CompTIA SY0-101

SY0-101 Security+

Practice Test
Version 3.0

CompTIA SY0-101: Practice Exam QUESTION NO: 1 A real estate company recently deployed Kerberos authentication on the network. Which of the following does Kerberos require for correct operation? (Select TWO). A. POP-3 B. Accurate network time C. Key Distribution Center D. Extranets E. SSL/TLS Answer: B,C

QUESTION NO: 2 401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE).401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE). A. Content B. TLSs C. Keys D. URLs E. CRLs F. Certificates Answer: A,D,F

QUESTION NO: 3

An administrator is selecting a device to secure an internal network segment from traffic external to the segment. Which of the following devices could be selected to provide security to the network segment? A. NIPS B. HIDS C. Internet content filter D. DMZ Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

2

CompTIA SY0-101: Practice Exam QUESTION NO: 4 Which of the following VPN implementations consists of taking IPv6 security features and porting them to IPv4? A. SSL B. IPSec C. L2TP D. PPTP Answer: B

QUESTION NO: 5

QUESTION NO: 6 Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software? A. Trojan horse B. Worm C. Virus D. Logic bomb Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

tua

lTe

Answer: A

sts

A. Role Based Access Control (RBAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Discretionary Access Control (DAC)

.co

m

A user is assigned access rights based on the function within the organization. This is a feature of which of the following types of access control models?

3

Session cookie B. Fault tolerant systems D. in conjunction with the proper PIN (Personal Identification "Pass Any Exam. Role Based Access Control (RBAC) C. Alternate sites B. Persistent cookie D.CompTIA SY0-101: Practice Exam QUESTION NO: 7 Which of the following would be MOST important to have to ensure that a company will be able to recover in case of severe environmental trouble or destruction? A." . when prompted. A challenge-response session is a workstation or system that produces a random login ID that the user provides.www. Discretionary Access Control (DAC) D. Disaster recovery plan C. Offsite storage Answer: B QUESTION NO: 8 Answer: B QUESTION NO: 9 Which of the following is often misused by spyware to collect and report a user's activities? A. Any Time.co A task-based control model is an example of which of the following? m . Tracking cookie C. Mandatory Access Control (MAC) .actualtests. Web bug Answer: B QUESTION NO: 10 Which definition best defines what a challenge-response session is? A.com 4 Ac tua lTe sts A. Rule Based Access Control (RBAC) B.

actualtests.CompTIA SY0-101: Practice Exam Number). Reference: http://www. A user is given a code (the challenge) which he or she enters into the smart card. Asymmetric D.co m 5 . Which of the following would achieve this goal? A.com/TERM/C/challenge_response. One Way Function B. A challenge-response session is a special hardware device used to produce random text in a cryptography system. Most security systems that rely on smart cards are based on challenge-response. D.www. Proxy "Pass Any Exam." . A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated. when prompted. Pseudorandom Number Generator (PRNG) Answer: A QUESTION NO: 12 An administrator wants to implement a procedure to control inbound and outbound traffic on a network segment. B. in conjunction with the proper PIN (Personal Identification Number). Answer: B Explanation: A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response). HIDS B.webopedia. The smart card then displays a new code (the response) that the user can present to log in.com Ac tua lTe QUESTION NO: 11 sts . Any Time. ACL C. Symmetric C. C.html Which of the following describes a type of algorithm that cannot be reversed in order to decode the data? A. A challenge-response session is a workstation or system that produces a random challenge string that the user provides.

dd Answer: C When reviewing traces from an IDS.2 10. NIDS Answer: B QUESTION NO: 13 Which of the following freeware forensic tools is used to capture packet traffic from a network? A." .168. Any Time.5.1 20 SYN 10/21 0915 192.CompTIA SY0-101: Practice Exam D. tcpdump D.co QUESTION NO: 14 m . Denial of service (DoS) D.10.5.5.5.168. Port scanning B. Domain Name Service (DNS) "Pass Any Exam.2 10.1 25 SYN Which of the following is MOST likely occurring? A.168.1 21 SYN 10/21 0920 192. nmap B. Expected TCP/IP traffic Answer: A QUESTION NO: 15 Which of the following protocols are not recommended due to them supplying passwords and information over the network? A.2 10. NESSUS C. SYN Flood C.2.1 23 SYN 10/21 0930 192.10.www. the following entries are observed: Date Time Source IP Destination IP Port Type 10/21 0900 192.2.2.168. SNMP (Simple Network Management Protocol).10.actualtests.2. Network News Transfer Protocol (NNTP) C.2 10.com 6 Ac tua lTe sts .10. B.

Security token Answer: A Answer: A Explanation: Wired Equivalent Privacy is a wireless protocol designed to provide privacy equivalent to that of a wired network.CompTIA SY0-101: Practice Exam D. which is a tunneling protocol that can only work on IP networks because it requires IP connectivity? "Pass Any Exam. Reference: Mike Pastore and Emmett Dulaney .com 7 Ac tua A." . 2004. VPN (Virtual Private Network) C. Any Time. Security+ Study Guide . Symmetric key C. p 372 QUESTION NO: 18 From the options.co QUESTION NO: 17 m .actualtests. Sybex . Alameda . You want to implement a solution which will provide a WLAN (Wireless Local Area Network) with the security typically associated with a wired LAN (Local Area Network): Which solution should you implement? . 2nd Edition.www. Digital certificate B. ISSE (Information Systems Security Engineering) lTe sts You work as the security administrator. Internet Control Message Protocol (ICMP) Answer: A QUESTION NO: 16 Which of the following must be installed for HTTPS to work properly on a web site? A. 3DES encryption D. ISDN (Integrated Services Digital Network) D. WEP (Wired Equivalent Privacy) B.

www. IPX.CompTIA SY0-101: Practice Exam A. or NetBEUI protocols QUESTION NO: 19 Answer: A QUESTION NO: 20 Which of the following BEST describes an attack that takes advantage of a computer not fully updated with the most recent operating system patches? A. Any Time.actualtests. Virus D. Not B: L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP). It does. Logic bomb C.com 8 Ac tua A. Spoofing Answer: A "Pass Any Exam. Like PPTP. Vulnerability C. SSH C. PPTP protocol B. Worm lTe A user downloads and installs a new screen saver and the program starts to rename and delete random files. L2TP encapsulates Point-to-Point Protocol (PPP) frames. or NetBEUI protocols inside of PPP datagrams PPTP does not require a dial-up connection. however.co m . IP. which in turn encapsulate IP. Developed as an extension of the Point-to-Point Protocol (PPP). IPX protocol D. IPX. Which of the following would be the BEST description of this program? sts ." . require IP connectivity between your computer and the server. Trojan horse B. L2TP protocol Answer: A Explanation: Point-to-Point Tunneling Protocol You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP). Brute force D. Software exploitation B. PPTP tunnels and/or encapsulates.

Host-based IDS C. The network cannot be redesigned and the server cannot be moved.C QUESTION NO: 23 A program allows a user to execute code with a higher level of security than the user should have access to. symmetrical B. Weak passwords Answer: B "Pass Any Exam. Privilege escalation C. Answer: A QUESTION NO: 22 A companys security' specialist is securing a web server that is reachable from the Internet. The web server is located in the core internal corporate network.actualtests. Which of the following is this an example of? A. Host-based firewall D. Network-based IDS E. Any Time. DoS B. Router with an IDS module F." . Which of the following should the security specialist implement to secure the web server? (Select TWO).CompTIA SY0-101: Practice Exam QUESTION NO: 21 Secret Key encryption is also known as: A.co m 9 . Router with firewall rule set Answer: B. Default accounts D. one way function. A. Network-basedfirewal B.www. replay D.com Ac tua lTe sts . asymmetrical C.

. test the essential functionality Answer: D QUESTION NO: 25 In a certificate hierarchy. Clocks are used to generate the seed value for the encryptions keys. Root Certifying Authority (Root CA). Answer: A Explanation: The actual verification of a client's identity is done by validating an authenticator.www. B. the ultimate authority is called the: For which reason are clocks used in Kerberos authentication? A. Private Branch Exchange (PBX).co m . Clocks are used to both benchmark and specify the optimal encryption algorithm. To insure that the authenticator is up-to-date and is not an old one that has been captured by an attacker.com 10 Ac tua QUESTION NO: 26 lTe Answer: D sts A. The next step before placing the network back into operation would be to: A. C.CompTIA SY0-101: Practice Exam QUESTION NO: 24 A security specialist has completed a vulnerability assessment for a network and applied the most current software patches. update the baseline C. Clocks are used to ensure proper connections. Any Time." . B. perform penetration testing D. The authenticator contains the client's identity and a timestamp. D. Thus. If the timestamp is not close enough to the current time (typically within five minutes) then the authenticator is rejected as invalid. conduct a follow-up vulnerability analysis B. Clocks are used to ensure that tickets expire correctly. the timestamp in the authenticator is checked against the current time. Certificate Revocation List (CRL). C.actualtests. Kerberos requires your system clocks to be loosely synchronized (the "Pass Any Exam. Terminal Access Controller Access Control System (TACACS). D.

CompTIA SY0-101: Practice Exam default is 5 minutes.faqs. Demilitarized zone (DMZ) C.co m Answer: B 11 . Patch template lTe sts Which of the following is an installable package that includes several patches from the same vendor for various applications? . Hotfix B. Integrity C. Service pack D. Acknowledgement D.html QUESTION NO: 27 Message authentication codes are used to provide which service? A. but it can be adjusted in Version 5 to be whatever you want).actualtests. External network segment Answer: B.org/faqs/kerberos-faq/general/section-22. Key recovery B.www. Any Time.com Ac tua A." . Internal network segment B. Reference: http://www. Which of the following would be the BEST location for the web server? A. Network perimeter D. Patch rollup C. and corporate users. business partners.C "Pass Any Exam. Faultrecover QUESTION NO: 28 Answer: C QUESTION NO: 29 A company's web server needs to be accessible by remote users.

acceptable usage B.actualtests. and within every users reach. B. Any Time." . a code of ethics D. the separation of duties "Pass Any Exam. since its simple. Disable all unused features of the web browser. Symmetric cryptography E. Deploy a filtering policy for unknown and illegal websites that you do not want users to access. C.co m 12 . PPP Answer: C.D QUESTION NO: 31 From the recommendations below. Only use a VPN (Virtual Private Network) connection to connect to the Internet. JavaScript.com Ac Explanation: Features that make web surfing more exciting like: ActiveX. Public-key cryptography D. Answer: B QUESTION NO: 32 Documentation describing a group expected minimum behavior is known as:Documentation describing a group? expected minimum behavior is known as: A. Do not upgrade web browsers because new versions have a tendency to contain more security flaws. the need to know C. and cookies all poise security concerns. Java. secure. CGI scripts. D. SSL uses: (Select TWO) A.www.CompTIA SY0-101: Practice Exam QUESTION NO: 30 In order to secure web-based communications. Disabling them (which is as easy as setting your browser security level to High) is the best method of securing a web browser. which is considered the best method for securing a web browser? A. tua lTe sts . IPSec F. Challenge Handshake Authentication Protocol (CHAP) B. Blowfish encryption C.

Differential backup D. Discretionary Access Control (DAC). Private addressing B. Incremental backup Answer: D The authentication process where the user can access several resources without the need for multiple credentials is known as: A. Any Time. Full backup C. Delta backup B. need to know B. DNS Answer: B QUESTION NO: 34 Which of the following describes backing up files and software that have changed since the last full or incremental backup? A.www.com Ac QUESTION NO: 35 tua lTe sts . single sign-on Answer: D QUESTION NO: 36 "Pass Any Exam.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 33 Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header? A.actualtests. SOCKS D. NAT C. D.co m 13 . decentralized management C." .

3DES B. IKE D. Gateway to Host C. D. RC4 C. The client then sends the server a certificate indicating the capabilities of the client. Host to Host B. Any Time. B.www. The server requests the user to produce the CRL (Certificate Revocation List). The server uses its digital certificate to identify itself to the browser.actualtests. Which of the following VPN models would be BEST to use? A. This protocol uses the handshake method. Gateway to Gateway "Pass Any Exam. When a connection request is made to the server. The server displays the page requested by the user on the browser.com Ac tua lTe sts . C. which represents the first action performed by an SSL (Secure Sockets Layer) enabled server when a user clicks to browse a secure page? A." . Answer: A Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. and then provides its IP (Internet Protocol) address for verification purposes. QUESTION NO: 38 A VPN is needed for users to connect to a remote site and the VPN must be transparent to the user.CompTIA SY0-101: Practice Exam From the options below. QUESTION NO: 37 WEP uses which of the following stream ciphers? A. RC2 Answer: B Explanation: NO XPLANATION. The server validates the user by checking the CRL (Certificate Revocation List). the server sends a message back to the client indicating a secure connection is needed. Host to Gateway D. The server then evaluates the certificate and responds with a session key and an encrypted private key.co m 14 . The session is secure after this process.

Application Answer: C Explanation: SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. ActiveX B. Which of the following types of vulnerabilities is occurring? A. Data link B. so naturally it operates between the top two layers of the OSI model. Cookies Answer: A Explanation: NO XPLANATION. QUESTION NO: 40 SSL operates at which layer? A. Cross-site scripting D. magnetic media sorting C.co m . server drive redundancy "Pass Any Exam.www. offsite storage B.com 15 Ac tua lTe sts . Network C. Any Time.actualtests.CompTIA SY0-101: Practice Exam Answer: D Explanation: NO XPLANATION. QUESTION NO: 41 An important component of a good data retention policy is: A. Common Gateway Interface (CGI) C. QUESTION NO: 39 A web page becomes unresponsive whenever the embedded calendar control is used." . Transport D.

Shoulder surfing C. and the instant they realize that there's a security breach they assign a team on it to develop a security patch. Enable auditing on the web server and periodically review the audit logs B. the more time a hacker's have to seek vulnerabilities. C. Social engineering Answer: C QUESTION NO: 44 Which of the following connectivity is required for a web server that is hosting an SSL based web site? "Pass Any Exam. an administrator should adopt which of the following preventative measures? A. Any Time. Which of the following would BEST describe this activity? tua lTe Explanation: Operating system manufacturers pride themselves in having a secure system." . Block all Domain Name Service (DNS) requests coming into the server. As some of the group enters the room. Tailgating D. Since the older an operating system is. QUESTION NO: 43 A. Or when they make new software release (Linux kernels seam to be updated every other day) they try to fix all known vulnerabilities. sts . this person walks into the room behind the group without providing credentials to gain access. backup software licensing Answer: A QUESTION NO: 42 To reduce vulnerabilities on a web server. Apply the most recent manufacturer updates and patches to the server.com 16 Ac A person walks up to a group of people who have physical access to a network operations room. Use packet sniffing software on all inbound communications D. A simple security patch that takes a couple of minutes to download and install is the difference between having a secure network and having a system made completely useless by a worm. Walk behind B.actualtests.co m Answer: D .CompTIA SY0-101: Practice Exam D.www.

