Domain 2 Quiz

Domain 2 Quiz

1. Decide where things go. On the real test you will drag them and they snap into place.
   
   4 cable locks with 4 laptops
   
   Safe with signing keys (these would be stored on optical discs or USB sticks)
   
   Locking cabinet with WAP. (CompTIA says "locking cabinet" where I would say "equipment rack with locking doors", and yes, enclosing a WAP inside a metal cabinet makes no sense)
   
   Card-swipe lock with door from lobby to business office. From public (sort of) area to business area.
   
   Biometric lock with door from business office to server room. Most sensitive door, it gets the best lock.
   
   Video camera in server room.
   
   Captive portal with lobby.
2. Jenny can unlock her work mobile phone by drawing a pattern on the screen with her finger. This mode of authentication verifies:
   1. Something you know
   2. Something you have
   3. Something you are
   4. Something you do
   5. Somewhere you are
   Yes, she has to know what to draw, but let's say she knows she's to draw the digit 4. Each of us would have our own way of drawing that. The test is how she draws it. And she has to have the phone. Ultimate answer: This is what CompTIA wants you to say for drawing a pattern.
3. To enter the server room Joe must pass through a mantrap, entering a PIN on a keypad at the outer door, entering the mantrap and closing the door behind him, swiping his badge on the reader, then typing a password into a keyboard by the inner door. How many factors is this?
   1. 1
   2. 2
   3. 3
   4. 4
   PIN = know, badge = have, password = know. The thing he knows is split into two parts, one called PIN and the other password.
4. To enter the server room Joe must be recognized by the guard, enter a PIN on the keypad, and place his hand on a scanner. How many factors is this?
   1. 1
   2. 2
   3. 3
   4. 4
   Recognized = is (his face), PIN = know, hand scan = is. The thing he is has been considered in two parts, his face and his hand.
5. To enter the server room Joe must be recognized by the guard, show the guard his badge, and enter a PIN on the keypad. How many factors is this?
   1. 1
   2. 2
   3. 3
   4. 4
   Recognized = is, badge = has, PIN = know. The question doesn't say anything about his picture being on the badge.
6. Joe has been given a Post-It note with a PIN written on it. To enter the server room he must be recognized by the guard, tell the guard the passphrase of the day, and enter the PIN on the keypad. How many factors is this?
   1. 1
   2. 2
   3. 3
   4. 4
   Recognized = is, passphrase = know, PIN = know. Yes, the PIN is written on a Post-It note, but that doesn't make the note a thing he has to have. Obviously he's supposed to memorize the PIN.
7. Beth, a system administrator, is training Jerry, a new data maintenance technician, in how to restore backup data into production use. Which of the following should they be using?
   1. Recovery playbook
   2. Order of restoration
   3. Order of volatility
   4. Snapshot guidance
   The Recovery Playbook, in CompTIA's lexicon, documents how to identify and properly restore backup data.
8. Dale is the manager of the software development group. She has directed her programmers to make a backup of their code and test data at the end of every day, locking the media in a desk drawer, and making sure to lock their office door. What is the greatest remaining concern?
   1. Data remanence
   2. Off-site backups
   3. Data sovereignty
   4. Privacy protection
   The backup hasn't left the building. A fire would destroy the original and the backup.
9. Lori's manager, Brian, has just returned from a board meeting where it was announced that the company would be deploying Infrastructure as a Service. Brian didn't know what that was, and was embarrassed to ask. Which is the best explanation of what it will involve?
   1. Logical rather than physical network isolation
   2. Air gaps
   3. Virtualization
   4. Subcontracting
   Brian didn't say if it was to happen out at a public provider like Google or Amazon, or in house. Either way, virtualized servers will be involved. Yes, software-defined networking and logical isolation will also be involved, but to support communication between and with all those virtual machines.
10. Dorothy, the software development manager, needs development and testing platforms for her programmers. However, she doesn't want to have to buy server hardware, or cross-train programmers to be system administrators. Which cloud solution could solve her problem?
    1. IaaS
    2. IDaaS
    3. PaaS
    4. SaaS
    Infrastructure as a Service means you have to be your own system administrator. Software as a Service means buying the use of already existing software. Identity as a Service is something like SAML as sold by Okta, Symplified, Oracle, etc.
11. Maria, a security analyst, was about to boot a suspect system with a Kali Linux DVD. Her manager stopped her, saying that she mustn't modify the computer's operating system or data. She explained that it was safe, it would load an operating system into RAM and treat everything on disk as read-only data, because it's:
    1. Non-modification boot
    2. Live boot
    3. Transparent boot
    4. Ephemeral boot
    The others suggest what's going on, but it's called live boot.
12. Alexei, an attacker from Eastern Europe, was able to break into one of your organization's virtual web servers. However, he was unable to pivot to any of several other virtual servers running on the same hardware platform. What benefit happened?
    1. VM Escape
    2. Shadow IT
    3. VM sprawl
    4. Sandboxing
    5. Hypervisor flaws
    VM Escape and hypervisor flaws are the opposite of what happened. Shadow IT and VM sprawl might be happening, but aren't the point here. The hypervisor kept the VMs safely sandboxed, isolated from each other.
13. Abe, a security architect, needs to configure Perfect Forward Secrecy for remote access for employees working from home. What can he use? Select two.
    1. DH
    2. DHE
    3. ECDHE
    4. One-time pads
    5. AES-GCM-256
    Both Diffie-Hellman Ephemeral and Elliptic Curve Diffie-Hellman Ephemeral provide ephemeral keys to use as symmetric session keys, meaning you have PFS. You might happen to use those ephemeral keys with AES, but AES by itself doesn't mean PFS. One-time pads are the only perfectly secure encryption method, but they're totally impractical for this application.
14. Charlotte is in charge of VPN access to the data analysis facility. She has read that it is helpful to pad a secret with a short text value before encrypting it. What concept is she considering?
    1. Salt
    2. Nonce
    3. Hash
    4. PBKDF2
    This is a bad question, intentionally included to more accurately emulated a CompTIA exam. This is very frustrating because it's really talking about an IV or Initialization Vector, but that isn't a choice. Salts are used with password hashes, not with encrypting. But the question says "short text value", and CompTIA wants you to say "salt", reserving "nonce" (or number used only once) for something described as a number. Even though a nonce takes the form of a string of bits, just as a text value would be. Pad with short text means select salt.
15. International, national, and state/provincial regulations require the protection of personal privacy. This makes confidentiality important, but it is not the only security goal. You need to protect both endpoint authentication and data confidentiality in all data streams. Which ciphers should you choose? Select two.
    1. AES-CBC
    2. AES-CCMP
    3. AES-CFB
    4. AES-GCM
    AES-CCMP is appropriate for 802.11 wireless, AES-GCM is appropriate for TLS. Both are authenticated encryption.
16. Which of these are advantages of WPA/2 Enterprise over WPA/2 PSK? Select two.
    1. PKI
    2. Stronger cipher suite
    3. Higher performance
    4. Integrated Active Directory
    5. RADIUS
    The RADIUS server deals with trusted digital certificates, which means integration into your PKI. The two choices support the same cipher suite with identical network performance. AD isn't related.
17. Tasha, a network engineer, is designing a wireless solution for her large corporation. She needs to specify the current best encryption, supporting 802.1x with either LEAP or EAP-TLS. What should she use? Select three.
    1. CCMP
    2. AES-GCM-256
    3. WPA/2 PSK
    4. WPA/2 Enterprise
    5. RADIUS
    6. Active Directory
    CompTIA tends to say "CCMP" when they should say "AES-CCMP". It is authenticated encryption. AES-GCM-256 is also authenticated encryption, but it is appropriate for use with TLS, not 802.11.
    
