BR0-001 CompTIA Bridge Security+ Certification Practice Exam Set 1

Which of the following protects the confidentiality of data by making the data unreadable to those

who don't have the correct key?



Options are :

  • Encryption (Correct)
  • Hashing
  • Digital signatures
  • Non-repudiation

Answer : Encryption

Communication is important to maintaining security because communication keeps:



Options are :

  • the network bandwidth usage under control
  • the IT security budget justified
  • the user community informed of threats (Correct)
  • law enforcement informed of what is being done
  • NONE

Answer : the user community informed of threats

Which security policy will be most likely used while attempting to mitigate the risks involved with

allowing a user to access company email via their cell phone?



Options are :

  • The cell phone should require a password after a set period of inactivity. (Correct)
  • The cell phone should have data connection abilities disabled.
  • The cell phone data should be encrypted according to NIST standards.
  • The cell phone should only be used for company related emails.

Answer : The cell phone should require a password after a set period of inactivity.

Which of the following can be used by an administrator to proactively collect information on

attackers and their attempted methods of gaining access to the internal network?



Options are :

  • Honeypot (Correct)
  • NIPS
  • DMZ
  • NIDS

Answer : Honeypot

In computer networking, network address translation (NAT) is the process of modifying network

address information in datagram packet headers while in transit across a traffic routing device for

the purpose of remapping a given address space into another. Which description is true about a

static NAT?



Options are :

  • A static NAT uses a one to many mapping.
  • A static NAT uses a many to many mapping.
  • A static NAT uses a many to one mapping.
  • A static NAT uses a one to one mapping. (Correct)

Answer : A static NAT uses a one to one mapping.

A protocol analyzer will most likely detect which security related anomalies?



Options are :

  • Many malformed or fragmented packets (Correct)
  • Passive sniffing of local network traffic
  • Decryption of encrypted network traffic
  • Disabled network interface on a server

Answer : Many malformed or fragmented packets

Which of the following access control models uses roles to determine access permissions?



Options are :

  • None of the above
  • DAC
  • RBAC (Correct)
  • MAC

Answer : RBAC

Identify the service provided by message authentication code (MAC) hash:



Options are :

  • data recovery.
  • key recovery.
  • integrity (Correct)
  • fault tolerance.

Answer : integrity

Which description is true about how to accomplish steganography in graphic files?



Options are :

  • Replacing the least significant bit of each byte (Correct)
  • Replacing the most significant bit of each byte
  • Replacing the least significant byte of each bit
  • Replacing the most significant byte of each bit

Answer : Replacing the least significant bit of each byte

Which security action should be finished before access is given to the network?




Options are :

  • Identification and authorization
  • Authentication and password
  • Authentication and authorization
  • Identification and authentication (Correct)

Answer : Identification and authentication

John works as a network administrator for his company. He uses a tool to check SMTP, DNS,

POP3, and ICMP packets on the network. This is an example of which of the following?



Options are :

  • A protocol analyzer (Correct)
  • A penetration test
  • . A port scanner
  • A vulnerability scan

Answer : A protocol analyzer

In computing, virtualization is a broad term that refers to the abstraction of computer resources.

Which is a security reason to implement virtualization throughout the network infrastructure?



Options are :

  • To isolate the various network services and roles (Correct)
  • To centralize the patch management of network servers
  • To analyze the various network traffic with protocol analyzers
  • To implement additional network services at a lower cost

Answer : To isolate the various network services and roles

A user receives an email asking the user to reset the online banking username and password. The

email contains a link and when the user accesses the link, the URL that appears in the browser

does not match the link. This would be an example of:



Options are :

  • phishing (Correct)
  • spoofing
  • redirecting
  • hijacking

Answer : phishing

In computing, promiscuous mode is a configuration of a network card that makes the card pass all

traffic it receives to the central processing unit rather than just packets addressed to it - a feature

normally used for packet sniffing. Which of the following is placed in promiscuous mode, according

to the data flow, to permit a NIDS to monitor the traffic?



Options are :

  • Appliance
  • Console
  • Sensor (Correct)
  • Filter

Answer : Sensor

Which item will allow for fast, highly secure encryption of a USB flash drive?



Options are :

  • SHA-1
  • 3DES
  • AES256 (Correct)
  • MD5

Answer : AES256

Which of the following statements is TRUE regarding the CHAP authentication system?



