Computer Science Security+ Questions and Answers, Exams of Computer Security

A comprehensive list of questions and answers related to computer science security+. It covers various topics, including social engineering, cryptography, network security, and cloud computing. A valuable resource for students and professionals seeking to understand the fundamentals of cybersecurity.

Typology: Exams

2024/2025

Available from 02/06/2025

vincent-prince
vincent-prince 🇺🇸

3.5

(2)

4.5K documents

1 / 12

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Computer Science Security+ Questions and
Answers
Pharming - Correct answer Reroutes requests for legitimate websites to
false websites by changing DNS cache
Pretexting - Correct answer a form of social engineering in which one
individual lies to obtain confidential data about another individual
Adversarial artificial intelligence (AI) - Correct answer 1. Tainted training
for machine learning (ML)
2. Security of machine learning algorithms
Typosquatting - Correct answer a problem that occurs when someone
registers purposely misspelled variations of well-known domain names
rainbow table - Correct answer A table of hash values and their
corresponding plaintext values that can be used to look up password
values if an attacker is able to steal a system's encrypted password file.
(precomputed list of hashes)
SSL Stripping - Correct answer MITM request stripping off SSL (https>
http)
Implement HSTS policy
XSS - Correct answer Cross-site scripting. It scripting allows an attacker
to redirect users to malicious websites and steal cookies.
LDAP injection - Correct answer An application attack that targets web-
based applications by fabricating LDAP statements that are typically
created by user input.
TOCTTOU - Correct answer (time of check to time of use) The potential
vulnerability that occurs when there is a change between when an app
checked a resource and when the app used the resource.
Replay Attack - Correct answer A type of network attack where an
attacker
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Computer Science Security+ Questions and Answers and more Exams Computer Security in PDF only on Docsity!

Computer Science Security+ Questions and

Answers

Pharming - Correct answer Reroutes requests for legitimate websites to false websites by changing DNS cache Pretexting - Correct answer a form of social engineering in which one individual lies to obtain confidential data about another individual Adversarial artificial intelligence (AI) - Correct answer 1. Tainted training for machine learning (ML)

  1. Security of machine learning algorithms Typosquatting - Correct answer a problem that occurs when someone registers purposely misspelled variations of well-known domain names rainbow table - Correct answer A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system's encrypted password file. (precomputed list of hashes) SSL Stripping - Correct answer MITM request stripping off SSL (https> http) Implement HSTS policy XSS - Correct answer Cross-site scripting. It scripting allows an attacker to redirect users to malicious websites and steal cookies. LDAP injection - Correct answer An application attack that targets web- based applications by fabricating LDAP statements that are typically created by user input. TOCTTOU - Correct answer (time of check to time of use) The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource. Replay Attack - Correct answer A type of network attack where an attacker

captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network (username and pw hash). cross-site request forgery (XSRF) - Correct answer An attack that uses the user's Web browser settings to impersonate the user. Server-Side Request Forgery (SSRF) - Correct answer An attack that takes advantage of a trusting relationship between web servers. Shimming - Correct answer A driver manipulation method. It uses additional code to modify the behavior of a driver. Refactoring - Correct answer A driver manipulation method. Developers rewrite the code without changing the driver's behavior. Bluesnarfing - Correct answer The unauthorized access of information from a wireless device through a Bluetooth connection. Bluejacking - Correct answer An attack that sends unsolicited messages to Bluetooth-enabled devices. IV attack - Correct answer An attack where the attacker is able to predict or control the Initialization Vector of an encryption process, thus giving the attacker access to view the encrypted data that is supposed to be hidden from everyone else except for the user or network. VBA - Correct answer Visual Basic for Applications AIS - Correct answer Automated Indicator Sharing -STIX/ TAXII -Exchange of cyber threat indicators AUTOMATED SHARING OF THREAT INFORMATION Predictive Analysis - Correct answer Statistical techniques for data mining and machine learning, that analyzes information to make predictions about threats File/code repositories - Correct answer Code repository is where source codes for software programs are archived in an ordered way

Most dangerous HTML command - Correct answer GET (username & password) X.500 - Correct answer LDAP > DC MSFT Security required for SCADA - Correct answer FW, AV, SUBNET, WLAN HSM - Correct answer Hardware security module. A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. High-volume e-commerce sites use HSMs to increase the performance of SSL sessions. High-availability clusters needing encryption services can use clustered HSMs. X.509 - Correct answer Digital Certificates Hot site Warm site Cold site - Correct answer Hours to 1 day Days Weeks Fake telemetry - Correct answer Deception strategy that returns spoofed data in response to network probes. / fake data that youu're producing to throw hackers off DNS Sinkhole - Correct answer A DNS server that gives out a false result for a domain name. MSP/ MSSP - Correct answer Managed Service Provider / Managed Security Service Provider fog computing - Correct answer Provisioning processing resource between the network edge of IoT devices and the data center to reduce latency. Edge Computing - Correct answer moving processing and data storage away from a centralized location to the "edges" of a network Do computing themselves and don't send it back to the server.

