Upgrade to remove ads
Comptia Security+ - Chapter 1 Quiz -Mastering Security Basics
Get Quizlet's official Security+ - 1 term, 1 practice question, 1 full practice test
Terms in this set (20)
1. Homer needs to send an email to his HR department with an attachment that includes PII. He wants
to maintain the confidentiality of this attachment. Which of the following choices is the BEST choice
to meet his needs?
B. Digital signature
C. Encryption is the best choice to provide confidentiality of any type of information, including
Personally Identifiable Information (PII). Hashing, digital signatures, and certificates all provide
integrity, not confidentiality.
You want to ensure that messages sent from administrators to managers arrive unchanged. Which
security goal are you addressing?
B. Integrity provides assurances that data has not been modified, and integrity is commonly
enforced with hashing. Confidentiality prevents unauthorized disclosure of data but doesn't address
modifications of data. Availability ensures systems are up and operational when needed and uses fault
tolerance and redundancy methods. Authentication provides proof that users are who they claim to be.
Your organization recently implemented two servers that act as failover devices for each other.
Which security goal is your organization pursuing?
D. Your organization is pursuing availability. A failover cluster uses redundant servers to ensure a
service will continue to operate even if one of the servers fail. Safety methods provide safety for
personnel and other assets. Integrity methods ensure that data has not been modified. Confidentiality
methods such as encryption prevent the unauthorized disclosure of data.
Management at your company recently decided to implement additional lighting and fencing around
the property. Which security goal is your company MOST likely pursuing?
D. Lighting and fencing are two methods that can enhance the security goal of safety.
Confidentiality is enhanced with encryption and access controls. Integrity is enhanced with hashing,
certificates, and digital signatures. Availability is enhanced with redundancy and fault-tolerance
You are logging on to your bank's web site using your email address and a password. What is the
purpose of the email address in this example?
A. The email address provides identification for you and your account. The password combined
with the email address provides authentication, proving who you are. Based on your identity, you are
granted authorization to view your account details. Availability is unrelated to identification,
authentication, and authorization.
Your organization has a password policy with a password history value of 12. What does this
A. Your password must be at least 12 characters long.
B. Twelve different passwords must be used before reusing the same password.
C. Passwords must be changed every 12 days.
D. Passwords cannot be changed until 12 days have passed.
B. The password history indicates how many passwords a system remembers and how many
different passwords must be used before a password can be reused. Password length identifies the
minimum number of characters. Password maximum age identifies when users must change
passwords. Password minimum age identifies the length of time that must pass before users can
change a password again.
A user calls into the help desk and asks the help-desk professional to reset his password. Which of
the following choices is the BEST choice for what the help-desk professional should do before
resetting the password?
A. Verify the user's original password.
B. Disable the user's account.
C. Verify the user's identity.
D. Enable the user's account.
C. Before resetting a user's password, it's important to verify the user's identity. Users often need
the password reset because they have forgotten their original password, so it's not possible to verify
the user's original password. It's not necessary to disable a user account to reset the password. You
would enable the account if it was disabled or locked out, but the scenario doesn't indicate this is the
Your organization is planning to implement remote access capabilities. Management wants strong
authentication and wants to ensure that passwords expire after a predefined time interval. Which of
the following choices BEST meets this requirement?
B. A Time-based One-Time Password (TOTP) meets this requirement. Passwords created with
TOTP expire after 30 seconds. HMAC-based One-Time Password (HOTP) creates passwords that
do not expire. A Common Access Card (CAC) is a type of smart card, but it does not create
passwords. Kerberos uses tickets instead of passwords.
Which type of authentication is a fingerprint scan?
A. Something you have
D. One-time password
B. A fingerprint scan is a biometric method of authentication in the something you are factor of
authentication. The something you have factor of authentication refers to something you can hold, such
as a hardware token for a one-time password. Password Authentication Protocol (PAP) is an
authentication method that sends passwords across the network in cleartext.
When users log on to their computers, they are required to enter a username, a password, and a
PIN. Which of the following choices BEST describes this?
A. Single-factor authentication
B. Two-factor authentication
C. Multifactor authentication
D. Mutual authentication
A. Both the password and the PIN are in the something you know factor of authentication, so this
is single-factor authentication. Two-factor authentication requires the use of two different
authentication factors. Multifactor authentication requires two or more factors of authentication.
Mutual authentication is when both entities in the authentication process authenticate with each other
and it doesn't apply in this situation.
The security manager at your company recently updated the security policy. One of the changes
requires dual-factor authentication. Which of the following will meet this requirement?
A. Hardware token and PIN
B. Fingerprint scan and retina scan
C. Password and PIN
D. Smart card
A. A hardware token (such as an RSA token or a USB token) is in the something you have factor
of authentication and the PIN is in the something you know factor of authentication. Combined, they
provide dual-factor authentication. The remaining answers only provide single-factor authentication.
A fingerprint scan and a retina scan are both in the something you are factor of authentication. A
password and a PIN are both in the something you know factor of authentication. A smart card is in
the something you have factor of authentication.
