CompTIA SY0-101

SY0-101 Security+

Practice Test
Version 3.0

CompTIA SY0-101: Practice Exam QUESTION NO: 1 A real estate company recently deployed Kerberos authentication on the network. Which of the following does Kerberos require for correct operation? (Select TWO). A. POP-3 B. Accurate network time C. Key Distribution Center D. Extranets E. SSL/TLS Answer: B,C

QUESTION NO: 2 401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE).401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE). A. Content B. TLSs C. Keys D. URLs E. CRLs F. Certificates Answer: A,D,F

QUESTION NO: 3

An administrator is selecting a device to secure an internal network segment from traffic external to the segment. Which of the following devices could be selected to provide security to the network segment? A. NIPS B. HIDS C. Internet content filter D. DMZ Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

2

CompTIA SY0-101: Practice Exam QUESTION NO: 4 Which of the following VPN implementations consists of taking IPv6 security features and porting them to IPv4? A. SSL B. IPSec C. L2TP D. PPTP Answer: B

QUESTION NO: 5

QUESTION NO: 6 Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software? A. Trojan horse B. Worm C. Virus D. Logic bomb Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

tua

lTe

Answer: A

sts

A. Role Based Access Control (RBAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Discretionary Access Control (DAC)

.co

m

A user is assigned access rights based on the function within the organization. This is a feature of which of the following types of access control models?

3

in conjunction with the proper PIN (Personal Identification "Pass Any Exam. Disaster recovery plan C.com 4 Ac tua lTe sts A. Rule Based Access Control (RBAC) B. Web bug Answer: B QUESTION NO: 10 Which definition best defines what a challenge-response session is? A. Tracking cookie C. Discretionary Access Control (DAC) D. Persistent cookie D.CompTIA SY0-101: Practice Exam QUESTION NO: 7 Which of the following would be MOST important to have to ensure that a company will be able to recover in case of severe environmental trouble or destruction? A. Fault tolerant systems D. Mandatory Access Control (MAC) ." .co A task-based control model is an example of which of the following? m . Offsite storage Answer: B QUESTION NO: 8 Answer: B QUESTION NO: 9 Which of the following is often misused by spyware to collect and report a user's activities? A.www. Session cookie B.actualtests. Any Time. Role Based Access Control (RBAC) C. Alternate sites B. A challenge-response session is a workstation or system that produces a random login ID that the user provides. when prompted.

Answer: B Explanation: A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response). Any Time. C. Asymmetric D. Reference: http://www. One Way Function B.com Ac tua lTe QUESTION NO: 11 sts . when prompted.com/TERM/C/challenge_response.html Which of the following describes a type of algorithm that cannot be reversed in order to decode the data? A.co m 5 . Most security systems that rely on smart cards are based on challenge-response. A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated.actualtests." . Which of the following would achieve this goal? A. Pseudorandom Number Generator (PRNG) Answer: A QUESTION NO: 12 An administrator wants to implement a procedure to control inbound and outbound traffic on a network segment. HIDS B. A user is given a code (the challenge) which he or she enters into the smart card.webopedia. D. Proxy "Pass Any Exam. B. The smart card then displays a new code (the response) that the user can present to log in. A challenge-response session is a special hardware device used to produce random text in a cryptography system. in conjunction with the proper PIN (Personal Identification Number). ACL C. A challenge-response session is a workstation or system that produces a random challenge string that the user provides. Symmetric C.www.CompTIA SY0-101: Practice Exam Number).

SNMP (Simple Network Management Protocol).2 10.168. the following entries are observed: Date Time Source IP Destination IP Port Type 10/21 0900 192. nmap B.10.2.10.com 6 Ac tua lTe sts .www.co QUESTION NO: 14 m . Port scanning B.2. Network News Transfer Protocol (NNTP) C.5. Any Time. dd Answer: C When reviewing traces from an IDS.2.2 10.1 25 SYN Which of the following is MOST likely occurring? A.5. Denial of service (DoS) D. tcpdump D.1 23 SYN 10/21 0930 192. SYN Flood C.5.10.168. Domain Name Service (DNS) "Pass Any Exam.CompTIA SY0-101: Practice Exam D. B." .5.1 21 SYN 10/21 0920 192. NESSUS C.10.2 10.1 20 SYN 10/21 0915 192.actualtests.2.168.168. NIDS Answer: B QUESTION NO: 13 Which of the following freeware forensic tools is used to capture packet traffic from a network? A. Expected TCP/IP traffic Answer: A QUESTION NO: 15 Which of the following protocols are not recommended due to them supplying passwords and information over the network? A.2 10.

Security+ Study Guide . 2004. p 372 QUESTION NO: 18 From the options. You want to implement a solution which will provide a WLAN (Wireless Local Area Network) with the security typically associated with a wired LAN (Local Area Network): Which solution should you implement? . Security token Answer: A Answer: A Explanation: Wired Equivalent Privacy is a wireless protocol designed to provide privacy equivalent to that of a wired network. ISSE (Information Systems Security Engineering) lTe sts You work as the security administrator. 2nd Edition. Alameda .com 7 Ac tua A.co QUESTION NO: 17 m . Digital certificate B. WEP (Wired Equivalent Privacy) B. Reference: Mike Pastore and Emmett Dulaney . Any Time.actualtests. 3DES encryption D.CompTIA SY0-101: Practice Exam D. VPN (Virtual Private Network) C.www. Sybex . which is a tunneling protocol that can only work on IP networks because it requires IP connectivity? "Pass Any Exam. ISDN (Integrated Services Digital Network) D. Symmetric key C. Internet Control Message Protocol (ICMP) Answer: A QUESTION NO: 16 Which of the following must be installed for HTTPS to work properly on a web site? A." .

IPX. or NetBEUI protocols QUESTION NO: 19 Answer: A QUESTION NO: 20 Which of the following BEST describes an attack that takes advantage of a computer not fully updated with the most recent operating system patches? A. L2TP protocol Answer: A Explanation: Point-to-Point Tunneling Protocol You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP). IPX.CompTIA SY0-101: Practice Exam A.www. IP. Worm lTe A user downloads and installs a new screen saver and the program starts to rename and delete random files. Spoofing Answer: A "Pass Any Exam. Trojan horse B. IPX protocol D. require IP connectivity between your computer and the server. SSH C. however.co m . Developed as an extension of the Point-to-Point Protocol (PPP). L2TP encapsulates Point-to-Point Protocol (PPP) frames.com 8 Ac tua A. Logic bomb C. Vulnerability C. Virus D. Any Time.actualtests. It does. Like PPTP. which in turn encapsulate IP. Which of the following would be the BEST description of this program? sts . or NetBEUI protocols inside of PPP datagrams PPTP does not require a dial-up connection. PPTP tunnels and/or encapsulates. PPTP protocol B. Brute force D. Not B: L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP). Software exploitation B." .

The web server is located in the core internal corporate network. symmetrical B. Router with an IDS module F. Router with firewall rule set Answer: B. The network cannot be redesigned and the server cannot be moved. asymmetrical C." .www.CompTIA SY0-101: Practice Exam QUESTION NO: 21 Secret Key encryption is also known as: A. Weak passwords Answer: B "Pass Any Exam.C QUESTION NO: 23 A program allows a user to execute code with a higher level of security than the user should have access to.com Ac tua lTe sts . Privilege escalation C. Any Time. Answer: A QUESTION NO: 22 A companys security' specialist is securing a web server that is reachable from the Internet. replay D. Which of the following is this an example of? A. DoS B. Network-basedfirewal B. Host-based IDS C. Network-based IDS E. Host-based firewall D. Default accounts D. one way function. A. Which of the following should the security specialist implement to secure the web server? (Select TWO).actualtests.co m 9 .

co m . Terminal Access Controller Access Control System (TACACS). To insure that the authenticator is up-to-date and is not an old one that has been captured by an attacker. B. If the timestamp is not close enough to the current time (typically within five minutes) then the authenticator is rejected as invalid. D. the ultimate authority is called the: For which reason are clocks used in Kerberos authentication? A. the timestamp in the authenticator is checked against the current time.com 10 Ac tua QUESTION NO: 26 lTe Answer: D sts A. Answer: A Explanation: The actual verification of a client's identity is done by validating an authenticator. C. . update the baseline C. C. B. test the essential functionality Answer: D QUESTION NO: 25 In a certificate hierarchy.www. Clocks are used to ensure proper connections. conduct a follow-up vulnerability analysis B. The authenticator contains the client's identity and a timestamp." . Certificate Revocation List (CRL).actualtests. D. Any Time. Private Branch Exchange (PBX). Root Certifying Authority (Root CA).CompTIA SY0-101: Practice Exam QUESTION NO: 24 A security specialist has completed a vulnerability assessment for a network and applied the most current software patches. Clocks are used to ensure that tickets expire correctly. Thus. Clocks are used to both benchmark and specify the optimal encryption algorithm. The next step before placing the network back into operation would be to: A. Clocks are used to generate the seed value for the encryptions keys. Kerberos requires your system clocks to be loosely synchronized (the "Pass Any Exam. perform penetration testing D.

Internal network segment B.html QUESTION NO: 27 Message authentication codes are used to provide which service? A. Acknowledgement D. Key recovery B. but it can be adjusted in Version 5 to be whatever you want). Patch rollup C.co m Answer: B 11 . Demilitarized zone (DMZ) C. Integrity C. Which of the following would be the BEST location for the web server? A." .www. Hotfix B. Faultrecover QUESTION NO: 28 Answer: C QUESTION NO: 29 A company's web server needs to be accessible by remote users. Service pack D. Any Time. External network segment Answer: B.CompTIA SY0-101: Practice Exam default is 5 minutes.org/faqs/kerberos-faq/general/section-22.com Ac tua A. Patch template lTe sts Which of the following is an installable package that includes several patches from the same vendor for various applications? . Network perimeter D. and corporate users.C "Pass Any Exam. Reference: http://www. business partners.faqs.actualtests.

and cookies all poise security concerns. B. Deploy a filtering policy for unknown and illegal websites that you do not want users to access. and within every users reach. Disable all unused features of the web browser.D QUESTION NO: 31 From the recommendations below. since its simple. which is considered the best method for securing a web browser? A. Blowfish encryption C." . the separation of duties "Pass Any Exam. Answer: B QUESTION NO: 32 Documentation describing a group expected minimum behavior is known as:Documentation describing a group? expected minimum behavior is known as: A. JavaScript. tua lTe sts . Java. Disabling them (which is as easy as setting your browser security level to High) is the best method of securing a web browser. SSL uses: (Select TWO) A. acceptable usage B. the need to know C.CompTIA SY0-101: Practice Exam QUESTION NO: 30 In order to secure web-based communications. Public-key cryptography D. a code of ethics D.actualtests. Do not upgrade web browsers because new versions have a tendency to contain more security flaws. D. IPSec F. CGI scripts. Symmetric cryptography E. C. Only use a VPN (Virtual Private Network) connection to connect to the Internet.com Ac Explanation: Features that make web surfing more exciting like: ActiveX. secure. Any Time. Challenge Handshake Authentication Protocol (CHAP) B. PPP Answer: C.co m 12 .www.

Delta backup B. Full backup C. Discretionary Access Control (DAC)." . Any Time. Differential backup D. need to know B.co m 13 . D.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 33 Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header? A. DNS Answer: B QUESTION NO: 34 Which of the following describes backing up files and software that have changed since the last full or incremental backup? A. decentralized management C.com Ac QUESTION NO: 35 tua lTe sts .www. single sign-on Answer: D QUESTION NO: 36 "Pass Any Exam. Private addressing B.actualtests. NAT C. Incremental backup Answer: D The authentication process where the user can access several resources without the need for multiple credentials is known as: A. SOCKS D.

which represents the first action performed by an SSL (Secure Sockets Layer) enabled server when a user clicks to browse a secure page? A.co m 14 . RC4 C.actualtests. The server then evaluates the certificate and responds with a session key and an encrypted private key. QUESTION NO: 37 WEP uses which of the following stream ciphers? A. The server uses its digital certificate to identify itself to the browser. When a connection request is made to the server. Host to Host B. Any Time." . 3DES B.com Ac tua lTe sts . C. The server requests the user to produce the CRL (Certificate Revocation List). This protocol uses the handshake method. QUESTION NO: 38 A VPN is needed for users to connect to a remote site and the VPN must be transparent to the user. Answer: A Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. and then provides its IP (Internet Protocol) address for verification purposes. The server validates the user by checking the CRL (Certificate Revocation List). IKE D. the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. RC2 Answer: B Explanation: NO XPLANATION. Host to Gateway D. Gateway to Host C. Gateway to Gateway "Pass Any Exam. B. D. Which of the following VPN models would be BEST to use? A.www.CompTIA SY0-101: Practice Exam From the options below. The session is secure after this process. The server displays the page requested by the user on the browser.

QUESTION NO: 41 An important component of a good data retention policy is: A. Cookies Answer: A Explanation: NO XPLANATION.CompTIA SY0-101: Practice Exam Answer: D Explanation: NO XPLANATION." . Network C. server drive redundancy "Pass Any Exam.www.actualtests.co m . Cross-site scripting D. Data link B. QUESTION NO: 39 A web page becomes unresponsive whenever the embedded calendar control is used. Which of the following types of vulnerabilities is occurring? A. Application Answer: C Explanation: SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. Transport D. Any Time. so naturally it operates between the top two layers of the OSI model. Common Gateway Interface (CGI) C. magnetic media sorting C. ActiveX B. offsite storage B.com 15 Ac tua lTe sts . QUESTION NO: 40 SSL operates at which layer? A.

sts . C.co m Answer: D . Tailgating D. Which of the following would BEST describe this activity? tua lTe Explanation: Operating system manufacturers pride themselves in having a secure system.com 16 Ac A person walks up to a group of people who have physical access to a network operations room. Use packet sniffing software on all inbound communications D." . Social engineering Answer: C QUESTION NO: 44 Which of the following connectivity is required for a web server that is hosting an SSL based web site? "Pass Any Exam. Any Time. Apply the most recent manufacturer updates and patches to the server.CompTIA SY0-101: Practice Exam D. this person walks into the room behind the group without providing credentials to gain access. QUESTION NO: 43 A. backup software licensing Answer: A QUESTION NO: 42 To reduce vulnerabilities on a web server. and the instant they realize that there's a security breach they assign a team on it to develop a security patch. A simple security patch that takes a couple of minutes to download and install is the difference between having a secure network and having a system made completely useless by a worm. an administrator should adopt which of the following preventative measures? A. Block all Domain Name Service (DNS) requests coming into the server. Since the older an operating system is. Or when they make new software release (Linux kernels seam to be updated every other day) they try to fix all known vulnerabilities. Shoulder surfing C.actualtests. Enable auditing on the web server and periodically review the audit logs B.www. Walk behind B. the more time a hacker's have to seek vulnerabilities. As some of the group enters the room.

