ComptiA Security+ Certification Exam Questions and answer - Part 44

1. A security analyst is working on a project that requires the implementation of a stream cipher. Which of the following should the analyst use?

A) Hash function
B) Elliptic curve
C) Symmetric algorithm
D) Public key cryptography



2. A security administrator installed a new network scanner that identifies new host systems on the network. Which of the following did the security administrator install?

A) Rogue system detection
B) Network-based IDS
C) Vulnerability scanner
D) Configuration compliance scanner



3. A security analyst wants to harden the company - s VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring?

A) Require SIPS on connections to the PBX.
B) Place the phones and PBX in their own VLAN.
C) Restrict the phone connections to the PBX.
D) Implement SRTP between the phones and the PBX.



4. A security analyst is assessing a small company - s internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Choose two.)(Select 2answers)

A) Verify alignment with policy related to regulatory compliance
B) Run an exploitation framework to confirm vulnerabilities
C) Compare configurations against platform benchmarks
D) Confirm adherence to the company - s industry-specific regulations
E) Review the company - s current security baseline


5. A security analyst accesses corporate web pages and inputs random data in the forms. The response received includes the type of database used and SQL commands that the database accepts. Which of the following should the security analyst use to prevent this vulnerability?

A) Pointer dereference
B) Input validation
C) Application fuzzing
D) Error handling