CompTIA SY0-101

SY0-101 Security+

Practice Test
Version 3.0

CompTIA SY0-101: Practice Exam QUESTION NO: 1 A real estate company recently deployed Kerberos authentication on the network. Which of the following does Kerberos require for correct operation? (Select TWO). A. POP-3 B. Accurate network time C. Key Distribution Center D. Extranets E. SSL/TLS Answer: B,C

QUESTION NO: 2 401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE).401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE). A. Content B. TLSs C. Keys D. URLs E. CRLs F. Certificates Answer: A,D,F

QUESTION NO: 3

An administrator is selecting a device to secure an internal network segment from traffic external to the segment. Which of the following devices could be selected to provide security to the network segment? A. NIPS B. HIDS C. Internet content filter D. DMZ Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

2

CompTIA SY0-101: Practice Exam QUESTION NO: 4 Which of the following VPN implementations consists of taking IPv6 security features and porting them to IPv4? A. SSL B. IPSec C. L2TP D. PPTP Answer: B

QUESTION NO: 5

QUESTION NO: 6 Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software? A. Trojan horse B. Worm C. Virus D. Logic bomb Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

tua

lTe

Answer: A

sts

A. Role Based Access Control (RBAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Discretionary Access Control (DAC)

.co

m

A user is assigned access rights based on the function within the organization. This is a feature of which of the following types of access control models?

3

Discretionary Access Control (DAC) D. Web bug Answer: B QUESTION NO: 10 Which definition best defines what a challenge-response session is? A.www. Rule Based Access Control (RBAC) B. Mandatory Access Control (MAC) . Offsite storage Answer: B QUESTION NO: 8 Answer: B QUESTION NO: 9 Which of the following is often misused by spyware to collect and report a user's activities? A. Session cookie B. Role Based Access Control (RBAC) C.co A task-based control model is an example of which of the following? m . A challenge-response session is a workstation or system that produces a random login ID that the user provides. Persistent cookie D. in conjunction with the proper PIN (Personal Identification "Pass Any Exam. Any Time. Alternate sites B. Tracking cookie C.CompTIA SY0-101: Practice Exam QUESTION NO: 7 Which of the following would be MOST important to have to ensure that a company will be able to recover in case of severe environmental trouble or destruction? A.actualtests. Fault tolerant systems D." . Disaster recovery plan C.com 4 Ac tua lTe sts A. when prompted.

when prompted. Most security systems that rely on smart cards are based on challenge-response. A challenge-response session is a workstation or system that produces a random challenge string that the user provides. Any Time. in conjunction with the proper PIN (Personal Identification Number). Asymmetric D. Pseudorandom Number Generator (PRNG) Answer: A QUESTION NO: 12 An administrator wants to implement a procedure to control inbound and outbound traffic on a network segment. A challenge-response session is a special hardware device used to produce random text in a cryptography system. Which of the following would achieve this goal? A. A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated.com Ac tua lTe QUESTION NO: 11 sts . Answer: B Explanation: A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response). D. Symmetric C. One Way Function B.webopedia.CompTIA SY0-101: Practice Exam Number).actualtests. C.www. The smart card then displays a new code (the response) that the user can present to log in.com/TERM/C/challenge_response. HIDS B. B." . Reference: http://www.html Which of the following describes a type of algorithm that cannot be reversed in order to decode the data? A.co m 5 . Proxy "Pass Any Exam. A user is given a code (the challenge) which he or she enters into the smart card. ACL C.

Port scanning B. Denial of service (DoS) D.2 10.2. NIDS Answer: B QUESTION NO: 13 Which of the following freeware forensic tools is used to capture packet traffic from a network? A.5. Any Time.1 23 SYN 10/21 0930 192. tcpdump D.www.com 6 Ac tua lTe sts . B. SYN Flood C.5.5.5. Network News Transfer Protocol (NNTP) C.2. Expected TCP/IP traffic Answer: A QUESTION NO: 15 Which of the following protocols are not recommended due to them supplying passwords and information over the network? A. Domain Name Service (DNS) "Pass Any Exam.168.2 10.10.co QUESTION NO: 14 m .10.10. the following entries are observed: Date Time Source IP Destination IP Port Type 10/21 0900 192. NESSUS C." .2 10. SNMP (Simple Network Management Protocol). dd Answer: C When reviewing traces from an IDS.1 21 SYN 10/21 0920 192.2.168.168.10. nmap B.actualtests.168.2.CompTIA SY0-101: Practice Exam D.1 20 SYN 10/21 0915 192.1 25 SYN Which of the following is MOST likely occurring? A.2 10.

ISSE (Information Systems Security Engineering) lTe sts You work as the security administrator. Sybex .com 7 Ac tua A.actualtests. which is a tunneling protocol that can only work on IP networks because it requires IP connectivity? "Pass Any Exam. Security token Answer: A Answer: A Explanation: Wired Equivalent Privacy is a wireless protocol designed to provide privacy equivalent to that of a wired network.CompTIA SY0-101: Practice Exam D. Reference: Mike Pastore and Emmett Dulaney . WEP (Wired Equivalent Privacy) B. 2004. 3DES encryption D. You want to implement a solution which will provide a WLAN (Wireless Local Area Network) with the security typically associated with a wired LAN (Local Area Network): Which solution should you implement? . p 372 QUESTION NO: 18 From the options. Alameda .www. VPN (Virtual Private Network) C." . Internet Control Message Protocol (ICMP) Answer: A QUESTION NO: 16 Which of the following must be installed for HTTPS to work properly on a web site? A. Security+ Study Guide . Any Time. 2nd Edition. Digital certificate B.co QUESTION NO: 17 m . Symmetric key C. ISDN (Integrated Services Digital Network) D.

IPX. SSH C.actualtests. require IP connectivity between your computer and the server. Like PPTP." . IPX. PPTP tunnels and/or encapsulates. however. IPX protocol D.CompTIA SY0-101: Practice Exam A.www. Spoofing Answer: A "Pass Any Exam. IP. Which of the following would be the BEST description of this program? sts . Software exploitation B. or NetBEUI protocols inside of PPP datagrams PPTP does not require a dial-up connection. Trojan horse B. or NetBEUI protocols QUESTION NO: 19 Answer: A QUESTION NO: 20 Which of the following BEST describes an attack that takes advantage of a computer not fully updated with the most recent operating system patches? A. It does. Worm lTe A user downloads and installs a new screen saver and the program starts to rename and delete random files. PPTP protocol B.com 8 Ac tua A. Any Time. L2TP encapsulates Point-to-Point Protocol (PPP) frames.co m . Vulnerability C. Virus D. Logic bomb C. Not B: L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP). Developed as an extension of the Point-to-Point Protocol (PPP). which in turn encapsulate IP. Brute force D. L2TP protocol Answer: A Explanation: Point-to-Point Tunneling Protocol You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP).

Which of the following is this an example of? A. Network-based IDS E. Router with an IDS module F.www. Any Time. The web server is located in the core internal corporate network. Privilege escalation C. Weak passwords Answer: B "Pass Any Exam.actualtests. Host-based firewall D. Which of the following should the security specialist implement to secure the web server? (Select TWO). symmetrical B." . Router with firewall rule set Answer: B.C QUESTION NO: 23 A program allows a user to execute code with a higher level of security than the user should have access to. The network cannot be redesigned and the server cannot be moved. DoS B. Default accounts D. A. Network-basedfirewal B.CompTIA SY0-101: Practice Exam QUESTION NO: 21 Secret Key encryption is also known as: A.co m 9 . asymmetrical C. Answer: A QUESTION NO: 22 A companys security' specialist is securing a web server that is reachable from the Internet. one way function.com Ac tua lTe sts . Host-based IDS C. replay D.

com 10 Ac tua QUESTION NO: 26 lTe Answer: D sts A. Clocks are used to both benchmark and specify the optimal encryption algorithm. Certificate Revocation List (CRL). To insure that the authenticator is up-to-date and is not an old one that has been captured by an attacker. perform penetration testing D. conduct a follow-up vulnerability analysis B. the timestamp in the authenticator is checked against the current time. Root Certifying Authority (Root CA).co m . B. . update the baseline C. the ultimate authority is called the: For which reason are clocks used in Kerberos authentication? A. C. Clocks are used to ensure that tickets expire correctly. D.actualtests. C. Kerberos requires your system clocks to be loosely synchronized (the "Pass Any Exam." . Clocks are used to generate the seed value for the encryptions keys. The authenticator contains the client's identity and a timestamp.www. test the essential functionality Answer: D QUESTION NO: 25 In a certificate hierarchy. If the timestamp is not close enough to the current time (typically within five minutes) then the authenticator is rejected as invalid. D. Thus. Answer: A Explanation: The actual verification of a client's identity is done by validating an authenticator. The next step before placing the network back into operation would be to: A. B. Terminal Access Controller Access Control System (TACACS). Clocks are used to ensure proper connections. Any Time.CompTIA SY0-101: Practice Exam QUESTION NO: 24 A security specialist has completed a vulnerability assessment for a network and applied the most current software patches. Private Branch Exchange (PBX).

but it can be adjusted in Version 5 to be whatever you want). Service pack D.html QUESTION NO: 27 Message authentication codes are used to provide which service? A. Network perimeter D. External network segment Answer: B. Demilitarized zone (DMZ) C. Faultrecover QUESTION NO: 28 Answer: C QUESTION NO: 29 A company's web server needs to be accessible by remote users.faqs. Patch rollup C. Patch template lTe sts Which of the following is an installable package that includes several patches from the same vendor for various applications? .CompTIA SY0-101: Practice Exam default is 5 minutes.co m Answer: B 11 . Acknowledgement D. and corporate users. Hotfix B." .C "Pass Any Exam. business partners. Internal network segment B. Which of the following would be the BEST location for the web server? A. Any Time.com Ac tua A.www. Integrity C.actualtests. Reference: http://www.org/faqs/kerberos-faq/general/section-22. Key recovery B.

tua lTe sts . Disabling them (which is as easy as setting your browser security level to High) is the best method of securing a web browser. JavaScript." . Java.CompTIA SY0-101: Practice Exam QUESTION NO: 30 In order to secure web-based communications. Answer: B QUESTION NO: 32 Documentation describing a group expected minimum behavior is known as:Documentation describing a group? expected minimum behavior is known as: A. which is considered the best method for securing a web browser? A. Any Time. a code of ethics D.co m 12 . and cookies all poise security concerns. PPP Answer: C. Only use a VPN (Virtual Private Network) connection to connect to the Internet. Deploy a filtering policy for unknown and illegal websites that you do not want users to access. Disable all unused features of the web browser. Symmetric cryptography E. since its simple. Challenge Handshake Authentication Protocol (CHAP) B.com Ac Explanation: Features that make web surfing more exciting like: ActiveX. Blowfish encryption C.D QUESTION NO: 31 From the recommendations below. Public-key cryptography D. the need to know C. acceptable usage B. IPSec F. B. the separation of duties "Pass Any Exam. D.www. Do not upgrade web browsers because new versions have a tendency to contain more security flaws. and within every users reach.actualtests. secure. SSL uses: (Select TWO) A. CGI scripts. C.

Discretionary Access Control (DAC). DNS Answer: B QUESTION NO: 34 Which of the following describes backing up files and software that have changed since the last full or incremental backup? A." . NAT C.com Ac QUESTION NO: 35 tua lTe sts . SOCKS D. Private addressing B. Delta backup B. decentralized management C. need to know B.actualtests.co m 13 .CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 33 Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header? A. Differential backup D. Any Time. Incremental backup Answer: D The authentication process where the user can access several resources without the need for multiple credentials is known as: A. Full backup C. D. single sign-on Answer: D QUESTION NO: 36 "Pass Any Exam.www.

3DES B.co m 14 . The session is secure after this process. RC4 C. QUESTION NO: 38 A VPN is needed for users to connect to a remote site and the VPN must be transparent to the user.actualtests. This protocol uses the handshake method. Gateway to Host C. QUESTION NO: 37 WEP uses which of the following stream ciphers? A. The server displays the page requested by the user on the browser. and then provides its IP (Internet Protocol) address for verification purposes. The server then evaluates the certificate and responds with a session key and an encrypted private key." . The server validates the user by checking the CRL (Certificate Revocation List). When a connection request is made to the server. The client then sends the server a certificate indicating the capabilities of the client. C. D. IKE D. Answer: A Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines.www. which represents the first action performed by an SSL (Secure Sockets Layer) enabled server when a user clicks to browse a secure page? A. Which of the following VPN models would be BEST to use? A. Gateway to Gateway "Pass Any Exam. B. Host to Gateway D. the server sends a message back to the client indicating a secure connection is needed.com Ac tua lTe sts . The server requests the user to produce the CRL (Certificate Revocation List). Any Time. The server uses its digital certificate to identify itself to the browser.CompTIA SY0-101: Practice Exam From the options below. Host to Host B. RC2 Answer: B Explanation: NO XPLANATION.

