CompTIA (Security Practice Test)
For a customer, you're analyzing cryptographic algorithms. The customer has a specific requirement for shared secret encryption. To meet the requirement, you must offer an encryption algorithm. Which algorithm do you think is the best?
Correct answer: Symmetric key algorithm
A shared secret is required for a symmetric key algorithm. The shared secret, which permits encryption and decryption, is held by each communication party. A shared key isn't used by the other algorithms.
A cryptographic hardware component capable of securely storing data such as passwords and keys is referred to by which of the following acronyms?
Correct answer: TPM
The Trusted Platform Module (TPM) is a chip that is integrated in the motherboard of a device. TPMs allow devices to store essential artifacts such as passwords and cryptographic keys in a secure manner.
________ is a suite of security extensions for an Internet service that converts domain names to IP addresses.
Correct answer: DNSSEC
A suite of security extensions for an Internet service that translates domain names into IP addresses is known as DNSSEC.
Microsoft Office Communications Server 2007 R2 servers, unified communications clients, and unified communications applications have been implemented at Company ABC. They are presently in the process of moving from solution to support.
What is the name of this project phase?
Correct answer: Operations
The operations phase is when you manage your Microsoft Office Communications Server 2007 R2 servers, unified communications clients, and unified communications applications.
During an IT meeting, your colleague Karylle proposes that the only load balancer in place for the company's website ordering system has a single point of failure. She recommends configuring two load balancers, with only one in use at any one moment. What kind of load balancing setup does Karylle recommend?
Correct answer: Active-passive
Two load balancers are used in active-passive configurations, one of which is active. The second load balancer takes over when the active load balancer becomes unresponsive. The answers a, c, and d are incorrect. Load balancing algorithms such as round robin and least connections are not connected to fault tolerance when using multiple load balancers. Both load balancers are active at the same time and work cooperatively to distribute incoming traffic to back-end nodes in an active-active configuration. As a result, the right answer is b.
Company A has recently developed a custom airline ticketing system. When a freelance coding specialist examines it for security flaws, what do you call it?
Correct answer: Regression testing
If a freelance coding specialist tests it for security flaws, it is called regression testing.
Your organization is going over backups of important data. Some data has not been backed up, according to the report. An current firm policy, on the other hand, mandates that all data be backed up. You must have a backup of your data. Which of the following individuals should be in charge of the backup?
Correct answer: Data custodian
The data custodian is in charge of handling data on a day-to-day basis, including backups. The data custodian should back up the data in this scenario, while the data owner should determine the data's requirements.
A junior security professional on your team is attempting to export and share a public certificate with a colleague outside of the IT department. They want to know if they should utilize CER or PFX. What is the best format to use?
Correct answer: CER
It's fine to share a.CER file containing a public certificate. A.PFX file (also known as a PKCS 12 archive) is different since it contains the private key, which should never be shared!
Which of the following is a cryptographic network protocol used for secure data communication, remote command-line login, remote command execution, and other secure network services?
Correct answer: SSH
SSH refers to a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services.
A telecommunications business has filed a lawsuit against some of its workers for alleged fraud and unauthorized use of company assets. You're a member of the team tasked with gathering evidence and protecting its admissibility.
Which forensic procedures are you most likely to employ?
Correct answer: Chain of custody
When information from the crime scene is gathered and used to build a chain of custody to show what was at the scene, its position, and its condition, it is known as a chain of custody.
You work as a business networking consultant, and one of your clients is a huge retail outlet. Configuring a wifi router in their coffee shop area is your mission for them. Customers who are in line will use the wireless connection to connect to the Internet. You want to make sure that wireless clients can connect to the Internet but not to the retail outlet's offices' internal systems. Where will the wireless router be plugged in?
Correct answer: DMZ
Customers would be able to access the company's internal network and devices via the LAN connection. Separation of functional requirements is not addressed by the ports. A demilitarized zone (DMZ) is a network that permits unsafe access to resources from the outside while limiting direct access to resources from the inside. Customers will have Internet access while not having access to internal business computers if the wireless access point is connected to the DMZ. As a result, B is the correct answer.
A corporation recently encountered a shoulder surfing problem. Which of the following protections would be beneficial in this situation?
Correct answer: Screen filters
Screen filters will help safeguard the scenario.
Your on-premises identity provider (IdP) is being integrated with a cloud-based service. Federated authentication is available through the cloud-based service. Which two protocols from the list below could you utilize for the integration? (Select two.)
Please select 2 correct answers
Correct answer: SAML & OpenID Connect
One way to federate with a cloud-based service is to use SAML, which has been around for a long time and is widely accepted. Another alternative is OpenID Connect, which is newer than SAML and gaining traction in the market. LDAP and Kerberos are authentication and directory integration protocols for on-premises systems; they are not appropriate for internet-based authentication.
Which of the algorithms below is a symmetric-key algorithm?
Correct answer: DES
The Data Encryption Standard (DES) is a symmetric-key encryption technique. Asymmetric cryptography is used by RSA, PGP/GPG, and DSA.
Which of the following protocols was created as a secure alternative to Telnet?
Correct answer: SSH
SSH was designed as a secure replacement for Telnet.
An employee in the research department was surfing the web when the host was infected with Malware.
Which log, as a technician, is most likely to reveal the source of the infection?
Correct answer: DNS Logs
The DNS debug log contains extremely precise information about all DNS information that the DNS server sends and receives.
You work as an IT consultant for a company in a coastal area that is subject to storms and flooding on occasion. The continuation of business operations is important because of your company's location. Which of the following plans focuses on minimizing the impact of a disaster on workers, customers, and IT systems?
Correct answer: Business continuity
Business continuity is regarded as the most important goal, with disaster recovery playing a role. Implementing actions to get a business back up and running after a disaster is a big part of disaster recovery. Business continuity ensures that operations continue once the DRP is implemented. C is the right answer.
Which of the following is a criterion for reliability?
Correct answer: MTBF
MTBF is a measure of reliability.
You're getting ready to set up two web servers that will each provide the identical website and content. The website only includes one page, which shows the temperature inside the company's datacenter. You decide to use a load balancer to keep both servers operational. For this circumstance, you must use the simplest load balancing scheduling technique possible. Which algorithm should you use for scheduling?
Correct answer: Round-robin
Only affinity and round-robin are viable scheduling algorithms in this situation. Round-robin should be used for simple load balancing scenarios because it is easy to deploy and maintain. When you need users to communicate with a single web server, Affinity comes in handy (such as during an online purchase).
Jake is writing Francis an email. Jake must send the email in an encrypted format using PKI to maintain confidentiality. What method will Jake use to encrypt the email so Francis can decrypt it?
Correct answer: Francis' public key
Only the public key's private pair may decrypt data encrypted with a public key in PKI. Jake will use Francis' public key to transmit the email so that only Francis can decrypt it. When Francis receives the email, he will decrypt it using his private key, maintaining confidentiality.