Your network infrastructure requires users to authenticate with something they are and something
they know. Which of the following choices BEST describes this authentication method?
B. This is dual-factor authentication because users must authenticate with two different factors of
authentication (something you are and something you know). Passwords are in the something you
know factor and biometrics are in the something you are factor, but the scenario includes both factors,
not just one. Diameter is a remote access authentication service that supports Extensible
Authentication Protocol (EAP).
Which of the following authentication services uses tickets for user credentials?
C. Kerberos uses a ticket-granting ticket server to create tickets for users and these tickets include
user credentials for authentication. Remote Authentication Dial-In User Service (RADIUS) provides
authentication for remote users. Diameter is an alternative to RADIUS and it can utilize Extensible
Authentication Protocol (EAP). Lightweight Directory Access Protocol (LDAP) is an X.500-based
A network includes a ticket-granting ticket server. Which of the following choices is the primary
purpose of this server?
D. Access control
A. Kerberos uses a ticket-granting ticket server for authentication. Users claim an identity with a
username for identification. They prove their identity with credentials for authentication and Kerberos
incorporates these credentials in tickets. Users are authorized access to resources with permissions,
but only after they have been authenticated by an authentication service such as Kerberos. Access
controls restrict access to resources after users are identified and authenticated.
Your network uses an authentication service based on the X.500 specification. When encrypted, it
uses TLS. Which authentication service is your network using?
D. Lightweight Directory Access Protocol (LDAP) uses X.500-based phrases to identify
components and Secure LDAP can be encrypted with Transport Layer Security (TLS). Security
Assertion Markup Language (SAML) is an Extensible Markup Language (XML) used for single signon
(SSO), but it is not based on X.500. Diameter is an alternative to Remote Authentication Dial-In
User Service (RADIUS), but neither of these are based on X.500.
When you log on to your online bank account, you are also able to access a partner's credit card
site, check-ordering services, and a mortgage site without entering your credentials again. What does
B. Same sign-on
A. This is an example of single sign-on (SSO) capabilities because you can log on once and
access all the resources without entering your credentials again. Same sign-on requires you to reenter
your credentials for each new site, but you use the same credentials. Security Assertion Markup
Language (SAML) is an SSO solution used for web-based applications and the bank might be using
SAML, but other SSO solutions are also available. Kerberos is used in an internal network.
Your organization recently made an agreement with third parties for the exchange of authentication
and authorization information. The solution uses an XML-based open standard. Which of the
following is the MOST likely solution being implemented?
D. Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML) used
for single sign-on (SSO) solutions. Remote Authentication Dial-In User Service (RADIUS) is a
remote access authentication service. Diameter is an alternative to RADIUS. Terminal Access
Controller Access-Control System Plus (TACACS+) is an authentication service that replaces the
older TACACS protocol. RADIUS, Diameter, and TACACS+ do not use XML.
Which of the following provides authentication services and uses PPP?
A. Diameter and biometrics
B. Kerberos and LDAP
C. SAMLand SSO
D. PAP and CHAP
D. Both Password Authentication Protocol (PAP) and Challenge Handshake Authentication
Protocol (CHAP) use Point-to-Point Protocol (PPP). Diameter is an authentication service, but
biometrics is an authentication method. Kerberos is an authentication service, but it doesn't use PPP
and Lightweight Directory Access Protocol (LDAP) as a method of querying directories. Security
Assertion Markup Language (SAML) is an Extensible Markup Language (XML)-based data format
used for single sign-on (SSO), but it doesn't use PPP.
Users in your organization access your network from remote locations. Currently, the remote
access solution uses RADIUS. However, the organization wants to implement a stronger
authentication service that supports EAP. Which of the following choices BEST meets this goal?
D. Secure LDAP
B. Diameter is an alternative to Remote Authentication Dial-In User Service (RADIUS) and it can
utilize Extensible Authentication Protocol (EAP). Terminal Access Controller Access-Control
System Plus (TACACS+) is an authentication service that replaces older TACACS. Kerberos is an
internal authentication protocol that uses tickets. Secure Lightweight Directory Access Protocol
(LDAP) is an X.500-based authentication service that can be secured with Transport Layer Security
Which of the following choices provide authentication services for remote users and devices?
C. Secure LDAP
B, D. Both Remote Authentication Dial-In User Service (RADIUS) and Diameter are
authentication services for remote users and devices. Diameter is more secure than RADIUS.
Kerberos is an authentication service used with a domain or realm and Secure Lightweight Directory
Access Protocol (LDAP) uses Transport Layer Security (TLS) for encryption and is used to query
THIS SET IS OFTEN IN FOLDERS WITH...
Comptia Security+ Chapter 2: Computer Systems Secu…
Test 1 Prep
YOU MIGHT ALSO LIKE...
Security+ Chapter 1 Practice
Security+ SY0-401 Practice Questions Chapter1
Chapter 1 Practice Questions Mastering the Basics…
OTHER SETS BY THIS CREATOR
Spanish Past Tense Practice
Security+ Certificate Formats
Security+ Encryption Algorithms
Security+ Well Known Ports