| Author |
Confused questions!!
|
|
| mharoun 2003-12-25, 11:30 am |
| . | |
|
| I was going answer these questions, but on reflection I suggest that you go read a decent reference book concerning these and leave the dump sites alone. | |
|
|
| mharoun 2003-12-25, 3:47 pm |
| . | |
| mharoun 2003-12-25, 3:50 pm |
| . | |
| azimuth40 2003-12-25, 4:30 pm |
| Passing Security+ requires a bit of deductive reasoning. Maybe you should examine your last post to determine where your reasoning is bad.
I agree with RussS and I have not looked at any dump sites. I recognize the questions because you posted them in this thread. Since you posted the answers, if they are in fact dumps then you have violated the webmasters usage terms of this web site. I think that you agreed to those terms when you became a member. | |
|
| mharoun
Yes I have seen many dumps. The students I help tutor have on many occasions tried to argue with the facts in the text we use by using what they have found in dumps as their argument. However, when I can prove what we are teaching from several reputable sources they tend to leave dumps behind and actually learn facts.
One dump sheet of about 70 questions had almost a third incorrect. Hmmm, with the high mark needed to pass Sec+ that would have been an instant failure.
Oh - BTW, are you using your dump sheets to argue that the Sybex book has wrong answers?
I would suggest that if you think there are incorrect answers there that you cross reference with another reputable source.
Just another add-on ....
The security field is as much about ethics as anything else and I would suggest that by using dump sites you are making it quite obvious that you have no ethics - therefore you should try a different field. | |
| Qivalon 2003-12-26, 12:46 pm |
| I will try to help out, understand though that I am just starting to study Security + so my logical thoughts might be off...
1. In a typical file encryption process, the asymmetric algorithm is used to?
A. encrypt symmetric keys.
B. encrypt file contents.
C. encrypt certificates.
D. encrypt hash results.
Answer: A
A in my humble opinion is the best answer out these rotten answers. Asymmetric algorithms are algorithms that utilize two keys. Asymmetric encryption are for when the two keys are used, one is to encrypt data the other to decrypt the data. Symmetric encryption is when one key both encrypts and decrypts data. Overall this question is down right awful, if anyone can give a better answer please speak up!
2. Which tunneling protocol only works on IP networks?
A. IPX
B. L2TP
C. PPTP
D. SSH
Answer: B
A is for the SPX/IPX no IP in this suite. For B L2TP is a layer 2 tunneling protocol often used with VPNs so this would be a good answer. Now C is also a good answer as Point to Point Tunneling Protocol is also used for VPNs, however an alternate to PPTP is L2TP. D (secure has algorithm) is a one way has algorithm, and not a good choice if you are using IP.
So B is a good answer
3. What would NOT improve the physical security of workstations?
A. Lockable cases, keyboards, and removable media drives.
B. Key or password protected configuration and setup.
C. Password required to boot.
D. Strong passwords.
Answer: A
Why not D
Because this question was badly worded? B,C,and D you can group under logical security, A is physical. Drop the word NOT and you will solve this question
4. You are explaining SSL to a junior administrator and
come up to the topic of handshaking.
How many steps are employed between the client and server in the SSL handshake process?
A. Five
B. Six
C. Seven
D. Eight
Answer: B
Can Any one explaines these SIX steps?! I though they are 4!
For the life of me I can't find where they got these answers of five, six, seven, or eight. I double checked in the one book I had avaliable and on the internet and SSL only has 4 steps in a handshake. The closest I can come to any of these answers is CHAP which has 7 steps.
Anyone have more free time too look into this more? I would love to see where these answers come from!
Qivalon~ hope this helps some~
Oh, don't use dump sites you are trusting your certification to someone else's memory and integrity. | |
| DaDnDe 2003-12-30, 7:05 pm |
| what 4 steps do you have for SSL?
what 7 steps do you have for CHAP? | |
| jdmurray 2004-01-05, 4:08 pm |
| quote:
Can Any one explaines these SIX steps?! I though they are 4!
The conventional answer is that SSL has 6-step handshake process. The actual number of steps, of course, depends on how you break down the handshake into its atomic components. Some people might combine steps together and end up with fewer than six. If you throw optional mutual authentication into the SSL handshake (i.e., server authenticates client) then you end up with a 9-step process.
The bottom line is how many steps does CompTIA think are in the SSL handshake? | |
| Lucky13 2004-01-13, 3:48 pm |
| I had this question... and it drove me nutz. (plus I answered D on the test)
> 3. What would NOT improve the physical
> security of workstations?
>
> A. Lockable cases, keyboards, and
> removable media drives.
> B. Key or password protected
> configuration and setup.
> C. Password required to boot.
> D. Strong passwords.