Common Gateway Interface (CGI) C. Which of the following types of vulnerabilities is occurring? A.com 15 Ac tua lTe sts .actualtests. Transport D. so naturally it operates between the top two layers of the OSI model.www. server drive redundancy "Pass Any Exam. Application Answer: C Explanation: SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. Cross-site scripting D. offsite storage B. Any Time. QUESTION NO: 41 An important component of a good data retention policy is: A. Data link B.co m . QUESTION NO: 40 SSL operates at which layer? A. Cookies Answer: A Explanation: NO XPLANATION." . ActiveX B. QUESTION NO: 39 A web page becomes unresponsive whenever the embedded calendar control is used. magnetic media sorting C. Network C.CompTIA SY0-101: Practice Exam Answer: D Explanation: NO XPLANATION.

" . Block all Domain Name Service (DNS) requests coming into the server. Since the older an operating system is.com 16 Ac A person walks up to a group of people who have physical access to a network operations room. Or when they make new software release (Linux kernels seam to be updated every other day) they try to fix all known vulnerabilities. Use packet sniffing software on all inbound communications D.CompTIA SY0-101: Practice Exam D. Tailgating D. the more time a hacker's have to seek vulnerabilities. and the instant they realize that there's a security breach they assign a team on it to develop a security patch. Social engineering Answer: C QUESTION NO: 44 Which of the following connectivity is required for a web server that is hosting an SSL based web site? "Pass Any Exam. Enable auditing on the web server and periodically review the audit logs B. As some of the group enters the room. A simple security patch that takes a couple of minutes to download and install is the difference between having a secure network and having a system made completely useless by a worm. Apply the most recent manufacturer updates and patches to the server. this person walks into the room behind the group without providing credentials to gain access. backup software licensing Answer: A QUESTION NO: 42 To reduce vulnerabilities on a web server.www. Shoulder surfing C. C. Which of the following would BEST describe this activity? tua lTe Explanation: Operating system manufacturers pride themselves in having a secure system. Any Time. Walk behind B.actualtests. an administrator should adopt which of the following preventative measures? A. QUESTION NO: 43 A.co m Answer: D . sts .

Hoaxes can help educate users about a virus. Browser trust-list C. Hoaxes also often instruct the user to delete files on their computer that may cause their computer or a program to quit functioning. Port 443 inbound D.com 17 Ac A. Which of the following should the company implement? "Pass Any Exam. D.CompTIA SY0-101: Practice Exam A. which statement is TRUE? Choose the best TRUE statement. Any Time. Single certificate authority (CA) B. Hierarchical D. sts . Web-of-trust Answer: D QUESTION NO: 46 Answer: A Explanation: Hoaxes do have the possibility of causing as much damage as viruses. Port 80 inbound C.actualtests. Hoaxes can create as much damage as a real virus. C.www. Many hoaxes instruct the recipient to forward the message to everyone that they know and thus causes network congestion and heavy e-mail activity. Hoaxes carry a malicious payload and can be destructive. Hoaxes are harmless pranks and should be ignored. Port 80 outbound Answer: C QUESTION NO: 45 Which of the following trust models would allow each user to create and sign certificates for the people they know? A. Port 443 outbound B." . and least privilege. B. QUESTION NO: 47 A company conducts sensitive research and development and wants a strict environment for enforcing the principles of need to know. separation of duties.co m . tua lTe On the topic of comparing viruses and hoaxes.

recording to write-once media. 2nd Edition. Role-Based Access Control (RBAC) method.D "Pass Any Exam. Discretionary Access Control (DAC) method C. Discretionary Access Control (DAC) C. a firewall that creates an enclave B. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. The process allows a more flexible environment. access controls that restrict usage C. B. Alameda . Mandatory Access Control (MAC) method Answer: B QUESTION NO: 49 Audit log information can BEST be protected by: (Select TWO). 2004. an intrusion prevention system (IPS) F. but it increases the risk of unauthorized disclosure of information. Mandatory Access Control (MAC) B." .com 18 Ac Reference: Mike Pastore and Emmett Dulaney . All of the above D. Single factor authentication Answer: A QUESTION NO: 48 Which access control method allowsusers to have some level of flexibility on how information is accessed. A.CompTIA SY0-101: Practice Exam A. Sybex . an IDS Answer: B. Single sign on D.actualtests. Security+ Study Guide . p 440 tua lTe Explanation: In a DAC model. Any Time. sts . network users have some flexibility regarding how information is accessed. using a VPN D.co m . This model allows users to dynamically share information with other users. E. but at the expense of increasing the risk of unauthorized disclosure of information? A.www.

com Ac Which of the following programming techniques should be used to prevent buffer overflow attacks? tua lTe sts .www. Users are at risk for identity theft. Automatic updates B. a worm D. The email server capacity is consumed by message traffic. A. a logic bomb C. Input validation C. Any Time. Nested loops D.co m 19 . Users are tricked into changing the system configuration. Answer: A QUESTION NO: 52 A. B.B QUESTION NO: 51 Malicious code that enters a computer by means of a freely distributed game that is intentionally installed and played is known as: A. The model with no single trusted root is known as: "Pass Any Exam. D.CompTIA SY0-101: Practice Exam QUESTION NO: 50 Which of the following would be considered a detrimental effect of a virus hoax? (Select TWO). C. a Trojan horse B. Answer: A." . an email attachment.actualtests. Technical support resources are consumed by increased user calls. Signed applets Answer: B QUESTION NO: 53 Pretty good privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another.

All objects are given security labels known as sensitivity labels and are classified accordingly. Any Time. Alameda . peer-to-peer. hybrid B.com Ac Reference: Mike Pastore and Emmett Dulaney . RBACs (Role Based Access Control) method D. Then all users are given specific security clearances as to what they are allowed to access. D. C. A." . 2nd Edition. The person connects a packet sniffer to the network switch in the wiring closet and hides the sniffer behind the switch against a wall. DACs (Discretionary Access Control) method Answer: B QUESTION NO: 55 A person pretends to be a telecommunications repair technician. LBACs (List Based Access Control) method B.actualtests. The MAC model can be very restrictive. a man in the middle attack "Pass Any Exam. 2004.co m 20 . This is an example of: A. p 11 tua The MAC model is a static model that uses a predefined set of access privileges to files on the system. hierarchical Answer: B QUESTION NO: 54 Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item.www. Security+ Study Guide . Sybex . downlevel. sts . social engineering B. lTe Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. MACs (Mandatory Access Control) method C. The system administrator establishes these parameters and associates them with an account. enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet.CompTIA SY0-101: Practice Exam A. files or resources.

com Ac tua lTe sts QUESTION NO: 57 . a vulnerability scan D. A company with a dedicated information technology (IT) security staff. A rainbow table B. A military facility with computer equipment containing biometrics. A locked. A company with a help desk whose personnel have minimal training. A password generator Answer: A QUESTION NO: 58 Which of the following network authentication protocols uses symmetric key cryptography. Which of the following would allow an administrator to find weak passwords on the network? A. E. C. Any Time. Kerberos C. a penetration test Answer: A QUESTION NO: 56 Social engineering attacks would be MOST effective in which of the following environments? (Select TWO).co Answer: A. A networkmapper C. A hash function D.actualtests.D m 21 . PKI Answer: B "Pass Any Exam. stores a shared key for each network resource and uses a Key Distribution Center (KDC)? A. A public building that has shared office space." . B. RADIUS B. windowless building D.CompTIA SY0-101: Practice Exam C. TACACS+ D.www. A.

QUESTION NO: 60 Choose the terminology or concept which best describes a (Mandatory Access Control) model. Synchronous password generator D. Lattice D. Which of the following would be the FIRST action to take? A. "Pass Any Exam.com Ac Explanation: The word lattice is used to describe the upper and lower level bounds of a user' access permission." . so not only can the authentication be assured. Bell La-Padula B.co m 22 . Any Time. D. Notify management. Smart cards C. C. That challenge can also include a hash of transmitted data. A. Determine the business impact. Asynchronous password generator Answer: C Explanation: An synchronous password generator. Answer: C QUESTION NO: 61 A system administrator reports that an unauthorized user has accessed the network. Contain the problem. but also the data integrity.www. Cryptographic keys B. B. BIBA C.actualtests. Clark and Wilson sts . has an authentication server that generates a challenge (a large number or string) which is encrypted with the private key of the token device and has that token device's public key so it can verify authenticity of the request (which is independent from the time factor). Contact law enforcement officials. tua lTe A.CompTIA SY0-101: Practice Exam QUESTION NO: 59 Choose the password generator that uses a challenge-response method for authentication.

446 D. 443 Answer: D "Pass Any Exam. In one case.co m 23 . QUESTION NO: 63 Answer: B QUESTION NO: 64 The MOST common Certificate Server port required for secure web page access is port: A. SMURF Answer: A Explanation: Dictionaries may be used in a cracking program to determine passwords. one system in five yielded to a particular dictionary attack. 25 B. A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. Spamming D. Although most systems resist such attacks. some do not. Overwrite the oldest audit records B. which one is it? A. Log off the user lTe Which of the following should be done if an audit recording fails in an information system? sts . Any Time. Dictionary B.actualtests. 80 C.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 62 One of the below attacks focus on the cracking of passwords.com Ac tua A. Stop generating audit records D. Teardrop C." .www. Send an alert to the appropriate personnel C.

SSL F. Certificate authority revocation is easy to implement. Encapsulating Security Protocol (ESP) D. C. which of the following are the MOST common techniques that attackers use to socially engineer people? (Select TWO) A. Phreaking "Pass Any Exam. WAN B. The root certificate authority key can be stored offline.C QUESTION NO: 66 Which of the following would be an advantage for using PKI over a key server system? A. The key server is superior in large systems. WEP Answer: C.CompTIA SY0-101: Practice Exam QUESTION NO: 65 IPSec uses which of the following protocols to provide traffic security? (Select TWO). PPTP E.actualtests.com 24 Ac tua QUESTION NO: 67 lTe Answer: C sts . SSH Answer: B. Which of the following wireless security protocols could be used? (Select TWO).D QUESTION NO: 68 In addition to bribery and forgery. A." . WPA D. D. A.www. AH C. IPX C. B. A small manufacturing company wants to deploy secure wireless on their network.co m . Any Time. L2TP B. PKI is less complex to deploy.

Anti-aliasing D. Assuming a position of authority Answer: D.com Ac tua A.A technician is auditing the security posture of an organization.CompTIA SY0-101: Practice Exam B. Clustering B.E QUESTION NO: 69 Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received? A. Non-repudiation Answer: D QUESTION NO: 70 Answer: C QUESTION NO: 71 .www.co m 25 . Dumpster diving D. Changing file level audit settings D. The audit shows that many of the users have the ability to access the company's accounting information. Data integrity B. Implementing a host based intrusion detection system C. Asymmetric cryptography C. RAID D. Implementing a host based intrusion prevention system "Pass Any Exam. Changing the user rights and security groups B. Flattery E. Any Time. Load balancing C. Which of the following should the technician recommend to address this problem? A. Whois search C. Remote access lTe Which of the following would be an example of a high-availability disk technology? sts .actualtests." .

CompTIA SY0-101: Practice Exam Answer: A QUESTION NO: 72 Which of the following is commonly used in a distributed denial of service (DDOS) attack? A. The CGI script ran on the web server. B.com 26 Ac tua lTe A. Alameda . 2004. D.actualtests. CGI scripts could be used to capture data from a user using simple forms. Adware B. Trojan Answer: B QUESTION NO: 73 Answer: A Explanation: Common Gateway Interface is an older form of scripting that was used extensively in early web systems.www. Sybex . SQL (Structured Query Language) server "Pass Any Exam.co Which scenario or element would typically cause a CGI (Common Gateway Interface) security issue? m ." . A. Any Time. The HTTP (Hypertext Transfer Protocol) protocol. but it still widely used in older systems. CGI is frowned upon in new applications because of its security issues. p 136 QUESTION NO: 74 Choose the compoenent that you would locate in the DMZ (Demilitarized Zone). Phishing D. Although the answer is not given in the paragraph from the book. C. and it interacted with the client browser. Reference: Mike Pastore and Emmett Dulaney . The external data provided by the user. Botnet C. The web browser. 2nd Edition. sts . The compiler or interpreter which runs the CGI script. the answer would be D. Security+ Study Guide .

