CompTIA SY0-101

SY0-101 Security+

Practice Test
Version 3.0

CompTIA SY0-101: Practice Exam QUESTION NO: 1 A real estate company recently deployed Kerberos authentication on the network. Which of the following does Kerberos require for correct operation? (Select TWO). A. POP-3 B. Accurate network time C. Key Distribution Center D. Extranets E. SSL/TLS Answer: B,C

QUESTION NO: 2 401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE).401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE). A. Content B. TLSs C. Keys D. URLs E. CRLs F. Certificates Answer: A,D,F

QUESTION NO: 3

An administrator is selecting a device to secure an internal network segment from traffic external to the segment. Which of the following devices could be selected to provide security to the network segment? A. NIPS B. HIDS C. Internet content filter D. DMZ Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

2

CompTIA SY0-101: Practice Exam QUESTION NO: 4 Which of the following VPN implementations consists of taking IPv6 security features and porting them to IPv4? A. SSL B. IPSec C. L2TP D. PPTP Answer: B

QUESTION NO: 5

QUESTION NO: 6 Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software? A. Trojan horse B. Worm C. Virus D. Logic bomb Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

tua

lTe

Answer: A

sts

A. Role Based Access Control (RBAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Discretionary Access Control (DAC)

.co

m

A user is assigned access rights based on the function within the organization. This is a feature of which of the following types of access control models?

3

Fault tolerant systems D.co A task-based control model is an example of which of the following? m .com 4 Ac tua lTe sts A. Alternate sites B. Any Time. Disaster recovery plan C.actualtests. Rule Based Access Control (RBAC) B. Offsite storage Answer: B QUESTION NO: 8 Answer: B QUESTION NO: 9 Which of the following is often misused by spyware to collect and report a user's activities? A." .CompTIA SY0-101: Practice Exam QUESTION NO: 7 Which of the following would be MOST important to have to ensure that a company will be able to recover in case of severe environmental trouble or destruction? A. A challenge-response session is a workstation or system that produces a random login ID that the user provides. Session cookie B. Web bug Answer: B QUESTION NO: 10 Which definition best defines what a challenge-response session is? A. Role Based Access Control (RBAC) C. Persistent cookie D. when prompted. Mandatory Access Control (MAC) .www. in conjunction with the proper PIN (Personal Identification "Pass Any Exam. Discretionary Access Control (DAC) D. Tracking cookie C.

A challenge-response session is a special hardware device used to produce random text in a cryptography system.www. HIDS B.html Which of the following describes a type of algorithm that cannot be reversed in order to decode the data? A." . Answer: B Explanation: A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response).actualtests. Any Time. A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated. Symmetric C. Reference: http://www. A challenge-response session is a workstation or system that produces a random challenge string that the user provides. Which of the following would achieve this goal? A.co m 5 . Asymmetric D. ACL C. when prompted. in conjunction with the proper PIN (Personal Identification Number). One Way Function B.CompTIA SY0-101: Practice Exam Number). D. The smart card then displays a new code (the response) that the user can present to log in. C. Most security systems that rely on smart cards are based on challenge-response. B. Pseudorandom Number Generator (PRNG) Answer: A QUESTION NO: 12 An administrator wants to implement a procedure to control inbound and outbound traffic on a network segment.webopedia.com Ac tua lTe QUESTION NO: 11 sts . Proxy "Pass Any Exam.com/TERM/C/challenge_response. A user is given a code (the challenge) which he or she enters into the smart card.

168.5.5. dd Answer: C When reviewing traces from an IDS. nmap B.10.168.co QUESTION NO: 14 m .10.2 10. SYN Flood C.2. the following entries are observed: Date Time Source IP Destination IP Port Type 10/21 0900 192.actualtests.2 10. Expected TCP/IP traffic Answer: A QUESTION NO: 15 Which of the following protocols are not recommended due to them supplying passwords and information over the network? A.1 23 SYN 10/21 0930 192.2 10. NESSUS C. tcpdump D. SNMP (Simple Network Management Protocol).168. B.5.10. Port scanning B. Domain Name Service (DNS) "Pass Any Exam.2.CompTIA SY0-101: Practice Exam D.2. Any Time.1 21 SYN 10/21 0920 192.168.com 6 Ac tua lTe sts .1 20 SYN 10/21 0915 192." . NIDS Answer: B QUESTION NO: 13 Which of the following freeware forensic tools is used to capture packet traffic from a network? A.2.www.2 10. Network News Transfer Protocol (NNTP) C.5. Denial of service (DoS) D.1 25 SYN Which of the following is MOST likely occurring? A.10.

p 372 QUESTION NO: 18 From the options. Sybex . Symmetric key C. Alameda . Security token Answer: A Answer: A Explanation: Wired Equivalent Privacy is a wireless protocol designed to provide privacy equivalent to that of a wired network. Reference: Mike Pastore and Emmett Dulaney . 2004. ISSE (Information Systems Security Engineering) lTe sts You work as the security administrator. WEP (Wired Equivalent Privacy) B. VPN (Virtual Private Network) C. Internet Control Message Protocol (ICMP) Answer: A QUESTION NO: 16 Which of the following must be installed for HTTPS to work properly on a web site? A. ISDN (Integrated Services Digital Network) D. You want to implement a solution which will provide a WLAN (Wireless Local Area Network) with the security typically associated with a wired LAN (Local Area Network): Which solution should you implement? . Digital certificate B. 2nd Edition.com 7 Ac tua A.co QUESTION NO: 17 m . 3DES encryption D." . Any Time.actualtests. Security+ Study Guide . which is a tunneling protocol that can only work on IP networks because it requires IP connectivity? "Pass Any Exam.www.CompTIA SY0-101: Practice Exam D.

or NetBEUI protocols inside of PPP datagrams PPTP does not require a dial-up connection. Software exploitation B. Spoofing Answer: A "Pass Any Exam. SSH C.actualtests.com 8 Ac tua A. Trojan horse B. L2TP encapsulates Point-to-Point Protocol (PPP) frames. Brute force D. Which of the following would be the BEST description of this program? sts . which in turn encapsulate IP. It does. Like PPTP. Developed as an extension of the Point-to-Point Protocol (PPP). Not B: L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP). PPTP tunnels and/or encapsulates. Any Time. IP. L2TP protocol Answer: A Explanation: Point-to-Point Tunneling Protocol You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP). Logic bomb C. IPX. require IP connectivity between your computer and the server.co m . Virus D. however. Worm lTe A user downloads and installs a new screen saver and the program starts to rename and delete random files." .www.CompTIA SY0-101: Practice Exam A. or NetBEUI protocols QUESTION NO: 19 Answer: A QUESTION NO: 20 Which of the following BEST describes an attack that takes advantage of a computer not fully updated with the most recent operating system patches? A. IPX. IPX protocol D. PPTP protocol B. Vulnerability C.

Any Time. Host-based firewall D. A. Router with an IDS module F. Host-based IDS C. Network-basedfirewal B. Default accounts D. Weak passwords Answer: B "Pass Any Exam.com Ac tua lTe sts .CompTIA SY0-101: Practice Exam QUESTION NO: 21 Secret Key encryption is also known as: A. one way function. Privilege escalation C. The network cannot be redesigned and the server cannot be moved. replay D." . Router with firewall rule set Answer: B. Answer: A QUESTION NO: 22 A companys security' specialist is securing a web server that is reachable from the Internet.www. The web server is located in the core internal corporate network.actualtests. asymmetrical C. DoS B. symmetrical B. Which of the following should the security specialist implement to secure the web server? (Select TWO). Network-based IDS E.C QUESTION NO: 23 A program allows a user to execute code with a higher level of security than the user should have access to. Which of the following is this an example of? A.co m 9 .

update the baseline C. test the essential functionality Answer: D QUESTION NO: 25 In a certificate hierarchy. The authenticator contains the client's identity and a timestamp. the ultimate authority is called the: For which reason are clocks used in Kerberos authentication? A. The next step before placing the network back into operation would be to: A. D. To insure that the authenticator is up-to-date and is not an old one that has been captured by an attacker. . C. Any Time.actualtests. Answer: A Explanation: The actual verification of a client's identity is done by validating an authenticator. Clocks are used to both benchmark and specify the optimal encryption algorithm.CompTIA SY0-101: Practice Exam QUESTION NO: 24 A security specialist has completed a vulnerability assessment for a network and applied the most current software patches. Clocks are used to generate the seed value for the encryptions keys. B." . conduct a follow-up vulnerability analysis B. C. Certificate Revocation List (CRL). Clocks are used to ensure proper connections. Thus.co m . B.com 10 Ac tua QUESTION NO: 26 lTe Answer: D sts A. the timestamp in the authenticator is checked against the current time. Kerberos requires your system clocks to be loosely synchronized (the "Pass Any Exam. If the timestamp is not close enough to the current time (typically within five minutes) then the authenticator is rejected as invalid.www. D. Private Branch Exchange (PBX). Clocks are used to ensure that tickets expire correctly. Root Certifying Authority (Root CA). Terminal Access Controller Access Control System (TACACS). perform penetration testing D.

www. Demilitarized zone (DMZ) C. but it can be adjusted in Version 5 to be whatever you want). Patch template lTe sts Which of the following is an installable package that includes several patches from the same vendor for various applications? . External network segment Answer: B.actualtests.faqs.C "Pass Any Exam. Service pack D. Key recovery B.html QUESTION NO: 27 Message authentication codes are used to provide which service? A. and corporate users.org/faqs/kerberos-faq/general/section-22. Patch rollup C.CompTIA SY0-101: Practice Exam default is 5 minutes. Faultrecover QUESTION NO: 28 Answer: C QUESTION NO: 29 A company's web server needs to be accessible by remote users. Which of the following would be the BEST location for the web server? A. Any Time.com Ac tua A. Hotfix B. Network perimeter D. Reference: http://www. Acknowledgement D. business partners. Integrity C. Internal network segment B.co m Answer: B 11 ." .

actualtests. secure. and within every users reach. Disabling them (which is as easy as setting your browser security level to High) is the best method of securing a web browser. IPSec F. B. Public-key cryptography D. Do not upgrade web browsers because new versions have a tendency to contain more security flaws. tua lTe sts .CompTIA SY0-101: Practice Exam QUESTION NO: 30 In order to secure web-based communications. the separation of duties "Pass Any Exam. Deploy a filtering policy for unknown and illegal websites that you do not want users to access.D QUESTION NO: 31 From the recommendations below. and cookies all poise security concerns." . C. acceptable usage B.com Ac Explanation: Features that make web surfing more exciting like: ActiveX. Only use a VPN (Virtual Private Network) connection to connect to the Internet. Answer: B QUESTION NO: 32 Documentation describing a group expected minimum behavior is known as:Documentation describing a group? expected minimum behavior is known as: A. which is considered the best method for securing a web browser? A. D. Any Time. Challenge Handshake Authentication Protocol (CHAP) B. Symmetric cryptography E. PPP Answer: C. a code of ethics D.co m 12 . CGI scripts. SSL uses: (Select TWO) A. JavaScript. since its simple.www. the need to know C. Blowfish encryption C. Disable all unused features of the web browser. Java.

decentralized management C. NAT C.co m 13 .actualtests. DNS Answer: B QUESTION NO: 34 Which of the following describes backing up files and software that have changed since the last full or incremental backup? A. need to know B. Differential backup D. Full backup C.www. Discretionary Access Control (DAC). Any Time.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 33 Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header? A. Incremental backup Answer: D The authentication process where the user can access several resources without the need for multiple credentials is known as: A. Private addressing B. single sign-on Answer: D QUESTION NO: 36 "Pass Any Exam. Delta backup B. SOCKS D." .com Ac QUESTION NO: 35 tua lTe sts . D.

RC4 C. 3DES B. Host to Host B." . Answer: A Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. C. The server uses its digital certificate to identify itself to the browser. IKE D. This protocol uses the handshake method. Host to Gateway D.actualtests. The session is secure after this process. Which of the following VPN models would be BEST to use? A. RC2 Answer: B Explanation: NO XPLANATION.www.CompTIA SY0-101: Practice Exam From the options below. D.com Ac tua lTe sts . The server then evaluates the certificate and responds with a session key and an encrypted private key. Gateway to Gateway "Pass Any Exam. Gateway to Host C. and then provides its IP (Internet Protocol) address for verification purposes. QUESTION NO: 37 WEP uses which of the following stream ciphers? A. QUESTION NO: 38 A VPN is needed for users to connect to a remote site and the VPN must be transparent to the user. Any Time. The client then sends the server a certificate indicating the capabilities of the client. which represents the first action performed by an SSL (Secure Sockets Layer) enabled server when a user clicks to browse a secure page? A. The server validates the user by checking the CRL (Certificate Revocation List).co m 14 . the server sends a message back to the client indicating a secure connection is needed. The server displays the page requested by the user on the browser. B. When a connection request is made to the server. The server requests the user to produce the CRL (Certificate Revocation List).

so naturally it operates between the top two layers of the OSI model. Common Gateway Interface (CGI) C. QUESTION NO: 41 An important component of a good data retention policy is: A. magnetic media sorting C. Cross-site scripting D.actualtests." . Any Time. Which of the following types of vulnerabilities is occurring? A.co m . Cookies Answer: A Explanation: NO XPLANATION. Application Answer: C Explanation: SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. server drive redundancy "Pass Any Exam. QUESTION NO: 40 SSL operates at which layer? A.CompTIA SY0-101: Practice Exam Answer: D Explanation: NO XPLANATION. Network C. Data link B. offsite storage B. QUESTION NO: 39 A web page becomes unresponsive whenever the embedded calendar control is used. Transport D. ActiveX B.www.com 15 Ac tua lTe sts .

Since the older an operating system is.actualtests. Which of the following would BEST describe this activity? tua lTe Explanation: Operating system manufacturers pride themselves in having a secure system. an administrator should adopt which of the following preventative measures? A.co m Answer: D . Any Time. Apply the most recent manufacturer updates and patches to the server. Or when they make new software release (Linux kernels seam to be updated every other day) they try to fix all known vulnerabilities.www. Block all Domain Name Service (DNS) requests coming into the server. backup software licensing Answer: A QUESTION NO: 42 To reduce vulnerabilities on a web server. Walk behind B.CompTIA SY0-101: Practice Exam D. Tailgating D. Social engineering Answer: C QUESTION NO: 44 Which of the following connectivity is required for a web server that is hosting an SSL based web site? "Pass Any Exam. the more time a hacker's have to seek vulnerabilities. QUESTION NO: 43 A." . Use packet sniffing software on all inbound communications D. Enable auditing on the web server and periodically review the audit logs B. As some of the group enters the room.com 16 Ac A person walks up to a group of people who have physical access to a network operations room. A simple security patch that takes a couple of minutes to download and install is the difference between having a secure network and having a system made completely useless by a worm. C. Shoulder surfing C. sts . and the instant they realize that there's a security breach they assign a team on it to develop a security patch. this person walks into the room behind the group without providing credentials to gain access.

which statement is TRUE? Choose the best TRUE statement. tua lTe On the topic of comparing viruses and hoaxes. Port 80 outbound Answer: C QUESTION NO: 45 Which of the following trust models would allow each user to create and sign certificates for the people they know? A. D. C. Web-of-trust Answer: D QUESTION NO: 46 Answer: A Explanation: Hoaxes do have the possibility of causing as much damage as viruses. Many hoaxes instruct the recipient to forward the message to everyone that they know and thus causes network congestion and heavy e-mail activity. Port 80 inbound C. B. Hoaxes carry a malicious payload and can be destructive. Which of the following should the company implement? "Pass Any Exam. and least privilege.co m .CompTIA SY0-101: Practice Exam A. Single certificate authority (CA) B. sts . Hoaxes can create as much damage as a real virus. Hoaxes can help educate users about a virus.actualtests. Port 443 inbound D.com 17 Ac A. QUESTION NO: 47 A company conducts sensitive research and development and wants a strict environment for enforcing the principles of need to know. Hierarchical D.www. Port 443 outbound B." . Hoaxes also often instruct the user to delete files on their computer that may cause their computer or a program to quit functioning. Any Time. Browser trust-list C. Hoaxes are harmless pranks and should be ignored. separation of duties.