" . Which of the following should the company implement? "Pass Any Exam.co m . Hoaxes also often instruct the user to delete files on their computer that may cause their computer or a program to quit functioning. Any Time. D. Port 443 inbound D.com 17 Ac A. B. QUESTION NO: 47 A company conducts sensitive research and development and wants a strict environment for enforcing the principles of need to know. Port 443 outbound B. C.www. which statement is TRUE? Choose the best TRUE statement. Hoaxes can create as much damage as a real virus. Hoaxes are harmless pranks and should be ignored. Port 80 inbound C. Port 80 outbound Answer: C QUESTION NO: 45 Which of the following trust models would allow each user to create and sign certificates for the people they know? A. Many hoaxes instruct the recipient to forward the message to everyone that they know and thus causes network congestion and heavy e-mail activity. separation of duties. Hoaxes can help educate users about a virus. Browser trust-list C. tua lTe On the topic of comparing viruses and hoaxes. sts . Single certificate authority (CA) B. and least privilege.actualtests.CompTIA SY0-101: Practice Exam A. Hierarchical D. Web-of-trust Answer: D QUESTION NO: 46 Answer: A Explanation: Hoaxes do have the possibility of causing as much damage as viruses. Hoaxes carry a malicious payload and can be destructive.

using a VPN D. a firewall that creates an enclave B.co m .www. sts . B. Any Time." . This model allows users to dynamically share information with other users. Role-Based Access Control (RBAC) method. Security+ Study Guide . an IDS Answer: B. E. Discretionary Access Control (DAC) method C. network users have some flexibility regarding how information is accessed. but at the expense of increasing the risk of unauthorized disclosure of information? A. recording to write-once media.com 18 Ac Reference: Mike Pastore and Emmett Dulaney . 2nd Edition. Mandatory Access Control (MAC) B. Single sign on D. Discretionary Access Control (DAC) C.D "Pass Any Exam. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. All of the above D. Mandatory Access Control (MAC) method Answer: B QUESTION NO: 49 Audit log information can BEST be protected by: (Select TWO). Single factor authentication Answer: A QUESTION NO: 48 Which access control method allowsusers to have some level of flexibility on how information is accessed. Sybex . access controls that restrict usage C. Alameda . A.CompTIA SY0-101: Practice Exam A. p 440 tua lTe Explanation: In a DAC model. an intrusion prevention system (IPS) F. but it increases the risk of unauthorized disclosure of information. 2004.actualtests. The process allows a more flexible environment.

The model with no single trusted root is known as: "Pass Any Exam. a Trojan horse B. Signed applets Answer: B QUESTION NO: 53 Pretty good privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. C. Users are tricked into changing the system configuration.co m 19 . Technical support resources are consumed by increased user calls. A. Nested loops D. a logic bomb C. an email attachment.B QUESTION NO: 51 Malicious code that enters a computer by means of a freely distributed game that is intentionally installed and played is known as: A. The email server capacity is consumed by message traffic.com Ac Which of the following programming techniques should be used to prevent buffer overflow attacks? tua lTe sts . Input validation C.CompTIA SY0-101: Practice Exam QUESTION NO: 50 Which of the following would be considered a detrimental effect of a virus hoax? (Select TWO). Automatic updates B. Answer: A. a worm D." . B. Users are at risk for identity theft. Answer: A QUESTION NO: 52 A. D. Any Time.www.actualtests.

www. The person connects a packet sniffer to the network switch in the wiring closet and hides the sniffer behind the switch against a wall. hierarchical Answer: B QUESTION NO: 54 Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item. social engineering B. The system administrator establishes these parameters and associates them with an account. files or resources. D. MACs (Mandatory Access Control) method C. p 11 tua The MAC model is a static model that uses a predefined set of access privileges to files on the system. The MAC model can be very restrictive. lTe Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. 2nd Edition. Security+ Study Guide . Any Time." . Then all users are given specific security clearances as to what they are allowed to access. enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. Sybex . C. hybrid B. sts . LBACs (List Based Access Control) method B. RBACs (Role Based Access Control) method D.CompTIA SY0-101: Practice Exam A. peer-to-peer. A. Alameda . This is an example of: A. downlevel.actualtests. All objects are given security labels known as sensitivity labels and are classified accordingly. 2004.com Ac Reference: Mike Pastore and Emmett Dulaney . DACs (Discretionary Access Control) method Answer: B QUESTION NO: 55 A person pretends to be a telecommunications repair technician.co m 20 . a man in the middle attack "Pass Any Exam.

a penetration test Answer: A QUESTION NO: 56 Social engineering attacks would be MOST effective in which of the following environments? (Select TWO).actualtests. TACACS+ D. A company with a help desk whose personnel have minimal training.D m 21 . A locked. A rainbow table B. Any Time. a vulnerability scan D. C.www. PKI Answer: B "Pass Any Exam. A military facility with computer equipment containing biometrics. RADIUS B. Kerberos C. A company with a dedicated information technology (IT) security staff. B.co Answer: A. windowless building D. A public building that has shared office space. A networkmapper C. Which of the following would allow an administrator to find weak passwords on the network? A. A. stores a shared key for each network resource and uses a Key Distribution Center (KDC)? A. E." .CompTIA SY0-101: Practice Exam C. A password generator Answer: A QUESTION NO: 58 Which of the following network authentication protocols uses symmetric key cryptography.com Ac tua lTe sts QUESTION NO: 57 . A hash function D.

www. Answer: C QUESTION NO: 61 A system administrator reports that an unauthorized user has accessed the network. Clark and Wilson sts . Synchronous password generator D. Any Time. A. BIBA C. Contain the problem. B. tua lTe A. Smart cards C.co m 22 . Lattice D.com Ac Explanation: The word lattice is used to describe the upper and lower level bounds of a user' access permission. QUESTION NO: 60 Choose the terminology or concept which best describes a (Mandatory Access Control) model. D." . "Pass Any Exam. Notify management. That challenge can also include a hash of transmitted data. Determine the business impact. Contact law enforcement officials. so not only can the authentication be assured. Cryptographic keys B. Which of the following would be the FIRST action to take? A. has an authentication server that generates a challenge (a large number or string) which is encrypted with the private key of the token device and has that token device's public key so it can verify authenticity of the request (which is independent from the time factor).CompTIA SY0-101: Practice Exam QUESTION NO: 59 Choose the password generator that uses a challenge-response method for authentication. but also the data integrity. Bell La-Padula B. C. Asynchronous password generator Answer: C Explanation: An synchronous password generator.actualtests.

Stop generating audit records D. A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems." .actualtests. which one is it? A. 446 D. Send an alert to the appropriate personnel C.com Ac tua A. Log off the user lTe Which of the following should be done if an audit recording fails in an information system? sts .www. 80 C.co m 23 . 443 Answer: D "Pass Any Exam. one system in five yielded to a particular dictionary attack. Teardrop C. Dictionary B. some do not. 25 B. Overwrite the oldest audit records B. In one case. Although most systems resist such attacks. Spamming D. Any Time.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 62 One of the below attacks focus on the cracking of passwords. SMURF Answer: A Explanation: Dictionaries may be used in a cracking program to determine passwords. QUESTION NO: 63 Answer: B QUESTION NO: 64 The MOST common Certificate Server port required for secure web page access is port: A.

The key server is superior in large systems. SSL F. WEP Answer: C. AH C. Which of the following wireless security protocols could be used? (Select TWO). Certificate authority revocation is easy to implement. The root certificate authority key can be stored offline. A. B. IPX C. PKI is less complex to deploy. WAN B.co m .com 24 Ac tua QUESTION NO: 67 lTe Answer: C sts . Any Time. C." . D.C QUESTION NO: 66 Which of the following would be an advantage for using PKI over a key server system? A. SSH Answer: B.actualtests.CompTIA SY0-101: Practice Exam QUESTION NO: 65 IPSec uses which of the following protocols to provide traffic security? (Select TWO). L2TP B. A small manufacturing company wants to deploy secure wireless on their network. Phreaking "Pass Any Exam.www. PPTP E. WPA D. A.D QUESTION NO: 68 In addition to bribery and forgery. which of the following are the MOST common techniques that attackers use to socially engineer people? (Select TWO) A. Encapsulating Security Protocol (ESP) D.

" . Implementing a host based intrusion detection system C.E QUESTION NO: 69 Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received? A. Flattery E. Changing file level audit settings D. Which of the following should the technician recommend to address this problem? A. Any Time.com Ac tua A.co m 25 .A technician is auditing the security posture of an organization. RAID D. The audit shows that many of the users have the ability to access the company's accounting information.CompTIA SY0-101: Practice Exam B. Asymmetric cryptography C. Implementing a host based intrusion prevention system "Pass Any Exam. Changing the user rights and security groups B. Dumpster diving D. Clustering B. Non-repudiation Answer: D QUESTION NO: 70 Answer: C QUESTION NO: 71 . Load balancing C. Data integrity B. Whois search C. Remote access lTe Which of the following would be an example of a high-availability disk technology? sts .actualtests. Anti-aliasing D.www. Assuming a position of authority Answer: D.

CompTIA SY0-101: Practice Exam Answer: A QUESTION NO: 72 Which of the following is commonly used in a distributed denial of service (DDOS) attack? A. 2nd Edition. Botnet C. p 136 QUESTION NO: 74 Choose the compoenent that you would locate in the DMZ (Demilitarized Zone). Alameda . Adware B.co Which scenario or element would typically cause a CGI (Common Gateway Interface) security issue? m . Sybex . The compiler or interpreter which runs the CGI script. Phishing D. Trojan Answer: B QUESTION NO: 73 Answer: A Explanation: Common Gateway Interface is an older form of scripting that was used extensively in early web systems. sts ." . The HTTP (Hypertext Transfer Protocol) protocol. C. SQL (Structured Query Language) server "Pass Any Exam. B. CGI scripts could be used to capture data from a user using simple forms. D. A. Reference: Mike Pastore and Emmett Dulaney . but it still widely used in older systems. The external data provided by the user. and it interacted with the client browser.www.com 26 Ac tua lTe A. Any Time. Although the answer is not given in the paragraph from the book. 2004. The web browser. CGI is frowned upon in new applications because of its security issues. The CGI script ran on the web server. Security+ Study Guide .actualtests. the answer would be D.

FTP (File Transfer Protocol) server D. C. A network based IDS system can detect attacks in progress. Reference: Mike Pastore and Emmett Dulaney . which is FALSE for a network based IDS system? A. A network based IDS system can detect dial-in intrusions and attempts to physically access the server. User workstations C. By isolating a server in a DMZ. you can hide or remove access to other areas of your network. A FTP server can be used by people from outside of your network and should be placed in the DMZ. the IDS detects a potential security breach.CompTIA SY0-101: Practice Exam B. p 26 QUESTION NO: 75 Of the intrusion detection capabilities listed below. QUESTION NO: 76 A security specialist is called to an onsite vacant office where an employee has found an unauthorized wireless access device connected to an RJ-45 jack linked to the corporate LAN.www. Customer account database Answer: C Explanation: A DMZ is an area where you can place a public server for access by people you might not trust otherwise.com 27 Ac tua lTe sts ." . Sybex . the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source. In a reactive system. D. based on where it is located. Answer: B Explanation: In a passive system. attack patterns within the network and malicious activities. logs the information and signals an alert. Alameda . Any Time. 2004. A network based IDS system can monitor and report on all network traffic. "Pass Any Exam.actualtests. 2nd Edition. A network based IDS system can see packet header information.co m . B. which is invisible to hostbased IDS systems. Security+ Study Guide .

Answer: D QUESTION NO: 77 Which of the following types of firewalls provides inspection at layer 7 of the OSI model? A.actualtests. Application-proxy Answer: D QUESTION NO: 78 Choose the attack or malicious code that cannot be prevented or deterred solely through using technical measures. C. B. C. Stateful inspection C. D. Man in the middle attacks. QUESTION NO: 79 Company intranet. For this reason social engineering attacks cannot be deterred through technical means. login banners and e-mails would be good tools to utilize in a security: "Pass Any Exam. it is unlawful to use technology to directly control people's emotions and behaviors. Any Time. A.www. Disconnect the network cable. newsletters. Install a sniffer.com Ac tua lTe sts . B. Dictionary attacks. Turn off the power. Social engineering.CompTIA SY0-101: Practice Exam Which of the following actions should the administrator take FIRST? A. DoS (Denial of Service) attacks. Answer: B Explanation: Because of human rights laws. D.co m 28 . posters. Call the police. Network address translation (NAT) D. Packet filters B." .

QUESTION NO: 80 An IDS sensor on a network is not capturing all the network data traffic. policy review Answer: A Explanation: Advertisement techniques are used to bring product awareness to a consumer. honeypot B. packet sniffer D. likewise advertising techniques can also be used to bring awareness to security programs. Any Time. hub D.co m 29 . bridge C. Sensitivity labels "Pass Any Exam. firewall Answer: D QUESTION NO: 82 Which of the following access decisions are based on a Mandatory Access Control (MAC) environment? A. router Answer: A QUESTION NO: 81 A software or hardware device that allows only authorized network traffic in or out of a computer or network is called a: A. control test C.com Ac tua lTe sts .CompTIA SY0-101: Practice Exam A. switch B. investigation D. awareness program B." .actualtests.www. anti-virus program C. This may be happening because the sensor is connected to the network with a: A.

and grant rights and privileges based on groups. B. quarantine Answer: A QUESTION NO: 85 Choose the malicious code which can distribute itself without using having to attach to a host file. create a folder for each department.co m ." . Group membership D. create groups. Then all users are given specific security clearances as to what they are allowed to access.www. Create a certificate authority. and grant rights and privileges. C. All objects are given security labels known as sensitivity labels and are classified accordingly. Ownership C. assign rights and privileges based on individual certificates. QUESTION NO: 83 Which of the following is a best practice for managing user rights and privileges? A. Identify roles and objects to be accessed. Enroll users in a biometric authentication system. meet with the departments and direct them to access their departmental folder. Create a list of departments. Any Time. "Pass Any Exam. VLAN C. honey pot D. issue certificates to each user. deploy biometric hardware to the client computers.com 30 Ac tua lTe sts . Access control lists Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. sandbox B. D.actualtests.CompTIA SY0-101: Practice Exam B. Answer: B QUESTION NO: 84 The concept that a web script is run in its own environment and cannot interfere with any other process is known as a: A.

Dry powder C. netcat D.CompTIA SY0-101: Practice Exam A. nmap C.com 31 Ac tua lTe sts . A virus.actualtests. IPCONFIG / IFCONFIG Answer: A QUESTION NO: 87 Which of the following is a suppression method for a Class C fire? A. C. D. The sales department has requested that the system become operational before a security review can be completed. Water Answer: C QUESTION NO: 88 A computer system containing personal identification information is being implemented by a company's sales department. Soda acid B. Corporate security policy "Pass Any Exam." . Need to know policy B. NETSTAT B. A worm. A Trojan horse. Any Time. a forensics specialist executes a command on the computer being investigated. Which of the following can be used to explain the reasons a security review must be completed? A.co m . Which of the following commands would be used to display the current network connections on the local computer? A. Carbon dioxide (CO2) D.www. B. Answer: C QUESTION NO: 86 During a live response to an unauthorized access. A logic bomb. Risk assessment C.

