CompTIA SY0-101

SY0-101 Security+

Practice Test
Version 3.0

CompTIA SY0-101: Practice Exam QUESTION NO: 1 A real estate company recently deployed Kerberos authentication on the network. Which of the following does Kerberos require for correct operation? (Select TWO). A. POP-3 B. Accurate network time C. Key Distribution Center D. Extranets E. SSL/TLS Answer: B,C

QUESTION NO: 2 401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE).401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE). A. Content B. TLSs C. Keys D. URLs E. CRLs F. Certificates Answer: A,D,F

QUESTION NO: 3

An administrator is selecting a device to secure an internal network segment from traffic external to the segment. Which of the following devices could be selected to provide security to the network segment? A. NIPS B. HIDS C. Internet content filter D. DMZ Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

2

CompTIA SY0-101: Practice Exam QUESTION NO: 4 Which of the following VPN implementations consists of taking IPv6 security features and porting them to IPv4? A. SSL B. IPSec C. L2TP D. PPTP Answer: B

QUESTION NO: 5

QUESTION NO: 6 Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software? A. Trojan horse B. Worm C. Virus D. Logic bomb Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

tua

lTe

Answer: A

sts

A. Role Based Access Control (RBAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Discretionary Access Control (DAC)

.co

m

A user is assigned access rights based on the function within the organization. This is a feature of which of the following types of access control models?

3

Rule Based Access Control (RBAC) B. Tracking cookie C. Any Time. in conjunction with the proper PIN (Personal Identification "Pass Any Exam. Session cookie B. A challenge-response session is a workstation or system that produces a random login ID that the user provides. when prompted." .com 4 Ac tua lTe sts A.CompTIA SY0-101: Practice Exam QUESTION NO: 7 Which of the following would be MOST important to have to ensure that a company will be able to recover in case of severe environmental trouble or destruction? A. Discretionary Access Control (DAC) D.actualtests.www. Alternate sites B. Disaster recovery plan C. Fault tolerant systems D. Persistent cookie D. Offsite storage Answer: B QUESTION NO: 8 Answer: B QUESTION NO: 9 Which of the following is often misused by spyware to collect and report a user's activities? A. Web bug Answer: B QUESTION NO: 10 Which definition best defines what a challenge-response session is? A. Role Based Access Control (RBAC) C.co A task-based control model is an example of which of the following? m . Mandatory Access Control (MAC) .

C.webopedia. Most security systems that rely on smart cards are based on challenge-response. Proxy "Pass Any Exam.actualtests. HIDS B." . when prompted. Any Time. Pseudorandom Number Generator (PRNG) Answer: A QUESTION NO: 12 An administrator wants to implement a procedure to control inbound and outbound traffic on a network segment. in conjunction with the proper PIN (Personal Identification Number). The smart card then displays a new code (the response) that the user can present to log in.CompTIA SY0-101: Practice Exam Number). Symmetric C. A challenge-response session is a special hardware device used to produce random text in a cryptography system. ACL C. D. Which of the following would achieve this goal? A.com/TERM/C/challenge_response. A challenge-response session is a workstation or system that produces a random challenge string that the user provides. A user is given a code (the challenge) which he or she enters into the smart card. One Way Function B.com Ac tua lTe QUESTION NO: 11 sts . Reference: http://www.html Which of the following describes a type of algorithm that cannot be reversed in order to decode the data? A.co m 5 . Answer: B Explanation: A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response).www. B. Asymmetric D. A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated.

2 10.1 23 SYN 10/21 0930 192.1 20 SYN 10/21 0915 192.10.168.2 10. NIDS Answer: B QUESTION NO: 13 Which of the following freeware forensic tools is used to capture packet traffic from a network? A.10.www.168.actualtests. B. Network News Transfer Protocol (NNTP) C.1 21 SYN 10/21 0920 192." . Domain Name Service (DNS) "Pass Any Exam. Denial of service (DoS) D.5.168.2.2 10.co QUESTION NO: 14 m .1 25 SYN Which of the following is MOST likely occurring? A. nmap B.10. dd Answer: C When reviewing traces from an IDS. the following entries are observed: Date Time Source IP Destination IP Port Type 10/21 0900 192. Expected TCP/IP traffic Answer: A QUESTION NO: 15 Which of the following protocols are not recommended due to them supplying passwords and information over the network? A.5.com 6 Ac tua lTe sts . SYN Flood C.2. Port scanning B. tcpdump D.2 10. SNMP (Simple Network Management Protocol). Any Time. NESSUS C.5.5.10.2.2.CompTIA SY0-101: Practice Exam D.168.

ISSE (Information Systems Security Engineering) lTe sts You work as the security administrator. 2004. Symmetric key C. which is a tunneling protocol that can only work on IP networks because it requires IP connectivity? "Pass Any Exam. 2nd Edition. Security token Answer: A Answer: A Explanation: Wired Equivalent Privacy is a wireless protocol designed to provide privacy equivalent to that of a wired network. p 372 QUESTION NO: 18 From the options.co QUESTION NO: 17 m . VPN (Virtual Private Network) C. 3DES encryption D. Any Time. WEP (Wired Equivalent Privacy) B. ISDN (Integrated Services Digital Network) D. Internet Control Message Protocol (ICMP) Answer: A QUESTION NO: 16 Which of the following must be installed for HTTPS to work properly on a web site? A. Reference: Mike Pastore and Emmett Dulaney . Security+ Study Guide . Alameda .CompTIA SY0-101: Practice Exam D.www.com 7 Ac tua A.actualtests. You want to implement a solution which will provide a WLAN (Wireless Local Area Network) with the security typically associated with a wired LAN (Local Area Network): Which solution should you implement? ." . Digital certificate B. Sybex .

Logic bomb C. L2TP protocol Answer: A Explanation: Point-to-Point Tunneling Protocol You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP)." . IP. however. IPX.CompTIA SY0-101: Practice Exam A.co m . Any Time. Like PPTP. PPTP protocol B. IPX protocol D. L2TP encapsulates Point-to-Point Protocol (PPP) frames. Brute force D. require IP connectivity between your computer and the server. Spoofing Answer: A "Pass Any Exam. SSH C. or NetBEUI protocols inside of PPP datagrams PPTP does not require a dial-up connection. which in turn encapsulate IP. IPX. Software exploitation B. Trojan horse B. Developed as an extension of the Point-to-Point Protocol (PPP). PPTP tunnels and/or encapsulates. Worm lTe A user downloads and installs a new screen saver and the program starts to rename and delete random files.www. Which of the following would be the BEST description of this program? sts .actualtests. Not B: L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP). It does. Virus D. or NetBEUI protocols QUESTION NO: 19 Answer: A QUESTION NO: 20 Which of the following BEST describes an attack that takes advantage of a computer not fully updated with the most recent operating system patches? A.com 8 Ac tua A. Vulnerability C.

Privilege escalation C. Router with firewall rule set Answer: B. Network-basedfirewal B. DoS B. Default accounts D.CompTIA SY0-101: Practice Exam QUESTION NO: 21 Secret Key encryption is also known as: A. Router with an IDS module F.www.com Ac tua lTe sts . Host-based IDS C. The network cannot be redesigned and the server cannot be moved. replay D. Weak passwords Answer: B "Pass Any Exam. Host-based firewall D. Network-based IDS E. Which of the following is this an example of? A. asymmetrical C. Answer: A QUESTION NO: 22 A companys security' specialist is securing a web server that is reachable from the Internet. The web server is located in the core internal corporate network.co m 9 .C QUESTION NO: 23 A program allows a user to execute code with a higher level of security than the user should have access to. one way function. A." . symmetrical B.actualtests. Any Time. Which of the following should the security specialist implement to secure the web server? (Select TWO).

Any Time. conduct a follow-up vulnerability analysis B. If the timestamp is not close enough to the current time (typically within five minutes) then the authenticator is rejected as invalid.www. test the essential functionality Answer: D QUESTION NO: 25 In a certificate hierarchy. Clocks are used to ensure that tickets expire correctly.CompTIA SY0-101: Practice Exam QUESTION NO: 24 A security specialist has completed a vulnerability assessment for a network and applied the most current software patches.actualtests. B. To insure that the authenticator is up-to-date and is not an old one that has been captured by an attacker. B. C. perform penetration testing D. Clocks are used to both benchmark and specify the optimal encryption algorithm. C. Terminal Access Controller Access Control System (TACACS). The authenticator contains the client's identity and a timestamp." . update the baseline C. Kerberos requires your system clocks to be loosely synchronized (the "Pass Any Exam. Certificate Revocation List (CRL). Clocks are used to ensure proper connections. D. the timestamp in the authenticator is checked against the current time. D. Clocks are used to generate the seed value for the encryptions keys.co m .com 10 Ac tua QUESTION NO: 26 lTe Answer: D sts A. Answer: A Explanation: The actual verification of a client's identity is done by validating an authenticator. the ultimate authority is called the: For which reason are clocks used in Kerberos authentication? A. Private Branch Exchange (PBX). . Thus. The next step before placing the network back into operation would be to: A. Root Certifying Authority (Root CA).

Key recovery B. Network perimeter D." . but it can be adjusted in Version 5 to be whatever you want).org/faqs/kerberos-faq/general/section-22. Which of the following would be the BEST location for the web server? A.co m Answer: B 11 . business partners. Faultrecover QUESTION NO: 28 Answer: C QUESTION NO: 29 A company's web server needs to be accessible by remote users.www.faqs. Reference: http://www. External network segment Answer: B.C "Pass Any Exam. Service pack D. Acknowledgement D. and corporate users. Internal network segment B.com Ac tua A. Patch template lTe sts Which of the following is an installable package that includes several patches from the same vendor for various applications? . Any Time. Patch rollup C.html QUESTION NO: 27 Message authentication codes are used to provide which service? A.actualtests. Demilitarized zone (DMZ) C. Hotfix B.CompTIA SY0-101: Practice Exam default is 5 minutes. Integrity C.

actualtests.CompTIA SY0-101: Practice Exam QUESTION NO: 30 In order to secure web-based communications. which is considered the best method for securing a web browser? A. a code of ethics D. CGI scripts. C.www. Disabling them (which is as easy as setting your browser security level to High) is the best method of securing a web browser. Answer: B QUESTION NO: 32 Documentation describing a group expected minimum behavior is known as:Documentation describing a group? expected minimum behavior is known as: A. secure. Challenge Handshake Authentication Protocol (CHAP) B. PPP Answer: C.D QUESTION NO: 31 From the recommendations below. the need to know C. IPSec F. tua lTe sts . JavaScript. the separation of duties "Pass Any Exam. Public-key cryptography D." . acceptable usage B. and cookies all poise security concerns. and within every users reach.com Ac Explanation: Features that make web surfing more exciting like: ActiveX. Disable all unused features of the web browser. Symmetric cryptography E. Blowfish encryption C.co m 12 . SSL uses: (Select TWO) A. Deploy a filtering policy for unknown and illegal websites that you do not want users to access. Any Time. B. D. Only use a VPN (Virtual Private Network) connection to connect to the Internet. Java. since its simple. Do not upgrade web browsers because new versions have a tendency to contain more security flaws.

DNS Answer: B QUESTION NO: 34 Which of the following describes backing up files and software that have changed since the last full or incremental backup? A.actualtests.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 33 Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header? A. Private addressing B. SOCKS D. D. Differential backup D. NAT C. Full backup C.co m 13 . Delta backup B. Any Time. need to know B.com Ac QUESTION NO: 35 tua lTe sts ." . decentralized management C. single sign-on Answer: D QUESTION NO: 36 "Pass Any Exam. Incremental backup Answer: D The authentication process where the user can access several resources without the need for multiple credentials is known as: A. Discretionary Access Control (DAC).www.

QUESTION NO: 38 A VPN is needed for users to connect to a remote site and the VPN must be transparent to the user. This protocol uses the handshake method. Gateway to Host C. Host to Host B. RC2 Answer: B Explanation: NO XPLANATION. and then provides its IP (Internet Protocol) address for verification purposes. QUESTION NO: 37 WEP uses which of the following stream ciphers? A. The server requests the user to produce the CRL (Certificate Revocation List). The server displays the page requested by the user on the browser. C.CompTIA SY0-101: Practice Exam From the options below.actualtests. Host to Gateway D.com Ac tua lTe sts . When a connection request is made to the server. RC4 C. The server validates the user by checking the CRL (Certificate Revocation List).www. The session is secure after this process. the server sends a message back to the client indicating a secure connection is needed. Which of the following VPN models would be BEST to use? A. IKE D.co m 14 . D. The server then evaluates the certificate and responds with a session key and an encrypted private key. B. The client then sends the server a certificate indicating the capabilities of the client. The server uses its digital certificate to identify itself to the browser. 3DES B. Gateway to Gateway "Pass Any Exam. which represents the first action performed by an SSL (Secure Sockets Layer) enabled server when a user clicks to browse a secure page? A. Any Time." . Answer: A Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines.

actualtests. Any Time. Network C.CompTIA SY0-101: Practice Exam Answer: D Explanation: NO XPLANATION. Common Gateway Interface (CGI) C. QUESTION NO: 40 SSL operates at which layer? A. magnetic media sorting C. QUESTION NO: 39 A web page becomes unresponsive whenever the embedded calendar control is used. Cookies Answer: A Explanation: NO XPLANATION. server drive redundancy "Pass Any Exam." .www. offsite storage B.com 15 Ac tua lTe sts . Application Answer: C Explanation: SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. so naturally it operates between the top two layers of the OSI model. Transport D. Data link B. ActiveX B. QUESTION NO: 41 An important component of a good data retention policy is: A. Which of the following types of vulnerabilities is occurring? A. Cross-site scripting D.co m .

Use packet sniffing software on all inbound communications D. this person walks into the room behind the group without providing credentials to gain access.www. Walk behind B. Since the older an operating system is. Or when they make new software release (Linux kernels seam to be updated every other day) they try to fix all known vulnerabilities. sts . an administrator should adopt which of the following preventative measures? A. Which of the following would BEST describe this activity? tua lTe Explanation: Operating system manufacturers pride themselves in having a secure system. and the instant they realize that there's a security breach they assign a team on it to develop a security patch. Enable auditing on the web server and periodically review the audit logs B. Tailgating D. As some of the group enters the room. Shoulder surfing C.CompTIA SY0-101: Practice Exam D. Block all Domain Name Service (DNS) requests coming into the server. C.co m Answer: D . Any Time. QUESTION NO: 43 A.actualtests. backup software licensing Answer: A QUESTION NO: 42 To reduce vulnerabilities on a web server. Social engineering Answer: C QUESTION NO: 44 Which of the following connectivity is required for a web server that is hosting an SSL based web site? "Pass Any Exam." .com 16 Ac A person walks up to a group of people who have physical access to a network operations room. Apply the most recent manufacturer updates and patches to the server. the more time a hacker's have to seek vulnerabilities. A simple security patch that takes a couple of minutes to download and install is the difference between having a secure network and having a system made completely useless by a worm.