Role-Based Access Control (RBAC) method.D "Pass Any Exam. B. All of the above D. recording to write-once media. an IDS Answer: B. Alameda . a firewall that creates an enclave B. sts . access controls that restrict usage C. Discretionary Access Control (DAC) method C. Mandatory Access Control (MAC) method Answer: B QUESTION NO: 49 Audit log information can BEST be protected by: (Select TWO). but it increases the risk of unauthorized disclosure of information.com 18 Ac Reference: Mike Pastore and Emmett Dulaney . but at the expense of increasing the risk of unauthorized disclosure of information? A.CompTIA SY0-101: Practice Exam A. Discretionary Access Control (DAC) C. network users have some flexibility regarding how information is accessed. The process allows a more flexible environment. E. using a VPN D. Security+ Study Guide . 2nd Edition.www.co m . Single factor authentication Answer: A QUESTION NO: 48 Which access control method allowsusers to have some level of flexibility on how information is accessed. Single sign on D. This model allows users to dynamically share information with other users. Sybex . p 440 tua lTe Explanation: In a DAC model. Mandatory Access Control (MAC) B. A. an intrusion prevention system (IPS) F." .actualtests. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. Any Time. 2004.

Answer: A QUESTION NO: 52 A. an email attachment.co m 19 . Automatic updates B.com Ac Which of the following programming techniques should be used to prevent buffer overflow attacks? tua lTe sts . C. a logic bomb C. Nested loops D. D. The email server capacity is consumed by message traffic.www. Input validation C.actualtests.B QUESTION NO: 51 Malicious code that enters a computer by means of a freely distributed game that is intentionally installed and played is known as: A. The model with no single trusted root is known as: "Pass Any Exam. Technical support resources are consumed by increased user calls. Users are tricked into changing the system configuration. B. Answer: A." . a Trojan horse B. a worm D. Users are at risk for identity theft. Any Time. A. Signed applets Answer: B QUESTION NO: 53 Pretty good privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another.CompTIA SY0-101: Practice Exam QUESTION NO: 50 Which of the following would be considered a detrimental effect of a virus hoax? (Select TWO).

RBACs (Role Based Access Control) method D. C. hierarchical Answer: B QUESTION NO: 54 Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item. a man in the middle attack "Pass Any Exam. DACs (Discretionary Access Control) method Answer: B QUESTION NO: 55 A person pretends to be a telecommunications repair technician." . peer-to-peer. Sybex . lTe Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. D. Any Time. A. social engineering B. p 11 tua The MAC model is a static model that uses a predefined set of access privileges to files on the system.actualtests. LBACs (List Based Access Control) method B.www. 2nd Edition. 2004. The MAC model can be very restrictive. hybrid B. The system administrator establishes these parameters and associates them with an account. Security+ Study Guide . This is an example of: A. MACs (Mandatory Access Control) method C. Alameda . sts . enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. downlevel. All objects are given security labels known as sensitivity labels and are classified accordingly. files or resources.CompTIA SY0-101: Practice Exam A.com Ac Reference: Mike Pastore and Emmett Dulaney .co m 20 . The person connects a packet sniffer to the network switch in the wiring closet and hides the sniffer behind the switch against a wall. Then all users are given specific security clearances as to what they are allowed to access.

A hash function D.com Ac tua lTe sts QUESTION NO: 57 .D m 21 . A networkmapper C. A company with a dedicated information technology (IT) security staff. RADIUS B.co Answer: A. Kerberos C. A. C. windowless building D. Which of the following would allow an administrator to find weak passwords on the network? A. Any Time." .www.CompTIA SY0-101: Practice Exam C. A locked. PKI Answer: B "Pass Any Exam. TACACS+ D. a penetration test Answer: A QUESTION NO: 56 Social engineering attacks would be MOST effective in which of the following environments? (Select TWO). A military facility with computer equipment containing biometrics. E. B. A rainbow table B. A password generator Answer: A QUESTION NO: 58 Which of the following network authentication protocols uses symmetric key cryptography. stores a shared key for each network resource and uses a Key Distribution Center (KDC)? A.actualtests. A public building that has shared office space. A company with a help desk whose personnel have minimal training. a vulnerability scan D.

Clark and Wilson sts . B. Notify management.CompTIA SY0-101: Practice Exam QUESTION NO: 59 Choose the password generator that uses a challenge-response method for authentication. Cryptographic keys B. Synchronous password generator D. Determine the business impact. tua lTe A. A. but also the data integrity. Any Time. Asynchronous password generator Answer: C Explanation: An synchronous password generator. BIBA C. Lattice D. Contain the problem.co m 22 . Bell La-Padula B. Which of the following would be the FIRST action to take? A. Answer: C QUESTION NO: 61 A system administrator reports that an unauthorized user has accessed the network.actualtests. Contact law enforcement officials.www. Smart cards C. C. QUESTION NO: 60 Choose the terminology or concept which best describes a (Mandatory Access Control) model. so not only can the authentication be assured. That challenge can also include a hash of transmitted data. "Pass Any Exam." .com Ac Explanation: The word lattice is used to describe the upper and lower level bounds of a user' access permission. has an authentication server that generates a challenge (a large number or string) which is encrypted with the private key of the token device and has that token device's public key so it can verify authenticity of the request (which is independent from the time factor). D.

Any Time. Overwrite the oldest audit records B. Although most systems resist such attacks. 80 C. one system in five yielded to a particular dictionary attack. some do not. Dictionary B. In one case. Teardrop C. 446 D. Send an alert to the appropriate personnel C.www.com Ac tua A.co m 23 . Log off the user lTe Which of the following should be done if an audit recording fails in an information system? sts ." . Stop generating audit records D. SMURF Answer: A Explanation: Dictionaries may be used in a cracking program to determine passwords. 443 Answer: D "Pass Any Exam. 25 B.actualtests. QUESTION NO: 63 Answer: B QUESTION NO: 64 The MOST common Certificate Server port required for secure web page access is port: A.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 62 One of the below attacks focus on the cracking of passwords. A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. Spamming D. which one is it? A.

PPTP E. SSL F.actualtests. D. C.com 24 Ac tua QUESTION NO: 67 lTe Answer: C sts . AH C. Phreaking "Pass Any Exam. Any Time.CompTIA SY0-101: Practice Exam QUESTION NO: 65 IPSec uses which of the following protocols to provide traffic security? (Select TWO). SSH Answer: B. L2TP B. Encapsulating Security Protocol (ESP) D. The key server is superior in large systems. WAN B.D QUESTION NO: 68 In addition to bribery and forgery. The root certificate authority key can be stored offline. A small manufacturing company wants to deploy secure wireless on their network.co m . Certificate authority revocation is easy to implement.www. WPA D. WEP Answer: C. PKI is less complex to deploy. A.C QUESTION NO: 66 Which of the following would be an advantage for using PKI over a key server system? A." . Which of the following wireless security protocols could be used? (Select TWO). B. IPX C. which of the following are the MOST common techniques that attackers use to socially engineer people? (Select TWO) A. A.

Data integrity B. Changing the user rights and security groups B. Implementing a host based intrusion detection system C. Remote access lTe Which of the following would be an example of a high-availability disk technology? sts .co m 25 .www. RAID D.com Ac tua A. Clustering B. Load balancing C. Anti-aliasing D. Implementing a host based intrusion prevention system "Pass Any Exam.actualtests. Which of the following should the technician recommend to address this problem? A.E QUESTION NO: 69 Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received? A.CompTIA SY0-101: Practice Exam B. Assuming a position of authority Answer: D. Flattery E. Asymmetric cryptography C.A technician is auditing the security posture of an organization. Whois search C. The audit shows that many of the users have the ability to access the company's accounting information." . Dumpster diving D. Changing file level audit settings D. Any Time. Non-repudiation Answer: D QUESTION NO: 70 Answer: C QUESTION NO: 71 .

Trojan Answer: B QUESTION NO: 73 Answer: A Explanation: Common Gateway Interface is an older form of scripting that was used extensively in early web systems. D. Botnet C.CompTIA SY0-101: Practice Exam Answer: A QUESTION NO: 72 Which of the following is commonly used in a distributed denial of service (DDOS) attack? A.com 26 Ac tua lTe A. SQL (Structured Query Language) server "Pass Any Exam. The HTTP (Hypertext Transfer Protocol) protocol. sts . 2004. p 136 QUESTION NO: 74 Choose the compoenent that you would locate in the DMZ (Demilitarized Zone). The compiler or interpreter which runs the CGI script. but it still widely used in older systems. The external data provided by the user. Adware B. Although the answer is not given in the paragraph from the book. Alameda .www. and it interacted with the client browser. The CGI script ran on the web server. The web browser. Sybex . A. C.actualtests.co Which scenario or element would typically cause a CGI (Common Gateway Interface) security issue? m ." . B. the answer would be D. Phishing D. Security+ Study Guide . CGI scripts could be used to capture data from a user using simple forms. CGI is frowned upon in new applications because of its security issues. Reference: Mike Pastore and Emmett Dulaney . Any Time. 2nd Edition.

B. attack patterns within the network and malicious activities. A network based IDS system can detect dial-in intrusions and attempts to physically access the server. A network based IDS system can monitor and report on all network traffic. A network based IDS system can see packet header information. By isolating a server in a DMZ. FTP (File Transfer Protocol) server D. Alameda . Sybex .CompTIA SY0-101: Practice Exam B. based on where it is located. Customer account database Answer: C Explanation: A DMZ is an area where you can place a public server for access by people you might not trust otherwise. Security+ Study Guide . you can hide or remove access to other areas of your network.com 27 Ac tua lTe sts . the IDS detects a potential security breach. A FTP server can be used by people from outside of your network and should be placed in the DMZ. User workstations C. A network based IDS system can detect attacks in progress. the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.actualtests.www. C. p 26 QUESTION NO: 75 Of the intrusion detection capabilities listed below. Reference: Mike Pastore and Emmett Dulaney . logs the information and signals an alert. QUESTION NO: 76 A security specialist is called to an onsite vacant office where an employee has found an unauthorized wireless access device connected to an RJ-45 jack linked to the corporate LAN. which is invisible to hostbased IDS systems. In a reactive system. which is FALSE for a network based IDS system? A. 2nd Edition. D. "Pass Any Exam. Any Time." . Answer: B Explanation: In a passive system.co m . 2004.

posters. Application-proxy Answer: D QUESTION NO: 78 Choose the attack or malicious code that cannot be prevented or deterred solely through using technical measures. Answer: D QUESTION NO: 77 Which of the following types of firewalls provides inspection at layer 7 of the OSI model? A. Man in the middle attacks. Install a sniffer. Disconnect the network cable. QUESTION NO: 79 Company intranet. A.co m 28 .actualtests. B. D. login banners and e-mails would be good tools to utilize in a security: "Pass Any Exam. For this reason social engineering attacks cannot be deterred through technical means. Packet filters B. Stateful inspection C. Dictionary attacks. it is unlawful to use technology to directly control people's emotions and behaviors. D.com Ac tua lTe sts . C. Social engineering." . Call the police.CompTIA SY0-101: Practice Exam Which of the following actions should the administrator take FIRST? A. Answer: B Explanation: Because of human rights laws.www. Any Time. Network address translation (NAT) D. B. newsletters. Turn off the power. C. DoS (Denial of Service) attacks.

anti-virus program C. likewise advertising techniques can also be used to bring awareness to security programs. bridge C.CompTIA SY0-101: Practice Exam A.com Ac tua lTe sts . investigation D. awareness program B.co m 29 .www. honeypot B." . Sensitivity labels "Pass Any Exam. router Answer: A QUESTION NO: 81 A software or hardware device that allows only authorized network traffic in or out of a computer or network is called a: A. control test C. QUESTION NO: 80 An IDS sensor on a network is not capturing all the network data traffic. This may be happening because the sensor is connected to the network with a: A. hub D. packet sniffer D.actualtests. Any Time. switch B. policy review Answer: A Explanation: Advertisement techniques are used to bring product awareness to a consumer. firewall Answer: D QUESTION NO: 82 Which of the following access decisions are based on a Mandatory Access Control (MAC) environment? A.

Ownership C. QUESTION NO: 83 Which of the following is a best practice for managing user rights and privileges? A. create groups.com 30 Ac tua lTe sts . Any Time. and grant rights and privileges based on groups. sandbox B. C.actualtests. assign rights and privileges based on individual certificates." . Create a list of departments. deploy biometric hardware to the client computers. Answer: B QUESTION NO: 84 The concept that a web script is run in its own environment and cannot interfere with any other process is known as a: A. Enroll users in a biometric authentication system.www. B. and grant rights and privileges. Group membership D. Identify roles and objects to be accessed. D. All objects are given security labels known as sensitivity labels and are classified accordingly. issue certificates to each user. "Pass Any Exam. quarantine Answer: A QUESTION NO: 85 Choose the malicious code which can distribute itself without using having to attach to a host file. Access control lists Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments.CompTIA SY0-101: Practice Exam B. meet with the departments and direct them to access their departmental folder. VLAN C.co m . create a folder for each department. Then all users are given specific security clearances as to what they are allowed to access. honey pot D. Create a certificate authority.

Dry powder C. a forensics specialist executes a command on the computer being investigated.www.com 31 Ac tua lTe sts . C. A virus.CompTIA SY0-101: Practice Exam A. NETSTAT B. IPCONFIG / IFCONFIG Answer: A QUESTION NO: 87 Which of the following is a suppression method for a Class C fire? A. A worm. Carbon dioxide (CO2) D." .actualtests. Answer: C QUESTION NO: 86 During a live response to an unauthorized access. A Trojan horse. nmap C. D. Corporate security policy "Pass Any Exam. Which of the following can be used to explain the reasons a security review must be completed? A. Which of the following commands would be used to display the current network connections on the local computer? A. Risk assessment C. B. Soda acid B. The sales department has requested that the system become operational before a security review can be completed. Water Answer: C QUESTION NO: 88 A computer system containing personal identification information is being implemented by a company's sales department. A logic bomb. netcat D. Need to know policy B.co m . Any Time.