    WPA/2 Enterprise uses a RADIUS server and certificates, while WPA/2 PSK uses manually configured pre-shared keys.
    
    RADIUS is a trusted third party authentication service commonly used with 802.1x, it can speak several EAP variants.
18. Blake has been asked to configure the web server to provide Perfect Forward Secrecy. Which security feature will this provide?
    1. Data sent from the server to the client will always be protected
    2. Data sent from the client to the server will always be protected
    3. A breach today does not expose keys from the past
    4. A breach today does not expose keys in the future
    Yes, the name seems backwards to me, too. It's sometimes called just "Perfect Secrecy".
19. Alice wants to send an encrypted message to Bob. What does she need?
    1. Alice's public key
    2. Alice's private key
    3. Bob's public key
    4. Bob's private key
    Know the fundamentals!

    Goal	Sender needs	Receiver needs
    Encrypted only	Receiver's public key	Receiver's private key
    Encrypted and signed	Sender's private key Receiver's public key	Sender's public key Receiver's private key
    Signed only	Sender's private key	Sender's public key

20. Alice must send a message which only Bob can read. What does Alice need?
    1. Alice's private key
    2. Alice's public key
    3. Bob's private key
    4. Bob's public key

Exhibit with 10 things, plus 19 regular questions

Passing = 82% of 29 = 23.8

Goal = 91% of 29 = 26.4