BR0-001 - CompTIA Bridge Exam- Security+
Go back to CompTIA
Why malware that uses virtualization techniques is difficult to detect?
The malware may be running at a more privileged level than the antivirus software.
Many unauthorized staff have been entering the data center by piggybacking authorized staff. The CIO has mandated to stop this behavior. Which technology should be installed at the data center to prevent piggybacking?
Virtualized applications, such as virtualized browsers, can protect the underlying operating system from which of the following?
Malware installation from suspects Internet sites
Which intrusion detection system will use well defined models of how an attack occurs?
A company wants to monitor all network traffic as it traverses their network. Which item will be used by the technician?
You work as a network administrator for your company. Taking personal safety into consideration, what fire suppression substances types can effectively prevent damage to electronic equipment?
Why implement virtualization technology? (Select TWO).
To reduce recovery time in the event of application failure
To provide a secure virtual environment for testing
Which of the following sequences is correct regarding the flow of the CHAP system?
Logon request, challenge, encrypts value response, server, compare encrypted results, authorize or fail
After analyzing vulnerability and applying a security patch, which non-intrusive action should be taken to verify that the vulnerability was truly removed?
Repeat the vulnerability scan.
While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in. The pop-up window is a certificate which validates the identity of the plug-in developer. Which of the following BEST describes this type of certificate?
Software publisher certificate
Which tool can help the technician to find all open ports on the network?
Which item best describes an instance where a biometric system identifies legitimate users as being unauthorized?
In computer networking, network address translation (NAT) is the process of modifying network address information in datagram packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another. Which description is true about a static NAT?
A static NAT uses a one to one mapping.
Patch management must be combined with full-featured systems management to be effective. Determining which patches are needed, applying the patches and which of the following are three generally accepted activities of patch management?
Auditing for the successful application of the patches
In computing, a stateful firewall (any firewall that performs stateful packet inspection (SPI) or stateful inspection) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. You have been studying stateful packet inspection and want to perform this security technique on the network. Which device will you use to BEST utilize stateful packet inspection?
Which key can be used by a user to log into their network with a smart card?
Why does a technician use a password cracker?
To look for weak passwords on the network
A digital signature or digital signature scheme is a type of asymmetric cryptography. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?
Senders private key
Which item will allow for fast, highly secure encryption of a USB flash drive?
Which item specifies a set of consistent requirements for a workstation or server?
Choose the mechanism that is NOT a valid access control mechanism.
SAC (Subjective Access Control) list.
Which security applications require frequent signature updates? (Select TWO).
Which method could identify when unauthorized access has occurred?
Implement previous logon notification.
Identify the service provided by message authentication code (MAC) hash:
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Which of the following is considered the weakest encryption?
Page 13 of 25 Bridge Exam - Security+ Total Questions 121 The IPSec Security Association is managed by
Which one of the following options is an attack launched from multiple zombie machines in attempt to bring down a service?
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option that describes this flaw.
The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. This creates a security loophole for Trojan horse attacks.
Which description is correct about a virtual server implementation attack?
RAM will affect all virtual instances.
After the maximum number attempts have failed, which of the following could set an account to lockout for 30 minutes?
Account lockout duration
An important component of a good data retention policy is:
Documentation describing a group expected minimum behavior is known as:Documentation describing a group? expected minimum behavior is known as:
a code of ethics
Which of the following can help an administrator to implement a procedure to control inbound and outbound traffic on a network segment?
You work as the network administrator at certways .com. The certways .com network uses the RBAC (Role Based Access Control) model. You must plan the security strategy for users to access resources on the certways .com network. The types of resources you must control access to are mailboxes, and files and printers. Certways.com is divided into distinct departments and functions named Finance, Sales, Research and Development, and Production respectively. Each user has its own workstation, and accesses resources based on the department wherein he/she works. You must determine which roles to create to support the RBAC (Role Based Access Control) model. Which of the following roles should you create?
Create Finance, Sales, Research and Development, and Production roles.
A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems. Which of the following BEST describes this document?
Acceptable Use Policy
Which of the following statements is TRUE regarding the CHAP authentication system?
The initiator sends a logon request from the client to the server. The server sends a challenge back to the client. The challenge is encrypted and then sent back to the server. The server compares the value from the client and if the information matches, the server grants authorization. If the response fails, the session fails and the request phase starts over
Which of the following can be used to implement a procedure to control inbound and outbound traffic on a network segment?
ACL Page 4 of
Look at the following scenarios, which one would a penetration test BEST be used for?
When providing a proof of concept demonstration for a vulnerability
You work as a network technician. You have been asked to reconstruct the infrastructure of an organization. You should make sure that the virtualization technology is implemented securely. What should be taken into consideration while implementing virtualization technology?
The technician should verify that the virtual servers and the host have the latest service packs and patches applied.
Choose the terminology or concept which best describes a (Mandatory Access Control) model.
On a remote machine, which action will you usually take to determine the operating system?
Which of the following statements regarding the MAC access control models is TRUE?
In the Mandatory Access Control (MAC) users cannot share resources dynamically.
A company has a complex multi-vendor network consisting of UNIX, Windows file servers and database applications. Users report having too many passwords and that access is too difficult. Which of the following can be implemented to mitigate this situation?
Which security policy will be most likely used while attempting to mitigate the risks involved with allowing a user to access company email via their cell phone?
The cell phone should require a password after a set period of inactivity.
What is the objective of using a password cracker?
To look for weak passwords on the network
Which of the following refers to the ability to be reasonably certain that data is not disclosed to unintended persons?
Which access control system allows the owner of a resource to establish access permissions to that resource?
A public key _____________ is a pervasive system whose services are implemented and delivered using public key technologies that include Certificate Authority (CA), digital certificates, non-repudiation, and key history management.
Communication is important to maintaining security because communication keeps:
the user community informed of threats
In computing, virtualization is a broad term that refers to the abstraction of computer resources. Which is a security reason to implement virtualization throughout the network infrastructure?
To isolate the various network services and roles