comptia sy0-201

CompTIA SY0-201

CompTIA Security+ (2008 Edition) ExamPractice Test

Version: 7.19

Actua

lTests

.com

QUESTION NO: 1

Which of the following cryptography types provides the same level of security but uses smaller keysizes and less computational resources than logarithms which are calculated against a finite field?

A. Elliptical curve B. Diffie-Hellman C. Quantum D. El Gamal

Answer: AExplanation:

QUESTION NO: 2

Which of the following BEST describes the purpose of fuzzing?

A. To decrypt network sessions B. To gain unauthorized access to a facility C. To hide system or session activity D. To discover buffer overflow vulnerabilities

Answer: DExplanation:

QUESTION NO: 3

A security administrator is reviewing remote access and website logs. The administrator noticesthat users have been logging in at odd hours from multiple continents on the same day. Thesecurity administrator suspects the company is the victim of which of the following types of attack?

A. TCP/IP hijacking B. Spoofing C. Replay D. Domain name kiting

Answer: CExplanation:

QUESTION NO: 4

Which of the following is the default rule found in a corporate firewalls access control list?

CompTIA SY0-201: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com 2

Actua

lTests

.com

A. Anti-spoofing B. Permit all C. Multicast list D. Deny all


QUESTION NO: 5

Which of the following is the BEST choice of cryptographic algorithms or systems for providingwhole disk encryption?

A. One time pad B. PGP C. MD5 D. TKIP


QUESTION NO: 6

Which of the following allows a malicious insider to covertly remove information from anorganization?

A. NAT traversal B. Steganography C. Non-repudiation D. Protocol analyzer

Answer: BExplanation:

QUESTION NO: 7

The server log shows 25 SSH login sessions per hour. However, it is a large company and theadministrator does not know if this is normal behavior or if the network is under attack. Whereshould the administrator look to determine if this is normal behavior?

A. Change management



Actua

lTests

.com

B. Code review C. Baseline reporting D. Security policy


QUESTION NO: 8

Which of the following is the BEST approach to perform risk mitigation of user access controlrights?

A. Conduct surveys and rank the results. B. Perform routine user permission reviews. C. Implement periodic vulnerability scanning. D. Disable user accounts that have not been used within the last two weeks.


QUESTION NO: 9

Which of the following software should a security administrator implement if several users arestating that they are receiving unwanted email containing advertisements?

A. Host-based firewalls B. Anti-spyware C. Anti-spam D. Anti-virus


QUESTION NO: 10

Adding a second firewall to the perimeter of a network would provide:

A. user VLANs. B. failover capability. C. additional bandwidth. D. management of VLANs.



Actua

lTests

.com


QUESTION NO: 11

The security administrator is tasked with authenticating users to access an encrypted database.Authentication takes place using PKI and the encryption of the database uses a separatecryptographic process to decrease latency. Which of the following would describe the use ofencryption in this situation?

A. Private Key encryption to authenticate users and private keys to encrypt the database B. Private Key encryption to authenticate users and public keys to encrypt the database C. Public key encryption to authenticate users and public keys to encrypt the database D. Public key encryption to authenticate users and private keys to encrypt the database


QUESTION NO: 12

A security device prevents certain users from accessing the network remotely with specificapplications, but allows VPN connections without any issues. Which of the following accesscontrol models is being used?

A. Mandatory B. Rule-based C. Discretionary D. Role-based


QUESTION NO: 13

Which of the following would provide the MOST reliable proof that a datacenter was accessed at acertain time of day?

A. Video surveillance B. Security log C. Entry log D. Proximity readers



Actua

lTests

.com


QUESTION NO: 14

Which of the following application attacks typically involves entering a string of characters andbypassing input validation to display additional information?

A. Session hijacking B. Zero day attack C. SQL injection D. Cross-site scripting


QUESTION NO: 15

Which of the following IDS/IPS systems is used to protect individual servers?

A. NIPS B. NAC C. GRE D. HIPS


QUESTION NO: 16

Which of the following technologies directly addresses the need to restrict employees frombrowsing inappropriate websites?

A. Bastion host B. Firewall C. Proxy server D. Content filter




Actua

lTests

.com

QUESTION NO: 17

A security administrator working for a health insurance company needs to protect customer databy installing an HVAC system and a mantrap in the datacenter. Which of the following are beingaddressed? (Select TWO).

A. Integrity B. Recovery C. Clustering D. Confidentiality E. Availability

Answer: A,EExplanation:

QUESTION NO: 18

Which of the following camera types would allow a security guard to track movement from onespot throughout a data center?

A. CCTV system B. PTZ camera C. Analog camera D. Digital camera


QUESTION NO: 19

A user reports they are receiving odd emails. Upon investigation, the administrator finds that mostof the users email boxes appear to be full and bouncing inbound emails at an alarming rate. Whichof the following is MOST likely causing the problem?

A. There is a worm attacking the network. B. the SMTP relay is not secured. C. There is a virus attacking the email server. D. The network is infected by adware.




Actua

lTests

.com

QUESTION NO: 20

Which of the following describes when forensic hashing should occur on a drive?

A. After the imaging process and before the forensic image is captured B. Before the imaging process and then after the forensic image is created C. After the imaging process and after the forensic image is captured D. Before and after the imaging process and then hash the forensic image


QUESTION NO: 21

A new file share has been created to store confidential exit interviews. Which of the followingemployees should have access to the file share?

A. Human Resources Manager B. Chief Financial Officer C. Human Resources Recruiter D. System Administrator


QUESTION NO: 22

Which of the following is a valid three factor authentication combination?

A. PIN, thumb print, proximity card B. PIN, proximity card, key C. Retina scan, thumb print, proximity card D. PIN, thumb print, retina scan


QUESTION NO: 23

A security administrator reviews the NIDS logs and notices fourteen unsuccessful logins with asubsequent successful login to a DMZ switch from a foreign IP address. Which of the followingcould have led to this network device being accessed?



Actua

lTests

.com

A. Default account B. Privilege escalation C. Denial of service D. Strong password


QUESTION NO: 24

Which of the following has an embedded cryptographic token?

A. PKI certificate B. TACACS C. ID badge D. Smartcard


QUESTION NO: 25

A company runs a site, which has a search option available to the general public. Theadministrator is reviewing the site logs and notices an external IP address searching on the site ata rate of two hits per second. This is an indication of which of the following?

A. Man-in-the-middle attack B. Data mining C. Cross-site scripting attack D. Denial of Service (DoS)


QUESTION NO: 26

Which of the following allows an attacker to identify vulnerabilities within a closed source softwareapplication?

A. Fuzzing B. Compiling



Actua

lTests

.com

C. Code reviews D. Vulnerability scanning


QUESTION NO: 27

Using a combination of a fingerprint reader and retina scanner is considered how many factors ofauthentication?

A. One B. Two C. Three D. Four


QUESTION NO: 28

Instead of giving a security administrator full administrative rights on the network, the administratoris given rights only to review logs and update security related network devices. Additional rightsare handed out to network administrators for the areas that fall within their job description. Whichof the following describes this form of access control?

A. Mandatory vacation B. Least privilege C. Discretionary D. Job rotation


QUESTION NO: 29

Which of the following is a way to immediately push and force a group policy to a workstation?

A. gpedit.msc B. gpresult.exe C. gpupdate.exe



Actua

lTests

.com

D. mmc.exe


QUESTION NO: 30

Which of the following authentication services can be used to provide router commands to enforcepolicies?

