CompTIA Security+ CertMaster Test with
Verified Answers
Employees have the ability to download certain applications onto their
workstations to complete work functions. The CIO installed a reliable method to
ensure that no modifications to the application have occurred. What method of
validation did the CIO implement? - ✅✅ Code signing
A network administrator is importing a list of certificates from an online source, so
that employees can use a chain of trust and communicate securely with public
websites. Which type of certificate is the network administrator currently
importing? - ✅✅ Root
Which certificate format allows the transfer of private keys and is password
protected? - ✅✅ PFX
A company has a two-level certificate authority (CA) hierarchy. One of the CA
servers is offline, while the others are online. Which statements are true of online
and offline CAs? - ✅✅ -An online root is required to add an intermediate CA.
-An online CA is needed in order to publish a CRL.
An independent penetration testing company is invited to test a company's legacy
banking application developed for Android phones. It uses Secure Sockets
Layer/Transport Layer Security (SSL/TLS) certificates. Penetrations tests reveal
the connections with clients were vulnerable to a Man-in-the-Middle (MITM)
attack. How does the company prevent this from happening in the public Internet?
- ✅✅ Use certificate pinning
In a Public Key Infrastructure (PKI), which option best describes how users and
multiple Certificate Authorities (CA) interact with each other in a large
environment? - ✅✅ Trust model
A company with multiple types of archived encrypted data is looking to archive the
keys needed to decrypt the data. However, the company wants to separate the two
in order to heavily guard these keys. Analyze the scenario to determine the most
likely key placement. - ✅✅ Key escrow
, An authoritative server for a zone creates a Resource Records Set (rrset) signed
with a zone signing key. From the following Domain Name System (DNS) traits
and functions, what does this scenario demonstrate? - ✅✅ DNS Security
Extensions
The administrator in an exchange server needs to send digitally signed and
encrypted messages. What should the administrator use? - ✅✅ S/MIME
An organization uses a Session Initiation Protocol (SIP) endpoint for establishing
communications with remote branch offices. Which of the following protocols will
provide encryption for streaming data during the call? - ✅✅ SRTP
A web server will utilize a directory protocol to enable users to authenticate with
domain credentials. A certificate will be issued to the server to set up a secure
tunnel. Which protocol is ideal for this situation? - ✅✅ LDAPS
A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a
remote access server listening on port 443 to encrypt traffic with a client machine.
An ipsec (Internet Protocol Security) VPN can deliver traffic in two modes. One
mode encrypts only the payload of the IP packet. The other mode encrypts the
whole IP packet (header and payload). These two modes describe which of the
following? - ✅✅ Tunnel
Transport
Consider the principles of web server hardening and determine which actions a
system administrator should take when deploying a new web server in a
demilitarized zone (DMZ). - ✅✅ Establish a guest zone
Upload files using SSH
Use configuration templates
Which of the following protocols would secure file transfer services for an internal
network? - ✅✅ FTPES
Implementing Lightweight Directory Access Protocol Secure (LDAPS) on a web
server secures direct queries to which of the following? - ✅✅ Directory services
Select the vulnerabilities that can influence routing. - ✅✅ Source routing
Route injection
Software exploits
Verified Answers
Employees have the ability to download certain applications onto their
workstations to complete work functions. The CIO installed a reliable method to
ensure that no modifications to the application have occurred. What method of
validation did the CIO implement? - ✅✅ Code signing
A network administrator is importing a list of certificates from an online source, so
that employees can use a chain of trust and communicate securely with public
websites. Which type of certificate is the network administrator currently
importing? - ✅✅ Root
Which certificate format allows the transfer of private keys and is password
protected? - ✅✅ PFX
A company has a two-level certificate authority (CA) hierarchy. One of the CA
servers is offline, while the others are online. Which statements are true of online
and offline CAs? - ✅✅ -An online root is required to add an intermediate CA.
-An online CA is needed in order to publish a CRL.
An independent penetration testing company is invited to test a company's legacy
banking application developed for Android phones. It uses Secure Sockets
Layer/Transport Layer Security (SSL/TLS) certificates. Penetrations tests reveal
the connections with clients were vulnerable to a Man-in-the-Middle (MITM)
attack. How does the company prevent this from happening in the public Internet?
- ✅✅ Use certificate pinning
In a Public Key Infrastructure (PKI), which option best describes how users and
multiple Certificate Authorities (CA) interact with each other in a large
environment? - ✅✅ Trust model
A company with multiple types of archived encrypted data is looking to archive the
keys needed to decrypt the data. However, the company wants to separate the two
in order to heavily guard these keys. Analyze the scenario to determine the most
likely key placement. - ✅✅ Key escrow
, An authoritative server for a zone creates a Resource Records Set (rrset) signed
with a zone signing key. From the following Domain Name System (DNS) traits
and functions, what does this scenario demonstrate? - ✅✅ DNS Security
Extensions
The administrator in an exchange server needs to send digitally signed and
encrypted messages. What should the administrator use? - ✅✅ S/MIME
An organization uses a Session Initiation Protocol (SIP) endpoint for establishing
communications with remote branch offices. Which of the following protocols will
provide encryption for streaming data during the call? - ✅✅ SRTP
A web server will utilize a directory protocol to enable users to authenticate with
domain credentials. A certificate will be issued to the server to set up a secure
tunnel. Which protocol is ideal for this situation? - ✅✅ LDAPS
A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a
remote access server listening on port 443 to encrypt traffic with a client machine.
An ipsec (Internet Protocol Security) VPN can deliver traffic in two modes. One
mode encrypts only the payload of the IP packet. The other mode encrypts the
whole IP packet (header and payload). These two modes describe which of the
following? - ✅✅ Tunnel
Transport
Consider the principles of web server hardening and determine which actions a
system administrator should take when deploying a new web server in a
demilitarized zone (DMZ). - ✅✅ Establish a guest zone
Upload files using SSH
Use configuration templates
Which of the following protocols would secure file transfer services for an internal
network? - ✅✅ FTPES
Implementing Lightweight Directory Access Protocol Secure (LDAPS) on a web
server secures direct queries to which of the following? - ✅✅ Directory services
Select the vulnerabilities that can influence routing. - ✅✅ Source routing
Route injection
Software exploits