thin client - Correct answer a terminal that looks like a desktop but has limited capabilities and components container - Correct answer Docker Small instance of an operating system running on top of another operating system. Running different OSs on one OS. Microservices/ API - Correct answer A software architecture that is composed of smaller modules that interact through APIs and can be updated without affecting the entire system. Provisioning and deprovisioning - Correct answer Make available to a user and make unavailable to a user Normalization - Correct answer The process of applying rules to a database design to ensure that information is divided into the appropriate tables. Compiler - Correct answer A computer program created to read an entire program and convert it into a lower-level language and ultimately to assembly language used by the processor. Binay - Correct answer Code that computer reads DevOps - Correct answer Software development and IT operations 1)Continuous monitoring 2)Continuous validation 3)Continuous integration 4)Continuous delivery 5)Continuous deployment - Correct answer 1)Monitoring changes 2)If there are any changes we need to validate the code again 3)To take the code from development environment to production environment 4)Deliver that code to end-user

PDUs - Correct answer Managed power distribution units Live boot media - Correct answer Enables a user to run an OS without installing (or using) the hard drive. This prevents malware/spyware from being installed. RAID - Correct answer Redundant array of independent disks; a group of two or more integrated hard disks RAID 0 - Correct answer A RAID array in which every time data is written to disk, a portion (block) is written to each disk in turn, creating a "stripe" of data across the member disks. RAID 0 uses the total disk space in the array for storage, without protecting the data from drive failure. (2) STRIPING STRIPING - 2 disks; no parity or mirroring RAID 1 - Correct answer RAID 1 IS A MIRROR - SAME INFORMATION. Also called mirroring, this RAID array type provides fault tolerance because all the data is written identically to the two drives in the mirrored set. (2) MIRROR MIRROR - 2 disks RAID 5 - Correct answer MIN 3 HARDDRIVES. YOU CAN LOOSE ONE DRIVE.A technique that stripes data across three or more drives and uses parity checking, so that if one drive fails, the other drives can re-create the data stored on the failed drive. RAID 5 drives increase performance and provide fault tolerance. Windows calls these drives RAID-5 volumes. (1,2, PARITY) STRIPING STRIPING STRIPING RAID 6 - Correct answer Disk striping with extra parity. Like RAID 5, but with more parity data. Requires five or more drives, but you can lose up to two drives at once and your data is still protected. (1,2,PARITY, PARITY) STRIPING STRIPING STRIPING STRIPING

RAID 10 - Correct answer a combination of RaID 1 and RaID 0 that requires at least four disks to work as an array of drives and provides the best redundancy and performance. MIRROR STRIPING MIRROR STRIPING - requires four disks and can loose two disks Embedded System - Correct answer System that has generally one purpose RasPerry Pi FPGA Anduiono MFP - Correct answer Multifunction printer RTOS - Correct answer Real-time operating system. An operating system that reacts to input within a specific time. Many embedded systems include an RTOS. Air gap - Correct answer No connection to your network at all Class A Class B Class C Class D - Correct answer Common combustibles, trash Liquid Electrical Flammable Metals Pulping Pulverizing Degaussing 3rd-party solutions - Correct answer Shred it to the point it turn liquid Can do with hammers Machine that erases magnetic media Hire someone to destruct data Block Cipher - Correct answer A cipher that manipulates an entire block of plaintext at one time. AES

Detect Protect Respond Recover PEM - Correct answer ASCII format certificate: kdbvksKKBSDSKDGJJKkjjkgjkdskjg;lkf7ef Operation Controls - Correct answer carried out by humans // procedures GPS - Correct answer One way communication Encrypting with asymmetric keys - Correct answer The sender of the message always ENCRYPTS IT USING THE RECIPIENTS PUBLIC KEY PAM - Correct answer Priviledged access management solutions allow the safeguarding of admin credentials, among other security controls. DNSSEC - Correct answer Digital Signatures of DNS server files Protects against DNS cache poisoning S/MIME and PGP - Correct answer Secure/ Multipurpose Internet Mail Extensions. Used to secure e-mail. S/ MIME provides confidentiality, integrity, authentication, and non-repudiation. It can digitally sign and encrypt e-mail, including the encryption of e-mail at rest (stored on a drive) and in transit (data sent over the network). It uses RSA, with public and private keys for encryption and decryption, and depends on a PKI for certificates. Transport mode (IPsec) - Correct answer Only the payload of an IP packet is protected Tunnel Mode (IPSec) - Correct answer Encrypts the entire IP packet (Used with VPNs) AH (Authentication Header) and ESP (Encapsulating Security Payload) - Correct answer AH= Authentication, Integrity ESP= ENCRYPTION, Authentication ,Integrity UEFI vs

Measured boot vs Boot attentation - Correct answer Uses digital signatures vs Stores points in TPM vs 3rd-party verify Hardware Root of Trust (ROT) - Correct answer A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics SED - Correct answer Self-encrypting drive Hard drive that does encryption for you, they have cryptographic chips FDE (Full Disk Encryption) - Correct answer TPM can provide FDE. TPM (Trusted Platform Module) - Correct answer A chip on the motherboard used with software applications for security. It can be used with Windows BitLocker Drive Encryption to provide full-disk encryption and to monitor for system tampering. Jump Server/Jump Host/Jumpbox - Correct answer A computer on a network used to access and manage devices in a separate security zone

  • Most common example: managing a host in a DMZ from trusted networks or computers SWG - Correct answer Cloud proxy server SAML (Security Assertion Markup Language) - Correct answer An XML- based standard used to exchange authentication and authorization information between different parties. FEDERATED SERVICES in corporate networks OAuth - Correct answer Open Authorization standard. It is a common method for authorizing websites or applications to access information. gives access