the RBAC (Role Based Access Control) model. You must plan the security strategy for users to access resources on the certways .com network. The types of resources you must control access to are mailboxes, and files and printers. is divided into distinct departments and functions named Finance, Sales, Research and Development, and Production respectively. Each user has its own workstation, and accesses resources based on the department wherein he/she works. You must determine which roles to create to support the RBAC (Role Based Access Control) model. Which of the following roles should you create? A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems. Which of the following BEST describes this document? Which of the following statements is TRUE regarding the CHAP authentication system? Which of the following can be used to implement a procedure to control inbound and outbound traffic on a network segment? Look at the following scenarios, which one would a penetration test BEST be used for? You work as a network technician. You have been asked to reconstruct the infrastructure of an organization. You should make sure that the virtualization technology is implemented securely. What should be taken into consideration while implementing virtualization technology? Choose the terminology or concept which best describes a (Mandatory Access Control) model. On a remote machine, which action will you usually take to determine the operating system? Which of the following statements regarding the MAC access control models is TRUE? A company has a complex multi-vendor network consisting of UNIX, Windows file servers and database applications. Users report having too many passwords and that access is too difficult. Which of the following can be implemented to mitigate this situation? Which security policy will be most likely used while attempting to mitigate the risks involved with allowing a user to access company email via their cell phone? What is the objective of using a password cracker? Which of the following refers to the ability to be reasonably certain that data is not disclosed to unintended persons? Which access control system allows the owner of a resource to establish access permissions to that resource? A public key _____________ is a pervasive system whose services are implemented and delivered using public key technologies that include Certificate Authority (CA), digital certificates, non-repudiation, and key history management. Communication is important to maintaining security because communication keeps: In computing, virtualization is a broad term that refers to the abstraction of computer resources. Which is a security reason to implement virtualization throughout the network infrastructure?

Study Guides