A. RADIUS B. Kerberos C. LDAP D. TACACS+


QUESTION NO: 31

Which of the following is the BEST tool to deploy on the company network to monitor and logemployees web surfing activity?

A. Firewall B. Honeypot C. Proxy server D. Protocol analyzer


QUESTION NO: 32

A security administrator is implementing a solution that can integrate with an existing server andprovide encryption capabilities. Which of the following would meet this requirement?

A. Mobile device encryption B. Full disk encryption C. TPM D. HSM



Actua

lTests

.com


QUESTION NO: 33

When using USB devices to transfer data from one workstation to another, which of the followingshould be performed?

A. Scan with antivirus software. B. Disable USB ports on the workstation. C. Format the device. D. Use a new USB device to ensure security.


QUESTION NO: 34

A Human Resource manager is assigning access to users in their specific department performingthe same job function. This is an example of:

A. role-based access control. B. rule-based access control. C. centralized access control. D. mandatory access control.


QUESTION NO: 35

Which of the following ensures that an authorized employees access rights are based on a needto know?

A. Least privilege B. Job rotation C. Implicit deny D. Separation of duties




Actua

lTests

.com

QUESTION NO: 36

Which of the following is a technical control?

A. System security categorization requirement B. Baseline configuration development C. Contingency planning D. Least privilege implementation


QUESTION NO: 37

A programmer cannot change the production system directly and must have code changesreviewed and approved by the production system manager. Which of the following describes thiscontrol type?

A. Discretionary access control B. Separation of duties C. Security policy D. Job rotation


QUESTION NO: 38

Which of the following malware types is MOST commonly installed through the use of thumbdrives to compromise systems and provide unauthorized access?

A. Trojans B. Botnets C. Adware D. Logic bomb




Actua

lTests

.com

QUESTION NO: 39

Which of the following BEST describes an attack involving the interception and laterretransmission of the same network traffic?

A. Man-in-the-middle B. Domain name kiting C. Spoofing D. Replay


QUESTION NO: 40

Which of the following BEST describes COOP?

A. Determination of business impact based on an individual contingency and developingcountermeasures to that contingency B. Planning disaster recovery functions and system movements for a 24-48 hour period after adisaster C. Development of a BIA, BCP, DRP, ITCP and other relevant aspects of the continuity process D. Restoring mission essential functions at an alternate site and performing those functions for upto 30 days


QUESTION NO: 41

The network administrator is concerned about password security. Which of the following protocolsshould be used to remotely administer a router?

A. Telnet B. rlogin C. PGP D. SSH




Actua

lTests

.com

QUESTION NO: 42

A critical system in the datacenter is not connected to a UPS. The security administrator hascoordinated an authorized service interruption to resolve this issue. This is an example of which ofthe following?

A. Fault tolerance B. Continuity of operations C. Succession planning D. Data handling error


QUESTION NO: 43

Which of the following is the BEST reason to choose a vulnerability assessment over a penetrationtest?

A. The cost of OVAL vulnerability assessment tools B. The ability to banner grab from within the vulnerability assessment tool C. The high level of training available to staff regarding vulnerability assessments D. The low level of skill required to execute the vulnerability assessment


QUESTION NO: 44

Which of the following protocols would allow an attacker to gather the MOST information about anunsecured network printers configuration?

A. ICMP B. SNMP C. RBAC D. RTMP


QUESTION NO: 45



Actua

lTests

.com

The BEST way to protect the confidentiality of sensitive data entered in a database table is to use:

A. hashing. B. stored procedures. C. encryption. D. transaction logs.


QUESTION NO: 46

A professor at a university is given two keys. One key unlocks a classroom door and the otherlocks it. The key used to lock the door is available to all other faculty. The key used to unlock thedoor is only given to the professor. Which of the following cryptography concepts is illustrated inthe example above?

A. Key escrow exchange B. Asymmetric key sharing C. Exchange of digital signatures D. Symmetric key sharing


QUESTION NO: 47

In an effort to increase security, the security administrator revokes each users certificate after oneyear. Which of the following would keep an attacker from using the certificate?

A. RA B. CRL C. PKI D. CA


QUESTION NO: 48

WEP is seen as an unsecure protocol based on its improper use of which of the following?



Actua

lTests

.com

A. RC6 B. RC4 C. 3DES D. AES


QUESTION NO: 49

Which of the following solutions would a security administrator MOST likely perform if they weretrying to access several websites from a single workstation that were potentially dangerous (e.g.contain malware)?

A. Update and enable the anti-spam software. B. Update input validation schemes. C. Setup a virtual machine on that workstation. D. Secure rogue access points.


QUESTION NO: 50

A security engineer is troubleshooting a server in the DMZ, which cannot be reached from theInternet or the internal network. All other servers on the DMZ are able to communicate with thisserver. Which of the following is the MOST likely cause?

A. The server is configured to reject ICMP packets. B. The server is on the external zone and it is configured for DNS only. C. The server is missing the default gateway. D. The server is on the internal zone and it is configured for DHCP only.


QUESTION NO: 51

Which of the following is true about hardware encryption? (Select TWO).

A. It must use elliptical curve encryption.



Actua

lTests

.com

B. It requires a HSM file system. C. It only works when data is not highly fragmented. D. It is faster than software encryption. E. It is available on computers using TPM.

Answer: D,EExplanation:

QUESTION NO: 52

A security administrator would MOST likely put a network interface card into promiscuous mode touse which of the following utilities? (Select TWO).

A. Wireshark B. Nessus C. Tcpdump D. Nmap E. L0phtcrack

Answer: A,CExplanation:

QUESTION NO: 53

Which of the following would an administrator apply to mobile devices to BEST ensure theconfidentiality of data?

A. Screen locks B. Device encryption C. Remote sanitization D. Antivirus software


QUESTION NO: 54

Which of the following should be performed on a computer to protect the operating system frommalicious software? (Select TWO).

A. Disable unused services



Actua

lTests

.com

B. Update NIDS signatures C. Update HIPS signatures D. Disable DEP settings E. Install a perimeter firewall


QUESTION NO: 55

A security administrator is assigned to develop an IP address scheme for the corporate networkthat allows internal users to have an IP address that cannot be routed to the Internet. Which of thefollowing IP addresses would meet this requirement?

A. 10.127.0.5 B. 63.75.131.27 C. 172.40.75.95 D. 192.186.202.48


QUESTION NO: 56

Assigning access on a need-to-know basis is a best practice in which of the following controls?

A. Risk assessment B. Account management C. Patch management D. Vulnerability assessment


QUESTION NO: 57

In order to access the network, an employee must swipe their finger on a device. Which of thefollowing describes this form of authentication?

A. Single sign-on B. Multifactor



Actua

lTests

.com

C. Biometrics D. Tokens


QUESTION NO: 58

Which of the following will prevent inbound ICMP traffic between systems?

A. HIDS B. VPN C. Antivirus D. Personal firewall


QUESTION NO: 59

Which of the following is BEST used to prevent ARP poisoning attacks across a network?

A. VLAN segregation B. IPSec C. IP filters D. Log analysis


QUESTION NO: 60

Which of the following BEST describes a malicious application that attaches itself to other files?

A. Rootkits B. Adware C. Backdoors D. Virus




Actua

lTests

.com

QUESTION NO: 61

A physical server goes offline. It takes down six virtual web servers that it was hosting. This is anexample of which of the following vulnerabilities?

