SECURITY+ Module 2

1. Which cryptographic operations use an asymmetric private key? (Choose two.)
2.  Which cryptographic operation does not use a cryptographic key?
3. Which type of key is used by an IPSec VPN configured with a pre-shared key (PSK)?
4. You are evaluating a secure network management solution that will be used to monitor and configure network infrastructure devices remotely. Which of the following is the best choice?
5. Your company provides remote word processing and spreadsheet file access using FTP. After a security audit, the findings suggest employing TLS to harden FTP access. Which protocol should you configure to address this concern?
6. You are reviewing network perimeter firewall rules for the firewall public interface and notice allowances for incoming UDP port 161 and TCP port 443 traffic. What type of traffic will be allowed through the firewall public interface, assuming default ports are being used? (Choose two.)
7.  Which statements regarding PKI certificates are correct? (Choose two.)
8. Which cryptographic technique is often referred to as “hiding in plain sight”?
9. Which term refers to providing random data as additional input to a hashing algorithm?
10.  Which technology is described as “a secure distributed public ledger of transactions”?
11. Which of the following RAID configurations can be configured with only two drives? (Select all that apply.)
12. A weekly full backup is performed on a system every Sunday at 1 a.m., and differential backups are performed daily at 1 a.m. If the system is restored on Wednesday at 3 p.m., how many of the individual backups are required to completely restore the system?
13. Which one of the following best describes an outcome of vendor diversity?
14. Which solution gives you enough time to safely power down equipment until power is fully restored?
15. Which of the following are the most important constraints that need to be considered when implementing cryptography, particularly for embedded devices? (Select three.)
16.  Which of the following are associated with critical infrastructure systems where segmentation from public networks should be strongly considered? (Select two.)
17. Your organization manufactures SoC technology. You have been tasked with ensuring secure design for these systems on chip. Which of the following suggestions are most appropriate? (Select two.)
18. Which of the following is a small operating system used in embedded systems and IoT applications that allows applications to run with precise timing and high reliability?
19. The aerospace company you work for is developing a highly secret new component. The computers to develop the component need to be isolated to prevent connections to the outside world. Which of the following should you put in place to provide the most secure setup?
20. Your training director has an unsupervised room that he wants to use as a training lab for the next few months. The lab will hold 20 laptops and confidential training manuals. Which the following controls are most appropriate in this situation? (Select two.)
21. Employees in your data center have notified you that they are receiving minor electrical shocks when they touch the metal enclosures and are worried about handling equipment such as servers and hard drives. Which of the following should you consider doing?
22. Which of the following is a type of barricade used to prevent unauthorized vehicles from entering an area?
23. Which of the following attacks would be rendered ineffective by the use of salting?
24. You are exchanging secure emails with another user. You use a key to encrypt your outbound email, but then you are unable to decrypt the email you receive in return by using the same key you used to encrypt the outbound email. Which best explains what’s happening?
25. Which of the following is true regarding block and stream ciphers? (Select three.)
26. Which statement is false?
27. You are responsible for a critical business system. In case of disaster, this system needs to be operational within a minimal period of time at another site, regardless of cost. Which of the following recovery sites is most appropriate in this scenario?
28.  You decided to implement TLS encryption between two servers to protect the data being transferred between them. Which of the following states of data best represents what you are putting in place?
29. Which of the following should be part of the configuration management process? (Select three.)
30. Which of the following helps an organization extend on-premises security solutions to the cloud?
31. As part of its digital transformation strategy, your company no longer wants to be responsible for hosting the email system on premises or even in the cloud. Which of the following service models might you recommend?
32. Which of the following are core services provided by cloud computing? (Select three.)
33. You have been asked to provide a virtualized environment. Which of the following makes it possible for many instances of an operating system to be run on the same machine?
34. Your company is expanding, and your boss asks for your recommendation regarding assistance with security management of the network perimeter, day-to-day monitoring, and penetration testing and vulnerability assessments. What should you propose?
35. Your team wants to use automation in the development process to help identify vulnerabilities that have been incorrectly identified before now. Which of the following best describes this type of mistaken identification?
36. Your organization’s compute needs are relatively the same throughout the year except for the two months leading up to a holiday. The board of directors is interested in how the organization can handle this additional capacity for this time period without incurring unnecessary costs the rest of the year. Which of the following best describes the board’s request?
37. Your organization has been moving new applications from the testing environment directly to production, but lately there have been many issues. You have been asked to help mitigate these issues. Which of the following are the most appropriate? (Select two.)
38. Your organization’s development team wants to protect trade secrets and intellectual property. What should the team implement during the software development process to prevent software from being reverse engineered?
39. Which one of the following is provided to an AAA system for identification?
40. Which of the following is an example of two-factor authentication?
41. The business units you represent are complaining that there are too many applications for which they need to remember unique complex passwords. This is leading many to write down their passwords. Which of the following should you implement?
42. Which of the following measures the likelihood that an access system will wrongly accept an access attempt and allow access to an unauthorized user?
43.  Your manager has asked you to configure performance alert notifications for abnormal app performance conditions. What must you establish first?
44. A security audit of your call center has revealed that callers’ credit card numbers are shown on call center employees’ screens while they are working with customer queries. What should be configured to conceal customer credit card numbers?
45. Your organization stores sensitive medical data in the cloud. You must ensure that the data is not replicated outside of national boundaries for legal reasons. Which term best encompasses this scenario?
46.  Users in your company use a VPN to connect to the corporate network. In terms of network placement, where should the VPN appliance be placed?
47.  You need to secure network traffic between clients and servers for multiple line of business apps running on your organization’s private Microsoft Active Directory (AD) network. Which solution meets this requirement while minimizing the amount of technician effort?
48. You are running virtual machines in the public cloud. For security reasons, you do not want each virtual machine to have a publicly accessible IP address. What should you configure to enable remote management of the virtual machines? Each answer is independent of the other. (Choose two).
49. You need to limit which devices can be active when plugged into a network switch port. What should you configure?
50.   Your network intrusion detection system (NIDS) is configured to receive automatic updates for known malicious attacks. Which type of intrusion detection is used in this case?


Leave a comment