You want to reduce the likelihood of certpaper. Create and enforce network security policy. vulnerabilities D. B." . Encrypt all company e-mail messages.com Ac tua A. Badge security system B. threats B.www. Escorting of guests "Pass Any Exam. lTe sts You work as the security administrator. It asks what action will discourage the employees.co QUESTION NO: 90 m 32 . assets Answer: D How will you accomplish the task? Answer: C Explanation: The question doesn't ask what method can be used to best secure the emails. QUESTION NO: 91 Which of the following is the MOST effective social engineering defensive strategy? A.actualtests. D. Create and enforce ACLs (Access Control List).com employees misusing your ORG. Vulnerability assessment Answer: C QUESTION NO: 89 The first step in risk identification would be to identify: A. Implement a strong authentication method. or what will best prevent the transmission of nonessential email. . costs C. so the correct answer is to create a network security policy that defines what kind of email use constitutes the term misuse.CompTIA SY0-101: Practice Exam D. e-mail. Any Time. C.

Sybex .CompTIA SY0-101: Practice Exam C.com Ac tua lTe Reference: Mike Pastore and Emmett Dulaney . Logic bomb C.www. Mandatory Access Control (MAC) Answer: B QUESTION NO: 94 "Pass Any Exam. D. 2004. Buffer overflow D. choose the exploit that can be considered a DoS attack because more traffic than what the node can handle is flooded to that node. A." . 2nd Edition. Marking of documents Answer: C QUESTION NO: 92 From the list below. Discretionary Access Control (DAC). Smurf attack Answer: C QUESTION NO: 93 An organization has a hierarchical-based concept of privilege management with administrators having full access. Ping of death B. Alameda . Role Based Access Control (RBAC) C.actualtests. p 135 sts Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. . Rule Based Access Control (RBAC). Any Time. human resources personnel having slightly less access and managers having access to their own department files only. This situation can cause an application to terminate. B. Security+ Study Guide . This is BEST described as: A. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Training and awareness D.co m 33 .

co m 34 . Network Based Active Answer: A. Answer: A QUESTION NO: 97 The employees at a company are using instant messaging on company networked computers. Force the change by security group. Force the change with group policy B. Force the change with remote logon. C. The MOST important security issue to address when using instant messaging is that instant messaging: A. D.D QUESTION NO: 95 Which of the following is considered by some HIDS tools to detect system security related anomalies? A. uses weak encryption "Pass Any Exam.actualtests. Host Based Active C. Host Based Passive D.CompTIA SY0-101: Practice Exam Which of the following types of IDS should be implemented to monitor traffic on a switch? (Select TWO). Virus signature reports Answer: B QUESTION NO: 96 A." .www. Any Time. A. Patch reports B. Network Based Passive B. Vulnerability analysis snapshot comparison D.com Ac tua Which of the following is the MOST efficient way to force a large number of users to change their passwords on logon? lTe sts . File hashing snapshot comparison C. Force the change with registry editor.

Deploy a proxy server Deploy. They are also hardware based (at the switch and MAC level) Firewalls are used so that external users (outside the organization cannot get in). To identify remote access policies B. tua lTe You work as the security administrator at Certpaper.com.co m 35 . You also want to use the least amount of administrative effort to accomplish your task.com Ac A. The solution which you implement to restrict network access must be hardware based. C. QUESTION NO: 100 "Pass Any Exam. Deploy a VLAN (Virtual Local Area Network) Deploy. How will you accomplish the task? sts . B. communications are open and unprotected Answer: D QUESTION NO: 98 Which of the following is a reason to use a vulnerability scanner? A. Any Time.CompTIA SY0-101: Practice Exam B." . communications are a drain on bandwidth C. VLAN's would restrict access only to their local VLAN. To identify open ports on a system D. and this would require less administrative overhead than setting up firewalls at each subnet.www. Deploy a VPN (Virtual Private Network). To assist with protocol analyzing Answer: C QUESTION NO: 99 Answer: B Explanation: Implement a VLAN (Virtual Local Area Network) to restrict network access is the best answer. To assist with PKI implementation C. D.actualtests. has no common protocol D. You must ensure that internal access to other parts of the network is controlled and restricted. whereas VLAN's are used within an organization to provide security. Deploy firewalls between your subnets.

p 197 QUESTION NO: 101 Which of the following authentication systems make use of the KDC Key Distribution Center? A. A. Results in disconnection from the file server. Username/password D." . Security+ Study Guide . B. Results in theft of root user credentials. Any Time. Results in slow Internet connections. Trojan Horse programs. Challenge Handshake Authentication Protocol (CHAP) Answer: B "Pass Any Exam. Security Tokens B. CHAP C.CompTIA SY0-101: Practice Exam Choose the option that correctly details the greatest vulnerability of using Instant Messaging clients. Answer: A Explanation: IM clients can also be compromised by malicious code. Multifactor B. Kerberos D. C. Alameda . F. D. Results in loss of email privileges. Certificates Answer: C QUESTION NO: 102 Which of the following authentication methods is based upon an authentication server that distributes tickets to clients? A. 2nd Edition. Reference: Mike Pastore and Emmett Dulaney . 2004. Results in Blue Screen of Death errors.co m 36 . Results in malicious code being delivered by file transfer. Sybex . and traditional DoS attacks. E. Kerberos C.actualtests.com Ac tua lTe sts .www.

Dictionary C. Common Gateway Interface (CGI) script D. Locally saved passwords management systems C. Any Time. multiple access methods management systems D. 8 Answer: B QUESTION NO: 104 Answer: A QUESTION NO: 105 Poor programming techniques and lack of code review can lead to which of the following types of attack? A. then receiving a new temporary password on a pre-specified email address) without having to call the help desk. Self service password reset management systems B. this will significantly reduce the help desk call volume.co Which password management system best provides for a system with a large number of users? m 37 . Buffer overflow B. 4 B.com Ac Explanation: A self service password reset is a system where if an individual user forgets their password. For a system with many users.CompTIA SY0-101: Practice Exam QUESTION NO: 103 Which of the following is the number of security associations in an IPSec encrypted session for each direction? A. tua lTe sts A. synchronized passwords management systems .actualtests.www. 2 D." . they can reset it on their own (usually by answering a secret question on a web prompt. one C. Birthday Answer: A "Pass Any Exam.

CompTIA SY0-101: Practice Exam Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. This exploitation is usually a result of a programming error in the development of the software. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 135

QUESTION NO: 106 Most current encryption schemes are based on: A. algorithms B. time stamps C. digital rights management D. randomizing Answer: A

QUESTION NO: 107

A. At the stage when the connection is established. B. At the stage when the connection is established and at whichever time after the connection has been established. C. At the stage when the connection is established and when the connection is disconnected. D. At the stage when the connection is disconnected. Answer: B Explanation: CHAP performs the handshake process when first establishing a connection; and then at random intervals during the transaction session.

QUESTION NO: 108

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer.

lTe

sts

.co

m

38

CompTIA SY0-101: Practice Exam One type of port scan can determine which ports are in a listening state on the network, and can then perform a two way handshake. Which type of port scan can perform this set of actions? A. A TCP (transmission Control Protocol) fin scan B. A TCP (transmission Control Protocol) connect scan C. A TCP (transmission Control Protocol) null scan D. A TCP (transmission Control Protocol) SYN (Synchronize) scan Answer: D Explanation: In SYN scanning, a TCP SYN packet is sent to the port(s) to be scanned. If the port responds with a TCP SYN ACK packet, then the port is listening. If it replies with a TCP RST packet, then it is not.

QUESTION NO: 109

Which of the following would be the MOST important reason to apply updates? A. Software is a productivity facilitator and as new functionality is available the functionality must be enabled. B. Software is inherently insecure and as new vulnerabilities are found the vulnerabilities must be fixed. C. Software is a supported product and vendors won't support the product if the latest version is not installed. D. Software is a licensed product and the license will expire if not updated Answer: B

QUESTION NO: 110

A security specialist for a large distributed network with numerous divisions is selecting an access control model. Employees in the human resource division need access to personnel information but not production data and operations employees need access to production data only. Which of the following access control models would be MOST appropriate? A. Role Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Rule Based Access Control (RBAC) D. Discretionary Access Control (DAC)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

39

CompTIA SY0-101: Practice Exam Answer: A Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

QUESTION NO: 111 You work as the security administrator at Certpaper.com. One morning you discover that a user named Mia Hamm has used her user account to log on to a network server. Mia has then executed a program and been able to perform operations which only a network administrator or security administrator should be able to. What type of attack has occurred? A. Trojan horse. B. Security policy removal. C. Privilege escalation attack. D. Subseven back door. Answer: C

QUESTION NO: 112 A company has instituted a VPN to allow remote users to connect to the office. As time progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? A. IKE B. AES

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 522

tua

Explanation: A user obtaining access to a resource they would not normally be able to access. This is done inadvertently by running a program with SUID (Set User ID) or SGID (Set Group ID) permissions or by temporarily becoming another user.

lTe

sts

.co

m

40

3DES Answer: A QUESTION NO: 113 From the options.com Ac Answer: A tua A.CompTIA SY0-101: Practice Exam C. A. m Answer: A 41 . Vulnerability exploits. C." . PKI Answer: A "Pass Any Exam. DoS (Denial of Service) attack. L2F lTe L2TP tunneling replies on which of the following for security? sts .www.co Explanation: Spoofed e-mails will not be detected by the IDS. Spoofed e-mail B. SSL D. Digital signatures B. Cipher block chaining C. Secret keys D.actualtests. SSH C. QUESTION NO: 114 QUESTION NO: 115 Non-repudiation is enforced by which of the following? A. Port scan attack D. choose the attack which an IDS (Intrusion Detection System) cannot detect. SHA D. Any Time. IPSec B.

Answer: C Explanation: With a unique user ID you'll have soft evidence on the timing and the action any accessed user accomplishes.co m A security system that uses labels to identify objects and requires formal authorization to use is BEST described as: 42 . what makes unique user IDs especially important? A.www. Role-Based Access Control (RBAC) D. C.actualtests. Unique user IDs show which files and data were changed. Reciprocal agreement C. Kerberos C. Cold site B. Hot site Answer: D QUESTION NO: 117 When reviewing audit trails. Unique user IDs triggers corrective controls. they think twice about doing something they shouldn't do. Any Time." . When a user known that they are being tracked. Discretionary Access Control (DAC) . Warm site D. Unique user IDs cannot be modified easily. QUESTION NO: 119 "Pass Any Exam.com Ac tua QUESTION NO: 118 lTe Answer: A sts A. B. D.CompTIA SY0-101: Practice Exam QUESTION NO: 116 Which of the following would be the MOST effective backup site for disaster recovery? A. Mandatory Access Control (MAC) B. Unique user IDs establishes individual accountability.

IPSec (Internet Protocol Security) B.actualtests. which details a specific advantage of implementing a single sign-on technology? A. hierarchical B. B.com Ac tua lTe Explanation: The Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. The model with no single trusted root is known as: A. Multiple applications can be installed. HTTP (Hypertext Transfer Protocol) Answer: C Reference: Mike Pastore and Emmett Dulaney . You can configure system wide permissions. Answer: C Explanation: "Pass Any Exam. VPN (Virtual Private Network) C.co m 43 .CompTIA SY0-101: Practice Exam Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. hybrid Answer: C QUESTION NO: 120 One of these protocols is used to encrypt traffic passed between a web browser and web server. 2nd Edition. Any Time. Security+ Study Guide . Sybex .www. 2004. Which is it? A. sts . Users must log on twice at all times. p 365 QUESTION NO: 121 From the options. C. downlevel C." . SSL (Secure Sockets Layer) D. Multiple directories can be browsed. peer-to-peer D. D. Alameda .

review logs for other compromises and notify the human resources department. C. D. Security+ Study Guide . 2nd Edition. p 434 QUESTION NO: 122 A credential that has been digitally signed by a trusted authority is known as: A. review logs for other compromises.co m 44 . the specialist should: A. Spy ware D. reboot the affected server. Alameda . a certificate Answer: D QUESTION NO: 123 Which of the following will allow you to monitor a user??s online activities? A. 2004. "Pass Any Exam. a trust relationship D.actualtests. virus C. review logs for other compromises and report the situation to authorities. Any Time.www. worm Answer: C QUESTION NO: 124 A security specialist is reviewing writable FTP directories and observes several files that violate the company's security policy. contain the affected system. Sybex . an encrypted tunnel C. Reference: Mike Pastore and Emmett Dulaney . Logic bomb B." . delete the files that violate security policy and report the situation to authorities. a trusted packet B. B.CompTIA SY0-101: Practice Exam The purpose is so a user can gain access to all of the applications and systems they need when they log on with a single sign-on.com Ac tua lTe sts . review logs for other compromises and report the situation. In addition to checking the FTP server.

Birthday attacks C. The Certpaper . Open TCP (Transmission Control Protocol) port 110 to inbound and outbound connections.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 125 You work as a security administrator at Certpaper .co m 45 . This exploitation is usually a result of a programming error in the development of the software. This situation can cause an application to terminate. Open UDP (User Datagram Protocol) port 25 to inbound connections. C. Buffer overflow attacks D.com Ac tua A. Sybex .www. 2004. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. p 135 "Pass Any Exam.com.actualtests. Alameda . which exploits poor programming techniques or lack of code review? sts QUESTION NO: 126 . CGI (Common Gateway Interface) scripts B. D. Open TCP (Transmission Control Protocol) port 25 to inbound and outbound connections. Answer: C Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. 2nd Edition. Answer: C Explanation: TCP port 25 is reserved for SMTP while port 110 is for POP3. B. Security+ Study Guide . Which ports must you open on the firewall to support SMTP connections? A. Open UDP (User Datagram Protocol) port 110 to inbound connections. Any Time." . Reference: Mike Pastore and Emmett Dulaney . Dictionary attacks lTe From the listing of attack types.com network must be configured to support e-mail communication using SMTP (Simple Mail Transfer Protocol).

One-to-many mapping D. B. One-to-one mapping C. Fraggle Answer: C You plan to update the user security policy. Many-to-many mapping B. Many-to-one mapping Answer: B. Replay B. Whom should the new updated user security policy be distributed and made available to? A. Smurf D.actualtests. All auditors. Considering the question refers to a user security policy. All users.co m 46 .www. All security administrators.CompTIA SY0-101: Practice Exam QUESTION NO: 127 Which of the following are types of certificate-based authentication? (Select TWO) A.com Ac tua QUESTION NO: 129 lTe sts . "Pass Any Exam. XMAS Tree C. C. I would say D would be the best choice. the users and staff need to know the policy.D QUESTION NO: 128 Which of the following types of attacks consists of a computer sending PING packets with the destination address set to the network's broadcast address and the source address set to the target computer's IP address? A. This is a tricky question with many close answers. All staff. Answer: B Explanation: There are many policies for companies these days. Any Time." . but make your best decision. D.