C. attack patterns within the network and malicious activities.actualtests. D.com 27 Ac tua lTe sts . 2nd Edition. the IDS detects a potential security breach. which is FALSE for a network based IDS system? A. the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source. QUESTION NO: 76 A security specialist is called to an onsite vacant office where an employee has found an unauthorized wireless access device connected to an RJ-45 jack linked to the corporate LAN. p 26 QUESTION NO: 75 Of the intrusion detection capabilities listed below. By isolating a server in a DMZ. User workstations C. Customer account database Answer: C Explanation: A DMZ is an area where you can place a public server for access by people you might not trust otherwise. A FTP server can be used by people from outside of your network and should be placed in the DMZ. A network based IDS system can monitor and report on all network traffic. In a reactive system. you can hide or remove access to other areas of your network. Sybex . which is invisible to hostbased IDS systems. FTP (File Transfer Protocol) server D. Alameda . B.www. Answer: B Explanation: In a passive system. 2004. Any Time. Reference: Mike Pastore and Emmett Dulaney . A network based IDS system can detect dial-in intrusions and attempts to physically access the server." . "Pass Any Exam. based on where it is located. A network based IDS system can detect attacks in progress. A network based IDS system can see packet header information.co m .CompTIA SY0-101: Practice Exam B. logs the information and signals an alert. Security+ Study Guide .

C. Application-proxy Answer: D QUESTION NO: 78 Choose the attack or malicious code that cannot be prevented or deterred solely through using technical measures.co m 28 .actualtests.CompTIA SY0-101: Practice Exam Which of the following actions should the administrator take FIRST? A. Network address translation (NAT) D. QUESTION NO: 79 Company intranet. D. Turn off the power." . A. Disconnect the network cable. DoS (Denial of Service) attacks. Install a sniffer. Call the police.www. Social engineering. newsletters. D. Man in the middle attacks. Answer: B Explanation: Because of human rights laws. login banners and e-mails would be good tools to utilize in a security: "Pass Any Exam. Answer: D QUESTION NO: 77 Which of the following types of firewalls provides inspection at layer 7 of the OSI model? A. For this reason social engineering attacks cannot be deterred through technical means.com Ac tua lTe sts . Stateful inspection C. Any Time. B. posters. Dictionary attacks. B. Packet filters B. it is unlawful to use technology to directly control people's emotions and behaviors. C.

packet sniffer D. likewise advertising techniques can also be used to bring awareness to security programs. bridge C. firewall Answer: D QUESTION NO: 82 Which of the following access decisions are based on a Mandatory Access Control (MAC) environment? A. honeypot B.actualtests. anti-virus program C." .www. QUESTION NO: 80 An IDS sensor on a network is not capturing all the network data traffic. control test C. awareness program B.co m 29 . Any Time.com Ac tua lTe sts . router Answer: A QUESTION NO: 81 A software or hardware device that allows only authorized network traffic in or out of a computer or network is called a: A. Sensitivity labels "Pass Any Exam. investigation D. This may be happening because the sensor is connected to the network with a: A. hub D. switch B. policy review Answer: A Explanation: Advertisement techniques are used to bring product awareness to a consumer.CompTIA SY0-101: Practice Exam A.

C. Create a certificate authority. Answer: B QUESTION NO: 84 The concept that a web script is run in its own environment and cannot interfere with any other process is known as a: A. honey pot D.co m . and grant rights and privileges based on groups.com 30 Ac tua lTe sts . quarantine Answer: A QUESTION NO: 85 Choose the malicious code which can distribute itself without using having to attach to a host file. Group membership D. sandbox B." . Enroll users in a biometric authentication system. and grant rights and privileges. Identify roles and objects to be accessed. Create a list of departments. deploy biometric hardware to the client computers. B. VLAN C. create a folder for each department.www. Any Time. All objects are given security labels known as sensitivity labels and are classified accordingly. Access control lists Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. meet with the departments and direct them to access their departmental folder. D. issue certificates to each user. Then all users are given specific security clearances as to what they are allowed to access.CompTIA SY0-101: Practice Exam B. Ownership C. QUESTION NO: 83 Which of the following is a best practice for managing user rights and privileges? A. "Pass Any Exam. assign rights and privileges based on individual certificates. create groups.actualtests.

www. Answer: C QUESTION NO: 86 During a live response to an unauthorized access. A virus. A Trojan horse. netcat D.co m . Need to know policy B. Dry powder C. A logic bomb. Soda acid B.actualtests. A worm. NETSTAT B. C. Which of the following commands would be used to display the current network connections on the local computer? A. B. Any Time. Risk assessment C. D. a forensics specialist executes a command on the computer being investigated. Water Answer: C QUESTION NO: 88 A computer system containing personal identification information is being implemented by a company's sales department. Carbon dioxide (CO2) D. nmap C." . The sales department has requested that the system become operational before a security review can be completed. Corporate security policy "Pass Any Exam.com 31 Ac tua lTe sts . IPCONFIG / IFCONFIG Answer: A QUESTION NO: 87 Which of the following is a suppression method for a Class C fire? A.CompTIA SY0-101: Practice Exam A. Which of the following can be used to explain the reasons a security review must be completed? A.

Create and enforce network security policy. vulnerabilities D. e-mail. QUESTION NO: 91 Which of the following is the MOST effective social engineering defensive strategy? A.www. Vulnerability assessment Answer: C QUESTION NO: 89 The first step in risk identification would be to identify: A. It asks what action will discourage the employees. . Implement a strong authentication method.com employees misusing your ORG.actualtests. You want to reduce the likelihood of certpaper. threats B. costs C. so the correct answer is to create a network security policy that defines what kind of email use constitutes the term misuse.co QUESTION NO: 90 m 32 . Escorting of guests "Pass Any Exam. assets Answer: D How will you accomplish the task? Answer: C Explanation: The question doesn't ask what method can be used to best secure the emails. or what will best prevent the transmission of nonessential email. Encrypt all company e-mail messages." .com Ac tua A. Any Time. Create and enforce ACLs (Access Control List). C. B. lTe sts You work as the security administrator. Badge security system B. D.CompTIA SY0-101: Practice Exam D.

p 135 sts Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. Logic bomb C. B. Any Time. Marking of documents Answer: C QUESTION NO: 92 From the list below. Role Based Access Control (RBAC) C. This is BEST described as: A. 2nd Edition.www. A. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Mandatory Access Control (MAC) Answer: B QUESTION NO: 94 "Pass Any Exam. human resources personnel having slightly less access and managers having access to their own department files only. Ping of death B. choose the exploit that can be considered a DoS attack because more traffic than what the node can handle is flooded to that node.CompTIA SY0-101: Practice Exam C. Sybex .com Ac tua lTe Reference: Mike Pastore and Emmett Dulaney .actualtests. Security+ Study Guide ." . Alameda . . Smurf attack Answer: C QUESTION NO: 93 An organization has a hierarchical-based concept of privilege management with administrators having full access. Training and awareness D. 2004. Buffer overflow D. Rule Based Access Control (RBAC). This situation can cause an application to terminate.co m 33 . D. Discretionary Access Control (DAC).

co m 34 .www. The MOST important security issue to address when using instant messaging is that instant messaging: A.com Ac tua Which of the following is the MOST efficient way to force a large number of users to change their passwords on logon? lTe sts . Force the change with registry editor. Host Based Passive D. uses weak encryption "Pass Any Exam. Any Time. D.actualtests.CompTIA SY0-101: Practice Exam Which of the following types of IDS should be implemented to monitor traffic on a switch? (Select TWO). Force the change with group policy B. Network Based Active Answer: A." . Force the change by security group. Network Based Passive B. File hashing snapshot comparison C. Host Based Active C. Vulnerability analysis snapshot comparison D. A. Force the change with remote logon. Virus signature reports Answer: B QUESTION NO: 96 A. C. Patch reports B. Answer: A QUESTION NO: 97 The employees at a company are using instant messaging on company networked computers.D QUESTION NO: 95 Which of the following is considered by some HIDS tools to detect system security related anomalies? A.

" . whereas VLAN's are used within an organization to provide security. To identify remote access policies B.CompTIA SY0-101: Practice Exam B. tua lTe You work as the security administrator at Certpaper. has no common protocol D. The solution which you implement to restrict network access must be hardware based. B. To assist with PKI implementation C. Any Time.com. To identify open ports on a system D.co m 35 . Deploy a VLAN (Virtual Local Area Network) Deploy. You must ensure that internal access to other parts of the network is controlled and restricted. Deploy a proxy server Deploy.www. C. and this would require less administrative overhead than setting up firewalls at each subnet. Deploy a VPN (Virtual Private Network). You also want to use the least amount of administrative effort to accomplish your task. D. VLAN's would restrict access only to their local VLAN. QUESTION NO: 100 "Pass Any Exam. How will you accomplish the task? sts . Deploy firewalls between your subnets. To assist with protocol analyzing Answer: C QUESTION NO: 99 Answer: B Explanation: Implement a VLAN (Virtual Local Area Network) to restrict network access is the best answer. communications are open and unprotected Answer: D QUESTION NO: 98 Which of the following is a reason to use a vulnerability scanner? A.com Ac A.actualtests. communications are a drain on bandwidth C. They are also hardware based (at the switch and MAC level) Firewalls are used so that external users (outside the organization cannot get in).

F. Sybex . Results in slow Internet connections. Security Tokens B. Multifactor B. 2004. Kerberos D. CHAP C. Results in loss of email privileges.co m 36 . D. B. Results in disconnection from the file server.www. Any Time.actualtests. 2nd Edition. A. Alameda . Username/password D. p 197 QUESTION NO: 101 Which of the following authentication systems make use of the KDC Key Distribution Center? A.CompTIA SY0-101: Practice Exam Choose the option that correctly details the greatest vulnerability of using Instant Messaging clients. C. Results in theft of root user credentials. Challenge Handshake Authentication Protocol (CHAP) Answer: B "Pass Any Exam. Answer: A Explanation: IM clients can also be compromised by malicious code. Certificates Answer: C QUESTION NO: 102 Which of the following authentication methods is based upon an authentication server that distributes tickets to clients? A." . Results in malicious code being delivered by file transfer. and traditional DoS attacks.com Ac tua lTe sts . Results in Blue Screen of Death errors. Trojan Horse programs. E. Reference: Mike Pastore and Emmett Dulaney . Kerberos C. Security+ Study Guide .

multiple access methods management systems D. they can reset it on their own (usually by answering a secret question on a web prompt. Self service password reset management systems B.CompTIA SY0-101: Practice Exam QUESTION NO: 103 Which of the following is the number of security associations in an IPSec encrypted session for each direction? A. Locally saved passwords management systems C.com Ac Explanation: A self service password reset is a system where if an individual user forgets their password. 2 D. Common Gateway Interface (CGI) script D. Any Time. one C. For a system with many users. then receiving a new temporary password on a pre-specified email address) without having to call the help desk. this will significantly reduce the help desk call volume. Buffer overflow B. Dictionary C.www. 8 Answer: B QUESTION NO: 104 Answer: A QUESTION NO: 105 Poor programming techniques and lack of code review can lead to which of the following types of attack? A. Birthday Answer: A "Pass Any Exam. synchronized passwords management systems .actualtests." . tua lTe sts A.co Which password management system best provides for a system with a large number of users? m 37 . 4 B.

CompTIA SY0-101: Practice Exam Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. This exploitation is usually a result of a programming error in the development of the software. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 135

QUESTION NO: 106 Most current encryption schemes are based on: A. algorithms B. time stamps C. digital rights management D. randomizing Answer: A

QUESTION NO: 107

A. At the stage when the connection is established. B. At the stage when the connection is established and at whichever time after the connection has been established. C. At the stage when the connection is established and when the connection is disconnected. D. At the stage when the connection is disconnected. Answer: B Explanation: CHAP performs the handshake process when first establishing a connection; and then at random intervals during the transaction session.

QUESTION NO: 108

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer.

lTe

sts

.co

m

38

CompTIA SY0-101: Practice Exam One type of port scan can determine which ports are in a listening state on the network, and can then perform a two way handshake. Which type of port scan can perform this set of actions? A. A TCP (transmission Control Protocol) fin scan B. A TCP (transmission Control Protocol) connect scan C. A TCP (transmission Control Protocol) null scan D. A TCP (transmission Control Protocol) SYN (Synchronize) scan Answer: D Explanation: In SYN scanning, a TCP SYN packet is sent to the port(s) to be scanned. If the port responds with a TCP SYN ACK packet, then the port is listening. If it replies with a TCP RST packet, then it is not.