A. Man in the middle B. SQL injection C. Cross-site scripting D. Single point of failure


QUESTION NO: 62

A security administrator wants to determine what data is allowed to be collected from users of thecorporate Internet-facing web application. Which of the following should be referenced?

A. Privacy policy B. Human Resources policy C. Appropriate use policy D. Security policy


QUESTION NO: 63

A CA normally sends PKI data to which of the following servers?

A. Root Authority B. LDAP C. DHCP D. RAS


QUESTION NO: 64



Actua

lTests

.com

A security administrator with full administrative rights on the network is forced to temporarily taketime off of their duties. Which of the following describes this form of access control?

A. Separation of duties B. Discretionary C. Mandatory vacation D. Least privilege


QUESTION NO: 65

Which of the following are the BEST reasons to use an HSM? (Select TWO).

A. Encrypt the CPU L2 cache B. Recover keys C. Generate keys D. Transfer keys to the CPU E. Store keys

Answer: C,EExplanation:

QUESTION NO: 66

Which of the following will provide the HIGHEST level of wireless network security?

A. WPA2 B. SSH C. SSID D. WEP


QUESTION NO: 67

Which of the following would an administrator do to ensure that an application is secure and allunnecessary services are disabled?



Actua

lTests

.com

A. Baselining B. Application hardening C. Secure application coding D. Patch management


QUESTION NO: 68

Several existing, poorly documented networks have been integrated. Which of the following woulddefine expected traffic with the LOWEST impact on existing processes?

A. Configure the firewall to log all traffic and begin researching. B. Update all network services to use secure protocols. C. Configure the firewall to block all non-standard ports and review logs for blocked traffic. D. Update signatures on the intrusion detection devices and review alerts.


QUESTION NO: 69

The CRL allows:

A. new certificates to be generated. B. a centralized database of authenticated users. C. a recovery agent to decide which certificates to authenticate. D. immediate certificate revocation.


QUESTION NO: 70

A company hires a security firm to assess the security of the companys network. The companydoes not provide the firm with any internal knowledge or documentation of the network. Which ofthe following should the security firm perform?

A. Black hat B. Black box



Actua

lTests

.com

C. Gray hat D. Gray box


QUESTION NO: 71

An employees workstation is connected to the corporate LAN. Due to content filtering restrictions,the employee attaches a 3G Internet dongle to get to websites that are blocked by the corporategateway. Which of the following BEST describes a security implication of this practice?

A. A corporate LAN connection and a 3G Internet connection are acceptable if a host firewall isinstalled. B. The security policy should be updated to state that corporate computer equipment should bedual-homed. C. Content filtering should be disabled because it may prevent access to legitimate sites. D. Network bridging must be avoided otherwise it may join two networks of different classifications.


QUESTION NO: 72

The head of security wants to implement an IDS that relies on a baseline to send alerts whensuspicious traffic crosses the network. Which of the following BEST describes this type of IDSconfiguration?

A. Network-based IDS B. Host-based IDS C. Anomaly-based IDS D. Signature-based IDS


QUESTION NO: 73

Which of the following risks may result from improper use of social networking and P2P software?

A. Shoulder surfing



Actua

lTests

.com

B. Denial of service C. Information disclosure D. Data loss prevention


QUESTION NO: 74

An administrator needs to setup devices on a network that will make it possible for the company toseparate resources within the internal network. Which of the following BEST describes the needednetwork design?

A. DMZ B. VLAN C. NAT D. NAC


QUESTION NO: 75

Data can potentially be stolen from a disk encrypted, screen-lock protected, smart phone by whichof the following?

A. Bluesnarfing B. IV attack C. Honeynet D. SIM cloning


QUESTION NO: 76

As a computer forensic analyst, which of the following is MOST critical when working with multiplemachines?

A. Power off the machines as quickly as possible. B. Document all actions performed.



Actua

lTests

.com

C. Verify all data has been recently backed up. D. Check for the presence of RAID arrays.


QUESTION NO: 77

The administrator wishes to monitor incoming traffic, but does not want to risk accidentallyblocking legitimate traffic. Which of the following should the administrator implement?

A. A client-based firewall B. A DMZ C. A NIDS D. A HIPS


QUESTION NO: 78

A user reports that their home page is being redirected to an obscure website. An antivirus scanshows no abnormalities. Which of the following is the MOST probable cause?

A. Worm B. Botnet C. Spam D. Rootkit


QUESTION NO: 79

A company wants to sell some old cell phones on an online auction to recover some of the cost ofthe newer phones. Which of the following should be done to ensure the confidentiality of theinformation that is stored on the phones (e.g. client phone numbers and email communications)?

A. Degauss the phones for 30 minutes. B. Contact the vendor. C. Manually delete the phone book entries and all email in the phone.



Actua

lTests

.com

D. Perform a master reset.


QUESTION NO: 80

Which of the following BEST describes S/MIME certificates?

A. They use public and private keys. B. They provide non-repudiation. C. They make all emails a fixed size. D. They automatically append legal disclaimers to emails.


QUESTION NO: 81

An employee is processing classified information on a secured laptop and leaves the laptopunlocked in a public place. This negligence may BEST be attributed to:

A. a weak intrusion detection system. B. password complexity issues. C. absence of due diligence. D. lack of security education and awareness training.


QUESTION NO: 82

Which of the following is the primary concern when using a Halon fire suppression system to coveran entire data center?

A. Ample time to remove backup tapes B. Ample space to install servers near the system C. Adequate volume to cover all equipment D. Adequate evacuation time for personnel

Answer: C



Actua

lTests

.com

Explanation:

QUESTION NO: 83

A certificate that has been compromised should be published to which of the following?

A. AES B. CA C. CRL D. PKI


QUESTION NO: 84

When a user first moves into their residence, the user receives a key that unlocks and locks theirfront door. This key is only given to them but may be shared with others they trust. Which of thefollowing cryptography concepts is illustrated in the example above?

A. Asymmetric key sharing B. Exchange of digital signatures C. Key escrow exchange D. Symmetric key sharing


QUESTION NO: 85

Which of the following wireless security controls can be easily and quickly circumvented using onlya network sniffer? (Select TWO).

A. MAC filtering B. Disabled SSID broadcast C. WPA2-Enterprise D. EAP-TLS E. WEP with 802.1x

Answer: A,EExplanation:



Actua

lTests

.com

QUESTION NO: 86

Which of the following is a best practice to identify fraud from an employee in a sensitive position?

A. Acceptable usage policy B. Separation of duties C. False positives D. Mandatory vacations


QUESTION NO: 87

A security administrator is tasked with ensuring that all servers are highly available and that harddrive failure will not affect an individual server. Which of the following configurations will allow forhigh availability? (Select TWO).

A. Hardware RAID 5 B. Load sharing C. Server clustering D. Software RAID 1 E. Load balancing


QUESTION NO: 88

Which of the following is performed during a security assessment?

A. Remediate the machines with incorrectly configured controls. B. Quarantine the machines that have no controls in place. C. Determine which controls are operating as intended. D. Calculate the cost of bringing the controls back into compliance.




Actua

lTests

.com

QUESTION NO: 89

In the context of authentication models the concept of identification is BEST described as which ofthe following?

A. Providing identity documents to a new user based on approved paperwork. B. Verifying that a user is authorized to access a computer system. C. The last step in a three-factor authentication process. D. Verifying that a users identity matches a set of provided credentials.