Enable auditing. They will build a tunnel under a river. or underneath a highway. Man in the middle attacks C. Tunneling is the process of moving through three levels of firewalls. Network engineers use tunneling to protect a data flow from the elements of the internet. D. Enable auditing. Any Time. Tunneling is the process of passing information over the Internet within the shortest time frame.CompTIA SY0-101: Practice Exam QUESTION NO: 130 Which of the following best describes what tunneling is? A.com 47 Ac tua lTe A." . "Pass Any Exam. C. C. D. Trojan horse programs sts Which of the following would be the MOST common method for attackers to spoof email? .www. Open relays D. Tunneling is the process of creating a tunnel capable of capturing data. Enable auditing and set auditing to record all events. Set auditing on the object and respond as alerts are generated.co m . Web proxy B. They tunnel by placing secure encrypted IP packets into a non-secure IP packet. Tunneling is the process of utilizing the Internet as part of a private secure network. QUESTION NO: 131 Answer: C QUESTION NO: 132 Which of the following BEST describes the sequence of steps in the auditing process? A. Answer: D QUESTION NO: 133 Which of the following are components of host hardening? (Select TWO). B.actualtests. set auditing on the object and respond as alerts are generated. Answer: D Explanation: Civil engineers build tunnels to allow one direction of traffic flow to be protected against another traffic flow. set auditing on objects and review event logs. B.

E. p 127 lTe Explanation: IPSec provides secure authentication and encryption of data and headers. Disabling unnecessary services. AH (Authentication Header). Mutual D. Any Time. SSH (Secure Shell). A.co m 48 . Alameda . Configuring the Start menu and Desktop B. the data or payload and message headers are encrypted. Transport modes encrypt only the payload. 2004. Answer: C QUESTION NO: 135 Which of the following types of authentication models uses a smart card and a User ID/Password for accessing network resources? A. DES (Data Encryption Standard). choose the VPN (Virtual Private Network) tunneling protocol. Tokens B.C QUESTION NO: 134 From the options. 2nd Edition. B. IPSec can work in tunneling mode or transport mode." .actualtests.CompTIA SY0-101: Practice Exam A. IPSec (Internet Protocol Security). D. Multifactor Answer: D "Pass Any Exam. Sybex . sts . In tunneling mode.com Ac tua Reference: Mike Pastore and Emmett Dulaney . Removing a user's access to the user's data. D. Adding users to the administrator group. C. Biometric C. Answer: B. Applying patches C.www. Security+ Study Guide .

Ownership tua In a mandatory access control (MAC) environment. Access control lists D.com 49 Ac A. Nmap D. All objects are given security labels known as sensitivity labels and are classified accordingly. QUESTION NO: 139 When setting password rules.actualtests. John the Ripper B. Detection based B.co m . Keyword based C." . Then all users are given specific security clearances as to what they are allowed to access. Cain & Abel Answer: C QUESTION NO: 138 Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. Signature based D. which of the following are access decisions based on? lTe sts . which of the following would lower the level of security of a network? "Pass Any Exam. Group membership C. Any Time. L0phtcrack C.www. Anomaly based Answer: C QUESTION NO: 137 Which of the following is a port scanning utility? A. Sensitivity labels B.CompTIA SY0-101: Practice Exam QUESTION NO: 136 Which of the following types of IDS uses known patterns to detect malicious activity? A.

Under this scenario. D." . Complex passwords that users can not remotely change are randomly generated by the administrator and given to users Answer: D Explanation: If a user gets a difficult password that they can't remember. Update rights B.CompTIA SY0-101: Practice Exam A. Full access lTe A clothing store with a single location has one owner. Any Time. the risk of social engineering increases.com Ac Answer: A tua A. C. Reformatting C. and with regular disgruntled users getting emotional over passwords. Since the user won' be able to reset the password themselves they'll have to make regular trips to help desk for a new password. Read rights D. QUESTION NO: 140 QUESTION NO: 141 What is the BEST process of removing PII data from a disk drive before reuse? A.actualtests. there's a certain chance that they will forget the password or compromise security by writing down their password on a Post It note on their keyboard. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before. B. Write rights C. Destruction B.www. Sanitization Answer: D "Pass Any Exam.co m 50 . After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account. two managers and six cashiers. Degaussing D. Passwords must be greater than six characters and contain at least one non-alpha. which of the following inventory system permissions might be BEST aligned with the least privilege principle for the managers? sts .

Non-repudiation lTe Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with? sts QUESTION NO: 143 . Implement aone time password. B. Authentication B. Integrity D. Confidentiality C." . 194 "Pass Any Exam. Implement PPTP (Point-to-Point Tunneling Protocol). C. 110 E. 49 F. Implement a VPN (Virtual Private Network). Implement complex password requirements. So by chance. 143 B. D. Any Time. Answer: C Explanation: A one time password is simply a password that has to be changed every time you log on.co m 51 .CompTIA SY0-101: Practice Exam QUESTION NO: 142 Which of the following is a solution that you can implement to protect against an intercepted password? A.actualtests. QUESTION NO: 144 Which of the following ports are typically used by email clients? (Select TWO) A.com Ac Answer: C tua A. effectively making any intercepted password good for only the brief interval of time before the legitimate user happens to login themselves. 3389 C. 23 D.www. if someone were to intercept a password it would probably already be expired. or be on the verge of expiration within a matter of hours.

PKI Answer: A QUESTION NO: 146 Malicious port scanning is a method of attack to determine which of the following? A. the hacker can look up known vulnerabilities and exploits for that particular system. User IDs and passwords Answer: B QUESTION NO: 147 Which of the following activities is MOST closely associated with DLL injection? A.co m 52 . Network mapping Answer: C "Pass Any Exam. Any Time.com Ac Explanation: Malicious port scanning is an attempt to find an unused port that the system won't acknowledge. tua lTe sts . Penetration testing D. The fingerprint of the operating system C. Vulnerability assessment C. The physical cabling topology of a network B." . Computer name D. Several programs now can use port scanning for advanced host detection and operating system fingerprinting.www. SSL B.D QUESTION NO: 145 A URL for an Internet site begins with 'https:' rather than 'http:'' which is an indication that this web site uses: A. PGP C.actualtests.CompTIA SY0-101: Practice Exam Answer: A. With knowledge of the operating system. Kerberos D. SQL servers B.

" . illicit servers D.www.co The MOST common exploits of Internet-exposed network services are due to: m 53 .CompTIA SY0-101: Practice Exam QUESTION NO: 148 Which of the following portions of a company's network is between the Internet and an internal network? A. the CA should issue: A.actualtests.com Ac tua lTe sts A. Buffer Overflow C. Bastion host D. active content (e. Java Applets) B. Demilitarized zone (DMZ) Answer: D QUESTION NO: 149 Answer: D QUESTION NO: 150 Which of the following could result in a DDoS? A. Trojan horse programs C. NIPS D. Any Time. TCP/IP Hijacking B. buffer overflows . a CRL "Pass Any Exam. IDS C. Privilege escalation Answer: D QUESTION NO: 151 If a user reports that the user's public/private key has been compromised. Filter router B.g.

Discretionary Access Control (DAC) B. a PKCS Answer: A QUESTION NO: 152 The FIRST step in creating a security baseline would be: A. PCI card D. creating a security policy C. A.B QUESTION NO: 154 A user is assigned access rights explicitly.CompTIA SY0-101: Practice Exam B. installing software patches B. an LDAP C." . Mandatory Access Control (MAC) D. Role Based Access Control (RBAC) Answer: A "Pass Any Exam. vulnerability testing. This is a feature of which of the following access control models? A. PCMCIA card C. Rule Based Access Control (RBAC) C. Smart card B. identifying the use case Answer: B QUESTION NO: 153 Which of the following would be an example of a hardware device where keys can be stored? (Select TWO). Network interface card (NIC) Answer: A.co m 54 .www. D.actualtests. a CPS D. Any Time.com Ac tua lTe sts .

war. Network D. To allow or deny network traffic from server based systems "Pass Any Exam.CompTIA SY0-101: Practice Exam QUESTION NO: 155 Which of the following would be BEST for deploying third-party application security updates on a network with 1.000 computers? A. force majeure." . Security Answer: A Explanation: In the hosting business. and past due accounts on your part. these agreements have exceptions which include: scheduled network maintenance. What must you include in the SLA to achieve this objective? A. To allow or deny specific actions to users or groups C.com. hacker attacks. hardware maintenance. Any Time. QUESTION NO: 157 Privileges are used for which of the following purposes? A. software maintenance. Sadly. Enterprise System Management (ESM) B. insurrections. and usually offer concessions for times of reduced availability. labour actions. Hosting B.co m 55 .www. virus attacks. You are defining a SLA (Service Level Agreement).com Ac tua lTe sts . Baseline security analyzer C.actualtests. To allow or deny signature updates to group applications B. To allow or deny network traffic from host based systems D. You want to ensure the availability of server based resources over guaranteed server performance levels. Application C. every company aims for 100% availability in their service level agreements. Logon script Answer: A QUESTION NO: 156 You work as the security administrator at Certpaper . Vulnerability scanner D. sabotage.

actualtests." . Implement session termination mechanism B. C. Implement two-factor authentication Answer: B QUESTION NO: 161 Which of the following is a critical element in private key technology? "Pass Any Exam.CompTIA SY0-101: Practice Exam Answer: B QUESTION NO: 158 Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data? A. Email Answer: B QUESTION NO: 159 An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following? A. Implement previous logon notification. Grounded wiring frame Answer: A Which of the following methods will help to identify when unauthorized access has occurred? A. Any Time. DNS B.co m 56 . TEMPEST C. D. Faraday cage B.com Ac QUESTION NO: 160 tua lTe sts .www. Mantrap D. Web D. FTP C. Implement session lock mechanism.

The storage and distribution of unlicensed software. DNS log B. Any Time. You want to enable anonymous FTP (File Transfer Protocol) read/write access. QUESTION NO: 164 On a Windows host." .com. D. D. Less server connections and network bandwidth utilization.CompTIA SY0-101: Practice Exam A. Choose the important factor which you should consider and be aware of. Keeping the key secret B. tua lTe You work as the security administrator at Certpaper . Distributing the key to everyone.actualtests. Passwords D.com Ac A. C. Key exchange C. Digital signatures Answer: B Answer: D Explanation: Anonymous FTP is based on good faith. Answer: A QUESTION NO: 162 The Diffie-Hellman encryption algorithm relies on which of the following? A. Using the key to decrypt messages. The detailed logging information for each user. Application log "Pass Any Exam. then answer C would seem to be the best answer.www. Getting the proper key the first time.co m 57 . The upload and download directory for each user. C. B. sts QUESTION NO: 163 . Tunneling B. which of the following event logs would contain failed logons? A. But if it used to take advantage of the non-secure logon.

F. Minimum password age Answer: B. Password complexity controls B. Account lockout D. Security log D.F Which of the following settings works BEST to avoid password reuse? (Select TWO). lays dormant until a user opens the certain program then deletes the contents of attached network drives and removable storage devices is known as a: "Pass Any Exam.actualtests.CompTIA SY0-101: Practice Exam C. D. or on their desk ledger. Boot sectors. A.com 58 Ac tua QUESTION NO: 166 lTe Explanation: When people create complex passwords that they can't remember. Choose all options that apply. Maximum password age E. C." . Any Time. Network diagrams. E. sts .co m . Answer: C.www. Process lists. System log Answer: C QUESTION NO: 165 Choose the items that an intruder would ignore when going through disposed garbage. Password history C. or are in a situation where they need multiple passwords they have a tendency of writing their passwords down.E QUESTION NO: 167 Malicious code that enters a target system.E. B. A. IP (Internet Protocol) address lists. Virtual memory. Old passwords. a Post It note. usually on a notepad.

worm Answer: C QUESTION NO: 168 A Windows file server is an example of which of the following types of models? A. a phishing attack lTe Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as: sts QUESTION NO: 169 . Open ports 636 and 137 D.com Ac tua A. honeypot C." . Open ports 137 and 139 "Pass Any Exam. Rule Based Access Control (RBAC) C. Any Time. Mandatory Access Control (MAC) D. Which ports must you open on the firewall to allow LDAP traffic? A. Trojan horse B. a Trojan horse B.com network must be configured to allow LDAP (Lightweight Directory Access Protocol) traffic. Open ports 389 and 636 C. The Certpaper .www.actualtests. Open ports 389 and 139 B.co m 59 . a man-in-the-middle attack C. logic bomb D.CompTIA SY0-101: Practice Exam A.com. Role Based Access Control (RBAC) Answer: A Answer: C QUESTION NO: 170 You work as the security administrator at Certpaper . Discretionary Access Control (DAC) B. social engineering D.

The standard does not discuss how the shared key is established.co Answer: C m 60 . C. More sophisticated key management techniques can be used to help defend from the attacks we describe. and an integrity check is used to ensure that packets are not modified in transit.11 standard describes the communication that occurs in wireless local area networks (LANs).www.edu/isaac/wep-faq." . Administrators only. The secret key is used to encrypt packets before they are transmitted. OnlyCertpaper . Anyone WEP relies on a secret key that is shared between a mobile station ( eg .11 standard. AllCertpaper . B.com users. QUESTION NO: 171 The Certpaper . most installations use a single key that is shared between all mobile stations and access points. Reference: http://www. sts .com wireless network environment uses WEP (Wired Equivalent Privacy) to provide wireless security.11x network from being automatically discovered. The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping.isaac. no commercial system we are aware of has mechanisms to support such techniques.html QUESTION NO: 172 To keep an 802. but it is frequently considered to be a feature of WEP. a user should: "Pass Any Exam. a base station). A secondary function of WEP is to prevent unauthorized access to a wireless network. In practice. A. Choose the entity or entities that can authenticate to an access point.CompTIA SY0-101: Practice Exam Answer: B Explanation: The 'well known' LDAP ports are 389 for LDAP and 636 for LDAP SSL. however. a laptop with a wireless Ethernet card) and an access point ( ie . this function is not an explicit goal in the 802. Any Time.com users that have the correct WEP (Wired Equivalent Privacy) key.com Ac tua lTe Explanation: The 802.actualtests. D.berkeley.cs.

Identification "Pass Any Exam. Answer: D QUESTION NO: 173 A user receives an email asking the user to reset the online banking username and password. change the SSID name. Protocol analyzer Answer: D QUESTION NO: 175 A user logs in with a domain account and is denied access to a specific file which the user should have access to. D.CompTIA SY0-101: Practice Exam A." . This would be an example of: A. spoofing Answer: C QUESTION NO: 174 Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text? A. leave the SSID default. Port scanner D. turn off the SSID broadcast. hijacking C. Any Time. Password cracker B.com 61 Ac tua lTe sts . redirecting B.co m . phishing D. the URL that appears in the browser does not match the link.actualtests. The email contains a link and when the user accesses the link. Which of the following is the problem? A.www. activate the SSID password B. Authentication C. C. Vulnerability scanner C. The server is not able to verify the identity of the user. Allocation B.