QUESTION NO: 109

Which of the following would be the MOST important reason to apply updates? A. Software is a productivity facilitator and as new functionality is available the functionality must be enabled. B. Software is inherently insecure and as new vulnerabilities are found the vulnerabilities must be fixed. C. Software is a supported product and vendors won't support the product if the latest version is not installed. D. Software is a licensed product and the license will expire if not updated Answer: B

QUESTION NO: 110

A security specialist for a large distributed network with numerous divisions is selecting an access control model. Employees in the human resource division need access to personnel information but not production data and operations employees need access to production data only. Which of the following access control models would be MOST appropriate? A. Role Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Rule Based Access Control (RBAC) D. Discretionary Access Control (DAC)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

39

CompTIA SY0-101: Practice Exam Answer: A Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

QUESTION NO: 111 You work as the security administrator at Certpaper.com. One morning you discover that a user named Mia Hamm has used her user account to log on to a network server. Mia has then executed a program and been able to perform operations which only a network administrator or security administrator should be able to. What type of attack has occurred? A. Trojan horse. B. Security policy removal. C. Privilege escalation attack. D. Subseven back door. Answer: C

QUESTION NO: 112 A company has instituted a VPN to allow remote users to connect to the office. As time progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? A. IKE B. AES

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 522

tua

Explanation: A user obtaining access to a resource they would not normally be able to access. This is done inadvertently by running a program with SUID (Set User ID) or SGID (Set Group ID) permissions or by temporarily becoming another user.

lTe

sts

.co

m

40

Port scan attack D. m Answer: A 41 . Any Time. DoS (Denial of Service) attack. SHA D.CompTIA SY0-101: Practice Exam C. A. IPSec B. QUESTION NO: 114 QUESTION NO: 115 Non-repudiation is enforced by which of the following? A. Spoofed e-mail B. PKI Answer: A "Pass Any Exam.actualtests. Vulnerability exploits. SSL D.www. Digital signatures B.co Explanation: Spoofed e-mails will not be detected by the IDS. L2F lTe L2TP tunneling replies on which of the following for security? sts ." . SSH C. choose the attack which an IDS (Intrusion Detection System) cannot detect. Cipher block chaining C. Secret keys D. C.com Ac Answer: A tua A. 3DES Answer: A QUESTION NO: 113 From the options.

When a user known that they are being tracked.www. Role-Based Access Control (RBAC) D. Unique user IDs cannot be modified easily. C. QUESTION NO: 119 "Pass Any Exam. Any Time. Discretionary Access Control (DAC) . Warm site D. Answer: C Explanation: With a unique user ID you'll have soft evidence on the timing and the action any accessed user accomplishes. Kerberos C.actualtests.com Ac tua QUESTION NO: 118 lTe Answer: A sts A. they think twice about doing something they shouldn't do. Unique user IDs show which files and data were changed." . Reciprocal agreement C. Hot site Answer: D QUESTION NO: 117 When reviewing audit trails.co m A security system that uses labels to identify objects and requires formal authorization to use is BEST described as: 42 . what makes unique user IDs especially important? A. Mandatory Access Control (MAC) B.CompTIA SY0-101: Practice Exam QUESTION NO: 116 Which of the following would be the MOST effective backup site for disaster recovery? A. Unique user IDs triggers corrective controls. Cold site B. Unique user IDs establishes individual accountability. B. D.

IPSec (Internet Protocol Security) B.www. Users must log on twice at all times. You can configure system wide permissions. D. downlevel C. Answer: C Explanation: "Pass Any Exam. hybrid Answer: C QUESTION NO: 120 One of these protocols is used to encrypt traffic passed between a web browser and web server. Multiple directories can be browsed.co m 43 . which details a specific advantage of implementing a single sign-on technology? A. Multiple applications can be installed. The model with no single trusted root is known as: A. hierarchical B." . VPN (Virtual Private Network) C. sts . Alameda . Any Time. 2nd Edition. HTTP (Hypertext Transfer Protocol) Answer: C Reference: Mike Pastore and Emmett Dulaney .actualtests. B. Which is it? A.com Ac tua lTe Explanation: The Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. p 365 QUESTION NO: 121 From the options. C. Security+ Study Guide . SSL (Secure Sockets Layer) D. Sybex . 2004.CompTIA SY0-101: Practice Exam Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. peer-to-peer D.

2004. Sybex . review logs for other compromises. Logic bomb B. virus C. a trusted packet B. a trust relationship D. Spy ware D. a certificate Answer: D QUESTION NO: 123 Which of the following will allow you to monitor a user??s online activities? A.www.actualtests. Any Time. "Pass Any Exam. Alameda . In addition to checking the FTP server. the specialist should: A. worm Answer: C QUESTION NO: 124 A security specialist is reviewing writable FTP directories and observes several files that violate the company's security policy. Reference: Mike Pastore and Emmett Dulaney .com Ac tua lTe sts . Security+ Study Guide . 2nd Edition. review logs for other compromises and report the situation. p 434 QUESTION NO: 122 A credential that has been digitally signed by a trusted authority is known as: A. B.co m 44 . review logs for other compromises and notify the human resources department. delete the files that violate security policy and report the situation to authorities. reboot the affected server.CompTIA SY0-101: Practice Exam The purpose is so a user can gain access to all of the applications and systems they need when they log on with a single sign-on. C. an encrypted tunnel C. contain the affected system. review logs for other compromises and report the situation to authorities." . D.

CGI (Common Gateway Interface) scripts B.co m 45 . Buffer overflow attacks D.actualtests.com. Any Time. Open UDP (User Datagram Protocol) port 110 to inbound connections. Alameda . This situation can cause an application to terminate. Sybex . Answer: C Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept." . 2nd Edition. Dictionary attacks lTe From the listing of attack types.www.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 125 You work as a security administrator at Certpaper . The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. C. Open TCP (Transmission Control Protocol) port 25 to inbound and outbound connections. which exploits poor programming techniques or lack of code review? sts QUESTION NO: 126 .com network must be configured to support e-mail communication using SMTP (Simple Mail Transfer Protocol).com Ac tua A. Birthday attacks C. Open TCP (Transmission Control Protocol) port 110 to inbound and outbound connections. p 135 "Pass Any Exam. 2004. Open UDP (User Datagram Protocol) port 25 to inbound connections. D. Answer: C Explanation: TCP port 25 is reserved for SMTP while port 110 is for POP3. Reference: Mike Pastore and Emmett Dulaney . This exploitation is usually a result of a programming error in the development of the software. B. Security+ Study Guide . The Certpaper . Which ports must you open on the firewall to support SMTP connections? A.

This is a tricky question with many close answers. Many-to-one mapping Answer: B.actualtests. Fraggle Answer: C You plan to update the user security policy. Many-to-many mapping B. I would say D would be the best choice." .CompTIA SY0-101: Practice Exam QUESTION NO: 127 Which of the following are types of certificate-based authentication? (Select TWO) A. All auditors. XMAS Tree C.co m 46 . "Pass Any Exam.D QUESTION NO: 128 Which of the following types of attacks consists of a computer sending PING packets with the destination address set to the network's broadcast address and the source address set to the target computer's IP address? A.com Ac tua QUESTION NO: 129 lTe sts . the users and staff need to know the policy. Replay B. Answer: B Explanation: There are many policies for companies these days.www. All security administrators. Whom should the new updated user security policy be distributed and made available to? A. All users. Considering the question refers to a user security policy. but make your best decision. Smurf D. B. All staff. C. D. Any Time. One-to-many mapping D. One-to-one mapping C.

"Pass Any Exam. or underneath a highway. Any Time. B. Answer: D Explanation: Civil engineers build tunnels to allow one direction of traffic flow to be protected against another traffic flow." . Tunneling is the process of creating a tunnel capable of capturing data. Tunneling is the process of utilizing the Internet as part of a private secure network. B. Set auditing on the object and respond as alerts are generated. They tunnel by placing secure encrypted IP packets into a non-secure IP packet.com 47 Ac tua lTe A. Open relays D. Network engineers use tunneling to protect a data flow from the elements of the internet. Enable auditing. Enable auditing and set auditing to record all events. Trojan horse programs sts Which of the following would be the MOST common method for attackers to spoof email? .www. Enable auditing. D.CompTIA SY0-101: Practice Exam QUESTION NO: 130 Which of the following best describes what tunneling is? A. set auditing on the object and respond as alerts are generated. Answer: D QUESTION NO: 133 Which of the following are components of host hardening? (Select TWO).co m . Tunneling is the process of passing information over the Internet within the shortest time frame. Tunneling is the process of moving through three levels of firewalls. C. Man in the middle attacks C. They will build a tunnel under a river. Web proxy B. D. QUESTION NO: 131 Answer: C QUESTION NO: 132 Which of the following BEST describes the sequence of steps in the auditing process? A.actualtests. C. set auditing on objects and review event logs.

Alameda . p 127 lTe Explanation: IPSec provides secure authentication and encryption of data and headers. Mutual D. D. Any Time. 2004. Sybex . Security+ Study Guide . Removing a user's access to the user's data." . C. Applying patches C. Tokens B. SSH (Secure Shell). IPSec (Internet Protocol Security). 2nd Edition.C QUESTION NO: 134 From the options. In tunneling mode. A.co m 48 . Disabling unnecessary services. Biometric C. Multifactor Answer: D "Pass Any Exam. DES (Data Encryption Standard). Configuring the Start menu and Desktop B. the data or payload and message headers are encrypted. AH (Authentication Header). Adding users to the administrator group. B. choose the VPN (Virtual Private Network) tunneling protocol. Answer: C QUESTION NO: 135 Which of the following types of authentication models uses a smart card and a User ID/Password for accessing network resources? A. Answer: B.CompTIA SY0-101: Practice Exam A. D.com Ac tua Reference: Mike Pastore and Emmett Dulaney . E. Transport modes encrypt only the payload.www. IPSec can work in tunneling mode or transport mode. sts .actualtests.

QUESTION NO: 139 When setting password rules.www.CompTIA SY0-101: Practice Exam QUESTION NO: 136 Which of the following types of IDS uses known patterns to detect malicious activity? A. Any Time. Access control lists D. Detection based B. Ownership tua In a mandatory access control (MAC) environment. Then all users are given specific security clearances as to what they are allowed to access. Anomaly based Answer: C QUESTION NO: 137 Which of the following is a port scanning utility? A. Cain & Abel Answer: C QUESTION NO: 138 Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. Keyword based C. John the Ripper B.actualtests. All objects are given security labels known as sensitivity labels and are classified accordingly.co m . L0phtcrack C. Signature based D. which of the following would lower the level of security of a network? "Pass Any Exam. Group membership C. which of the following are access decisions based on? lTe sts . Nmap D. Sensitivity labels B." .com 49 Ac A.

QUESTION NO: 140 QUESTION NO: 141 What is the BEST process of removing PII data from a disk drive before reuse? A. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before. B." . Any Time. After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account. Passwords must be greater than six characters and contain at least one non-alpha. and with regular disgruntled users getting emotional over passwords. Reformatting C. there's a certain chance that they will forget the password or compromise security by writing down their password on a Post It note on their keyboard.co m 50 . Destruction B.www. which of the following inventory system permissions might be BEST aligned with the least privilege principle for the managers? sts . Update rights B. Sanitization Answer: D "Pass Any Exam. Full access lTe A clothing store with a single location has one owner. Under this scenario. D. Since the user won' be able to reset the password themselves they'll have to make regular trips to help desk for a new password. two managers and six cashiers.CompTIA SY0-101: Practice Exam A.com Ac Answer: A tua A. the risk of social engineering increases. C. Degaussing D. Write rights C. Complex passwords that users can not remotely change are randomly generated by the administrator and given to users Answer: D Explanation: If a user gets a difficult password that they can't remember.actualtests. Read rights D.

Non-repudiation lTe Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with? sts QUESTION NO: 143 . Implement a VPN (Virtual Private Network). 194 "Pass Any Exam. 3389 C. 110 E. Authentication B.CompTIA SY0-101: Practice Exam QUESTION NO: 142 Which of the following is a solution that you can implement to protect against an intercepted password? A. Implement PPTP (Point-to-Point Tunneling Protocol). QUESTION NO: 144 Which of the following ports are typically used by email clients? (Select TWO) A. C. Implement aone time password. effectively making any intercepted password good for only the brief interval of time before the legitimate user happens to login themselves. 23 D. B. Any Time.actualtests." .com Ac Answer: C tua A. So by chance. 49 F.co m 51 . D. Answer: C Explanation: A one time password is simply a password that has to be changed every time you log on. if someone were to intercept a password it would probably already be expired. Confidentiality C. or be on the verge of expiration within a matter of hours. Integrity D.www. 143 B. Implement complex password requirements.