>
> Answer: A
> Why not D
>
> Because this question was badly worded?
> B,C,and D you can group under logical
> security, A is physical. Drop the word
> NOT and you will solve this question
so whats the right answer??? | |
| DaDnDe 2004-01-13, 4:32 pm |
| well A would be right in the sense that keyboards and removable drives hurt security. and both are types of physical access.
most servers dont have keyboards for the purpose of creating one more obstacle for an intruder to have to deal with.
as far as removable drives. ive seen both and i think that is because some software is difficult to install over the network (maybe disabled, or not configured to install over network, CD encyrption or whatever) but if you cant pop in a floppy, it makes it that much harder to introduce a virus or copy info contained therein.
as far as lockable cases,(servers) if at all possible, you should have a lockable room. in my experience, lockable cases were only used when a separate secure room was unavailable.
and imho, locks on workstations are somethings that only keep honest people out. ive gotten into security screws, lockable cases, etc,... in fact when at school, we had a problem with students in the night class creating troubleshooting problems for each other.
however, many were going overboard by breaking into the cases and disconnecting floppies and hard drive interfaces, etc...
so that goes to show you how difficult the procedure can be... | |
| DaDnDe 2004-01-13, 4:35 pm |
| ooops... forgot the 2nd part of the question....
the rest of the answers dont apply to physical security and therefore cannot really be correct. | |
|
| 3. What would NOT improve the physical
> security of workstations?
>
> A. Lockable cases, keyboards, and
> removable media drives.
> B. Key or password protected
> configuration and setup.
> C. Password required to boot.
> D. Strong passwords.
>
> Answer: A
> Why not D
>
> Because this question was badly worded?
> B,C,and D you can group under logical
> security, A is physical. Drop the word
> NOT and you will solve this question
Questions like this is why this is going to be my LAST comptia test !!!
The Question is.. What would NOT !!!! improve the physical security of workstations?
I would pick B C and D anything doing with passwords would NOT!!! improve physical secruity
so your Answer to this question is to drop the "NOT" out of the question and then answer A which I totally agree. if the question was "What would improve the physical
security of workstations?" then A is the right anwser.
this is total bull !!! so I now have to reword the questions on this test to match the answers in order to pass ??? What the hell kinda of test is that ????????
Amagine taking a driving test or SAT's and having to reword test questions to fit answers !!! I am so discourage to take any other comptia tests anymore | |
| DaDnDe 2004-01-13, 5:42 pm |
| i strongly suggest that you get used to it.
fact is, that B, C, and D have nothing to do with physical security so they will not help or hurt PERIOD.
this type of mis-directed question tests how well you know the material. and it is used frequently (at least in most of the cert tests ive taken)
i guarantee you that nit-picking with the question will get you no where.
i agree that there are several mis-worded or poorly worded questions, but imho, i do not think that this is one of them.
even if the other answers had something to do with physical security, answer A addresses most all the physical vunerabilities anyway. | |
| azimuth40 2004-01-13, 7:45 pm |
| I agree you will see far more mis-direction in vendor specific tests. Wait until he sees Microsofts essay questions where only one or two sentences have anything directly to do with the answer. The rest of the information is solely for mis-direction. Microsoft tests won't even let you continue on unless you have scrolled through all the question including blank lines.
At least most CompTIA tests just require that you recognize NOT, IS NOT, WOULD NOT, and NEVER and then get on with it. Microsoft tests can put you to sleep with all the reading. | |
| RussS 2004-01-14, 12:23 am |
| ZzZzZzZzZzZzZzZzZzZz
Sorry, I was reading a MS practice question ;-)
As far as the physical security question - where did that come from? | |
| DaDnDe 2004-01-14, 4:02 pm |
| quote:
Originally posted by RussS
ZzZzZzZzZzZzZzZzZzZz
Sorry, I was reading a MS practice question ;-)
As far as the physical security question - where did that come from?
| |
| DaDnDe 2004-01-14, 4:04 pm |
| quote:
Originally posted by RussS
ZzZzZzZzZzZzZzZzZzZz
Sorry, I was reading a MS practice question ;-)
As far as the physical security question - where did that come from?
it was a question on a Sec+ study guide
PS... sorry about the above blank post. I hit enter by mistake and could not delete it. it just kept saying that i didnt have permission or wasnt logged in (although it said that i was)
in retrospect, i should have blanked the post and started over, but i was (as usual) doing 10 different things on 4 different computers and boo-boo'ed.
PSS... the "as usual" reference was refering to the boo-boo's... | |
| stingray 2004-01-29, 9:06 am |
| what do you think this question would mean?
A network administrator wants to restrict internal access to other parts of the network. The network restrictions must be implemented with the least amount of administrative overhead and must be hardware based. What is the best solution?