E.actualtests.com 62 Ac tua lTe sts Explanation: Since most wireless devices are low in: memory. "Pass Any Exam.co m ." . Identify the protocol (steps) that allow for the following: 1. and bandwidth capability creating a security mechanism is a difficult task. 2. Client and server authentication. Mobile device.CompTIA SY0-101: Practice Exam D. . A. Any Time. Wireless network interface card. WAP (Wireless Application Protocol) gateway B. MAC (Mandatory Access Control) and encryption algorithm negotiation. Answer: A. D. least privilege D. 3. Selection of cryptographic keys. concurrent session control B. C. This is an example of: A. WTLS is the method security for WAP (Wireless Application Protocol) and it provides transport layer security directly between a wireless device and the WAP gateway. Web server. access control Answer: D QUESTION NO: 178 SSL (Secure Socket Layer) establishes a stateful connection negotiated by a process performed between client and server. Which is it? Choose all that apply.E QUESTION NO: 177 A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties. Wireless client. processing power.www. separation of duties C. Authorization Answer: B QUESTION NO: 176 WTLS (Wireless Transport Layer Security) provides security services between network devices or mechanisms.

This situation can cause an application to terminate. Access control lists B. Security+ Study Guide .CompTIA SY0-101: Practice Exam A. Buffer Overflows. Alameda . SSL (Secure Sockets Layer) change cipher spec protocol. C. Constrained user interfaces "Pass Any Exam. SSL (Secure Sockets Layer) record protocol. D. SMTP Relay B. Sybex . B. tua lTe sts .www. Any Time. Answer: C Explanation: SSL Handshake Protocol * runs before any application data is transmitted * provides mutual authentication * establishes secret encryption keys * establishes secret MAC keys QUESTION NO: 179 Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept? A. C.actualtests. 2004." . p 135 QUESTION NO: 180 Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications? A.com 63 Ac Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. Cookies. SSL (Secure Sockets Layer) handshake protocol. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system.co m . D. Answer: C Reference: Mike Pastore and Emmett Dulaney . SSL (Secure Sockets Layer) alert protocol. CGI. 2nd Edition.

and the message will appear to be legitimate coming from the email server. Firewall logs Answer: D Choose the primary disadvantage of using a third party mail relay. Answer: C Explanation: Using a third party email relay can put you in an advantage of getting unnecessary spam. Anyone on the internet can relay an unsolicited email through an SMTP server. and it makes it much more difficult to trace the spammer. Worms self replicate while Trojan horses do not. D.actualtests. A third party mail relay restricts spammers from gaining access. C. Worms are a form of malicious code while Trojan horses are not.www. Encryption protocol Answer: C QUESTION NO: 181 An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. A third party mail relay restricts the types of e-mail that maybe sent. Single sign-on D. A third party mail relay limits access to specific users. "Pass Any Exam. A. AV server logs C. Which of the following could BEST be used to confirm the administrator's suspicions? A. Any Time. HIDS logs D.com Ac tua lTe sts QUESTION NO: 182 . QUESTION NO: 183 Choose the statement that best details the difference between a worm and a Trojan horse? A.CompTIA SY0-101: Practice Exam C. B.co m 64 . B. Spammers can utilize the third party mail relay. Proxy logs B." .

WEP makes a wireless LAN link as secure as a wired link. WTLS is the security layer of the WAP. 2004. data integrity and authentication for WAP services. QUESTION NO: 185 One type of network attack sends two different messages that use the same hash function to generate the same message digest. Authentication Which solution should you implement? sts . 2nd Edition. Reference: Mike Pastore and Emmett Dulaney .actualtests. It is used to encrypt and decrypt data signals transmitted between Wireless LAN devices. You want to implement a solution which will provide the following for handled devices in your wireless network: 1.com. pp 83.CompTIA SY0-101: Practice Exam C. Which network attack does this? "Pass Any Exam. D. They do not reproduce or self replicate. Alameda . The Trojan horse program may be installed as part of an installation process. Worms are distributed through e-mail messages while Trojan horses do not. There is no difference between a worm and a Trojan horse. providing privacy.co m .com 65 Ac Answer: B tua A." . WEP (Wired Equivalent Privacy) lTe You work as the security administrator at Certpaper . Data privacy 2. Not A: WEP is one of the most popular features available for a Wireless LAN. Security+ Study Guide . Answer: A Explanation: A worm is different from a virus. Worms reproduce themselves. 85 QUESTION NO: 184 Explanation: Short for Wireless Transport Layer Security. In essence. are self-contained and do not need a host application to be transported. Sybex . WAP (Wireless Application Protocol) B. Any Time.www. WSET (Wireless Secure Electronic Transaction) D. WTLS (Wireless Transport Layer Security) C. Data integrity 3.

co m Which of the following provides the MOST secure form of encryption? . Diffie-Hellman D. B. C.com 66 Ac tua lTe sts A. Ciphertext only attack. DES . QUESTION NO: 186 Answer: B QUESTION NO: 187 A malformed MIME (Multipurpose Internet Mail Extensions) header can have a negative impact on the system. Man in the middle attack. Answer: A Explanation: A birthday attack is based on the principle that amongst 23 people. 3DES B. QUESTION NO: 188 "Pass Any Exam. Can result in an e-mail server crashing. B. Can create a virus that infects the computers of users." . D. Can result in the unauthorized disclosure of private information. the probability of 2 of them having the same birthday is greater the 50%. D. Choose the option that correctly details this.actualtests. Birthday attack. By that rational if an attacker examines the hashes of an entire organizations passwords.CompTIA SY0-101: Practice Exam A.www. Answer: C Explanation: Microsoft Exchange Server 5. Patches have since been released. Brute force attack. they'll come up with some common denominators. AES C. C. A.5 had a vulnerability that made it suspect to crashes following a malformed MIME header.0 & 5. Any Time. Can lead to the creation of a back door. which will enable attackers to access the internal network.

actualtests. QUESTION NO: 189 Answer: A QUESTION NO: 190 The process of documenting who applied a patch to a specific firewall at a specific time and what the patch is supposed to accomplish is known as: A. Any Time. D.com Ac tua A. address on the same subnet. Router with firewall rule set lTe sts A remote user has a laptop computer and wants to connect to a wireless network in a hotel. logs and inventories B. A shared password. Certificate signed by a trusted root CA (Certificate Authority). Which is it? A. Common operating system. Which of the following should be implemented to protect the laptop computer when connecting to the hotel network? . B. change control management C. D. C. and a common operating system are ludicrous answers because they defy the reason why SSL exists. Answer: B Explanation: For an SSL connection to compete. Network firewall C. asset identification Answer: B "Pass Any Exam.www. user awareness. Personal firewall B. Privacy screen D. the web client and server should have a trusted certificate to confirm authenticity.co m 67 . Shared password. Address on the same subnet. a specific element has to exist." .CompTIA SY0-101: Practice Exam For a SSL (Secure Sockets Layer) connection to be automatically established between a web client and server.

Authorization B. "Pass Any Exam. Any Time. confidentiality and encryption.co m .CompTIA SY0-101: Practice Exam QUESTION NO: 191 Choose the terminology used to refer to the situation when authorized access is perceived as an intrusion or network attack. False negative D. A. False intrusion B. Confidentiality D. storage and recovery.actualtests. D. Non-repudiation sts Audit logs must contain which of the following characteristics? . Accessibility C. False positive C." .com 68 Ac tua lTe A. access control and trusts. QUESTION NO: 192 Answer: D QUESTION NO: 193 A digital signature is used for: A. when there is no need of any alarm. Answer: D QUESTION NO: 194 Choose the mechanism that is NOT a valid access control mechanism. C. B.www. Not B: A false positive is when legitimate traffic is picked up as an intruder. False alarm Answer: A Explanation: False intrusion is a false alarm. integrity and non-repudiation.

Sybex . B." . 2nd Edition. Permission bits Answer: C QUESTION NO: 196 Which of the following types of attacks is targeting a web server if thousands of computers are simultaneously sending hundreds of FIN packets with spoofed source IP addresses? A. sts . Brute force D. Answer: A Explanation: There is no such thing as a SAC (Subjective Access Control) list.co m 69 . D.com Ac Reference: Mike Pastore and Emmett Dulaney . MAC (Mandatory Access Control) list.CompTIA SY0-101: Practice Exam A. QUESTION NO: 195 Choose the access control method which provides the most granular access to protected objects? A. Alameda . C. DDoS C. or grant certain network capabilities to them. Any Time. Access control lists D. Capabilities C. SYN flood Answer: B "Pass Any Exam. ACLs allow a stronger set of access controls to be established in your network. p 235 tua lTe Explanation: Access control lists enable devices in your network to ignore requests from specified users or systems. XMAS tree scan B. DAC (Discretionary Access Control) list. Security+ Study Guide . SAC (Subjective Access Control) list. The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats. 2004.actualtests. RBAC (Role Based Access Control) list.www. Profiles B.

CompTIA SY0-101: Practice Exam

QUESTION NO: 197 Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network? A. The attacking computer's audit logs B. The firewall's logs C. The domain controller's logs. D. The target computer's audit logs. Answer: D

QUESTION NO: 198

Answer: A

QUESTION NO: 199

Which of the following is used by anti-virus software to detect viruses that have not been previously identified? A. Zero-day algorithm B. Quarantining C. Random scanning D. Heuristic analysis Answer: D

QUESTION NO: 200 From the options, which explains the general standpoint behind a DMZ (Demilitarized Zone)?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Buffer overflow B. Brute force C. Denial of service (DoS) D. Syntax error

sts

.co

Which of the following describes a server or application that is accepting more input than the server or application is expecting?

m

70

CompTIA SY0-101: Practice Exam A. All systems on the DMZ can be compromised because the DMZ can be accessed from the Internet. B. Only those systems on the DMZ that can be accessed from the Internet can be compromised. C. No systems on the DMZ can be compromised because the DMZ is completely secure and cannot be accessed from the Internet. D. No systems on the DMZ can be compromised because the DMZ cannot be accessed from the Internet. Answer: A

QUESTION NO: 201 Which of the following describes an attacker encouraging a person to perform an action in order to be successful? A. Social engineering B. Password guessing C. Back door D. Man-in-the-middle Answer: A

QUESTION NO: 202

A. Provide the FTP server's address to only those users that must access it. B. Allow blind authentication. C. Do not allow anonymous authentication. D. Redirect FTP to a different port. Answer: C Explanation: Early FTP servers did not offer security. Security was based on the honor system. Most logons to an FTP site used the anonymous logon. By convention, the logon ID was the user's email address, and the password was anonymous. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 137 "Pass Any Exam. Any Time." - www.actualtests.com 71

Ac

tua

You work as the security administrator at Certpaper .com. You must secure the FTP (File Transfer Protocol) server by allowing only authorized users access to it. How will you accomplish this task?

lTe

sts

.co

m

CompTIA SY0-101: Practice Exam

QUESTION NO: 203 Choose the protocol used by a web server to encrypt data. A. ActiveX B. TCP/IP (Transmission Control Protocol/Internet Protocol) C. SSL (Secure Sockets Layer) D. IPSec (Internet Protocol Security) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.

QUESTION NO: 204

A. Role Based Access Control (RBAC) B. Discretionary Access Control (DAC) C. Rule Based Access Control (RBAC) D. Mandatory Access Control (MAC) Answer: D

QUESTION NO: 205 One of the following options details the main advantage of why you should choose to use SSL (Secure Sockets Layer) over using HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer). Which is it? "Pass Any Exam. Any Time." - www.actualtests.com 72

Ac

Which of the following access control models uses subject and object labels?

tua

lTe

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 365

sts

.co

m

8080 C. SSL provides full application security for HTTP whereas HTTPS does not." . Default pairing D. B. whereas HTTPS does not. SSL supports additional Application layer protocols. which of the following will allow this? A. Auto-population Answer: A QUESTION NO: 208 All of the following types of attacks can be detected by an IDS EXCEPT: A. Answer: A Explanation: SSL on its own works at the session layer (layer 5) so it has more versatility in protocols that it supports. for instance FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol).co m Which ports need to be open to allow a user to login remotely onto a workstation? 73 . spoofed e-mail "Pass Any Exam. 3389 D.actualtests. SSL supports user authentication whereas HTTPS does not. Inheritance B.www.com Ac tua lTe sts A. 53 B. Denial of Service (DoS) B. C. 636 .CompTIA SY0-101: Practice Exam A. Any Time. SSL and HTTPS are transparent to the application. QUESTION NO: 206 Answer: C QUESTION NO: 207 A technician wants to be able to add new users to a few key groups by default. Template C. D.

com 74 Ac tua QUESTION NO: 210 lTe Explanation: Answer : B is correct to stop anyone from corrupting the evidence. Answer: D Explanation: Ping confirms a connection by sending and receiving ICMP packets.www." . You have become aware of a hacker accessing confidential company data from over the network.C. exploits of bugs or hidden features. sts Answer: A. D.CompTIA SY0-101: Practice Exam C. QUESTION NO: 209 You work as the security administrator at Certpaper . Answer: B Explanation: Spoofed e-mails will not be detected by the IDS. A share scanner. Detach the network cable from the server to prevent the hacker from accessing more data. Prevent members of the organization from entering the server room. Prevent members of the incident response team from entering the server room.B. B. A ping scanner. which of the following should be done by the email administrator? "Pass Any Exam. QUESTION NO: 211 To aid in preventing the execution of malicious code in email clients. D.actualtests. Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol). Any Time. A port scanner. A map scanner.co m . C.com. A. A. B. C. port scan D.D . Which of the following actions should you perform? Choose all correct answers. Shut down the server to prevent the hacker from accessing more data.

Any Time. Install expensive surveillance equipment. Protocol analyzer B. Port scanner C.CompTIA SY0-101: Practice Exam A. Security log Answer: C Kerberos uses which of the following ports by default? A. 139 Answer: A QUESTION NO: 214 You work as the security administrator at Certpaper . Destroy all paper and other media that are no longer required. 443 D. Networkmapper D. Remove the contents of the trash can on a regular basis. Employ additional security staff D.www. How will you accomplish the task? A. Email client features should be disabled B. Preview screens should be disabled Answer: C QUESTION NO: 212 Which of the following would allow a technician to compile a visual view of an infrastructure? A.com. 23 C. Spam and anti-virus filters should be used D. B. Regular updates should be performed C. Answer: A "Pass Any Exam.co m 75 . You want to reduce the current vulnerability from dumpster diving." . 88 B.actualtests.com Ac tua lTe sts QUESTION NO: 213 . C.