Kerberos D. SQL servers B. the hacker can look up known vulnerabilities and exploits for that particular system.co m 52 . SSL B. With knowledge of the operating system. Penetration testing D. PKI Answer: A QUESTION NO: 146 Malicious port scanning is a method of attack to determine which of the following? A. Computer name D.actualtests. Several programs now can use port scanning for advanced host detection and operating system fingerprinting." .CompTIA SY0-101: Practice Exam Answer: A. User IDs and passwords Answer: B QUESTION NO: 147 Which of the following activities is MOST closely associated with DLL injection? A. The fingerprint of the operating system C. Vulnerability assessment C.D QUESTION NO: 145 A URL for an Internet site begins with 'https:' rather than 'http:'' which is an indication that this web site uses: A. The physical cabling topology of a network B. Network mapping Answer: C "Pass Any Exam.com Ac Explanation: Malicious port scanning is an attempt to find an unused port that the system won't acknowledge. PGP C. Any Time. tua lTe sts .www.

com Ac tua lTe sts A. buffer overflows . Filter router B. active content (e. Demilitarized zone (DMZ) Answer: D QUESTION NO: 149 Answer: D QUESTION NO: 150 Which of the following could result in a DDoS? A. illicit servers D.www.actualtests. Bastion host D. a CRL "Pass Any Exam. Java Applets) B. IDS C.co The MOST common exploits of Internet-exposed network services are due to: m 53 ." .g.CompTIA SY0-101: Practice Exam QUESTION NO: 148 Which of the following portions of a company's network is between the Internet and an internal network? A. the CA should issue: A. Any Time. TCP/IP Hijacking B. Privilege escalation Answer: D QUESTION NO: 151 If a user reports that the user's public/private key has been compromised. Trojan horse programs C. NIPS D. Buffer Overflow C.

CompTIA SY0-101: Practice Exam B. an LDAP C. Rule Based Access Control (RBAC) C. a CPS D. PCMCIA card C.com Ac tua lTe sts . Any Time. Smart card B. D.www. a PKCS Answer: A QUESTION NO: 152 The FIRST step in creating a security baseline would be: A. Network interface card (NIC) Answer: A. This is a feature of which of the following access control models? A. identifying the use case Answer: B QUESTION NO: 153 Which of the following would be an example of a hardware device where keys can be stored? (Select TWO). A. Role Based Access Control (RBAC) Answer: A "Pass Any Exam. Mandatory Access Control (MAC) D.co m 54 . creating a security policy C. installing software patches B. Discretionary Access Control (DAC) B. PCI card D.B QUESTION NO: 154 A user is assigned access rights explicitly." . vulnerability testing.actualtests.

and past due accounts on your part. every company aims for 100% availability in their service level agreements. war. Baseline security analyzer C. virus attacks.com.www. sabotage. You are defining a SLA (Service Level Agreement). Hosting B. Sadly. What must you include in the SLA to achieve this objective? A. force majeure. Logon script Answer: A QUESTION NO: 156 You work as the security administrator at Certpaper . Application C. hacker attacks. To allow or deny specific actions to users or groups C. software maintenance.co m 55 . insurrections. To allow or deny signature updates to group applications B. Network D.CompTIA SY0-101: Practice Exam QUESTION NO: 155 Which of the following would be BEST for deploying third-party application security updates on a network with 1. You want to ensure the availability of server based resources over guaranteed server performance levels. these agreements have exceptions which include: scheduled network maintenance. Vulnerability scanner D. hardware maintenance. Enterprise System Management (ESM) B.000 computers? A. To allow or deny network traffic from server based systems "Pass Any Exam. labour actions. To allow or deny network traffic from host based systems D. Any Time. Security Answer: A Explanation: In the hosting business." . QUESTION NO: 157 Privileges are used for which of the following purposes? A. and usually offer concessions for times of reduced availability.com Ac tua lTe sts .actualtests.

TEMPEST C. Faraday cage B.actualtests. Email Answer: B QUESTION NO: 159 An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following? A.www. D. FTP C. Implement previous logon notification. DNS B. Implement session termination mechanism B. C. Web D. Mantrap D. Implement session lock mechanism. Any Time.co m 56 .com Ac QUESTION NO: 160 tua lTe sts . Implement two-factor authentication Answer: B QUESTION NO: 161 Which of the following is a critical element in private key technology? "Pass Any Exam. Grounded wiring frame Answer: A Which of the following methods will help to identify when unauthorized access has occurred? A." .CompTIA SY0-101: Practice Exam Answer: B QUESTION NO: 158 Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data? A.

But if it used to take advantage of the non-secure logon. B. The upload and download directory for each user. Any Time." . tua lTe You work as the security administrator at Certpaper . which of the following event logs would contain failed logons? A. Digital signatures Answer: B Answer: D Explanation: Anonymous FTP is based on good faith. sts QUESTION NO: 163 . C.com Ac A. D. The storage and distribution of unlicensed software.CompTIA SY0-101: Practice Exam A. Keeping the key secret B. Distributing the key to everyone.co m 57 . then answer C would seem to be the best answer. Key exchange C. You want to enable anonymous FTP (File Transfer Protocol) read/write access. Less server connections and network bandwidth utilization. C.actualtests. Using the key to decrypt messages. QUESTION NO: 164 On a Windows host. Choose the important factor which you should consider and be aware of. Answer: A QUESTION NO: 162 The Diffie-Hellman encryption algorithm relies on which of the following? A.www. The detailed logging information for each user. Tunneling B. DNS log B. Passwords D. Getting the proper key the first time. D.com. Application log "Pass Any Exam.

Answer: C.actualtests. Minimum password age Answer: B. C. Network diagrams. or are in a situation where they need multiple passwords they have a tendency of writing their passwords down. Old passwords.co m . lays dormant until a user opens the certain program then deletes the contents of attached network drives and removable storage devices is known as a: "Pass Any Exam.www. usually on a notepad. Any Time. Password complexity controls B. Maximum password age E. IP (Internet Protocol) address lists. Account lockout D. Process lists.com 58 Ac tua QUESTION NO: 166 lTe Explanation: When people create complex passwords that they can't remember. D." . Security log D.CompTIA SY0-101: Practice Exam C.E QUESTION NO: 167 Malicious code that enters a target system.E. E. System log Answer: C QUESTION NO: 165 Choose the items that an intruder would ignore when going through disposed garbage. Boot sectors. Password history C. A. sts . B. A.F Which of the following settings works BEST to avoid password reuse? (Select TWO). or on their desk ledger. F. Choose all options that apply. a Post It note. Virtual memory.

www.com. a Trojan horse B. Discretionary Access Control (DAC) B.actualtests. Any Time.com Ac tua A.CompTIA SY0-101: Practice Exam A. honeypot C. The Certpaper . Rule Based Access Control (RBAC) C.co m 59 . logic bomb D. social engineering D. worm Answer: C QUESTION NO: 168 A Windows file server is an example of which of the following types of models? A. a phishing attack lTe Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as: sts QUESTION NO: 169 . Open ports 636 and 137 D. Role Based Access Control (RBAC) Answer: A Answer: C QUESTION NO: 170 You work as the security administrator at Certpaper . Mandatory Access Control (MAC) D. Open ports 389 and 636 C. Trojan horse B. Which ports must you open on the firewall to allow LDAP traffic? A." . Open ports 137 and 139 "Pass Any Exam. a man-in-the-middle attack C. Open ports 389 and 139 B.com network must be configured to allow LDAP (Lightweight Directory Access Protocol) traffic.

B. Choose the entity or entities that can authenticate to an access point.11x network from being automatically discovered. D.html QUESTION NO: 172 To keep an 802. The secret key is used to encrypt packets before they are transmitted. QUESTION NO: 171 The Certpaper . The standard does not discuss how the shared key is established. a user should: "Pass Any Exam.com users.CompTIA SY0-101: Practice Exam Answer: B Explanation: The 'well known' LDAP ports are 389 for LDAP and 636 for LDAP SSL.co Answer: C m 60 . More sophisticated key management techniques can be used to help defend from the attacks we describe. A secondary function of WEP is to prevent unauthorized access to a wireless network. a base station).cs. Any Time. sts . In practice. no commercial system we are aware of has mechanisms to support such techniques. and an integrity check is used to ensure that packets are not modified in transit.isaac.com users that have the correct WEP (Wired Equivalent Privacy) key. but it is frequently considered to be a feature of WEP.berkeley. A. Anyone WEP relies on a secret key that is shared between a mobile station ( eg .com Ac tua lTe Explanation: The 802.actualtests. a laptop with a wireless Ethernet card) and an access point ( ie .11 standard describes the communication that occurs in wireless local area networks (LANs).11 standard." . however.com wireless network environment uses WEP (Wired Equivalent Privacy) to provide wireless security. C. AllCertpaper . this function is not an explicit goal in the 802.www. OnlyCertpaper . most installations use a single key that is shared between all mobile stations and access points. The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping. Administrators only. Reference: http://www.edu/isaac/wep-faq.

The server is not able to verify the identity of the user. phishing D." . turn off the SSID broadcast. Answer: D QUESTION NO: 173 A user receives an email asking the user to reset the online banking username and password. spoofing Answer: C QUESTION NO: 174 Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text? A. D. the URL that appears in the browser does not match the link. change the SSID name.CompTIA SY0-101: Practice Exam A. Any Time. Protocol analyzer Answer: D QUESTION NO: 175 A user logs in with a domain account and is denied access to a specific file which the user should have access to. Identification "Pass Any Exam.actualtests. hijacking C.co m . Password cracker B. Authentication C.www. Vulnerability scanner C. Allocation B. This would be an example of: A.com 61 Ac tua lTe sts . C. activate the SSID password B. Port scanner D. Which of the following is the problem? A. The email contains a link and when the user accesses the link. redirecting B. leave the SSID default.

and bandwidth capability creating a security mechanism is a difficult task. Any Time. 2.com 62 Ac tua lTe sts Explanation: Since most wireless devices are low in: memory. Client and server authentication. D. Answer: A. Web server. C. This is an example of: A. access control Answer: D QUESTION NO: 178 SSL (Secure Socket Layer) establishes a stateful connection negotiated by a process performed between client and server. processing power. "Pass Any Exam.actualtests. WAP (Wireless Application Protocol) gateway B. Wireless client. separation of duties C. least privilege D. MAC (Mandatory Access Control) and encryption algorithm negotiation. Identify the protocol (steps) that allow for the following: 1. E. Selection of cryptographic keys.CompTIA SY0-101: Practice Exam D. WTLS is the method security for WAP (Wireless Application Protocol) and it provides transport layer security directly between a wireless device and the WAP gateway." . Wireless network interface card. Which is it? Choose all that apply.co m .www.E QUESTION NO: 177 A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties. 3. Mobile device. concurrent session control B. . Authorization Answer: B QUESTION NO: 176 WTLS (Wireless Transport Layer Security) provides security services between network devices or mechanisms. A.

This situation can cause an application to terminate. Access control lists B.com 63 Ac Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. CGI." . The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. SSL (Secure Sockets Layer) handshake protocol. tua lTe sts . Sybex . Any Time. Buffer Overflows.www. SSL (Secure Sockets Layer) alert protocol. C. Constrained user interfaces "Pass Any Exam. SSL (Secure Sockets Layer) change cipher spec protocol. p 135 QUESTION NO: 180 Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications? A. Alameda . D.co m . D. SSL (Secure Sockets Layer) record protocol. Answer: C Reference: Mike Pastore and Emmett Dulaney . Security+ Study Guide . SMTP Relay B. 2nd Edition.actualtests. 2004.CompTIA SY0-101: Practice Exam A. Cookies. Answer: C Explanation: SSL Handshake Protocol * runs before any application data is transmitted * provides mutual authentication * establishes secret encryption keys * establishes secret MAC keys QUESTION NO: 179 Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept? A. C. B.

A third party mail relay limits access to specific users. QUESTION NO: 183 Choose the statement that best details the difference between a worm and a Trojan horse? A.www. C. Proxy logs B. Answer: C Explanation: Using a third party email relay can put you in an advantage of getting unnecessary spam. A third party mail relay restricts the types of e-mail that maybe sent. Spammers can utilize the third party mail relay. D. "Pass Any Exam. B.co m 64 ." . Single sign-on D. and the message will appear to be legitimate coming from the email server. Worms self replicate while Trojan horses do not.actualtests. A. Anyone on the internet can relay an unsolicited email through an SMTP server. Worms are a form of malicious code while Trojan horses are not. Which of the following could BEST be used to confirm the administrator's suspicions? A. Encryption protocol Answer: C QUESTION NO: 181 An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. HIDS logs D. and it makes it much more difficult to trace the spammer.CompTIA SY0-101: Practice Exam C. Any Time. Firewall logs Answer: D Choose the primary disadvantage of using a third party mail relay. AV server logs C. B.com Ac tua lTe sts QUESTION NO: 182 . A third party mail relay restricts spammers from gaining access.