Escorting of guests "Pass Any Exam. . or what will best prevent the transmission of nonessential email. D. so the correct answer is to create a network security policy that defines what kind of email use constitutes the term misuse. It asks what action will discourage the employees. B.com employees misusing your ORG. Create and enforce network security policy. Any Time. assets Answer: D How will you accomplish the task? Answer: C Explanation: The question doesn't ask what method can be used to best secure the emails." . You want to reduce the likelihood of certpaper.actualtests.co QUESTION NO: 90 m 32 . e-mail. C.com Ac tua A. threats B. Encrypt all company e-mail messages. Create and enforce ACLs (Access Control List). Vulnerability assessment Answer: C QUESTION NO: 89 The first step in risk identification would be to identify: A. vulnerabilities D.CompTIA SY0-101: Practice Exam D. Badge security system B. Implement a strong authentication method. QUESTION NO: 91 Which of the following is the MOST effective social engineering defensive strategy? A. lTe sts You work as the security administrator.www. costs C.

com Ac tua lTe Reference: Mike Pastore and Emmett Dulaney . Rule Based Access Control (RBAC). 2nd Edition. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Any Time. Role Based Access Control (RBAC) C." .co m 33 . Marking of documents Answer: C QUESTION NO: 92 From the list below. p 135 sts Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. Discretionary Access Control (DAC). This situation can cause an application to terminate. choose the exploit that can be considered a DoS attack because more traffic than what the node can handle is flooded to that node. B. Logic bomb C. A. Alameda . Ping of death B. 2004. . Buffer overflow D.actualtests. Sybex . D.www. This is BEST described as: A. human resources personnel having slightly less access and managers having access to their own department files only. Security+ Study Guide . Training and awareness D.CompTIA SY0-101: Practice Exam C. Smurf attack Answer: C QUESTION NO: 93 An organization has a hierarchical-based concept of privilege management with administrators having full access. Mandatory Access Control (MAC) Answer: B QUESTION NO: 94 "Pass Any Exam.

uses weak encryption "Pass Any Exam. Network Based Active Answer: A. D.www. Answer: A QUESTION NO: 97 The employees at a company are using instant messaging on company networked computers. Network Based Passive B.CompTIA SY0-101: Practice Exam Which of the following types of IDS should be implemented to monitor traffic on a switch? (Select TWO). Host Based Active C. Virus signature reports Answer: B QUESTION NO: 96 A. A. Force the change with group policy B. Any Time.com Ac tua Which of the following is the MOST efficient way to force a large number of users to change their passwords on logon? lTe sts .co m 34 . The MOST important security issue to address when using instant messaging is that instant messaging: A.actualtests. C." . Patch reports B.D QUESTION NO: 95 Which of the following is considered by some HIDS tools to detect system security related anomalies? A. File hashing snapshot comparison C. Force the change by security group. Force the change with remote logon. Host Based Passive D. Vulnerability analysis snapshot comparison D. Force the change with registry editor.

How will you accomplish the task? sts . You also want to use the least amount of administrative effort to accomplish your task.actualtests. communications are a drain on bandwidth C. Deploy a VLAN (Virtual Local Area Network) Deploy. To identify open ports on a system D." .co m 35 . tua lTe You work as the security administrator at Certpaper. communications are open and unprotected Answer: D QUESTION NO: 98 Which of the following is a reason to use a vulnerability scanner? A. D. has no common protocol D. To assist with protocol analyzing Answer: C QUESTION NO: 99 Answer: B Explanation: Implement a VLAN (Virtual Local Area Network) to restrict network access is the best answer. B.CompTIA SY0-101: Practice Exam B. To assist with PKI implementation C. Any Time. and this would require less administrative overhead than setting up firewalls at each subnet. They are also hardware based (at the switch and MAC level) Firewalls are used so that external users (outside the organization cannot get in). whereas VLAN's are used within an organization to provide security. Deploy a VPN (Virtual Private Network). To identify remote access policies B. You must ensure that internal access to other parts of the network is controlled and restricted.www. C. VLAN's would restrict access only to their local VLAN. Deploy firewalls between your subnets.com Ac A.com. The solution which you implement to restrict network access must be hardware based. Deploy a proxy server Deploy. QUESTION NO: 100 "Pass Any Exam.

2nd Edition." . Trojan Horse programs. Any Time. D. Security Tokens B. Alameda .CompTIA SY0-101: Practice Exam Choose the option that correctly details the greatest vulnerability of using Instant Messaging clients. Security+ Study Guide . Reference: Mike Pastore and Emmett Dulaney . Kerberos C. Results in loss of email privileges. and traditional DoS attacks. Results in slow Internet connections. Certificates Answer: C QUESTION NO: 102 Which of the following authentication methods is based upon an authentication server that distributes tickets to clients? A. Challenge Handshake Authentication Protocol (CHAP) Answer: B "Pass Any Exam. E.co m 36 .actualtests. Results in theft of root user credentials. Kerberos D. Results in Blue Screen of Death errors. Results in disconnection from the file server. C. CHAP C.com Ac tua lTe sts . Username/password D. 2004. Results in malicious code being delivered by file transfer. Multifactor B. Answer: A Explanation: IM clients can also be compromised by malicious code. B. F. p 197 QUESTION NO: 101 Which of the following authentication systems make use of the KDC Key Distribution Center? A. Sybex . A.www.

For a system with many users. 2 D.com Ac Explanation: A self service password reset is a system where if an individual user forgets their password. synchronized passwords management systems . Any Time. Birthday Answer: A "Pass Any Exam.CompTIA SY0-101: Practice Exam QUESTION NO: 103 Which of the following is the number of security associations in an IPSec encrypted session for each direction? A. 4 B.actualtests. multiple access methods management systems D. Dictionary C. Common Gateway Interface (CGI) script D.www. they can reset it on their own (usually by answering a secret question on a web prompt. Buffer overflow B. 8 Answer: B QUESTION NO: 104 Answer: A QUESTION NO: 105 Poor programming techniques and lack of code review can lead to which of the following types of attack? A." . Self service password reset management systems B. Locally saved passwords management systems C. tua lTe sts A. then receiving a new temporary password on a pre-specified email address) without having to call the help desk. this will significantly reduce the help desk call volume.co Which password management system best provides for a system with a large number of users? m 37 . one C.

CompTIA SY0-101: Practice Exam Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. This exploitation is usually a result of a programming error in the development of the software. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 135

QUESTION NO: 106 Most current encryption schemes are based on: A. algorithms B. time stamps C. digital rights management D. randomizing Answer: A

QUESTION NO: 107

A. At the stage when the connection is established. B. At the stage when the connection is established and at whichever time after the connection has been established. C. At the stage when the connection is established and when the connection is disconnected. D. At the stage when the connection is disconnected. Answer: B Explanation: CHAP performs the handshake process when first establishing a connection; and then at random intervals during the transaction session.

QUESTION NO: 108

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer.

lTe

sts

.co

m

38

CompTIA SY0-101: Practice Exam One type of port scan can determine which ports are in a listening state on the network, and can then perform a two way handshake. Which type of port scan can perform this set of actions? A. A TCP (transmission Control Protocol) fin scan B. A TCP (transmission Control Protocol) connect scan C. A TCP (transmission Control Protocol) null scan D. A TCP (transmission Control Protocol) SYN (Synchronize) scan Answer: D Explanation: In SYN scanning, a TCP SYN packet is sent to the port(s) to be scanned. If the port responds with a TCP SYN ACK packet, then the port is listening. If it replies with a TCP RST packet, then it is not.

QUESTION NO: 109

Which of the following would be the MOST important reason to apply updates? A. Software is a productivity facilitator and as new functionality is available the functionality must be enabled. B. Software is inherently insecure and as new vulnerabilities are found the vulnerabilities must be fixed. C. Software is a supported product and vendors won't support the product if the latest version is not installed. D. Software is a licensed product and the license will expire if not updated Answer: B

QUESTION NO: 110

A security specialist for a large distributed network with numerous divisions is selecting an access control model. Employees in the human resource division need access to personnel information but not production data and operations employees need access to production data only. Which of the following access control models would be MOST appropriate? A. Role Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Rule Based Access Control (RBAC) D. Discretionary Access Control (DAC)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

39

CompTIA SY0-101: Practice Exam Answer: A Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

QUESTION NO: 111 You work as the security administrator at Certpaper.com. One morning you discover that a user named Mia Hamm has used her user account to log on to a network server. Mia has then executed a program and been able to perform operations which only a network administrator or security administrator should be able to. What type of attack has occurred? A. Trojan horse. B. Security policy removal. C. Privilege escalation attack. D. Subseven back door. Answer: C

QUESTION NO: 112 A company has instituted a VPN to allow remote users to connect to the office. As time progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? A. IKE B. AES

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 522

tua

Explanation: A user obtaining access to a resource they would not normally be able to access. This is done inadvertently by running a program with SUID (Set User ID) or SGID (Set Group ID) permissions or by temporarily becoming another user.

lTe

sts

.co

m

40

CompTIA SY0-101: Practice Exam C. L2F lTe L2TP tunneling replies on which of the following for security? sts . Digital signatures B. A.www. Cipher block chaining C. SSH C.com Ac Answer: A tua A. Vulnerability exploits.actualtests. SSL D. QUESTION NO: 114 QUESTION NO: 115 Non-repudiation is enforced by which of the following? A." .co Explanation: Spoofed e-mails will not be detected by the IDS. Secret keys D. Port scan attack D. m Answer: A 41 . PKI Answer: A "Pass Any Exam. C. 3DES Answer: A QUESTION NO: 113 From the options. Spoofed e-mail B. choose the attack which an IDS (Intrusion Detection System) cannot detect. DoS (Denial of Service) attack. SHA D. IPSec B. Any Time.

www.CompTIA SY0-101: Practice Exam QUESTION NO: 116 Which of the following would be the MOST effective backup site for disaster recovery? A. Unique user IDs cannot be modified easily. what makes unique user IDs especially important? A. C. Unique user IDs establishes individual accountability." . Discretionary Access Control (DAC) . Unique user IDs triggers corrective controls. QUESTION NO: 119 "Pass Any Exam. When a user known that they are being tracked.co m A security system that uses labels to identify objects and requires formal authorization to use is BEST described as: 42 . Warm site D. Role-Based Access Control (RBAC) D. Mandatory Access Control (MAC) B. Kerberos C. Answer: C Explanation: With a unique user ID you'll have soft evidence on the timing and the action any accessed user accomplishes.actualtests. D. they think twice about doing something they shouldn't do. Hot site Answer: D QUESTION NO: 117 When reviewing audit trails. Any Time. Unique user IDs show which files and data were changed. Reciprocal agreement C.com Ac tua QUESTION NO: 118 lTe Answer: A sts A. Cold site B. B.

HTTP (Hypertext Transfer Protocol) Answer: C Reference: Mike Pastore and Emmett Dulaney . Multiple directories can be browsed. downlevel C.CompTIA SY0-101: Practice Exam Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. C. D. Any Time. which details a specific advantage of implementing a single sign-on technology? A. You can configure system wide permissions. hybrid Answer: C QUESTION NO: 120 One of these protocols is used to encrypt traffic passed between a web browser and web server. IPSec (Internet Protocol Security) B. B. VPN (Virtual Private Network) C. peer-to-peer D. Multiple applications can be installed." . Answer: C Explanation: "Pass Any Exam. 2004. 2nd Edition. Sybex .actualtests. sts .com Ac tua lTe Explanation: The Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines.www. Security+ Study Guide . SSL (Secure Sockets Layer) D. The model with no single trusted root is known as: A. Which is it? A.co m 43 . Users must log on twice at all times. p 365 QUESTION NO: 121 From the options. Alameda . hierarchical B.

" . Logic bomb B. Security+ Study Guide . review logs for other compromises and notify the human resources department.co m 44 . p 434 QUESTION NO: 122 A credential that has been digitally signed by a trusted authority is known as: A. contain the affected system. review logs for other compromises. the specialist should: A. an encrypted tunnel C. B. review logs for other compromises and report the situation to authorities. delete the files that violate security policy and report the situation to authorities.actualtests. worm Answer: C QUESTION NO: 124 A security specialist is reviewing writable FTP directories and observes several files that violate the company's security policy. a trust relationship D. Any Time. Reference: Mike Pastore and Emmett Dulaney . C. "Pass Any Exam. Spy ware D. In addition to checking the FTP server. Sybex . Alameda . virus C. D.www.CompTIA SY0-101: Practice Exam The purpose is so a user can gain access to all of the applications and systems they need when they log on with a single sign-on. review logs for other compromises and report the situation. a trusted packet B. reboot the affected server. 2nd Edition. 2004.com Ac tua lTe sts . a certificate Answer: D QUESTION NO: 123 Which of the following will allow you to monitor a user??s online activities? A.

Open TCP (Transmission Control Protocol) port 110 to inbound and outbound connections.co m 45 . Open UDP (User Datagram Protocol) port 110 to inbound connections. which exploits poor programming techniques or lack of code review? sts QUESTION NO: 126 . p 135 "Pass Any Exam. C. Which ports must you open on the firewall to support SMTP connections? A. Buffer overflow attacks D. B. Any Time. The Certpaper .CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 125 You work as a security administrator at Certpaper . Open TCP (Transmission Control Protocol) port 25 to inbound and outbound connections. Sybex . 2nd Edition. This exploitation is usually a result of a programming error in the development of the software.actualtests. D.www. Birthday attacks C. Reference: Mike Pastore and Emmett Dulaney . Dictionary attacks lTe From the listing of attack types. Answer: C Explanation: TCP port 25 is reserved for SMTP while port 110 is for POP3. Answer: C Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. CGI (Common Gateway Interface) scripts B.com network must be configured to support e-mail communication using SMTP (Simple Mail Transfer Protocol).com. This situation can cause an application to terminate.com Ac tua A. Open UDP (User Datagram Protocol) port 25 to inbound connections." . Alameda . 2004. Security+ Study Guide .

All security administrators. Many-to-many mapping B. Replay B.co m 46 .D QUESTION NO: 128 Which of the following types of attacks consists of a computer sending PING packets with the destination address set to the network's broadcast address and the source address set to the target computer's IP address? A. This is a tricky question with many close answers. but make your best decision. Many-to-one mapping Answer: B. Answer: B Explanation: There are many policies for companies these days. Smurf D. One-to-many mapping D.actualtests." . All auditors. Fraggle Answer: C You plan to update the user security policy. All staff. the users and staff need to know the policy. I would say D would be the best choice. B. Considering the question refers to a user security policy. D. All users. Any Time. XMAS Tree C. Whom should the new updated user security policy be distributed and made available to? A. One-to-one mapping C.com Ac tua QUESTION NO: 129 lTe sts .www. "Pass Any Exam.CompTIA SY0-101: Practice Exam QUESTION NO: 127 Which of the following are types of certificate-based authentication? (Select TWO) A. C.

Any Time. set auditing on the object and respond as alerts are generated. Set auditing on the object and respond as alerts are generated. Man in the middle attacks C." .com 47 Ac tua lTe A. Tunneling is the process of utilizing the Internet as part of a private secure network. Tunneling is the process of moving through three levels of firewalls. Web proxy B. Answer: D QUESTION NO: 133 Which of the following are components of host hardening? (Select TWO). B. Network engineers use tunneling to protect a data flow from the elements of the internet.CompTIA SY0-101: Practice Exam QUESTION NO: 130 Which of the following best describes what tunneling is? A. Enable auditing. C. Tunneling is the process of passing information over the Internet within the shortest time frame. They tunnel by placing secure encrypted IP packets into a non-secure IP packet. QUESTION NO: 131 Answer: C QUESTION NO: 132 Which of the following BEST describes the sequence of steps in the auditing process? A. D. Open relays D. B.co m . D. They will build a tunnel under a river. Enable auditing.actualtests. Answer: D Explanation: Civil engineers build tunnels to allow one direction of traffic flow to be protected against another traffic flow. C. Enable auditing and set auditing to record all events. "Pass Any Exam.www. set auditing on objects and review event logs. or underneath a highway. Tunneling is the process of creating a tunnel capable of capturing data. Trojan horse programs sts Which of the following would be the MOST common method for attackers to spoof email? .

IPSec can work in tunneling mode or transport mode. Any Time. C. Transport modes encrypt only the payload. D. D." .co m 48 . E. SSH (Secure Shell).actualtests. Biometric C. IPSec (Internet Protocol Security).C QUESTION NO: 134 From the options. choose the VPN (Virtual Private Network) tunneling protocol.com Ac tua Reference: Mike Pastore and Emmett Dulaney . Configuring the Start menu and Desktop B. Sybex . p 127 lTe Explanation: IPSec provides secure authentication and encryption of data and headers. Applying patches C. DES (Data Encryption Standard). Tokens B. In tunneling mode. AH (Authentication Header). Mutual D. Adding users to the administrator group.www. Removing a user's access to the user's data. Alameda . Answer: B. Answer: C QUESTION NO: 135 Which of the following types of authentication models uses a smart card and a User ID/Password for accessing network resources? A. 2004. the data or payload and message headers are encrypted. B. A. Security+ Study Guide . Disabling unnecessary services.CompTIA SY0-101: Practice Exam A. Multifactor Answer: D "Pass Any Exam. 2nd Edition. sts .

Ownership tua In a mandatory access control (MAC) environment. Signature based D. Sensitivity labels B.co m . Nmap D. Cain & Abel Answer: C QUESTION NO: 138 Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. Then all users are given specific security clearances as to what they are allowed to access. Group membership C. which of the following are access decisions based on? lTe sts . L0phtcrack C. which of the following would lower the level of security of a network? "Pass Any Exam.com 49 Ac A.www. Any Time. Anomaly based Answer: C QUESTION NO: 137 Which of the following is a port scanning utility? A." . John the Ripper B. Access control lists D. QUESTION NO: 139 When setting password rules.actualtests. All objects are given security labels known as sensitivity labels and are classified accordingly. Keyword based C. Detection based B.CompTIA SY0-101: Practice Exam QUESTION NO: 136 Which of the following types of IDS uses known patterns to detect malicious activity? A.

Since the user won' be able to reset the password themselves they'll have to make regular trips to help desk for a new password.CompTIA SY0-101: Practice Exam A. Read rights D. Full access lTe A clothing store with a single location has one owner.actualtests. Write rights C. Update rights B. Destruction B. Degaussing D. Complex passwords that users can not remotely change are randomly generated by the administrator and given to users Answer: D Explanation: If a user gets a difficult password that they can't remember. C. which of the following inventory system permissions might be BEST aligned with the least privilege principle for the managers? sts .co m 50 . Passwords must be greater than six characters and contain at least one non-alpha. there's a certain chance that they will forget the password or compromise security by writing down their password on a Post It note on their keyboard. and with regular disgruntled users getting emotional over passwords. the risk of social engineering increases.com Ac Answer: A tua A. Under this scenario. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before. After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account." . two managers and six cashiers. Sanitization Answer: D "Pass Any Exam. B. Any Time.www. Reformatting C. D. QUESTION NO: 140 QUESTION NO: 141 What is the BEST process of removing PII data from a disk drive before reuse? A.

Authentication B. C. Integrity D." . Implement a VPN (Virtual Private Network). Answer: C Explanation: A one time password is simply a password that has to be changed every time you log on. B. D. or be on the verge of expiration within a matter of hours.www. Any Time. if someone were to intercept a password it would probably already be expired. Implement PPTP (Point-to-Point Tunneling Protocol). 110 E.com Ac Answer: C tua A. 143 B. Confidentiality C. 49 F.co m 51 . Non-repudiation lTe Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with? sts QUESTION NO: 143 . 194 "Pass Any Exam. So by chance. 23 D. Implement aone time password. Implement complex password requirements. 3389 C. QUESTION NO: 144 Which of the following ports are typically used by email clients? (Select TWO) A.actualtests. effectively making any intercepted password good for only the brief interval of time before the legitimate user happens to login themselves.CompTIA SY0-101: Practice Exam QUESTION NO: 142 Which of the following is a solution that you can implement to protect against an intercepted password? A.

Kerberos D.com Ac Explanation: Malicious port scanning is an attempt to find an unused port that the system won't acknowledge. Penetration testing D. SQL servers B. the hacker can look up known vulnerabilities and exploits for that particular system. The physical cabling topology of a network B. Vulnerability assessment C. tua lTe sts . PGP C.co m 52 . With knowledge of the operating system. Network mapping Answer: C "Pass Any Exam.actualtests. Several programs now can use port scanning for advanced host detection and operating system fingerprinting." . The fingerprint of the operating system C. SSL B.D QUESTION NO: 145 A URL for an Internet site begins with 'https:' rather than 'http:'' which is an indication that this web site uses: A.www. PKI Answer: A QUESTION NO: 146 Malicious port scanning is a method of attack to determine which of the following? A. User IDs and passwords Answer: B QUESTION NO: 147 Which of the following activities is MOST closely associated with DLL injection? A. Computer name D.CompTIA SY0-101: Practice Exam Answer: A. Any Time.

a CRL "Pass Any Exam. active content (e. IDS C.com Ac tua lTe sts A. the CA should issue: A. Bastion host D. Demilitarized zone (DMZ) Answer: D QUESTION NO: 149 Answer: D QUESTION NO: 150 Which of the following could result in a DDoS? A. illicit servers D.actualtests. TCP/IP Hijacking B." . Buffer Overflow C. buffer overflows .www.co The MOST common exploits of Internet-exposed network services are due to: m 53 . Java Applets) B. Privilege escalation Answer: D QUESTION NO: 151 If a user reports that the user's public/private key has been compromised.g. NIPS D.CompTIA SY0-101: Practice Exam QUESTION NO: 148 Which of the following portions of a company's network is between the Internet and an internal network? A. Trojan horse programs C. Any Time. Filter router B.

Rule Based Access Control (RBAC) C.www. Network interface card (NIC) Answer: A. creating a security policy C. Role Based Access Control (RBAC) Answer: A "Pass Any Exam.CompTIA SY0-101: Practice Exam B. PCMCIA card C. identifying the use case Answer: B QUESTION NO: 153 Which of the following would be an example of a hardware device where keys can be stored? (Select TWO). Discretionary Access Control (DAC) B. installing software patches B. an LDAP C.actualtests. a PKCS Answer: A QUESTION NO: 152 The FIRST step in creating a security baseline would be: A. Any Time. Mandatory Access Control (MAC) D. D. Smart card B. vulnerability testing. a CPS D. A.com Ac tua lTe sts .B QUESTION NO: 154 A user is assigned access rights explicitly." .co m 54 . This is a feature of which of the following access control models? A. PCI card D.

software maintenance. To allow or deny specific actions to users or groups C. force majeure. Application C. hardware maintenance.CompTIA SY0-101: Practice Exam QUESTION NO: 155 Which of the following would be BEST for deploying third-party application security updates on a network with 1. Security Answer: A Explanation: In the hosting business. What must you include in the SLA to achieve this objective? A." . To allow or deny network traffic from server based systems "Pass Any Exam.co m 55 . and usually offer concessions for times of reduced availability. To allow or deny signature updates to group applications B. Enterprise System Management (ESM) B. Sadly. every company aims for 100% availability in their service level agreements. You want to ensure the availability of server based resources over guaranteed server performance levels. labour actions. sabotage. Vulnerability scanner D. virus attacks. You are defining a SLA (Service Level Agreement).com Ac tua lTe sts . and past due accounts on your part. these agreements have exceptions which include: scheduled network maintenance.www. QUESTION NO: 157 Privileges are used for which of the following purposes? A. To allow or deny network traffic from host based systems D. Network D.com. Logon script Answer: A QUESTION NO: 156 You work as the security administrator at Certpaper . insurrections.000 computers? A.actualtests. Baseline security analyzer C. hacker attacks. Hosting B. war. Any Time.

www.co m 56 . Implement previous logon notification. Implement session lock mechanism. Grounded wiring frame Answer: A Which of the following methods will help to identify when unauthorized access has occurred? A. FTP C." .com Ac QUESTION NO: 160 tua lTe sts . TEMPEST C. Implement two-factor authentication Answer: B QUESTION NO: 161 Which of the following is a critical element in private key technology? "Pass Any Exam. Web D. Email Answer: B QUESTION NO: 159 An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following? A.CompTIA SY0-101: Practice Exam Answer: B QUESTION NO: 158 Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data? A. Mantrap D.actualtests. Any Time. Faraday cage B. DNS B. D. C. Implement session termination mechanism B.

The detailed logging information for each user.actualtests. which of the following event logs would contain failed logons? A. Key exchange C. DNS log B. But if it used to take advantage of the non-secure logon.com Ac A." .www. C. tua lTe You work as the security administrator at Certpaper . Application log "Pass Any Exam. Any Time. QUESTION NO: 164 On a Windows host. Tunneling B. Choose the important factor which you should consider and be aware of. The upload and download directory for each user. Less server connections and network bandwidth utilization. Getting the proper key the first time. Passwords D.co m 57 . Keeping the key secret B. Distributing the key to everyone. The storage and distribution of unlicensed software. sts QUESTION NO: 163 . D. Using the key to decrypt messages. Answer: A QUESTION NO: 162 The Diffie-Hellman encryption algorithm relies on which of the following? A.com. D. then answer C would seem to be the best answer. Digital signatures Answer: B Answer: D Explanation: Anonymous FTP is based on good faith.CompTIA SY0-101: Practice Exam A. C. You want to enable anonymous FTP (File Transfer Protocol) read/write access. B.

System log Answer: C QUESTION NO: 165 Choose the items that an intruder would ignore when going through disposed garbage. E.www. Boot sectors.E. lays dormant until a user opens the certain program then deletes the contents of attached network drives and removable storage devices is known as a: "Pass Any Exam. Maximum password age E. sts . Process lists.CompTIA SY0-101: Practice Exam C. B. Password complexity controls B. usually on a notepad.E QUESTION NO: 167 Malicious code that enters a target system. Virtual memory.co m . Choose all options that apply. Network diagrams. a Post It note. F. Answer: C.F Which of the following settings works BEST to avoid password reuse? (Select TWO). Password history C. Old passwords. or are in a situation where they need multiple passwords they have a tendency of writing their passwords down. Any Time. A. D. A. or on their desk ledger." . IP (Internet Protocol) address lists. Minimum password age Answer: B.com 58 Ac tua QUESTION NO: 166 lTe Explanation: When people create complex passwords that they can't remember. C. Security log D. Account lockout D.actualtests.

honeypot C. Open ports 636 and 137 D. a phishing attack lTe Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as: sts QUESTION NO: 169 . logic bomb D. worm Answer: C QUESTION NO: 168 A Windows file server is an example of which of the following types of models? A. Mandatory Access Control (MAC) D.CompTIA SY0-101: Practice Exam A. social engineering D." . The Certpaper . a man-in-the-middle attack C. Rule Based Access Control (RBAC) C. Open ports 389 and 636 C. Discretionary Access Control (DAC) B. Trojan horse B. Any Time. Which ports must you open on the firewall to allow LDAP traffic? A.com Ac tua A.com.www.actualtests.co m 59 . Open ports 389 and 139 B. Open ports 137 and 139 "Pass Any Exam. a Trojan horse B. Role Based Access Control (RBAC) Answer: A Answer: C QUESTION NO: 170 You work as the security administrator at Certpaper .com network must be configured to allow LDAP (Lightweight Directory Access Protocol) traffic.

com wireless network environment uses WEP (Wired Equivalent Privacy) to provide wireless security. QUESTION NO: 171 The Certpaper .11 standard." .11 standard describes the communication that occurs in wireless local area networks (LANs). In practice. Choose the entity or entities that can authenticate to an access point. C. Reference: http://www.com users that have the correct WEP (Wired Equivalent Privacy) key. but it is frequently considered to be a feature of WEP. AllCertpaper . Anyone WEP relies on a secret key that is shared between a mobile station ( eg . and an integrity check is used to ensure that packets are not modified in transit. The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping.11x network from being automatically discovered.edu/isaac/wep-faq. A.cs. D. a base station). most installations use a single key that is shared between all mobile stations and access points. A secondary function of WEP is to prevent unauthorized access to a wireless network. More sophisticated key management techniques can be used to help defend from the attacks we describe. this function is not an explicit goal in the 802.CompTIA SY0-101: Practice Exam Answer: B Explanation: The 'well known' LDAP ports are 389 for LDAP and 636 for LDAP SSL.berkeley. however.actualtests. The secret key is used to encrypt packets before they are transmitted. Administrators only. Any Time. sts . OnlyCertpaper .www.html QUESTION NO: 172 To keep an 802. The standard does not discuss how the shared key is established.co Answer: C m 60 .com Ac tua lTe Explanation: The 802. a laptop with a wireless Ethernet card) and an access point ( ie .com users. B. no commercial system we are aware of has mechanisms to support such techniques.isaac. a user should: "Pass Any Exam.