2004. p 51 QUESTION NO: 215 Communication is important to maintaining security because communication keeps: A. Most businesses do not do this.com 76 Ac tua QUESTION NO: 216 lTe Answer: A sts A. Least critical functions B. Companies generate a huge amount of paper in the normal course of events. Alameda . Systems functions C. SSL "Pass Any Exam. the IT security budget justified D. law enforcement informed of what is being done Answer: A QUESTION NO: 217 Which of the following is the MOST secure way to implement data encryption between SMTP servers? A. Most of the information eventually winds up in dumpsters or recycle bins. sensitive papers are either shredded or burned. Security+ Study Guide . In high security government environments. These dumpsters may contain information that is highly sensitive in nature.co m Following a disaster. which of the following functions should be returned FIRST from the backup facility to the primary facility? . PPTP B. Any Time. 2nd Edition. Sybex . Executive functions D.www. Web services . the network bandwidth usage under control C. Reference: Mike Pastore and Emmett Dulaney ." .CompTIA SY0-101: Practice Exam Explanation: Dumpster diving is a very common physical access method.actualtests. the user community informed of threats B.

The DAC (Discretionary Access Control) model uses certificates to control access to resources. D. This creates an opportunity for attackers to use your certificates. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources.actualtests. Choose the option that describes this flaw. .co m Answer: B 77 . p 440 "Pass Any Exam. Placing a computer system between the sender and receiver to capture information. Alameda . The process allows a more flexible environment. network users have some flexibility regarding how information is accessed.www. Listening or overhearing parts of a conversation B. Involve someone who routinely monitors network traffic QUESTION NO: 219 Answer: A Explanation: In a DAC model. but it increases the risk of unauthorized disclosure of information. L2TP Answer: C QUESTION NO: 218 Which of the following definitions would be correct regarding Active Inception? A. B. Security+ Study Guide . 2004. tua lTe sts The DAC (Discretionary Access Control) model has an inherent flaw. Someone looking through your files D. Sybex .com Ac A. The DAC (Discretionary Access Control) model does not have any known security flaws. This allows anyone to use an account to access resources.CompTIA SY0-101: Practice Exam C. Any Time. This model allows users to dynamically share information with other users. 2nd Edition." . TLS D. C. This creates a security loophole for Trojan horse attacks. C. The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. Reference: Mike Pastore and Emmett Dulaney .

notinstall the patch unless there is a current need.actualtests.www. D. You must configure the firewall to support TACACS. Adwar C. immediatelydownload and install the patch.com. lTe sts A. Port 53 C. Any Time. When you patch an operating system. B. test the patch on a non-production server then install the patch to production. Virus B. Port 49 B. It would be wise to backup your data BEFORE. Port 161 D. Worm D. So even if everything's operating normally.co m When a patch is released for a server the administrator should: 78 . install the patch and then backup the production server. installing a patch. Which port(s) should you open on the firewall? A. because they are developed the fix known vulnerabilities.E QUESTION NO: 221 Answer: A QUESTION NO: 222 You work as the security administrator at Certpaper . a patch is still very beneficial. Phishing Answer: B." . SPIM E.CompTIA SY0-101: Practice Exam QUESTION NO: 220 Which of the following will allow a credit card information theft? (chose TWO) A. and it would also be wise to test the patch on your least important servers first. there's always a risk that something can go wrong which can compromise your data and server operation. C. .com Ac tua Explanation: Software patches are good for network security. Port 21 Answer: A "Pass Any Exam.

QUESTION NO: 223 CGI scripts are susceptible to which of the following types of attacks? A. Any Time.com Ac tua lTe sts .CompTIA SY0-101: Practice Exam Explanation: TACACS uses both TCP and UDP port 49. A CD-ROM Answer: B QUESTION NO: 225 Most key fob based identification systems use which of the following types of authentication mechanisms? (Select TWO). Certificates E.E QUESTION NO: 226 "Pass Any Exam. Biometrics B. A. The manufacturer's website C. An email from the vendor B." . Cross site scripting B.co m 79 . SQL injection Answer: A QUESTION NO: 224 Which of the following is the BEST place to obtain a hotfix or patch for an application or system? A. Kerberos C. DNS spoofing D.actualtests. Token Answer: C. A newsgroup or forum D. Username/password D. Buffer overflows C.www.

Alameda . distribution authority Answer: A "Pass Any Exam. You should install a host based IDS (Intrusion Detection System) Answer: C Explanation: Viruses get into your computer in one of three ways. 2004. p 76 QUESTION NO: 227 Which of the following would be the minimally acceptable method of ensuring that a disposed hard drive does not reveal sensitive data? A.CompTIA SY0-101: Practice Exam Choose the most effective method of preventing computer viruses from spreading throughout the network.actualtests. Security+ Study Guide . Format the drive C.com Ac tua lTe sts . Delete the files and re-install the operating system Answer: A QUESTION NO: 228 A public key _____________ is a pervasive system whose services are implemented and delivered using public key technologies that include Certificate Authority (CA). Reference: Mike Pastore and Emmett Dulaney .vbs files.co m 80 . You should require root/administrator access to run programs and applications. A. 2nd Edition. infrastructure B. or as a part of another program. non-repudiation. You should enable scanning of all e-mail attachments. Any Time. B. and key history management. You should prevent the execution of . A. D. Use the FDISK Command D. digital certificates. They may enter your computer on a contaminated floppy or CD-ROM. Sybex ." . cryptography scheme C. exchange D.www. Perform multiple bit level overwrites B. C. through e-mail.

Alameda .co m 81 . XML (Extensible Makeup Language) B. 2nd Edition. QUESTION NO: 230 A. Disable promiscuous mode C. Any Time.actualtests. which is used to secure web transactions? A.com Ac Which of the following would be MOST effective in preventing network traffic sniffing? tua lTe Reference: Mike Pastore and Emmett Dulaney . This protocol uses the handshake method. SMTP (Simple Mail Transfer Protocol) C. The client then sends the server a certificate indicating the capabilities of the client. the server sends a message back to the client indicating a secure connection is needed.www. The server then evaluates the certificate and responds with a session key and an encrypted private key. Deployan IDS Answer: A Explanation: Switches don't send all traffic on the segment to every port so conventional sniffing methods don't work. Use switches instead of hubs B. S/MIME (Secure Multipurpose Internet Mail Extensions) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. p 365 sts . Sybex . The session is secure after this process. "Pass Any Exam. When a connection request is made to the server. Security+ Study Guide . 2004. Use hubs instead of routers D." . SSL (Secure Sockets Layer) D.CompTIA SY0-101: Practice Exam QUESTION NO: 229 From the list of protocols.

Hardware lTe Which of the following is the BEST description of the basic elements of virtualization? sts . Host. Any Time. Security+ Study Guide . Hypervisor. Emulator. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Buffer overflow B. Reference: Mike Pastore and Emmett Dulaney . Sandbox. Hypervisor. Sandbox. Hardware D. a firewall B.co m 82 . Hardware C. a hub Answer: A "Pass Any Exam. 2nd Edition. 2004." . Sybex .www. Brute force Answer: A Explanation: Buffer overflow occur when an application receives more data that it is programmed to accept. Spam D. Birthday C. Guest. network monitoring D. Guest. This situation can cause an application to terminate. NAT C.CompTIA SY0-101: Practice Exam QUESTION NO: 231 Which of the following is a common type of attack on web servers? A. Hypervisor. p 135 QUESTION NO: 232 QUESTION NO: 233 Stateful packet inspection is a methodology used by: A. Alameda .com Ac Answer: A tua A. Hypervisor. Hardware B.actualtests. Sandbox. Host.

Non-repudiation B.CompTIA SY0-101: Practice Exam QUESTION NO: 234 Which of the following types of authentication BEST describes providing a username. Kerberos B. Any Time.E sts A. Mutual D.www. Authorization E. Availability C. the user is rerouted to a protest webpage. . Integrity .actualtests. This is MOST likely: tua QUESTION NO: 236 lTe Answer: A. Multifactor Answer: D QUESTION NO: 235 A." . aDDoS attack B. Confidentiality D. a replay attack. the user is rerouted to a protest webpage. Answer: B QUESTION NO: 237 Using software on an individual computer to generate a key pair is an example of which of the following approaches to PKI architecture? "Pass Any Exam.co m Which of the following would be achieved by using encryption? (Select THREE).C. This is MOSTUsers are reporting that when attempting to access the company? web page on the Internet. password and undergoing a thumb print scan to access a workstation? A.com 83 Ac Users are reporting that when attempting to access the company web page on the Internet. DNS Poisoning C. Biometric C. a social engineering attack D.

Which of the following would be the BEST action to take? A. Active prevention C. Conducting user training sessions. C. Centralized Answer: B QUESTION NO: 238 A representative from the human resources department informs a security specialist that an employee has been terminated. Disable the employee's user accounts and delete all data. Decentralized C. Minimizing development cost.com Ac A. Hardening B. C. Contact the employee's supervisor regarding disposition of user accounts D. Answer: A "Pass Any Exam. Using an independent security instructor. Enumerating D. Answer: A QUESTION NO: 239 Answer: A QUESTION NO: 240 Which of the following would be MOST important when designing a security awareness program? A.CompTIA SY0-101: Practice Exam A. Creating security awareness posters and notices. B. Passive detection tua lTe Which of the following BEST describes the baseline process of securing devices on a network infrastructure? sts . Any Time.co m 84 .www. Distributed key B.actualtests. B. D. Disable the employee's user accounts and keep the data for a specified period of time. Change the employee's user password and keep the data for a specified period. Hub and spoke D." .

activation mechanism and has an objective. contamination mechanism and can exploit. where it can replicate and spread past security systems into other systems." . During the 80's and early 90's most viruses were activated when you booted from a floppy disk.www. Activation mechanism: Most viruses require the user to actually do something. A computer virus is a find mechanism. Switch D. A.actualtests. Hub Answer: C QUESTION NO: 243 Choose the statement which best defines the characteristics of a computer virus. Router B. initiation mechanism and can propagate.com 85 Ac tua lTe sts . connection mechanism and can integrate.CompTIA SY0-101: Practice Exam QUESTION NO: 241 Open FTP file shares on servers can facilitate which of the following types of attacks? A.co m . CPU starvation B. Any Time. A computer virus is a learning mechanism. Which of the following network devices should be used? A. or inserted a new "Pass Any Exam. B. Firewall C. D. Disk storage consumption Answer: D QUESTION NO: 242 A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. A computer virus is a search mechanism. Memory starvation C. Smurf D. C. Answer: D Explanation: Replication mechanism: To replicate a virus needs to attach itself to the right code. A computer virus is a replication mechanism.

one router and one firewall C. QUESTION NO: 246 You work as the security administrator at Certpaper . hog up memory. two routers D. QUESTION NO: 244 A demilitarized zone (DMZ) is a network segment that can be created by using: A. but some have the objective to delete data. C. Packet sniffing. Which is it? A. one firewall and one VPN B. You must implement an authentication protocol that uses only encrypted passwords during the authentication process. Cryptanalysis. Answer: A Explanation: Since only clear unencrypted text is being sent across the world through multitudes of WAN equipment and routers. Choose the authentication protocol that accomplishes this. B. D.actualtests. Reverse engineering. Nowadays most computer virus's come as email forwards. Any Time.com 86 Ac tua lTe sts .CompTIA SY0-101: Practice Exam floppy disk into an infected drive. it is easy for someone to sniff your conversation and eavesdrop on every single word you type.www. two firewalls Answer: D QUESTION NO: 245 An attacker can use a specific method to exploit the clear-text attribute of Instant-Messaging sessions. Kerberos "Pass Any Exam. A." . Port scanning. and they require the user to execute.com. or crash the system.co m . Objective: many viruses have no objective at all.

www. spam C. User education and awareness training B. To keep the server from using the same key for two sessions.actualtests. D. Brute force techniques are likely to break the key if given enough time. Disaster planning C.A user has received an email from a mortgage company asking for personal information including bank account numbers. C. phishing B. a hoax Answer: A QUESTION NO: 249 Sending a patch through a testing and approval process is an example of which of the following? A.CompTIA SY0-101: Practice Exam B.co m 87 . QUESTION NO: 247 Which of the following would be the BEST reason for certificate expiration? A. The longer an encryption key is used the more processing power it will consume." . CHAP (Challenge Handshake Authentication Protocol) Answer: D Explanation: CHAP is commonly used to encrypt passwords. It provides for on-demand authentication within an ongoing data transmission. Any Time. packet sniffing D. SMTP (Simple Mail Transfer Protocol) C. B. Answer: B QUESTION NO: 248 A. Renewal keeps the log files from getting too large. PPTP (Point-to-Point Tunneling Protocol) D. The challenge response uses a hashing function derived from the Message Digest 5 (MD5) algorithm. This would BEST be described as: lTe sts . that is repeated at random intervals during a session.com Ac tua . Acceptable use policies "Pass Any Exam.

www. performance-based E.com Ac tua A. B. Hierarchical lTe sts Which of the following trust models would allow each user to create and sign certificates for the people they know? . signature-based D. rate-based C.actualtests.CompTIA SY0-101: Practice Exam D. Rootkit D. Browser trust-list B. Single certificate authority (CA) D. Worm QUESTION NO: 251 Answer: B QUESTION NO: 252 All of the following monitoring types evaluate pre-specified conditions EXCEPT: (Select TWO). Web-of-trust C. A.E "Pass Any Exam.co m Answer: C 88 . Virus C. Trojan horse B." . Any Time. behavior-based. anomaly-based Answer: A. Change management Answer: D QUESTION NO: 250 Which of the following BEST describes a set of programs and code that allows an undetectable presence on a system with administrative rights? A.

www.com 89 Ac tua QUESTION NO: 255 lTe sts . User date B. Birthday B. "Pass Any Exam. Placing the password in a text document and saving the document on the system administrator's computer.actualtests. Ports 80 and 443. Operating system C. Writing the password on a note and placing the note under the computer keyboard. Sharing the password with a family member and asking the family member not to reveal the password.co m . Brute force C. Ports 20 and 21. C. System state D. B." . System files Answer: C QUESTION NO: 256 Choose the ports that are used to access the FTP (File Transfer Protocol) protocol. Writing the password on a piece of paper and storing the paper in a locked safe. Rainbow Answer: B Which of the following needs to be backed up on a domain controller to be able to recover Active Directory? A. Any Time. D. A. B. Answer: C QUESTION NO: 254 Which of the following methods of password guessing typically requires the longest attack time? A.CompTIA SY0-101: Practice Exam QUESTION NO: 253 Which of the following methods of documenting and storing a password is considered acceptable? A. Dictionary D.

port 20 is the data port and port 21 is the command port. when someone asks for help. and law of consistency. implementation C. Any Time. and be more suspect of an attack when someone does ask for a favor. Audit logs are not monitored frequently B. Ports 21 and 23. Lack of security awareness C. monitoring and administration Answer: C QUESTION NO: 258 Explanation: Social engineering attacks work because of the availability heuristic. so essentially they're being a good Samaritan. D. If an awareness program were to be implemented where employees could be aware of social engineering tactics.co m 90 . Strong passwords are not required D. guidelines and enforcement. they would be more likely to think about them. By availability. So by consistency. Multiple logins are allowed lTe Which of the following is a major reason that social engineering attacks succeed? sts .actualtests.CompTIA SY0-101: Practice Exam C. maintenance. In the past people have had experiences where a co-worker with a legitimate problem asked for help and been grateful for it. With this knowledge in intuition. "Pass Any Exam. D. and times when they needed help themselves and were helped. law of reciprocity. an employee will make a smarter decision. Answer: A Explanation: In basic FTP operations. B.www. QUESTION NO: 257 Human resource department personnel should be trained about security policy: A. they feel the urge to help others again the way they've helped out somebody in the past. they associate that ask for help for every legitimate cry for help. Ports 20 and 80.com Ac Answer: B tua A." .

