SECURITY+ CERTMASTER ASSESSMENT
QUESTION WITH 100% CORRECT ANSWERS
A guard station deploys a new security device to use to access a classified data station. It is
sensitive to speed and pressure, what type of behavioral technology is this testing for? -
✔️✔️Signature recognition
Consider the PKI Trusty Model, what best protects against compromise? - ✔️✔️Intermediate CA
Intermediate - in the middle of others
Cross Signed by a root CA or another intermediate CA, therefor, not a single point of failure.
Since it is signed by others it is safer than things signed by themselves.
Possible network breach on a linux system; using command line tools to collect routing data,
you discover UDP communications are not working right, what tool would you have issues
with? - ✔️✔️traceroute - performs route discovery in linux
Which event is not conducted during data aggregation in SIEM - ✔️✔️Link observables into a
meaningful indicator if risk, or indicator of compromise
(data aggregation means collection of data and expressed into a summary form)
A user attempts to use a smart card for kerberos authentication, if the user is successfully
authenticated, how does the authentication server respond? - ✔️✔️A session key is issued
A network engineer sets up a secure wireless network, and decides to use EAP-FAST, what
authentication protocol does the engineer implement? - ✔️✔️Protected Access Credential (PAC)
instead of a certificate.
, An organization hires a pen tester, the tester achieves a connection to a perimeter server,
which technique allows the tester to bypass a network boundary from this advantage? -
✔️✔️Pivoting
What sensor type would you use to monitor specific systems via a switch? - ✔️✔️SPAN (Switched
Port Analyzer)
Mirror - Pretty much the same thing
A engineer configures a virtual private cloud. While trying to create a public subnet, the
engineer experiences difficulties. The issue is that the subnet remains private, when they want
it public. What might the problem be? - ✔️✔️The internet gateway is not configured as the
default route.
What configurations does IT need to put into place for FTPS - ✔️✔️Configure the use of port 990
Negotiate a tunnel prior to any exchange commands
What statement most accurately describes the function of key stretching? - ✔️✔️Key stretching
adds entropy to a user-generated password
What is an external threat? - ✔️✔️Abram, uses a quiz on social media to solicit answers to get
info.
What illustrates an advantage that a self-encrypting drive (SED) offers over full disk encryption
(FDE)? - ✔️✔️A self Encrypting Disk (SDE) , the drive controller than than the OS controls
cryptographic functions.
A server operates an IDS that enables a system administrator to verify that key system files
match an authorized versions. What illustrates the implementation of this feature? - ✔️✔️Host-
Based intrusion detection systems (HIDS) with file integrity monitoring (FIM)
QUESTION WITH 100% CORRECT ANSWERS
A guard station deploys a new security device to use to access a classified data station. It is
sensitive to speed and pressure, what type of behavioral technology is this testing for? -
✔️✔️Signature recognition
Consider the PKI Trusty Model, what best protects against compromise? - ✔️✔️Intermediate CA
Intermediate - in the middle of others
Cross Signed by a root CA or another intermediate CA, therefor, not a single point of failure.
Since it is signed by others it is safer than things signed by themselves.
Possible network breach on a linux system; using command line tools to collect routing data,
you discover UDP communications are not working right, what tool would you have issues
with? - ✔️✔️traceroute - performs route discovery in linux
Which event is not conducted during data aggregation in SIEM - ✔️✔️Link observables into a
meaningful indicator if risk, or indicator of compromise
(data aggregation means collection of data and expressed into a summary form)
A user attempts to use a smart card for kerberos authentication, if the user is successfully
authenticated, how does the authentication server respond? - ✔️✔️A session key is issued
A network engineer sets up a secure wireless network, and decides to use EAP-FAST, what
authentication protocol does the engineer implement? - ✔️✔️Protected Access Credential (PAC)
instead of a certificate.
, An organization hires a pen tester, the tester achieves a connection to a perimeter server,
which technique allows the tester to bypass a network boundary from this advantage? -
✔️✔️Pivoting
What sensor type would you use to monitor specific systems via a switch? - ✔️✔️SPAN (Switched
Port Analyzer)
Mirror - Pretty much the same thing
A engineer configures a virtual private cloud. While trying to create a public subnet, the
engineer experiences difficulties. The issue is that the subnet remains private, when they want
it public. What might the problem be? - ✔️✔️The internet gateway is not configured as the
default route.
What configurations does IT need to put into place for FTPS - ✔️✔️Configure the use of port 990
Negotiate a tunnel prior to any exchange commands
What statement most accurately describes the function of key stretching? - ✔️✔️Key stretching
adds entropy to a user-generated password
What is an external threat? - ✔️✔️Abram, uses a quiz on social media to solicit answers to get
info.
What illustrates an advantage that a self-encrypting drive (SED) offers over full disk encryption
(FDE)? - ✔️✔️A self Encrypting Disk (SDE) , the drive controller than than the OS controls
cryptographic functions.
A server operates an IDS that enables a system administrator to verify that key system files
match an authorized versions. What illustrates the implementation of this feature? - ✔️✔️Host-
Based intrusion detection systems (HIDS) with file integrity monitoring (FIM)