Identification "Pass Any Exam. activate the SSID password B. Answer: D QUESTION NO: 173 A user receives an email asking the user to reset the online banking username and password. Any Time. D. change the SSID name.com 61 Ac tua lTe sts . turn off the SSID broadcast. the URL that appears in the browser does not match the link." . spoofing Answer: C QUESTION NO: 174 Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text? A. Port scanner D. Authentication C. hijacking C.actualtests.www. Allocation B. Protocol analyzer Answer: D QUESTION NO: 175 A user logs in with a domain account and is denied access to a specific file which the user should have access to. redirecting B. The email contains a link and when the user accesses the link. Vulnerability scanner C.CompTIA SY0-101: Practice Exam A. The server is not able to verify the identity of the user.co m . phishing D. C. leave the SSID default. Which of the following is the problem? A. This would be an example of: A. Password cracker B.

separation of duties C. A. concurrent session control B. Identify the protocol (steps) that allow for the following: 1. Mobile device. . 2. Wireless client.E QUESTION NO: 177 A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties. least privilege D. Authorization Answer: B QUESTION NO: 176 WTLS (Wireless Transport Layer Security) provides security services between network devices or mechanisms. Which is it? Choose all that apply. 3. Client and server authentication. Selection of cryptographic keys. MAC (Mandatory Access Control) and encryption algorithm negotiation.actualtests. This is an example of: A. "Pass Any Exam.www. WAP (Wireless Application Protocol) gateway B. WTLS is the method security for WAP (Wireless Application Protocol) and it provides transport layer security directly between a wireless device and the WAP gateway. Wireless network interface card. processing power.com 62 Ac tua lTe sts Explanation: Since most wireless devices are low in: memory. Web server." . access control Answer: D QUESTION NO: 178 SSL (Secure Socket Layer) establishes a stateful connection negotiated by a process performed between client and server.co m .CompTIA SY0-101: Practice Exam D. and bandwidth capability creating a security mechanism is a difficult task. E. D. Answer: A. C. Any Time.

" . Security+ Study Guide . p 135 QUESTION NO: 180 Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications? A. Buffer Overflows. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Answer: C Explanation: SSL Handshake Protocol * runs before any application data is transmitted * provides mutual authentication * establishes secret encryption keys * establishes secret MAC keys QUESTION NO: 179 Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept? A. SSL (Secure Sockets Layer) record protocol. C. tua lTe sts . C.actualtests.com 63 Ac Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. SSL (Secure Sockets Layer) change cipher spec protocol. SMTP Relay B. SSL (Secure Sockets Layer) handshake protocol.CompTIA SY0-101: Practice Exam A. SSL (Secure Sockets Layer) alert protocol. CGI. Cookies. B.www. Access control lists B. Alameda . Constrained user interfaces "Pass Any Exam. D. Any Time. Answer: C Reference: Mike Pastore and Emmett Dulaney . Sybex . D.co m . This situation can cause an application to terminate. 2004. 2nd Edition.

www. Worms self replicate while Trojan horses do not. AV server logs C. HIDS logs D. A third party mail relay limits access to specific users. Which of the following could BEST be used to confirm the administrator's suspicions? A. B. B. Spammers can utilize the third party mail relay." . C.CompTIA SY0-101: Practice Exam C. Proxy logs B. A third party mail relay restricts the types of e-mail that maybe sent. A third party mail relay restricts spammers from gaining access. Any Time. Encryption protocol Answer: C QUESTION NO: 181 An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. Worms are a form of malicious code while Trojan horses are not. Answer: C Explanation: Using a third party email relay can put you in an advantage of getting unnecessary spam. and the message will appear to be legitimate coming from the email server. A.com Ac tua lTe sts QUESTION NO: 182 . Anyone on the internet can relay an unsolicited email through an SMTP server.actualtests.co m 64 . Firewall logs Answer: D Choose the primary disadvantage of using a third party mail relay. and it makes it much more difficult to trace the spammer. "Pass Any Exam. D. Single sign-on D. QUESTION NO: 183 Choose the statement that best details the difference between a worm and a Trojan horse? A.

Reference: Mike Pastore and Emmett Dulaney . 2nd Edition. QUESTION NO: 185 One type of network attack sends two different messages that use the same hash function to generate the same message digest. are self-contained and do not need a host application to be transported. Alameda . Sybex . The Trojan horse program may be installed as part of an installation process. Answer: A Explanation: A worm is different from a virus. It is used to encrypt and decrypt data signals transmitted between Wireless LAN devices. WAP (Wireless Application Protocol) B. 2004. Not A: WEP is one of the most popular features available for a Wireless LAN.co m .actualtests.com 65 Ac Answer: B tua A. data integrity and authentication for WAP services.CompTIA SY0-101: Practice Exam C. Which network attack does this? "Pass Any Exam. 85 QUESTION NO: 184 Explanation: Short for Wireless Transport Layer Security. There is no difference between a worm and a Trojan horse. Authentication Which solution should you implement? sts . WSET (Wireless Secure Electronic Transaction) D. They do not reproduce or self replicate." . You want to implement a solution which will provide the following for handled devices in your wireless network: 1. In essence. pp 83. WTLS (Wireless Transport Layer Security) C. WEP makes a wireless LAN link as secure as a wired link.com. Worms reproduce themselves.www. WEP (Wired Equivalent Privacy) lTe You work as the security administrator at Certpaper . Security+ Study Guide . D. Data privacy 2. Worms are distributed through e-mail messages while Trojan horses do not. WTLS is the security layer of the WAP. Any Time. Data integrity 3. providing privacy.

Patches have since been released.actualtests. they'll come up with some common denominators. D. By that rational if an attacker examines the hashes of an entire organizations passwords. AES C.www. Can result in the unauthorized disclosure of private information. Diffie-Hellman D. Man in the middle attack. DES . QUESTION NO: 188 "Pass Any Exam. Ciphertext only attack. QUESTION NO: 186 Answer: B QUESTION NO: 187 A malformed MIME (Multipurpose Internet Mail Extensions) header can have a negative impact on the system. Birthday attack. Can result in an e-mail server crashing. Brute force attack. Any Time.5 had a vulnerability that made it suspect to crashes following a malformed MIME header.0 & 5. B. which will enable attackers to access the internal network.com 66 Ac tua lTe sts A. Answer: A Explanation: A birthday attack is based on the principle that amongst 23 people. Choose the option that correctly details this. 3DES B. D. Can lead to the creation of a back door. Answer: C Explanation: Microsoft Exchange Server 5. the probability of 2 of them having the same birthday is greater the 50%." . Can create a virus that infects the computers of users. B. C. A.CompTIA SY0-101: Practice Exam A. C.co m Which of the following provides the MOST secure form of encryption? .

Personal firewall B. address on the same subnet. Common operating system. change control management C." . logs and inventories B.actualtests. Privacy screen D. A shared password. Answer: B Explanation: For an SSL connection to compete. Network firewall C. D. QUESTION NO: 189 Answer: A QUESTION NO: 190 The process of documenting who applied a patch to a specific firewall at a specific time and what the patch is supposed to accomplish is known as: A. B.com Ac tua A. Which of the following should be implemented to protect the laptop computer when connecting to the hotel network? . Address on the same subnet. C. Shared password.CompTIA SY0-101: Practice Exam For a SSL (Secure Sockets Layer) connection to be automatically established between a web client and server. Which is it? A. asset identification Answer: B "Pass Any Exam. and a common operating system are ludicrous answers because they defy the reason why SSL exists. Router with firewall rule set lTe sts A remote user has a laptop computer and wants to connect to a wireless network in a hotel. Any Time. user awareness. D.www. the web client and server should have a trusted certificate to confirm authenticity. Certificate signed by a trusted root CA (Certificate Authority).co m 67 . a specific element has to exist.

storage and recovery. access control and trusts.www. C. Non-repudiation sts Audit logs must contain which of the following characteristics? . Any Time.co m .CompTIA SY0-101: Practice Exam QUESTION NO: 191 Choose the terminology used to refer to the situation when authorized access is perceived as an intrusion or network attack. confidentiality and encryption. QUESTION NO: 192 Answer: D QUESTION NO: 193 A digital signature is used for: A.com 68 Ac tua lTe A. "Pass Any Exam. Answer: D QUESTION NO: 194 Choose the mechanism that is NOT a valid access control mechanism. D. when there is no need of any alarm. Confidentiality D. False alarm Answer: A Explanation: False intrusion is a false alarm. B. False negative D. Not B: A false positive is when legitimate traffic is picked up as an intruder. Accessibility C." . False intrusion B. Authorization B.actualtests. integrity and non-repudiation. A. False positive C.

Answer: A Explanation: There is no such thing as a SAC (Subjective Access Control) list. C." . XMAS tree scan B. SYN flood Answer: B "Pass Any Exam. SAC (Subjective Access Control) list. Profiles B. QUESTION NO: 195 Choose the access control method which provides the most granular access to protected objects? A. Security+ Study Guide . RBAC (Role Based Access Control) list. DAC (Discretionary Access Control) list. Brute force D.www. ACLs allow a stronger set of access controls to be established in your network. 2004. sts .co m 69 . Capabilities C.CompTIA SY0-101: Practice Exam A. Access control lists D. B. or grant certain network capabilities to them. Alameda . DDoS C. Sybex . D. Any Time.actualtests. The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats. p 235 tua lTe Explanation: Access control lists enable devices in your network to ignore requests from specified users or systems. Permission bits Answer: C QUESTION NO: 196 Which of the following types of attacks is targeting a web server if thousands of computers are simultaneously sending hundreds of FIN packets with spoofed source IP addresses? A. MAC (Mandatory Access Control) list. 2nd Edition.com Ac Reference: Mike Pastore and Emmett Dulaney .

CompTIA SY0-101: Practice Exam

QUESTION NO: 197 Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network? A. The attacking computer's audit logs B. The firewall's logs C. The domain controller's logs. D. The target computer's audit logs. Answer: D

QUESTION NO: 198

Answer: A

QUESTION NO: 199

Which of the following is used by anti-virus software to detect viruses that have not been previously identified? A. Zero-day algorithm B. Quarantining C. Random scanning D. Heuristic analysis Answer: D

QUESTION NO: 200 From the options, which explains the general standpoint behind a DMZ (Demilitarized Zone)?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Buffer overflow B. Brute force C. Denial of service (DoS) D. Syntax error

sts

.co

Which of the following describes a server or application that is accepting more input than the server or application is expecting?

m

70

CompTIA SY0-101: Practice Exam A. All systems on the DMZ can be compromised because the DMZ can be accessed from the Internet. B. Only those systems on the DMZ that can be accessed from the Internet can be compromised. C. No systems on the DMZ can be compromised because the DMZ is completely secure and cannot be accessed from the Internet. D. No systems on the DMZ can be compromised because the DMZ cannot be accessed from the Internet. Answer: A

QUESTION NO: 201 Which of the following describes an attacker encouraging a person to perform an action in order to be successful? A. Social engineering B. Password guessing C. Back door D. Man-in-the-middle Answer: A

QUESTION NO: 202

A. Provide the FTP server's address to only those users that must access it. B. Allow blind authentication. C. Do not allow anonymous authentication. D. Redirect FTP to a different port. Answer: C Explanation: Early FTP servers did not offer security. Security was based on the honor system. Most logons to an FTP site used the anonymous logon. By convention, the logon ID was the user's email address, and the password was anonymous. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 137 "Pass Any Exam. Any Time." - www.actualtests.com 71

Ac

tua

You work as the security administrator at Certpaper .com. You must secure the FTP (File Transfer Protocol) server by allowing only authorized users access to it. How will you accomplish this task?

lTe

sts

.co

m

CompTIA SY0-101: Practice Exam

QUESTION NO: 203 Choose the protocol used by a web server to encrypt data. A. ActiveX B. TCP/IP (Transmission Control Protocol/Internet Protocol) C. SSL (Secure Sockets Layer) D. IPSec (Internet Protocol Security) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.

QUESTION NO: 204

A. Role Based Access Control (RBAC) B. Discretionary Access Control (DAC) C. Rule Based Access Control (RBAC) D. Mandatory Access Control (MAC) Answer: D

QUESTION NO: 205 One of the following options details the main advantage of why you should choose to use SSL (Secure Sockets Layer) over using HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer). Which is it? "Pass Any Exam. Any Time." - www.actualtests.com 72

Ac

Which of the following access control models uses subject and object labels?

tua

lTe

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 365

sts

.co

m

www. Inheritance B. Auto-population Answer: A QUESTION NO: 208 All of the following types of attacks can be detected by an IDS EXCEPT: A.co m Which ports need to be open to allow a user to login remotely onto a workstation? 73 . Template C. 3389 D. QUESTION NO: 206 Answer: C QUESTION NO: 207 A technician wants to be able to add new users to a few key groups by default. Answer: A Explanation: SSL on its own works at the session layer (layer 5) so it has more versatility in protocols that it supports. 636 . 53 B. SSL and HTTPS are transparent to the application.CompTIA SY0-101: Practice Exam A. D. which of the following will allow this? A. Denial of Service (DoS) B.com Ac tua lTe sts A. B. SSL provides full application security for HTTP whereas HTTPS does not. C. Any Time. Default pairing D. SSL supports user authentication whereas HTTPS does not. 8080 C. spoofed e-mail "Pass Any Exam." . for instance FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol). whereas HTTPS does not.actualtests. SSL supports additional Application layer protocols.

B." . D. Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol). A map scanner. Any Time. D. Which of the following actions should you perform? Choose all correct answers. sts Answer: A. B. Prevent members of the organization from entering the server room. exploits of bugs or hidden features.com.D . C. QUESTION NO: 211 To aid in preventing the execution of malicious code in email clients. A. Prevent members of the incident response team from entering the server room. Answer: D Explanation: Ping confirms a connection by sending and receiving ICMP packets. A share scanner. which of the following should be done by the email administrator? "Pass Any Exam.C. A port scanner.co m . port scan D. Answer: B Explanation: Spoofed e-mails will not be detected by the IDS.actualtests. A ping scanner. Shut down the server to prevent the hacker from accessing more data. QUESTION NO: 209 You work as the security administrator at Certpaper . Detach the network cable from the server to prevent the hacker from accessing more data.com 74 Ac tua QUESTION NO: 210 lTe Explanation: Answer : B is correct to stop anyone from corrupting the evidence. C.www.CompTIA SY0-101: Practice Exam C. You have become aware of a hacker accessing confidential company data from over the network. A. B.

" .com Ac tua lTe sts QUESTION NO: 213 .CompTIA SY0-101: Practice Exam A. How will you accomplish the task? A. Install expensive surveillance equipment. Any Time. You want to reduce the current vulnerability from dumpster diving.www. Regular updates should be performed C. 139 Answer: A QUESTION NO: 214 You work as the security administrator at Certpaper . Employ additional security staff D.co m 75 . Port scanner C.com. Destroy all paper and other media that are no longer required. 23 C. Security log Answer: C Kerberos uses which of the following ports by default? A. B. Remove the contents of the trash can on a regular basis. C. Spam and anti-virus filters should be used D.actualtests. Answer: A "Pass Any Exam. 88 B. Email client features should be disabled B. Protocol analyzer B. 443 D. Preview screens should be disabled Answer: C QUESTION NO: 212 Which of the following would allow a technician to compile a visual view of an infrastructure? A. Networkmapper D.

