WGU C178 CompTIA Security+ Access Control Measures Exam Questions and verified Answers 2024/2025
7 views 0 purchase
Course
WGU 178 CompTIA Security
Institution
WGU 178 CompTIA Security
WGU C178 CompTIA Security+ Access Control Measures Exam Questions and verified Answers 2024/2025
Always-on VPN - correct answer Always-on VPN functionality is where a user can always have access via the VPN without the need to periodically disconnect and reconnect. This is usually done with the ...
WGU C178 comptia Security+ Access Control
Measures Exam Questions and verified
Answers 2024/2025
Always-on VPN - correct answer Always-on VPN functionality is where a user can
always have access via the VPN without the need to periodically disconnect and
reconnect. This is usually done with the aid of SSL/TLS. Compare this to other VPN
methods such as L2TP and PPTP where the user may need to disconnect and
reconnect.
Federated identity management (FIM) - correct answer Federated identity
management is when a user's identity and attributes are shared across multiple identity
management systems. These various systems can be owned by one organization; for
example, Microsoft offers the Forefront Identity Manager (FIM) software—a state-based
identity management product—which can control user accounts across local and cloud
environments.
Content Addressable Memory (CAM) table - correct answer The CAM table is an area
in memory set aside to store MAC address to physical port translations.
OVAL - correct answer OVAL, Open Vulnerability and Language Assessment,
standardizes the transfer of secure data.
DLL injection - correct answer DLL injection is a technique used to run code within the
address space of another process.
Which authentication models places importance on a ticket-granting server - correct
answer Kerberos is an authentication protocol commonly used on client/server
networks. The server works with tickets that prove the identity of users. The tickets are
obtained from a ticket-granting server, which is part of the Key Distribution Center
(KDC). Kerberos is generally used within a local network
Fraggle attack - correct answer A Fraggle attack is a type of denial-of-service attack
that sends a large amount of UDP Echo traffic
,Enumerating - correct answer Enumerating is the listing of possible security threats.
Which attack misuses the Transmission Control Protocol three-way handshake process
in an attempt to overload network servers so that authorized users are denied access to
network resources - correct answer The SYN attack (or SYN flood) is a type of dos
attack in which an attacker sends a large amount of SYN (synchronize) request packets
to a server in an attempt to deny service.
You have been contracted to conduct a forensics analysis on a server. What should you
do first - correct answer A forensics investigator should first make a copy of the system
and store it in a safe place, in case the system fails while the forensics investigation is
carried out.
Which tools requires a network adapter to be placed in promiscuous mode - correct
answer Some network mapping programs such as airmagnet require that a network
adapter be placed in promiscuous mode. This is when the network adapter captures all
packets that it has access to regardless of the destination of those packets. Some
protocol analyzers (for example, Wireshark) also require that a network adapter be
placed in promiscuous mode.
You perform a risk assessment for your organization. What should you do during the
impact assessment - correct answer During impact assessment, you want to know
what kind of impact a threat can have, and potential monetary costs are a big portion of
that impact on an organization.
What uses Transport Layer Security and does not work well in enterprise scenarios
because certificates must be configured or managed on both the client side and server
side - correct answer EAP-TLS uses Transport Layer Security, which is a certificate-
based system that does enable mutual authentication. This does not work well in
enterprise scenarios because certificates must be configured or managed on the client
side and server side.
EAP-TTLS - correct answer EAP-TTLS uses Tunneled Transport Layer Security and is
basically the same as TLS except that it is done through an encrypted channel, and it
requires only server-side certificates
,EAP-FAST - correct answer EAP-FAST uses a protected access credential instead of
a certificate to achieve mutual authentication. FAST stands for Flexible Authentication
via Secure Tunneling
Which tool is used to capture ICMP, HTTP, FTP, and other packets of information. -
correct answer Protocol analyzers capture packets of information for later analysis.
Any packets that pass through a network adapter can be captured and analyzed with a
protocol analyzer, also known as a network sniffer.
Port scanner - correct answer Port scanners are used to find vulnerabilities in the form
of open ports on servers and other network devices.
What is the purpose of kernel-level rootkits - correct answer Rootkits, in general, are
designed to gain administrator access while not being detected. Kernel-level rootkits will
change code within the operating system and possibly device drivers, enabling the
attacker to execute with the same privileges as the operating system. This type of
rootkit allows for unrestricted security access.
You are attempting to apply corporate security settings to a workstation. What would be
the best solution - correct answer Security templates can be applied to computers to
configure many rules and policies at once. These security templates will have many
rules defining group policies and are common in corporate environments.
Which component of PKI is necessary for one CA to know whether to accept or reject
certificates from another CA - correct answer An RA is a registration authority used to
verify requests for certificates from a certificate authority or multiple certificate
authorities.
CRL - correct answer A CRL is a certificate revocation list; if for some reason a
certificate cannot be verified by any parties involved and the issuer of the certificate
confirms this, the issuer needs to revoke the certificate. The certificate is placed in the
CRL that is published
, Key escrow - correct answer Key escrow is when certificates are held if the third
parties need them in the future.
What permits a user to "float" a domain registration for a maximum of 5 days - correct
answer Kiting is when a person floats a domain for up to 5 days. Domain name kiting is
the process of deleting a previously registered domain name within the 5-day grace
period given to the user by the domain registrar. This grace period is also known as an
add grace period, or AGP. The person doing the kiting will immediately reregister the
domain name for another 5-day period and continue the process until the domain name
is sold for a profit. Otherwise, the person will continue to use the domain without ever
paying for it.
DNS amplification - correct answer DNS amplification is an attack that targets servers
and network devices by sending bulk requests that are smaller than the responses.
One of your co-workers has been issued a new smart card because the old one has
expired. The co-worker can connect to the computer network but is unable to send
digitally signed or encrypted e-mail. What does the security administrator need to
perform - correct answer Publish new certificates to the global address list. A certificate
is required to send digitally encrypted and signed e-mail. Certificates based on a smart
card must be published to the global address list when using a Microsoft Exchange
Server and Microsoft Outlook client for e-mail. Expired smart cards (and their
certificates) will not function; expired smart cards' certificates should be revoked.
What enables an attacker to hide the presence of malicious code by altering Registry
entries - correct answer A rootkit subverts an operating system by altering system
processes and Registry entries. This can enable the attackers to hide the presence of
their malicious code.
Which port does Kerberos use by default - correct answer Kerberos uses inbound port
88 (TCP & UDP) by default. An example of this would be a Microsoft domain controller
that accepts incoming logins. Kerberos is a type of mutual authentication.
Open relay - correct answer An open relay is an invitation for attackers to send out
spoofed e-mails and spam. These relays should be closed on SMTP servers so that
only authenticated users can gain access to them.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller KieranKent55. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.99. You're not tied to anything after your purchase.