Web-of-trust Answer: D QUESTION NO: 46 Answer: A Explanation: Hoaxes do have the possibility of causing as much damage as viruses. Single certificate authority (CA) B. Hoaxes can create as much damage as a real virus. Port 443 outbound B. Hoaxes can help educate users about a virus. Any Time. Port 80 inbound C. B. Browser trust-list C. Which of the following should the company implement? "Pass Any Exam.com 17 Ac A. sts .CompTIA SY0-101: Practice Exam A. which statement is TRUE? Choose the best TRUE statement. Many hoaxes instruct the recipient to forward the message to everyone that they know and thus causes network congestion and heavy e-mail activity. C." .co m . QUESTION NO: 47 A company conducts sensitive research and development and wants a strict environment for enforcing the principles of need to know. Hierarchical D.actualtests. Port 443 inbound D. and least privilege. Port 80 outbound Answer: C QUESTION NO: 45 Which of the following trust models would allow each user to create and sign certificates for the people they know? A. tua lTe On the topic of comparing viruses and hoaxes. Hoaxes are harmless pranks and should be ignored. Hoaxes also often instruct the user to delete files on their computer that may cause their computer or a program to quit functioning. Hoaxes carry a malicious payload and can be destructive.www. D. separation of duties.

an IDS Answer: B. 2nd Edition.co m .CompTIA SY0-101: Practice Exam A. B. Sybex . access controls that restrict usage C.D "Pass Any Exam. Mandatory Access Control (MAC) B. but at the expense of increasing the risk of unauthorized disclosure of information? A. The process allows a more flexible environment. Single sign on D. using a VPN D. sts . recording to write-once media.actualtests. but it increases the risk of unauthorized disclosure of information." . Discretionary Access Control (DAC) C. Security+ Study Guide . Any Time. Alameda . Discretionary Access Control (DAC) method C. Single factor authentication Answer: A QUESTION NO: 48 Which access control method allowsusers to have some level of flexibility on how information is accessed. network users have some flexibility regarding how information is accessed. This model allows users to dynamically share information with other users.www. E. 2004. an intrusion prevention system (IPS) F. p 440 tua lTe Explanation: In a DAC model. a firewall that creates an enclave B.com 18 Ac Reference: Mike Pastore and Emmett Dulaney . Mandatory Access Control (MAC) method Answer: B QUESTION NO: 49 Audit log information can BEST be protected by: (Select TWO). Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. All of the above D. Role-Based Access Control (RBAC) method. A.

B. Answer: A. Nested loops D. The model with no single trusted root is known as: "Pass Any Exam. Input validation C." . Automatic updates B. Users are tricked into changing the system configuration. Technical support resources are consumed by increased user calls.www. Answer: A QUESTION NO: 52 A. Users are at risk for identity theft.CompTIA SY0-101: Practice Exam QUESTION NO: 50 Which of the following would be considered a detrimental effect of a virus hoax? (Select TWO). a worm D. Signed applets Answer: B QUESTION NO: 53 Pretty good privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. The email server capacity is consumed by message traffic. a Trojan horse B.B QUESTION NO: 51 Malicious code that enters a computer by means of a freely distributed game that is intentionally installed and played is known as: A. an email attachment. D.co m 19 .actualtests.com Ac Which of the following programming techniques should be used to prevent buffer overflow attacks? tua lTe sts . C. a logic bomb C. Any Time. A.

D." . hybrid B. C. The MAC model can be very restrictive.CompTIA SY0-101: Practice Exam A. lTe Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments.www. The person connects a packet sniffer to the network switch in the wiring closet and hides the sniffer behind the switch against a wall. RBACs (Role Based Access Control) method D. DACs (Discretionary Access Control) method Answer: B QUESTION NO: 55 A person pretends to be a telecommunications repair technician. A. All objects are given security labels known as sensitivity labels and are classified accordingly.com Ac Reference: Mike Pastore and Emmett Dulaney .actualtests. p 11 tua The MAC model is a static model that uses a predefined set of access privileges to files on the system. 2nd Edition. peer-to-peer. files or resources. Any Time. a man in the middle attack "Pass Any Exam. The system administrator establishes these parameters and associates them with an account. This is an example of: A. hierarchical Answer: B QUESTION NO: 54 Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item. 2004. MACs (Mandatory Access Control) method C. Security+ Study Guide . LBACs (List Based Access Control) method B. Sybex . Then all users are given specific security clearances as to what they are allowed to access. Alameda .co m 20 . social engineering B. enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. sts . downlevel.

actualtests. Kerberos C. PKI Answer: B "Pass Any Exam. A company with a dedicated information technology (IT) security staff. A locked. a penetration test Answer: A QUESTION NO: 56 Social engineering attacks would be MOST effective in which of the following environments? (Select TWO). Any Time. A company with a help desk whose personnel have minimal training.CompTIA SY0-101: Practice Exam C. A rainbow table B. stores a shared key for each network resource and uses a Key Distribution Center (KDC)? A.com Ac tua lTe sts QUESTION NO: 57 . A military facility with computer equipment containing biometrics. A public building that has shared office space." . A networkmapper C. A. a vulnerability scan D. windowless building D. B. A hash function D. E. TACACS+ D.www. RADIUS B. C. A password generator Answer: A QUESTION NO: 58 Which of the following network authentication protocols uses symmetric key cryptography. Which of the following would allow an administrator to find weak passwords on the network? A.D m 21 .co Answer: A.

Which of the following would be the FIRST action to take? A." . Determine the business impact. Answer: C QUESTION NO: 61 A system administrator reports that an unauthorized user has accessed the network. tua lTe A. but also the data integrity. QUESTION NO: 60 Choose the terminology or concept which best describes a (Mandatory Access Control) model. Any Time. Synchronous password generator D.www. Asynchronous password generator Answer: C Explanation: An synchronous password generator. BIBA C. Contact law enforcement officials. Clark and Wilson sts . Smart cards C. "Pass Any Exam. Cryptographic keys B.CompTIA SY0-101: Practice Exam QUESTION NO: 59 Choose the password generator that uses a challenge-response method for authentication. A. B.co m 22 . C.actualtests. D. so not only can the authentication be assured. Bell La-Padula B.com Ac Explanation: The word lattice is used to describe the upper and lower level bounds of a user' access permission. Notify management. Lattice D. That challenge can also include a hash of transmitted data. has an authentication server that generates a challenge (a large number or string) which is encrypted with the private key of the token device and has that token device's public key so it can verify authenticity of the request (which is independent from the time factor). Contain the problem.

some do not. Send an alert to the appropriate personnel C. 446 D. Although most systems resist such attacks. Teardrop C. QUESTION NO: 63 Answer: B QUESTION NO: 64 The MOST common Certificate Server port required for secure web page access is port: A. 25 B. Stop generating audit records D. Log off the user lTe Which of the following should be done if an audit recording fails in an information system? sts . Dictionary B. SMURF Answer: A Explanation: Dictionaries may be used in a cracking program to determine passwords.co m 23 ." . 443 Answer: D "Pass Any Exam. A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. 80 C. Any Time. Overwrite the oldest audit records B.com Ac tua A. which one is it? A.www. Spamming D. one system in five yielded to a particular dictionary attack.actualtests.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 62 One of the below attacks focus on the cracking of passwords. In one case.

IPX C.actualtests. WAN B. L2TP B. PKI is less complex to deploy.co m . WEP Answer: C. WPA D. PPTP E.C QUESTION NO: 66 Which of the following would be an advantage for using PKI over a key server system? A.www. which of the following are the MOST common techniques that attackers use to socially engineer people? (Select TWO) A." . The key server is superior in large systems.D QUESTION NO: 68 In addition to bribery and forgery. D.CompTIA SY0-101: Practice Exam QUESTION NO: 65 IPSec uses which of the following protocols to provide traffic security? (Select TWO). A. SSH Answer: B. The root certificate authority key can be stored offline. Certificate authority revocation is easy to implement. Phreaking "Pass Any Exam. A small manufacturing company wants to deploy secure wireless on their network.com 24 Ac tua QUESTION NO: 67 lTe Answer: C sts . C. SSL F. A. AH C. Any Time. Which of the following wireless security protocols could be used? (Select TWO). B. Encapsulating Security Protocol (ESP) D.

Implementing a host based intrusion prevention system "Pass Any Exam. Clustering B. Load balancing C." .co m 25 .com Ac tua A. Dumpster diving D. Any Time. Asymmetric cryptography C. Whois search C. Changing the user rights and security groups B. Assuming a position of authority Answer: D.E QUESTION NO: 69 Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received? A. Implementing a host based intrusion detection system C. Remote access lTe Which of the following would be an example of a high-availability disk technology? sts . Flattery E.actualtests. Which of the following should the technician recommend to address this problem? A. Non-repudiation Answer: D QUESTION NO: 70 Answer: C QUESTION NO: 71 . Data integrity B.A technician is auditing the security posture of an organization. Anti-aliasing D. The audit shows that many of the users have the ability to access the company's accounting information.CompTIA SY0-101: Practice Exam B.www. Changing file level audit settings D. RAID D.

Alameda . sts . D. Although the answer is not given in the paragraph from the book. 2nd Edition.com 26 Ac tua lTe A. the answer would be D.www. Botnet C. but it still widely used in older systems. Reference: Mike Pastore and Emmett Dulaney . 2004. p 136 QUESTION NO: 74 Choose the compoenent that you would locate in the DMZ (Demilitarized Zone). Trojan Answer: B QUESTION NO: 73 Answer: A Explanation: Common Gateway Interface is an older form of scripting that was used extensively in early web systems. The HTTP (Hypertext Transfer Protocol) protocol. The compiler or interpreter which runs the CGI script. Any Time. CGI scripts could be used to capture data from a user using simple forms. B. SQL (Structured Query Language) server "Pass Any Exam.actualtests. A. Sybex . and it interacted with the client browser. The web browser. Security+ Study Guide . Adware B. The external data provided by the user. C.co Which scenario or element would typically cause a CGI (Common Gateway Interface) security issue? m . The CGI script ran on the web server.CompTIA SY0-101: Practice Exam Answer: A QUESTION NO: 72 Which of the following is commonly used in a distributed denial of service (DDOS) attack? A. CGI is frowned upon in new applications because of its security issues." . Phishing D.

C.com 27 Ac tua lTe sts . FTP (File Transfer Protocol) server D." . A network based IDS system can see packet header information. attack patterns within the network and malicious activities. Sybex . 2004.co m . p 26 QUESTION NO: 75 Of the intrusion detection capabilities listed below. In a reactive system. 2nd Edition. which is invisible to hostbased IDS systems. A network based IDS system can detect dial-in intrusions and attempts to physically access the server. Security+ Study Guide . Reference: Mike Pastore and Emmett Dulaney . which is FALSE for a network based IDS system? A. B. the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source. based on where it is located.actualtests. A network based IDS system can detect attacks in progress. A network based IDS system can monitor and report on all network traffic. By isolating a server in a DMZ. Customer account database Answer: C Explanation: A DMZ is an area where you can place a public server for access by people you might not trust otherwise. logs the information and signals an alert. QUESTION NO: 76 A security specialist is called to an onsite vacant office where an employee has found an unauthorized wireless access device connected to an RJ-45 jack linked to the corporate LAN. A FTP server can be used by people from outside of your network and should be placed in the DMZ. "Pass Any Exam. User workstations C. Any Time. you can hide or remove access to other areas of your network.www. Alameda . Answer: B Explanation: In a passive system. the IDS detects a potential security breach.CompTIA SY0-101: Practice Exam B. D.

DoS (Denial of Service) attacks. B. Answer: D QUESTION NO: 77 Which of the following types of firewalls provides inspection at layer 7 of the OSI model? A. it is unlawful to use technology to directly control people's emotions and behaviors. Call the police. Turn off the power. QUESTION NO: 79 Company intranet. Dictionary attacks.com Ac tua lTe sts .co m 28 . login banners and e-mails would be good tools to utilize in a security: "Pass Any Exam. A. Network address translation (NAT) D. D. Man in the middle attacks. Stateful inspection C.www. C.actualtests. Packet filters B." . Install a sniffer. Disconnect the network cable.CompTIA SY0-101: Practice Exam Which of the following actions should the administrator take FIRST? A. B. Social engineering. For this reason social engineering attacks cannot be deterred through technical means. Application-proxy Answer: D QUESTION NO: 78 Choose the attack or malicious code that cannot be prevented or deterred solely through using technical measures. newsletters. C. posters. D. Any Time. Answer: B Explanation: Because of human rights laws.

Sensitivity labels "Pass Any Exam. Any Time.com Ac tua lTe sts . awareness program B. This may be happening because the sensor is connected to the network with a: A. likewise advertising techniques can also be used to bring awareness to security programs. bridge C. honeypot B. QUESTION NO: 80 An IDS sensor on a network is not capturing all the network data traffic.CompTIA SY0-101: Practice Exam A.actualtests." . packet sniffer D. firewall Answer: D QUESTION NO: 82 Which of the following access decisions are based on a Mandatory Access Control (MAC) environment? A. policy review Answer: A Explanation: Advertisement techniques are used to bring product awareness to a consumer. control test C. anti-virus program C. hub D. switch B.www.co m 29 . investigation D. router Answer: A QUESTION NO: 81 A software or hardware device that allows only authorized network traffic in or out of a computer or network is called a: A.

D. and grant rights and privileges based on groups. C. VLAN C. Answer: B QUESTION NO: 84 The concept that a web script is run in its own environment and cannot interfere with any other process is known as a: A.CompTIA SY0-101: Practice Exam B. Create a list of departments.actualtests. sandbox B. create a folder for each department. deploy biometric hardware to the client computers. honey pot D. QUESTION NO: 83 Which of the following is a best practice for managing user rights and privileges? A.com 30 Ac tua lTe sts . Group membership D. Any Time. issue certificates to each user. Ownership C.www. Create a certificate authority. Access control lists Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. Identify roles and objects to be accessed. Then all users are given specific security clearances as to what they are allowed to access. All objects are given security labels known as sensitivity labels and are classified accordingly.co m . B. create groups. assign rights and privileges based on individual certificates." . and grant rights and privileges. quarantine Answer: A QUESTION NO: 85 Choose the malicious code which can distribute itself without using having to attach to a host file. "Pass Any Exam. meet with the departments and direct them to access their departmental folder. Enroll users in a biometric authentication system.

CompTIA SY0-101: Practice Exam A. netcat D. A worm. The sales department has requested that the system become operational before a security review can be completed. Soda acid B. Risk assessment C.com 31 Ac tua lTe sts ." . D. a forensics specialist executes a command on the computer being investigated. C. IPCONFIG / IFCONFIG Answer: A QUESTION NO: 87 Which of the following is a suppression method for a Class C fire? A. A Trojan horse. Any Time. B. Which of the following can be used to explain the reasons a security review must be completed? A. Carbon dioxide (CO2) D.www.co m . A logic bomb. nmap C. NETSTAT B. A virus. Dry powder C. Corporate security policy "Pass Any Exam. Water Answer: C QUESTION NO: 88 A computer system containing personal identification information is being implemented by a company's sales department.actualtests. Need to know policy B. Which of the following commands would be used to display the current network connections on the local computer? A. Answer: C QUESTION NO: 86 During a live response to an unauthorized access.

It asks what action will discourage the employees. threats B. costs C. . Implement a strong authentication method. You want to reduce the likelihood of certpaper. Escorting of guests "Pass Any Exam. e-mail.CompTIA SY0-101: Practice Exam D. B. Any Time. or what will best prevent the transmission of nonessential email.com Ac tua A. QUESTION NO: 91 Which of the following is the MOST effective social engineering defensive strategy? A. Create and enforce network security policy. D. Badge security system B. assets Answer: D How will you accomplish the task? Answer: C Explanation: The question doesn't ask what method can be used to best secure the emails.com employees misusing your ORG.co QUESTION NO: 90 m 32 . Create and enforce ACLs (Access Control List). Encrypt all company e-mail messages. vulnerabilities D. lTe sts You work as the security administrator.actualtests. so the correct answer is to create a network security policy that defines what kind of email use constitutes the term misuse. C. Vulnerability assessment Answer: C QUESTION NO: 89 The first step in risk identification would be to identify: A." .www.

A. Role Based Access Control (RBAC) C.CompTIA SY0-101: Practice Exam C. Mandatory Access Control (MAC) Answer: B QUESTION NO: 94 "Pass Any Exam. Buffer overflow D. human resources personnel having slightly less access and managers having access to their own department files only. B. p 135 sts Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. Training and awareness D. Security+ Study Guide . Sybex . Smurf attack Answer: C QUESTION NO: 93 An organization has a hierarchical-based concept of privilege management with administrators having full access. Discretionary Access Control (DAC).co m 33 . 2004. Ping of death B. This situation can cause an application to terminate. Rule Based Access Control (RBAC). 2nd Edition. This is BEST described as: A.actualtests. D. Alameda ." . Logic bomb C. choose the exploit that can be considered a DoS attack because more traffic than what the node can handle is flooded to that node.com Ac tua lTe Reference: Mike Pastore and Emmett Dulaney .www. Any Time. . The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Marking of documents Answer: C QUESTION NO: 92 From the list below.

Force the change with remote logon. C.co m 34 . Any Time. Force the change with registry editor. File hashing snapshot comparison C. Answer: A QUESTION NO: 97 The employees at a company are using instant messaging on company networked computers. Force the change by security group.com Ac tua Which of the following is the MOST efficient way to force a large number of users to change their passwords on logon? lTe sts . The MOST important security issue to address when using instant messaging is that instant messaging: A.actualtests. D. Virus signature reports Answer: B QUESTION NO: 96 A. Network Based Active Answer: A. Network Based Passive B. Host Based Active C. Patch reports B. A.CompTIA SY0-101: Practice Exam Which of the following types of IDS should be implemented to monitor traffic on a switch? (Select TWO). Force the change with group policy B. Vulnerability analysis snapshot comparison D. Host Based Passive D.D QUESTION NO: 95 Which of the following is considered by some HIDS tools to detect system security related anomalies? A. uses weak encryption "Pass Any Exam." .www.

VLAN's would restrict access only to their local VLAN. whereas VLAN's are used within an organization to provide security.co m 35 . They are also hardware based (at the switch and MAC level) Firewalls are used so that external users (outside the organization cannot get in). The solution which you implement to restrict network access must be hardware based. Deploy a VLAN (Virtual Local Area Network) Deploy. To assist with PKI implementation C. QUESTION NO: 100 "Pass Any Exam. How will you accomplish the task? sts . Deploy firewalls between your subnets. To identify open ports on a system D. To identify remote access policies B. B. and this would require less administrative overhead than setting up firewalls at each subnet. has no common protocol D. communications are a drain on bandwidth C. Deploy a proxy server Deploy.CompTIA SY0-101: Practice Exam B.actualtests." . You also want to use the least amount of administrative effort to accomplish your task. C. Deploy a VPN (Virtual Private Network).com Ac A. tua lTe You work as the security administrator at Certpaper. To assist with protocol analyzing Answer: C QUESTION NO: 99 Answer: B Explanation: Implement a VLAN (Virtual Local Area Network) to restrict network access is the best answer. Any Time. D.www.com. You must ensure that internal access to other parts of the network is controlled and restricted. communications are open and unprotected Answer: D QUESTION NO: 98 Which of the following is a reason to use a vulnerability scanner? A.

Results in slow Internet connections. Kerberos C. Sybex . Kerberos D. 2nd Edition. Security+ Study Guide . Multifactor B. Username/password D.actualtests. and traditional DoS attacks." .CompTIA SY0-101: Practice Exam Choose the option that correctly details the greatest vulnerability of using Instant Messaging clients. C. B. Results in disconnection from the file server. Results in malicious code being delivered by file transfer. Any Time. Alameda .co m 36 . Security Tokens B. F. p 197 QUESTION NO: 101 Which of the following authentication systems make use of the KDC Key Distribution Center? A. Answer: A Explanation: IM clients can also be compromised by malicious code. Results in loss of email privileges. 2004.com Ac tua lTe sts . Trojan Horse programs. Results in Blue Screen of Death errors. A. Certificates Answer: C QUESTION NO: 102 Which of the following authentication methods is based upon an authentication server that distributes tickets to clients? A.www. CHAP C. Challenge Handshake Authentication Protocol (CHAP) Answer: B "Pass Any Exam. E. Reference: Mike Pastore and Emmett Dulaney . D. Results in theft of root user credentials.

this will significantly reduce the help desk call volume. Common Gateway Interface (CGI) script D. For a system with many users. multiple access methods management systems D. one C.CompTIA SY0-101: Practice Exam QUESTION NO: 103 Which of the following is the number of security associations in an IPSec encrypted session for each direction? A.com Ac Explanation: A self service password reset is a system where if an individual user forgets their password. synchronized passwords management systems . Dictionary C. they can reset it on their own (usually by answering a secret question on a web prompt. then receiving a new temporary password on a pre-specified email address) without having to call the help desk. 2 D.co Which password management system best provides for a system with a large number of users? m 37 . 4 B. 8 Answer: B QUESTION NO: 104 Answer: A QUESTION NO: 105 Poor programming techniques and lack of code review can lead to which of the following types of attack? A. Buffer overflow B. Locally saved passwords management systems C. Birthday Answer: A "Pass Any Exam. tua lTe sts A.actualtests. Any Time.www." . Self service password reset management systems B.

CompTIA SY0-101: Practice Exam Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. This exploitation is usually a result of a programming error in the development of the software. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 135

QUESTION NO: 106 Most current encryption schemes are based on: A. algorithms B. time stamps C. digital rights management D. randomizing Answer: A

QUESTION NO: 107

A. At the stage when the connection is established. B. At the stage when the connection is established and at whichever time after the connection has been established. C. At the stage when the connection is established and when the connection is disconnected. D. At the stage when the connection is disconnected. Answer: B Explanation: CHAP performs the handshake process when first establishing a connection; and then at random intervals during the transaction session.

QUESTION NO: 108

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer.

lTe

sts

.co

m

38

CompTIA SY0-101: Practice Exam One type of port scan can determine which ports are in a listening state on the network, and can then perform a two way handshake. Which type of port scan can perform this set of actions? A. A TCP (transmission Control Protocol) fin scan B. A TCP (transmission Control Protocol) connect scan C. A TCP (transmission Control Protocol) null scan D. A TCP (transmission Control Protocol) SYN (Synchronize) scan Answer: D Explanation: In SYN scanning, a TCP SYN packet is sent to the port(s) to be scanned. If the port responds with a TCP SYN ACK packet, then the port is listening. If it replies with a TCP RST packet, then it is not.

QUESTION NO: 109

Which of the following would be the MOST important reason to apply updates? A. Software is a productivity facilitator and as new functionality is available the functionality must be enabled. B. Software is inherently insecure and as new vulnerabilities are found the vulnerabilities must be fixed. C. Software is a supported product and vendors won't support the product if the latest version is not installed. D. Software is a licensed product and the license will expire if not updated Answer: B

QUESTION NO: 110

A security specialist for a large distributed network with numerous divisions is selecting an access control model. Employees in the human resource division need access to personnel information but not production data and operations employees need access to production data only. Which of the following access control models would be MOST appropriate? A. Role Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Rule Based Access Control (RBAC) D. Discretionary Access Control (DAC)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

39

CompTIA SY0-101: Practice Exam Answer: A Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

QUESTION NO: 111 You work as the security administrator at Certpaper.com. One morning you discover that a user named Mia Hamm has used her user account to log on to a network server. Mia has then executed a program and been able to perform operations which only a network administrator or security administrator should be able to. What type of attack has occurred? A. Trojan horse. B. Security policy removal. C. Privilege escalation attack. D. Subseven back door. Answer: C

QUESTION NO: 112 A company has instituted a VPN to allow remote users to connect to the office. As time progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? A. IKE B. AES

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 522

tua

Explanation: A user obtaining access to a resource they would not normally be able to access. This is done inadvertently by running a program with SUID (Set User ID) or SGID (Set Group ID) permissions or by temporarily becoming another user.

lTe

sts

.co

m

40

3DES Answer: A QUESTION NO: 113 From the options. Secret keys D.com Ac Answer: A tua A. SSH C.www. SHA D. IPSec B. SSL D. Port scan attack D. Digital signatures B. A. Any Time.co Explanation: Spoofed e-mails will not be detected by the IDS. Vulnerability exploits. C. m Answer: A 41 . Cipher block chaining C." .CompTIA SY0-101: Practice Exam C. Spoofed e-mail B. choose the attack which an IDS (Intrusion Detection System) cannot detect. PKI Answer: A "Pass Any Exam. L2F lTe L2TP tunneling replies on which of the following for security? sts .actualtests. DoS (Denial of Service) attack. QUESTION NO: 114 QUESTION NO: 115 Non-repudiation is enforced by which of the following? A.

what makes unique user IDs especially important? A. QUESTION NO: 119 "Pass Any Exam. Any Time.co m A security system that uses labels to identify objects and requires formal authorization to use is BEST described as: 42 .www. Unique user IDs triggers corrective controls. Unique user IDs show which files and data were changed.CompTIA SY0-101: Practice Exam QUESTION NO: 116 Which of the following would be the MOST effective backup site for disaster recovery? A. Reciprocal agreement C. Mandatory Access Control (MAC) B. Cold site B. Discretionary Access Control (DAC) . Role-Based Access Control (RBAC) D. they think twice about doing something they shouldn't do. When a user known that they are being tracked. C. Unique user IDs cannot be modified easily." . Hot site Answer: D QUESTION NO: 117 When reviewing audit trails.com Ac tua QUESTION NO: 118 lTe Answer: A sts A.actualtests. B. D. Unique user IDs establishes individual accountability. Answer: C Explanation: With a unique user ID you'll have soft evidence on the timing and the action any accessed user accomplishes. Kerberos C. Warm site D.

p 365 QUESTION NO: 121 From the options. sts . B. IPSec (Internet Protocol Security) B. Users must log on twice at all times. HTTP (Hypertext Transfer Protocol) Answer: C Reference: Mike Pastore and Emmett Dulaney . 2004. You can configure system wide permissions.co m 43 . peer-to-peer D.www. VPN (Virtual Private Network) C. Security+ Study Guide . downlevel C. Answer: C Explanation: "Pass Any Exam. Any Time. hybrid Answer: C QUESTION NO: 120 One of these protocols is used to encrypt traffic passed between a web browser and web server. which details a specific advantage of implementing a single sign-on technology? A. C. Multiple directories can be browsed.CompTIA SY0-101: Practice Exam Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. 2nd Edition. Which is it? A. Sybex . hierarchical B.com Ac tua lTe Explanation: The Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. SSL (Secure Sockets Layer) D. Multiple applications can be installed." . D. The model with no single trusted root is known as: A.actualtests. Alameda .

www. a trust relationship D. a trusted packet B. C. worm Answer: C QUESTION NO: 124 A security specialist is reviewing writable FTP directories and observes several files that violate the company's security policy.actualtests. Reference: Mike Pastore and Emmett Dulaney . review logs for other compromises and report the situation to authorities. delete the files that violate security policy and report the situation to authorities. In addition to checking the FTP server. contain the affected system. "Pass Any Exam.co m 44 ." . 2nd Edition. Logic bomb B. Sybex . reboot the affected server. review logs for other compromises and report the situation. a certificate Answer: D QUESTION NO: 123 Which of the following will allow you to monitor a user??s online activities? A. Alameda . review logs for other compromises and notify the human resources department. the specialist should: A. D. virus C. p 434 QUESTION NO: 122 A credential that has been digitally signed by a trusted authority is known as: A. Any Time. 2004. Spy ware D. B.CompTIA SY0-101: Practice Exam The purpose is so a user can gain access to all of the applications and systems they need when they log on with a single sign-on. Security+ Study Guide . an encrypted tunnel C.com Ac tua lTe sts . review logs for other compromises.

The Certpaper .CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 125 You work as a security administrator at Certpaper . Answer: C Explanation: TCP port 25 is reserved for SMTP while port 110 is for POP3. B.com Ac tua A.www. This exploitation is usually a result of a programming error in the development of the software. Open TCP (Transmission Control Protocol) port 25 to inbound and outbound connections. Open TCP (Transmission Control Protocol) port 110 to inbound and outbound connections.com network must be configured to support e-mail communication using SMTP (Simple Mail Transfer Protocol). Security+ Study Guide . Open UDP (User Datagram Protocol) port 110 to inbound connections. Any Time. Which ports must you open on the firewall to support SMTP connections? A. which exploits poor programming techniques or lack of code review? sts QUESTION NO: 126 . p 135 "Pass Any Exam. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. 2004." .com. Birthday attacks C. D.co m 45 . Answer: C Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. Alameda .actualtests. CGI (Common Gateway Interface) scripts B. Buffer overflow attacks D. Reference: Mike Pastore and Emmett Dulaney . 2nd Edition. C. Dictionary attacks lTe From the listing of attack types. Sybex . Open UDP (User Datagram Protocol) port 25 to inbound connections.

I would say D would be the best choice. Any Time.co m 46 . All users. B. XMAS Tree C.D QUESTION NO: 128 Which of the following types of attacks consists of a computer sending PING packets with the destination address set to the network's broadcast address and the source address set to the target computer's IP address? A. One-to-one mapping C.www. All security administrators. Many-to-many mapping B. All auditors. Fraggle Answer: C You plan to update the user security policy. Replay B. but make your best decision. All staff. C. Smurf D.actualtests." .com Ac tua QUESTION NO: 129 lTe sts . Many-to-one mapping Answer: B. One-to-many mapping D. Considering the question refers to a user security policy. Whom should the new updated user security policy be distributed and made available to? A. the users and staff need to know the policy. Answer: B Explanation: There are many policies for companies these days. D.CompTIA SY0-101: Practice Exam QUESTION NO: 127 Which of the following are types of certificate-based authentication? (Select TWO) A. This is a tricky question with many close answers. "Pass Any Exam.

set auditing on objects and review event logs. C. Enable auditing and set auditing to record all events. Man in the middle attacks C. Tunneling is the process of utilizing the Internet as part of a private secure network. Tunneling is the process of creating a tunnel capable of capturing data. Trojan horse programs sts Which of the following would be the MOST common method for attackers to spoof email? . Answer: D Explanation: Civil engineers build tunnels to allow one direction of traffic flow to be protected against another traffic flow. QUESTION NO: 131 Answer: C QUESTION NO: 132 Which of the following BEST describes the sequence of steps in the auditing process? A. Network engineers use tunneling to protect a data flow from the elements of the internet. D. B. B. They will build a tunnel under a river. or underneath a highway. Answer: D QUESTION NO: 133 Which of the following are components of host hardening? (Select TWO).co m . C.com 47 Ac tua lTe A. D. Web proxy B. They tunnel by placing secure encrypted IP packets into a non-secure IP packet. "Pass Any Exam.actualtests. Tunneling is the process of moving through three levels of firewalls. Enable auditing." . Set auditing on the object and respond as alerts are generated.www. Tunneling is the process of passing information over the Internet within the shortest time frame. Open relays D.CompTIA SY0-101: Practice Exam QUESTION NO: 130 Which of the following best describes what tunneling is? A. set auditing on the object and respond as alerts are generated. Any Time. Enable auditing.

CompTIA SY0-101: Practice Exam A. E. AH (Authentication Header). Transport modes encrypt only the payload. the data or payload and message headers are encrypted. In tunneling mode.www. p 127 lTe Explanation: IPSec provides secure authentication and encryption of data and headers.actualtests." . 2004. 2nd Edition. Removing a user's access to the user's data. Sybex .co m 48 . sts . Security+ Study Guide . choose the VPN (Virtual Private Network) tunneling protocol. Answer: C QUESTION NO: 135 Which of the following types of authentication models uses a smart card and a User ID/Password for accessing network resources? A. Alameda . D. Multifactor Answer: D "Pass Any Exam. Applying patches C. Disabling unnecessary services. IPSec can work in tunneling mode or transport mode. D. B. IPSec (Internet Protocol Security). A. Configuring the Start menu and Desktop B. SSH (Secure Shell).com Ac tua Reference: Mike Pastore and Emmett Dulaney . Any Time.C QUESTION NO: 134 From the options. Answer: B. Biometric C. Adding users to the administrator group. DES (Data Encryption Standard). C. Tokens B. Mutual D.

QUESTION NO: 139 When setting password rules. All objects are given security labels known as sensitivity labels and are classified accordingly. Keyword based C.actualtests. Access control lists D. Nmap D.CompTIA SY0-101: Practice Exam QUESTION NO: 136 Which of the following types of IDS uses known patterns to detect malicious activity? A. which of the following are access decisions based on? lTe sts . Sensitivity labels B." . Anomaly based Answer: C QUESTION NO: 137 Which of the following is a port scanning utility? A. which of the following would lower the level of security of a network? "Pass Any Exam. Cain & Abel Answer: C QUESTION NO: 138 Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. Signature based D.co m . Group membership C. John the Ripper B. Ownership tua In a mandatory access control (MAC) environment. Any Time. Detection based B. L0phtcrack C. Then all users are given specific security clearances as to what they are allowed to access.www.com 49 Ac A.

QUESTION NO: 140 QUESTION NO: 141 What is the BEST process of removing PII data from a disk drive before reuse? A. which of the following inventory system permissions might be BEST aligned with the least privilege principle for the managers? sts . Full access lTe A clothing store with a single location has one owner. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before.com Ac Answer: A tua A." . the risk of social engineering increases.actualtests. D.www. B. Degaussing D. C. two managers and six cashiers. Destruction B. Complex passwords that users can not remotely change are randomly generated by the administrator and given to users Answer: D Explanation: If a user gets a difficult password that they can't remember. Sanitization Answer: D "Pass Any Exam. Since the user won' be able to reset the password themselves they'll have to make regular trips to help desk for a new password. Any Time.co m 50 . Read rights D. Write rights C. After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account.CompTIA SY0-101: Practice Exam A. Under this scenario. Passwords must be greater than six characters and contain at least one non-alpha. and with regular disgruntled users getting emotional over passwords. there's a certain chance that they will forget the password or compromise security by writing down their password on a Post It note on their keyboard. Update rights B. Reformatting C.

Integrity D.www. Authentication B.com Ac Answer: C tua A. or be on the verge of expiration within a matter of hours. 49 F.actualtests. B.CompTIA SY0-101: Practice Exam QUESTION NO: 142 Which of the following is a solution that you can implement to protect against an intercepted password? A. 23 D. D. effectively making any intercepted password good for only the brief interval of time before the legitimate user happens to login themselves. So by chance. C." .co m 51 . 143 B. Implement PPTP (Point-to-Point Tunneling Protocol). 3389 C. Non-repudiation lTe Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with? sts QUESTION NO: 143 . 194 "Pass Any Exam. QUESTION NO: 144 Which of the following ports are typically used by email clients? (Select TWO) A. if someone were to intercept a password it would probably already be expired. Answer: C Explanation: A one time password is simply a password that has to be changed every time you log on. 110 E. Confidentiality C. Implement aone time password. Implement a VPN (Virtual Private Network). Any Time. Implement complex password requirements.

Penetration testing D. PKI Answer: A QUESTION NO: 146 Malicious port scanning is a method of attack to determine which of the following? A. Several programs now can use port scanning for advanced host detection and operating system fingerprinting.actualtests.D QUESTION NO: 145 A URL for an Internet site begins with 'https:' rather than 'http:'' which is an indication that this web site uses: A.co m 52 . SQL servers B. Network mapping Answer: C "Pass Any Exam. The fingerprint of the operating system C. the hacker can look up known vulnerabilities and exploits for that particular system. Any Time. Vulnerability assessment C. PGP C.CompTIA SY0-101: Practice Exam Answer: A. Kerberos D. With knowledge of the operating system.com Ac Explanation: Malicious port scanning is an attempt to find an unused port that the system won't acknowledge.www. tua lTe sts . User IDs and passwords Answer: B QUESTION NO: 147 Which of the following activities is MOST closely associated with DLL injection? A. The physical cabling topology of a network B. Computer name D. SSL B." .

Buffer Overflow C. IDS C. a CRL "Pass Any Exam. active content (e." .g. Trojan horse programs C. Privilege escalation Answer: D QUESTION NO: 151 If a user reports that the user's public/private key has been compromised. buffer overflows .com Ac tua lTe sts A. Bastion host D. Any Time. NIPS D.co The MOST common exploits of Internet-exposed network services are due to: m 53 . the CA should issue: A. Filter router B.CompTIA SY0-101: Practice Exam QUESTION NO: 148 Which of the following portions of a company's network is between the Internet and an internal network? A. Demilitarized zone (DMZ) Answer: D QUESTION NO: 149 Answer: D QUESTION NO: 150 Which of the following could result in a DDoS? A. TCP/IP Hijacking B. Java Applets) B.www. illicit servers D.actualtests.

CompTIA SY0-101: Practice Exam B. an LDAP C. a PKCS Answer: A QUESTION NO: 152 The FIRST step in creating a security baseline would be: A.B QUESTION NO: 154 A user is assigned access rights explicitly.www. D.com Ac tua lTe sts . PCMCIA card C.actualtests. creating a security policy C. A. Smart card B. Mandatory Access Control (MAC) D. a CPS D. Discretionary Access Control (DAC) B.co m 54 . vulnerability testing. Any Time. PCI card D. This is a feature of which of the following access control models? A. installing software patches B." . Rule Based Access Control (RBAC) C. Role Based Access Control (RBAC) Answer: A "Pass Any Exam. Network interface card (NIC) Answer: A. identifying the use case Answer: B QUESTION NO: 153 Which of the following would be an example of a hardware device where keys can be stored? (Select TWO).

labour actions.actualtests.CompTIA SY0-101: Practice Exam QUESTION NO: 155 Which of the following would be BEST for deploying third-party application security updates on a network with 1. To allow or deny network traffic from host based systems D.co m 55 . sabotage. Vulnerability scanner D. Application C." . hacker attacks. To allow or deny network traffic from server based systems "Pass Any Exam. To allow or deny specific actions to users or groups C. Network D. hardware maintenance. Baseline security analyzer C. You want to ensure the availability of server based resources over guaranteed server performance levels. Sadly. and past due accounts on your part. Security Answer: A Explanation: In the hosting business. QUESTION NO: 157 Privileges are used for which of the following purposes? A. these agreements have exceptions which include: scheduled network maintenance. software maintenance. and usually offer concessions for times of reduced availability. insurrections. every company aims for 100% availability in their service level agreements. Enterprise System Management (ESM) B.www. What must you include in the SLA to achieve this objective? A. virus attacks. Hosting B. force majeure.com.com Ac tua lTe sts . To allow or deny signature updates to group applications B.000 computers? A. war. Logon script Answer: A QUESTION NO: 156 You work as the security administrator at Certpaper . Any Time. You are defining a SLA (Service Level Agreement).

www. Mantrap D. D.actualtests. TEMPEST C. FTP C. Implement two-factor authentication Answer: B QUESTION NO: 161 Which of the following is a critical element in private key technology? "Pass Any Exam. C. Implement session termination mechanism B. Faraday cage B. Web D. Email Answer: B QUESTION NO: 159 An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following? A.co m 56 . Grounded wiring frame Answer: A Which of the following methods will help to identify when unauthorized access has occurred? A." . Implement previous logon notification.CompTIA SY0-101: Practice Exam Answer: B QUESTION NO: 158 Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data? A. DNS B.com Ac QUESTION NO: 160 tua lTe sts . Any Time. Implement session lock mechanism.

But if it used to take advantage of the non-secure logon. D. C. DNS log B. Less server connections and network bandwidth utilization. Getting the proper key the first time. You want to enable anonymous FTP (File Transfer Protocol) read/write access.actualtests. Any Time. Tunneling B. C. tua lTe You work as the security administrator at Certpaper . Digital signatures Answer: B Answer: D Explanation: Anonymous FTP is based on good faith. The detailed logging information for each user. D. Distributing the key to everyone.com Ac A. Answer: A QUESTION NO: 162 The Diffie-Hellman encryption algorithm relies on which of the following? A.com. Choose the important factor which you should consider and be aware of. Key exchange C. QUESTION NO: 164 On a Windows host. Using the key to decrypt messages." .co m 57 . sts QUESTION NO: 163 . Keeping the key secret B.CompTIA SY0-101: Practice Exam A. The storage and distribution of unlicensed software.www. B. The upload and download directory for each user. then answer C would seem to be the best answer. which of the following event logs would contain failed logons? A. Application log "Pass Any Exam. Passwords D.

B. Old passwords.actualtests. A. Maximum password age E. Process lists. F. or are in a situation where they need multiple passwords they have a tendency of writing their passwords down.com 58 Ac tua QUESTION NO: 166 lTe Explanation: When people create complex passwords that they can't remember. E. usually on a notepad. Virtual memory. C.CompTIA SY0-101: Practice Exam C. Boot sectors. or on their desk ledger. A. lays dormant until a user opens the certain program then deletes the contents of attached network drives and removable storage devices is known as a: "Pass Any Exam.F Which of the following settings works BEST to avoid password reuse? (Select TWO). Security log D. Network diagrams.E. IP (Internet Protocol) address lists. D. Password history C.E QUESTION NO: 167 Malicious code that enters a target system. Account lockout D. sts . a Post It note." . Password complexity controls B. Minimum password age Answer: B. System log Answer: C QUESTION NO: 165 Choose the items that an intruder would ignore when going through disposed garbage. Choose all options that apply. Any Time. Answer: C.co m .www.

com. The Certpaper . worm Answer: C QUESTION NO: 168 A Windows file server is an example of which of the following types of models? A. honeypot C. a man-in-the-middle attack C.CompTIA SY0-101: Practice Exam A. Any Time. a phishing attack lTe Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as: sts QUESTION NO: 169 . Role Based Access Control (RBAC) Answer: A Answer: C QUESTION NO: 170 You work as the security administrator at Certpaper .co m 59 .actualtests.www.com Ac tua A. Trojan horse B." . Discretionary Access Control (DAC) B. Open ports 389 and 139 B.com network must be configured to allow LDAP (Lightweight Directory Access Protocol) traffic. Mandatory Access Control (MAC) D. Open ports 137 and 139 "Pass Any Exam. a Trojan horse B. Open ports 389 and 636 C. Which ports must you open on the firewall to allow LDAP traffic? A. logic bomb D. Rule Based Access Control (RBAC) C. Open ports 636 and 137 D. social engineering D.

C.actualtests. sts .www.html QUESTION NO: 172 To keep an 802. AllCertpaper . The secret key is used to encrypt packets before they are transmitted. B. but it is frequently considered to be a feature of WEP.cs. a laptop with a wireless Ethernet card) and an access point ( ie . In practice.CompTIA SY0-101: Practice Exam Answer: B Explanation: The 'well known' LDAP ports are 389 for LDAP and 636 for LDAP SSL.co Answer: C m 60 .11 standard describes the communication that occurs in wireless local area networks (LANs). Administrators only. A.com users that have the correct WEP (Wired Equivalent Privacy) key. however. no commercial system we are aware of has mechanisms to support such techniques. The standard does not discuss how the shared key is established. and an integrity check is used to ensure that packets are not modified in transit.com wireless network environment uses WEP (Wired Equivalent Privacy) to provide wireless security. Anyone WEP relies on a secret key that is shared between a mobile station ( eg .isaac. The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping. More sophisticated key management techniques can be used to help defend from the attacks we describe. A secondary function of WEP is to prevent unauthorized access to a wireless network. Any Time. most installations use a single key that is shared between all mobile stations and access points.com Ac tua lTe Explanation: The 802. D.11x network from being automatically discovered. QUESTION NO: 171 The Certpaper . a user should: "Pass Any Exam." .com users.11 standard. a base station). Choose the entity or entities that can authenticate to an access point. Reference: http://www.berkeley. OnlyCertpaper . this function is not an explicit goal in the 802.edu/isaac/wep-faq.

hijacking C." . leave the SSID default. spoofing Answer: C QUESTION NO: 174 Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text? A. Authentication C. C. change the SSID name. Answer: D QUESTION NO: 173 A user receives an email asking the user to reset the online banking username and password. Vulnerability scanner C. turn off the SSID broadcast.CompTIA SY0-101: Practice Exam A. Port scanner D. activate the SSID password B. The email contains a link and when the user accesses the link.com 61 Ac tua lTe sts .www. redirecting B. phishing D. This would be an example of: A. Which of the following is the problem? A. Any Time. D. Protocol analyzer Answer: D QUESTION NO: 175 A user logs in with a domain account and is denied access to a specific file which the user should have access to. Allocation B.actualtests. The server is not able to verify the identity of the user.co m . the URL that appears in the browser does not match the link. Identification "Pass Any Exam. Password cracker B.

Wireless network interface card. Answer: A. WAP (Wireless Application Protocol) gateway B. WTLS is the method security for WAP (Wireless Application Protocol) and it provides transport layer security directly between a wireless device and the WAP gateway. Mobile device. E. This is an example of: A. Authorization Answer: B QUESTION NO: 176 WTLS (Wireless Transport Layer Security) provides security services between network devices or mechanisms. D. Web server. Selection of cryptographic keys. Wireless client.com 62 Ac tua lTe sts Explanation: Since most wireless devices are low in: memory. MAC (Mandatory Access Control) and encryption algorithm negotiation. 3. C. Any Time.E QUESTION NO: 177 A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties. . processing power. "Pass Any Exam. A. Which is it? Choose all that apply.CompTIA SY0-101: Practice Exam D.www. concurrent session control B. separation of duties C. Identify the protocol (steps) that allow for the following: 1. 2.actualtests. least privilege D. Client and server authentication." . access control Answer: D QUESTION NO: 178 SSL (Secure Socket Layer) establishes a stateful connection negotiated by a process performed between client and server.co m . and bandwidth capability creating a security mechanism is a difficult task.

Access control lists B.actualtests. SMTP Relay B. D. SSL (Secure Sockets Layer) record protocol. p 135 QUESTION NO: 180 Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications? A. Sybex . Answer: C Reference: Mike Pastore and Emmett Dulaney . SSL (Secure Sockets Layer) change cipher spec protocol. Security+ Study Guide . 2004. CGI. Any Time.www. D. Buffer Overflows.CompTIA SY0-101: Practice Exam A.com 63 Ac Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. tua lTe sts . SSL (Secure Sockets Layer) handshake protocol. Constrained user interfaces "Pass Any Exam. This situation can cause an application to terminate. C. B. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Cookies.co m ." . Alameda . SSL (Secure Sockets Layer) alert protocol. 2nd Edition. C. Answer: C Explanation: SSL Handshake Protocol * runs before any application data is transmitted * provides mutual authentication * establishes secret encryption keys * establishes secret MAC keys QUESTION NO: 179 Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept? A.

Answer: C Explanation: Using a third party email relay can put you in an advantage of getting unnecessary spam.actualtests.com Ac tua lTe sts QUESTION NO: 182 . Proxy logs B.www. A third party mail relay restricts the types of e-mail that maybe sent. B. B. HIDS logs D. Any Time. A third party mail relay restricts spammers from gaining access." . AV server logs C. C. Spammers can utilize the third party mail relay. A.co m 64 . Anyone on the internet can relay an unsolicited email through an SMTP server. and it makes it much more difficult to trace the spammer. "Pass Any Exam. Encryption protocol Answer: C QUESTION NO: 181 An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. A third party mail relay limits access to specific users. Firewall logs Answer: D Choose the primary disadvantage of using a third party mail relay.CompTIA SY0-101: Practice Exam C. Single sign-on D. Which of the following could BEST be used to confirm the administrator's suspicions? A. Worms are a form of malicious code while Trojan horses are not. and the message will appear to be legitimate coming from the email server. D. Worms self replicate while Trojan horses do not. QUESTION NO: 183 Choose the statement that best details the difference between a worm and a Trojan horse? A.

QUESTION NO: 185 One type of network attack sends two different messages that use the same hash function to generate the same message digest. In essence. Answer: A Explanation: A worm is different from a virus. The Trojan horse program may be installed as part of an installation process. Security+ Study Guide . Any Time. are self-contained and do not need a host application to be transported. WTLS (Wireless Transport Layer Security) C. D. It is used to encrypt and decrypt data signals transmitted between Wireless LAN devices. You want to implement a solution which will provide the following for handled devices in your wireless network: 1. pp 83. Authentication Which solution should you implement? sts . Reference: Mike Pastore and Emmett Dulaney ." . WEP makes a wireless LAN link as secure as a wired link. Worms reproduce themselves.www.CompTIA SY0-101: Practice Exam C.actualtests. They do not reproduce or self replicate. 85 QUESTION NO: 184 Explanation: Short for Wireless Transport Layer Security. Not A: WEP is one of the most popular features available for a Wireless LAN.com. WEP (Wired Equivalent Privacy) lTe You work as the security administrator at Certpaper . Data privacy 2. There is no difference between a worm and a Trojan horse.com 65 Ac Answer: B tua A. WTLS is the security layer of the WAP. 2nd Edition. Which network attack does this? "Pass Any Exam. Sybex . Data integrity 3. 2004. Alameda . WSET (Wireless Secure Electronic Transaction) D. providing privacy. Worms are distributed through e-mail messages while Trojan horses do not.co m . data integrity and authentication for WAP services. WAP (Wireless Application Protocol) B.

B. they'll come up with some common denominators.5 had a vulnerability that made it suspect to crashes following a malformed MIME header. QUESTION NO: 188 "Pass Any Exam. Diffie-Hellman D.com 66 Ac tua lTe sts A.co m Which of the following provides the MOST secure form of encryption? . 3DES B. B. DES . the probability of 2 of them having the same birthday is greater the 50%. AES C. Ciphertext only attack. Choose the option that correctly details this. Answer: A Explanation: A birthday attack is based on the principle that amongst 23 people. Any Time. Birthday attack. D. Answer: C Explanation: Microsoft Exchange Server 5. D.www.actualtests.CompTIA SY0-101: Practice Exam A. C. Can create a virus that infects the computers of users. Patches have since been released. Brute force attack. A. Can lead to the creation of a back door. C. Can result in an e-mail server crashing. Can result in the unauthorized disclosure of private information.0 & 5. QUESTION NO: 186 Answer: B QUESTION NO: 187 A malformed MIME (Multipurpose Internet Mail Extensions) header can have a negative impact on the system. Man in the middle attack." . which will enable attackers to access the internal network. By that rational if an attacker examines the hashes of an entire organizations passwords.

logs and inventories B. Certificate signed by a trusted root CA (Certificate Authority).CompTIA SY0-101: Practice Exam For a SSL (Secure Sockets Layer) connection to be automatically established between a web client and server.www.com Ac tua A. C. Address on the same subnet.actualtests. and a common operating system are ludicrous answers because they defy the reason why SSL exists. Answer: B Explanation: For an SSL connection to compete. Network firewall C. user awareness. QUESTION NO: 189 Answer: A QUESTION NO: 190 The process of documenting who applied a patch to a specific firewall at a specific time and what the patch is supposed to accomplish is known as: A. a specific element has to exist. B. address on the same subnet.co m 67 . A shared password. D. the web client and server should have a trusted certificate to confirm authenticity. change control management C. Which is it? A. Common operating system. Which of the following should be implemented to protect the laptop computer when connecting to the hotel network? . Shared password. Personal firewall B. D. Privacy screen D. asset identification Answer: B "Pass Any Exam." . Router with firewall rule set lTe sts A remote user has a laptop computer and wants to connect to a wireless network in a hotel. Any Time.

False negative D. False positive C.www.actualtests. False intrusion B. D.CompTIA SY0-101: Practice Exam QUESTION NO: 191 Choose the terminology used to refer to the situation when authorized access is perceived as an intrusion or network attack. Any Time. C. confidentiality and encryption. storage and recovery." . Accessibility C. "Pass Any Exam. Confidentiality D. access control and trusts. integrity and non-repudiation. Authorization B. Non-repudiation sts Audit logs must contain which of the following characteristics? . Not B: A false positive is when legitimate traffic is picked up as an intruder. when there is no need of any alarm. False alarm Answer: A Explanation: False intrusion is a false alarm. A.com 68 Ac tua lTe A. Answer: D QUESTION NO: 194 Choose the mechanism that is NOT a valid access control mechanism. B.co m . QUESTION NO: 192 Answer: D QUESTION NO: 193 A digital signature is used for: A.

Answer: A Explanation: There is no such thing as a SAC (Subjective Access Control) list. Profiles B. p 235 tua lTe Explanation: Access control lists enable devices in your network to ignore requests from specified users or systems. DAC (Discretionary Access Control) list. Permission bits Answer: C QUESTION NO: 196 Which of the following types of attacks is targeting a web server if thousands of computers are simultaneously sending hundreds of FIN packets with spoofed source IP addresses? A. XMAS tree scan B. Sybex . RBAC (Role Based Access Control) list. B.www. Brute force D.co m 69 . C. Capabilities C. or grant certain network capabilities to them. sts . Alameda . SAC (Subjective Access Control) list. 2nd Edition. Security+ Study Guide . QUESTION NO: 195 Choose the access control method which provides the most granular access to protected objects? A.CompTIA SY0-101: Practice Exam A.actualtests. SYN flood Answer: B "Pass Any Exam. DDoS C. The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats. ACLs allow a stronger set of access controls to be established in your network. 2004.com Ac Reference: Mike Pastore and Emmett Dulaney . Access control lists D. Any Time. MAC (Mandatory Access Control) list. D." .

CompTIA SY0-101: Practice Exam

QUESTION NO: 197 Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network? A. The attacking computer's audit logs B. The firewall's logs C. The domain controller's logs. D. The target computer's audit logs. Answer: D

QUESTION NO: 198

Answer: A

QUESTION NO: 199

Which of the following is used by anti-virus software to detect viruses that have not been previously identified? A. Zero-day algorithm B. Quarantining C. Random scanning D. Heuristic analysis Answer: D

QUESTION NO: 200 From the options, which explains the general standpoint behind a DMZ (Demilitarized Zone)?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Buffer overflow B. Brute force C. Denial of service (DoS) D. Syntax error

sts

.co

Which of the following describes a server or application that is accepting more input than the server or application is expecting?

m

70

CompTIA SY0-101: Practice Exam A. All systems on the DMZ can be compromised because the DMZ can be accessed from the Internet. B. Only those systems on the DMZ that can be accessed from the Internet can be compromised. C. No systems on the DMZ can be compromised because the DMZ is completely secure and cannot be accessed from the Internet. D. No systems on the DMZ can be compromised because the DMZ cannot be accessed from the Internet. Answer: A

QUESTION NO: 201 Which of the following describes an attacker encouraging a person to perform an action in order to be successful? A. Social engineering B. Password guessing C. Back door D. Man-in-the-middle Answer: A

QUESTION NO: 202

A. Provide the FTP server's address to only those users that must access it. B. Allow blind authentication. C. Do not allow anonymous authentication. D. Redirect FTP to a different port. Answer: C Explanation: Early FTP servers did not offer security. Security was based on the honor system. Most logons to an FTP site used the anonymous logon. By convention, the logon ID was the user's email address, and the password was anonymous. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 137 "Pass Any Exam. Any Time." - www.actualtests.com 71

Ac

tua

You work as the security administrator at Certpaper .com. You must secure the FTP (File Transfer Protocol) server by allowing only authorized users access to it. How will you accomplish this task?

lTe

sts

.co

m

CompTIA SY0-101: Practice Exam

QUESTION NO: 203 Choose the protocol used by a web server to encrypt data. A. ActiveX B. TCP/IP (Transmission Control Protocol/Internet Protocol) C. SSL (Secure Sockets Layer) D. IPSec (Internet Protocol Security) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.

QUESTION NO: 204

A. Role Based Access Control (RBAC) B. Discretionary Access Control (DAC) C. Rule Based Access Control (RBAC) D. Mandatory Access Control (MAC) Answer: D

QUESTION NO: 205 One of the following options details the main advantage of why you should choose to use SSL (Secure Sockets Layer) over using HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer). Which is it? "Pass Any Exam. Any Time." - www.actualtests.com 72

Ac

Which of the following access control models uses subject and object labels?

tua

lTe

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 365

sts

.co

m

53 B. Auto-population Answer: A QUESTION NO: 208 All of the following types of attacks can be detected by an IDS EXCEPT: A. Denial of Service (DoS) B. QUESTION NO: 206 Answer: C QUESTION NO: 207 A technician wants to be able to add new users to a few key groups by default. Inheritance B. Default pairing D. whereas HTTPS does not. for instance FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol). SSL provides full application security for HTTP whereas HTTPS does not. 636 . Template C.CompTIA SY0-101: Practice Exam A. Answer: A Explanation: SSL on its own works at the session layer (layer 5) so it has more versatility in protocols that it supports. spoofed e-mail "Pass Any Exam. Any Time.actualtests. which of the following will allow this? A." . SSL and HTTPS are transparent to the application. B. 3389 D. C. SSL supports user authentication whereas HTTPS does not.com Ac tua lTe sts A. SSL supports additional Application layer protocols.co m Which ports need to be open to allow a user to login remotely onto a workstation? 73 . D.www. 8080 C.

Prevent members of the organization from entering the server room. A map scanner. QUESTION NO: 211 To aid in preventing the execution of malicious code in email clients.D . Which of the following actions should you perform? Choose all correct answers.www. Answer: D Explanation: Ping confirms a connection by sending and receiving ICMP packets. QUESTION NO: 209 You work as the security administrator at Certpaper . Any Time. exploits of bugs or hidden features. D. Shut down the server to prevent the hacker from accessing more data.C. Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol). Answer: B Explanation: Spoofed e-mails will not be detected by the IDS. port scan D. sts Answer: A. A ping scanner. C.com 74 Ac tua QUESTION NO: 210 lTe Explanation: Answer : B is correct to stop anyone from corrupting the evidence. You have become aware of a hacker accessing confidential company data from over the network.co m . Prevent members of the incident response team from entering the server room. Detach the network cable from the server to prevent the hacker from accessing more data. C." . A. A port scanner. B. A.com.B. which of the following should be done by the email administrator? "Pass Any Exam.CompTIA SY0-101: Practice Exam C. B.actualtests. A share scanner. D.

www.co m 75 . Regular updates should be performed C. How will you accomplish the task? A. Spam and anti-virus filters should be used D. 139 Answer: A QUESTION NO: 214 You work as the security administrator at Certpaper . Employ additional security staff D. Protocol analyzer B. Email client features should be disabled B. Port scanner C. 443 D. Install expensive surveillance equipment. 23 C.CompTIA SY0-101: Practice Exam A. Any Time. Destroy all paper and other media that are no longer required. C. 88 B. Preview screens should be disabled Answer: C QUESTION NO: 212 Which of the following would allow a technician to compile a visual view of an infrastructure? A. Remove the contents of the trash can on a regular basis.com Ac tua lTe sts QUESTION NO: 213 . Answer: A "Pass Any Exam. Networkmapper D." . You want to reduce the current vulnerability from dumpster diving. B.actualtests.com. Security log Answer: C Kerberos uses which of the following ports by default? A.

the IT security budget justified D. SSL "Pass Any Exam. Executive functions D. 2nd Edition. the user community informed of threats B. which of the following functions should be returned FIRST from the backup facility to the primary facility? . p 51 QUESTION NO: 215 Communication is important to maintaining security because communication keeps: A. These dumpsters may contain information that is highly sensitive in nature. Least critical functions B. Most businesses do not do this.co m Following a disaster. Web services .CompTIA SY0-101: Practice Exam Explanation: Dumpster diving is a very common physical access method.com 76 Ac tua QUESTION NO: 216 lTe Answer: A sts A. Alameda .www. PPTP B.actualtests. 2004. law enforcement informed of what is being done Answer: A QUESTION NO: 217 Which of the following is the MOST secure way to implement data encryption between SMTP servers? A. Companies generate a huge amount of paper in the normal course of events. Reference: Mike Pastore and Emmett Dulaney . Systems functions C. sensitive papers are either shredded or burned. Security+ Study Guide . Most of the information eventually winds up in dumpsters or recycle bins. Sybex . Any Time. In high security government environments." . the network bandwidth usage under control C.

but it increases the risk of unauthorized disclosure of information.co m Answer: B 77 . p 440 "Pass Any Exam. TLS D. C. This model allows users to dynamically share information with other users. This creates an opportunity for attackers to use your certificates. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given.CompTIA SY0-101: Practice Exam C. Someone looking through your files D. Sybex . C. tua lTe sts The DAC (Discretionary Access Control) model has an inherent flaw. Listening or overhearing parts of a conversation B. Security+ Study Guide . B. This creates a security loophole for Trojan horse attacks. The DAC (Discretionary Access Control) model does not have any known security flaws." . Involve someone who routinely monitors network traffic QUESTION NO: 219 Answer: A Explanation: In a DAC model. This allows anyone to use an account to access resources. Any Time. Reference: Mike Pastore and Emmett Dulaney . The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources. The process allows a more flexible environment. D. The DAC (Discretionary Access Control) model uses certificates to control access to resources. 2004. Alameda .actualtests. Placing a computer system between the sender and receiver to capture information. L2TP Answer: C QUESTION NO: 218 Which of the following definitions would be correct regarding Active Inception? A. 2nd Edition.com Ac A. Choose the option that describes this flaw. network users have some flexibility regarding how information is accessed. .www.

Port 53 C. there's always a risk that something can go wrong which can compromise your data and server operation. D. Virus B. C. Port 21 Answer: A "Pass Any Exam. installing a patch. Any Time. You must configure the firewall to support TACACS. lTe sts A. because they are developed the fix known vulnerabilities.com Ac tua Explanation: Software patches are good for network security. Phishing Answer: B.com. SPIM E.CompTIA SY0-101: Practice Exam QUESTION NO: 220 Which of the following will allow a credit card information theft? (chose TWO) A.actualtests.www. Adwar C. Port 49 B.E QUESTION NO: 221 Answer: A QUESTION NO: 222 You work as the security administrator at Certpaper . B. immediatelydownload and install the patch. and it would also be wise to test the patch on your least important servers first. . test the patch on a non-production server then install the patch to production. notinstall the patch unless there is a current need. Worm D. It would be wise to backup your data BEFORE. Port 161 D. When you patch an operating system. install the patch and then backup the production server." . Which port(s) should you open on the firewall? A. So even if everything's operating normally. a patch is still very beneficial.co m When a patch is released for a server the administrator should: 78 .

co m 79 . SQL injection Answer: A QUESTION NO: 224 Which of the following is the BEST place to obtain a hotfix or patch for an application or system? A.com Ac tua lTe sts . Any Time. Kerberos C. A. Cross site scripting B. A newsgroup or forum D. A CD-ROM Answer: B QUESTION NO: 225 Most key fob based identification systems use which of the following types of authentication mechanisms? (Select TWO). Buffer overflows C. The manufacturer's website C. Certificates E.E QUESTION NO: 226 "Pass Any Exam. An email from the vendor B. Username/password D." .actualtests. Token Answer: C. QUESTION NO: 223 CGI scripts are susceptible to which of the following types of attacks? A. Biometrics B. DNS spoofing D.CompTIA SY0-101: Practice Exam Explanation: TACACS uses both TCP and UDP port 49.www.

You should prevent the execution of . A. non-repudiation.www.actualtests. Reference: Mike Pastore and Emmett Dulaney . digital certificates." . You should require root/administrator access to run programs and applications. cryptography scheme C. Alameda .CompTIA SY0-101: Practice Exam Choose the most effective method of preventing computer viruses from spreading throughout the network. through e-mail. B. You should enable scanning of all e-mail attachments. infrastructure B. You should install a host based IDS (Intrusion Detection System) Answer: C Explanation: Viruses get into your computer in one of three ways.co m 80 . distribution authority Answer: A "Pass Any Exam.vbs files. and key history management. Format the drive C. They may enter your computer on a contaminated floppy or CD-ROM.com Ac tua lTe sts . Any Time. 2nd Edition. Delete the files and re-install the operating system Answer: A QUESTION NO: 228 A public key _____________ is a pervasive system whose services are implemented and delivered using public key technologies that include Certificate Authority (CA). A. p 76 QUESTION NO: 227 Which of the following would be the minimally acceptable method of ensuring that a disposed hard drive does not reveal sensitive data? A. Perform multiple bit level overwrites B. D. Use the FDISK Command D. C. Sybex . or as a part of another program. Security+ Study Guide . 2004. exchange D.

The session is secure after this process. This protocol uses the handshake method.co m 81 .com Ac Which of the following would be MOST effective in preventing network traffic sniffing? tua lTe Reference: Mike Pastore and Emmett Dulaney . The client then sends the server a certificate indicating the capabilities of the client. 2nd Edition. 2004. When a connection request is made to the server. Use hubs instead of routers D. Deployan IDS Answer: A Explanation: Switches don't send all traffic on the segment to every port so conventional sniffing methods don't work. the server sends a message back to the client indicating a secure connection is needed. Sybex . Disable promiscuous mode C. Alameda . QUESTION NO: 230 A. "Pass Any Exam. Use switches instead of hubs B. Security+ Study Guide .www. which is used to secure web transactions? A. SMTP (Simple Mail Transfer Protocol) C. XML (Extensible Makeup Language) B.actualtests. p 365 sts . SSL (Secure Sockets Layer) D. S/MIME (Secure Multipurpose Internet Mail Extensions) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines." . Any Time. The server then evaluates the certificate and responds with a session key and an encrypted private key.CompTIA SY0-101: Practice Exam QUESTION NO: 229 From the list of protocols.

Security+ Study Guide . Hypervisor. Birthday C. Sandbox. 2nd Edition. Any Time. Hardware lTe Which of the following is the BEST description of the basic elements of virtualization? sts .actualtests. Spam D. Guest.com Ac Answer: A tua A. Sandbox. Emulator. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Buffer overflow B. This situation can cause an application to terminate. a hub Answer: A "Pass Any Exam.www. Hardware D. Host. Hardware B. Sandbox. NAT C. Hypervisor. Host. 2004. Sybex . Reference: Mike Pastore and Emmett Dulaney . Hypervisor. Hardware C.CompTIA SY0-101: Practice Exam QUESTION NO: 231 Which of the following is a common type of attack on web servers? A." . Alameda . network monitoring D. a firewall B. Hypervisor. p 135 QUESTION NO: 232 QUESTION NO: 233 Stateful packet inspection is a methodology used by: A. Brute force Answer: A Explanation: Buffer overflow occur when an application receives more data that it is programmed to accept. Guest.co m 82 .

E sts A. Authorization E. Non-repudiation B.co m Which of the following would be achieved by using encryption? (Select THREE). a replay attack." .CompTIA SY0-101: Practice Exam QUESTION NO: 234 Which of the following types of authentication BEST describes providing a username. aDDoS attack B. Confidentiality D. the user is rerouted to a protest webpage. password and undergoing a thumb print scan to access a workstation? A. Multifactor Answer: D QUESTION NO: 235 A. the user is rerouted to a protest webpage. Integrity . . DNS Poisoning C. This is MOST likely: tua QUESTION NO: 236 lTe Answer: A. Answer: B QUESTION NO: 237 Using software on an individual computer to generate a key pair is an example of which of the following approaches to PKI architecture? "Pass Any Exam. Kerberos B.www. a social engineering attack D. This is MOSTUsers are reporting that when attempting to access the company? web page on the Internet. Availability C.C. Mutual D. Any Time. Biometric C.actualtests.com 83 Ac Users are reporting that when attempting to access the company web page on the Internet.

" . Enumerating D. B. B. Distributed key B. Minimizing development cost. Disable the employee's user accounts and delete all data.co m 84 . Contact the employee's supervisor regarding disposition of user accounts D. Hardening B. C.www. Centralized Answer: B QUESTION NO: 238 A representative from the human resources department informs a security specialist that an employee has been terminated. Disable the employee's user accounts and keep the data for a specified period of time. Change the employee's user password and keep the data for a specified period. Answer: A QUESTION NO: 239 Answer: A QUESTION NO: 240 Which of the following would be MOST important when designing a security awareness program? A. C. Answer: A "Pass Any Exam. Creating security awareness posters and notices. Active prevention C. Passive detection tua lTe Which of the following BEST describes the baseline process of securing devices on a network infrastructure? sts .com Ac A.actualtests. D. Conducting user training sessions.CompTIA SY0-101: Practice Exam A. Any Time. Using an independent security instructor. Which of the following would be the BEST action to take? A. Decentralized C. Hub and spoke D.

During the 80's and early 90's most viruses were activated when you booted from a floppy disk. Memory starvation C. Disk storage consumption Answer: D QUESTION NO: 242 A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. activation mechanism and has an objective. CPU starvation B. A computer virus is a find mechanism. A computer virus is a learning mechanism. D. Any Time. Activation mechanism: Most viruses require the user to actually do something. where it can replicate and spread past security systems into other systems.com 85 Ac tua lTe sts . C. Hub Answer: C QUESTION NO: 243 Choose the statement which best defines the characteristics of a computer virus.CompTIA SY0-101: Practice Exam QUESTION NO: 241 Open FTP file shares on servers can facilitate which of the following types of attacks? A.co m . A computer virus is a search mechanism. Switch D. B. Router B. Firewall C. A computer virus is a replication mechanism. Answer: D Explanation: Replication mechanism: To replicate a virus needs to attach itself to the right code.actualtests. connection mechanism and can integrate." . Which of the following network devices should be used? A.www. initiation mechanism and can propagate. contamination mechanism and can exploit. or inserted a new "Pass Any Exam. Smurf D. A.

two firewalls Answer: D QUESTION NO: 245 An attacker can use a specific method to exploit the clear-text attribute of Instant-Messaging sessions. Answer: A Explanation: Since only clear unencrypted text is being sent across the world through multitudes of WAN equipment and routers. Any Time. QUESTION NO: 246 You work as the security administrator at Certpaper . Port scanning.com 86 Ac tua lTe sts . Kerberos "Pass Any Exam. D. You must implement an authentication protocol that uses only encrypted passwords during the authentication process.co m . Reverse engineering. or crash the system. QUESTION NO: 244 A demilitarized zone (DMZ) is a network segment that can be created by using: A. Nowadays most computer virus's come as email forwards.www. one firewall and one VPN B. B. it is easy for someone to sniff your conversation and eavesdrop on every single word you type. C. A. Packet sniffing. two routers D. Objective: many viruses have no objective at all. and they require the user to execute." .CompTIA SY0-101: Practice Exam floppy disk into an infected drive.actualtests. hog up memory. Cryptanalysis. Choose the authentication protocol that accomplishes this. but some have the objective to delete data. Which is it? A. one router and one firewall C.com.

The longer an encryption key is used the more processing power it will consume. that is repeated at random intervals during a session. QUESTION NO: 247 Which of the following would be the BEST reason for certificate expiration? A. The challenge response uses a hashing function derived from the Message Digest 5 (MD5) algorithm. Any Time." . Disaster planning C. packet sniffing D. CHAP (Challenge Handshake Authentication Protocol) Answer: D Explanation: CHAP is commonly used to encrypt passwords. SMTP (Simple Mail Transfer Protocol) C. B. D. User education and awareness training B. phishing B. Brute force techniques are likely to break the key if given enough time.CompTIA SY0-101: Practice Exam B. To keep the server from using the same key for two sessions.A user has received an email from a mortgage company asking for personal information including bank account numbers. This would BEST be described as: lTe sts . PPTP (Point-to-Point Tunneling Protocol) D.co m 87 . a hoax Answer: A QUESTION NO: 249 Sending a patch through a testing and approval process is an example of which of the following? A. spam C.actualtests. C. Answer: B QUESTION NO: 248 A. Renewal keeps the log files from getting too large. It provides for on-demand authentication within an ongoing data transmission. Acceptable use policies "Pass Any Exam.www.com Ac tua .

performance-based E.co m Answer: C 88 . Change management Answer: D QUESTION NO: 250 Which of the following BEST describes a set of programs and code that allows an undetectable presence on a system with administrative rights? A. Web-of-trust C. rate-based C. Virus C. Rootkit D. Worm QUESTION NO: 251 Answer: B QUESTION NO: 252 All of the following monitoring types evaluate pre-specified conditions EXCEPT: (Select TWO).E "Pass Any Exam. Hierarchical lTe sts Which of the following trust models would allow each user to create and sign certificates for the people they know? .CompTIA SY0-101: Practice Exam D. signature-based D. B.www. behavior-based. Trojan horse B. Browser trust-list B. anomaly-based Answer: A. Any Time. A. Single certificate authority (CA) D.com Ac tua A." .actualtests.

com 89 Ac tua QUESTION NO: 255 lTe sts . Ports 80 and 443. "Pass Any Exam. C. Brute force C. Birthday B. Dictionary D. Placing the password in a text document and saving the document on the system administrator's computer. Rainbow Answer: B Which of the following needs to be backed up on a domain controller to be able to recover Active Directory? A.www.CompTIA SY0-101: Practice Exam QUESTION NO: 253 Which of the following methods of documenting and storing a password is considered acceptable? A. Ports 20 and 21. Any Time. System state D. Operating system C. D. User date B. Writing the password on a note and placing the note under the computer keyboard.co m . B. Writing the password on a piece of paper and storing the paper in a locked safe.actualtests." . Answer: C QUESTION NO: 254 Which of the following methods of password guessing typically requires the longest attack time? A. System files Answer: C QUESTION NO: 256 Choose the ports that are used to access the FTP (File Transfer Protocol) protocol. B. Sharing the password with a family member and asking the family member not to reveal the password. A.

By availability.com Ac Answer: B tua A. D." . With this knowledge in intuition. Any Time. monitoring and administration Answer: C QUESTION NO: 258 Explanation: Social engineering attacks work because of the availability heuristic. and be more suspect of an attack when someone does ask for a favor. Ports 21 and 23. Lack of security awareness C. Answer: A Explanation: In basic FTP operations. an employee will make a smarter decision. guidelines and enforcement. So by consistency.CompTIA SY0-101: Practice Exam C. Strong passwords are not required D. In the past people have had experiences where a co-worker with a legitimate problem asked for help and been grateful for it. Multiple logins are allowed lTe Which of the following is a major reason that social engineering attacks succeed? sts . QUESTION NO: 257 Human resource department personnel should be trained about security policy: A.actualtests. If an awareness program were to be implemented where employees could be aware of social engineering tactics. they would be more likely to think about them. they associate that ask for help for every legitimate cry for help. "Pass Any Exam.co m 90 . Ports 20 and 80. maintenance. law of reciprocity. Audit logs are not monitored frequently B. when someone asks for help. D. and times when they needed help themselves and were helped. so essentially they're being a good Samaritan. port 20 is the data port and port 21 is the command port.www. and law of consistency. implementation C. they feel the urge to help others again the way they've helped out somebody in the past. B.

Which of the following states the aim of a FTP (File Transfer Protocol) bounce attack? A. tua lTe sts . You are investigating the consequences of networks attacks aimed at FTP servers. Use a device as intended B. For more detailed information on this FTP Bounce attack refer to the hyperlink. There have been ongoing discussions about this problem (called "FTP bounce") for several years. Answer: C Reference: http://www. Server based "Pass Any Exam. Address internal threats D.actualtests.com. D.www. The attack aims to exploita buffer overflow vulnerability on the FTP server. The attack aims to establish a connection between the FTP server and another computer.org/advisories/CA-1997-27. Unix based B. C. the PORT command can be misused to open a connection to a port of the attacker's choosing on a machine that the attacker could not have accessed directly. This implementation would violate which of the following security principles? A.com Ac Explanation: In some implementations of FTP daemons. Create an in-depth defense Answer: A QUESTION NO: 260 You work as the security administrator at Certpaper .CompTIA SY0-101: Practice Exam QUESTION NO: 259 A company implements an SMTP server on their firewall.co m 91 .cert. The attack aims to store and distribute malicious code. The attack aims to reboot the FTP server. B. Any Time. and some vendors have developed solutions for this problem.html QUESTION NO: 261 Which of the following types of IDS should be employed to obtain the MOST information about the enterprise? A. Keep the solution simple C." .

it monitors all the traffic over the entire network QUESTION NO: 262 Which of the following BEST describes actions pertaining to user account reviews? (Select TWO). Any Time. Network based D. Host based Answer: C Explanation: A network based Intrusion Detection System is not limited to a single server or network segment like a host based IDS. Confidentiality C. B. User account reports are periodically extracted from systems and employment verification is performed. Availability Answer: C QUESTION NO: 264 A programming mechanism used to allow administrative access while bypassing the usual access control methods is known as a: "Pass Any Exam.CompTIA SY0-101: Practice Exam C. User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes.www. Integrity B. Continuity D. User accounts reports are periodically extracted from systems and user access dates are verified C.E QUESTION NO: 263 A." . User accounts reports are periodically extracted from systems and end users are informed.actualtests.com Ac What is the primary security risk associated with removable storage? tua lTe sts . A. E. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization. D.co m 92 . Answer: C.

actualtests. By location Answer: B QUESTION NO: 267 You work as the security administrator at Certpaper . expiration Answer: C Which is a BEST practice method to assign rights and privileges? A. First search for and delete the virus file. B.CompTIA SY0-101: Practice Exam A." .com. D. Any Time. First investigate the e-mail message as a possible hoax with a trusted anti-virus vendor. revocation C. First locate and download a patch to repair the file. validation D. By individual C. By group D. back door Answer: D QUESTION NO: 265 PKI provides non-repudiation by providing third-party assurance of certificate: A. destruction B. "Pass Any Exam.www. logic bomb C. You must document the procedure for handling computer virus infections. Trojan horse B.com Ac tua lTe sts QUESTION NO: 266 .co m 93 . C. By network B. software exploit D. First broadcast a message to the all users to alert them of the presence of a virus. Choose the action which you should specify to perform when receiving an e-mail message warning of the existence of a virus on the system if a specific executable file exists? A.

The act of locating and downloading a patch isn't just time consuming. modeling C. D. and perhaps terrorizing the users is the original intent of the attack. the wrong file can be deleted.' Broadcasting an alert and creating panic isn't the right thing to do. avoidance." . are time stamped Answer: D "Pass Any Exam.com Ac tua lTe sts QUESTION NO: 268 . the file could be hidden. McAfee. acceptance. Answer: B QUESTION NO: 269 Reusing a ticket. and worst of all: when you delete a file it doesn't really get completely deleted. are digitally signed C. as a replay attack. or the process of resetting the computer could activate the virus.co m 94 . because it will waste bandwidth. The process of predicting threats and vulnerabilities to assets is known as threat: A. and they will have details on their sites.actualtests. mitigation B. the major anti-virus players like Symantec.www.CompTIA SY0-101: Practice Exam Answer: D Explanation: If a virus threat is for real. are encrypted D. or Sophos will know about it before you. use a token B. but there's a chance that the patch itself could be the virus. Incorrect answers: Searching for and deleting a file is not only a waste of time with today's OS's complex directory systems. instead it gets sent to a 'recycle bin. in Kerberos authentication will not be successful because the tickets: A. but its also ineffective. One can miss a file. Any Time.

2nd Edition. Security+ Study Guide . and they will become widely used over the next few years. Alameda . A. Which of the following actions should the user take? A.CompTIA SY0-101: Practice Exam QUESTION NO: 270 Choose the method of authentication which is the most COSTLY method. A user must trust the public key that is received Answer: D QUESTION NO: 272 A user accesses a retailer from an Internet search.com Ac tua lTe sts . B. Privatekeys can be compromised.www. Many companies use smart cards as their primary method of access control." . Passwords Answer: B Explanation: Biometrics These technologies are becoming more reliable. Biometrics C. 2004. Weak encryption can be easily broken B. While browsing the retailer's web site.actualtests. p 265 QUESTION NO: 271 Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication? A. D. Be sure that a URL is secure before entering personal information. the user wants to purchase an item and enters the credit card information. Reference: Mike Pastore and Emmett Dulaney . Check for shipping delays for the requested items. "Pass Any Exam. It is subject to a man-in-the-middle attack C. Implementations have been limited in many applications because of the high cost associated with these technologies. Any Time.co m 95 . Shared secrets B. Tokens D. Sybex . The user later observes unknown charges on the credit card bill and has not received the purchased items.

CompTIA SY0-101: Practice Exam C. Type the retailer's web address directly into the URL in the future D. Anonymous relays have not been disabled.co m Answer: A 96 . B. C.com Ac tua A. Remote access to the email application's install directory has not been removed. 50 B. 25 C. X. D. Answer: B "Pass Any Exam. The administrator account was not secured. Configuring the Start menu and Desktop. Any Time. Applying patches lTe sts Which of the following are components of host hardening? (Select TWO) . C." . Which of the following is MOST likely the cause? A.www. Answer: A QUESTION NO: 273 Which of the following protocols is used by Encapsulating Security Payload (ESP) in IPSec? A.actualtests.E QUESTION NO: 275 An SMTP server is the source of email spam in an organization. Adding users to the administrator group D. Limit the number of times online purchases are made monthly. Disabling unnecessary services E. 51 D. 20 QUESTION NO: 274 Answer: D. Removing a user access to the user data B.400 connectors have not been password protected.

C QUESTION NO: 277 An employee receives a request from a person claiming to be an employee at a remote office location. D. C.CompTIA SY0-101: Practice Exam QUESTION NO: 276 Which of the following would be the BEST step to take to stop unauthorized users from targeting a wireless network with a site survey? (Select TWO). blocking unwanted outgoing traffic B. however. Give the caller a supervisor's name and telephone number to request authority to expedite the request. A.actualtests. D. developing a firewall policy D. blocking unwanted incoming traffic C. Answer: B. the caller claims there is an emergency and asks that the request be expedited. protecting againstDDoS attacks Answer: C Explanation: What good is a firewall without any kind of policy or configuration policy to be implemented? "Pass Any Exam. B. Ask a supervisor for permission to deviate from established procedures due to the emergency Answer: C QUESTION NO: 278 The first step in effectively implementing a firewall is: A.www. Changing the default SSID.co m 97 . Using a switch rather than a hub.com Ac tua lTe sts . Physically locking the WAP. Any Time. Broadcasting a false domain name. B. Which of the following would be the BEST action for the employee to take? A. E. Disabling SSID broadcasting. C. Expedite the request since the caller's identity has been verified. The caller is knowledgeable about the company and the caller's name is listed in the company telephone and email directory. Follow established procedures and report any abnormal incidents." .

Reconfigure the key D. A man-in-the-middle attack B." . Delete the key Answer: A QUESTION NO: 281 A. Access B.actualtests. A replay attack C. Revoke the key B. Any Time. A weak key Answer: A QUESTION NO: 282 The difference between identification and authentication is that: "Pass Any Exam.www.co m 98 . Renew the key C.CompTIA SY0-101: Practice Exam QUESTION NO: 279 Which of the following logs shows when the workstation was last shutdown? A. System D. DHCP Answer: C QUESTION NO: 280 Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? A. Security C.com Ac Which of the following describes an unauthorized user redirecting wireless network traffic from the intended access point to a laptop to inject a packet with malware? tua lTe sts . A: Social engineering D.

A. VPN Answer: A QUESTION NO: 284 Answer: A QUESTION NO: 285 After establishing a tunnel. D. Oakley "Pass Any Exam. Encapsulating Security Payload (ESP) B. the IPSec Protocol Suite uses which of the following specific protocols for securing the data packet? (Select TWO). Block cipher D.www.co m . Secure Key Exchange Mechanism for Internet (SKEMI) C. C. authentication verifies a set of credentials while identification verifies the identity of the network.actualtests. authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials." . B. Demilitarized zone (DMZ) B. VLAN C. authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group. Sniffed traffic C. Algorithm used tua Which of the following would be MOST desirable when attacking encrypted data? lTe sts . Any Time.com 99 Ac A. Intranet D.CompTIA SY0-101: Practice Exam A. authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials. Weak key B. Answer: C QUESTION NO: 283 Which of the following describes a semi-trusted location used to securely house public facing servers between the Internet and the local network? A.

p 371 QUESTION NO: 286 From the list of options. cancer victim child suffering from Herpes it creates undue panic and emotion in the work setting. crippled." . To monitor unauthorized zone transfers B. Reference: Mike Pastore and Emmett Dulaney . B. D. Answer: C QUESTION NO: 287 Which of the following is a reason to implement security logging on a DNS server? A. E-mail hoaxes tend to encourage malicious users. chose the primary attribute associated with e-mail hoaxes.D have a degree of truth to them. and whether it is a computer virus or a blind.co m 100 . starving. E-mail hoaxes can result in buffer overflows on the e-mail server. Security+ Study Guide . as well as panic in users that are not technically inclined.CompTIA SY0-101: Practice Exam D.C. Sybex . Alameda .www.actualtests.com Ac Explanation: Although answer choices B . Authentication Header (AH) Answer: A. To measure the DNS server performance Answer: A "Pass Any Exam. Internet Security Association and Key Management Protocol (ISAKMP) E. the BEST answer is A. tua lTe sts . 2004.E Explanation: IPSec is a security protocol that provides authentication and encryption across the Internet. Email hoaxes often create unnecessary traffic because they ask users to forward an email to everyone in address book. To perform penetration testing on the DNS server C. Any Time. IPSec can use AH or ESP. 2nd Edition. E-mail hoaxes create unnecessary e-mail traffic. A. To control unauthorized DNSDoS D. C. E-mail hoaxes consume large quantities of server disk space.

operating system patching instructions Answer: A. To centralize the patch management of network servers D.actualtests.CompTIA SY0-101: Practice Exam QUESTION NO: 288 The risks of social engineering can be decreased by implementing: (Select TWO) A. identity verification methods C. To implement additional network services at a lower cost C. Authentication D. To isolate the various network services and roles Answer: D QUESTION NO: 291 Giving each user or group of users only the access they need to do their job is an example of which of the following security principals? "Pass Any Exam.D. Non-repudiation E. 101 .B QUESTION NO: 289 Answer: C. Confidentiality F.F QUESTION NO: 290 A. Any Time. risk assessment policies D." . security awareness training B. Integrity .co m Which of the following security services are provided by digital signatures? (Select THREE).www. Authorization B. To analyze the various network traffic with protocol analyzers B. vulnerability testing techniques E. Encryption C.com Ac Which of the following is a security reason to implement virtualization throughout the network infrastructure? tua lTe sts A.

Alameda . Many times the virus is in an executable attachment. The infected system includes an attachment to any email that you send to another user. Remote Access Server (RAS) D. Separation of duties B.co m 102 .com Ac tua lTe sts QUESTION NO: 293 . Security+ Study Guide .actualtests. Access control C.CompTIA SY0-101: Practice Exam A." . Defense in depth Answer: C QUESTION NO: 292 Which of the following types of servers should be placed on a private network? A. Reference: Mike Pastore and Emmett Dulaney . Any Time. 2004. Email server B. 2nd Edition. Executable files. Least privilege D. p 78 QUESTION NO: 294 "Pass Any Exam. D. The recipient opens this file thinking it is something you legitimately sent them. Sybex . Microsoft Word documents. All of the above. C. B. File and print server C.www. When they open the file. Plain text documents. the virus infects the target system. Web server Answer: B Which of the following should be scanned for viruses? A. Answer: A Explanation: Many newer viruses spread using email.

sustain attacks that go unnoticed D.F A. Differential C." . are not visible to an IDS F. Intranet B. provide root level access E. Extranet D. Incremental D. decrease the surface area for the attack C.CompTIA SY0-101: Practice Exam Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media? A. VPN Answer: C QUESTION NO: 297 The IPSec Security Association is managed by "Pass Any Exam. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? tua QUESTION NO: 296 lTe sts .www. Scatternet C. Delta Answer: B QUESTION NO: 295 Non-essential services are often appealing to attackers because non-essential services: (Select TWO) A. are not typically configured correctly or secured Answer: C.actualtests. Full B.com Ac A company wants to connect the network to a manufacturer's network to be able to order parts. consume less bandwidth B. Any Time.co m 103 .

Port scans can be performed both internally and externally. p 69 tua Explanation: A TCP/IP network makes many of the ports available to outside users through the router. ISAKMP Answer: D QUESTION NO: 298 Which of the following actions can an attacker perform when network services are enabled on a target system? A. RC4 because it produces 160-bits message digests Answer: B "Pass Any Exam. lTe sts . Sybex . An attacker can install arootkit on the target system. C. MD5 because it produces fewer numbers of collisions. Any Time. B.co m 104 . and it can reveal a great deal about your network. Many routers. An attacker can run a port scan against the target system. Security+ Study Guide . An attacker can systematically query a network to determine which services and ports are open. 2nd Edition. AH C. An attacker can enable logging on the target system. unless configured appropriately.actualtests. SHA-1 because it produces 160-bits message digests. These ports will respond in a predictable manner when queried. 2004.CompTIA SY0-101: Practice Exam A. IEEE B. MD5 because it produces 160-bits message digests C.com Ac Reference: Mike Pastore and Emmett Dulaney .www. Answer: A QUESTION NO: 299 Which of the following is a suitable hashing algorithm for a secure environment? A. This process is called port scanning. will let all of the protocols pass through them. ESP D. B. D." . D. An attacker can check the services file. Alameda .

actualtests. Buffer Overflow attack Answer: B Explanation: SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets.com 105 Ac tua lTe sts . virus D.co m . "Pass Any Exam. The receiving station sends out this SYN packets (pings the broadcast address) which causes multiple servers or stations to respond to the ping. Birthday attack D. The receiving station tries to respond to each SYN request for a connection. 160 C. Any Time. 64 Answer: A QUESTION NO: 301 Malicious software that travels across computer networks without user assistance is an example of a: A. thus overloading the originator of the ping (the receiving station). thereby tying up all the resources. worm B. Smurf attack B. Therefore. 128 D.CompTIA SY0-101: Practice Exam QUESTION NO: 300 How many characters is the output of a MD5 hash? A.www. SYN attack C. Change this if you want but in the SYN flood the hacker sends a SYN packet to the receiving station with a spoofed return address of some broadcast address on their network. Trojan hors C. logic bomb Answer: A QUESTION NO: 302 From the listing of attacks." . All incoming connections are rejected until all current connections can be established. choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network? A. 32 B.

Software publisher certificate C. The answer B is correct. 2nd Edition.co m . Biometric Answer: B QUESTION NO: 305 A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems.www. Reference: Mike Pastore and Emmett Dulaney . 2004. Sybex . whereas the network of the attacked station is actually what does the barrage of return packets and overloads the receiving station.com 106 Ac Which of the following authentication methods requires that the client authenticate itself to the server and the server authenticate itself to the client? tua lTe Explanation: This is not discussed in the book so much. Server certificate Answer: B QUESTION NO: 304 A. The pop-up window is a certificate which validates the identity of the plug-in developer. Web certificate B. Certificate Authority (CA) certificate D. Any Time. sts . Alameda . Mutual C." . but you can find online more information on software publisher certificate. Security+ Study Guide . Which of the following BEST describes this type of certificate? A. p 530 QUESTION NO: 303 While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in. Username/password B.actualtests. Which of the following BEST describes this document? "Pass Any Exam.CompTIA SY0-101: Practice Exam the hacker may send only 1 SYN packet. Multifactor D.

Looking over a co-workersshould'er to retrieve information Answer: A "Pass Any Exam. Authorized Access Policy D. Answer: C Answer: A QUESTION NO: 308 Turnstiles. double entry doors and security guards are all prevention measures for which of the following types of social engineering? A. C. Due diligence form Answer: B QUESTION NO: 306 MITRE and CERT are: A.www. lTe Which of the following would be the FIRST step to take to mitigate the threat of non-essential domain accounts? sts QUESTION NO: 307 . virus and malware cataloging organizations. Acceptable Use Policy C. Rename the system administrator account C. Any Time. Write an LDAP query. anti-virus software companies." .co m 107 .CompTIA SY0-101: Practice Exam A. spyware and virus distributing software B.com Ac tua A.actualtests. virus propagation monitoring utilities. Looking through a co-worker's trash to retrieve information C. Impersonation D. Privacy Act of 1974 B. Piggybacking B. Review the domain accounts D. Develop a security policy B. D.

and prop the door open for them. Other forms of piggybacking take advantage of human altruism. When the authorized user enters.CompTIA SY0-101: Practice Exam Explanation: Piggybacking is an espionage tactic commonly used in the movies. The security specialist discovers that users have installed personal software. Install software patches. they use stealth to sneak behind them and gain access without the authorized user even knowing. and waits for an unknowing authorized user to enter. Carbon Dioxide B." . Foam Answer: C A. B. "Pass Any Exam.com 108 Ac tua A newly hired security specialist is asked to evaluate a company's network security.actualtests. Password management D. An unauthorized person will put on a disguise and carry a heavy box to the door. Ensure that the web URL starts with 'https:\\'. Water D. the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Right click on the lock at the bottom of the browser and check the certificate information B.www. QUESTION NO: 309 Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment? A. The hero or the villain hides by a secure entrance. Halon C. Enforce the security policy. Which of the following would be the FIRST step to take? lTe QUESTION NO: 310 sts . where the authorized user will try to do the right thing. Answer: B QUESTION NO: 311 Which of the following would be an easy way to determine whether a secure web page has a valid certificate? A.co m . Any Time. Disable non-essential services. C.

Any Time. SSH with version 0.9.co m Answer: A . Which is it? Choose all correct answers.CompTIA SY0-101: Practice Exam C.D Explanation: "Pass Any Exam. CHAP D.8a is installed and configured for remote administration. D. ContactThawte or Verisign and ask about the web page D. EAP B. Contact the web page's web master Answer: A QUESTION NO: 312 Which of the following protocols works with 802. Sendmail is configured to allow the administrator's web access. Data Link Layer Answer: B.actualtests. FTP configures to allow anonymous user access. B. Physical Layer B. lTe sts Which of the following daemons is MOST likely to be the cause if an unauthorized user obtains a copy of a Linux systems /etc/passwd file? . SPAP QUESTION NO: 313 Answer: D QUESTION NO: 314 The SSL (Secure Sockets Layer) protocol operates between specific layers of the OSI (Open Systems Interconnection) reference model. Application Layer.www. A. SSL has enabled the Apache service with no virtual hosts configured C. Transport Layer E.1X to authenticate a client to a network? A.com 109 Ac tua A. Network Layer D. C. LDAP C." .

Which of the following steps should the specialist take? A. define the encryption protocols used.CompTIA SY0-101: Practice Exam SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. B. Install the executable program because there was probably a mistake with the MD5 value. C. Re-run the anti-virus program to ensure that it contains no virus execute B. SLA. Avoid executing the file and contact the source website administrator Answer: D QUESTION NO: 316 An end-to-end traffic performance guarantee made by a service provider to a customer is a: A. Any Time. so naturally it operates between the top two layers of the OSI model. C. DRP.com 110 Ac tua lTe sts .www. D. protect the client C. secure the WAP D." .co m . Answer: A QUESTION NO: 318 "Pass Any Exam. D. The source has published the MD5 hash values for the executable program. BCP.actualtests. QUESTION NO: 315 A security specialist has downloaded a free security software tool from a trusted industry site. The specialist performs a successful virus scan on the download but the MD5 hash is different. Ignore the MD5 hash values because the values can change during IP fragmentation. identify the network B. VPN Answer: B QUESTION NO: 317 The purpose of the SSID in a wireless network is to: A.

User accounts and passwords are stored on no more than two servers. Security+ Study Guide ." . Chain of custody C. Sybex . Chain of certificates Answer: B QUESTION NO: 319 Which of the following coorectly specifies where user accounts and passwords are stored in a decentralized privilege management environment? A. B. Disaster recovery plan B. D.co m . User accounts and passwords are stored on each individual server. User accounts and passwords are stored on a server configured for decentralized management. 2004. p 432 lTe Explanation: The key word is decentralized. Audit trail of systems usage D.com 111 Ac tua Reference: Mike Pastore and Emmett Dulaney .CompTIA SY0-101: Practice Exam To preserve evidence for later use in court. 2nd Edition.actualtests. Answer: C QUESTION NO: 320 Which of the following increases the collision resistance of a hash? A. User accounts and passwords are stored on a central authentication server. which of the following needs to be documented? A. sts .www. so the best answer would be B. Any Time. Alameda . Larger key space D. Rainbow Table C. Salt B. C. Increase the input length Answer: A QUESTION NO: 321 "Pass Any Exam.

User's public key. Stateful packet filtering C. object identifiers. 2004. the certificate's serial number. and the type of symmetric algorithm used for encryption D. the serial number of the CA certificate. and the certificate's validity dates "Pass Any Exam. and log files? A. What guidelines do they use? A. Reference: Mike Pastore and Emmett Dulaney . and the location of the user's electronic identity B. This log should catalog every event from the time the evidence is collected.com Ac tua lTe sts . p 457 QUESTION NO: 323 Which of the following correctly identifies some of the contents of an end user's X. User's public key. Host based intrusion detection Answer: C QUESTION NO: 322 Computer forensics experts use specific guidelines to gather and analyze data while minimizing data loss. A: User's public key. configuration files. User's public key. Incident response Answer: A Explanation: The chain of custody is a log of the history of evidence that has been collected.www. 2nd Edition. and the Certificate Revocation List (CRL) entry point C. Network based intrusion detection B. Alameda . File integrity auditing D.co m 112 . Chain of custody B.actualtests. the Certificate Authority (CA) distinguished name.CompTIA SY0-101: Practice Exam Which of the following describes the process of comparing cryptographic hash functions of system executables. Any Time." . Evidence D. Sybex . Chain of command C.509 certificate? A. Security+ Study Guide .

htm . Signature Algorithm Identifier Issuer Name The X. DDoS attack. Corruption of the media B. B. A courier x-raying the contents Answer: B QUESTION NO: 325 A workstation is being used as a zombie set to attack a web server on a certain date.co Version Serial Number The entity that created the certificate.CompTIA SY0-101: Practice Exam Answer: D Explanation: The X. This is normally a CA. The infected workstation is MOST likely part of a: A. m 113 . Any Time." .500 name of the entity that signed the certificate. All X. is responsible for assigning it a serial number to distinguish it from other certificates it issues.509 standard defines what information can go into a certificate. and describes how to write it down (the data format). in addition to the signature: QUESTION NO: 324 A.509 certificates have the following data.www.gov/pki/panel/santosh/tsld002. Timely restore of lost data D. Validity Period Subject Name Subject Public Key Information This is the public key of the entity being named. Using this certificate implies trusting the entity that signed this certificate. TCP/IP hijacking. Theft of the media C. the CA. together with an algorithm identifier which specifies which public key crypto system this key belongs to and any associated key parameters.com Ac tua Which of the following may be a security issue during transport of stored tape media to an offsite storage location? lTe sts Reference: http://csrc.actualtests. "Pass Any Exam.nist.

Perform a vulnerability assessment B. C. spoofing attack.co m . . Decrease in throughput. If this happens too often then the IDS is not working properly. QUESTION NO: 328 Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data.actualtests. Symmetric key distribution system B.CompTIA SY0-101: Practice Exam C. Run a port scan Answer: A From the options. Asymmetric scheme "Pass Any Exam. Answer: A QUESTION NO: 326 Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network? A. Install and monitoran IDS C. Administration B. The other answers limit your assessment. A. man-in-the-middle attack. choose the disadvantage of implementing an IDS (Intrusion Detection System)." . A. Any Time. False positives. D. D. Compatibility. Answer: C Explanation: A false positive is when legitimate traffic is picked up as an intruder.www. Run a sniffer D.com 114 Ac tua lTe QUESTION NO: 327 sts Explanation: Performing a vulnerability assessment is one of the most effective way to find holes in the network.

when the hardware or software is turned on. MAC addresses can be spoofed and DTP allows rogue network devices to configure ports C.www.com Ac tua lTe sts Answer: B ." . MAC addresses are a secure authentication mechanism and DTP allows only authenticated users. Asymmetric key distribution system D. B. Senior management believes that a VLAN will be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocol (DTP) will facilitate network efficiency. D. Which of the following issues should be discussed with senior management before VLAN implementation? A. if a threat becomes known.actualtests. once each month C. when the vendor requires it D. B.co m 115 . Any Time. QUESTION NO: 330 A common tool used for wireless sniffing and war driving is: A.CompTIA SY0-101: Practice Exam C. MAC addresses can be spoofed and DTP allows only authenticated users. NESSUS D. NetStumbler Answer: D QUESTION NO: 331 Default passwords in hardware and software should be changed: A. "Pass Any Exam. MAC addresses are a secure authentication mechanism and DTP allows rogue network devices to configure ports. Symmetric scheme Answer: B QUESTION NO: 329 A company wants to implement a VLAN. S/MIME C. Sam Spade B.

actualtests. Penetration testing C. Demilitarized zone (DMZ) B. Extranet D. Vulnerability scanner D.www. Cain & Abel Answer: C QUESTION NO: 333 Answer: C QUESTION NO: 334 A." .CompTIA SY0-101: Practice Exam Answer: D QUESTION NO: 332 Which of the following is a protocol analyzer? A. VLAN C. Intranet . John the Ripper B. WireShark D. Networkmapper Answer: D QUESTION NO: 335 Controlling access to information systems and associated networks is necessary for the preservation of their: "Pass Any Exam. Nessus C. Any Time. Password crackers B.com Ac Which of following can be used to determine the topology of a network and discover unknown devices? tua lTe sts A.co Which of the following is MOST often used to allow a client or partner access to a network? m 116 .

D." . confidentiality. integrity and availability D.com 117 Ac tua lTe A. Reference: Mike Pastore and Emmett Dulaney . authenticity. DoS (Denial of Service). integrity and availability Answer: C Explanation: The design goals of a security topology must deal with issues of confidentiality. Reduction in hard drive space requirements. B. confidentiality. Fragmenter C. 2nd Edition. Any Time. integrity and availability referred to as the CIA of network security. Sniffer D. C.co m . "Pass Any Exam. Smurfer B. Alameda . Sybex . Spoofer sts Which of the below options would you consider as a program that constantly observes data traveling over a network? . There legitimate purpose is to find traffic flow problems and bottlenecks for the sake of network optimization. However.CompTIA SY0-101: Practice Exam A. The accountability is equally important. A. to use in replay attacks. monitor and analyze traffic. integrity. QUESTION NO: 337 Choose the option that correctly specifies a likely negative technical impact of receiving large quantifies of spam. availability and accountability. confidentiality and availability B.actualtests. Increased network throughput. hackers use it to capture data. You will often see the confidentiality. integrity and availability.www. p 22 QUESTION NO: 336 Answer: C Explanation: Packet sniffers are used to capture. C. Processor underutilization. 2004. authenticity. Security+ Study Guide .

Username and password Answer: B "Pass Any Exam." . which analyzes how the operating system (OS) responds to specific network traffic.actualtests.www. download. Operating system scanning.co m 118 . B. the human time necessary to sort through those emails will be Herculean. Photo ID and PIN B. lTe sts . The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS. Host hijacking.com Ac tua Explanation: Fingerprinting is the act of inspecting returned information from a server ( ie . Retina scan and mantrap D. Fingerprinting D.CompTIA SY0-101: Practice Exam Answer: A Explanation: In systems where no email filters are set up. Each operating system will quote definite amount of message to the ICMP error messages. QUESTION NO: 338 From the listing of attacks. ATM card and PIN C. and store such email can potentially reduce a networks availability to zero. it is possible for some users to receive over a hundred unsolicited emails a day! If every user on a network received that much email. in an attempt to determine the operating system running in your networking environment? A. C. Any Time. Answer: C QUESTION NO: 339 Which of the following is an example of two-factor authentication for an information system? A. One method is ICMP Message quoting where the ICMP quotes back part of the original message with every ICMP error message. thus denying service. The system resources required to: process. Reverse engineering.

com Ac tua lTe sts . C. Disable any unnecessary ports and services. Deploy a firewall and IDS D.co m 119 . Any Time. Conduct vulnerability analysis.actualtests.www. Develop a trust model Answer: A "Pass Any Exam. B." .CompTIA SY0-101: Practice Exam QUESTION NO: 340 Which of the following is the primary method of performing network hardening? A.

Sign up to vote on this title
UsefulNot useful