Least critical functions B. Companies generate a huge amount of paper in the normal course of events. Most of the information eventually winds up in dumpsters or recycle bins. law enforcement informed of what is being done Answer: A QUESTION NO: 217 Which of the following is the MOST secure way to implement data encryption between SMTP servers? A.com 76 Ac tua QUESTION NO: 216 lTe Answer: A sts A. PPTP B. Any Time.www.CompTIA SY0-101: Practice Exam Explanation: Dumpster diving is a very common physical access method. Most businesses do not do this. Executive functions D. Web services . which of the following functions should be returned FIRST from the backup facility to the primary facility? . Systems functions C. 2004.actualtests. Security+ Study Guide . In high security government environments.co m Following a disaster. SSL "Pass Any Exam. the network bandwidth usage under control C. These dumpsters may contain information that is highly sensitive in nature. 2nd Edition. Alameda . Reference: Mike Pastore and Emmett Dulaney . sensitive papers are either shredded or burned. the user community informed of threats B. Sybex . p 51 QUESTION NO: 215 Communication is important to maintaining security because communication keeps: A." . the IT security budget justified D.

www. L2TP Answer: C QUESTION NO: 218 Which of the following definitions would be correct regarding Active Inception? A. . The DAC (Discretionary Access Control) model does not have any known security flaws. 2nd Edition.com Ac A. D. tua lTe sts The DAC (Discretionary Access Control) model has an inherent flaw. This creates an opportunity for attackers to use your certificates." . TLS D. This model allows users to dynamically share information with other users. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. Placing a computer system between the sender and receiver to capture information. Security+ Study Guide . Someone looking through your files D. C. 2004. network users have some flexibility regarding how information is accessed. p 440 "Pass Any Exam.co m Answer: B 77 . C. Sybex . Any Time. The process allows a more flexible environment. Choose the option that describes this flaw. The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource.actualtests. This allows anyone to use an account to access resources.CompTIA SY0-101: Practice Exam C. The DAC (Discretionary Access Control) model uses certificates to control access to resources. Involve someone who routinely monitors network traffic QUESTION NO: 219 Answer: A Explanation: In a DAC model. B. The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources. Reference: Mike Pastore and Emmett Dulaney . This creates a security loophole for Trojan horse attacks. but it increases the risk of unauthorized disclosure of information. Listening or overhearing parts of a conversation B. Alameda .

CompTIA SY0-101: Practice Exam QUESTION NO: 220 Which of the following will allow a credit card information theft? (chose TWO) A.com. Port 49 B. When you patch an operating system. SPIM E. immediatelydownload and install the patch. You must configure the firewall to support TACACS. Phishing Answer: B. install the patch and then backup the production server. because they are developed the fix known vulnerabilities. and it would also be wise to test the patch on your least important servers first. Which port(s) should you open on the firewall? A.com Ac tua Explanation: Software patches are good for network security. there's always a risk that something can go wrong which can compromise your data and server operation. So even if everything's operating normally. D. Virus B.www. Port 161 D. installing a patch. a patch is still very beneficial. lTe sts A." . Port 21 Answer: A "Pass Any Exam.E QUESTION NO: 221 Answer: A QUESTION NO: 222 You work as the security administrator at Certpaper . Adwar C.co m When a patch is released for a server the administrator should: 78 . It would be wise to backup your data BEFORE. C. Worm D.actualtests. Port 53 C. . Any Time. notinstall the patch unless there is a current need. B. test the patch on a non-production server then install the patch to production.

QUESTION NO: 223 CGI scripts are susceptible to which of the following types of attacks? A." . A CD-ROM Answer: B QUESTION NO: 225 Most key fob based identification systems use which of the following types of authentication mechanisms? (Select TWO). The manufacturer's website C. A. Username/password D. Biometrics B. Kerberos C. Token Answer: C. Certificates E. SQL injection Answer: A QUESTION NO: 224 Which of the following is the BEST place to obtain a hotfix or patch for an application or system? A. Buffer overflows C.CompTIA SY0-101: Practice Exam Explanation: TACACS uses both TCP and UDP port 49. An email from the vendor B. Cross site scripting B.actualtests. Any Time. A newsgroup or forum D.co m 79 . DNS spoofing D.com Ac tua lTe sts .www.E QUESTION NO: 226 "Pass Any Exam.

cryptography scheme C. exchange D. p 76 QUESTION NO: 227 Which of the following would be the minimally acceptable method of ensuring that a disposed hard drive does not reveal sensitive data? A. infrastructure B. You should install a host based IDS (Intrusion Detection System) Answer: C Explanation: Viruses get into your computer in one of three ways. and key history management.com Ac tua lTe sts . Reference: Mike Pastore and Emmett Dulaney .actualtests. D. You should prevent the execution of .co m 80 . Sybex . 2004. Delete the files and re-install the operating system Answer: A QUESTION NO: 228 A public key _____________ is a pervasive system whose services are implemented and delivered using public key technologies that include Certificate Authority (CA). They may enter your computer on a contaminated floppy or CD-ROM.vbs files. A. You should require root/administrator access to run programs and applications. You should enable scanning of all e-mail attachments. C. Alameda . A. distribution authority Answer: A "Pass Any Exam. digital certificates. Security+ Study Guide . non-repudiation. 2nd Edition. B. through e-mail. Perform multiple bit level overwrites B.www.CompTIA SY0-101: Practice Exam Choose the most effective method of preventing computer viruses from spreading throughout the network. Use the FDISK Command D. Any Time. Format the drive C. or as a part of another program." .

Sybex . The server then evaluates the certificate and responds with a session key and an encrypted private key. SMTP (Simple Mail Transfer Protocol) C. This protocol uses the handshake method.www. S/MIME (Secure Multipurpose Internet Mail Extensions) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. SSL (Secure Sockets Layer) D.com Ac Which of the following would be MOST effective in preventing network traffic sniffing? tua lTe Reference: Mike Pastore and Emmett Dulaney . "Pass Any Exam. QUESTION NO: 230 A.actualtests. The client then sends the server a certificate indicating the capabilities of the client." . which is used to secure web transactions? A.CompTIA SY0-101: Practice Exam QUESTION NO: 229 From the list of protocols. Disable promiscuous mode C. 2004. The session is secure after this process. 2nd Edition. Any Time. Alameda . Deployan IDS Answer: A Explanation: Switches don't send all traffic on the segment to every port so conventional sniffing methods don't work. When a connection request is made to the server. Use switches instead of hubs B. Security+ Study Guide .co m 81 . the server sends a message back to the client indicating a secure connection is needed. XML (Extensible Makeup Language) B. p 365 sts . Use hubs instead of routers D.

Hardware D. Security+ Study Guide . a firewall B. Guest.CompTIA SY0-101: Practice Exam QUESTION NO: 231 Which of the following is a common type of attack on web servers? A. Hypervisor. p 135 QUESTION NO: 232 QUESTION NO: 233 Stateful packet inspection is a methodology used by: A. Alameda .com Ac Answer: A tua A. This situation can cause an application to terminate. NAT C. 2004. Buffer overflow B. Any Time. network monitoring D. Emulator. Sandbox. a hub Answer: A "Pass Any Exam. Sandbox.co m 82 ." . Host. Hypervisor. Brute force Answer: A Explanation: Buffer overflow occur when an application receives more data that it is programmed to accept. Hardware B. Guest. Hardware lTe Which of the following is the BEST description of the basic elements of virtualization? sts . Sandbox. 2nd Edition. Sybex .www. Host. Hypervisor.actualtests. Reference: Mike Pastore and Emmett Dulaney . Spam D. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Birthday C. Hardware C. Hypervisor.

actualtests.C.CompTIA SY0-101: Practice Exam QUESTION NO: 234 Which of the following types of authentication BEST describes providing a username. Any Time. password and undergoing a thumb print scan to access a workstation? A." . a replay attack. Availability C.co m Which of the following would be achieved by using encryption? (Select THREE). the user is rerouted to a protest webpage. Mutual D. a social engineering attack D.com 83 Ac Users are reporting that when attempting to access the company web page on the Internet. Authorization E. This is MOSTUsers are reporting that when attempting to access the company? web page on the Internet. DNS Poisoning C. This is MOST likely: tua QUESTION NO: 236 lTe Answer: A. Confidentiality D. the user is rerouted to a protest webpage. . Non-repudiation B. Multifactor Answer: D QUESTION NO: 235 A. aDDoS attack B.www. Kerberos B. Biometric C.E sts A. Integrity . Answer: B QUESTION NO: 237 Using software on an individual computer to generate a key pair is an example of which of the following approaches to PKI architecture? "Pass Any Exam.

Hub and spoke D. B. Enumerating D. Answer: A QUESTION NO: 239 Answer: A QUESTION NO: 240 Which of the following would be MOST important when designing a security awareness program? A.actualtests. C. B. Answer: A "Pass Any Exam.com Ac A. Using an independent security instructor. Passive detection tua lTe Which of the following BEST describes the baseline process of securing devices on a network infrastructure? sts . Minimizing development cost. Change the employee's user password and keep the data for a specified period. Distributed key B." . Active prevention C.co m 84 .www. Creating security awareness posters and notices. Conducting user training sessions. Disable the employee's user accounts and delete all data. D. Hardening B. Centralized Answer: B QUESTION NO: 238 A representative from the human resources department informs a security specialist that an employee has been terminated. Any Time. Which of the following would be the BEST action to take? A. C. Disable the employee's user accounts and keep the data for a specified period of time. Decentralized C.CompTIA SY0-101: Practice Exam A. Contact the employee's supervisor regarding disposition of user accounts D.

Any Time. contamination mechanism and can exploit. B. Which of the following network devices should be used? A. A computer virus is a find mechanism. Smurf D.co m . activation mechanism and has an objective.CompTIA SY0-101: Practice Exam QUESTION NO: 241 Open FTP file shares on servers can facilitate which of the following types of attacks? A. initiation mechanism and can propagate. Hub Answer: C QUESTION NO: 243 Choose the statement which best defines the characteristics of a computer virus." . A computer virus is a search mechanism. or inserted a new "Pass Any Exam. Activation mechanism: Most viruses require the user to actually do something. Router B. D. Disk storage consumption Answer: D QUESTION NO: 242 A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. CPU starvation B.com 85 Ac tua lTe sts . Switch D. A computer virus is a replication mechanism. A computer virus is a learning mechanism. C.actualtests. Answer: D Explanation: Replication mechanism: To replicate a virus needs to attach itself to the right code. A. where it can replicate and spread past security systems into other systems.www. connection mechanism and can integrate. During the 80's and early 90's most viruses were activated when you booted from a floppy disk. Firewall C. Memory starvation C.

Reverse engineering. You must implement an authentication protocol that uses only encrypted passwords during the authentication process. it is easy for someone to sniff your conversation and eavesdrop on every single word you type. Packet sniffing. Which is it? A.www. D.co m . hog up memory. two routers D. Choose the authentication protocol that accomplishes this. Port scanning. QUESTION NO: 244 A demilitarized zone (DMZ) is a network segment that can be created by using: A. two firewalls Answer: D QUESTION NO: 245 An attacker can use a specific method to exploit the clear-text attribute of Instant-Messaging sessions.com 86 Ac tua lTe sts .CompTIA SY0-101: Practice Exam floppy disk into an infected drive. but some have the objective to delete data. Any Time. Cryptanalysis." . B. and they require the user to execute. or crash the system. A.actualtests. one router and one firewall C. Objective: many viruses have no objective at all. Kerberos "Pass Any Exam. Answer: A Explanation: Since only clear unencrypted text is being sent across the world through multitudes of WAN equipment and routers. C. one firewall and one VPN B. Nowadays most computer virus's come as email forwards. QUESTION NO: 246 You work as the security administrator at Certpaper .com.

Brute force techniques are likely to break the key if given enough time. B. QUESTION NO: 247 Which of the following would be the BEST reason for certificate expiration? A. Acceptable use policies "Pass Any Exam. CHAP (Challenge Handshake Authentication Protocol) Answer: D Explanation: CHAP is commonly used to encrypt passwords. SMTP (Simple Mail Transfer Protocol) C. C. The challenge response uses a hashing function derived from the Message Digest 5 (MD5) algorithm. phishing B. Renewal keeps the log files from getting too large.CompTIA SY0-101: Practice Exam B. User education and awareness training B. To keep the server from using the same key for two sessions.com Ac tua . that is repeated at random intervals during a session.actualtests. The longer an encryption key is used the more processing power it will consume. This would BEST be described as: lTe sts .A user has received an email from a mortgage company asking for personal information including bank account numbers. PPTP (Point-to-Point Tunneling Protocol) D." . D. Disaster planning C. spam C. packet sniffing D. a hoax Answer: A QUESTION NO: 249 Sending a patch through a testing and approval process is an example of which of the following? A.www. Answer: B QUESTION NO: 248 A. Any Time. It provides for on-demand authentication within an ongoing data transmission.co m 87 .

Browser trust-list B. behavior-based. Change management Answer: D QUESTION NO: 250 Which of the following BEST describes a set of programs and code that allows an undetectable presence on a system with administrative rights? A. Any Time. Virus C. anomaly-based Answer: A. A. rate-based C. signature-based D. Single certificate authority (CA) D.co m Answer: C 88 . Web-of-trust C. Rootkit D.com Ac tua A.actualtests.www." .E "Pass Any Exam. Hierarchical lTe sts Which of the following trust models would allow each user to create and sign certificates for the people they know? .CompTIA SY0-101: Practice Exam D. B. Trojan horse B. performance-based E. Worm QUESTION NO: 251 Answer: B QUESTION NO: 252 All of the following monitoring types evaluate pre-specified conditions EXCEPT: (Select TWO).

Ports 80 and 443. Answer: C QUESTION NO: 254 Which of the following methods of password guessing typically requires the longest attack time? A.www. Ports 20 and 21. Placing the password in a text document and saving the document on the system administrator's computer. Writing the password on a note and placing the note under the computer keyboard. B. Rainbow Answer: B Which of the following needs to be backed up on a domain controller to be able to recover Active Directory? A. "Pass Any Exam.actualtests. Any Time.co m . Operating system C. D. System files Answer: C QUESTION NO: 256 Choose the ports that are used to access the FTP (File Transfer Protocol) protocol. Writing the password on a piece of paper and storing the paper in a locked safe. Brute force C. C." . B.com 89 Ac tua QUESTION NO: 255 lTe sts . System state D. Dictionary D. Birthday B.CompTIA SY0-101: Practice Exam QUESTION NO: 253 Which of the following methods of documenting and storing a password is considered acceptable? A. Sharing the password with a family member and asking the family member not to reveal the password. User date B. A.