QUESTION NO: 90

Which of the following provides the STRONGEST hashing?

A. AES512 B. SHA256 C. AES256 D. MD5


QUESTION NO: 91

Which of the following is the correct formula for calculating mean time to restore (MTTR)?

A. MTTR = (time of fail) / (time of restore) B. MTTR = (time of fail) - (time of restore) C. MTTR = (time of restore) - (time of fail) D. MTTR = (time of restore) x (time of fail)


QUESTION NO: 92

Which of the following represents the complexity of a password policy which enforces lower casepassword using letters from a through z where n is the password length?



Actua

lTests

.com

A. n26 B. 2n * 26 C. 26n D. n2 * 26


QUESTION NO: 93

MAC filtering is a form of which of the following?

A. Virtualization B. Network Access Control C. Virtual Private Networking D. Network Address Translation


QUESTION NO: 94

Which of the following would BEST prevent the theft of laptops located in the corporate office?

A. Install security cameras inside the building. B. Configure all laptops with passwords. C. Require all employees to use company supplied device locks to secure the laptops. D. Install locator software that sends its location back to the corporate office.


QUESTION NO: 95

Which of the following do environmental controls influence?

A. Wire shielding B. Room lighting C. Fire suppression D. System availability



Actua

lTests

.com


QUESTION NO: 96

Which of the following protocols would be the MOST secure method to transfer files from a hostmachine?

A. SFTP B. WEP C. TFTP D. FTP


QUESTION NO: 97

Which of the following would be a reason the IT department would disallow the use of USB flashstorage devices?

A. The stored data might be out of date with networked-stored equivalents. B. Users can inadvertently spread viruses. C. Data stored on the device may be copyrighted. D. Users might be using incompatible USB 1.0 technology.


QUESTION NO: 98

Which of the following is a vulnerability introduced into a hardware or software product by thedeveloper?

A. Null session B. Default account C. Weak password D. Back door




Actua

lTests

.com

QUESTION NO: 99

A network device blocking incoming traffic which does not match an internal request for traffic isconsidered to have:

A. stateful packet inspection. B. behavior based heuristics. C. an implicit allow rule. D. URL filtering.


QUESTION NO: 100

Which of the following is the GREATEST security risk posed by removable media?

A. Disclosure of cryptographic algorithms B. Loss of data integrity C. Disclosure of public keys D. Loss of confidential data


QUESTION NO: 101

Which of the following operating system characteristics allows malware propagation via USBstorage devices? (Select TWO).

A. Small size B. Autorun C. Large memory space D. Mobility E. Plug 'n play

Answer: B,EExplanation:



Actua

lTests

.com

QUESTION NO: 102

ARP poison routing attacks are an example of which of the following?

A. Distributed Denial of Service B. Smurf Attack C. Man-in-the-middle D. Vishing


QUESTION NO: 103

Which of the following logical access control methods would a security administrator need tomodify in order to control network traffic passing through a router to a different network?

A. Configuring VLAN 1 B. ACL C. Logical tokens D. Role-based access control changes


QUESTION NO: 104

Which of the following tools limits external access to the network?

A. IDS B. VLAN C. Firewall D. DMZ




Actua

lTests

.com

QUESTION NO: 105

Which of the following tools was created for the primary purpose of reporting the services that areopen for connection on a networked workstation?

A. Protocol analyzer B. Port scanner C. Password crackers D. Vulnerability scanner


QUESTION NO: 106

Which of the following is MOST likely to be an issue when turning on all auditing functions within asystem?

A. Flooding the network with all of the log information B. Lack of support for standardized log review tools C. Too much information to review D. Too many available log aggregation tools


QUESTION NO: 107

Upon opening the browser, a guest user is redirected to the company portal and asked to agree tothe acceptable use policy. Which of the following is MOST likely causing this to appear?

A. NAT B. NAC C. VLAN D. DMZ




Actua

lTests

.com

QUESTION NO: 108

USB devices with a virus delivery mechanism are an example of which of the following securitythreats?

A. Adware B. Trojan C. Botnets D. Logic bombs


QUESTION NO: 109

Cell phones with network access and the ability to store data files are susceptible to which of thefollowing risks?

A. Input validation errors B. SMTP open relays C. Viruses D. Logic bombs


QUESTION NO: 110

When establishing a connection between two IP based routers, which of the following protocols isthe MOST secure?

A. TFTP B. HTTPS C. FTP D. SSH




Actua

lTests

.com

QUESTION NO: 111

Which of the following algorithms provides better protection against brute force attacks by using a160-bit message digest?

A. MD5 B. SHA-1 C. LANMAN D. NTLM


QUESTION NO: 112

Which of the following access control technologies provides a rolling password for one-time use?

A. RSA tokens B. ACL C. Multifactor authentication D. PIV card


QUESTION NO: 113

Which of the following technologies is used to verify that a file was not altered?

A. RC5 B. AES C. DES D. MD5


QUESTION NO: 114



Actua

lTests

.com

Which of the following uses an RC4 key that can be discovered by eavesdropping on plain textinitialization vectors?

A. WEP B. TKIP C. SSH D. WPA


QUESTION NO: 115

An administrator wants to crack passwords on a server with an account lockout policy. Which ofthe following would allow this without locking accounts?

A. Try guessing passwords slow enough to reset the bad count interval. B. Try guessing passwords with brute force. C. Copy the password file offline and perform the attack on it. D. Try only real dictionary words.


QUESTION NO: 116

A user reports that each time they attempt to go to a legitimate website, they are sent to aninappropriate website. The security administrator suspects the user may have malware on thecomputer, which manipulated some of the user's files. Which of the following files on the user'ssystem would need to be checked for unauthorized changes?

A. SAM B. LMhosts C. Services D. Hosts


QUESTION NO: 117



Actua

lTests

.com

An administrator needs to limit and monitor the access users have to the Internet and protect theinternal network. Which of the following would MOST likely be implemented?

A. A heuristic firewall B. DNS caching on the client machines C. A pushed update modifying users' local host file D. A content-filtering proxy server


QUESTION NO: 118

Which of the following is a malicious program used to capture information from an infectedcomputer?

A. Trojan B. Botnet C. Worm D. Virus


QUESTION NO: 119

The security administrator needs to make a change in the network to accommodate a new remotelocation. The new location will be connected by a serial interface, off the main router, through acommercial circuit. This remote site will also have traffic completely separated from all other traffic.Which of the following design elements will need to be implemented to accommodate the newlocation?

A. VLANs need to be added on the switch but not the router. B. The NAT needs to be re-configured to allow the remote location. C. The current IP scheme needs to be subnetted. D. The switch needs to be virtualized and a new DMZ needs to be created




Actua

lTests

.com

QUESTION NO: 120

Which of the following is the MOST secure authentication method?

A. Smartcard B. Iris C. Password D. Fingerprints


QUESTION NO: 121

Mitigating security risks by updating and applying hot fixes is part of:

A. patch management. B. vulnerability scanning. C. baseline reporting. D. penetration testing.


QUESTION NO: 122

When reviewing IDS logs, the security administrator notices many events pertaining to a "NOOPsled". Which of the following attacks is occurring?

A. Man-in-the-middle B. SQL injection C. Buffer overflow D. Session hijacking


QUESTION NO: 123



Actua

lTests

.com

Which of the following is the MAIN difference between a hotfix and a patch?