B. Unix based B.CompTIA SY0-101: Practice Exam QUESTION NO: 259 A company implements an SMTP server on their firewall.html QUESTION NO: 261 Which of the following types of IDS should be employed to obtain the MOST information about the enterprise? A.actualtests. C. Keep the solution simple C. You are investigating the consequences of networks attacks aimed at FTP servers.cert.com Ac Explanation: In some implementations of FTP daemons. Any Time.co m 91 . the PORT command can be misused to open a connection to a port of the attacker's choosing on a machine that the attacker could not have accessed directly. The attack aims to store and distribute malicious code.www. The attack aims to exploita buffer overflow vulnerability on the FTP server. D." .com. The attack aims to establish a connection between the FTP server and another computer. and some vendors have developed solutions for this problem. The attack aims to reboot the FTP server. There have been ongoing discussions about this problem (called "FTP bounce") for several years.org/advisories/CA-1997-27. tua lTe sts . Which of the following states the aim of a FTP (File Transfer Protocol) bounce attack? A. Address internal threats D. Create an in-depth defense Answer: A QUESTION NO: 260 You work as the security administrator at Certpaper . Server based "Pass Any Exam. For more detailed information on this FTP Bounce attack refer to the hyperlink. Use a device as intended B. This implementation would violate which of the following security principles? A. Answer: C Reference: http://www.

Availability Answer: C QUESTION NO: 264 A programming mechanism used to allow administrative access while bypassing the usual access control methods is known as a: "Pass Any Exam. A." . User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes. Confidentiality C. Host based Answer: C Explanation: A network based Intrusion Detection System is not limited to a single server or network segment like a host based IDS. Network based D.actualtests. User accounts reports are periodically extracted from systems and user access dates are verified C.com Ac What is the primary security risk associated with removable storage? tua lTe sts .CompTIA SY0-101: Practice Exam C. Continuity D. Answer: C.co m 92 . it monitors all the traffic over the entire network QUESTION NO: 262 Which of the following BEST describes actions pertaining to user account reviews? (Select TWO). User account reports are periodically extracted from systems and employment verification is performed. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization. User accounts reports are periodically extracted from systems and end users are informed.E QUESTION NO: 263 A. Any Time. Integrity B. B.www. E. D.

By location Answer: B QUESTION NO: 267 You work as the security administrator at Certpaper . Choose the action which you should specify to perform when receiving an e-mail message warning of the existence of a virus on the system if a specific executable file exists? A. By network B.com Ac tua lTe sts QUESTION NO: 266 . expiration Answer: C Which is a BEST practice method to assign rights and privileges? A.actualtests. B. Any Time.co m 93 .CompTIA SY0-101: Practice Exam A. First investigate the e-mail message as a possible hoax with a trusted anti-virus vendor. By group D. revocation C.www. back door Answer: D QUESTION NO: 265 PKI provides non-repudiation by providing third-party assurance of certificate: A. First broadcast a message to the all users to alert them of the presence of a virus. You must document the procedure for handling computer virus infections. validation D. By individual C. D. "Pass Any Exam." . First locate and download a patch to repair the file. software exploit D. destruction B. First search for and delete the virus file. C. Trojan horse B.com. logic bomb C.

or the process of resetting the computer could activate the virus. instead it gets sent to a 'recycle bin. acceptance.com Ac tua lTe sts QUESTION NO: 268 . because it will waste bandwidth.CompTIA SY0-101: Practice Exam Answer: D Explanation: If a virus threat is for real. avoidance. Answer: B QUESTION NO: 269 Reusing a ticket. the wrong file can be deleted." . the file could be hidden. or Sophos will know about it before you. use a token B. One can miss a file. the major anti-virus players like Symantec. Any Time. The process of predicting threats and vulnerabilities to assets is known as threat: A. Incorrect answers: Searching for and deleting a file is not only a waste of time with today's OS's complex directory systems. modeling C. but there's a chance that the patch itself could be the virus. but its also ineffective. in Kerberos authentication will not be successful because the tickets: A. and they will have details on their sites.' Broadcasting an alert and creating panic isn't the right thing to do. as a replay attack. are time stamped Answer: D "Pass Any Exam. are encrypted D. McAfee. mitigation B. are digitally signed C. The act of locating and downloading a patch isn't just time consuming. and perhaps terrorizing the users is the original intent of the attack. and worst of all: when you delete a file it doesn't really get completely deleted.www.actualtests. D.co m 94 .

While browsing the retailer's web site. The user later observes unknown charges on the credit card bill and has not received the purchased items. Biometrics C. Many companies use smart cards as their primary method of access control. Privatekeys can be compromised.CompTIA SY0-101: Practice Exam QUESTION NO: 270 Choose the method of authentication which is the most COSTLY method. and they will become widely used over the next few years. 2nd Edition.com Ac tua lTe sts . Sybex . Check for shipping delays for the requested items. Shared secrets B. Which of the following actions should the user take? A. p 265 QUESTION NO: 271 Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication? A. 2004. Weak encryption can be easily broken B.co m 95 . the user wants to purchase an item and enters the credit card information. D. Be sure that a URL is secure before entering personal information. Security+ Study Guide . Implementations have been limited in many applications because of the high cost associated with these technologies." . A. Any Time. B. A user must trust the public key that is received Answer: D QUESTION NO: 272 A user accesses a retailer from an Internet search.www. Reference: Mike Pastore and Emmett Dulaney .actualtests. "Pass Any Exam. It is subject to a man-in-the-middle attack C. Alameda . Tokens D. Passwords Answer: B Explanation: Biometrics These technologies are becoming more reliable.

Type the retailer's web address directly into the URL in the future D. D.400 connectors have not been password protected. Disabling unnecessary services E. Limit the number of times online purchases are made monthly. Anonymous relays have not been disabled. Adding users to the administrator group D.com Ac tua A. Configuring the Start menu and Desktop. C. Which of the following is MOST likely the cause? A.E QUESTION NO: 275 An SMTP server is the source of email spam in an organization. 20 QUESTION NO: 274 Answer: D.actualtests. B.co m Answer: A 96 . Remote access to the email application's install directory has not been removed. 50 B. Applying patches lTe sts Which of the following are components of host hardening? (Select TWO) . Any Time.www. Answer: B "Pass Any Exam.CompTIA SY0-101: Practice Exam C. X. Removing a user access to the user data B. The administrator account was not secured. 51 D." . Answer: A QUESTION NO: 273 Which of the following protocols is used by Encapsulating Security Payload (ESP) in IPSec? A. C. 25 C.

Physically locking the WAP. however. blocking unwanted incoming traffic C. C. blocking unwanted outgoing traffic B. developing a firewall policy D. Give the caller a supervisor's name and telephone number to request authority to expedite the request. Disabling SSID broadcasting. Which of the following would be the BEST action for the employee to take? A. B.co m 97 . Broadcasting a false domain name.www. C." .CompTIA SY0-101: Practice Exam QUESTION NO: 276 Which of the following would be the BEST step to take to stop unauthorized users from targeting a wireless network with a site survey? (Select TWO). protecting againstDDoS attacks Answer: C Explanation: What good is a firewall without any kind of policy or configuration policy to be implemented? "Pass Any Exam.actualtests. the caller claims there is an emergency and asks that the request be expedited. D. Follow established procedures and report any abnormal incidents. The caller is knowledgeable about the company and the caller's name is listed in the company telephone and email directory.C QUESTION NO: 277 An employee receives a request from a person claiming to be an employee at a remote office location. A. D. Ask a supervisor for permission to deviate from established procedures due to the emergency Answer: C QUESTION NO: 278 The first step in effectively implementing a firewall is: A. E. Expedite the request since the caller's identity has been verified. Using a switch rather than a hub. Changing the default SSID. B. Any Time. Answer: B.com Ac tua lTe sts .

CompTIA SY0-101: Practice Exam QUESTION NO: 279 Which of the following logs shows when the workstation was last shutdown? A. DHCP Answer: C QUESTION NO: 280 Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? A. A: Social engineering D.co m 98 . A weak key Answer: A QUESTION NO: 282 The difference between identification and authentication is that: "Pass Any Exam.www.com Ac Which of the following describes an unauthorized user redirecting wireless network traffic from the intended access point to a laptop to inject a packet with malware? tua lTe sts . Renew the key C. Security C. Any Time. A man-in-the-middle attack B. System D." .actualtests. Delete the key Answer: A QUESTION NO: 281 A. Reconfigure the key D. A replay attack C. Access B. Revoke the key B.

actualtests. Secure Key Exchange Mechanism for Internet (SKEMI) C. A. Algorithm used tua Which of the following would be MOST desirable when attacking encrypted data? lTe sts . Intranet D.com 99 Ac A.www. C. Any Time. B. authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials. the IPSec Protocol Suite uses which of the following specific protocols for securing the data packet? (Select TWO). authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group. Answer: C QUESTION NO: 283 Which of the following describes a semi-trusted location used to securely house public facing servers between the Internet and the local network? A." . authentication verifies a set of credentials while identification verifies the identity of the network.co m .CompTIA SY0-101: Practice Exam A. Encapsulating Security Payload (ESP) B. authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials. Demilitarized zone (DMZ) B. Weak key B. Oakley "Pass Any Exam. VLAN C. D. Sniffed traffic C. VPN Answer: A QUESTION NO: 284 Answer: A QUESTION NO: 285 After establishing a tunnel. Block cipher D.

www. Authentication Header (AH) Answer: A. B." . Sybex . cancer victim child suffering from Herpes it creates undue panic and emotion in the work setting. starving. Alameda . A. C. E-mail hoaxes create unnecessary e-mail traffic. To measure the DNS server performance Answer: A "Pass Any Exam. Security+ Study Guide . Any Time.CompTIA SY0-101: Practice Exam D. as well as panic in users that are not technically inclined. Email hoaxes often create unnecessary traffic because they ask users to forward an email to everyone in address book. To control unauthorized DNSDoS D. tua lTe sts . 2004. E-mail hoaxes tend to encourage malicious users. IPSec can use AH or ESP.actualtests. E-mail hoaxes can result in buffer overflows on the e-mail server. Internet Security Association and Key Management Protocol (ISAKMP) E. 2nd Edition. the BEST answer is A.co m 100 . Reference: Mike Pastore and Emmett Dulaney . D. Answer: C QUESTION NO: 287 Which of the following is a reason to implement security logging on a DNS server? A. and whether it is a computer virus or a blind. E-mail hoaxes consume large quantities of server disk space.com Ac Explanation: Although answer choices B . To monitor unauthorized zone transfers B. chose the primary attribute associated with e-mail hoaxes.D have a degree of truth to them. p 371 QUESTION NO: 286 From the list of options.C.E Explanation: IPSec is a security protocol that provides authentication and encryption across the Internet. crippled. To perform penetration testing on the DNS server C.

To analyze the various network traffic with protocol analyzers B. Authorization B. To implement additional network services at a lower cost C. operating system patching instructions Answer: A. Encryption C." . Non-repudiation E. To centralize the patch management of network servers D. Integrity . Confidentiality F. Any Time. Authentication D.B QUESTION NO: 289 Answer: C.co m Which of the following security services are provided by digital signatures? (Select THREE). security awareness training B. risk assessment policies D. identity verification methods C.D. vulnerability testing techniques E.F QUESTION NO: 290 A. 101 .actualtests.com Ac Which of the following is a security reason to implement virtualization throughout the network infrastructure? tua lTe sts A. To isolate the various network services and roles Answer: D QUESTION NO: 291 Giving each user or group of users only the access they need to do their job is an example of which of the following security principals? "Pass Any Exam.www.CompTIA SY0-101: Practice Exam QUESTION NO: 288 The risks of social engineering can be decreased by implementing: (Select TWO) A.

Answer: A Explanation: Many newer viruses spread using email. Many times the virus is in an executable attachment. Web server Answer: B Which of the following should be scanned for viruses? A.www. B.actualtests. Remote Access Server (RAS) D. 2004. Alameda . Reference: Mike Pastore and Emmett Dulaney . The recipient opens this file thinking it is something you legitimately sent them. Least privilege D. C. Sybex . Microsoft Word documents. Executable files. Separation of duties B. When they open the file." . Any Time. 2nd Edition.co m 102 .CompTIA SY0-101: Practice Exam A. All of the above. Security+ Study Guide . The infected system includes an attachment to any email that you send to another user. p 78 QUESTION NO: 294 "Pass Any Exam. Access control C. the virus infects the target system. D.com Ac tua lTe sts QUESTION NO: 293 . Plain text documents. File and print server C. Email server B. Defense in depth Answer: C QUESTION NO: 292 Which of the following types of servers should be placed on a private network? A.

Scatternet C.F A. Full B. decrease the surface area for the attack C. VPN Answer: C QUESTION NO: 297 The IPSec Security Association is managed by "Pass Any Exam.actualtests.com Ac A company wants to connect the network to a manufacturer's network to be able to order parts.CompTIA SY0-101: Practice Exam Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media? A.www." . Any Time.co m 103 . Intranet B. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? tua QUESTION NO: 296 lTe sts . are not typically configured correctly or secured Answer: C. Extranet D. Delta Answer: B QUESTION NO: 295 Non-essential services are often appealing to attackers because non-essential services: (Select TWO) A. provide root level access E. sustain attacks that go unnoticed D. are not visible to an IDS F. Differential C. Incremental D. consume less bandwidth B.

2004.com Ac Reference: Mike Pastore and Emmett Dulaney .CompTIA SY0-101: Practice Exam A. An attacker can enable logging on the target system. ESP D.actualtests. An attacker can run a port scan against the target system. MD5 because it produces fewer numbers of collisions. Security+ Study Guide . Any Time. lTe sts . ISAKMP Answer: D QUESTION NO: 298 Which of the following actions can an attacker perform when network services are enabled on a target system? A. will let all of the protocols pass through them. IEEE B. Many routers. An attacker can install arootkit on the target system.www. MD5 because it produces 160-bits message digests C. 2nd Edition. B. RC4 because it produces 160-bits message digests Answer: B "Pass Any Exam." . SHA-1 because it produces 160-bits message digests. Sybex . Alameda .co m 104 . and it can reveal a great deal about your network. AH C. These ports will respond in a predictable manner when queried. B. p 69 tua Explanation: A TCP/IP network makes many of the ports available to outside users through the router. Port scans can be performed both internally and externally. An attacker can systematically query a network to determine which services and ports are open. An attacker can check the services file. D. C. unless configured appropriately. Answer: A QUESTION NO: 299 Which of the following is a suitable hashing algorithm for a secure environment? A. This process is called port scanning. D.