Sybex . Data privacy 2. Data integrity 3. QUESTION NO: 185 One type of network attack sends two different messages that use the same hash function to generate the same message digest. data integrity and authentication for WAP services. Any Time. D. Security+ Study Guide . WEP (Wired Equivalent Privacy) lTe You work as the security administrator at Certpaper . It is used to encrypt and decrypt data signals transmitted between Wireless LAN devices. Reference: Mike Pastore and Emmett Dulaney .com. WAP (Wireless Application Protocol) B. providing privacy. WSET (Wireless Secure Electronic Transaction) D. Alameda .co m . WTLS is the security layer of the WAP. Worms are distributed through e-mail messages while Trojan horses do not. You want to implement a solution which will provide the following for handled devices in your wireless network: 1. Not A: WEP is one of the most popular features available for a Wireless LAN. They do not reproduce or self replicate.com 65 Ac Answer: B tua A. 2nd Edition. Which network attack does this? "Pass Any Exam. Answer: A Explanation: A worm is different from a virus. WEP makes a wireless LAN link as secure as a wired link. In essence. Authentication Which solution should you implement? sts . The Trojan horse program may be installed as part of an installation process. 2004. There is no difference between a worm and a Trojan horse.CompTIA SY0-101: Practice Exam C.actualtests. 85 QUESTION NO: 184 Explanation: Short for Wireless Transport Layer Security. Worms reproduce themselves. WTLS (Wireless Transport Layer Security) C.www. are self-contained and do not need a host application to be transported." . pp 83.

3DES B. Brute force attack. C. A. Can result in an e-mail server crashing.0 & 5. C. B. QUESTION NO: 188 "Pass Any Exam. Any Time. Patches have since been released. the probability of 2 of them having the same birthday is greater the 50%. Answer: C Explanation: Microsoft Exchange Server 5. Ciphertext only attack." . Can create a virus that infects the computers of users.com 66 Ac tua lTe sts A. By that rational if an attacker examines the hashes of an entire organizations passwords. AES C. DES . QUESTION NO: 186 Answer: B QUESTION NO: 187 A malformed MIME (Multipurpose Internet Mail Extensions) header can have a negative impact on the system. they'll come up with some common denominators. Answer: A Explanation: A birthday attack is based on the principle that amongst 23 people.actualtests.co m Which of the following provides the MOST secure form of encryption? . Can lead to the creation of a back door. B. Diffie-Hellman D. D.5 had a vulnerability that made it suspect to crashes following a malformed MIME header. which will enable attackers to access the internal network. Man in the middle attack. Can result in the unauthorized disclosure of private information.www.CompTIA SY0-101: Practice Exam A. Birthday attack. Choose the option that correctly details this. D.

the web client and server should have a trusted certificate to confirm authenticity. Privacy screen D. logs and inventories B. D. a specific element has to exist. Router with firewall rule set lTe sts A remote user has a laptop computer and wants to connect to a wireless network in a hotel.com Ac tua A. Personal firewall B." . Which of the following should be implemented to protect the laptop computer when connecting to the hotel network? . Network firewall C. Address on the same subnet. asset identification Answer: B "Pass Any Exam. Certificate signed by a trusted root CA (Certificate Authority).actualtests. A shared password. user awareness. address on the same subnet.www. and a common operating system are ludicrous answers because they defy the reason why SSL exists.co m 67 . B. QUESTION NO: 189 Answer: A QUESTION NO: 190 The process of documenting who applied a patch to a specific firewall at a specific time and what the patch is supposed to accomplish is known as: A. Any Time. Answer: B Explanation: For an SSL connection to compete. change control management C. Common operating system. D. C.CompTIA SY0-101: Practice Exam For a SSL (Secure Sockets Layer) connection to be automatically established between a web client and server. Shared password. Which is it? A.

com 68 Ac tua lTe A. False negative D.www. access control and trusts. C. when there is no need of any alarm. False positive C. Not B: A false positive is when legitimate traffic is picked up as an intruder. False intrusion B.actualtests. Any Time. B." . Accessibility C. D. confidentiality and encryption.co m . Authorization B. integrity and non-repudiation. Confidentiality D. A. False alarm Answer: A Explanation: False intrusion is a false alarm. Non-repudiation sts Audit logs must contain which of the following characteristics? . "Pass Any Exam. Answer: D QUESTION NO: 194 Choose the mechanism that is NOT a valid access control mechanism. storage and recovery.CompTIA SY0-101: Practice Exam QUESTION NO: 191 Choose the terminology used to refer to the situation when authorized access is perceived as an intrusion or network attack. QUESTION NO: 192 Answer: D QUESTION NO: 193 A digital signature is used for: A.

com Ac Reference: Mike Pastore and Emmett Dulaney . XMAS tree scan B. ACLs allow a stronger set of access controls to be established in your network. Permission bits Answer: C QUESTION NO: 196 Which of the following types of attacks is targeting a web server if thousands of computers are simultaneously sending hundreds of FIN packets with spoofed source IP addresses? A.www. Answer: A Explanation: There is no such thing as a SAC (Subjective Access Control) list. C. Security+ Study Guide . p 235 tua lTe Explanation: Access control lists enable devices in your network to ignore requests from specified users or systems. Capabilities C. Access control lists D. 2nd Edition. The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats. Brute force D. SAC (Subjective Access Control) list. DAC (Discretionary Access Control) list.actualtests. MAC (Mandatory Access Control) list. 2004. Sybex .CompTIA SY0-101: Practice Exam A. B. QUESTION NO: 195 Choose the access control method which provides the most granular access to protected objects? A. Any Time." . or grant certain network capabilities to them. DDoS C. Profiles B. RBAC (Role Based Access Control) list. D.co m 69 . sts . Alameda . SYN flood Answer: B "Pass Any Exam.

CompTIA SY0-101: Practice Exam

QUESTION NO: 197 Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network? A. The attacking computer's audit logs B. The firewall's logs C. The domain controller's logs. D. The target computer's audit logs. Answer: D

QUESTION NO: 198

Answer: A

QUESTION NO: 199

Which of the following is used by anti-virus software to detect viruses that have not been previously identified? A. Zero-day algorithm B. Quarantining C. Random scanning D. Heuristic analysis Answer: D

QUESTION NO: 200 From the options, which explains the general standpoint behind a DMZ (Demilitarized Zone)?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Buffer overflow B. Brute force C. Denial of service (DoS) D. Syntax error

sts

.co

Which of the following describes a server or application that is accepting more input than the server or application is expecting?

m

70

CompTIA SY0-101: Practice Exam A. All systems on the DMZ can be compromised because the DMZ can be accessed from the Internet. B. Only those systems on the DMZ that can be accessed from the Internet can be compromised. C. No systems on the DMZ can be compromised because the DMZ is completely secure and cannot be accessed from the Internet. D. No systems on the DMZ can be compromised because the DMZ cannot be accessed from the Internet. Answer: A

QUESTION NO: 201 Which of the following describes an attacker encouraging a person to perform an action in order to be successful? A. Social engineering B. Password guessing C. Back door D. Man-in-the-middle Answer: A

QUESTION NO: 202

A. Provide the FTP server's address to only those users that must access it. B. Allow blind authentication. C. Do not allow anonymous authentication. D. Redirect FTP to a different port. Answer: C Explanation: Early FTP servers did not offer security. Security was based on the honor system. Most logons to an FTP site used the anonymous logon. By convention, the logon ID was the user's email address, and the password was anonymous. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 137 "Pass Any Exam. Any Time." - www.actualtests.com 71

Ac

tua

You work as the security administrator at Certpaper .com. You must secure the FTP (File Transfer Protocol) server by allowing only authorized users access to it. How will you accomplish this task?

lTe

sts

.co

m

CompTIA SY0-101: Practice Exam

QUESTION NO: 203 Choose the protocol used by a web server to encrypt data. A. ActiveX B. TCP/IP (Transmission Control Protocol/Internet Protocol) C. SSL (Secure Sockets Layer) D. IPSec (Internet Protocol Security) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.

QUESTION NO: 204

A. Role Based Access Control (RBAC) B. Discretionary Access Control (DAC) C. Rule Based Access Control (RBAC) D. Mandatory Access Control (MAC) Answer: D

QUESTION NO: 205 One of the following options details the main advantage of why you should choose to use SSL (Secure Sockets Layer) over using HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer). Which is it? "Pass Any Exam. Any Time." - www.actualtests.com 72

Ac

Which of the following access control models uses subject and object labels?

tua

lTe

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 365

sts

.co

m

www. QUESTION NO: 206 Answer: C QUESTION NO: 207 A technician wants to be able to add new users to a few key groups by default. D. which of the following will allow this? A. spoofed e-mail "Pass Any Exam. 636 . Inheritance B. 53 B. SSL supports additional Application layer protocols. SSL provides full application security for HTTP whereas HTTPS does not. 8080 C. SSL and HTTPS are transparent to the application." .com Ac tua lTe sts A.CompTIA SY0-101: Practice Exam A. Auto-population Answer: A QUESTION NO: 208 All of the following types of attacks can be detected by an IDS EXCEPT: A. SSL supports user authentication whereas HTTPS does not. C. Default pairing D. Answer: A Explanation: SSL on its own works at the session layer (layer 5) so it has more versatility in protocols that it supports. for instance FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol). 3389 D. Denial of Service (DoS) B. whereas HTTPS does not. B. Template C. Any Time.actualtests.co m Which ports need to be open to allow a user to login remotely onto a workstation? 73 .

A. A. exploits of bugs or hidden features. Prevent members of the organization from entering the server room. A share scanner. Answer: B Explanation: Spoofed e-mails will not be detected by the IDS. B. D. Detach the network cable from the server to prevent the hacker from accessing more data. B. Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol). QUESTION NO: 209 You work as the security administrator at Certpaper . A ping scanner.com.D .C.www. Which of the following actions should you perform? Choose all correct answers. C. which of the following should be done by the email administrator? "Pass Any Exam. You have become aware of a hacker accessing confidential company data from over the network. C. A map scanner. A port scanner.actualtests. Any Time." . QUESTION NO: 211 To aid in preventing the execution of malicious code in email clients.B. sts Answer: A.co m . Answer: D Explanation: Ping confirms a connection by sending and receiving ICMP packets. D. Shut down the server to prevent the hacker from accessing more data. Prevent members of the incident response team from entering the server room.com 74 Ac tua QUESTION NO: 210 lTe Explanation: Answer : B is correct to stop anyone from corrupting the evidence. port scan D.CompTIA SY0-101: Practice Exam C.

443 D." .com.CompTIA SY0-101: Practice Exam A. Email client features should be disabled B. Security log Answer: C Kerberos uses which of the following ports by default? A. Remove the contents of the trash can on a regular basis.com Ac tua lTe sts QUESTION NO: 213 . Preview screens should be disabled Answer: C QUESTION NO: 212 Which of the following would allow a technician to compile a visual view of an infrastructure? A. Employ additional security staff D. Any Time. Port scanner C.actualtests. Answer: A "Pass Any Exam.www. Regular updates should be performed C. B. Destroy all paper and other media that are no longer required. Protocol analyzer B. Spam and anti-virus filters should be used D. You want to reduce the current vulnerability from dumpster diving. Networkmapper D. 139 Answer: A QUESTION NO: 214 You work as the security administrator at Certpaper . Install expensive surveillance equipment.co m 75 . C. How will you accomplish the task? A. 88 B. 23 C.

Least critical functions B. PPTP B. Alameda . which of the following functions should be returned FIRST from the backup facility to the primary facility? .co m Following a disaster. sensitive papers are either shredded or burned. law enforcement informed of what is being done Answer: A QUESTION NO: 217 Which of the following is the MOST secure way to implement data encryption between SMTP servers? A.com 76 Ac tua QUESTION NO: 216 lTe Answer: A sts A." .CompTIA SY0-101: Practice Exam Explanation: Dumpster diving is a very common physical access method. Security+ Study Guide . the user community informed of threats B. In high security government environments. 2nd Edition. Web services . the network bandwidth usage under control C. Most of the information eventually winds up in dumpsters or recycle bins. Most businesses do not do this. p 51 QUESTION NO: 215 Communication is important to maintaining security because communication keeps: A.actualtests. These dumpsters may contain information that is highly sensitive in nature. the IT security budget justified D. 2004. Any Time. Systems functions C.www. Companies generate a huge amount of paper in the normal course of events. Reference: Mike Pastore and Emmett Dulaney . Executive functions D. Sybex . SSL "Pass Any Exam.

