Answer: D 

Explanation: 

Answer: A 

Explanation: 

Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place. 

Answer: C 

Explanation: 

Biometrics is an authentication process that makes use of physical characteristics to establish identification. This will prevent users making use of others credentials. 

Answer: B,E 

Explanation: 

B: The Data Encryption Standard (DES) has been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES. It’s based on a 56-bit key and has several modes that offer security and integrity. It is now considered insecure because of the small key size. 

E: Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys). 

Answer: A 

Explanation: Of the options supplied, WiFi Protected Access (WPA) is the most secure and is the replacement for WEP. 

Answer: A,F 

Explanation: 

We can use SSH to encrypt the transmission and PGP/GPG to encrypt the data at rest (on disk). 

A: Secure Shell (SSH) is a cryptographic protocol that can be used to secure network communication. It establishes a secure tunnel over an insecure network. 

F: Pretty Good Privacy (PGP) is a data encryption and decryption solution that can be used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. 

Answer: B 

Explanation: 

Encryption is used to protect data/contents/documents. Access control refers to controlling who accesses any data/contents/documents and to exercise authorized control to the accessing of that data. 

Answer: C 

Explanation: 

The most important countermeasure against password crackers is to use long, complex passwords, which are changed regularly. Password-cracking tools compare hashes from potential passwords with the hashes stored in the accounts database. Each potential password is hashed, and that hash value is compared with the accounts database. If a match is found, the password-cracker tool has discovered a password for a user account. 

Answer:  

Explanation: 

References: 

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, 

Indianapolis, 2014, p 369 

Answer: B,D 

Explanation: 

This is an example of both a logic bomb and a backdoor. The logic bomb is configured to ‘go off’ or activate one week after her account has been disabled. The reactivated account will provide a backdoor into the system. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called "time bombs". To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set 

time are not normally regarded as logic bombs. 

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal 

authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, 

and so on, while attempting to remain undetected. The backdoor may take the form of an installed 

program (e.g., Back Orifice) or may subvert the system through a rootkit. 

A backdoor in a login system might take the form of a hard coded user and password combination 

which gives access to the system.