Pen used to do a practice exam.

Domain 2 Quiz

Domain 2 Quiz

  1. Decide where things go. On the real test you will drag them and they snap into place.
    Physical security map
    4 cable locks with 4 laptops

    Safe with signing keys (these would be stored on optical discs or USB sticks)

    Locking cabinet with WAP. (CompTIA says "locking cabinet" where I would say "equipment rack with locking doors", and yes, enclosing a WAP inside a metal cabinet makes no sense)

    Card-swipe lock with door from lobby to business office. From public (sort of) area to business area.

    Biometric lock with door from business office to server room. Most sensitive door, it gets the best lock.

    Video camera in server room.

    Captive portal with lobby.
  2. Beth, a system administrator, is training Jerry, a new data maintenance technician, in how to restore backup data into production use. Which of the following should they be using?
    1. Recovery playbook
    2. Order of restoration
    3. Order of volatility
    4. Snapshot guidance
    The Recovery Playbook, in CompTIA's lexicon, documents how to identify and properly restore backup data.
  3. Dale is the manager of the software development group. She has directed her programmers to make a backup of their code and test data at the end of every day, locking the media in a desk drawer, and making sure to lock their office door. What is the greatest concern?
    1. Data remanence
    2. Off-site backups
    3. Data sovereignty
    4. Privacy protection
  4. Lori's manager, Brian, has just returned from a board meeting where it was announced that the company would be deploying Infrastructure as a Service. Brian didn't know what that was, and was embarrassed to ask. Which is the best explanation of what it will involve?
    1. Logical rather than physical network isolation
    2. Air gaps
    3. Virtualization
    4. Subcontracting
    Brian didn't say if it was to happen out at a public provider like Google or Amazon, or in house. Either way, virtualized servers will be involved. Yes, software-defined networking and logical isolation will also be involved, but to support communication between and with all those virtual machines.
  5. Dorothy, the software development manager, needs development and testing platforms for her programmers. However, she doesn't want to have to buy server hardware, or cross-train programmers to be system administrators. Which cloud solution could solve her problem?
    1. IaaS
    2. IDaaS
    3. PaaS
    4. SaaS
    Infrastructure as a Service means you have to be your own system administrator. Software as a Service means buying the use of already existing software. Identity as a Service is something like SAML as sold by Okta, Symplified, Oracle, etc.
  6. Maria, a security analyst, was about to boot a suspect system with a Kali Linux DVD. Her manager stopped her, saying that she mustn't modify the computer's operating system or data. She explained that it was safe, it would load an operating system into RAM and treat everything on disk as read-only data, because it's:
    1. Non-modification boot
    2. Live boot
    3. Transparent boot
    4. Ephemeral boot
    The others suggest what's going on, but it's called live boot.
  7. Alexei, an attacker from Eastern Europe, was able to break into one of your organization's virtual web servers. However, he was unable to pivot to any of several other virtual servers running on the same hardware platform. What benefit happened?
    1. VM Escape
    2. Shadow IT
    3. VM sprawl
    4. Sandboxing
    5. Hypervisor flaws
    VM Escape and hypervisor flaws are the opposite of what happened. Shadow IT and VM sprawl might be happening, but aren't the point here. The hypervisor kept the VMs safely sandboxed, isolated from each other.
  8. Abe, a security architect, needs to configure Perfect Forward Secrecy for remote access for employees working from home. What can he use? Select two.
    1. DH
    2. DHE
    3. ECDHE
    4. One-time pads
    5. AES-GCM-256
    Both Diffie-Hellman Ephemeral and Elliptic Curve Diffie-Hellman Ephemeral provide ephemeral keys to use as symmetric session keys, meaning you have PFS. You might happen to use those ephemeral keys with AES, but AES by itself doesn't mean PFS. One-time pads are the only perfectly secure encryption method, but they're totally impractical for this application.
  9. Charlotte is in charge of VPN access to the data analysis facility. She has read that it is helpful to pad a secret with a short text value before encrypting it. What concept is she considering?
    1. Salt
    2. Nonce
    3. Hash
    4. PBKDF2
    This is a bad question, intentionally included to more accurately emulated a CompTIA exam. This is very frustrating because it's really talking about an IV or Initialization Vector, but that isn't a choice. Salts are used with password hashes, not with encrypting. But the question says "short text value", and CompTIA wants you to say "salt", reserving "nonce" (or number used only once) for something described as a number. Even though a nonce takes the form of a string of bits, just as a text value would be. Pad with short text means select salt.
  10. International, national, and state/provincial regulations require the protection of personal privacy. This makes confidentiality important, but it is not the only security goal. You need to protect both endpoint authentication and data confidentiality in all data streams. Which ciphers should you choose? Select two.
    1. AES-CBC
    2. AES-CCMP
    3. AES-CFB
    4. AES-GCM
    AES-CCMP is appropriate for 802.11 wireless, AES-GCM is appropriate for TLS. Both are authenticated encryption.
  11. Which of these are advantages of WPA/2 Enterprise over WPA/2 PSK? Select two.
    1. PKI
    2. Stronger cipher suite
    3. Higher performance
    4. Integrated Active Directory
    5. RADIUS
    The RADIUS server deals with trusted digital certificates, which means integration into your PKI. The two choices support the same cipher suite with identical network performance. AD isn't related.
  12. Tasha, a network engineer, is designing a wireless solution for her large corporation. She needs to specify the current best encryption, supporting 802.1x with either LEAP or EAP-TLS. What should she use? Select three.
    1. CCMP
    2. AES-GCM-256
    3. WPA/2 PSK
    4. WPA/2 Enterprise
    5. RADIUS
    6. Active Directory
    CompTIA tends to say "CCMP" when they should say "AES-CCMP". It is authenticated encryption. AES-GCM-256 is also authenticated encryption, but it is appropriate for use with TLS, not 802.11.

    WPA/2 Enterprise uses a RADIUS server and certificates, while WPA/2 PSK uses manually configured pre-shared keys.

    RADIUS is a trusted third party authentication service commonly used with 802.1x, it can speak several EAP variants.
  13. Blake has been asked to configure the web server to provide Perfect Forward Secrecy. Which security feature will this provide?
    1. Data sent from the server to the client will always be protected
    2. Data sent from the client to the server will always be protected
    3. A breach today does not expose keys from the past
    4. A breach today does not expose keys in the future
    Yes, the name seems backwards to me, too. It's sometimes called just "Perfect Secrecy".
  14. Alice wants to send an encrypted message to Bob. What does she need?
    1. Alice's public key
    2. Alice's private key
    3. Bob's public key
    4. Bob's private key
    Know the fundamentals!
    Goal Sender needs Receiver needs
    Encrypted only Receiver's public key Receiver's private key
    Encrypted and signed Sender's private key
    Receiver's public key
    Sender's public key
    Receiver's private key
    Signed only Sender's private key Sender's public key
  15. Alice must send a message which only Bob can read. What does Alice need?
    1. Alice's private key
    2. Alice's public key
    3. Bob's private key
    4. Bob's public key

Exhibit with 10 things, plus 14 regular questions

Passing = 82% of 24 = 19.7

Goal = 91% of 24 = 21.8

To the Cybersecurity Page