Options are :

  • A certificate being handed from the server to the client once authentication has been established. If you have a pass, you can wander throughout the network. BUT limited access is allowed.
  • The initiator sends a logon request from the client to the server. The server sends a challenge back to the client. The challenge is encrypted and then sent back to the server. The server compares the value from the client and if the information matches, the server grants authorization. If the response fails, the session fails and the request phase starts over (Correct)
  • If your token does not grant you access to certain information, that information will either not be displayed or your access will be denied. The authentication system creates a token every time a user or a session begins. At the completion of a session, the token is destroyed
  • The authentication process uses a Key Distribution Center (KDC) to orchestrate the entire process. The KDC authenticates the network. Principles can be users, programs, or systems. The KDC provides a ticket to the network. Once this ticket is issued, it can be used to authenticate against other principles. This occurs automatically when a request or service is performed by another network.

Answer : The initiator sends a logon request from the client to the server. The server sends a challenge back to the client. The challenge is encrypted and then sent back to the server. The server compares the value from the client and if the information matches, the server grants authorization. If the response fails, the session fails and the request phase starts over

Which tool can help the technician to find all open ports on the network?



Options are :

  • None
  • Router ACL
  • Performance monitor
  • Network scanner (Correct)
  • Protocol analyzer

Answer : Network scanner

To aid in preventing the execution of malicious code in email clients, which of the following should

be done by the email administrator?



Options are :

  • Preview screens should be disabled
  • Regular updates should be performed
  • Email client features should be disabled
  • Spam and anti-virus filters should be used (Correct)

Answer : Spam and anti-virus filters should be used

Which security applications require frequent signature updates? (Select TWO).

A. Antivirus

B. Firewall

C. PKI

D. IDS



Options are :

  • A,B
  • B,C
  • C,D
  • D,A (Correct)

Answer : D,A

The term tunneling protocol is used to describe when one network protocol called the payload

protocol is encapsulated within a different delivery protocol. Which of the following can be used to

institute a tunneling protocol for security?



Options are :

  • FTP
  • IPSec (Correct)
  • EAP
  • IPX/SPX

Answer : IPSec

A programmer plans to change the server variable in the coding of an authentication function for a

proprietary sales application. Which process should be followed before implementing the new

routine on the production application server?



Options are :

  • Change management (Correct)
  • Password complexity
  • Chain of custody
  • Secure disposal

Answer : Change management

On the topic of the DAC (Discretionary Access Control) model, choose the statement(s) which are

TRUE.



Options are :

  • All objects have an owner, and this owner has full control over that specific object. (Correct)
  • All files that do not have a specified owner cannot be modified.
  • The system administrator is an owner of all objects.
  • The operating system is an owner of all objects.

Answer : All objects have an owner, and this owner has full control over that specific object.

A company has implemented a policy stating that users will only receive access to the systems

needed to perform their job duties. This is an example of:



Options are :

  • least privilege
  • concurrent session control
  • access control (Correct)
  • separation of duties

Answer : access control

Which description is true about the process of securely removing information from media (e.g.

hard drive) for future use?



Options are :

  • Destruction
  • Sanitization (Correct)
  • Deleting
  • Reformatting

Answer : Sanitization

Why implement security logging on a DNS server?



Options are :

  • To monitor unauthorized zone transfers (Correct)
  • To perform penetration testing on the DNS server
  • To measure the DNS server performance
  • To control unauthorized DNSDoS

Answer : To monitor unauthorized zone transfers

Which of the following can be used to implement a procedure to control inbound and outbound

traffic on a network segment?



Options are :

  • ACL (Correct)
  • NIDS
  • HIDS
  • Proxy

Answer : ACL

The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and

procedures needed to create, manage, store, distribute, and revoke digital certificates. An

executive uses PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the

body of the email, the executive wants to encrypt the signature so that the assistant can verify that

the email actually came from the executive. Which asymmetric key should be used by the

executive to encrypt the signature?



Options are :

  • Shared
  • Private (Correct)
  • Hash
  • Public

Answer : Private

Which one of the following items will permit an administrator to find weak passwords on the

network?



Options are :

  • A password generator
  • A hash function
  • A networkmapper
  • A rainbow table (Correct)

Answer : A rainbow table

Which method is LEAST intrusive to check the environment for known software flaws?



Options are :

  • Vulnerability scanner (Correct)
  • Penetration test.
  • Port scanner
  • Protocol analyzer

Answer : Vulnerability scanner

What technology is able to isolate a host OS from some types of security threats?



Options are :

  • Virtualization (Correct)
  • Cloning
  • Kiting
  • Intrusion detection

Answer : Virtualization

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions