Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 7:  Practice Exam Answers

Previous Topic/Section
Answers to Questions 31-35
Previous Page
Pages in Current Topic/Section
Next Page
Answers to Questions 41-45
Next Topic/Section

Answers to Questions 36-40

36. TACACS+ is an update to TACACS and is backwards compatible. True/False

A. True

B. False

Explanation: Despite the similarity of the Acronym's TACACS+ is NOT compatible with TACACS (Terminal Access Controller Access Control System)



37. The SA (Security Association) for IPSec is managed by




D. SecurID


Explanation: The Internet Security Association and Key Management Protocol (ISAKMP) define a framework for security association management and cryptographic key establishment for the Internet.

AH and ESP are types of IPSec communications, but they do not manage SA's. AES is an encryption algorithm.

& Section 2.1.7: IPSec


38. WEP has security issues because:

A. It was limited by export regulations

B. It uses RC4, a stream cipher. WEP needs an Initialization Vector for RC 4 to overcome the "lossy" nature of radio. The short key length of IV forces reuse.

C. 802.11 was not meant to be secure

D. All choices are correct

E. No choice is correct

Explanation: WEP uses RC4 (a shared-secret stream cipher). An IV is needed to overcome signal loss. The short key length forces the IV key to re-use, a no-no in basic security concepts.

& Section 2.1.8: (Remote Access) Vulnerabilities


39. SPAM carries what sort of costs (choose all that apply):

A. Loss of productivity

B. Loss of bandwidth

C. Revenue drain supporting un-wanted traffic

D. Credit card fraud losses

Explanation: Because it is cheap to purchase email addresses, there is a great deal of spam. The sheer volume of spam costs productivity time deleting it, consumes bandwidth, requiring additional bandwidth to be purchased.

Depending on the content of spam, a user subjected to it could suffer a credit card fraud loss, but that is not the main issue with Spam.

& Section Spam


40. Email hoaxes:

A. Spread fear

B. Cost productivity

C. Improve a firm's image

D. Have no impact

Explanation: This one is obvious. Refer to the web links for sites to confirm hoaxes.

& Section Hoaxes

Previous Topic/Section
Answers to Questions 31-35
Previous Page
Pages in Current Topic/Section
Next Page
Answers to Questions 41-45
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.