A. Implement firewalls between subnets to restrict access.
B. Implement a VLAN (Virtual Local Area Network) to restrict network access.
C. Implement a proxy server to restrict access.
D. Implement a VPN (Virtual Private Network).
Answer: B
it could be also A firewall.............because with vlan you don't implement security restriction but you must use acl on the router, so the question is confused!!!!
what do you think??????? | |
| jdmurray 2004-01-29, 9:24 am |
| Well, VLANs are used specifically to create seperate broadcast domains within a single LAN segement, while firewalls are not. You typically do not use a firewall between segments of an internal network. There are security restrictions with a VLAN, but not the same type as with a firewall.
This question is just testing if you know the difference between a VLAN and a VPN, proxy server, and firewall. | |
| DaDnDe 2004-02-02, 3:57 am |
| quote:
Originally posted by stingray
what do you think this question would mean?
A network administrator wants to restrict internal access to other parts of the network. The network restrictions must be implemented with the least amount of administrative overhead and must be hardware based. What is the best solution?
A. Implement firewalls between subnets to restrict access.
B. Implement a VLAN (Virtual Local Area Network) to restrict network access.
C. Implement a proxy server to restrict access.
D. Implement a VPN (Virtual Private Network).
Answer: B
it could be also A firewall.............because with vlan you don't implement security restriction but you must use acl on the router, so the question is confused!!!!
what do you think???????
it must be hardware based?
a VLAN qualifies as such? | |
| Tarzanboy 2004-02-02, 7:23 pm |
| A VLAN is implemented on a switch.
Cheers,
TB | |
| vjaarsvm 2004-02-18, 12:20 pm |
| (Tcat) There is a fine line between studying (teaching to the test) and braindumping (teaching THE test) -- Edited post.
While on the topic - I was struggeling with some questions as well - you've actually cleared up some of them ie multi-holmed + strong passwords 
But now the following:
<deleted>
In disaster recovery - on the original site, would you first resore <deleted>
<deleted> = provides authentication
without = confidentiality???
<deleted>???
<Deleted>
has(not encryption!) anybody heard of a "man-trap" used for physical security!?
(Tcat) Yes, I have.
Then one I've come accross often in sim exams: <deleted>
either - insist on strong authentication yes)
OR disable remote access until it's needed?
<deleted> itself.
Thanks - hope some of the above provide for some head banging (caused me a few!) | |
| vjaarsvm 2004-02-18, 12:25 pm |
| While on the topic - I was struggeling with some questions as well - you've actually cleared up some of them ie multi-holmed + strong passwords
(Tcat) Again: edited
But now the following:
<deleted>
64/128 bit???
AD - port number specific?
In disaster recovery - <deleted>
symmetric cryptography - <deleted>
Would a privaledge account be more vulnerable after the user is deleted or not?
or after a default installation is performed???
<deleted>
<deleted> used for physical security!?
Then one I've come accross often in sim exams: <deleted>
last one - Public Key cert <deleted>
Thanks - hope some of the above provide for some head banging (caused me a few!) | |
| Tarzanboy 2004-02-18, 5:10 pm |
| What is your source for the questions?
Cheers,
TB | |
|
| Boys and girls, you must clean this up or I will nuke the thread.
I will not digify a braindump discussion with what was memorized correctly and not.
I have put out enough *FREE* material to give anyone a fighting chance without resorting to illegal material or permitting its disussion.
-- Tcat | |
|
|
| vjaarsvm 2004-02-19, 9:00 am |
| My apologies for replying again and clearing up the "confusion".
There IS a difference in dumping the questions on site - OR - trying to clear up a misconception.
As well as the fact that you have braved that path before(and now need to do so again ) - and surely would recall???
It then still don't clear up the confusion of trying to confirm the correct solution with some discussion AFTER performing research on all the levels behind the scenes...
Some other sources:
Microsoft Sec Plus Questions
TestKing
which as far as I know is quite open.
Sorry for starting a discussion on something which might not have been as transparent to someone else as to you.
Regards,
Maritz | |
|
| Greetings Maritz,
It would be my preference to leave the thread intact, just cleaned up a bit.
I'm pretty confident that Microsoft press is a safe bet. In regards to the other choice, I am sorry to say... I hear numerous complaints.
Because I create my own work, both for free and for fee, I do not look at what anybody else is doing until my work is complete. I will never look at sites/work that are reported to me as not 100% legitimate.
So I can suspect were your questions that are in question, came from.
A safe bet is to get my free work: Decrypting the Security+ Beta Exam
That was written before the Beta test came out. Feel free to use that for discussion launch points in addition to Microsoft press, exam cram 2, etc.
If you are not sure of a source, please feel free to PM me here. I will respond as soon as I get your message. |
|
|
|