A. Hotfixes follow a predetermined release schedule while patches do not. B. Hotfixes are smaller than patches. C. Hotfixes may be released at anytime and will later be included in a patch. D. Patches can only be applied after obtaining proper approval, while hotfixes do not needmanagement approval


QUESTION NO: 124

A vulnerability assessment was conducted against a network. One of the findings indicated an out-dated version of software. This is an example of weak:

A. security policies. B. patch management. C. acceptable use policies. D. configuration baselines.


QUESTION NO: 125

Which of the following tools can execute a ping sweep?

A. Protocol analyzer B. Anti-virus scanner C. Network mapper D. Password cracker


QUESTION NO: 126

Which of the following is a newer version of SSL?



Actua

lTests

.com

A. SSH B. IPSec C. TLS D. L2TP


QUESTION NO: 127

A technician visits a customer site which prohibits portable data storage devices. Which of thefollowing items would be prohibited? (Select TWO).

A. USB Memory key B. Bluetooth-enabled cellular phones C. Wireless network detectors D. Key card E. Items containing RFID chips

Answer: A,BExplanation:

QUESTION NO: 128

Which of the following is used when performing a qualitative risk analysis?

A. Exploit probability B. Judgment C. Threat frequency D. Asset value


QUESTION NO: 129

A certificate has been revoked, and the administrator has issued new keys. Which of the followingmust now be performed to exchange encrypted email?



Actua

lTests

.com

A. Exchange private keys with each other B. Recover old private keys C. Recover old public keys D. Exchange public keys with each other


QUESTION NO: 130

Exploitation of security vulnerabilities is used during assessments when which of the following istrue?

A. Security testers have clear and written authorization to conduct vulnerability scans. B. Security testers are trying to document vulnerabilities without impacting network operations. C. Network users have permissions allowing access to network devices with security weaknesses. D. Security testers have clear and written authorization to conduct penetration testing.


QUESTION NO: 131

Which of the following should a technician deploy to detect malicious changes to the system andconfiguration?

A. Pop-up blocker B. File integrity checker C. Anti-spyware D. Firewall


QUESTION NO: 132

In order to prevent data loss in case of a disk error which of the following options would anadministrator MOST likely deploy?



Actua

lTests

.com

A. Redundant connections B. RAID C. Disk striping D. Redundant power supplies


QUESTION NO: 133

A technician has installed security software; shortly thereafter the response time slowsconsiderably. Which of the following can be used to determine the effect of the new software?

A. Event logs B. System monitor C. Performance monitor D. Protocol analyzer


QUESTION NO: 134

After installing database software the administrator must manually change the defaultadministrative password, remove a default database, and adjust permissions on specific files.These actions are BEST described as:

A. vulnerability assessment. B. mandatory access control. C. application hardening. D. least privilege


QUESTION NO: 135

Which of the following is the BEST mitigation method to implement when protecting against adiscovered OS exploit?



Actua

lTests

.com

A. NIDS B. Patch C. Antivirus update D. HIDS


QUESTION NO: 136

Which of the following is the primary concern of governments in terms of data security?

A. Integrity B. Availability C. Cost D. Confidentiality


QUESTION NO: 137

Which of the following is BEST used to change common settings for a large number of deployedcomputers?

A. Group policies B. Hotfixes C. Configuration baselines D. Security templates


QUESTION NO: 138

Which of the following solutions would a company be MOST likely to choose if they wanted toconserve rack space in the data center and also be able to manage various resources on theservers?



Actua

lTests

.com

A. Install a manageable, centralized power and cooling system B. Server virtualization C. Different virtual machines on a local workstation D. Centralize all blade servers and chassis within one or two racks


QUESTION NO: 139

A rogue wireless network is showing up in the IT department. The network appears to be comingfrom a printer that was installed. Which of the following should have taken place, prior to thisprinter being installed, to prevent this issue?

A. Installation of Internet content filters to implement domain name kiting. B. Penetration test of the network to determine any further rogue wireless networks in the area. C. Conduct a security review of the new hardware to determine any possible security risks. D. Implement a RADIUS server to authenticate all users to the wireless network.


QUESTION NO: 140

Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?

A. Eavesdropping B. Process hiding C. Self-replication D. Popup displays


QUESTION NO: 141

Which of the following is used to generate keys in PKI?

A. AES



Actua

lTests

.com

B. RSA C. DES D. 3DES


QUESTION NO: 142

Which of the following methods is a best practice for granting access to resources?

A. Add ACLs to computers; add computers to groups. B. Add ACLs to users; add users to groups. C. Add users to ACLs; add computers to groups. D. Add groups to ACLs; add users and computers to groups.


QUESTION NO: 143

Which of the following may cause a user, connected to a NAC-enabled network, to not beprompted for credentials?

A. The user's PC is missing the authentication agent. B. The user's PC is not fully patched. C. The user's PC is not at the latest service pack. D. The user's PC has out-of-date antivirus software.


QUESTION NO: 144

When used to encrypt transmissions, which of the following is the MOST resistant to brute forceattacks?

A. SHA B. MD5



Actua

lTests

.com

C. 3DES D. AES256


QUESTION NO: 145

Which of the following BEST describes how the private key is handled when connecting to asecure web server?

A. The key is not shared and remains on the server B. Anyone who connects receives the key C. Only users from configured IP addresses received the key D. All authenticated users receive the key


QUESTION NO: 146

A user visits their normal banking website. The URL is correct and the website is displayed in thebrowser, but the user gets an SSL warning that the SSL certificate is invalid as it is signed by anunknown authority. Which of the following has occurred?

A. Domain name kiting B. Privilege escalation C. Replay attack D. Man-in-the-middle attack


QUESTION NO: 147

A technician reviews the system log entries for an internal DNS server. Which of the followingentries MOST warrants further investigation?

A. DNS query from a source outside the organization



Actua

lTests

.com

B. DNS query from a source inside the organization C. Zone transfer to a source inside the organization D. Zone transfer to a source outside the organization


QUESTION NO: 148

Monitoring a computer's logs and critical files is part of the functionality of a

A. NIPS. B. HIDS. C. firewall. D. honeypot.


QUESTION NO: 149

Which of the following can be implemented as an OS hardening practice to mitigate risk?

A. Domain name kiting B. Removable storage C. Input validation D. Security templates


QUESTION NO: 150

Continuously documenting state and location of hardware from collection to disposition during aforensic investigation is known as:

A. risk mitigation. B. data handling. C. chain of custody.



Actua

lTests

.com

D. incident response.


QUESTION NO: 151

Which of the following is an example of two factor authentication?

A. PIN and password B. Smartcard and token C. Smartcard and PIN D. Fingerprint and retina scan


QUESTION NO: 152

Which of the following uses a three-way-handshake for authentication and is commonly used inPPP connections?

A. MD5 B. CHAP C. Kerberos D. SLIP


QUESTION NO: 153

A security analyst has been notified that one of the web servers has stopped responding to webtraffic. The network engineer also reports very high bandwidth utilization to and from the Internet.Which of the following logs is MOST likely to be helpful in finding the cause and source of theproblem?

A. Access log B. Event log



Actua

lTests

.com

C. System log D. Firewall log


QUESTION NO: 154

Which of the following ports would need to be open to allow TFTP by default?

A. 69 B. 110 C. 137 D. 339


QUESTION NO: 155

Which of the following transmission types would an attacker most likely use to try to capture datapackets?