L2TP Answer: C QUESTION NO: 218 Which of the following definitions would be correct regarding Active Inception? A. Sybex . but it increases the risk of unauthorized disclosure of information. This allows anyone to use an account to access resources. Listening or overhearing parts of a conversation B. . The DAC (Discretionary Access Control) model does not have any known security flaws. Someone looking through your files D. The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. Involve someone who routinely monitors network traffic QUESTION NO: 219 Answer: A Explanation: In a DAC model. The process allows a more flexible environment. 2004. TLS D. Security+ Study Guide .com Ac A. C. tua lTe sts The DAC (Discretionary Access Control) model has an inherent flaw. This model allows users to dynamically share information with other users. Reference: Mike Pastore and Emmett Dulaney . Choose the option that describes this flaw. 2nd Edition.actualtests. This creates a security loophole for Trojan horse attacks. The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources. network users have some flexibility regarding how information is accessed.www. Any Time. Placing a computer system between the sender and receiver to capture information. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. Alameda .CompTIA SY0-101: Practice Exam C. This creates an opportunity for attackers to use your certificates. B. p 440 "Pass Any Exam." . C.co m Answer: B 77 . D. The DAC (Discretionary Access Control) model uses certificates to control access to resources.

and it would also be wise to test the patch on your least important servers first. Virus B. because they are developed the fix known vulnerabilities. Which port(s) should you open on the firewall? A. Worm D.com.E QUESTION NO: 221 Answer: A QUESTION NO: 222 You work as the security administrator at Certpaper . B. there's always a risk that something can go wrong which can compromise your data and server operation.com Ac tua Explanation: Software patches are good for network security.co m When a patch is released for a server the administrator should: 78 . Port 53 C. Adwar C. D. . installing a patch. install the patch and then backup the production server. It would be wise to backup your data BEFORE. You must configure the firewall to support TACACS. Port 161 D.actualtests.CompTIA SY0-101: Practice Exam QUESTION NO: 220 Which of the following will allow a credit card information theft? (chose TWO) A." . When you patch an operating system. Port 21 Answer: A "Pass Any Exam. Phishing Answer: B. SPIM E. Any Time. Port 49 B. lTe sts A. immediatelydownload and install the patch. So even if everything's operating normally.www. test the patch on a non-production server then install the patch to production. notinstall the patch unless there is a current need. C. a patch is still very beneficial.

actualtests.co m 79 .www. DNS spoofing D. Username/password D. Biometrics B." . Token Answer: C. A CD-ROM Answer: B QUESTION NO: 225 Most key fob based identification systems use which of the following types of authentication mechanisms? (Select TWO). Cross site scripting B.E QUESTION NO: 226 "Pass Any Exam. Buffer overflows C. Certificates E.CompTIA SY0-101: Practice Exam Explanation: TACACS uses both TCP and UDP port 49. SQL injection Answer: A QUESTION NO: 224 Which of the following is the BEST place to obtain a hotfix or patch for an application or system? A. QUESTION NO: 223 CGI scripts are susceptible to which of the following types of attacks? A. Any Time. The manufacturer's website C. A.com Ac tua lTe sts . An email from the vendor B. A newsgroup or forum D. Kerberos C.

Perform multiple bit level overwrites B. C. digital certificates.co m 80 . A. non-repudiation. 2nd Edition. through e-mail. Use the FDISK Command D. p 76 QUESTION NO: 227 Which of the following would be the minimally acceptable method of ensuring that a disposed hard drive does not reveal sensitive data? A.actualtests. or as a part of another program. Security+ Study Guide . Format the drive C. Reference: Mike Pastore and Emmett Dulaney . Any Time. D. 2004. Alameda . exchange D. Delete the files and re-install the operating system Answer: A QUESTION NO: 228 A public key _____________ is a pervasive system whose services are implemented and delivered using public key technologies that include Certificate Authority (CA)." . A. cryptography scheme C.CompTIA SY0-101: Practice Exam Choose the most effective method of preventing computer viruses from spreading throughout the network.vbs files. You should install a host based IDS (Intrusion Detection System) Answer: C Explanation: Viruses get into your computer in one of three ways. You should require root/administrator access to run programs and applications. B. distribution authority Answer: A "Pass Any Exam. You should prevent the execution of . Sybex . You should enable scanning of all e-mail attachments. infrastructure B.com Ac tua lTe sts . and key history management. They may enter your computer on a contaminated floppy or CD-ROM.www.

the server sends a message back to the client indicating a secure connection is needed. Security+ Study Guide . The client then sends the server a certificate indicating the capabilities of the client. Sybex .CompTIA SY0-101: Practice Exam QUESTION NO: 229 From the list of protocols. which is used to secure web transactions? A. SSL (Secure Sockets Layer) D." . SMTP (Simple Mail Transfer Protocol) C. The session is secure after this process. The server then evaluates the certificate and responds with a session key and an encrypted private key. This protocol uses the handshake method. Deployan IDS Answer: A Explanation: Switches don't send all traffic on the segment to every port so conventional sniffing methods don't work. When a connection request is made to the server.www. "Pass Any Exam. p 365 sts . S/MIME (Secure Multipurpose Internet Mail Extensions) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines.co m 81 .actualtests. 2nd Edition. Use hubs instead of routers D. Use switches instead of hubs B. Any Time. XML (Extensible Makeup Language) B.com Ac Which of the following would be MOST effective in preventing network traffic sniffing? tua lTe Reference: Mike Pastore and Emmett Dulaney . Disable promiscuous mode C. Alameda . 2004. QUESTION NO: 230 A.

Spam D. Any Time. Hypervisor.www. Brute force Answer: A Explanation: Buffer overflow occur when an application receives more data that it is programmed to accept. Hypervisor. a firewall B. Host. Buffer overflow B. Sandbox. 2004.com Ac Answer: A tua A. Birthday C. NAT C. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Hardware B. Hardware C. a hub Answer: A "Pass Any Exam. Sandbox. Hypervisor." . Emulator. 2nd Edition. Reference: Mike Pastore and Emmett Dulaney . Guest.actualtests. p 135 QUESTION NO: 232 QUESTION NO: 233 Stateful packet inspection is a methodology used by: A. Security+ Study Guide . Hypervisor. Guest.CompTIA SY0-101: Practice Exam QUESTION NO: 231 Which of the following is a common type of attack on web servers? A. Hardware D.co m 82 . Sandbox. This situation can cause an application to terminate. Host. network monitoring D. Sybex . Alameda . Hardware lTe Which of the following is the BEST description of the basic elements of virtualization? sts .

co m Which of the following would be achieved by using encryption? (Select THREE). Any Time. Confidentiality D. .com 83 Ac Users are reporting that when attempting to access the company web page on the Internet. Integrity ." . Mutual D. aDDoS attack B. DNS Poisoning C.www. a social engineering attack D.E sts A. Kerberos B.C. Authorization E. This is MOST likely: tua QUESTION NO: 236 lTe Answer: A. the user is rerouted to a protest webpage. This is MOSTUsers are reporting that when attempting to access the company? web page on the Internet.CompTIA SY0-101: Practice Exam QUESTION NO: 234 Which of the following types of authentication BEST describes providing a username. Biometric C. Availability C. Multifactor Answer: D QUESTION NO: 235 A. password and undergoing a thumb print scan to access a workstation? A. Answer: B QUESTION NO: 237 Using software on an individual computer to generate a key pair is an example of which of the following approaches to PKI architecture? "Pass Any Exam. the user is rerouted to a protest webpage. a replay attack.actualtests. Non-repudiation B.

D. Minimizing development cost. Active prevention C.co m 84 . C.www. Any Time. Contact the employee's supervisor regarding disposition of user accounts D. Disable the employee's user accounts and keep the data for a specified period of time." .CompTIA SY0-101: Practice Exam A. Which of the following would be the BEST action to take? A. B. Disable the employee's user accounts and delete all data. Enumerating D. Passive detection tua lTe Which of the following BEST describes the baseline process of securing devices on a network infrastructure? sts . Using an independent security instructor.actualtests. Answer: A "Pass Any Exam. Decentralized C. Creating security awareness posters and notices. Distributed key B. Hardening B. Change the employee's user password and keep the data for a specified period. Centralized Answer: B QUESTION NO: 238 A representative from the human resources department informs a security specialist that an employee has been terminated. C. Hub and spoke D. Answer: A QUESTION NO: 239 Answer: A QUESTION NO: 240 Which of the following would be MOST important when designing a security awareness program? A. Conducting user training sessions.com Ac A. B.

where it can replicate and spread past security systems into other systems. Disk storage consumption Answer: D QUESTION NO: 242 A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. During the 80's and early 90's most viruses were activated when you booted from a floppy disk. Which of the following network devices should be used? A. Any Time. Smurf D. A computer virus is a replication mechanism.www. Firewall C. A computer virus is a find mechanism." . A computer virus is a learning mechanism. Memory starvation C. connection mechanism and can integrate. Answer: D Explanation: Replication mechanism: To replicate a virus needs to attach itself to the right code. contamination mechanism and can exploit. Router B. Activation mechanism: Most viruses require the user to actually do something.co m . initiation mechanism and can propagate.actualtests. C. Switch D. activation mechanism and has an objective. CPU starvation B.com 85 Ac tua lTe sts . B. or inserted a new "Pass Any Exam.CompTIA SY0-101: Practice Exam QUESTION NO: 241 Open FTP file shares on servers can facilitate which of the following types of attacks? A. A. D. A computer virus is a search mechanism. Hub Answer: C QUESTION NO: 243 Choose the statement which best defines the characteristics of a computer virus.

co m .com.CompTIA SY0-101: Practice Exam floppy disk into an infected drive. Objective: many viruses have no objective at all. one firewall and one VPN B. QUESTION NO: 244 A demilitarized zone (DMZ) is a network segment that can be created by using: A. hog up memory. but some have the objective to delete data. Any Time. Packet sniffing. and they require the user to execute. D. Answer: A Explanation: Since only clear unencrypted text is being sent across the world through multitudes of WAN equipment and routers. it is easy for someone to sniff your conversation and eavesdrop on every single word you type. one router and one firewall C. You must implement an authentication protocol that uses only encrypted passwords during the authentication process.actualtests. B. Kerberos "Pass Any Exam. Port scanning.com 86 Ac tua lTe sts . Cryptanalysis. Reverse engineering. QUESTION NO: 246 You work as the security administrator at Certpaper . Which is it? A. or crash the system. two firewalls Answer: D QUESTION NO: 245 An attacker can use a specific method to exploit the clear-text attribute of Instant-Messaging sessions.www. Choose the authentication protocol that accomplishes this. Nowadays most computer virus's come as email forwards. A. two routers D. C." .

packet sniffing D. Any Time. D.www. Answer: B QUESTION NO: 248 A. Disaster planning C.CompTIA SY0-101: Practice Exam B. QUESTION NO: 247 Which of the following would be the BEST reason for certificate expiration? A. Acceptable use policies "Pass Any Exam. Brute force techniques are likely to break the key if given enough time. phishing B. The longer an encryption key is used the more processing power it will consume. User education and awareness training B. It provides for on-demand authentication within an ongoing data transmission.actualtests.com Ac tua . The challenge response uses a hashing function derived from the Message Digest 5 (MD5) algorithm. This would BEST be described as: lTe sts . PPTP (Point-to-Point Tunneling Protocol) D. a hoax Answer: A QUESTION NO: 249 Sending a patch through a testing and approval process is an example of which of the following? A. B. CHAP (Challenge Handshake Authentication Protocol) Answer: D Explanation: CHAP is commonly used to encrypt passwords. SMTP (Simple Mail Transfer Protocol) C." .A user has received an email from a mortgage company asking for personal information including bank account numbers. C. that is repeated at random intervals during a session. To keep the server from using the same key for two sessions. spam C. Renewal keeps the log files from getting too large.co m 87 .

signature-based D. A." . B. Worm QUESTION NO: 251 Answer: B QUESTION NO: 252 All of the following monitoring types evaluate pre-specified conditions EXCEPT: (Select TWO). Change management Answer: D QUESTION NO: 250 Which of the following BEST describes a set of programs and code that allows an undetectable presence on a system with administrative rights? A. Rootkit D.CompTIA SY0-101: Practice Exam D.com Ac tua A. anomaly-based Answer: A.www. Virus C.actualtests. Browser trust-list B. performance-based E. Any Time. Web-of-trust C. behavior-based. Single certificate authority (CA) D.E "Pass Any Exam. Hierarchical lTe sts Which of the following trust models would allow each user to create and sign certificates for the people they know? . rate-based C.co m Answer: C 88 . Trojan horse B.

actualtests. System files Answer: C QUESTION NO: 256 Choose the ports that are used to access the FTP (File Transfer Protocol) protocol." . Ports 20 and 21. User date B. Sharing the password with a family member and asking the family member not to reveal the password.co m . B. D. C. System state D. "Pass Any Exam. Birthday B. Dictionary D. Ports 80 and 443.CompTIA SY0-101: Practice Exam QUESTION NO: 253 Which of the following methods of documenting and storing a password is considered acceptable? A.www. Brute force C. Any Time. Answer: C QUESTION NO: 254 Which of the following methods of password guessing typically requires the longest attack time? A. Writing the password on a note and placing the note under the computer keyboard. Writing the password on a piece of paper and storing the paper in a locked safe. Operating system C.com 89 Ac tua QUESTION NO: 255 lTe sts . Placing the password in a text document and saving the document on the system administrator's computer. Rainbow Answer: B Which of the following needs to be backed up on a domain controller to be able to recover Active Directory? A. A. B.

they would be more likely to think about them.actualtests. they associate that ask for help for every legitimate cry for help. law of reciprocity. So by consistency. and times when they needed help themselves and were helped. port 20 is the data port and port 21 is the command port. By availability. and law of consistency. D.www.CompTIA SY0-101: Practice Exam C.com Ac Answer: B tua A. Multiple logins are allowed lTe Which of the following is a major reason that social engineering attacks succeed? sts . Answer: A Explanation: In basic FTP operations. D." . they feel the urge to help others again the way they've helped out somebody in the past. guidelines and enforcement. Ports 21 and 23. If an awareness program were to be implemented where employees could be aware of social engineering tactics. With this knowledge in intuition. QUESTION NO: 257 Human resource department personnel should be trained about security policy: A. Audit logs are not monitored frequently B. an employee will make a smarter decision. so essentially they're being a good Samaritan. Lack of security awareness C. Ports 20 and 80. Strong passwords are not required D. implementation C. monitoring and administration Answer: C QUESTION NO: 258 Explanation: Social engineering attacks work because of the availability heuristic. and be more suspect of an attack when someone does ask for a favor. when someone asks for help. Any Time. B. In the past people have had experiences where a co-worker with a legitimate problem asked for help and been grateful for it.co m 90 . "Pass Any Exam. maintenance.