D. and be more suspect of an attack when someone does ask for a favor. Audit logs are not monitored frequently B.actualtests. B.com Ac Answer: B tua A. So by consistency. monitoring and administration Answer: C QUESTION NO: 258 Explanation: Social engineering attacks work because of the availability heuristic. In the past people have had experiences where a co-worker with a legitimate problem asked for help and been grateful for it. Lack of security awareness C. so essentially they're being a good Samaritan. With this knowledge in intuition. they associate that ask for help for every legitimate cry for help. Ports 21 and 23." . port 20 is the data port and port 21 is the command port. Ports 20 and 80. Multiple logins are allowed lTe Which of the following is a major reason that social engineering attacks succeed? sts . Answer: A Explanation: In basic FTP operations.co m 90 . If an awareness program were to be implemented where employees could be aware of social engineering tactics. guidelines and enforcement. QUESTION NO: 257 Human resource department personnel should be trained about security policy: A. implementation C. an employee will make a smarter decision. they feel the urge to help others again the way they've helped out somebody in the past. law of reciprocity.www. By availability. maintenance.CompTIA SY0-101: Practice Exam C. "Pass Any Exam. and times when they needed help themselves and were helped. Strong passwords are not required D. and law of consistency. they would be more likely to think about them. D. Any Time. when someone asks for help.

co m 91 .actualtests. Keep the solution simple C.cert.www. You are investigating the consequences of networks attacks aimed at FTP servers. and some vendors have developed solutions for this problem. Answer: C Reference: http://www. Address internal threats D. The attack aims to exploita buffer overflow vulnerability on the FTP server. the PORT command can be misused to open a connection to a port of the attacker's choosing on a machine that the attacker could not have accessed directly.org/advisories/CA-1997-27.CompTIA SY0-101: Practice Exam QUESTION NO: 259 A company implements an SMTP server on their firewall. Any Time. Which of the following states the aim of a FTP (File Transfer Protocol) bounce attack? A. D. The attack aims to store and distribute malicious code.com Ac Explanation: In some implementations of FTP daemons. Unix based B. Server based "Pass Any Exam. Use a device as intended B. The attack aims to establish a connection between the FTP server and another computer. B. The attack aims to reboot the FTP server. Create an in-depth defense Answer: A QUESTION NO: 260 You work as the security administrator at Certpaper . This implementation would violate which of the following security principles? A." . For more detailed information on this FTP Bounce attack refer to the hyperlink. There have been ongoing discussions about this problem (called "FTP bounce") for several years.com.html QUESTION NO: 261 Which of the following types of IDS should be employed to obtain the MOST information about the enterprise? A. C. tua lTe sts .

User account reports are periodically extracted from systems and employment verification is performed.actualtests. User accounts reports are periodically extracted from systems and end users are informed. Any Time. E. Answer: C. A. Continuity D. Confidentiality C.www. D.com Ac What is the primary security risk associated with removable storage? tua lTe sts .CompTIA SY0-101: Practice Exam C. B. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization.E QUESTION NO: 263 A. Integrity B. Host based Answer: C Explanation: A network based Intrusion Detection System is not limited to a single server or network segment like a host based IDS. User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes." .co m 92 . Availability Answer: C QUESTION NO: 264 A programming mechanism used to allow administrative access while bypassing the usual access control methods is known as a: "Pass Any Exam. it monitors all the traffic over the entire network QUESTION NO: 262 Which of the following BEST describes actions pertaining to user account reviews? (Select TWO). User accounts reports are periodically extracted from systems and user access dates are verified C. Network based D.

By location Answer: B QUESTION NO: 267 You work as the security administrator at Certpaper . You must document the procedure for handling computer virus infections. First search for and delete the virus file. First broadcast a message to the all users to alert them of the presence of a virus.com. logic bomb C. "Pass Any Exam. expiration Answer: C Which is a BEST practice method to assign rights and privileges? A. By network B. By individual C. Choose the action which you should specify to perform when receiving an e-mail message warning of the existence of a virus on the system if a specific executable file exists? A. validation D. First locate and download a patch to repair the file. destruction B. C.co m 93 . B. D. Any Time." .CompTIA SY0-101: Practice Exam A. Trojan horse B. revocation C. By group D.actualtests.com Ac tua lTe sts QUESTION NO: 266 .www. back door Answer: D QUESTION NO: 265 PKI provides non-repudiation by providing third-party assurance of certificate: A. software exploit D. First investigate the e-mail message as a possible hoax with a trusted anti-virus vendor.

Incorrect answers: Searching for and deleting a file is not only a waste of time with today's OS's complex directory systems. because it will waste bandwidth. but its also ineffective. and they will have details on their sites. modeling C.com Ac tua lTe sts QUESTION NO: 268 . the file could be hidden.actualtests.www. as a replay attack. McAfee.' Broadcasting an alert and creating panic isn't the right thing to do." . D. or Sophos will know about it before you. The process of predicting threats and vulnerabilities to assets is known as threat: A. avoidance. are encrypted D. but there's a chance that the patch itself could be the virus. in Kerberos authentication will not be successful because the tickets: A. mitigation B. use a token B. the major anti-virus players like Symantec. are time stamped Answer: D "Pass Any Exam. instead it gets sent to a 'recycle bin.co m 94 .CompTIA SY0-101: Practice Exam Answer: D Explanation: If a virus threat is for real. One can miss a file. or the process of resetting the computer could activate the virus. Answer: B QUESTION NO: 269 Reusing a ticket. acceptance. are digitally signed C. Any Time. and worst of all: when you delete a file it doesn't really get completely deleted. and perhaps terrorizing the users is the original intent of the attack. The act of locating and downloading a patch isn't just time consuming. the wrong file can be deleted.

www. "Pass Any Exam." . Check for shipping delays for the requested items. Any Time. While browsing the retailer's web site. B. Privatekeys can be compromised. Alameda . A. Passwords Answer: B Explanation: Biometrics These technologies are becoming more reliable. Biometrics C. Security+ Study Guide . The user later observes unknown charges on the credit card bill and has not received the purchased items. Weak encryption can be easily broken B. D. p 265 QUESTION NO: 271 Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication? A. the user wants to purchase an item and enters the credit card information. and they will become widely used over the next few years. Tokens D.actualtests. Sybex . Be sure that a URL is secure before entering personal information.CompTIA SY0-101: Practice Exam QUESTION NO: 270 Choose the method of authentication which is the most COSTLY method. It is subject to a man-in-the-middle attack C. A user must trust the public key that is received Answer: D QUESTION NO: 272 A user accesses a retailer from an Internet search. Reference: Mike Pastore and Emmett Dulaney . Many companies use smart cards as their primary method of access control. 2nd Edition. Implementations have been limited in many applications because of the high cost associated with these technologies. Which of the following actions should the user take? A. 2004.co m 95 .com Ac tua lTe sts . Shared secrets B.

Remote access to the email application's install directory has not been removed.www. Applying patches lTe sts Which of the following are components of host hardening? (Select TWO) . Answer: A QUESTION NO: 273 Which of the following protocols is used by Encapsulating Security Payload (ESP) in IPSec? A. Removing a user access to the user data B. The administrator account was not secured. Which of the following is MOST likely the cause? A. Configuring the Start menu and Desktop." .E QUESTION NO: 275 An SMTP server is the source of email spam in an organization. C. B. 50 B. 25 C. Answer: B "Pass Any Exam. C.com Ac tua A. Disabling unnecessary services E. Anonymous relays have not been disabled.400 connectors have not been password protected. Any Time.CompTIA SY0-101: Practice Exam C. 51 D. X. Type the retailer's web address directly into the URL in the future D. 20 QUESTION NO: 274 Answer: D. Limit the number of times online purchases are made monthly. D.co m Answer: A 96 . Adding users to the administrator group D.actualtests.

protecting againstDDoS attacks Answer: C Explanation: What good is a firewall without any kind of policy or configuration policy to be implemented? "Pass Any Exam. C.actualtests. Any Time. Physically locking the WAP. C.CompTIA SY0-101: Practice Exam QUESTION NO: 276 Which of the following would be the BEST step to take to stop unauthorized users from targeting a wireless network with a site survey? (Select TWO). B.www. D. Answer: B. Follow established procedures and report any abnormal incidents. Broadcasting a false domain name. Disabling SSID broadcasting. developing a firewall policy D." . Expedite the request since the caller's identity has been verified. Changing the default SSID. Which of the following would be the BEST action for the employee to take? A. A. blocking unwanted outgoing traffic B.com Ac tua lTe sts . E. Ask a supervisor for permission to deviate from established procedures due to the emergency Answer: C QUESTION NO: 278 The first step in effectively implementing a firewall is: A. The caller is knowledgeable about the company and the caller's name is listed in the company telephone and email directory. Give the caller a supervisor's name and telephone number to request authority to expedite the request. Using a switch rather than a hub. blocking unwanted incoming traffic C.co m 97 . D.C QUESTION NO: 277 An employee receives a request from a person claiming to be an employee at a remote office location. however. B. the caller claims there is an emergency and asks that the request be expedited.

com Ac Which of the following describes an unauthorized user redirecting wireless network traffic from the intended access point to a laptop to inject a packet with malware? tua lTe sts . DHCP Answer: C QUESTION NO: 280 Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? A. Security C. Revoke the key B. System D. Renew the key C." .CompTIA SY0-101: Practice Exam QUESTION NO: 279 Which of the following logs shows when the workstation was last shutdown? A. Delete the key Answer: A QUESTION NO: 281 A. A weak key Answer: A QUESTION NO: 282 The difference between identification and authentication is that: "Pass Any Exam. A: Social engineering D.actualtests. Access B. Reconfigure the key D.www. Any Time.co m 98 . A man-in-the-middle attack B. A replay attack C.

B. Block cipher D.com 99 Ac A. Intranet D.www.CompTIA SY0-101: Practice Exam A. A. Oakley "Pass Any Exam.co m . Sniffed traffic C. C. authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials. D. the IPSec Protocol Suite uses which of the following specific protocols for securing the data packet? (Select TWO).actualtests. Answer: C QUESTION NO: 283 Which of the following describes a semi-trusted location used to securely house public facing servers between the Internet and the local network? A. authentication verifies a set of credentials while identification verifies the identity of the network. Encapsulating Security Payload (ESP) B." . authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group. Algorithm used tua Which of the following would be MOST desirable when attacking encrypted data? lTe sts . authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials. Any Time. VLAN C. Demilitarized zone (DMZ) B. Secure Key Exchange Mechanism for Internet (SKEMI) C. VPN Answer: A QUESTION NO: 284 Answer: A QUESTION NO: 285 After establishing a tunnel. Weak key B.

starving. Any Time.actualtests. the BEST answer is A. and whether it is a computer virus or a blind. To control unauthorized DNSDoS D. Authentication Header (AH) Answer: A. To perform penetration testing on the DNS server C. IPSec can use AH or ESP. crippled.www. Reference: Mike Pastore and Emmett Dulaney . Email hoaxes often create unnecessary traffic because they ask users to forward an email to everyone in address book. E-mail hoaxes can result in buffer overflows on the e-mail server.com Ac Explanation: Although answer choices B . Alameda .C. Security+ Study Guide . A." .co m 100 .E Explanation: IPSec is a security protocol that provides authentication and encryption across the Internet. tua lTe sts . chose the primary attribute associated with e-mail hoaxes. 2nd Edition. Internet Security Association and Key Management Protocol (ISAKMP) E. C. cancer victim child suffering from Herpes it creates undue panic and emotion in the work setting. B. Answer: C QUESTION NO: 287 Which of the following is a reason to implement security logging on a DNS server? A. as well as panic in users that are not technically inclined. E-mail hoaxes consume large quantities of server disk space.CompTIA SY0-101: Practice Exam D. To measure the DNS server performance Answer: A "Pass Any Exam. 2004.D have a degree of truth to them. p 371 QUESTION NO: 286 From the list of options. D. E-mail hoaxes create unnecessary e-mail traffic. Sybex . E-mail hoaxes tend to encourage malicious users. To monitor unauthorized zone transfers B.

" . risk assessment policies D. operating system patching instructions Answer: A.CompTIA SY0-101: Practice Exam QUESTION NO: 288 The risks of social engineering can be decreased by implementing: (Select TWO) A. To analyze the various network traffic with protocol analyzers B.co m Which of the following security services are provided by digital signatures? (Select THREE). To implement additional network services at a lower cost C. Any Time. Confidentiality F. Authorization B. To centralize the patch management of network servers D. Authentication D.F QUESTION NO: 290 A. security awareness training B. Non-repudiation E.com Ac Which of the following is a security reason to implement virtualization throughout the network infrastructure? tua lTe sts A.B QUESTION NO: 289 Answer: C.www. identity verification methods C. vulnerability testing techniques E. To isolate the various network services and roles Answer: D QUESTION NO: 291 Giving each user or group of users only the access they need to do their job is an example of which of the following security principals? "Pass Any Exam.actualtests. Encryption C. 101 .D. Integrity .

Reference: Mike Pastore and Emmett Dulaney .CompTIA SY0-101: Practice Exam A. File and print server C. When they open the file. Any Time. D. B. Access control C. Web server Answer: B Which of the following should be scanned for viruses? A. 2004. All of the above. Separation of duties B. p 78 QUESTION NO: 294 "Pass Any Exam. the virus infects the target system. Security+ Study Guide .actualtests. Sybex . The infected system includes an attachment to any email that you send to another user. Plain text documents. Email server B. Many times the virus is in an executable attachment." . 2nd Edition.com Ac tua lTe sts QUESTION NO: 293 .www. Executable files. Remote Access Server (RAS) D.co m 102 . Microsoft Word documents. The recipient opens this file thinking it is something you legitimately sent them. Answer: A Explanation: Many newer viruses spread using email. Alameda . C. Least privilege D. Defense in depth Answer: C QUESTION NO: 292 Which of the following types of servers should be placed on a private network? A.

Differential C. Incremental D. are not visible to an IDS F.com Ac A company wants to connect the network to a manufacturer's network to be able to order parts. Any Time. Full B. VPN Answer: C QUESTION NO: 297 The IPSec Security Association is managed by "Pass Any Exam.www." . Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? tua QUESTION NO: 296 lTe sts .co m 103 .CompTIA SY0-101: Practice Exam Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media? A. provide root level access E. Intranet B.F A.actualtests. Scatternet C. sustain attacks that go unnoticed D. are not typically configured correctly or secured Answer: C. decrease the surface area for the attack C. Delta Answer: B QUESTION NO: 295 Non-essential services are often appealing to attackers because non-essential services: (Select TWO) A. Extranet D. consume less bandwidth B.

B. D. AH C. Alameda . will let all of the protocols pass through them.com Ac Reference: Mike Pastore and Emmett Dulaney . Port scans can be performed both internally and externally." . 2004. unless configured appropriately. IEEE B. p 69 tua Explanation: A TCP/IP network makes many of the ports available to outside users through the router.CompTIA SY0-101: Practice Exam A. MD5 because it produces fewer numbers of collisions. Any Time.co m 104 . ESP D. ISAKMP Answer: D QUESTION NO: 298 Which of the following actions can an attacker perform when network services are enabled on a target system? A. These ports will respond in a predictable manner when queried. SHA-1 because it produces 160-bits message digests. 2nd Edition. An attacker can enable logging on the target system. An attacker can systematically query a network to determine which services and ports are open. C. Answer: A QUESTION NO: 299 Which of the following is a suitable hashing algorithm for a secure environment? A. RC4 because it produces 160-bits message digests Answer: B "Pass Any Exam. This process is called port scanning. Many routers. Security+ Study Guide . An attacker can run a port scan against the target system. and it can reveal a great deal about your network.actualtests.www. An attacker can check the services file. Sybex . D. lTe sts . MD5 because it produces 160-bits message digests C. B. An attacker can install arootkit on the target system.

virus D. 64 Answer: A QUESTION NO: 301 Malicious software that travels across computer networks without user assistance is an example of a: A. 32 B. thereby tying up all the resources.com 105 Ac tua lTe sts . 128 D. choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network? A. Change this if you want but in the SYN flood the hacker sends a SYN packet to the receiving station with a spoofed return address of some broadcast address on their network. logic bomb Answer: A QUESTION NO: 302 From the listing of attacks. thus overloading the originator of the ping (the receiving station). Birthday attack D. All incoming connections are rejected until all current connections can be established. The receiving station tries to respond to each SYN request for a connection. The receiving station sends out this SYN packets (pings the broadcast address) which causes multiple servers or stations to respond to the ping. Trojan hors C. Any Time.CompTIA SY0-101: Practice Exam QUESTION NO: 300 How many characters is the output of a MD5 hash? A. 160 C. Smurf attack B. worm B. "Pass Any Exam. Therefore.www. Buffer Overflow attack Answer: B Explanation: SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets.co m .actualtests. SYN attack C." .