"Pass Any Exam. Any Time." . 160 C.actualtests. thereby tying up all the resources. thus overloading the originator of the ping (the receiving station). choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network? A. 64 Answer: A QUESTION NO: 301 Malicious software that travels across computer networks without user assistance is an example of a: A. 32 B.co m . worm B. Change this if you want but in the SYN flood the hacker sends a SYN packet to the receiving station with a spoofed return address of some broadcast address on their network. The receiving station sends out this SYN packets (pings the broadcast address) which causes multiple servers or stations to respond to the ping.com 105 Ac tua lTe sts . Smurf attack B. logic bomb Answer: A QUESTION NO: 302 From the listing of attacks. All incoming connections are rejected until all current connections can be established. virus D.CompTIA SY0-101: Practice Exam QUESTION NO: 300 How many characters is the output of a MD5 hash? A. SYN attack C. Trojan hors C. Therefore. 128 D. Birthday attack D. Buffer Overflow attack Answer: B Explanation: SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets. The receiving station tries to respond to each SYN request for a connection.www.

Which of the following BEST describes this document? "Pass Any Exam. 2004. sts . p 530 QUESTION NO: 303 While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in. Alameda . Software publisher certificate C. Security+ Study Guide . Certificate Authority (CA) certificate D. Sybex .co m . The pop-up window is a certificate which validates the identity of the plug-in developer. Any Time. Server certificate Answer: B QUESTION NO: 304 A. Username/password B. but you can find online more information on software publisher certificate. Reference: Mike Pastore and Emmett Dulaney . Mutual C.actualtests.com 106 Ac Which of the following authentication methods requires that the client authenticate itself to the server and the server authenticate itself to the client? tua lTe Explanation: This is not discussed in the book so much. whereas the network of the attacked station is actually what does the barrage of return packets and overloads the receiving station." . 2nd Edition. Multifactor D.CompTIA SY0-101: Practice Exam the hacker may send only 1 SYN packet. Which of the following BEST describes this type of certificate? A. Biometric Answer: B QUESTION NO: 305 A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems. The answer B is correct. Web certificate B.www.

Due diligence form Answer: B QUESTION NO: 306 MITRE and CERT are: A. virus propagation monitoring utilities. C. Looking over a co-workersshould'er to retrieve information Answer: A "Pass Any Exam. D. lTe Which of the following would be the FIRST step to take to mitigate the threat of non-essential domain accounts? sts QUESTION NO: 307 . Piggybacking B. Impersonation D." . anti-virus software companies. Any Time. Answer: C Answer: A QUESTION NO: 308 Turnstiles. Authorized Access Policy D. spyware and virus distributing software B. Review the domain accounts D. virus and malware cataloging organizations. Privacy Act of 1974 B. Acceptable Use Policy C.com Ac tua A. Develop a security policy B.www.CompTIA SY0-101: Practice Exam A.actualtests.co m 107 . Write an LDAP query. Looking through a co-worker's trash to retrieve information C. Rename the system administrator account C. double entry doors and security guards are all prevention measures for which of the following types of social engineering? A.

When the authorized user enters. C. The security specialist discovers that users have installed personal software. B. Halon C.actualtests. Other forms of piggybacking take advantage of human altruism. where the authorized user will try to do the right thing. the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Right click on the lock at the bottom of the browser and check the certificate information B. QUESTION NO: 309 Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment? A. "Pass Any Exam. Install software patches.com 108 Ac tua A newly hired security specialist is asked to evaluate a company's network security. Foam Answer: C A. Ensure that the web URL starts with 'https:\\'. Answer: B QUESTION NO: 311 Which of the following would be an easy way to determine whether a secure web page has a valid certificate? A.CompTIA SY0-101: Practice Exam Explanation: Piggybacking is an espionage tactic commonly used in the movies. Any Time. and prop the door open for them. An unauthorized person will put on a disguise and carry a heavy box to the door." . Carbon Dioxide B. Water D.www.co m . and waits for an unknowing authorized user to enter. Password management D. they use stealth to sneak behind them and gain access without the authorized user even knowing. Disable non-essential services. Which of the following would be the FIRST step to take? lTe QUESTION NO: 310 sts . Enforce the security policy. The hero or the villain hides by a secure entrance.

Sendmail is configured to allow the administrator's web access. CHAP D.9. Which is it? Choose all correct answers.com 109 Ac tua A.1X to authenticate a client to a network? A. Network Layer D. lTe sts Which of the following daemons is MOST likely to be the cause if an unauthorized user obtains a copy of a Linux systems /etc/passwd file? . Any Time.CompTIA SY0-101: Practice Exam C.co m Answer: A . Transport Layer E. D.8a is installed and configured for remote administration. ContactThawte or Verisign and ask about the web page D. Physical Layer B.www. FTP configures to allow anonymous user access. B. Data Link Layer Answer: B. Contact the web page's web master Answer: A QUESTION NO: 312 Which of the following protocols works with 802. LDAP C. A. C." . Application Layer. SSH with version 0. SSL has enabled the Apache service with no virtual hosts configured C. SPAP QUESTION NO: 313 Answer: D QUESTION NO: 314 The SSL (Secure Sockets Layer) protocol operates between specific layers of the OSI (Open Systems Interconnection) reference model. EAP B.D Explanation: "Pass Any Exam.actualtests.

so naturally it operates between the top two layers of the OSI model. Answer: A QUESTION NO: 318 "Pass Any Exam. BCP. The source has published the MD5 hash values for the executable program. B. SLA. The specialist performs a successful virus scan on the download but the MD5 hash is different. Any Time. secure the WAP D. D. VPN Answer: B QUESTION NO: 317 The purpose of the SSID in a wireless network is to: A." . C. QUESTION NO: 315 A security specialist has downloaded a free security software tool from a trusted industry site. Re-run the anti-virus program to ensure that it contains no virus execute B. Ignore the MD5 hash values because the values can change during IP fragmentation.CompTIA SY0-101: Practice Exam SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. C.com 110 Ac tua lTe sts .actualtests. DRP. Avoid executing the file and contact the source website administrator Answer: D QUESTION NO: 316 An end-to-end traffic performance guarantee made by a service provider to a customer is a: A. D. Which of the following steps should the specialist take? A. Install the executable program because there was probably a mistake with the MD5 value. protect the client C.www. define the encryption protocols used. identify the network B.co m .

2nd Edition. Larger key space D. User accounts and passwords are stored on a server configured for decentralized management. Disaster recovery plan B. Any Time. User accounts and passwords are stored on no more than two servers. Salt B. Security+ Study Guide . which of the following needs to be documented? A. Chain of custody C. Rainbow Table C. C.com 111 Ac tua Reference: Mike Pastore and Emmett Dulaney . User accounts and passwords are stored on a central authentication server.CompTIA SY0-101: Practice Exam To preserve evidence for later use in court. Sybex . sts . D. Chain of certificates Answer: B QUESTION NO: 319 Which of the following coorectly specifies where user accounts and passwords are stored in a decentralized privilege management environment? A. 2004. Alameda . Increase the input length Answer: A QUESTION NO: 321 "Pass Any Exam.co m . p 432 lTe Explanation: The key word is decentralized. Answer: C QUESTION NO: 320 Which of the following increases the collision resistance of a hash? A." .actualtests. Audit trail of systems usage D. User accounts and passwords are stored on each individual server. B. so the best answer would be B.www.

Incident response Answer: A Explanation: The chain of custody is a log of the history of evidence that has been collected. File integrity auditing D. Any Time. object identifiers. and the certificate's validity dates "Pass Any Exam. Security+ Study Guide . and the type of symmetric algorithm used for encryption D. configuration files. the certificate's serial number. User's public key. 2nd Edition. 2004. the Certificate Authority (CA) distinguished name.co m 112 . Reference: Mike Pastore and Emmett Dulaney .CompTIA SY0-101: Practice Exam Which of the following describes the process of comparing cryptographic hash functions of system executables. A: User's public key. Stateful packet filtering C. and the location of the user's electronic identity B. What guidelines do they use? A.509 certificate? A. Evidence D. Network based intrusion detection B." . and the Certificate Revocation List (CRL) entry point C. p 457 QUESTION NO: 323 Which of the following correctly identifies some of the contents of an end user's X. Chain of command C. Alameda . and log files? A. Host based intrusion detection Answer: C QUESTION NO: 322 Computer forensics experts use specific guidelines to gather and analyze data while minimizing data loss. This log should catalog every event from the time the evidence is collected.www.com Ac tua lTe sts . User's public key. the serial number of the CA certificate. Sybex .actualtests. Chain of custody B. User's public key.

A courier x-raying the contents Answer: B QUESTION NO: 325 A workstation is being used as a zombie set to attack a web server on a certain date.500 name of the entity that signed the certificate.co Version Serial Number The entity that created the certificate.CompTIA SY0-101: Practice Exam Answer: D Explanation: The X.actualtests. and describes how to write it down (the data format). Any Time. in addition to the signature: QUESTION NO: 324 A.nist.509 standard defines what information can go into a certificate. The infected workstation is MOST likely part of a: A. Theft of the media C. together with an algorithm identifier which specifies which public key crypto system this key belongs to and any associated key parameters. B. the CA.509 certificates have the following data.com Ac tua Which of the following may be a security issue during transport of stored tape media to an offsite storage location? lTe sts Reference: http://csrc.htm . Validity Period Subject Name Subject Public Key Information This is the public key of the entity being named. is responsible for assigning it a serial number to distinguish it from other certificates it issues. This is normally a CA. TCP/IP hijacking.www.gov/pki/panel/santosh/tsld002. Timely restore of lost data D. m 113 . All X. DDoS attack. Corruption of the media B. Signature Algorithm Identifier Issuer Name The X." . "Pass Any Exam. Using this certificate implies trusting the entity that signed this certificate.

If this happens too often then the IDS is not working properly. spoofing attack.www. False positives. Administration B. C. A. Answer: A QUESTION NO: 326 Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network? A. Install and monitoran IDS C. Run a sniffer D. . Perform a vulnerability assessment B. Any Time. man-in-the-middle attack.co m . QUESTION NO: 328 Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data. Symmetric key distribution system B. The other answers limit your assessment. Decrease in throughput. Compatibility.CompTIA SY0-101: Practice Exam C.actualtests. choose the disadvantage of implementing an IDS (Intrusion Detection System). Answer: C Explanation: A false positive is when legitimate traffic is picked up as an intruder. Asymmetric scheme "Pass Any Exam. D." . Run a port scan Answer: A From the options.com 114 Ac tua lTe QUESTION NO: 327 sts Explanation: Performing a vulnerability assessment is one of the most effective way to find holes in the network. A. D.

MAC addresses are a secure authentication mechanism and DTP allows only authenticated users. NESSUS D." . Asymmetric key distribution system D. MAC addresses can be spoofed and DTP allows only authenticated users. if a threat becomes known.actualtests.co m 115 . B. Which of the following issues should be discussed with senior management before VLAN implementation? A. D. when the vendor requires it D. "Pass Any Exam.com Ac tua lTe sts Answer: B .CompTIA SY0-101: Practice Exam C. Symmetric scheme Answer: B QUESTION NO: 329 A company wants to implement a VLAN. NetStumbler Answer: D QUESTION NO: 331 Default passwords in hardware and software should be changed: A. QUESTION NO: 330 A common tool used for wireless sniffing and war driving is: A. when the hardware or software is turned on. Sam Spade B. once each month C. Senior management believes that a VLAN will be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocol (DTP) will facilitate network efficiency. S/MIME C. MAC addresses can be spoofed and DTP allows rogue network devices to configure ports C.www. MAC addresses are a secure authentication mechanism and DTP allows rogue network devices to configure ports. Any Time. B.

Extranet D. WireShark D.com Ac Which of following can be used to determine the topology of a network and discover unknown devices? tua lTe sts A. Networkmapper Answer: D QUESTION NO: 335 Controlling access to information systems and associated networks is necessary for the preservation of their: "Pass Any Exam.co Which of the following is MOST often used to allow a client or partner access to a network? m 116 . Password crackers B.CompTIA SY0-101: Practice Exam Answer: D QUESTION NO: 332 Which of the following is a protocol analyzer? A.actualtests. John the Ripper B. Nessus C. Demilitarized zone (DMZ) B. Vulnerability scanner D. Any Time. Cain & Abel Answer: C QUESTION NO: 333 Answer: C QUESTION NO: 334 A. Penetration testing C." . VLAN C. Intranet .www.

integrity. integrity and availability referred to as the CIA of network security." . Security+ Study Guide . You will often see the confidentiality. Processor underutilization. D. DoS (Denial of Service). 2nd Edition. "Pass Any Exam.CompTIA SY0-101: Practice Exam A. There legitimate purpose is to find traffic flow problems and bottlenecks for the sake of network optimization. to use in replay attacks. authenticity. integrity and availability. Spoofer sts Which of the below options would you consider as a program that constantly observes data traveling over a network? . C. C. However. p 22 QUESTION NO: 336 Answer: C Explanation: Packet sniffers are used to capture. Fragmenter C. Any Time. availability and accountability.co m . A. authenticity. monitor and analyze traffic. Reference: Mike Pastore and Emmett Dulaney . confidentiality and availability B. Alameda . Increased network throughput. QUESTION NO: 337 Choose the option that correctly specifies a likely negative technical impact of receiving large quantifies of spam. Reduction in hard drive space requirements. confidentiality.actualtests. B. Sniffer D. integrity and availability Answer: C Explanation: The design goals of a security topology must deal with issues of confidentiality. Sybex .www. confidentiality. hackers use it to capture data.com 117 Ac tua lTe A. 2004. Smurfer B. The accountability is equally important. integrity and availability D.

com Ac tua Explanation: Fingerprinting is the act of inspecting returned information from a server ( ie . QUESTION NO: 338 From the listing of attacks.actualtests. ATM card and PIN C. Username and password Answer: B "Pass Any Exam. Reverse engineering. download. it is possible for some users to receive over a hundred unsolicited emails a day! If every user on a network received that much email. and store such email can potentially reduce a networks availability to zero. C. thus denying service. B. in an attempt to determine the operating system running in your networking environment? A. Each operating system will quote definite amount of message to the ICMP error messages. Any Time. The system resources required to: process. the human time necessary to sort through those emails will be Herculean. Photo ID and PIN B. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS. lTe sts . Retina scan and mantrap D.CompTIA SY0-101: Practice Exam Answer: A Explanation: In systems where no email filters are set up. One method is ICMP Message quoting where the ICMP quotes back part of the original message with every ICMP error message. Operating system scanning. Answer: C QUESTION NO: 339 Which of the following is an example of two-factor authentication for an information system? A. Fingerprinting D." .co m 118 . Host hijacking. which analyzes how the operating system (OS) responds to specific network traffic.www.

Deploy a firewall and IDS D.actualtests." . C. Conduct vulnerability analysis.CompTIA SY0-101: Practice Exam QUESTION NO: 340 Which of the following is the primary method of performing network hardening? A. Disable any unnecessary ports and services. B.com Ac tua lTe sts . Any Time.www. Develop a trust model Answer: A "Pass Any Exam.co m 119 .