Many hoaxes instruct the recipient to forward the message to everyone that they know and thus causes network congestion and heavy e-mail activity. Hoaxes carry a malicious payload and can be destructive." . B.actualtests. Port 443 outbound B. C. QUESTION NO: 47 A company conducts sensitive research and development and wants a strict environment for enforcing the principles of need to know. Any Time. Port 80 outbound Answer: C QUESTION NO: 45 Which of the following trust models would allow each user to create and sign certificates for the people they know? A. Hoaxes also often instruct the user to delete files on their computer that may cause their computer or a program to quit functioning.www. and least privilege. which statement is TRUE? Choose the best TRUE statement. Web-of-trust Answer: D QUESTION NO: 46 Answer: A Explanation: Hoaxes do have the possibility of causing as much damage as viruses. sts . Hierarchical D.co m . Hoaxes are harmless pranks and should be ignored.CompTIA SY0-101: Practice Exam A. Browser trust-list C. Hoaxes can create as much damage as a real virus. Single certificate authority (CA) B. separation of duties. Port 80 inbound C. Hoaxes can help educate users about a virus.com 17 Ac A. Port 443 inbound D. Which of the following should the company implement? "Pass Any Exam. tua lTe On the topic of comparing viruses and hoaxes. D.

access controls that restrict usage C. Mandatory Access Control (MAC) B.www. 2004. an IDS Answer: B.D "Pass Any Exam. network users have some flexibility regarding how information is accessed. a firewall that creates an enclave B.CompTIA SY0-101: Practice Exam A. Single factor authentication Answer: A QUESTION NO: 48 Which access control method allowsusers to have some level of flexibility on how information is accessed. Role-Based Access Control (RBAC) method. All of the above D." . an intrusion prevention system (IPS) F. 2nd Edition. Alameda . but at the expense of increasing the risk of unauthorized disclosure of information? A. Mandatory Access Control (MAC) method Answer: B QUESTION NO: 49 Audit log information can BEST be protected by: (Select TWO). recording to write-once media. using a VPN D. sts . E. Single sign on D. The process allows a more flexible environment. This model allows users to dynamically share information with other users. B. Discretionary Access Control (DAC) method C. Sybex .actualtests. p 440 tua lTe Explanation: In a DAC model.com 18 Ac Reference: Mike Pastore and Emmett Dulaney . A.co m . Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. Any Time. Discretionary Access Control (DAC) C. but it increases the risk of unauthorized disclosure of information. Security+ Study Guide .

a worm D. Nested loops D. B." . The model with no single trusted root is known as: "Pass Any Exam.co m 19 . D. Input validation C. a logic bomb C. Answer: A QUESTION NO: 52 A.CompTIA SY0-101: Practice Exam QUESTION NO: 50 Which of the following would be considered a detrimental effect of a virus hoax? (Select TWO).B QUESTION NO: 51 Malicious code that enters a computer by means of a freely distributed game that is intentionally installed and played is known as: A.www. Users are tricked into changing the system configuration. a Trojan horse B. an email attachment. Technical support resources are consumed by increased user calls. A. Signed applets Answer: B QUESTION NO: 53 Pretty good privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another.actualtests. Answer: A. Any Time. Users are at risk for identity theft. The email server capacity is consumed by message traffic.com Ac Which of the following programming techniques should be used to prevent buffer overflow attacks? tua lTe sts . Automatic updates B. C.

actualtests.www. files or resources. The system administrator establishes these parameters and associates them with an account. peer-to-peer. Any Time. Alameda .co m 20 . C. hybrid B. downlevel. a man in the middle attack "Pass Any Exam. A. Security+ Study Guide . The MAC model can be very restrictive. LBACs (List Based Access Control) method B.com Ac Reference: Mike Pastore and Emmett Dulaney .CompTIA SY0-101: Practice Exam A. 2nd Edition." . p 11 tua The MAC model is a static model that uses a predefined set of access privileges to files on the system. D. The person connects a packet sniffer to the network switch in the wiring closet and hides the sniffer behind the switch against a wall. All objects are given security labels known as sensitivity labels and are classified accordingly. Then all users are given specific security clearances as to what they are allowed to access. enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. lTe Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. This is an example of: A. Sybex . MACs (Mandatory Access Control) method C. social engineering B. 2004. RBACs (Role Based Access Control) method D. hierarchical Answer: B QUESTION NO: 54 Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item. sts . DACs (Discretionary Access Control) method Answer: B QUESTION NO: 55 A person pretends to be a telecommunications repair technician.

com Ac tua lTe sts QUESTION NO: 57 . stores a shared key for each network resource and uses a Key Distribution Center (KDC)? A. A public building that has shared office space. Kerberos C.co Answer: A. windowless building D. TACACS+ D. A company with a help desk whose personnel have minimal training. PKI Answer: B "Pass Any Exam. A rainbow table B. A locked." .D m 21 . A company with a dedicated information technology (IT) security staff. A networkmapper C. C.actualtests. a penetration test Answer: A QUESTION NO: 56 Social engineering attacks would be MOST effective in which of the following environments? (Select TWO). E. A password generator Answer: A QUESTION NO: 58 Which of the following network authentication protocols uses symmetric key cryptography. a vulnerability scan D. Which of the following would allow an administrator to find weak passwords on the network? A.CompTIA SY0-101: Practice Exam C. RADIUS B. Any Time. A. A hash function D.www. B. A military facility with computer equipment containing biometrics.

That challenge can also include a hash of transmitted data. Clark and Wilson sts . B. QUESTION NO: 60 Choose the terminology or concept which best describes a (Mandatory Access Control) model. D.actualtests. "Pass Any Exam.www. Which of the following would be the FIRST action to take? A. A.co m 22 . Bell La-Padula B. Answer: C QUESTION NO: 61 A system administrator reports that an unauthorized user has accessed the network. Synchronous password generator D. but also the data integrity. Asynchronous password generator Answer: C Explanation: An synchronous password generator. Contain the problem." . so not only can the authentication be assured. Determine the business impact. Any Time. BIBA C. tua lTe A. Notify management. Smart cards C. has an authentication server that generates a challenge (a large number or string) which is encrypted with the private key of the token device and has that token device's public key so it can verify authenticity of the request (which is independent from the time factor).com Ac Explanation: The word lattice is used to describe the upper and lower level bounds of a user' access permission.CompTIA SY0-101: Practice Exam QUESTION NO: 59 Choose the password generator that uses a challenge-response method for authentication. Cryptographic keys B. C. Lattice D. Contact law enforcement officials.

www.actualtests." . 80 C. Dictionary B. Log off the user lTe Which of the following should be done if an audit recording fails in an information system? sts . Any Time. Send an alert to the appropriate personnel C. Although most systems resist such attacks. In one case.co m 23 . A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. one system in five yielded to a particular dictionary attack.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 62 One of the below attacks focus on the cracking of passwords. 443 Answer: D "Pass Any Exam. Stop generating audit records D. Teardrop C. Overwrite the oldest audit records B. QUESTION NO: 63 Answer: B QUESTION NO: 64 The MOST common Certificate Server port required for secure web page access is port: A. Spamming D. 446 D. which one is it? A.com Ac tua A. 25 B. some do not. SMURF Answer: A Explanation: Dictionaries may be used in a cracking program to determine passwords.

SSH Answer: B. SSL F. The root certificate authority key can be stored offline. A. Encapsulating Security Protocol (ESP) D.D QUESTION NO: 68 In addition to bribery and forgery. AH C.actualtests.com 24 Ac tua QUESTION NO: 67 lTe Answer: C sts .CompTIA SY0-101: Practice Exam QUESTION NO: 65 IPSec uses which of the following protocols to provide traffic security? (Select TWO).www. The key server is superior in large systems.co m ." . Any Time. PPTP E. which of the following are the MOST common techniques that attackers use to socially engineer people? (Select TWO) A. A. IPX C.C QUESTION NO: 66 Which of the following would be an advantage for using PKI over a key server system? A. C. PKI is less complex to deploy. WPA D. B. WEP Answer: C. L2TP B. Certificate authority revocation is easy to implement. Phreaking "Pass Any Exam. A small manufacturing company wants to deploy secure wireless on their network. WAN B. Which of the following wireless security protocols could be used? (Select TWO). D.

Clustering B.com Ac tua A. Changing file level audit settings D.actualtests. RAID D. Whois search C. Which of the following should the technician recommend to address this problem? A. Anti-aliasing D. Remote access lTe Which of the following would be an example of a high-availability disk technology? sts . Assuming a position of authority Answer: D." . Flattery E.www. The audit shows that many of the users have the ability to access the company's accounting information.co m 25 . Implementing a host based intrusion prevention system "Pass Any Exam. Dumpster diving D. Changing the user rights and security groups B.E QUESTION NO: 69 Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received? A.CompTIA SY0-101: Practice Exam B. Any Time. Load balancing C. Data integrity B. Asymmetric cryptography C.A technician is auditing the security posture of an organization. Implementing a host based intrusion detection system C. Non-repudiation Answer: D QUESTION NO: 70 Answer: C QUESTION NO: 71 .

2nd Edition. Security+ Study Guide . SQL (Structured Query Language) server "Pass Any Exam. Botnet C. The web browser. 2004. The compiler or interpreter which runs the CGI script.actualtests. Alameda . Adware B. Reference: Mike Pastore and Emmett Dulaney . Phishing D. A. the answer would be D. The external data provided by the user. The HTTP (Hypertext Transfer Protocol) protocol. p 136 QUESTION NO: 74 Choose the compoenent that you would locate in the DMZ (Demilitarized Zone). Sybex . Although the answer is not given in the paragraph from the book. Any Time." .co Which scenario or element would typically cause a CGI (Common Gateway Interface) security issue? m . Trojan Answer: B QUESTION NO: 73 Answer: A Explanation: Common Gateway Interface is an older form of scripting that was used extensively in early web systems. and it interacted with the client browser.CompTIA SY0-101: Practice Exam Answer: A QUESTION NO: 72 Which of the following is commonly used in a distributed denial of service (DDOS) attack? A. but it still widely used in older systems. sts .www. CGI is frowned upon in new applications because of its security issues. CGI scripts could be used to capture data from a user using simple forms. D. The CGI script ran on the web server. C.com 26 Ac tua lTe A. B.

Alameda .CompTIA SY0-101: Practice Exam B. which is invisible to hostbased IDS systems. A FTP server can be used by people from outside of your network and should be placed in the DMZ. "Pass Any Exam. 2004. In a reactive system. the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source. Reference: Mike Pastore and Emmett Dulaney . FTP (File Transfer Protocol) server D. A network based IDS system can detect dial-in intrusions and attempts to physically access the server. based on where it is located. logs the information and signals an alert. you can hide or remove access to other areas of your network. 2nd Edition.actualtests." . B.www. the IDS detects a potential security breach. A network based IDS system can monitor and report on all network traffic. Security+ Study Guide . A network based IDS system can see packet header information. D. User workstations C. Customer account database Answer: C Explanation: A DMZ is an area where you can place a public server for access by people you might not trust otherwise. A network based IDS system can detect attacks in progress. Answer: B Explanation: In a passive system. which is FALSE for a network based IDS system? A.com 27 Ac tua lTe sts . Sybex . By isolating a server in a DMZ. Any Time. QUESTION NO: 76 A security specialist is called to an onsite vacant office where an employee has found an unauthorized wireless access device connected to an RJ-45 jack linked to the corporate LAN. C. p 26 QUESTION NO: 75 Of the intrusion detection capabilities listed below. attack patterns within the network and malicious activities.co m .

login banners and e-mails would be good tools to utilize in a security: "Pass Any Exam. Any Time. Answer: D QUESTION NO: 77 Which of the following types of firewalls provides inspection at layer 7 of the OSI model? A. Disconnect the network cable." . DoS (Denial of Service) attacks.com Ac tua lTe sts .actualtests. QUESTION NO: 79 Company intranet. Install a sniffer. Application-proxy Answer: D QUESTION NO: 78 Choose the attack or malicious code that cannot be prevented or deterred solely through using technical measures. Answer: B Explanation: Because of human rights laws. Social engineering. For this reason social engineering attacks cannot be deterred through technical means. B.www. it is unlawful to use technology to directly control people's emotions and behaviors.CompTIA SY0-101: Practice Exam Which of the following actions should the administrator take FIRST? A. Stateful inspection C. Turn off the power. B. A. newsletters. Dictionary attacks.co m 28 . Packet filters B. C. D. Call the police. posters. Network address translation (NAT) D. C. D. Man in the middle attacks.

bridge C. router Answer: A QUESTION NO: 81 A software or hardware device that allows only authorized network traffic in or out of a computer or network is called a: A. likewise advertising techniques can also be used to bring awareness to security programs.com Ac tua lTe sts . policy review Answer: A Explanation: Advertisement techniques are used to bring product awareness to a consumer. firewall Answer: D QUESTION NO: 82 Which of the following access decisions are based on a Mandatory Access Control (MAC) environment? A.www." .co m 29 . awareness program B. hub D. Sensitivity labels "Pass Any Exam. Any Time. investigation D.CompTIA SY0-101: Practice Exam A. QUESTION NO: 80 An IDS sensor on a network is not capturing all the network data traffic. switch B. anti-virus program C. This may be happening because the sensor is connected to the network with a: A. honeypot B. control test C.actualtests. packet sniffer D.

C. QUESTION NO: 83 Which of the following is a best practice for managing user rights and privileges? A. VLAN C. Create a certificate authority. issue certificates to each user. Identify roles and objects to be accessed. create a folder for each department. "Pass Any Exam. meet with the departments and direct them to access their departmental folder. Then all users are given specific security clearances as to what they are allowed to access. Any Time.co m . B. create groups.com 30 Ac tua lTe sts . All objects are given security labels known as sensitivity labels and are classified accordingly. D. Answer: B QUESTION NO: 84 The concept that a web script is run in its own environment and cannot interfere with any other process is known as a: A." . sandbox B. assign rights and privileges based on individual certificates. Enroll users in a biometric authentication system. Ownership C. quarantine Answer: A QUESTION NO: 85 Choose the malicious code which can distribute itself without using having to attach to a host file.www.actualtests. Create a list of departments. and grant rights and privileges.CompTIA SY0-101: Practice Exam B. and grant rights and privileges based on groups. Group membership D. Access control lists Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. honey pot D. deploy biometric hardware to the client computers.

C. D.actualtests. Which of the following commands would be used to display the current network connections on the local computer? A. Answer: C QUESTION NO: 86 During a live response to an unauthorized access. netcat D. The sales department has requested that the system become operational before a security review can be completed. Soda acid B.co m . B. IPCONFIG / IFCONFIG Answer: A QUESTION NO: 87 Which of the following is a suppression method for a Class C fire? A. A virus. A Trojan horse. NETSTAT B.CompTIA SY0-101: Practice Exam A. A logic bomb. Risk assessment C. Need to know policy B. a forensics specialist executes a command on the computer being investigated. Water Answer: C QUESTION NO: 88 A computer system containing personal identification information is being implemented by a company's sales department. A worm. Any Time. Dry powder C. Corporate security policy "Pass Any Exam. Carbon dioxide (CO2) D. Which of the following can be used to explain the reasons a security review must be completed? A. nmap C." .com 31 Ac tua lTe sts .www.

QUESTION NO: 91 Which of the following is the MOST effective social engineering defensive strategy? A. assets Answer: D How will you accomplish the task? Answer: C Explanation: The question doesn't ask what method can be used to best secure the emails. Any Time. threats B. lTe sts You work as the security administrator. It asks what action will discourage the employees." . vulnerabilities D. costs C. Vulnerability assessment Answer: C QUESTION NO: 89 The first step in risk identification would be to identify: A. or what will best prevent the transmission of nonessential email.CompTIA SY0-101: Practice Exam D. so the correct answer is to create a network security policy that defines what kind of email use constitutes the term misuse. You want to reduce the likelihood of certpaper. Encrypt all company e-mail messages.co QUESTION NO: 90 m 32 .com employees misusing your ORG.www. . e-mail. Create and enforce ACLs (Access Control List). Badge security system B. Create and enforce network security policy. B. C.actualtests.com Ac tua A. D. Implement a strong authentication method. Escorting of guests "Pass Any Exam.

choose the exploit that can be considered a DoS attack because more traffic than what the node can handle is flooded to that node. Alameda . 2nd Edition." . B. Any Time.CompTIA SY0-101: Practice Exam C. Security+ Study Guide . This is BEST described as: A. Training and awareness D.com Ac tua lTe Reference: Mike Pastore and Emmett Dulaney . D.actualtests. Sybex . Discretionary Access Control (DAC). p 135 sts Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. Buffer overflow D. Ping of death B. Logic bomb C. Rule Based Access Control (RBAC). Smurf attack Answer: C QUESTION NO: 93 An organization has a hierarchical-based concept of privilege management with administrators having full access. . A. human resources personnel having slightly less access and managers having access to their own department files only. Mandatory Access Control (MAC) Answer: B QUESTION NO: 94 "Pass Any Exam. Marking of documents Answer: C QUESTION NO: 92 From the list below. 2004.co m 33 . The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Role Based Access Control (RBAC) C. This situation can cause an application to terminate.www.

Force the change with remote logon. Host Based Passive D." .www. Force the change by security group. Patch reports B. C.CompTIA SY0-101: Practice Exam Which of the following types of IDS should be implemented to monitor traffic on a switch? (Select TWO). The MOST important security issue to address when using instant messaging is that instant messaging: A. Force the change with registry editor. uses weak encryption "Pass Any Exam. Host Based Active C.D QUESTION NO: 95 Which of the following is considered by some HIDS tools to detect system security related anomalies? A.co m 34 .com Ac tua Which of the following is the MOST efficient way to force a large number of users to change their passwords on logon? lTe sts . File hashing snapshot comparison C. Network Based Passive B. Network Based Active Answer: A. Virus signature reports Answer: B QUESTION NO: 96 A. Force the change with group policy B. D. Any Time. Answer: A QUESTION NO: 97 The employees at a company are using instant messaging on company networked computers.actualtests. Vulnerability analysis snapshot comparison D. A.

To assist with PKI implementation C. and this would require less administrative overhead than setting up firewalls at each subnet." . Deploy a VLAN (Virtual Local Area Network) Deploy. QUESTION NO: 100 "Pass Any Exam.www. Deploy firewalls between your subnets. Any Time. To identify open ports on a system D. communications are open and unprotected Answer: D QUESTION NO: 98 Which of the following is a reason to use a vulnerability scanner? A. VLAN's would restrict access only to their local VLAN. B. Deploy a proxy server Deploy.com. To assist with protocol analyzing Answer: C QUESTION NO: 99 Answer: B Explanation: Implement a VLAN (Virtual Local Area Network) to restrict network access is the best answer. They are also hardware based (at the switch and MAC level) Firewalls are used so that external users (outside the organization cannot get in). How will you accomplish the task? sts . Deploy a VPN (Virtual Private Network). To identify remote access policies B.actualtests.co m 35 . has no common protocol D. You also want to use the least amount of administrative effort to accomplish your task. tua lTe You work as the security administrator at Certpaper. The solution which you implement to restrict network access must be hardware based. C. whereas VLAN's are used within an organization to provide security.CompTIA SY0-101: Practice Exam B.com Ac A. D. communications are a drain on bandwidth C. You must ensure that internal access to other parts of the network is controlled and restricted.

E. Results in loss of email privileges. Kerberos C.www. Username/password D. Results in slow Internet connections. Challenge Handshake Authentication Protocol (CHAP) Answer: B "Pass Any Exam. Multifactor B. B. Security Tokens B. Trojan Horse programs. CHAP C. 2nd Edition. Kerberos D. 2004." . Alameda . Results in disconnection from the file server. D. Any Time. Security+ Study Guide . Results in Blue Screen of Death errors. F. and traditional DoS attacks.CompTIA SY0-101: Practice Exam Choose the option that correctly details the greatest vulnerability of using Instant Messaging clients.co m 36 . Results in theft of root user credentials. Sybex . Answer: A Explanation: IM clients can also be compromised by malicious code. Certificates Answer: C QUESTION NO: 102 Which of the following authentication methods is based upon an authentication server that distributes tickets to clients? A. Reference: Mike Pastore and Emmett Dulaney .actualtests. p 197 QUESTION NO: 101 Which of the following authentication systems make use of the KDC Key Distribution Center? A. C.com Ac tua lTe sts . Results in malicious code being delivered by file transfer. A.

2 D. Common Gateway Interface (CGI) script D. tua lTe sts A. this will significantly reduce the help desk call volume. 8 Answer: B QUESTION NO: 104 Answer: A QUESTION NO: 105 Poor programming techniques and lack of code review can lead to which of the following types of attack? A. synchronized passwords management systems . Birthday Answer: A "Pass Any Exam. multiple access methods management systems D. then receiving a new temporary password on a pre-specified email address) without having to call the help desk.actualtests.www. Self service password reset management systems B. Dictionary C. 4 B. they can reset it on their own (usually by answering a secret question on a web prompt. Locally saved passwords management systems C.com Ac Explanation: A self service password reset is a system where if an individual user forgets their password.co Which password management system best provides for a system with a large number of users? m 37 . one C. Any Time. Buffer overflow B.CompTIA SY0-101: Practice Exam QUESTION NO: 103 Which of the following is the number of security associations in an IPSec encrypted session for each direction? A." . For a system with many users.

CompTIA SY0-101: Practice Exam Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. This exploitation is usually a result of a programming error in the development of the software. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 135

QUESTION NO: 106 Most current encryption schemes are based on: A. algorithms B. time stamps C. digital rights management D. randomizing Answer: A

QUESTION NO: 107

A. At the stage when the connection is established. B. At the stage when the connection is established and at whichever time after the connection has been established. C. At the stage when the connection is established and when the connection is disconnected. D. At the stage when the connection is disconnected. Answer: B Explanation: CHAP performs the handshake process when first establishing a connection; and then at random intervals during the transaction session.

QUESTION NO: 108

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer.

lTe

sts

.co

m

38

CompTIA SY0-101: Practice Exam One type of port scan can determine which ports are in a listening state on the network, and can then perform a two way handshake. Which type of port scan can perform this set of actions? A. A TCP (transmission Control Protocol) fin scan B. A TCP (transmission Control Protocol) connect scan C. A TCP (transmission Control Protocol) null scan D. A TCP (transmission Control Protocol) SYN (Synchronize) scan Answer: D Explanation: In SYN scanning, a TCP SYN packet is sent to the port(s) to be scanned. If the port responds with a TCP SYN ACK packet, then the port is listening. If it replies with a TCP RST packet, then it is not.

QUESTION NO: 109

Which of the following would be the MOST important reason to apply updates? A. Software is a productivity facilitator and as new functionality is available the functionality must be enabled. B. Software is inherently insecure and as new vulnerabilities are found the vulnerabilities must be fixed. C. Software is a supported product and vendors won't support the product if the latest version is not installed. D. Software is a licensed product and the license will expire if not updated Answer: B

QUESTION NO: 110

A security specialist for a large distributed network with numerous divisions is selecting an access control model. Employees in the human resource division need access to personnel information but not production data and operations employees need access to production data only. Which of the following access control models would be MOST appropriate? A. Role Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Rule Based Access Control (RBAC) D. Discretionary Access Control (DAC)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

39

CompTIA SY0-101: Practice Exam Answer: A Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

QUESTION NO: 111 You work as the security administrator at Certpaper.com. One morning you discover that a user named Mia Hamm has used her user account to log on to a network server. Mia has then executed a program and been able to perform operations which only a network administrator or security administrator should be able to. What type of attack has occurred? A. Trojan horse. B. Security policy removal. C. Privilege escalation attack. D. Subseven back door. Answer: C

QUESTION NO: 112 A company has instituted a VPN to allow remote users to connect to the office. As time progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? A. IKE B. AES

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 522

tua

Explanation: A user obtaining access to a resource they would not normally be able to access. This is done inadvertently by running a program with SUID (Set User ID) or SGID (Set Group ID) permissions or by temporarily becoming another user.

lTe

sts

.co

m

40

Any Time." .actualtests.co Explanation: Spoofed e-mails will not be detected by the IDS. L2F lTe L2TP tunneling replies on which of the following for security? sts .CompTIA SY0-101: Practice Exam C. QUESTION NO: 114 QUESTION NO: 115 Non-repudiation is enforced by which of the following? A. choose the attack which an IDS (Intrusion Detection System) cannot detect. Spoofed e-mail B. SSH C. PKI Answer: A "Pass Any Exam.com Ac Answer: A tua A. SHA D. A. 3DES Answer: A QUESTION NO: 113 From the options. SSL D. DoS (Denial of Service) attack. Secret keys D. IPSec B. Vulnerability exploits. Port scan attack D. Digital signatures B. Cipher block chaining C. m Answer: A 41 . C.www.

Mandatory Access Control (MAC) B. QUESTION NO: 119 "Pass Any Exam. they think twice about doing something they shouldn't do. Kerberos C.com Ac tua QUESTION NO: 118 lTe Answer: A sts A. Unique user IDs establishes individual accountability. Unique user IDs cannot be modified easily. C. what makes unique user IDs especially important? A. Unique user IDs triggers corrective controls. When a user known that they are being tracked. Role-Based Access Control (RBAC) D.www.CompTIA SY0-101: Practice Exam QUESTION NO: 116 Which of the following would be the MOST effective backup site for disaster recovery? A. Answer: C Explanation: With a unique user ID you'll have soft evidence on the timing and the action any accessed user accomplishes. Cold site B.co m A security system that uses labels to identify objects and requires formal authorization to use is BEST described as: 42 . B. Unique user IDs show which files and data were changed. D. Discretionary Access Control (DAC) ." . Any Time.actualtests. Reciprocal agreement C. Warm site D. Hot site Answer: D QUESTION NO: 117 When reviewing audit trails.

downlevel C. Alameda . VPN (Virtual Private Network) C. D. 2004.co m 43 . Which is it? A. IPSec (Internet Protocol Security) B. SSL (Secure Sockets Layer) D. which details a specific advantage of implementing a single sign-on technology? A. Any Time. The model with no single trusted root is known as: A. Answer: C Explanation: "Pass Any Exam.com Ac tua lTe Explanation: The Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. You can configure system wide permissions. sts . 2nd Edition. Security+ Study Guide . Multiple applications can be installed. HTTP (Hypertext Transfer Protocol) Answer: C Reference: Mike Pastore and Emmett Dulaney . hierarchical B. peer-to-peer D. Sybex . p 365 QUESTION NO: 121 From the options. Multiple directories can be browsed. hybrid Answer: C QUESTION NO: 120 One of these protocols is used to encrypt traffic passed between a web browser and web server. B.actualtests. Users must log on twice at all times." .www.CompTIA SY0-101: Practice Exam Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. C.

" .CompTIA SY0-101: Practice Exam The purpose is so a user can gain access to all of the applications and systems they need when they log on with a single sign-on. Any Time. review logs for other compromises and report the situation. a certificate Answer: D QUESTION NO: 123 Which of the following will allow you to monitor a user??s online activities? A.www. virus C. Sybex . review logs for other compromises and report the situation to authorities. Spy ware D. Logic bomb B. contain the affected system.com Ac tua lTe sts . In addition to checking the FTP server. a trust relationship D. reboot the affected server. Alameda . 2004. D.actualtests. Reference: Mike Pastore and Emmett Dulaney . a trusted packet B. an encrypted tunnel C. delete the files that violate security policy and report the situation to authorities. review logs for other compromises and notify the human resources department. 2nd Edition. B.co m 44 . Security+ Study Guide . p 434 QUESTION NO: 122 A credential that has been digitally signed by a trusted authority is known as: A. review logs for other compromises. the specialist should: A. "Pass Any Exam. worm Answer: C QUESTION NO: 124 A security specialist is reviewing writable FTP directories and observes several files that violate the company's security policy. C.

The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. The Certpaper .actualtests. Birthday attacks C. p 135 "Pass Any Exam. Open UDP (User Datagram Protocol) port 25 to inbound connections. which exploits poor programming techniques or lack of code review? sts QUESTION NO: 126 . Buffer overflow attacks D." .com Ac tua A.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 125 You work as a security administrator at Certpaper . Any Time. This exploitation is usually a result of a programming error in the development of the software. Answer: C Explanation: TCP port 25 is reserved for SMTP while port 110 is for POP3. Which ports must you open on the firewall to support SMTP connections? A. Security+ Study Guide . B. C. Open UDP (User Datagram Protocol) port 110 to inbound connections. 2004.com. Alameda . This situation can cause an application to terminate. Open TCP (Transmission Control Protocol) port 110 to inbound and outbound connections. Reference: Mike Pastore and Emmett Dulaney .com network must be configured to support e-mail communication using SMTP (Simple Mail Transfer Protocol).co m 45 . CGI (Common Gateway Interface) scripts B. Dictionary attacks lTe From the listing of attack types.www. D. Sybex . Answer: C Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. Open TCP (Transmission Control Protocol) port 25 to inbound and outbound connections. 2nd Edition.

CompTIA SY0-101: Practice Exam QUESTION NO: 127 Which of the following are types of certificate-based authentication? (Select TWO) A. One-to-one mapping C. All users. Many-to-many mapping B.actualtests. the users and staff need to know the policy. but make your best decision. Answer: B Explanation: There are many policies for companies these days. All staff. One-to-many mapping D. Considering the question refers to a user security policy. All security administrators. D. All auditors." .D QUESTION NO: 128 Which of the following types of attacks consists of a computer sending PING packets with the destination address set to the network's broadcast address and the source address set to the target computer's IP address? A.www. Fraggle Answer: C You plan to update the user security policy. Replay B. Many-to-one mapping Answer: B. B. Any Time. Whom should the new updated user security policy be distributed and made available to? A.co m 46 . C. XMAS Tree C. This is a tricky question with many close answers. Smurf D. I would say D would be the best choice.com Ac tua QUESTION NO: 129 lTe sts . "Pass Any Exam.

Man in the middle attacks C. Answer: D QUESTION NO: 133 Which of the following are components of host hardening? (Select TWO). set auditing on objects and review event logs." . C. Answer: D Explanation: Civil engineers build tunnels to allow one direction of traffic flow to be protected against another traffic flow. Network engineers use tunneling to protect a data flow from the elements of the internet. Enable auditing. D.CompTIA SY0-101: Practice Exam QUESTION NO: 130 Which of the following best describes what tunneling is? A. QUESTION NO: 131 Answer: C QUESTION NO: 132 Which of the following BEST describes the sequence of steps in the auditing process? A.co m . They tunnel by placing secure encrypted IP packets into a non-secure IP packet. Set auditing on the object and respond as alerts are generated. B. Tunneling is the process of utilizing the Internet as part of a private secure network. Enable auditing and set auditing to record all events. Web proxy B. B. Enable auditing. C. Open relays D. or underneath a highway.com 47 Ac tua lTe A. set auditing on the object and respond as alerts are generated. They will build a tunnel under a river. Tunneling is the process of creating a tunnel capable of capturing data. Trojan horse programs sts Which of the following would be the MOST common method for attackers to spoof email? .www. Tunneling is the process of passing information over the Internet within the shortest time frame. Tunneling is the process of moving through three levels of firewalls.actualtests. Any Time. D. "Pass Any Exam.

actualtests. DES (Data Encryption Standard).www. E. 2004. D. Removing a user's access to the user's data. C. p 127 lTe Explanation: IPSec provides secure authentication and encryption of data and headers. A. Answer: B. Sybex . Multifactor Answer: D "Pass Any Exam. Disabling unnecessary services. Biometric C.CompTIA SY0-101: Practice Exam A. Tokens B.co m 48 . Mutual D.com Ac tua Reference: Mike Pastore and Emmett Dulaney . Adding users to the administrator group. 2nd Edition. Transport modes encrypt only the payload. Alameda . In tunneling mode. Answer: C QUESTION NO: 135 Which of the following types of authentication models uses a smart card and a User ID/Password for accessing network resources? A. IPSec (Internet Protocol Security).C QUESTION NO: 134 From the options. sts . the data or payload and message headers are encrypted. SSH (Secure Shell). choose the VPN (Virtual Private Network) tunneling protocol. IPSec can work in tunneling mode or transport mode. Applying patches C. D. Security+ Study Guide . AH (Authentication Header). B. Any Time. Configuring the Start menu and Desktop B." .

co m . Anomaly based Answer: C QUESTION NO: 137 Which of the following is a port scanning utility? A. Access control lists D. Then all users are given specific security clearances as to what they are allowed to access. QUESTION NO: 139 When setting password rules.CompTIA SY0-101: Practice Exam QUESTION NO: 136 Which of the following types of IDS uses known patterns to detect malicious activity? A.com 49 Ac A.actualtests. Cain & Abel Answer: C QUESTION NO: 138 Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments.www. which of the following are access decisions based on? lTe sts . Nmap D. L0phtcrack C. Detection based B. Ownership tua In a mandatory access control (MAC) environment. Any Time. All objects are given security labels known as sensitivity labels and are classified accordingly. Sensitivity labels B. Keyword based C. which of the following would lower the level of security of a network? "Pass Any Exam." . John the Ripper B. Signature based D. Group membership C.

" . Write rights C. and with regular disgruntled users getting emotional over passwords.actualtests. there's a certain chance that they will forget the password or compromise security by writing down their password on a Post It note on their keyboard. the risk of social engineering increases. After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account.CompTIA SY0-101: Practice Exam A. Reformatting C. Read rights D. QUESTION NO: 140 QUESTION NO: 141 What is the BEST process of removing PII data from a disk drive before reuse? A. Sanitization Answer: D "Pass Any Exam. Update rights B. Any Time. two managers and six cashiers. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before. Destruction B.com Ac Answer: A tua A.co m 50 . B. Full access lTe A clothing store with a single location has one owner.www. Under this scenario. C. Complex passwords that users can not remotely change are randomly generated by the administrator and given to users Answer: D Explanation: If a user gets a difficult password that they can't remember. D. Degaussing D. Passwords must be greater than six characters and contain at least one non-alpha. which of the following inventory system permissions might be BEST aligned with the least privilege principle for the managers? sts . Since the user won' be able to reset the password themselves they'll have to make regular trips to help desk for a new password.

www. So by chance. 143 B. Implement a VPN (Virtual Private Network). if someone were to intercept a password it would probably already be expired. D." . Implement aone time password. Implement PPTP (Point-to-Point Tunneling Protocol). Non-repudiation lTe Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with? sts QUESTION NO: 143 . 49 F. C. 194 "Pass Any Exam. Authentication B. Confidentiality C. Implement complex password requirements. 23 D. Integrity D. 3389 C. effectively making any intercepted password good for only the brief interval of time before the legitimate user happens to login themselves.actualtests.CompTIA SY0-101: Practice Exam QUESTION NO: 142 Which of the following is a solution that you can implement to protect against an intercepted password? A.com Ac Answer: C tua A. 110 E. Answer: C Explanation: A one time password is simply a password that has to be changed every time you log on. B. or be on the verge of expiration within a matter of hours. QUESTION NO: 144 Which of the following ports are typically used by email clients? (Select TWO) A.co m 51 . Any Time.

Several programs now can use port scanning for advanced host detection and operating system fingerprinting.co m 52 . tua lTe sts .CompTIA SY0-101: Practice Exam Answer: A. The fingerprint of the operating system C. Vulnerability assessment C.com Ac Explanation: Malicious port scanning is an attempt to find an unused port that the system won't acknowledge. Kerberos D.actualtests. Computer name D. With knowledge of the operating system.www. The physical cabling topology of a network B. PGP C. SQL servers B. PKI Answer: A QUESTION NO: 146 Malicious port scanning is a method of attack to determine which of the following? A. User IDs and passwords Answer: B QUESTION NO: 147 Which of the following activities is MOST closely associated with DLL injection? A." . Network mapping Answer: C "Pass Any Exam. Penetration testing D. Any Time. SSL B.D QUESTION NO: 145 A URL for an Internet site begins with 'https:' rather than 'http:'' which is an indication that this web site uses: A. the hacker can look up known vulnerabilities and exploits for that particular system.

www. illicit servers D. a CRL "Pass Any Exam.co The MOST common exploits of Internet-exposed network services are due to: m 53 .g.com Ac tua lTe sts A. Buffer Overflow C.actualtests." . Any Time. Filter router B. the CA should issue: A. IDS C. Java Applets) B. buffer overflows . Privilege escalation Answer: D QUESTION NO: 151 If a user reports that the user's public/private key has been compromised. Demilitarized zone (DMZ) Answer: D QUESTION NO: 149 Answer: D QUESTION NO: 150 Which of the following could result in a DDoS? A. active content (e.CompTIA SY0-101: Practice Exam QUESTION NO: 148 Which of the following portions of a company's network is between the Internet and an internal network? A. Bastion host D. NIPS D. TCP/IP Hijacking B. Trojan horse programs C.

an LDAP C. A. Smart card B. D.B QUESTION NO: 154 A user is assigned access rights explicitly." . creating a security policy C. Mandatory Access Control (MAC) D. a PKCS Answer: A QUESTION NO: 152 The FIRST step in creating a security baseline would be: A. This is a feature of which of the following access control models? A. identifying the use case Answer: B QUESTION NO: 153 Which of the following would be an example of a hardware device where keys can be stored? (Select TWO). vulnerability testing. Any Time. installing software patches B.co m 54 .com Ac tua lTe sts . PCMCIA card C. Rule Based Access Control (RBAC) C.actualtests. Network interface card (NIC) Answer: A. Discretionary Access Control (DAC) B.www.CompTIA SY0-101: Practice Exam B. PCI card D. a CPS D. Role Based Access Control (RBAC) Answer: A "Pass Any Exam.

000 computers? A.CompTIA SY0-101: Practice Exam QUESTION NO: 155 Which of the following would be BEST for deploying third-party application security updates on a network with 1.actualtests. Baseline security analyzer C. To allow or deny signature updates to group applications B.com. What must you include in the SLA to achieve this objective? A.com Ac tua lTe sts . virus attacks. Logon script Answer: A QUESTION NO: 156 You work as the security administrator at Certpaper . Sadly. sabotage. Vulnerability scanner D. To allow or deny specific actions to users or groups C. You are defining a SLA (Service Level Agreement). hacker attacks. To allow or deny network traffic from host based systems D. these agreements have exceptions which include: scheduled network maintenance. force majeure. QUESTION NO: 157 Privileges are used for which of the following purposes? A. software maintenance. war. Enterprise System Management (ESM) B. Hosting B. Application C. To allow or deny network traffic from server based systems "Pass Any Exam. hardware maintenance. every company aims for 100% availability in their service level agreements. labour actions. and past due accounts on your part.www. insurrections. Security Answer: A Explanation: In the hosting business. Network D." .co m 55 . You want to ensure the availability of server based resources over guaranteed server performance levels. and usually offer concessions for times of reduced availability. Any Time.

Email Answer: B QUESTION NO: 159 An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following? A. Grounded wiring frame Answer: A Which of the following methods will help to identify when unauthorized access has occurred? A. C. Mantrap D. Web D. Implement two-factor authentication Answer: B QUESTION NO: 161 Which of the following is a critical element in private key technology? "Pass Any Exam." . DNS B.CompTIA SY0-101: Practice Exam Answer: B QUESTION NO: 158 Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data? A.co m 56 . Implement session lock mechanism. Faraday cage B. D. FTP C.www. Any Time.actualtests. Implement previous logon notification. TEMPEST C.com Ac QUESTION NO: 160 tua lTe sts . Implement session termination mechanism B.

Application log "Pass Any Exam. Less server connections and network bandwidth utilization. Any Time. C.com. The storage and distribution of unlicensed software. D. Key exchange C.CompTIA SY0-101: Practice Exam A. Answer: A QUESTION NO: 162 The Diffie-Hellman encryption algorithm relies on which of the following? A. sts QUESTION NO: 163 . The upload and download directory for each user. C. Digital signatures Answer: B Answer: D Explanation: Anonymous FTP is based on good faith. Keeping the key secret B." .www. then answer C would seem to be the best answer. Using the key to decrypt messages. Getting the proper key the first time.com Ac A. But if it used to take advantage of the non-secure logon. tua lTe You work as the security administrator at Certpaper . Tunneling B. DNS log B.co m 57 . Choose the important factor which you should consider and be aware of. Distributing the key to everyone. Passwords D. D. B. The detailed logging information for each user. You want to enable anonymous FTP (File Transfer Protocol) read/write access. which of the following event logs would contain failed logons? A.actualtests. QUESTION NO: 164 On a Windows host.

Password history C. A. F.www. System log Answer: C QUESTION NO: 165 Choose the items that an intruder would ignore when going through disposed garbage. usually on a notepad. or on their desk ledger. Old passwords. Answer: C.com 58 Ac tua QUESTION NO: 166 lTe Explanation: When people create complex passwords that they can't remember. Password complexity controls B. lays dormant until a user opens the certain program then deletes the contents of attached network drives and removable storage devices is known as a: "Pass Any Exam. Minimum password age Answer: B. or are in a situation where they need multiple passwords they have a tendency of writing their passwords down.CompTIA SY0-101: Practice Exam C. D. Account lockout D.co m . Maximum password age E. B." .E QUESTION NO: 167 Malicious code that enters a target system. IP (Internet Protocol) address lists. Security log D. C. a Post It note.F Which of the following settings works BEST to avoid password reuse? (Select TWO). sts . Virtual memory. Process lists. A. Choose all options that apply.E. Boot sectors. Network diagrams.actualtests. E. Any Time.

a phishing attack lTe Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as: sts QUESTION NO: 169 .www.com network must be configured to allow LDAP (Lightweight Directory Access Protocol) traffic. Open ports 137 and 139 "Pass Any Exam. a man-in-the-middle attack C. social engineering D. Role Based Access Control (RBAC) Answer: A Answer: C QUESTION NO: 170 You work as the security administrator at Certpaper . worm Answer: C QUESTION NO: 168 A Windows file server is an example of which of the following types of models? A. Open ports 389 and 139 B. The Certpaper . logic bomb D. Mandatory Access Control (MAC) D. Open ports 389 and 636 C. Which ports must you open on the firewall to allow LDAP traffic? A.co m 59 .com. Open ports 636 and 137 D." . Trojan horse B. Any Time. Rule Based Access Control (RBAC) C.actualtests. a Trojan horse B. Discretionary Access Control (DAC) B.com Ac tua A.CompTIA SY0-101: Practice Exam A. honeypot C.

The standard does not discuss how the shared key is established. The secret key is used to encrypt packets before they are transmitted. a user should: "Pass Any Exam. A.edu/isaac/wep-faq. but it is frequently considered to be a feature of WEP. Administrators only. AllCertpaper . OnlyCertpaper . Anyone WEP relies on a secret key that is shared between a mobile station ( eg .com Ac tua lTe Explanation: The 802.com users.html QUESTION NO: 172 To keep an 802.11x network from being automatically discovered. D.co Answer: C m 60 . C. QUESTION NO: 171 The Certpaper .com users that have the correct WEP (Wired Equivalent Privacy) key. In practice. Any Time.actualtests. More sophisticated key management techniques can be used to help defend from the attacks we describe. however. Choose the entity or entities that can authenticate to an access point. no commercial system we are aware of has mechanisms to support such techniques. A secondary function of WEP is to prevent unauthorized access to a wireless network.11 standard describes the communication that occurs in wireless local area networks (LANs).com wireless network environment uses WEP (Wired Equivalent Privacy) to provide wireless security.CompTIA SY0-101: Practice Exam Answer: B Explanation: The 'well known' LDAP ports are 389 for LDAP and 636 for LDAP SSL. sts . a base station). B. The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping." . most installations use a single key that is shared between all mobile stations and access points.11 standard.cs.isaac.www.berkeley. and an integrity check is used to ensure that packets are not modified in transit. this function is not an explicit goal in the 802. Reference: http://www. a laptop with a wireless Ethernet card) and an access point ( ie .

Vulnerability scanner C. turn off the SSID broadcast. This would be an example of: A. leave the SSID default.com 61 Ac tua lTe sts . The email contains a link and when the user accesses the link. Answer: D QUESTION NO: 173 A user receives an email asking the user to reset the online banking username and password. hijacking C. change the SSID name. Port scanner D.actualtests. Allocation B. Password cracker B." . the URL that appears in the browser does not match the link. D. Which of the following is the problem? A. redirecting B. The server is not able to verify the identity of the user. Protocol analyzer Answer: D QUESTION NO: 175 A user logs in with a domain account and is denied access to a specific file which the user should have access to. phishing D.CompTIA SY0-101: Practice Exam A. C.co m . Authentication C. Identification "Pass Any Exam. spoofing Answer: C QUESTION NO: 174 Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text? A. activate the SSID password B.www. Any Time.

Identify the protocol (steps) that allow for the following: 1. WTLS is the method security for WAP (Wireless Application Protocol) and it provides transport layer security directly between a wireless device and the WAP gateway. Selection of cryptographic keys. concurrent session control B. WAP (Wireless Application Protocol) gateway B. This is an example of: A. C. Wireless network interface card. access control Answer: D QUESTION NO: 178 SSL (Secure Socket Layer) establishes a stateful connection negotiated by a process performed between client and server. ." . Client and server authentication. Any Time. "Pass Any Exam.actualtests. separation of duties C. Which is it? Choose all that apply. MAC (Mandatory Access Control) and encryption algorithm negotiation. Answer: A. Mobile device.co m .www. D. Wireless client. and bandwidth capability creating a security mechanism is a difficult task. processing power. least privilege D. Web server.E QUESTION NO: 177 A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties. A. 3. 2.CompTIA SY0-101: Practice Exam D.com 62 Ac tua lTe sts Explanation: Since most wireless devices are low in: memory. E. Authorization Answer: B QUESTION NO: 176 WTLS (Wireless Transport Layer Security) provides security services between network devices or mechanisms.

D. SSL (Secure Sockets Layer) alert protocol. C. SSL (Secure Sockets Layer) record protocol. SMTP Relay B. tua lTe sts . SSL (Secure Sockets Layer) change cipher spec protocol. Answer: C Reference: Mike Pastore and Emmett Dulaney . The termination may leave the system sending the data with temporary access to privileged levels in the attacked system." . 2nd Edition. Any Time. CGI. p 135 QUESTION NO: 180 Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications? A.CompTIA SY0-101: Practice Exam A. Answer: C Explanation: SSL Handshake Protocol * runs before any application data is transmitted * provides mutual authentication * establishes secret encryption keys * establishes secret MAC keys QUESTION NO: 179 Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept? A.actualtests.com 63 Ac Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. Sybex . B. C. Buffer Overflows. Access control lists B. Cookies.co m . 2004.www. D. Constrained user interfaces "Pass Any Exam. Alameda . This situation can cause an application to terminate. Security+ Study Guide . SSL (Secure Sockets Layer) handshake protocol.

actualtests. Proxy logs B. Worms are a form of malicious code while Trojan horses are not. A third party mail relay restricts the types of e-mail that maybe sent. and it makes it much more difficult to trace the spammer. QUESTION NO: 183 Choose the statement that best details the difference between a worm and a Trojan horse? A.www. A. A third party mail relay limits access to specific users.com Ac tua lTe sts QUESTION NO: 182 . Anyone on the internet can relay an unsolicited email through an SMTP server. Firewall logs Answer: D Choose the primary disadvantage of using a third party mail relay. "Pass Any Exam. B. Which of the following could BEST be used to confirm the administrator's suspicions? A.CompTIA SY0-101: Practice Exam C. Encryption protocol Answer: C QUESTION NO: 181 An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. HIDS logs D. A third party mail relay restricts spammers from gaining access. B. Answer: C Explanation: Using a third party email relay can put you in an advantage of getting unnecessary spam. D. and the message will appear to be legitimate coming from the email server. Any Time." . Single sign-on D. Spammers can utilize the third party mail relay.co m 64 . AV server logs C. Worms self replicate while Trojan horses do not. C.

2nd Edition. WSET (Wireless Secure Electronic Transaction) D. Any Time. Worms reproduce themselves. QUESTION NO: 185 One type of network attack sends two different messages that use the same hash function to generate the same message digest. 2004. WEP makes a wireless LAN link as secure as a wired link.www.co m . pp 83. Data integrity 3. WAP (Wireless Application Protocol) B. Worms are distributed through e-mail messages while Trojan horses do not. Alameda . Data privacy 2. providing privacy.actualtests. You want to implement a solution which will provide the following for handled devices in your wireless network: 1. 85 QUESTION NO: 184 Explanation: Short for Wireless Transport Layer Security. Reference: Mike Pastore and Emmett Dulaney . are self-contained and do not need a host application to be transported. There is no difference between a worm and a Trojan horse. WTLS (Wireless Transport Layer Security) C. It is used to encrypt and decrypt data signals transmitted between Wireless LAN devices. Not A: WEP is one of the most popular features available for a Wireless LAN. Authentication Which solution should you implement? sts . Which network attack does this? "Pass Any Exam. In essence." . Answer: A Explanation: A worm is different from a virus. Security+ Study Guide .CompTIA SY0-101: Practice Exam C. The Trojan horse program may be installed as part of an installation process.com 65 Ac Answer: B tua A. data integrity and authentication for WAP services. WTLS is the security layer of the WAP. They do not reproduce or self replicate. Sybex .com. D. WEP (Wired Equivalent Privacy) lTe You work as the security administrator at Certpaper .

5 had a vulnerability that made it suspect to crashes following a malformed MIME header. Choose the option that correctly details this. C. B.CompTIA SY0-101: Practice Exam A. D. By that rational if an attacker examines the hashes of an entire organizations passwords. Man in the middle attack." . Patches have since been released.actualtests. AES C. Ciphertext only attack.co m Which of the following provides the MOST secure form of encryption? . A.com 66 Ac tua lTe sts A. Answer: A Explanation: A birthday attack is based on the principle that amongst 23 people. which will enable attackers to access the internal network. D. DES . the probability of 2 of them having the same birthday is greater the 50%. Can result in the unauthorized disclosure of private information. Can create a virus that infects the computers of users. QUESTION NO: 188 "Pass Any Exam.0 & 5. C. Birthday attack. they'll come up with some common denominators. 3DES B. Answer: C Explanation: Microsoft Exchange Server 5. QUESTION NO: 186 Answer: B QUESTION NO: 187 A malformed MIME (Multipurpose Internet Mail Extensions) header can have a negative impact on the system. Can result in an e-mail server crashing. Diffie-Hellman D. Any Time. Brute force attack.www. Can lead to the creation of a back door. B.

Common operating system. D. logs and inventories B.actualtests. change control management C. user awareness. Router with firewall rule set lTe sts A remote user has a laptop computer and wants to connect to a wireless network in a hotel." . Network firewall C. and a common operating system are ludicrous answers because they defy the reason why SSL exists. asset identification Answer: B "Pass Any Exam. QUESTION NO: 189 Answer: A QUESTION NO: 190 The process of documenting who applied a patch to a specific firewall at a specific time and what the patch is supposed to accomplish is known as: A. Personal firewall B.com Ac tua A. Certificate signed by a trusted root CA (Certificate Authority). address on the same subnet. Answer: B Explanation: For an SSL connection to compete. Address on the same subnet. Which of the following should be implemented to protect the laptop computer when connecting to the hotel network? . Privacy screen D. the web client and server should have a trusted certificate to confirm authenticity. A shared password.CompTIA SY0-101: Practice Exam For a SSL (Secure Sockets Layer) connection to be automatically established between a web client and server. B. C. D. Shared password. Which is it? A. a specific element has to exist.co m 67 . Any Time.www.

Authorization B. QUESTION NO: 192 Answer: D QUESTION NO: 193 A digital signature is used for: A. False negative D. when there is no need of any alarm. Any Time. False alarm Answer: A Explanation: False intrusion is a false alarm.co m . D.CompTIA SY0-101: Practice Exam QUESTION NO: 191 Choose the terminology used to refer to the situation when authorized access is perceived as an intrusion or network attack.com 68 Ac tua lTe A.actualtests. storage and recovery. C. Non-repudiation sts Audit logs must contain which of the following characteristics? . confidentiality and encryption. "Pass Any Exam. False positive C. Answer: D QUESTION NO: 194 Choose the mechanism that is NOT a valid access control mechanism. False intrusion B. B. Confidentiality D.www. A. integrity and non-repudiation. Not B: A false positive is when legitimate traffic is picked up as an intruder. Accessibility C. access control and trusts." .

SAC (Subjective Access Control) list. Capabilities C.actualtests. Brute force D. C. 2nd Edition. MAC (Mandatory Access Control) list. sts . Sybex . The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats. QUESTION NO: 195 Choose the access control method which provides the most granular access to protected objects? A.co m 69 ." . SYN flood Answer: B "Pass Any Exam. Permission bits Answer: C QUESTION NO: 196 Which of the following types of attacks is targeting a web server if thousands of computers are simultaneously sending hundreds of FIN packets with spoofed source IP addresses? A. Answer: A Explanation: There is no such thing as a SAC (Subjective Access Control) list. RBAC (Role Based Access Control) list. or grant certain network capabilities to them.com Ac Reference: Mike Pastore and Emmett Dulaney . B.CompTIA SY0-101: Practice Exam A. D.www. p 235 tua lTe Explanation: Access control lists enable devices in your network to ignore requests from specified users or systems. Profiles B. Any Time. 2004. Alameda . DDoS C. ACLs allow a stronger set of access controls to be established in your network. DAC (Discretionary Access Control) list. XMAS tree scan B. Access control lists D. Security+ Study Guide .

CompTIA SY0-101: Practice Exam

QUESTION NO: 197 Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network? A. The attacking computer's audit logs B. The firewall's logs C. The domain controller's logs. D. The target computer's audit logs. Answer: D

QUESTION NO: 198

Answer: A

QUESTION NO: 199

Which of the following is used by anti-virus software to detect viruses that have not been previously identified? A. Zero-day algorithm B. Quarantining C. Random scanning D. Heuristic analysis Answer: D

QUESTION NO: 200 From the options, which explains the general standpoint behind a DMZ (Demilitarized Zone)?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Buffer overflow B. Brute force C. Denial of service (DoS) D. Syntax error

sts

.co

Which of the following describes a server or application that is accepting more input than the server or application is expecting?

m

70

CompTIA SY0-101: Practice Exam A. All systems on the DMZ can be compromised because the DMZ can be accessed from the Internet. B. Only those systems on the DMZ that can be accessed from the Internet can be compromised. C. No systems on the DMZ can be compromised because the DMZ is completely secure and cannot be accessed from the Internet. D. No systems on the DMZ can be compromised because the DMZ cannot be accessed from the Internet. Answer: A

QUESTION NO: 201 Which of the following describes an attacker encouraging a person to perform an action in order to be successful? A. Social engineering B. Password guessing C. Back door D. Man-in-the-middle Answer: A

QUESTION NO: 202

A. Provide the FTP server's address to only those users that must access it. B. Allow blind authentication. C. Do not allow anonymous authentication. D. Redirect FTP to a different port. Answer: C Explanation: Early FTP servers did not offer security. Security was based on the honor system. Most logons to an FTP site used the anonymous logon. By convention, the logon ID was the user's email address, and the password was anonymous. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 137 "Pass Any Exam. Any Time." - www.actualtests.com 71

Ac

tua

You work as the security administrator at Certpaper .com. You must secure the FTP (File Transfer Protocol) server by allowing only authorized users access to it. How will you accomplish this task?

lTe

sts

.co

m

CompTIA SY0-101: Practice Exam

QUESTION NO: 203 Choose the protocol used by a web server to encrypt data. A. ActiveX B. TCP/IP (Transmission Control Protocol/Internet Protocol) C. SSL (Secure Sockets Layer) D. IPSec (Internet Protocol Security) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.

QUESTION NO: 204

A. Role Based Access Control (RBAC) B. Discretionary Access Control (DAC) C. Rule Based Access Control (RBAC) D. Mandatory Access Control (MAC) Answer: D

QUESTION NO: 205 One of the following options details the main advantage of why you should choose to use SSL (Secure Sockets Layer) over using HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer). Which is it? "Pass Any Exam. Any Time." - www.actualtests.com 72

Ac

Which of the following access control models uses subject and object labels?

tua

lTe

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 365

sts

.co

m

SSL and HTTPS are transparent to the application.com Ac tua lTe sts A.co m Which ports need to be open to allow a user to login remotely onto a workstation? 73 . Denial of Service (DoS) B. spoofed e-mail "Pass Any Exam. SSL supports additional Application layer protocols." . 53 B. Default pairing D.CompTIA SY0-101: Practice Exam A. B.actualtests. Template C. Auto-population Answer: A QUESTION NO: 208 All of the following types of attacks can be detected by an IDS EXCEPT: A. SSL supports user authentication whereas HTTPS does not. Inheritance B. SSL provides full application security for HTTP whereas HTTPS does not. C.www. 3389 D. Answer: A Explanation: SSL on its own works at the session layer (layer 5) so it has more versatility in protocols that it supports. 8080 C. whereas HTTPS does not. which of the following will allow this? A. QUESTION NO: 206 Answer: C QUESTION NO: 207 A technician wants to be able to add new users to a few key groups by default. 636 . Any Time. for instance FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol). D.

B. which of the following should be done by the email administrator? "Pass Any Exam. Detach the network cable from the server to prevent the hacker from accessing more data. sts Answer: A.C.actualtests. D. Answer: B Explanation: Spoofed e-mails will not be detected by the IDS. QUESTION NO: 209 You work as the security administrator at Certpaper .www. QUESTION NO: 211 To aid in preventing the execution of malicious code in email clients. Answer: D Explanation: Ping confirms a connection by sending and receiving ICMP packets. A share scanner. port scan D. Which of the following actions should you perform? Choose all correct answers. Any Time. Prevent members of the organization from entering the server room. A. B.CompTIA SY0-101: Practice Exam C. A ping scanner. Prevent members of the incident response team from entering the server room. You have become aware of a hacker accessing confidential company data from over the network. C. A port scanner. A.com. B.D . C. Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol). D. A map scanner.com 74 Ac tua QUESTION NO: 210 lTe Explanation: Answer : B is correct to stop anyone from corrupting the evidence. Shut down the server to prevent the hacker from accessing more data. exploits of bugs or hidden features.co m ." .

How will you accomplish the task? A. Spam and anti-virus filters should be used D. Security log Answer: C Kerberos uses which of the following ports by default? A.com. Remove the contents of the trash can on a regular basis. Email client features should be disabled B. 23 C. You want to reduce the current vulnerability from dumpster diving. C. 139 Answer: A QUESTION NO: 214 You work as the security administrator at Certpaper . Any Time. Install expensive surveillance equipment. Answer: A "Pass Any Exam. Employ additional security staff D. Preview screens should be disabled Answer: C QUESTION NO: 212 Which of the following would allow a technician to compile a visual view of an infrastructure? A. Regular updates should be performed C. 443 D.co m 75 .actualtests. B. Networkmapper D.CompTIA SY0-101: Practice Exam A.www." . Port scanner C.com Ac tua lTe sts QUESTION NO: 213 . Protocol analyzer B. Destroy all paper and other media that are no longer required. 88 B.

Web services . 2nd Edition." . Alameda .actualtests. 2004. Companies generate a huge amount of paper in the normal course of events.com 76 Ac tua QUESTION NO: 216 lTe Answer: A sts A. Most businesses do not do this. the IT security budget justified D. These dumpsters may contain information that is highly sensitive in nature. PPTP B. Executive functions D.www. Most of the information eventually winds up in dumpsters or recycle bins. sensitive papers are either shredded or burned. Reference: Mike Pastore and Emmett Dulaney . Sybex . SSL "Pass Any Exam. Least critical functions B. the network bandwidth usage under control C. the user community informed of threats B. p 51 QUESTION NO: 215 Communication is important to maintaining security because communication keeps: A. Security+ Study Guide . law enforcement informed of what is being done Answer: A QUESTION NO: 217 Which of the following is the MOST secure way to implement data encryption between SMTP servers? A.CompTIA SY0-101: Practice Exam Explanation: Dumpster diving is a very common physical access method. Any Time.co m Following a disaster. which of the following functions should be returned FIRST from the backup facility to the primary facility? . Systems functions C. In high security government environments.

Sybex . p 440 "Pass Any Exam. This model allows users to dynamically share information with other users.actualtests. Alameda . Involve someone who routinely monitors network traffic QUESTION NO: 219 Answer: A Explanation: In a DAC model. 2nd Edition. C. The process allows a more flexible environment.CompTIA SY0-101: Practice Exam C.co m Answer: B 77 . Reference: Mike Pastore and Emmett Dulaney .www." . This creates a security loophole for Trojan horse attacks. Listening or overhearing parts of a conversation B. tua lTe sts The DAC (Discretionary Access Control) model has an inherent flaw. C. . The DAC (Discretionary Access Control) model does not have any known security flaws. Someone looking through your files D. D. TLS D. The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources. This creates an opportunity for attackers to use your certificates. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. This allows anyone to use an account to access resources. network users have some flexibility regarding how information is accessed. but it increases the risk of unauthorized disclosure of information. Any Time. Choose the option that describes this flaw. Security+ Study Guide .com Ac A. The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. The DAC (Discretionary Access Control) model uses certificates to control access to resources. L2TP Answer: C QUESTION NO: 218 Which of the following definitions would be correct regarding Active Inception? A. 2004. B. Placing a computer system between the sender and receiver to capture information.

Which port(s) should you open on the firewall? A. Any Time. It would be wise to backup your data BEFORE.co m When a patch is released for a server the administrator should: 78 . Worm D.E QUESTION NO: 221 Answer: A QUESTION NO: 222 You work as the security administrator at Certpaper . Port 21 Answer: A "Pass Any Exam. C. So even if everything's operating normally. install the patch and then backup the production server.com Ac tua Explanation: Software patches are good for network security.com. You must configure the firewall to support TACACS. Phishing Answer: B. SPIM E. because they are developed the fix known vulnerabilities. When you patch an operating system.CompTIA SY0-101: Practice Exam QUESTION NO: 220 Which of the following will allow a credit card information theft? (chose TWO) A. Port 49 B. B. Adwar C. test the patch on a non-production server then install the patch to production." . lTe sts A. notinstall the patch unless there is a current need. a patch is still very beneficial. Port 53 C. D. there's always a risk that something can go wrong which can compromise your data and server operation.actualtests. immediatelydownload and install the patch.www. . installing a patch. Virus B. Port 161 D. and it would also be wise to test the patch on your least important servers first.

SQL injection Answer: A QUESTION NO: 224 Which of the following is the BEST place to obtain a hotfix or patch for an application or system? A. Username/password D. A CD-ROM Answer: B QUESTION NO: 225 Most key fob based identification systems use which of the following types of authentication mechanisms? (Select TWO). Cross site scripting B. The manufacturer's website C. An email from the vendor B. Biometrics B. Kerberos C. Any Time.CompTIA SY0-101: Practice Exam Explanation: TACACS uses both TCP and UDP port 49. QUESTION NO: 223 CGI scripts are susceptible to which of the following types of attacks? A.com Ac tua lTe sts . A newsgroup or forum D." . Buffer overflows C. Token Answer: C.www.co m 79 .actualtests.E QUESTION NO: 226 "Pass Any Exam. DNS spoofing D. A. Certificates E.

through e-mail. Delete the files and re-install the operating system Answer: A QUESTION NO: 228 A public key _____________ is a pervasive system whose services are implemented and delivered using public key technologies that include Certificate Authority (CA).co m 80 . Reference: Mike Pastore and Emmett Dulaney . digital certificates.CompTIA SY0-101: Practice Exam Choose the most effective method of preventing computer viruses from spreading throughout the network. 2nd Edition. A." . C. A. Alameda . non-repudiation. D. Use the FDISK Command D. 2004. or as a part of another program. You should enable scanning of all e-mail attachments. Perform multiple bit level overwrites B. and key history management. You should install a host based IDS (Intrusion Detection System) Answer: C Explanation: Viruses get into your computer in one of three ways. Sybex . p 76 QUESTION NO: 227 Which of the following would be the minimally acceptable method of ensuring that a disposed hard drive does not reveal sensitive data? A.www. Format the drive C. Any Time. You should require root/administrator access to run programs and applications. cryptography scheme C. Security+ Study Guide . You should prevent the execution of . B.vbs files. distribution authority Answer: A "Pass Any Exam. exchange D. infrastructure B. They may enter your computer on a contaminated floppy or CD-ROM.com Ac tua lTe sts .actualtests.

XML (Extensible Makeup Language) B. Security+ Study Guide . SSL (Secure Sockets Layer) D." . The session is secure after this process.www. Use hubs instead of routers D. which is used to secure web transactions? A. QUESTION NO: 230 A. 2nd Edition. Use switches instead of hubs B.actualtests. Deployan IDS Answer: A Explanation: Switches don't send all traffic on the segment to every port so conventional sniffing methods don't work.com Ac Which of the following would be MOST effective in preventing network traffic sniffing? tua lTe Reference: Mike Pastore and Emmett Dulaney . p 365 sts .CompTIA SY0-101: Practice Exam QUESTION NO: 229 From the list of protocols. This protocol uses the handshake method. The client then sends the server a certificate indicating the capabilities of the client. the server sends a message back to the client indicating a secure connection is needed.co m 81 . Alameda . SMTP (Simple Mail Transfer Protocol) C. Disable promiscuous mode C. Sybex . 2004. The server then evaluates the certificate and responds with a session key and an encrypted private key. "Pass Any Exam. Any Time. When a connection request is made to the server. S/MIME (Secure Multipurpose Internet Mail Extensions) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines.

Hardware C. 2nd Edition. Sandbox.co m 82 . Guest. Sandbox. Birthday C. Sybex . Brute force Answer: A Explanation: Buffer overflow occur when an application receives more data that it is programmed to accept. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. a firewall B. Guest. Emulator. Security+ Study Guide . network monitoring D. Hardware D. a hub Answer: A "Pass Any Exam.CompTIA SY0-101: Practice Exam QUESTION NO: 231 Which of the following is a common type of attack on web servers? A. p 135 QUESTION NO: 232 QUESTION NO: 233 Stateful packet inspection is a methodology used by: A. Hypervisor. Spam D. Any Time. This situation can cause an application to terminate.actualtests. Host. Hypervisor. Hypervisor." . Alameda . Sandbox. Host. Hardware lTe Which of the following is the BEST description of the basic elements of virtualization? sts . 2004. Buffer overflow B. Hardware B. Hypervisor.www. NAT C. Reference: Mike Pastore and Emmett Dulaney .com Ac Answer: A tua A.

Mutual D. Biometric C. DNS Poisoning C. Authorization E. Kerberos B.co m Which of the following would be achieved by using encryption? (Select THREE). Availability C. the user is rerouted to a protest webpage.C.com 83 Ac Users are reporting that when attempting to access the company web page on the Internet. . password and undergoing a thumb print scan to access a workstation? A. Confidentiality D.www.E sts A. This is MOST likely: tua QUESTION NO: 236 lTe Answer: A. a social engineering attack D. aDDoS attack B." . a replay attack. the user is rerouted to a protest webpage. Any Time. Non-repudiation B. Answer: B QUESTION NO: 237 Using software on an individual computer to generate a key pair is an example of which of the following approaches to PKI architecture? "Pass Any Exam. Multifactor Answer: D QUESTION NO: 235 A.CompTIA SY0-101: Practice Exam QUESTION NO: 234 Which of the following types of authentication BEST describes providing a username.actualtests. Integrity . This is MOSTUsers are reporting that when attempting to access the company? web page on the Internet.

com Ac A.CompTIA SY0-101: Practice Exam A. Hub and spoke D. Which of the following would be the BEST action to take? A. Centralized Answer: B QUESTION NO: 238 A representative from the human resources department informs a security specialist that an employee has been terminated. Creating security awareness posters and notices. Passive detection tua lTe Which of the following BEST describes the baseline process of securing devices on a network infrastructure? sts . C. Using an independent security instructor. Conducting user training sessions. Disable the employee's user accounts and keep the data for a specified period of time. Distributed key B. Answer: A "Pass Any Exam. C. Decentralized C.www. D. Contact the employee's supervisor regarding disposition of user accounts D. Answer: A QUESTION NO: 239 Answer: A QUESTION NO: 240 Which of the following would be MOST important when designing a security awareness program? A.co m 84 . Active prevention C. Disable the employee's user accounts and delete all data. B. B.actualtests. Hardening B. Any Time. Minimizing development cost." . Enumerating D. Change the employee's user password and keep the data for a specified period.

activation mechanism and has an objective. A computer virus is a find mechanism. A computer virus is a search mechanism. Answer: D Explanation: Replication mechanism: To replicate a virus needs to attach itself to the right code.co m . CPU starvation B. A computer virus is a learning mechanism. Which of the following network devices should be used? A. Memory starvation C.www." .CompTIA SY0-101: Practice Exam QUESTION NO: 241 Open FTP file shares on servers can facilitate which of the following types of attacks? A. Hub Answer: C QUESTION NO: 243 Choose the statement which best defines the characteristics of a computer virus. connection mechanism and can integrate. A. A computer virus is a replication mechanism. Any Time. Firewall C. Activation mechanism: Most viruses require the user to actually do something. B. Smurf D.com 85 Ac tua lTe sts . initiation mechanism and can propagate.actualtests. Router B. Switch D. C. contamination mechanism and can exploit. During the 80's and early 90's most viruses were activated when you booted from a floppy disk. D. Disk storage consumption Answer: D QUESTION NO: 242 A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. or inserted a new "Pass Any Exam. where it can replicate and spread past security systems into other systems.

CompTIA SY0-101: Practice Exam floppy disk into an infected drive. Choose the authentication protocol that accomplishes this. QUESTION NO: 246 You work as the security administrator at Certpaper . one firewall and one VPN B. Nowadays most computer virus's come as email forwards. Kerberos "Pass Any Exam. A. Reverse engineering. Packet sniffing.com 86 Ac tua lTe sts . two firewalls Answer: D QUESTION NO: 245 An attacker can use a specific method to exploit the clear-text attribute of Instant-Messaging sessions. but some have the objective to delete data. one router and one firewall C. QUESTION NO: 244 A demilitarized zone (DMZ) is a network segment that can be created by using: A. C. Answer: A Explanation: Since only clear unencrypted text is being sent across the world through multitudes of WAN equipment and routers. it is easy for someone to sniff your conversation and eavesdrop on every single word you type. Any Time. Objective: many viruses have no objective at all. and they require the user to execute.co m . Port scanning. You must implement an authentication protocol that uses only encrypted passwords during the authentication process. Cryptanalysis. hog up memory. two routers D. Which is it? A." .com.www.actualtests. or crash the system. B. D.

a hoax Answer: A QUESTION NO: 249 Sending a patch through a testing and approval process is an example of which of the following? A. B. D. packet sniffing D. User education and awareness training B.co m 87 . The longer an encryption key is used the more processing power it will consume.actualtests. Acceptable use policies "Pass Any Exam.www. SMTP (Simple Mail Transfer Protocol) C. It provides for on-demand authentication within an ongoing data transmission. Answer: B QUESTION NO: 248 A. Brute force techniques are likely to break the key if given enough time. QUESTION NO: 247 Which of the following would be the BEST reason for certificate expiration? A. CHAP (Challenge Handshake Authentication Protocol) Answer: D Explanation: CHAP is commonly used to encrypt passwords. Renewal keeps the log files from getting too large. phishing B. spam C.CompTIA SY0-101: Practice Exam B." .A user has received an email from a mortgage company asking for personal information including bank account numbers. PPTP (Point-to-Point Tunneling Protocol) D. To keep the server from using the same key for two sessions. Disaster planning C. The challenge response uses a hashing function derived from the Message Digest 5 (MD5) algorithm. C. This would BEST be described as: lTe sts .com Ac tua . Any Time. that is repeated at random intervals during a session.

Browser trust-list B. Worm QUESTION NO: 251 Answer: B QUESTION NO: 252 All of the following monitoring types evaluate pre-specified conditions EXCEPT: (Select TWO).E "Pass Any Exam. Change management Answer: D QUESTION NO: 250 Which of the following BEST describes a set of programs and code that allows an undetectable presence on a system with administrative rights? A. anomaly-based Answer: A. Any Time. behavior-based.com Ac tua A. A.www. Hierarchical lTe sts Which of the following trust models would allow each user to create and sign certificates for the people they know? . performance-based E.actualtests. rate-based C. B. Trojan horse B." .CompTIA SY0-101: Practice Exam D. Web-of-trust C. Single certificate authority (CA) D. signature-based D.co m Answer: C 88 . Rootkit D. Virus C.

actualtests. "Pass Any Exam. System state D. Writing the password on a piece of paper and storing the paper in a locked safe. C. Operating system C.www. Writing the password on a note and placing the note under the computer keyboard. B.com 89 Ac tua QUESTION NO: 255 lTe sts . Birthday B. Ports 80 and 443. User date B. Brute force C. Answer: C QUESTION NO: 254 Which of the following methods of password guessing typically requires the longest attack time? A. Sharing the password with a family member and asking the family member not to reveal the password.CompTIA SY0-101: Practice Exam QUESTION NO: 253 Which of the following methods of documenting and storing a password is considered acceptable? A. Dictionary D. System files Answer: C QUESTION NO: 256 Choose the ports that are used to access the FTP (File Transfer Protocol) protocol. A. Ports 20 and 21. D. Placing the password in a text document and saving the document on the system administrator's computer. Any Time." . Rainbow Answer: B Which of the following needs to be backed up on a domain controller to be able to recover Active Directory? A. B.co m .

co m 90 . Lack of security awareness C. Multiple logins are allowed lTe Which of the following is a major reason that social engineering attacks succeed? sts .CompTIA SY0-101: Practice Exam C." . Answer: A Explanation: In basic FTP operations. so essentially they're being a good Samaritan. In the past people have had experiences where a co-worker with a legitimate problem asked for help and been grateful for it. "Pass Any Exam. Any Time. law of reciprocity. Ports 20 and 80. they would be more likely to think about them.actualtests. they associate that ask for help for every legitimate cry for help. Ports 21 and 23. QUESTION NO: 257 Human resource department personnel should be trained about security policy: A. and law of consistency. D. With this knowledge in intuition.www. an employee will make a smarter decision. Strong passwords are not required D. So by consistency. B. D. port 20 is the data port and port 21 is the command port. maintenance. guidelines and enforcement. Audit logs are not monitored frequently B. If an awareness program were to be implemented where employees could be aware of social engineering tactics. when someone asks for help. they feel the urge to help others again the way they've helped out somebody in the past. and be more suspect of an attack when someone does ask for a favor.com Ac Answer: B tua A. monitoring and administration Answer: C QUESTION NO: 258 Explanation: Social engineering attacks work because of the availability heuristic. and times when they needed help themselves and were helped. By availability. implementation C.

