CompTIA Security+ (2008 Edition) Set 11

1.

Choose the terminology or concept which best describes a (Mandatory Access Control) model.

Lattice Bell La-Padula BIBA Clark and Wilson

2.

Password cracking tools are available worldwide over the Internet. Which one of the following items is a password cracking tool?

Wireshark Nessus John the Ripper AirSnort

3.

Which authentication method does the following sequence: Logon request, encrypts value response, server, challenge, compare encrypts results, authorize or fail referred to?

Certificates Security Tokens CHAP Kerberos

4.

IDS is short for Intrusion Detection Systems. Which option is the MOST basic form of IDS?

Signature Statistical Anomaly Behavioral

5.

Which of the following statements is TRUE regarding the Security Token system?

If your token does not grant you access to certain information, that information will either not
be displayed or your access will be denied. The authentication system creates a token every
time a user or a session begins. At the completion of a session, the token is destroyed. A certificate being handed from the server to the client once authentication has beenestablished. If you have a pass, you can wander throughout the network. BUT limited access
is allowed. The authentication process uses a Key Distribution Center (KDC) to orchestrate the entireprocess. The KDC authenticates the network. Principles can be users, programs, or systems.
The KDC provides a ticket to the network. Once this ticket is issued, it can be used to
authenticate against other principles. This occurs automatically when a request or service is
performed by another network. The initiator sends a logon request from the client to the server. The server sends a challengeback to the client. The challenge is encrypted and then sent back to the server. The server
compares the value from the client and if the information matches, the server grants
authorization. If the response fails, the session fails and the request phase starts over

6.

Which statement is true about the cryptographic algorithm employed by TLS to establish a session key?

Blowfish Diffie-Hellman IKE RSA

7.

To aid in preventing the execution of malicious code in email clients, which of the following should be done by the email administrator?

Spam and anti-virus filters should be used Regular updates should be performed Preview screens should be disabled Email client features should be disabled

8.

Which of the following access control models uses roles to determine access permissions?

MAC DAC RBAC None of the above.

9.

Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data?

FTP Email Web DNS

10.

Which practice can best code applications in a secure manner?

Input validation Object oriented coding Cross-site scripting Rapid Application Development (RAD)

CompTIA Security+ (2008 Edition) Set 11

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner

CompTIA Security+ (2008 Edition) Set 11

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

Detail Form

COMPANY

Products

OTHERS

Partner