Options

practice questions

zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
in Security+
thought I'd just start a general thread.

here is another


Which is replayed during a WEP attack?

1. initialization vectors
2. preshared keys
3. ticket exchange

Feels like #1 to me.
· Share on FacebookShare on Twitter

Comments

  • Options
    zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    security admin wants to keep users from plugging unapproved smartphones into their computers and transfer data.
    which is the best control?

    1. data loss prevention
    2. mobile device management
    · Share on FacebookShare on Twitter
  • Options
    cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Mobile device management controls company phones. Does nothing for unapproved/personal devices (unless people voluntarily submit to BYOD policies, but this is outside the scope of the question). DLP controls movement of data across exfiltration vectors such as cloud, mobile, etc. so this is the answer.
    · Share on FacebookShare on Twitter
  • Options
    zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    there is a remote vulnerbaility affecting all MF printers firmware. how to mitigate it?

    1. create separate printer network
    2. install patches on print server
    3. run a vulnrability scan
    · Share on FacebookShare on Twitter
  • Options
    zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    3 weeks after a programmer was terminated, helpdesk has several calls that computers are being infected with malware.
    upon research it is found that employees downloaded a toolbar. the toolbar downloaded and installed the malicious code. which attack is this?

    1. logic bomb
    2. malicious add-on
    3. XSS


    I am leaning to malicious add-on, but there is a mention of a programmer leaving the company which makes me think logic bomb.
    · Share on FacebookShare on Twitter
  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    zackmax wrote: »
    3 weeks after a programmer was terminated, helpdesk has several calls that computers are being infected with malware.
    upon research it is found that employees downloaded a toolbar. the toolbar downloaded and installed the malicious code. which attack is this?

    1. logic bomb
    2. malicious add-on
    3. XSS


    I am leaning to malicious add-on, but there is a mention of a programmer leaving the company which makes me think logic bomb.

    standard malicious add-on. people install random crap from the first google result for "vlc" and click next a bunch of times then act surprised when their stuff starts going wrong
    · Share on FacebookShare on Twitter
  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    zackmax wrote: »
    there is a remote vulnerbaility affecting all MF printers firmware. how to mitigate it?

    1. create separate printer network
    2. install patches on print server
    3. run a vulnrability scan

    assuming there is a patch, patch the printer. VLANing will mitigate too unless people need to access the printer.
    · Share on FacebookShare on Twitter
  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    zackmax wrote: »
    thought I'd just start a general thread.

    here is another


    Which is replayed during a WEP attack?

    1. initialization vectors
    2. preshared keys
    3. ticket exchange

    Feels like #1 to me.

    i'm not a wireless pentester, but i think IVs if memory serves ???
    · Share on FacebookShare on Twitter
  • Options
    zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    636-555-3226 wrote: »
    standard malicious add-on. people install random crap from the first google result for "vlc" and click next a bunch of times then act surprised when their stuff starts going wrong

    things is, it says "print server" not printer. so I think separate network/vlan.
    · Share on FacebookShare on Twitter
  • Options
    zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    what are fast and efficient crypto keys that do not use prime numbers and are usable with Diffie-Hellman ?

    1. quantum key
    2. elliptic curve
    3. symmetric key
    4. assymmetric key
    · Share on FacebookShare on Twitter
  • Options
    zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    to filter client side Java input is to prevent which of the following?

    1. sql injection
    2. watering hole
    3. xss
    4. pharming
    · Share on FacebookShare on Twitter
  • Options
    zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    which is most important layer of security for industrial control and SCADA network?

    1. IPS
    2. automated patch deployment
    3. Anti virus
    · Share on FacebookShare on Twitter
  • Options
    zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    what can be used to quicken and automate certificate revocation?

    1. CRL
    2. OCSP
    · Share on FacebookShare on Twitter
  • Options
    zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    which one of these does both authentication and authorization?

    1. kerberos
    2. ldap
    3. radius
    4. tacacs+
    · Share on FacebookShare on Twitter
  • Options
    CertifiedMonkeyCertifiedMonkey Member Posts: 172 ■■□□□□□□□□
    zackmax wrote: »
    which ONE of these does both authentication and authorization?

    1. kerberos
    2. ldap
    3. radius
    4. tacacs+

    Don't understand this question. TACACS+ and RADIUS provide Authentication, Authorization and Accounting (AAA). Kerberos provides Authentication and Authorization (No Accounting). Can we choose more than one answer or am I missing something here?
    · Share on FacebookShare on Twitter
  • Options
    zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    yep sorry might be a typo/mistake in that one :)
    · Share on FacebookShare on Twitter
Sign In or Register to comment.