" .html QUESTION NO: 261 Which of the following types of IDS should be employed to obtain the MOST information about the enterprise? A. Create an in-depth defense Answer: A QUESTION NO: 260 You work as the security administrator at Certpaper . tua lTe sts .com.www. The attack aims to exploita buffer overflow vulnerability on the FTP server. Any Time. There have been ongoing discussions about this problem (called "FTP bounce") for several years. Answer: C Reference: http://www.cert. You are investigating the consequences of networks attacks aimed at FTP servers. B. Unix based B. For more detailed information on this FTP Bounce attack refer to the hyperlink. Keep the solution simple C.co m 91 . Address internal threats D.actualtests. The attack aims to store and distribute malicious code. D. Server based "Pass Any Exam. Which of the following states the aim of a FTP (File Transfer Protocol) bounce attack? A.CompTIA SY0-101: Practice Exam QUESTION NO: 259 A company implements an SMTP server on their firewall.org/advisories/CA-1997-27.com Ac Explanation: In some implementations of FTP daemons. The attack aims to reboot the FTP server. C. the PORT command can be misused to open a connection to a port of the attacker's choosing on a machine that the attacker could not have accessed directly. The attack aims to establish a connection between the FTP server and another computer. Use a device as intended B. This implementation would violate which of the following security principles? A. and some vendors have developed solutions for this problem.

it monitors all the traffic over the entire network QUESTION NO: 262 Which of the following BEST describes actions pertaining to user account reviews? (Select TWO). D. Confidentiality C. User account reports are periodically extracted from systems and employment verification is performed. User accounts reports are periodically extracted from systems and user access dates are verified C. Continuity D. E.www. A.E QUESTION NO: 263 A. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization. Availability Answer: C QUESTION NO: 264 A programming mechanism used to allow administrative access while bypassing the usual access control methods is known as a: "Pass Any Exam. B." .actualtests.co m 92 .CompTIA SY0-101: Practice Exam C. Answer: C. Host based Answer: C Explanation: A network based Intrusion Detection System is not limited to a single server or network segment like a host based IDS. User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes. Integrity B. Any Time. User accounts reports are periodically extracted from systems and end users are informed. Network based D.com Ac What is the primary security risk associated with removable storage? tua lTe sts .

actualtests. B. By location Answer: B QUESTION NO: 267 You work as the security administrator at Certpaper . By group D. First search for and delete the virus file. First investigate the e-mail message as a possible hoax with a trusted anti-virus vendor. revocation C.com. Trojan horse B. software exploit D. expiration Answer: C Which is a BEST practice method to assign rights and privileges? A. C." . logic bomb C. validation D. Choose the action which you should specify to perform when receiving an e-mail message warning of the existence of a virus on the system if a specific executable file exists? A.co m 93 . back door Answer: D QUESTION NO: 265 PKI provides non-repudiation by providing third-party assurance of certificate: A.www. By individual C.com Ac tua lTe sts QUESTION NO: 266 . You must document the procedure for handling computer virus infections. "Pass Any Exam. destruction B. Any Time. First locate and download a patch to repair the file.CompTIA SY0-101: Practice Exam A. By network B. First broadcast a message to the all users to alert them of the presence of a virus. D.

' Broadcasting an alert and creating panic isn't the right thing to do. Answer: B QUESTION NO: 269 Reusing a ticket. are time stamped Answer: D "Pass Any Exam. The process of predicting threats and vulnerabilities to assets is known as threat: A." . D. the major anti-virus players like Symantec. are digitally signed C.www.co m 94 . the file could be hidden. the wrong file can be deleted. Incorrect answers: Searching for and deleting a file is not only a waste of time with today's OS's complex directory systems.com Ac tua lTe sts QUESTION NO: 268 . instead it gets sent to a 'recycle bin.CompTIA SY0-101: Practice Exam Answer: D Explanation: If a virus threat is for real. because it will waste bandwidth. but its also ineffective. Any Time. as a replay attack. avoidance. are encrypted D. The act of locating and downloading a patch isn't just time consuming. or the process of resetting the computer could activate the virus. and they will have details on their sites. and perhaps terrorizing the users is the original intent of the attack. in Kerberos authentication will not be successful because the tickets: A. and worst of all: when you delete a file it doesn't really get completely deleted. use a token B. McAfee.actualtests. mitigation B. modeling C. One can miss a file. or Sophos will know about it before you. acceptance. but there's a chance that the patch itself could be the virus.

2nd Edition. Reference: Mike Pastore and Emmett Dulaney . The user later observes unknown charges on the credit card bill and has not received the purchased items. "Pass Any Exam. Implementations have been limited in many applications because of the high cost associated with these technologies. B. Any Time. While browsing the retailer's web site. Sybex . the user wants to purchase an item and enters the credit card information." . Check for shipping delays for the requested items. p 265 QUESTION NO: 271 Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication? A. Shared secrets B. 2004. Biometrics C. and they will become widely used over the next few years. Privatekeys can be compromised. Tokens D. A. It is subject to a man-in-the-middle attack C.actualtests. Weak encryption can be easily broken B. Which of the following actions should the user take? A.com Ac tua lTe sts . Passwords Answer: B Explanation: Biometrics These technologies are becoming more reliable. Alameda . D. Be sure that a URL is secure before entering personal information.co m 95 .www. Security+ Study Guide .CompTIA SY0-101: Practice Exam QUESTION NO: 270 Choose the method of authentication which is the most COSTLY method. A user must trust the public key that is received Answer: D QUESTION NO: 272 A user accesses a retailer from an Internet search. Many companies use smart cards as their primary method of access control.

D.www. Remote access to the email application's install directory has not been removed. Applying patches lTe sts Which of the following are components of host hardening? (Select TWO) .400 connectors have not been password protected.E QUESTION NO: 275 An SMTP server is the source of email spam in an organization.actualtests. Configuring the Start menu and Desktop. 50 B. C.com Ac tua A. The administrator account was not secured. 25 C. 51 D. Adding users to the administrator group D. 20 QUESTION NO: 274 Answer: D. Answer: A QUESTION NO: 273 Which of the following protocols is used by Encapsulating Security Payload (ESP) in IPSec? A. C. Disabling unnecessary services E. Removing a user access to the user data B. Any Time. Which of the following is MOST likely the cause? A. X.CompTIA SY0-101: Practice Exam C. Limit the number of times online purchases are made monthly. B. Anonymous relays have not been disabled. Answer: B "Pass Any Exam.co m Answer: A 96 . Type the retailer's web address directly into the URL in the future D." .

D.com Ac tua lTe sts . Which of the following would be the BEST action for the employee to take? A. Any Time. Expedite the request since the caller's identity has been verified. The caller is knowledgeable about the company and the caller's name is listed in the company telephone and email directory. A. D. developing a firewall policy D. Follow established procedures and report any abnormal incidents. blocking unwanted incoming traffic C." . Ask a supervisor for permission to deviate from established procedures due to the emergency Answer: C QUESTION NO: 278 The first step in effectively implementing a firewall is: A. Disabling SSID broadcasting. Broadcasting a false domain name. E. protecting againstDDoS attacks Answer: C Explanation: What good is a firewall without any kind of policy or configuration policy to be implemented? "Pass Any Exam. Give the caller a supervisor's name and telephone number to request authority to expedite the request. blocking unwanted outgoing traffic B.co m 97 . B. B. C. Answer: B.C QUESTION NO: 277 An employee receives a request from a person claiming to be an employee at a remote office location.www. however. Changing the default SSID. Physically locking the WAP.actualtests.CompTIA SY0-101: Practice Exam QUESTION NO: 276 Which of the following would be the BEST step to take to stop unauthorized users from targeting a wireless network with a site survey? (Select TWO). C. Using a switch rather than a hub. the caller claims there is an emergency and asks that the request be expedited.

A replay attack C. Security C. A man-in-the-middle attack B. Renew the key C.www. A: Social engineering D. Revoke the key B. Any Time.com Ac Which of the following describes an unauthorized user redirecting wireless network traffic from the intended access point to a laptop to inject a packet with malware? tua lTe sts . Reconfigure the key D. System D. DHCP Answer: C QUESTION NO: 280 Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? A.actualtests." .co m 98 . Delete the key Answer: A QUESTION NO: 281 A. Access B. A weak key Answer: A QUESTION NO: 282 The difference between identification and authentication is that: "Pass Any Exam.CompTIA SY0-101: Practice Exam QUESTION NO: 279 Which of the following logs shows when the workstation was last shutdown? A.

D. Intranet D.co m .CompTIA SY0-101: Practice Exam A.actualtests." . Demilitarized zone (DMZ) B.com 99 Ac A. Weak key B. Oakley "Pass Any Exam. VPN Answer: A QUESTION NO: 284 Answer: A QUESTION NO: 285 After establishing a tunnel. authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials. Sniffed traffic C. Encapsulating Security Payload (ESP) B. A. Secure Key Exchange Mechanism for Internet (SKEMI) C. Any Time. authentication verifies a set of credentials while identification verifies the identity of the network. Block cipher D. C.www. Algorithm used tua Which of the following would be MOST desirable when attacking encrypted data? lTe sts . B. Answer: C QUESTION NO: 283 Which of the following describes a semi-trusted location used to securely house public facing servers between the Internet and the local network? A. the IPSec Protocol Suite uses which of the following specific protocols for securing the data packet? (Select TWO). authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials. authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group. VLAN C.

E Explanation: IPSec is a security protocol that provides authentication and encryption across the Internet. IPSec can use AH or ESP. B. 2004. Any Time. To control unauthorized DNSDoS D.actualtests. the BEST answer is A. and whether it is a computer virus or a blind. Sybex . p 371 QUESTION NO: 286 From the list of options. cancer victim child suffering from Herpes it creates undue panic and emotion in the work setting.com Ac Explanation: Although answer choices B . Authentication Header (AH) Answer: A. as well as panic in users that are not technically inclined.C. Alameda . A. 2nd Edition. E-mail hoaxes consume large quantities of server disk space. E-mail hoaxes create unnecessary e-mail traffic. E-mail hoaxes can result in buffer overflows on the e-mail server. Email hoaxes often create unnecessary traffic because they ask users to forward an email to everyone in address book. Answer: C QUESTION NO: 287 Which of the following is a reason to implement security logging on a DNS server? A. chose the primary attribute associated with e-mail hoaxes.CompTIA SY0-101: Practice Exam D. Reference: Mike Pastore and Emmett Dulaney .co m 100 . C. starving.D have a degree of truth to them. To perform penetration testing on the DNS server C.www. Internet Security Association and Key Management Protocol (ISAKMP) E. To measure the DNS server performance Answer: A "Pass Any Exam. D. crippled. E-mail hoaxes tend to encourage malicious users. Security+ Study Guide . To monitor unauthorized zone transfers B." . tua lTe sts .

101 .co m Which of the following security services are provided by digital signatures? (Select THREE).B QUESTION NO: 289 Answer: C. Authorization B.www." . Encryption C.CompTIA SY0-101: Practice Exam QUESTION NO: 288 The risks of social engineering can be decreased by implementing: (Select TWO) A.com Ac Which of the following is a security reason to implement virtualization throughout the network infrastructure? tua lTe sts A. operating system patching instructions Answer: A. Confidentiality F. Authentication D. vulnerability testing techniques E. Any Time.actualtests. To isolate the various network services and roles Answer: D QUESTION NO: 291 Giving each user or group of users only the access they need to do their job is an example of which of the following security principals? "Pass Any Exam.D. To analyze the various network traffic with protocol analyzers B. security awareness training B. To centralize the patch management of network servers D. Non-repudiation E. identity verification methods C. risk assessment policies D.F QUESTION NO: 290 A. Integrity . To implement additional network services at a lower cost C.

Remote Access Server (RAS) D. File and print server C. Email server B. C. Executable files. Defense in depth Answer: C QUESTION NO: 292 Which of the following types of servers should be placed on a private network? A. All of the above. p 78 QUESTION NO: 294 "Pass Any Exam. Least privilege D.www.CompTIA SY0-101: Practice Exam A. The recipient opens this file thinking it is something you legitimately sent them.com Ac tua lTe sts QUESTION NO: 293 ." . D. Many times the virus is in an executable attachment. Web server Answer: B Which of the following should be scanned for viruses? A. Plain text documents. B. Answer: A Explanation: Many newer viruses spread using email. The infected system includes an attachment to any email that you send to another user. When they open the file. Access control C. Any Time. Separation of duties B. Security+ Study Guide . 2004. the virus infects the target system.actualtests. Reference: Mike Pastore and Emmett Dulaney . Sybex . 2nd Edition. Microsoft Word documents.co m 102 . Alameda .

consume less bandwidth B. Incremental D.actualtests. Full B.com Ac A company wants to connect the network to a manufacturer's network to be able to order parts.F A.CompTIA SY0-101: Practice Exam Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media? A. Delta Answer: B QUESTION NO: 295 Non-essential services are often appealing to attackers because non-essential services: (Select TWO) A. provide root level access E.www. Extranet D. decrease the surface area for the attack C." . Differential C. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? tua QUESTION NO: 296 lTe sts . VPN Answer: C QUESTION NO: 297 The IPSec Security Association is managed by "Pass Any Exam.co m 103 . Intranet B. are not visible to an IDS F. Scatternet C. Any Time. are not typically configured correctly or secured Answer: C. sustain attacks that go unnoticed D.

Sybex . An attacker can systematically query a network to determine which services and ports are open. ISAKMP Answer: D QUESTION NO: 298 Which of the following actions can an attacker perform when network services are enabled on a target system? A. These ports will respond in a predictable manner when queried. p 69 tua Explanation: A TCP/IP network makes many of the ports available to outside users through the router.co m 104 . D. Alameda . An attacker can check the services file. C. Any Time. B. An attacker can install arootkit on the target system. SHA-1 because it produces 160-bits message digests. An attacker can enable logging on the target system. This process is called port scanning. Security+ Study Guide . IEEE B. Answer: A QUESTION NO: 299 Which of the following is a suitable hashing algorithm for a secure environment? A. MD5 because it produces 160-bits message digests C. unless configured appropriately. lTe sts . An attacker can run a port scan against the target system. Many routers.actualtests. MD5 because it produces fewer numbers of collisions. RC4 because it produces 160-bits message digests Answer: B "Pass Any Exam. ESP D. B. D. and it can reveal a great deal about your network.CompTIA SY0-101: Practice Exam A. 2nd Edition." . AH C.www. Port scans can be performed both internally and externally. will let all of the protocols pass through them.com Ac Reference: Mike Pastore and Emmett Dulaney . 2004.

