CompTIA Security+ SY0 501

Authentication CORRECT ANSWERS: When a person's identity is established with proof and confirmed by a system Authorization CORRECT ANSWERS: When a user is given access to certain data or areas of a building Accounting CORRECT ANSWERS: The tracking of data, computer usage, and network resources What is information security? CORRECT ANSWERS: A. Information security (also called computer security) is the act of protecting data and information from unauthorized access, unlawful modific...

Which of the following should risk assessments be based upon as a best practice? A. A quantitative measurement of risk and impact and asset value B. An absolute measurement of threats C. A qualitative measurement of risk and impact D. A survey of annual loss and potential threats and asset value CORRECT ANSWERS: A. A quantitative measurement of risk and impact and asset value A risk management concept where operations resume at some capacity, despite the presence of a failure, i...

3DES CORRECT ANSWERS: Triple Digital Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It is a block cipher that encrypts data in 64-bit blocks. AAA CORRECT ANSWERS: Authentication, authorization, and accounting. A group of technologies used in remote access systems. Authentication verifies a user's identification. Authorization determines if a user should have access. Accounting tracks a user's access with logs. Sometimes called AAAs of security...

Which device relieves the CPU from encryption and decryption processing? A. HSM B. TPM C. SSL D. SED CORRECT ANSWERS: A. HSM A technician installs a Linux virtual machine from the installation media and then applies the latest operating system patches. What else should be done to harden the installation? A. Configure a host-based firewall B. Rename the administrator account C. Disable unnecessary services D. Patch the installation CORRECT ANSWERS: A. Configure a host-based fire...

You're the chief security contact for MTS. One of your Primary tasks is to document everything related to security and create a manual that can be used to manage the company in your absence. Which documents should be referenced in your manual as the ones that identify the methods used to accomplish a given task? A. Policies B. Standards C. Guidelines D. BIA CORRECT ANSWERS: C. Guidelines help clarify processes to maintain standards. Guidelines tend to be less formal than policies or stan...

Which development tool features tracks code changes? CORRECT ANSWERS: Version control. You team is developing a secured web service. What should be established to detect deviations from normal configurations that can affect security. CORRECT ANSWERS: Secure Baseline. A technician installs a Linux virtual machine from the installation media and then applies the latest operating system patches. What else should be done to harden the installation? CORRECT ANSWERS: Disable unnecessary s...

What is HIDS? CORRECT ANSWERS: Host-based Intrusion Detection System What is a personal firewall? CORRECT ANSWERS: an application that protects an individual computer from unwanted Internet traffic, by way of a set of rules and policies What is a pop-up blocker? CORRECT ANSWERS: An application/add-on on a web browser that blocks pop-up windows that usually contain advertisements What is ad filtering? CORRECT ANSWERS: Pop-up blocking What are content filters? CORRECT ANSWERS: Ind...

What is malware? CORRECT ANSWERS: malicious software What are the types and methods of Malware? CORRECT ANSWERS: 1. Viruses 2. Crypto-malware, Ransomware 3. Worms 4. Trojan Horse 5. Rootkit 6. Keylogger 7. Adware/Spyware 8. Botnet What is the CIA of computer security? CORRECT ANSWERS: 1. Confidentiality 2. Integrity 3. Availability What is the AAA of computer security? CORRECT ANSWERS: 1. Authentication 2. Authorization 3. Accounting Organization uses the CIA principle...

Virus CORRECT ANSWERS: A piece of malicious code that replicates by attaching itself to another piece of executable code. Two types -- boot sector and program. Note that an Armored Virus employs encryption Crypto-malware CORRECT ANSWERS: An early name given to malware that encrypts files on a system and then leaves them unusable either permanently, acting as a denial of service, or temporarily until a ransom is paid. EX: WannaCry was an example of this Ransomware CORRECT ANSWERS: ...

Cloud Computing CORRECT ANSWERS: A system in which all computer programs and data is stored on a central server owned by a company (e.g. Google) and accessed virtually Hyperconvergence CORRECT ANSWERS: Allows providers to fully integrate the storage, network, and servers VDI CORRECT ANSWERS: Virtual Desktop Infrastructure. Allows a provider to offer a full desktop OS to a user from a centralized server Secure Enclave CORRECT ANSWERS: Utilizes to distinct areas where data can be stor...