Answers to Questions 31-35
31. ActiveX controls can be digitally signed using a technology called:
A. Java Applet
Explanation: The ActiveX code is bundled into a single file called an ActiveX control. ActiveX controls can be digitally signed using Microsoft's Authenticode technology. Internet Explorer can be configured to disregard any ActiveX control that isn't signed, to run only ActiveX controls that have been signed by specific publishers, or to accept ActiveX controls signed by any registered software publisher. ActiveX controls do not run in a sandbox. The burden is on the user to determine which ActiveX controls s/he feels are "safe" to run.
Applets and CGI are alternate types of content, and a sandbox refers to a protected area of the system in which web content runs.
& Section 220.127.116.11: ActiveX
32. Which of the following represents code that is dormant until triggered by a predetermined event?
A. Logic bomb
Explanation: A resident computer program that, when executed, checks for particular conditions or particular states of the system which, when satisfied, triggers the perpetration of an unauthorized act.
A virus is a self-replicating program; a worm is a program capable of replicating across the network. Snort is a commonly-used utility program.
& Section 1.5.3: Logic Bomb
33. With IPSEC, in each encrypted session we can find ____________ SA(s) for EACH direction.
Explanation: All implementations of IPSec must have a security association. The security association is a one-way connection that affords security services to the traffic carried by it. This means that in an encrypted session, there are two security associations - one for each direction. Security services are offered by either the Authentication Header (AH) or the Encapsulating Security Payload (ESP), but not both.
& Section 2.1.7: IPSec
34. Remote Access generally offers
A. The same rights and restrictions as are available on the LAN
B. Some of the rights and restrictions as are available as on the LAN
C. Different rights and restrictions as available on the LAN.
D. No choice is correct.
Explanation: Remote access frequently goes through a more stringent security procedure than local login. And if the account name used for remote is the same as what is used locally, it has the identical rights and restrictions unless you've added a firewall between your remote access server and your internal network.
& Section 2.1: Remote Access
35. A centralized database of remote users for a multi-site network typically uses
E. No choice is correct
Explanation: RADIUS (Remote Authentication Dial-In User Service) lowers administration costs and increases security by having a centralized database for authenticating remote users. PAP is the simplest of authentication protocols, which uses clear text.
& Section 2.1.3: RADIUS
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.