Comptia Security+ - Chapter 1 Quiz -
Mastering Security Basics
1. Homer needs to send an email to his HR department with an attachment that
includes PII. He wants
to maintain the confidentiality of this attachment. Which of the following choices is the
BEST choice
to meet his needs?
A. Hashing
B. Digital signature
C. Encryption
D. Certificate - correct answer C. Encryption is the best choice to provide
confidentiality of any type of information, including
Personally Identifiable Information (PII). Hashing, digital signatures, and certificates all
provide
integrity, not confidentiality.
You want to ensure that messages sent from administrators to managers arrive
unchanged. Which
security goal are you addressing?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication - correct answer B. Integrity provides assurances that data has not
been modified, and integrity is commonly
enforced with hashing. Confidentiality prevents unauthorized disclosure of data but
doesn't address
modifications of data. Availability ensures systems are up and operational when needed
and uses fault
tolerance and redundancy methods. Authentication provides proof that users are who
they claim to be.
Your organization recently implemented two servers that act as failover devices for each
other.
Which security goal is your organization pursuing?
A. Safety
B. Integrity
C. Confidentiality
D. Availability - correct answer D. Your organization is pursuing availability. A failover
cluster uses redundant servers to ensure a
service will continue to operate even if one of the servers fail. Safety methods provide
safety for
personnel and other assets. Integrity methods ensure that data has not been modified.
Confidentiality
, methods such as encryption prevent the unauthorized disclosure of data.
Management at your company recently decided to implement additional lighting and
fencing around
the property. Which security goal is your company MOST likely pursuing?
A. Confidentiality
B. Integrity
C. Availability
D. Safety - correct answer D. Lighting and fencing are two methods that can enhance
the security goal of safety.
Confidentiality is enhanced with encryption and access controls. Integrity is enhanced
with hashing,
certificates, and digital signatures. Availability is enhanced with redundancy and fault-
tolerance
procedures.
You are logging on to your bank's web site using your email address and a password.
What is the
purpose of the email address in this example?
A. Identification
B. Authentication
C. Authorization
D. Availability - correct answer A. The email address provides identification for you
and your account. The password combined
with the email address provides authentication, proving who you are. Based on your
identity, you are
granted authorization to view your account details. Availability is unrelated to
identification,
authentication, and authorization.
Your organization has a password policy with a password history value of 12. What
does this
indicate?
A. Your password must be at least 12 characters long.
B. Twelve different passwords must be used before reusing the same password.
C. Passwords must be changed every 12 days.
D. Passwords cannot be changed until 12 days have passed. - correct answer B. The
password history indicates how many passwords a system remembers and how many
different passwords must be used before a password can be reused. Password length
identifies the
minimum number of characters. Password maximum age identifies when users must
change
passwords. Password minimum age identifies the length of time that must pass before
users can
change a password again.
Mastering Security Basics
1. Homer needs to send an email to his HR department with an attachment that
includes PII. He wants
to maintain the confidentiality of this attachment. Which of the following choices is the
BEST choice
to meet his needs?
A. Hashing
B. Digital signature
C. Encryption
D. Certificate - correct answer C. Encryption is the best choice to provide
confidentiality of any type of information, including
Personally Identifiable Information (PII). Hashing, digital signatures, and certificates all
provide
integrity, not confidentiality.
You want to ensure that messages sent from administrators to managers arrive
unchanged. Which
security goal are you addressing?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication - correct answer B. Integrity provides assurances that data has not
been modified, and integrity is commonly
enforced with hashing. Confidentiality prevents unauthorized disclosure of data but
doesn't address
modifications of data. Availability ensures systems are up and operational when needed
and uses fault
tolerance and redundancy methods. Authentication provides proof that users are who
they claim to be.
Your organization recently implemented two servers that act as failover devices for each
other.
Which security goal is your organization pursuing?
A. Safety
B. Integrity
C. Confidentiality
D. Availability - correct answer D. Your organization is pursuing availability. A failover
cluster uses redundant servers to ensure a
service will continue to operate even if one of the servers fail. Safety methods provide
safety for
personnel and other assets. Integrity methods ensure that data has not been modified.
Confidentiality
, methods such as encryption prevent the unauthorized disclosure of data.
Management at your company recently decided to implement additional lighting and
fencing around
the property. Which security goal is your company MOST likely pursuing?
A. Confidentiality
B. Integrity
C. Availability
D. Safety - correct answer D. Lighting and fencing are two methods that can enhance
the security goal of safety.
Confidentiality is enhanced with encryption and access controls. Integrity is enhanced
with hashing,
certificates, and digital signatures. Availability is enhanced with redundancy and fault-
tolerance
procedures.
You are logging on to your bank's web site using your email address and a password.
What is the
purpose of the email address in this example?
A. Identification
B. Authentication
C. Authorization
D. Availability - correct answer A. The email address provides identification for you
and your account. The password combined
with the email address provides authentication, proving who you are. Based on your
identity, you are
granted authorization to view your account details. Availability is unrelated to
identification,
authentication, and authorization.
Your organization has a password policy with a password history value of 12. What
does this
indicate?
A. Your password must be at least 12 characters long.
B. Twelve different passwords must be used before reusing the same password.
C. Passwords must be changed every 12 days.
D. Passwords cannot be changed until 12 days have passed. - correct answer B. The
password history indicates how many passwords a system remembers and how many
different passwords must be used before a password can be reused. Password length
identifies the
minimum number of characters. Password maximum age identifies when users must
change
passwords. Password minimum age identifies the length of time that must pass before
users can
change a password again.
