CompTIA Security+ CertMaster - Domain
3.0 Assessment Questions With 100%
Correct Answers
DNS Security Extensions - ✔✔ - An authoritative server for a zone creates a Resource
Records Set (RRSet) signed with a zone signing key. From the following Domain Name
System (DNS) traits and functions, what does this scenario demonstrate?
S/MIME - ✔✔ - The administrator in an exchange server needs to send digitally signed
and encrypted messages. What should the administrator use?
SRTP - ✔✔ - An organization uses a Session Initiation Protocol (SIP) endpoint for
establishing communications with remote branch offices. Which of the following
protocols will provide encryption for streaming data during the call?
LDAPS - ✔✔ - A web server will utilize a directory protocol to enable users to
authenticate with domain credentials. A certificate will be issued to the server to set up a
secure tunnel. Which protocol is ideal for this situation?
Tunnel
Transport - ✔✔ - A Transport Layer Security (TLS) Virtual Private Network (VPN)
requires a remote access server listening on port 443 to encrypt traffic with a client
machine. An IPSec (Internet Protocol Security) VPN can deliver traffic in two modes.
One mode encrypts only the payload of the IP packet. The other mode encrypts the
whole IP packet (header and payload). These two modes describe which of the
following? (Select all that apply.)
Establish a guest zone
Upload files using SSH
, Use configuration templates - ✔✔ - Consider the principles of web server hardening and
determine which actions a system administrator should take when deploying a new web
server in a demilitarized zone (DMZ). (Select all that apply.)
FTPES - ✔✔ - Which of the following protocols would secure file transfer services for an
internal network?
Directory services - ✔✔ - Implementing Lightweight Directory Access Protocol Secure
(LDAPS) on a web server secures direct queries to which of the following?
Source routing
Route injection
Software exploits - ✔✔ - Select the vulnerabilities that can influence routing. (Select all
that apply.)
Provision SSO access. - ✔✔ - Management has set up a feed or subscription service to
inform users on regular updates to the network and its various systems and services.
The feed is only accessible from the internal network. What else can systems
administrators do to limit the service to internal access?
Prevent malicious traffic between VMs
Protection from zero day attacks - ✔✔ - A small organization operates several virtual
servers in a single host environment. The physical network utilizes a physical firewall
with NIDS for security. What would be the benefits of installing a Host Intrusion
Prevention System (HIPS) at the end points? (Select all that apply.)
Measured boot - ✔✔ - Which of the following would secure an endpoint and provide
attestation signed by a trusted platform module (TPM)?
3.0 Assessment Questions With 100%
Correct Answers
DNS Security Extensions - ✔✔ - An authoritative server for a zone creates a Resource
Records Set (RRSet) signed with a zone signing key. From the following Domain Name
System (DNS) traits and functions, what does this scenario demonstrate?
S/MIME - ✔✔ - The administrator in an exchange server needs to send digitally signed
and encrypted messages. What should the administrator use?
SRTP - ✔✔ - An organization uses a Session Initiation Protocol (SIP) endpoint for
establishing communications with remote branch offices. Which of the following
protocols will provide encryption for streaming data during the call?
LDAPS - ✔✔ - A web server will utilize a directory protocol to enable users to
authenticate with domain credentials. A certificate will be issued to the server to set up a
secure tunnel. Which protocol is ideal for this situation?
Tunnel
Transport - ✔✔ - A Transport Layer Security (TLS) Virtual Private Network (VPN)
requires a remote access server listening on port 443 to encrypt traffic with a client
machine. An IPSec (Internet Protocol Security) VPN can deliver traffic in two modes.
One mode encrypts only the payload of the IP packet. The other mode encrypts the
whole IP packet (header and payload). These two modes describe which of the
following? (Select all that apply.)
Establish a guest zone
Upload files using SSH
, Use configuration templates - ✔✔ - Consider the principles of web server hardening and
determine which actions a system administrator should take when deploying a new web
server in a demilitarized zone (DMZ). (Select all that apply.)
FTPES - ✔✔ - Which of the following protocols would secure file transfer services for an
internal network?
Directory services - ✔✔ - Implementing Lightweight Directory Access Protocol Secure
(LDAPS) on a web server secures direct queries to which of the following?
Source routing
Route injection
Software exploits - ✔✔ - Select the vulnerabilities that can influence routing. (Select all
that apply.)
Provision SSO access. - ✔✔ - Management has set up a feed or subscription service to
inform users on regular updates to the network and its various systems and services.
The feed is only accessible from the internal network. What else can systems
administrators do to limit the service to internal access?
Prevent malicious traffic between VMs
Protection from zero day attacks - ✔✔ - A small organization operates several virtual
servers in a single host environment. The physical network utilizes a physical firewall
with NIDS for security. What would be the benefits of installing a Host Intrusion
Prevention System (HIPS) at the end points? (Select all that apply.)
Measured boot - ✔✔ - Which of the following would secure an endpoint and provide
attestation signed by a trusted platform module (TPM)?