A. Shielded twisted pair B. Fiberoptic C. Bluesnarfing D. Wireless


QUESTION NO: 156

Which of the following describes a port that is left open in order to facilitate access at a later date?

A. Honeypot B. Proxy server C. Open relay D. Backdoor



Actua

lTests

.com


QUESTION NO: 157

Which of the following is often bundled with freely downloaded software?

A. Cookies B. Logic bomb C. Adware D. Spam


QUESTION NO: 158

Which of the following security types would require the use of certificates to verify a user'sidentity?

A. Forensics B. CRL C. PKI D. Kerberos


QUESTION NO: 159

Which of the following can increase risk? (Select TWO]

A. Vulnerability B. Mantrap C. Configuration baselines D. Threat source E. Mandatory vacations

Answer: A,D



Actua

lTests

.com

Explanation:

QUESTION NO: 160

An administrator believes a user is secretly transferring company information over the Internet.The network logs do not show any non-standard traffic going through the firewall. Which of thefollowing tools would allow the administrator to better evaluate the contents of the network traffic?

A. Vulnerability scanner B. Network anomaly detection C. Protocol analyzer D. Proxy server


QUESTION NO: 161

Which of the following monitoring technology types is MOST dependent on receiving regularupdates?

A. Signature-based B. Kerberos-based C. Behavior-based D. Anomaly-based


QUESTION NO: 162

A company has just recovered from a major disaster. Which of the following should signify thecompletion of a disaster recovery?

A. Verify all servers are back online and working properly. B. Update the disaster recovery plan based on lessons learned. C. Conduct post disaster recovery testing. D. Verify all network nodes are back online and working properly.



Actua

lTests

.com


QUESTION NO: 163

Which of the following is a public key cryptosystem?

A. RSA B. SHA-1 C. 3DES D. MD5


QUESTION NO: 164

A user tries to plug their laptop into the company's network and receives a warning that theirpatches and virus definitions are out-of-date. This is an example of which of the followingmitigation techniques?

A. NAT B. Honeypot C. NAC D. Subnetting


QUESTION NO: 165

A file has been compromised with corrupt data and might have additional information embeddedwithin it. Which of the following actions should a security administrator follow in order to ensuredata integrity of the file on that host?

A. Disable the wireless network and copy the data to the next available USB drive to protect thedata B. Perform proper forensics on the file with documentation along the way. C. Begin chain of custody for the document and disallow access.



Actua

lTests

.com

D. Run vulnerability scanners and print all reports of all diagnostic results.


QUESTION NO: 166

Every company workstation contains the same software prior to being assigned to workers. Whichof the following software options would give remote users the needed protection from outsideattackers when they are outside of the company's internal network?

A. HIDS B. Vulnerability scanner C. Personal firewall D. NIPS


QUESTION NO: 167

To ensure users are logging into their systems using a least privilege method, which of thefollowing should be done?

A. Create a user account without administrator privileges. B. Employ a BIOS password that differs from the domain password. C. Enforce a group policy with the least amount of account restrictions. D. Allow users to determine their needs and access to resources.


QUESTION NO: 168

A recent security audit shows an organization has been infiltrated with a former administrator'scredentials. Which of the following would be the BEST way to mitigate the risk of this vulnerability?

A. Conduct periodic audits of disaster recovery policies. B. Conduct periodic audits of password policies.



Actua

lTests

.com

C. Conduct periodic audits of user access and rights. D. Conduct periodic audits of storage and retention policies.


QUESTION NO: 169

A security administrator is analyzing the packet capture from an IDS triggered filter. The packetcapture shows the following string:

source=http://www.evilsite.jp/evil.js

Which of the following attacks is occurring?

A. SQL injection B. Redirection attack C. Cross-site scripting D. XLM injection


QUESTION NO: 170

A user wants to edit a file that they currently have read-only rights to; however, they are unable toprovide a business justification, so the request is denied. This is the principle of:

A. separation of duties. B. job-based access control C. least privilege. D. remote access policy.


QUESTION NO: 171

Which of the following concepts addresses the threat of data being modified without authorization?



Actua

lTests

.com

A. Integrity B. Key management C. Availability D. Non-repudiation


QUESTION NO: 172

An attacker sends packets to a host in hopes of altering the host's MAC table. Which of thefollowing is the attacker attempting to do?

A. Port scan B. Privilege escalation C. DNS spoofing D. ARP poisoning


QUESTION NO: 173

Which of the following is a best practice for organizing users when implementing a least privilegemodel?

A. By function B. By department C. By geographic location D. By management level


QUESTION NO: 174

Which of the following describes how long email messages are available in case of a subpoena?

A. Backup procedures



Actua

lTests

.com

B. Retention policy C. Backup policy D. Email server configuration


QUESTION NO: 175

Management would like to know if anyone is attempting to access files on the company file server.Which of the following could be deployed to BEST provide this information?

A. Software firewall B. Hardware firewall C. HIDS D. NIDS


QUESTION NO: 176

Which of the following is the correct risk assessment equation?

A. Risk = exploit x number of systems x cost of asset B. Risk = infections x number of days infected x cost of asset C. Risk = threat x vulnerability x cost of asset D. Risk = vulnerability x days unpatched x cost of asset


QUESTION NO: 177

Which of the following is of the GREATEST concern in regard to a rogue access point?

A. Rogue access points are hard to find and remove from the network. B. Rogue access points can scan the company's wireless networks and find other unencryptedand rouge access points



Actua

lTests

.com

C. The radio signal of the rogue access point interferes with company approved access points. D. Rogue access points can allow unauthorized users access the company's internal networks.


QUESTION NO: 178

The process of validating a user's claimed identity is called

A. identification. B. authorization. C. validation. D. repudiation.


QUESTION NO: 179

Which of the following is a benefit of utilizing virtualization technology?

A. Lowered cost of the host machine B. Less overhead cost of software licensing C. Streamline systems to a single OS D. Fewer systems to monitor physical access


QUESTION NO: 180

The security administrator wants to increase the cipher strength of the company's internal rootcertificate. Which of the following would the security administer use to sign a stronger rootcertificate?

A. Certificate authority B. Registration authority C. Key escrow



Actua

lTests

.com

D. Trusted platform module


QUESTION NO: 181

Which of the following describes a semi-operational site that in the event of a disaster, IToperations can be migrated?

A. Hot site B. Warm site C. Mobile site D. Cold site


QUESTION NO: 182

Which of the following devices hooks into a LAN and captures traffic?

A. Protocol analyzer B. Protocol filter C. Penetration testing tool D. Vulnerability assessment tool


QUESTION NO: 183

When assessing a network containing resources that require near 100% availability, which of thefollowing techniques should be employed to assess overall security?

A. Penetration testing B. Vulnerability scanning C. User interviews D. Documentation reviews



Actua

lTests

.com


QUESTION NO: 184

Which of the following would MOST likely contain a tag?

A. Cookies B. XSS C. DOS D. Buffer overflow


QUESTION NO: 185

Which of the following is a reason why wireless access points should not be placed near abuilding's perimeter?

A. Rouge access points B. Vampire taps C. Port scanning D. War driving


QUESTION NO: 186

A new enterprise solution is currently being evaluated due to its potential to increase thecompany's profit margins. The security administrator has been asked to review its securityimplications. While evaluating the product, various vulnerability scans were performed. It wasdetermined that the product is not a threat but has the potential to introduce additionalvulnerabilities. Which of the following assessment types should the security administrator also takeinto consideration while evaluating this product?