Biometric Answer: B QUESTION NO: 305 A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems. p 530 QUESTION NO: 303 While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in. whereas the network of the attacked station is actually what does the barrage of return packets and overloads the receiving station.co m . Multifactor D. Certificate Authority (CA) certificate D. Reference: Mike Pastore and Emmett Dulaney . The answer B is correct. Server certificate Answer: B QUESTION NO: 304 A. sts . 2nd Edition. Any Time. Security+ Study Guide . 2004. Alameda ." . Mutual C. The pop-up window is a certificate which validates the identity of the plug-in developer. Web certificate B.com 106 Ac Which of the following authentication methods requires that the client authenticate itself to the server and the server authenticate itself to the client? tua lTe Explanation: This is not discussed in the book so much. Software publisher certificate C.actualtests. Username/password B. Which of the following BEST describes this type of certificate? A. Which of the following BEST describes this document? "Pass Any Exam. but you can find online more information on software publisher certificate.CompTIA SY0-101: Practice Exam the hacker may send only 1 SYN packet. Sybex .www.

Authorized Access Policy D. anti-virus software companies.www. Piggybacking B. Any Time. lTe Which of the following would be the FIRST step to take to mitigate the threat of non-essential domain accounts? sts QUESTION NO: 307 . Answer: C Answer: A QUESTION NO: 308 Turnstiles. Privacy Act of 1974 B. Impersonation D. Looking over a co-workersshould'er to retrieve information Answer: A "Pass Any Exam. Write an LDAP query.actualtests. virus and malware cataloging organizations. Develop a security policy B. double entry doors and security guards are all prevention measures for which of the following types of social engineering? A." . Acceptable Use Policy C. Rename the system administrator account C.co m 107 . spyware and virus distributing software B. Looking through a co-worker's trash to retrieve information C. C. Due diligence form Answer: B QUESTION NO: 306 MITRE and CERT are: A.com Ac tua A. Review the domain accounts D.CompTIA SY0-101: Practice Exam A. virus propagation monitoring utilities. D.

where the authorized user will try to do the right thing. Water D. Answer: B QUESTION NO: 311 Which of the following would be an easy way to determine whether a secure web page has a valid certificate? A. Carbon Dioxide B. Right click on the lock at the bottom of the browser and check the certificate information B. The hero or the villain hides by a secure entrance.actualtests. An unauthorized person will put on a disguise and carry a heavy box to the door.www. B.com 108 Ac tua A newly hired security specialist is asked to evaluate a company's network security. Halon C. C. When the authorized user enters. The security specialist discovers that users have installed personal software. "Pass Any Exam. Which of the following would be the FIRST step to take? lTe QUESTION NO: 310 sts . they use stealth to sneak behind them and gain access without the authorized user even knowing. the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. and prop the door open for them. QUESTION NO: 309 Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment? A. Any Time. Ensure that the web URL starts with 'https:\\'. Enforce the security policy. Other forms of piggybacking take advantage of human altruism. and waits for an unknowing authorized user to enter." . Foam Answer: C A. Password management D. Install software patches.CompTIA SY0-101: Practice Exam Explanation: Piggybacking is an espionage tactic commonly used in the movies.co m . Disable non-essential services.

Physical Layer B.9. C. LDAP C.D Explanation: "Pass Any Exam. A. B. SSH with version 0.www. Any Time.CompTIA SY0-101: Practice Exam C.8a is installed and configured for remote administration.com 109 Ac tua A. Transport Layer E. FTP configures to allow anonymous user access. EAP B. SPAP QUESTION NO: 313 Answer: D QUESTION NO: 314 The SSL (Secure Sockets Layer) protocol operates between specific layers of the OSI (Open Systems Interconnection) reference model. Application Layer.co m Answer: A . Sendmail is configured to allow the administrator's web access. lTe sts Which of the following daemons is MOST likely to be the cause if an unauthorized user obtains a copy of a Linux systems /etc/passwd file? . Network Layer D." . ContactThawte or Verisign and ask about the web page D. Data Link Layer Answer: B. Contact the web page's web master Answer: A QUESTION NO: 312 Which of the following protocols works with 802.actualtests. SSL has enabled the Apache service with no virtual hosts configured C. D. Which is it? Choose all correct answers.1X to authenticate a client to a network? A. CHAP D.

actualtests.www. identify the network B. Install the executable program because there was probably a mistake with the MD5 value. QUESTION NO: 315 A security specialist has downloaded a free security software tool from a trusted industry site. D. so naturally it operates between the top two layers of the OSI model." . C. B.com 110 Ac tua lTe sts . BCP. The source has published the MD5 hash values for the executable program. protect the client C.CompTIA SY0-101: Practice Exam SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. secure the WAP D. define the encryption protocols used. Any Time. Ignore the MD5 hash values because the values can change during IP fragmentation.co m . D. Which of the following steps should the specialist take? A. DRP. SLA. Re-run the anti-virus program to ensure that it contains no virus execute B. VPN Answer: B QUESTION NO: 317 The purpose of the SSID in a wireless network is to: A. Answer: A QUESTION NO: 318 "Pass Any Exam. The specialist performs a successful virus scan on the download but the MD5 hash is different. Avoid executing the file and contact the source website administrator Answer: D QUESTION NO: 316 An end-to-end traffic performance guarantee made by a service provider to a customer is a: A. C.

co m . Security+ Study Guide . B.www. which of the following needs to be documented? A. Disaster recovery plan B. Rainbow Table C. p 432 lTe Explanation: The key word is decentralized.actualtests. Audit trail of systems usage D. Any Time. User accounts and passwords are stored on no more than two servers. Increase the input length Answer: A QUESTION NO: 321 "Pass Any Exam. C. Alameda . Sybex . Answer: C QUESTION NO: 320 Which of the following increases the collision resistance of a hash? A.com 111 Ac tua Reference: Mike Pastore and Emmett Dulaney . Larger key space D." . User accounts and passwords are stored on a server configured for decentralized management. Chain of certificates Answer: B QUESTION NO: 319 Which of the following coorectly specifies where user accounts and passwords are stored in a decentralized privilege management environment? A. User accounts and passwords are stored on each individual server. sts . User accounts and passwords are stored on a central authentication server.CompTIA SY0-101: Practice Exam To preserve evidence for later use in court. D. 2004. 2nd Edition. so the best answer would be B. Chain of custody C. Salt B.

Network based intrusion detection B. Incident response Answer: A Explanation: The chain of custody is a log of the history of evidence that has been collected. the serial number of the CA certificate. This log should catalog every event from the time the evidence is collected. configuration files.co m 112 . and log files? A. and the certificate's validity dates "Pass Any Exam.509 certificate? A. Host based intrusion detection Answer: C QUESTION NO: 322 Computer forensics experts use specific guidelines to gather and analyze data while minimizing data loss. File integrity auditing D.actualtests. A: User's public key. object identifiers. 2nd Edition." .www. and the location of the user's electronic identity B. Chain of custody B. Chain of command C. and the Certificate Revocation List (CRL) entry point C. What guidelines do they use? A. and the type of symmetric algorithm used for encryption D. the Certificate Authority (CA) distinguished name. Evidence D. Any Time.com Ac tua lTe sts . Security+ Study Guide .CompTIA SY0-101: Practice Exam Which of the following describes the process of comparing cryptographic hash functions of system executables. the certificate's serial number. Stateful packet filtering C. User's public key. Alameda . p 457 QUESTION NO: 323 Which of the following correctly identifies some of the contents of an end user's X. User's public key. Reference: Mike Pastore and Emmett Dulaney . Sybex . User's public key. 2004.

All X. TCP/IP hijacking. is responsible for assigning it a serial number to distinguish it from other certificates it issues. "Pass Any Exam.500 name of the entity that signed the certificate.gov/pki/panel/santosh/tsld002. Corruption of the media B.com Ac tua Which of the following may be a security issue during transport of stored tape media to an offsite storage location? lTe sts Reference: http://csrc. Timely restore of lost data D. Theft of the media C. Signature Algorithm Identifier Issuer Name The X.actualtests. in addition to the signature: QUESTION NO: 324 A.509 certificates have the following data. the CA. DDoS attack. Using this certificate implies trusting the entity that signed this certificate. and describes how to write it down (the data format)." . Any Time.www. This is normally a CA.co Version Serial Number The entity that created the certificate.509 standard defines what information can go into a certificate.nist. Validity Period Subject Name Subject Public Key Information This is the public key of the entity being named. A courier x-raying the contents Answer: B QUESTION NO: 325 A workstation is being used as a zombie set to attack a web server on a certain date.htm . B. together with an algorithm identifier which specifies which public key crypto system this key belongs to and any associated key parameters.CompTIA SY0-101: Practice Exam Answer: D Explanation: The X. The infected workstation is MOST likely part of a: A. m 113 .

choose the disadvantage of implementing an IDS (Intrusion Detection System). Asymmetric scheme "Pass Any Exam. QUESTION NO: 328 Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data. Any Time. A. If this happens too often then the IDS is not working properly." .co m .actualtests. Administration B. man-in-the-middle attack. The other answers limit your assessment. D. Decrease in throughput. A. Answer: A QUESTION NO: 326 Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network? A. D. Run a port scan Answer: A From the options. spoofing attack. Perform a vulnerability assessment B. C. Install and monitoran IDS C.CompTIA SY0-101: Practice Exam C. False positives.www. Answer: C Explanation: A false positive is when legitimate traffic is picked up as an intruder. Run a sniffer D. . Compatibility.com 114 Ac tua lTe QUESTION NO: 327 sts Explanation: Performing a vulnerability assessment is one of the most effective way to find holes in the network. Symmetric key distribution system B.

Symmetric scheme Answer: B QUESTION NO: 329 A company wants to implement a VLAN." .CompTIA SY0-101: Practice Exam C. if a threat becomes known. NESSUS D. Senior management believes that a VLAN will be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocol (DTP) will facilitate network efficiency. Which of the following issues should be discussed with senior management before VLAN implementation? A. Sam Spade B. MAC addresses can be spoofed and DTP allows only authenticated users. "Pass Any Exam. when the hardware or software is turned on. Asymmetric key distribution system D. when the vendor requires it D. once each month C. D. S/MIME C. QUESTION NO: 330 A common tool used for wireless sniffing and war driving is: A. MAC addresses can be spoofed and DTP allows rogue network devices to configure ports C. B. MAC addresses are a secure authentication mechanism and DTP allows rogue network devices to configure ports.www. B. NetStumbler Answer: D QUESTION NO: 331 Default passwords in hardware and software should be changed: A.actualtests. Any Time. MAC addresses are a secure authentication mechanism and DTP allows only authenticated users.com Ac tua lTe sts Answer: B .co m 115 .

John the Ripper B. Networkmapper Answer: D QUESTION NO: 335 Controlling access to information systems and associated networks is necessary for the preservation of their: "Pass Any Exam.CompTIA SY0-101: Practice Exam Answer: D QUESTION NO: 332 Which of the following is a protocol analyzer? A." .co Which of the following is MOST often used to allow a client or partner access to a network? m 116 . VLAN C. Any Time.www. Nessus C. Vulnerability scanner D. Demilitarized zone (DMZ) B. WireShark D. Penetration testing C. Cain & Abel Answer: C QUESTION NO: 333 Answer: C QUESTION NO: 334 A. Intranet .com Ac Which of following can be used to determine the topology of a network and discover unknown devices? tua lTe sts A.actualtests. Extranet D. Password crackers B.

authenticity. However. confidentiality. monitor and analyze traffic. The accountability is equally important. Reduction in hard drive space requirements.com 117 Ac tua lTe A. confidentiality. There legitimate purpose is to find traffic flow problems and bottlenecks for the sake of network optimization. integrity. p 22 QUESTION NO: 336 Answer: C Explanation: Packet sniffers are used to capture. Alameda . DoS (Denial of Service). to use in replay attacks. integrity and availability D.actualtests.CompTIA SY0-101: Practice Exam A. You will often see the confidentiality. C. Sniffer D. availability and accountability.www. QUESTION NO: 337 Choose the option that correctly specifies a likely negative technical impact of receiving large quantifies of spam. Processor underutilization." . C. A. hackers use it to capture data. 2nd Edition. D. Spoofer sts Which of the below options would you consider as a program that constantly observes data traveling over a network? . integrity and availability. authenticity. Any Time. Increased network throughput. Smurfer B. integrity and availability referred to as the CIA of network security. Reference: Mike Pastore and Emmett Dulaney . B. Sybex . confidentiality and availability B.co m . Security+ Study Guide . integrity and availability Answer: C Explanation: The design goals of a security topology must deal with issues of confidentiality. Fragmenter C. "Pass Any Exam. 2004.

it is possible for some users to receive over a hundred unsolicited emails a day! If every user on a network received that much email.com Ac tua Explanation: Fingerprinting is the act of inspecting returned information from a server ( ie . download. Answer: C QUESTION NO: 339 Which of the following is an example of two-factor authentication for an information system? A. ATM card and PIN C. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS. C. which analyzes how the operating system (OS) responds to specific network traffic. The system resources required to: process.co m 118 . thus denying service. Reverse engineering." . QUESTION NO: 338 From the listing of attacks.CompTIA SY0-101: Practice Exam Answer: A Explanation: In systems where no email filters are set up. lTe sts . Photo ID and PIN B. Operating system scanning. Each operating system will quote definite amount of message to the ICMP error messages. in an attempt to determine the operating system running in your networking environment? A. Retina scan and mantrap D. Username and password Answer: B "Pass Any Exam. Host hijacking. and store such email can potentially reduce a networks availability to zero. Any Time. One method is ICMP Message quoting where the ICMP quotes back part of the original message with every ICMP error message.actualtests.www. Fingerprinting D. B. the human time necessary to sort through those emails will be Herculean.

B.CompTIA SY0-101: Practice Exam QUESTION NO: 340 Which of the following is the primary method of performing network hardening? A. Disable any unnecessary ports and services.actualtests.co m 119 . C. Conduct vulnerability analysis. Any Time. Deploy a firewall and IDS D.www. Develop a trust model Answer: A "Pass Any Exam." .com Ac tua lTe sts .

Sign up to vote on this title
UsefulNot useful