All incoming connections are rejected until all current connections can be established. thus overloading the originator of the ping (the receiving station). 160 C. Smurf attack B. SYN attack C. virus D." . choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network? A.www. Any Time.com 105 Ac tua lTe sts . "Pass Any Exam. Therefore.actualtests. 32 B. Trojan hors C. The receiving station sends out this SYN packets (pings the broadcast address) which causes multiple servers or stations to respond to the ping. 64 Answer: A QUESTION NO: 301 Malicious software that travels across computer networks without user assistance is an example of a: A. worm B. Change this if you want but in the SYN flood the hacker sends a SYN packet to the receiving station with a spoofed return address of some broadcast address on their network. logic bomb Answer: A QUESTION NO: 302 From the listing of attacks. thereby tying up all the resources. Birthday attack D. 128 D.co m .CompTIA SY0-101: Practice Exam QUESTION NO: 300 How many characters is the output of a MD5 hash? A. The receiving station tries to respond to each SYN request for a connection. Buffer Overflow attack Answer: B Explanation: SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets.

Sybex ." . Which of the following BEST describes this type of certificate? A. Server certificate Answer: B QUESTION NO: 304 A. The pop-up window is a certificate which validates the identity of the plug-in developer.CompTIA SY0-101: Practice Exam the hacker may send only 1 SYN packet.com 106 Ac Which of the following authentication methods requires that the client authenticate itself to the server and the server authenticate itself to the client? tua lTe Explanation: This is not discussed in the book so much. p 530 QUESTION NO: 303 While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in.www. Alameda . Username/password B. The answer B is correct. Security+ Study Guide . Mutual C. sts . but you can find online more information on software publisher certificate. Which of the following BEST describes this document? "Pass Any Exam. Multifactor D. Any Time. whereas the network of the attacked station is actually what does the barrage of return packets and overloads the receiving station. Reference: Mike Pastore and Emmett Dulaney .actualtests.co m . Certificate Authority (CA) certificate D. 2nd Edition. Software publisher certificate C. Biometric Answer: B QUESTION NO: 305 A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems. 2004. Web certificate B.

Review the domain accounts D. Develop a security policy B.co m 107 . anti-virus software companies. Due diligence form Answer: B QUESTION NO: 306 MITRE and CERT are: A." . Any Time. virus propagation monitoring utilities. lTe Which of the following would be the FIRST step to take to mitigate the threat of non-essential domain accounts? sts QUESTION NO: 307 . Piggybacking B. D. Acceptable Use Policy C. virus and malware cataloging organizations. Looking over a co-workersshould'er to retrieve information Answer: A "Pass Any Exam. Rename the system administrator account C. double entry doors and security guards are all prevention measures for which of the following types of social engineering? A. spyware and virus distributing software B. C.www.com Ac tua A. Authorized Access Policy D.actualtests. Write an LDAP query.CompTIA SY0-101: Practice Exam A. Impersonation D. Looking through a co-worker's trash to retrieve information C. Answer: C Answer: A QUESTION NO: 308 Turnstiles. Privacy Act of 1974 B.

" .www. An unauthorized person will put on a disguise and carry a heavy box to the door. Halon C. Foam Answer: C A. "Pass Any Exam. they use stealth to sneak behind them and gain access without the authorized user even knowing.co m . the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. and waits for an unknowing authorized user to enter. When the authorized user enters. Water D. and prop the door open for them.com 108 Ac tua A newly hired security specialist is asked to evaluate a company's network security.CompTIA SY0-101: Practice Exam Explanation: Piggybacking is an espionage tactic commonly used in the movies. Answer: B QUESTION NO: 311 Which of the following would be an easy way to determine whether a secure web page has a valid certificate? A.actualtests. Ensure that the web URL starts with 'https:\\'. Password management D. Which of the following would be the FIRST step to take? lTe QUESTION NO: 310 sts . Disable non-essential services. where the authorized user will try to do the right thing. Other forms of piggybacking take advantage of human altruism. B. Enforce the security policy. Any Time. C. Install software patches. Carbon Dioxide B. The security specialist discovers that users have installed personal software. QUESTION NO: 309 Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment? A. Right click on the lock at the bottom of the browser and check the certificate information B. The hero or the villain hides by a secure entrance.

lTe sts Which of the following daemons is MOST likely to be the cause if an unauthorized user obtains a copy of a Linux systems /etc/passwd file? .www. SSH with version 0. FTP configures to allow anonymous user access. SSL has enabled the Apache service with no virtual hosts configured C. LDAP C.CompTIA SY0-101: Practice Exam C.9. C. Data Link Layer Answer: B. A. D. EAP B.8a is installed and configured for remote administration.D Explanation: "Pass Any Exam. Contact the web page's web master Answer: A QUESTION NO: 312 Which of the following protocols works with 802. Which is it? Choose all correct answers. B.com 109 Ac tua A. Any Time. Sendmail is configured to allow the administrator's web access. Application Layer. SPAP QUESTION NO: 313 Answer: D QUESTION NO: 314 The SSL (Secure Sockets Layer) protocol operates between specific layers of the OSI (Open Systems Interconnection) reference model.1X to authenticate a client to a network? A. Network Layer D. Transport Layer E.actualtests.co m Answer: A . Physical Layer B. ContactThawte or Verisign and ask about the web page D. CHAP D." .

co m . Re-run the anti-virus program to ensure that it contains no virus execute B.www. so naturally it operates between the top two layers of the OSI model. Install the executable program because there was probably a mistake with the MD5 value. QUESTION NO: 315 A security specialist has downloaded a free security software tool from a trusted industry site. Answer: A QUESTION NO: 318 "Pass Any Exam. D. The specialist performs a successful virus scan on the download but the MD5 hash is different.actualtests. SLA." . Ignore the MD5 hash values because the values can change during IP fragmentation. B. BCP. VPN Answer: B QUESTION NO: 317 The purpose of the SSID in a wireless network is to: A. identify the network B. The source has published the MD5 hash values for the executable program. protect the client C. C.CompTIA SY0-101: Practice Exam SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. secure the WAP D. Avoid executing the file and contact the source website administrator Answer: D QUESTION NO: 316 An end-to-end traffic performance guarantee made by a service provider to a customer is a: A. Any Time. Which of the following steps should the specialist take? A. D.com 110 Ac tua lTe sts . C. DRP. define the encryption protocols used.

Chain of custody C." . Answer: C QUESTION NO: 320 Which of the following increases the collision resistance of a hash? A. so the best answer would be B. Increase the input length Answer: A QUESTION NO: 321 "Pass Any Exam. Larger key space D.co m . User accounts and passwords are stored on a central authentication server. which of the following needs to be documented? A. Chain of certificates Answer: B QUESTION NO: 319 Which of the following coorectly specifies where user accounts and passwords are stored in a decentralized privilege management environment? A.com 111 Ac tua Reference: Mike Pastore and Emmett Dulaney . Disaster recovery plan B.www. 2004.CompTIA SY0-101: Practice Exam To preserve evidence for later use in court. Any Time. sts . Sybex . User accounts and passwords are stored on each individual server. User accounts and passwords are stored on a server configured for decentralized management. 2nd Edition. Security+ Study Guide . Audit trail of systems usage D.actualtests. User accounts and passwords are stored on no more than two servers. B. Rainbow Table C. C. p 432 lTe Explanation: The key word is decentralized. D. Alameda . Salt B.

Reference: Mike Pastore and Emmett Dulaney . and log files? A. and the type of symmetric algorithm used for encryption D. Chain of command C. Chain of custody B. Alameda ." . the certificate's serial number. Evidence D.509 certificate? A. and the location of the user's electronic identity B. User's public key.www. Host based intrusion detection Answer: C QUESTION NO: 322 Computer forensics experts use specific guidelines to gather and analyze data while minimizing data loss. 2004. 2nd Edition. Incident response Answer: A Explanation: The chain of custody is a log of the history of evidence that has been collected. This log should catalog every event from the time the evidence is collected. and the Certificate Revocation List (CRL) entry point C. Any Time. the Certificate Authority (CA) distinguished name. and the certificate's validity dates "Pass Any Exam. p 457 QUESTION NO: 323 Which of the following correctly identifies some of the contents of an end user's X. object identifiers.co m 112 . What guidelines do they use? A. Network based intrusion detection B. Security+ Study Guide . A: User's public key. User's public key. the serial number of the CA certificate. Stateful packet filtering C. File integrity auditing D.CompTIA SY0-101: Practice Exam Which of the following describes the process of comparing cryptographic hash functions of system executables. User's public key.actualtests.com Ac tua lTe sts . configuration files. Sybex .

509 certificates have the following data.CompTIA SY0-101: Practice Exam Answer: D Explanation: The X. together with an algorithm identifier which specifies which public key crypto system this key belongs to and any associated key parameters.co Version Serial Number The entity that created the certificate. Theft of the media C. Timely restore of lost data D. All X.nist.www.500 name of the entity that signed the certificate." . Any Time.509 standard defines what information can go into a certificate. A courier x-raying the contents Answer: B QUESTION NO: 325 A workstation is being used as a zombie set to attack a web server on a certain date. "Pass Any Exam.htm . The infected workstation is MOST likely part of a: A. Validity Period Subject Name Subject Public Key Information This is the public key of the entity being named. in addition to the signature: QUESTION NO: 324 A. is responsible for assigning it a serial number to distinguish it from other certificates it issues. DDoS attack. Corruption of the media B. Using this certificate implies trusting the entity that signed this certificate. m 113 . the CA.com Ac tua Which of the following may be a security issue during transport of stored tape media to an offsite storage location? lTe sts Reference: http://csrc. TCP/IP hijacking. B. This is normally a CA. Signature Algorithm Identifier Issuer Name The X.actualtests.gov/pki/panel/santosh/tsld002. and describes how to write it down (the data format).

Run a sniffer D. Answer: A QUESTION NO: 326 Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network? A. Run a port scan Answer: A From the options.com 114 Ac tua lTe QUESTION NO: 327 sts Explanation: Performing a vulnerability assessment is one of the most effective way to find holes in the network. .actualtests.CompTIA SY0-101: Practice Exam C.www. Decrease in throughput. Symmetric key distribution system B. The other answers limit your assessment. Any Time. A. choose the disadvantage of implementing an IDS (Intrusion Detection System). C. Answer: C Explanation: A false positive is when legitimate traffic is picked up as an intruder. Administration B. Perform a vulnerability assessment B. D. man-in-the-middle attack. A. Compatibility. Asymmetric scheme "Pass Any Exam. spoofing attack. False positives." . Install and monitoran IDS C. If this happens too often then the IDS is not working properly. QUESTION NO: 328 Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data. D.co m .

D. MAC addresses can be spoofed and DTP allows rogue network devices to configure ports C. QUESTION NO: 330 A common tool used for wireless sniffing and war driving is: A. MAC addresses can be spoofed and DTP allows only authenticated users. Which of the following issues should be discussed with senior management before VLAN implementation? A. Symmetric scheme Answer: B QUESTION NO: 329 A company wants to implement a VLAN. Any Time. Asymmetric key distribution system D. once each month C. MAC addresses are a secure authentication mechanism and DTP allows only authenticated users.CompTIA SY0-101: Practice Exam C.www.com Ac tua lTe sts Answer: B . Sam Spade B." . B. B. MAC addresses are a secure authentication mechanism and DTP allows rogue network devices to configure ports. Senior management believes that a VLAN will be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocol (DTP) will facilitate network efficiency.co m 115 . NetStumbler Answer: D QUESTION NO: 331 Default passwords in hardware and software should be changed: A. "Pass Any Exam. NESSUS D.actualtests. when the hardware or software is turned on. when the vendor requires it D. if a threat becomes known. S/MIME C.

Any Time. WireShark D. Extranet D. Penetration testing C.www. Vulnerability scanner D. Demilitarized zone (DMZ) B. VLAN C.co Which of the following is MOST often used to allow a client or partner access to a network? m 116 .CompTIA SY0-101: Practice Exam Answer: D QUESTION NO: 332 Which of the following is a protocol analyzer? A. Networkmapper Answer: D QUESTION NO: 335 Controlling access to information systems and associated networks is necessary for the preservation of their: "Pass Any Exam.com Ac Which of following can be used to determine the topology of a network and discover unknown devices? tua lTe sts A. Password crackers B.actualtests. Intranet . Cain & Abel Answer: C QUESTION NO: 333 Answer: C QUESTION NO: 334 A. Nessus C." . John the Ripper B.

Smurfer B. p 22 QUESTION NO: 336 Answer: C Explanation: Packet sniffers are used to capture. availability and accountability. integrity and availability referred to as the CIA of network security. integrity. Security+ Study Guide .actualtests. DoS (Denial of Service).com 117 Ac tua lTe A. Reduction in hard drive space requirements. "Pass Any Exam. 2004. B. D.www. integrity and availability Answer: C Explanation: The design goals of a security topology must deal with issues of confidentiality. Sybex . Any Time. hackers use it to capture data. Spoofer sts Which of the below options would you consider as a program that constantly observes data traveling over a network? . C. to use in replay attacks. Alameda . Processor underutilization. 2nd Edition. Reference: Mike Pastore and Emmett Dulaney . The accountability is equally important. confidentiality. integrity and availability. Increased network throughput. QUESTION NO: 337 Choose the option that correctly specifies a likely negative technical impact of receiving large quantifies of spam.CompTIA SY0-101: Practice Exam A. There legitimate purpose is to find traffic flow problems and bottlenecks for the sake of network optimization. integrity and availability D. confidentiality. Fragmenter C.co m . authenticity. C. However. confidentiality and availability B. A. monitor and analyze traffic. You will often see the confidentiality. Sniffer D." . authenticity.

the human time necessary to sort through those emails will be Herculean. and store such email can potentially reduce a networks availability to zero. Host hijacking.CompTIA SY0-101: Practice Exam Answer: A Explanation: In systems where no email filters are set up. Reverse engineering. which analyzes how the operating system (OS) responds to specific network traffic. Operating system scanning. in an attempt to determine the operating system running in your networking environment? A. download. Fingerprinting D. The system resources required to: process. B. C. Each operating system will quote definite amount of message to the ICMP error messages. One method is ICMP Message quoting where the ICMP quotes back part of the original message with every ICMP error message. QUESTION NO: 338 From the listing of attacks.co m 118 . lTe sts . Answer: C QUESTION NO: 339 Which of the following is an example of two-factor authentication for an information system? A. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS.com Ac tua Explanation: Fingerprinting is the act of inspecting returned information from a server ( ie . Any Time. it is possible for some users to receive over a hundred unsolicited emails a day! If every user on a network received that much email. Retina scan and mantrap D.www.actualtests." . Username and password Answer: B "Pass Any Exam. Photo ID and PIN B. thus denying service. ATM card and PIN C.

Deploy a firewall and IDS D.www. B. Conduct vulnerability analysis.actualtests. Develop a trust model Answer: A "Pass Any Exam.co m 119 .com Ac tua lTe sts . Any Time." . C.CompTIA SY0-101: Practice Exam QUESTION NO: 340 Which of the following is the primary method of performing network hardening? A. Disable any unnecessary ports and services.

Sign up to vote on this title
UsefulNot useful