CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [11]
7. A. A DMZ (demilitarized zone) is an area in a network that allows restrictive access to untrusted users and isolates the internal network from access by external users and systems. It does so by using routers and firewalls to limit access to sensitive network resources. For more information, see Chapter 1.
8. C. A key recovery process must be able to recover a previous key. If the previous key can’t be recovered, then all the information for which the key was used will be irrecoverably lost. For more information, see Chapter 7.
9. D. A flood attack is designed to overload a protocol or service by repeatedly initiating a request for service. This type of attack usually results in a DoS (denial of service) situation occurring because the protocol freezes or excessive bandwidth is used in the network as a result of the requests. For more information, see Chapter 2.
10. B. A sensor collects data from the data source and passes it on to the analyzer. If the analyzer determines that unusual activity has occurred, an alert may be generated. For additional information, see Chapter 4.
11. A. Hardening is the term used to describe the process of securing a system. This is accomplished in many ways, including disabling unneeded protocols. For additional information on hardening, see Chapter 5.
12. A. To meet the goal of integrity, you must verify that information being used is accurate and hasn’t been tampered with. Integrity is coupled with accountability to ensure that data is accurate and that a final authority exists to verify this, if needed. For more information, see Chapter 1.
13. D. Online Certificate Status Protocol (OCSP) is the mechanism used to immediately verify whether a certificate is valid. The Certificate Revocation List (CRL) is published on a regular basis, but it isn’t current once it’s published. For additional information, see Chapter 7.
14. B. Partitioning is the process of breaking a network into smaller components that can each be individually protected. The concept is the same as building walls in an office building. For additional information, see Chapter 6.
15. A. IM and other systems allow unsuspecting users to download files that may contain viruses. Due to a weakness in the file extension naming conventions, a file that appears to have one extension may actually have another extension. For example, the file account. doc.vbs would appear in many applications as account.doc, but it’s actually a Visual Basic script and could contain malicious code. For additional information, see Chapter 4.
16. B. Access control lists (ACLs) are used to allow or deny an IP address access to a network. ACL mechanisms are implemented in many routers, firewalls, and other network devices. For additional information, see Chapter 5.
17. B. The default port for a web server is port 80. By changing the port to 1019, you force users to specify this port when they are using a browser. This action provides a little additional security for your website. Adding a firewall to block port 80 would secure your website so much that no one would be able to access it. For more information, see Chapter 3.
18. D. A worm is designed to multiply and propagate. Worms may carry viruses that cause system destruction, but that isn’t their primary mission. For more information, see Chapter 2.
19. A. Social engineering is using human intelligence methods to gain access or information about your organization. For additional information, see Chapter 6.
20. C. In most environments, FTP sends account and password information unencrypted. This makes these accounts vulnerable to network sniffing. For additional information, see Chapter 5.
21. A. An intrusion detection system (IDS) provides active monitoring and rule-based responses to unusual activities on a network. A firewall provides passive security by preventing access from unauthorized traffic. If the firewall were compromised, the IDS would