A. Threat assessment B. Vulnerability assessment



Actua

lTests

.com

C. Code assessment D. Risk assessment


QUESTION NO: 187

Which of the following tools BEST identifies the method an attacker used after they have enteredinto a network?

A. Input validation B. NIDS C. Port scanner D. HIDS


QUESTION NO: 188

Which of the following is a major risk associated with cloud computing?

A. Loss of physical control over data B. Increased complexity of qualitative risk assessments C. Smaller attack surface D. Data labeling challenges


QUESTION NO: 189

Which of the following is MOST likely the reason why a security administrator would run a Nessusreport on an important server?

A. To analyze packets and frames B. To report on the performance of the system C. To scan for vulnerabilities



Actua

lTests

.com

D. To enumerate and crack weak system passwords


QUESTION NO: 190

Which of the following BEST describes how the mandatory access control (MAC) method works?

A. It is an access policy based on a set of rules. B. It is an access policy based on the role that the user has in an organization. C. It is an access policy based on biometric technologies. D. It is an access policy that restricts access to objects based on security clearance.


QUESTION NO: 191

Using a smartcard and a physical token is considered how many factors of authentication?

A. One B. Two C. Three D. Four


QUESTION NO: 192

Which of the following protocols is considered more secure than SSL?

A. TLS B. WEP C. HTTP D. Telnet

Answer: A



Actua

lTests

.com

Explanation:

QUESTION NO: 193

A NIDS monitoring traffic on the public-side of a firewall provides which of the following?

A. Faster alerting to internal compromises B. Intelligence about external threats C. Protection of the external firewall interface D. Prevention of malicious traffic


QUESTION NO: 194

Which of the following is an important part of disaster recovery training?

A. Schemes B. Storage locations C. Chain of custody D. Table top exercises


QUESTION NO: 195

Which of the following would a network administrator implement to control traffic being routedbetween networks or network segments in an effort to preserve data confidentiality?

A. NAT B. Group policies C. Password policies D. ACLs




Actua

lTests

.com

QUESTION NO: 196

The security administrator wants each user to individually decrypt a message but allow anybody toencrypt it. Which of the following MUST be implemented to allow this type of authorization?

A. Use of digital certificates B. Use of public keys only C. Use of private keys only D. Use of public and private keys


QUESTION NO: 197

A security administrator is analyzing the packet capture from an IDS triggered filter. The packetcapture shows the following string:

a or1 ==1--

Which of the following attacks is occurring?

A. Cross-site scripting B. XML injection C. Buffer overflow D. SQL injection


QUESTION NO: 198

Which of the following has been implemented if several unsuccessful login attempts were made ina short period of time denying access to the user account, and after two hours the accountbecomes active?

A. Account lockout B. Password expiration C. Password disablement D. Screen lock



Actua

lTests

.com


QUESTION NO: 199

Which of the following BEST describes an intrusion prevention system?

A. A system that stops an attack in progress. B. A system that allows an attack to be identified. C. A system that logs the attack for later analysis. D. A system that serves as a honeypot.


QUESTION NO: 200

In the event of a disaster, in which the main datacenter is immediately shutdown, which of thefollowing would a company MOST likely use with a minimum Recovery Time Objective?

A. Fault tolerance B. Hot site C. Cold site D. Tape backup restoration


QUESTION NO: 201

Which of the following methods involves placing plain text data within a picture or document?

A. Steganography B. Digital signature C. Transport encryption D. Stream cipher




Actua

lTests

.com

QUESTION NO: 202

Which of the following is a detective security control?

A. CCTV B. Firewall C. Design reviews D. Bollards


QUESTION NO: 203

Which of the following can cause hardware based drive encryption to see slower deployment?

A. A lack of management software B. USB removable drive encryption C. Role/rule-based access control D. Multifactor authentication with smart cards


QUESTION NO: 204

Which of the following is a reason to implement Kerberos over local system authentication?

A. Authentication to multiple devices B. Centralized file integrity protection C. Non-repudiation D. Greater password complexity




Actua

lTests

.com

QUESTION NO: 205

Which of the following should a security administrator implement to ensure there are no securityholes in the OS?

A. Encryption protocols B. Firewall definitions C. Patch management D. Virus definitions


QUESTION NO: 206

Which of the following cipher types is used by AES?

A. Block B. Fourier C. Stream D. Turing


QUESTION NO: 207

Which of the following control systems is used to maintain proper environmental conditions in adatacenter?

A. HVAC B. Bollards C. CCTV D. Mantrap




Actua

lTests

.com

QUESTION NO: 208

A penetration test shows that almost all database servers were able to be compromised through adefault database user account with the default password. Which of the following is MOST likelymissing from the operational procedures?

A. Application hardening B. OS hardening C. Application patch management D. SQL injection


QUESTION NO: 209

A user reports that their 802.11n capable interface connects and disconnects frequently to anaccess point that was recently installed. The user has a Bluetooth enabled laptop. A company inthe next building had their wireless network breached last month. Which of the following is MOSTlikely causing the disconnections?

A. An attacker inside the company is performing a bluejacking attack on the user's laptop. B. Another user's Bluetooth device is causing interference with the Bluetooth on the laptop. C. The new access point was mis-configured and is interfering with another nearby access point. D. The attacker that breached the nearby company is in the parking lot implementing a war drivingattack.


QUESTION NO: 210

Which of the following facilitates computing for heavily utilized systems and networks?

A. Remote access B. Provider cloud C. VPN concentrator D. Telephony

Answer: C



Actua

lTests

.com

Explanation:

QUESTION NO: 211

A security administrator finished taking a forensic image of a computer's memory. Which of thefollowing should the administrator do to ensure image integrity?

A. Run the image through AES128. B. Run the image through a symmetric encryption algorithm. C. Compress the image to a password protected archive. D. Run the image through SHA256.


QUESTION NO: 212

Which of the following is a reason to use TACACS+ over RADIUS?

A. Combines authentication and authorization B. Encryption of all data between client and server C. TACACS+ uses the UDP protocol D. TACACS+ has less attribute-value pairs


QUESTION NO: 213

A customer has called a company to report that all of their computers are displaying a rivalcompany's website when the user types the correct URL into the browser. All of the other websitesthe user visits work correctly and other customers are not having this issue. Which of the followinghas MOST likely occurred?

A. The website company has a misconfigured firewall. B. The customer has a virus outbreak. C. The customer's DNS has been poisoned. D. The company's website has been attacked by the rival company



Actua

lTests

.com


QUESTION NO: 214

A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which ofthe following?

A. Whaling B. Bluesnarfing C. Vishing D. Dumpster diving


QUESTION NO: 215

Which of the following describes an attack technique by which an intruder gains physical accessby following an authorized user into a facility before the door is closed?

A. Shoulder surfing B. Tailgating C. Escalation D. Impersonation


QUESTION NO: 216

Which of the following should be reviewed periodically to ensure a server maintains the correctsecurity configuration?

A. NIDS configuration B. Firewall logs C. User rights D. Incident management



Actua

lTests

.com


QUESTION NO: 217

Which of the following is true when a user browsing to an HTTPS site receives the message: aSite name mismatch'?

A. The certificate CN is different from the site DNS A record. B. The CA DNS name is different from the root certificate CN. C. The certificate was issued by the intermediate CA and not by the root CA. D. The certificate file name is different from the certificate CN.


QUESTION NO: 218

Which of the following will contain a list of unassigned public IP addresses?

A. TCP port B. 802.1x C. Loop protector D. Firewall rule


QUESTION NO: 219

DRPs should contain which of the following?

A. Hierarchical list of non-critical personnel B. Hierarchical list of critical systems C. Hierarchical access control lists D. Identification of single points of failure




Actua

lTests

.com

QUESTION NO: 220

Which of the following access control methods provides the BEST protection against attackerslogging on as authorized users?

A. Require a PIV card B. Utilize time of day restrictions C. Implement implicit deny D. Utilize separation of duties


QUESTION NO: 221

Several PCs are running extremely slow all of a sudden. Users of the PCs report that they do a lotof web browsing and explain that a disgruntled employee from their department was recently fired.The security administrator observes that all of the PCs are attempting to open a large number ofconnections to the same destination. Which of the following is MOST likely the issue?

A. A logic bomb has been installed by the former employee B. A man-in-the-middle attack is taking place. C. The PCs have downloaded adware. D. The PCs are being used in a botnet


QUESTION NO: 222

Which of the following is the BEST way to secure data for the purpose of retention?

A. Off-site backup B. RAID 5 on-site backup C. On-site clustering D. Virtualization

Answer: A



Actua

lTests

.com

Explanation:

QUESTION NO: 223

In the event of a disaster resulting in the loss of their data center, a company had determined thatthey will need to be able to be back online within an hour or two, with all systems being fully up todate. Which of the following would BEST meet their needs?

A. Off-site storage of backup tapes B. A hot backup site C. A cold backup site D. A warm backup site


QUESTION NO: 224

Which of the following has a programmer MOST likely failed to consider if a user enteringimproper input is able to compromise the integrity of data?

A. SDLM B. Error handling C. Data formatting D. Input validation


QUESTION NO: 225

Which of the following provides EMI protection?

A. STP B. UTP C. Grounding D. Anti-static wrist straps

Answer: A



Actua

lTests

.com

Explanation:

QUESTION NO: 226

A user reports that a web browser stopped working after it was updated. Which of the followingBEST describes a probable cause of failure?

A. The browser was previously compromised and corrupted during the update. B. Anti-spyware is preventing the browser from accessing the network. C. A faulty antivirus signature has identified the browser as malware. D. A network based firewall is blocking the browser as it has been modified.


QUESTION NO: 227

Which of the following devices is MOST likely to be installed to prevent malicious attacks?

A. VPN concentrator B. Firewall C. NIDS D. Protocol analyzer


QUESTION NO: 228

Which of the following would allow traffic to be redirected through a malicious machine by sendingfalse hardware address updates to a switch?

A. ARP poisoning B. MAC spoofing C. pWWN spoofing D. DNS poisoning




Actua

lTests

.com

QUESTION NO: 229

Which of the following protocols uses UDP port 69 by default?

A. Kerberos B. TFTP C. SSH D. DNS


QUESTION NO: 230

Which of the following would a security administrator use to diagnose network issues?

A. Proxy B. Host-based firewall C. Protocol analyzer D. Gateway


QUESTION NO: 231

Which of the following should be implemented on a mobile phone to help prevent a conversationfrom being captured?

A. Device encryption B. Voice encryption C. GPS tracking D. Sniffer




Actua

lTests

.com

QUESTION NO: 232

A user wishes to encrypt only certain files and folders within a partition. Which of the followingmethods should a technician recommend?

A. EFS B. Partition encryption C. Full disk D. BitLocker


QUESTION NO: 233

Centrally authenticating multiple systems and applications against a federated user database is anexample of:

A. smart card. B. common access card. C. single sign-on. D. access control list.


QUESTION NO: 234

Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?

A. Eavesdropping B. Process hiding C. Self-replication D. Popup displays


QUESTION NO: 235



Actua

lTests

.com

A security administrator needs to implement a site-to-site VPN tunnel between the main office anda remote branch. Which of the following protocols should be used for the tunnel?

A. RTP B. SNMP C. IPSec D. 802.1X


QUESTION NO: 236

Which of the following uses tickets to identify users to the network?

A. RADIUS B. LDAP C. TACACS+ D. Kerberos


QUESTION NO: 237

Which of the following forensic artifacts is MOST volatile?

A. CD-ROM B. Filesystem C. Random access memory D. Network topology


QUESTION NO: 238

A security administrator notices an unauthorized vehicle roaming the area on company grounds.The security administrator verifies that all network connectivity is up and running and that no



Actua

lTests

.com

unauthorized wireless devices are being used to authenticate other devices; however, theadministrator does notice an unusual spike in bandwidth usage. This is an example of which of thefollowing attacks?

A. Rogue access point B. Bluesnarfing C. Evil twin D. War driving


QUESTION NO: 239

Which of the following is a best practice when securing a switch from physical access?

A. Disable unnecessary accounts B. Print baseline configuration C. Enable access lists D. Disable unused ports


QUESTION NO: 240

Risk can be managed in the following ways EXCEPT:

A. mitigation. B. acceptance. C. elimination. D. transference.


QUESTION NO: 241

A security administrator needs to implement a wireless system that will only be available within a



Actua

lTests

.com

building. Which of the following configurations can the administrator modify to achieve this?(Select TWO).

A. Proper AP placement B. Disable SSID broadcasting C. Use CCMP D. Enable MAC filtering E. Reduce the power levels

Answer: A,DExplanation:

QUESTION NO: 242

Which of the following environmental variables reduces the potential for static discharges?

A. EMI B. Temperature C. UPS D. Humidity


QUESTION NO: 243

Which of the following is an example of implementing security using the least privilege principle?

A. Confidentiality B. Availability C. Integrity D. Non-repudiation


QUESTION NO: 244

A user reports that the spreadsheet they use for the department will not open. The spreadsheet is



Actua

lTests

.com

located on a server that was recently patched. Which of the following logs would the technicianreview FIRST?

A. Access B. Firewall C. Antivirus D. DNS


QUESTION NO: 245

Which of the following helps prevent a system from being fingerprinted?

A. Personal firewall B. Complex passwords C. Anti-spam software D. OS patching


QUESTION NO: 246

An attacker captures valid wireless traffic in hopes of transmitting it repeatedly to generate enoughtraffic to discover the encryption key. Which of the following is the attacker MOST likely using?

A. War driving B. Replay attack C. Bluejacking D. DNS poisoning


QUESTION NO: 247

Which of the following is an authentication method that uses symmetric key encryption and a key



Actua

lTests

.com

distribution center?

A. MS-CHAP B. Kerberos C. 802.1x D. EAP


QUESTION NO: 248

Which of the following is a preventative physical security measure?

A. Video surveillance B. External lighting C. Physical access log D. Access control system


QUESTION NO: 249

An employee keeps getting pop-ups from a program on their computer stating it blocked anattacking IP address. Which of the following security applications BEST explains this behavior?

A. Antivirus B. Anti-spam C. Personal firewall D. Pop-up blocker


QUESTION NO: 250

A Maintenance Manager requests that a new group be created for a new development project,concerning power distribution, in order to email and setup conference meetings to the whole



Actua

lTests

.com

project team. Which of the following group types would need to be created?

A. Default power users B. Restricted group C. Distribution D. Security


QUESTION NO: 251

Which of the following is an example of data obfuscati

comptia sy0-201

Documents