There have been ongoing discussions about this problem (called "FTP bounce") for several years. Create an in-depth defense Answer: A QUESTION NO: 260 You work as the security administrator at Certpaper .html QUESTION NO: 261 Which of the following types of IDS should be employed to obtain the MOST information about the enterprise? A.www. This implementation would violate which of the following security principles? A. Use a device as intended B.com Ac Explanation: In some implementations of FTP daemons. Keep the solution simple C.org/advisories/CA-1997-27. Address internal threats D. Any Time. the PORT command can be misused to open a connection to a port of the attacker's choosing on a machine that the attacker could not have accessed directly. The attack aims to establish a connection between the FTP server and another computer. tua lTe sts . The attack aims to reboot the FTP server. D.actualtests. Unix based B. B.CompTIA SY0-101: Practice Exam QUESTION NO: 259 A company implements an SMTP server on their firewall. For more detailed information on this FTP Bounce attack refer to the hyperlink. The attack aims to store and distribute malicious code." . and some vendors have developed solutions for this problem. The attack aims to exploita buffer overflow vulnerability on the FTP server. Server based "Pass Any Exam. C. You are investigating the consequences of networks attacks aimed at FTP servers. Answer: C Reference: http://www.com.co m 91 . Which of the following states the aim of a FTP (File Transfer Protocol) bounce attack? A.cert.

Network based D.www." .com Ac What is the primary security risk associated with removable storage? tua lTe sts . A. Integrity B.CompTIA SY0-101: Practice Exam C. Availability Answer: C QUESTION NO: 264 A programming mechanism used to allow administrative access while bypassing the usual access control methods is known as a: "Pass Any Exam. Confidentiality C. Any Time.co m 92 .actualtests. E. Continuity D. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization.E QUESTION NO: 263 A. User accounts reports are periodically extracted from systems and end users are informed. User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes. Host based Answer: C Explanation: A network based Intrusion Detection System is not limited to a single server or network segment like a host based IDS. User account reports are periodically extracted from systems and employment verification is performed. B. User accounts reports are periodically extracted from systems and user access dates are verified C. D. it monitors all the traffic over the entire network QUESTION NO: 262 Which of the following BEST describes actions pertaining to user account reviews? (Select TWO). Answer: C.

software exploit D. Any Time. back door Answer: D QUESTION NO: 265 PKI provides non-repudiation by providing third-party assurance of certificate: A. logic bomb C. destruction B.actualtests. C. B. revocation C. expiration Answer: C Which is a BEST practice method to assign rights and privileges? A.www. By network B. D. By individual C.com." .co m 93 .CompTIA SY0-101: Practice Exam A. First investigate the e-mail message as a possible hoax with a trusted anti-virus vendor. You must document the procedure for handling computer virus infections. First broadcast a message to the all users to alert them of the presence of a virus. Trojan horse B. By location Answer: B QUESTION NO: 267 You work as the security administrator at Certpaper .com Ac tua lTe sts QUESTION NO: 266 . First search for and delete the virus file. "Pass Any Exam. validation D. By group D. Choose the action which you should specify to perform when receiving an e-mail message warning of the existence of a virus on the system if a specific executable file exists? A. First locate and download a patch to repair the file.

and they will have details on their sites. mitigation B. the wrong file can be deleted.co m 94 . The act of locating and downloading a patch isn't just time consuming. McAfee. The process of predicting threats and vulnerabilities to assets is known as threat: A. and perhaps terrorizing the users is the original intent of the attack. are encrypted D. are digitally signed C. use a token B. and worst of all: when you delete a file it doesn't really get completely deleted. modeling C.CompTIA SY0-101: Practice Exam Answer: D Explanation: If a virus threat is for real. are time stamped Answer: D "Pass Any Exam. in Kerberos authentication will not be successful because the tickets: A.actualtests.com Ac tua lTe sts QUESTION NO: 268 .www. the major anti-virus players like Symantec. One can miss a file. or the process of resetting the computer could activate the virus. avoidance. but its also ineffective. instead it gets sent to a 'recycle bin." . D.' Broadcasting an alert and creating panic isn't the right thing to do. but there's a chance that the patch itself could be the virus. Incorrect answers: Searching for and deleting a file is not only a waste of time with today's OS's complex directory systems. Answer: B QUESTION NO: 269 Reusing a ticket. acceptance. the file could be hidden. Any Time. as a replay attack. or Sophos will know about it before you. because it will waste bandwidth.

Alameda . and they will become widely used over the next few years.com Ac tua lTe sts . Implementations have been limited in many applications because of the high cost associated with these technologies. While browsing the retailer's web site. The user later observes unknown charges on the credit card bill and has not received the purchased items. Check for shipping delays for the requested items. Privatekeys can be compromised. Be sure that a URL is secure before entering personal information. Sybex ." . Reference: Mike Pastore and Emmett Dulaney . Tokens D. p 265 QUESTION NO: 271 Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication? A. "Pass Any Exam.CompTIA SY0-101: Practice Exam QUESTION NO: 270 Choose the method of authentication which is the most COSTLY method.actualtests. Many companies use smart cards as their primary method of access control. 2nd Edition. Weak encryption can be easily broken B. the user wants to purchase an item and enters the credit card information.co m 95 . A user must trust the public key that is received Answer: D QUESTION NO: 272 A user accesses a retailer from an Internet search. 2004. Passwords Answer: B Explanation: Biometrics These technologies are becoming more reliable. Which of the following actions should the user take? A. Biometrics C. A.www. B. Security+ Study Guide . It is subject to a man-in-the-middle attack C. D. Any Time. Shared secrets B.

20 QUESTION NO: 274 Answer: D.www. Configuring the Start menu and Desktop. Applying patches lTe sts Which of the following are components of host hardening? (Select TWO) . Answer: B "Pass Any Exam. Disabling unnecessary services E.E QUESTION NO: 275 An SMTP server is the source of email spam in an organization. Answer: A QUESTION NO: 273 Which of the following protocols is used by Encapsulating Security Payload (ESP) in IPSec? A. B. Anonymous relays have not been disabled. D.com Ac tua A." . X.400 connectors have not been password protected. C. Type the retailer's web address directly into the URL in the future D. The administrator account was not secured. Limit the number of times online purchases are made monthly. Remote access to the email application's install directory has not been removed. Adding users to the administrator group D. 51 D. Any Time.CompTIA SY0-101: Practice Exam C.co m Answer: A 96 . Removing a user access to the user data B. 50 B. Which of the following is MOST likely the cause? A. C.actualtests. 25 C.

Give the caller a supervisor's name and telephone number to request authority to expedite the request.CompTIA SY0-101: Practice Exam QUESTION NO: 276 Which of the following would be the BEST step to take to stop unauthorized users from targeting a wireless network with a site survey? (Select TWO). D. blocking unwanted incoming traffic C. however. developing a firewall policy D. Using a switch rather than a hub. Expedite the request since the caller's identity has been verified. Any Time.com Ac tua lTe sts . A. B. The caller is knowledgeable about the company and the caller's name is listed in the company telephone and email directory.actualtests. Answer: B. D.www. blocking unwanted outgoing traffic B. Follow established procedures and report any abnormal incidents. Ask a supervisor for permission to deviate from established procedures due to the emergency Answer: C QUESTION NO: 278 The first step in effectively implementing a firewall is: A. Broadcasting a false domain name. the caller claims there is an emergency and asks that the request be expedited. C. Which of the following would be the BEST action for the employee to take? A." .C QUESTION NO: 277 An employee receives a request from a person claiming to be an employee at a remote office location. Disabling SSID broadcasting.co m 97 . B. protecting againstDDoS attacks Answer: C Explanation: What good is a firewall without any kind of policy or configuration policy to be implemented? "Pass Any Exam. Changing the default SSID. E. C. Physically locking the WAP.

A replay attack C.CompTIA SY0-101: Practice Exam QUESTION NO: 279 Which of the following logs shows when the workstation was last shutdown? A.www. Security C. DHCP Answer: C QUESTION NO: 280 Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? A. A man-in-the-middle attack B. Renew the key C. Delete the key Answer: A QUESTION NO: 281 A.actualtests.co m 98 .com Ac Which of the following describes an unauthorized user redirecting wireless network traffic from the intended access point to a laptop to inject a packet with malware? tua lTe sts ." . A: Social engineering D. Access B. Reconfigure the key D. Revoke the key B. Any Time. System D. A weak key Answer: A QUESTION NO: 282 The difference between identification and authentication is that: "Pass Any Exam.

Intranet D.CompTIA SY0-101: Practice Exam A. Demilitarized zone (DMZ) B. A.co m . C. Encapsulating Security Payload (ESP) B. Any Time. D.com 99 Ac A." . authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials. Secure Key Exchange Mechanism for Internet (SKEMI) C. Answer: C QUESTION NO: 283 Which of the following describes a semi-trusted location used to securely house public facing servers between the Internet and the local network? A. authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group. VPN Answer: A QUESTION NO: 284 Answer: A QUESTION NO: 285 After establishing a tunnel. Algorithm used tua Which of the following would be MOST desirable when attacking encrypted data? lTe sts . Sniffed traffic C. the IPSec Protocol Suite uses which of the following specific protocols for securing the data packet? (Select TWO). B. authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials.actualtests. Block cipher D. Weak key B. Oakley "Pass Any Exam. authentication verifies a set of credentials while identification verifies the identity of the network. VLAN C.www.

IPSec can use AH or ESP. To perform penetration testing on the DNS server C. E-mail hoaxes tend to encourage malicious users. E-mail hoaxes consume large quantities of server disk space. and whether it is a computer virus or a blind. Any Time. 2nd Edition.co m 100 . p 371 QUESTION NO: 286 From the list of options. C.E Explanation: IPSec is a security protocol that provides authentication and encryption across the Internet.www. as well as panic in users that are not technically inclined. To control unauthorized DNSDoS D.CompTIA SY0-101: Practice Exam D. Security+ Study Guide . B. A. tua lTe sts .D have a degree of truth to them. crippled. Email hoaxes often create unnecessary traffic because they ask users to forward an email to everyone in address book.actualtests. D.C. Answer: C QUESTION NO: 287 Which of the following is a reason to implement security logging on a DNS server? A. Alameda . To monitor unauthorized zone transfers B. E-mail hoaxes can result in buffer overflows on the e-mail server. cancer victim child suffering from Herpes it creates undue panic and emotion in the work setting. starving. To measure the DNS server performance Answer: A "Pass Any Exam." . Reference: Mike Pastore and Emmett Dulaney . Sybex .com Ac Explanation: Although answer choices B . Authentication Header (AH) Answer: A. E-mail hoaxes create unnecessary e-mail traffic. chose the primary attribute associated with e-mail hoaxes. 2004. the BEST answer is A. Internet Security Association and Key Management Protocol (ISAKMP) E.

To analyze the various network traffic with protocol analyzers B.com Ac Which of the following is a security reason to implement virtualization throughout the network infrastructure? tua lTe sts A. identity verification methods C.CompTIA SY0-101: Practice Exam QUESTION NO: 288 The risks of social engineering can be decreased by implementing: (Select TWO) A. risk assessment policies D. To centralize the patch management of network servers D. 101 . To isolate the various network services and roles Answer: D QUESTION NO: 291 Giving each user or group of users only the access they need to do their job is an example of which of the following security principals? "Pass Any Exam." .D. Confidentiality F.B QUESTION NO: 289 Answer: C. Any Time.www.F QUESTION NO: 290 A. Encryption C. vulnerability testing techniques E.actualtests. Authentication D. Integrity . operating system patching instructions Answer: A. security awareness training B.co m Which of the following security services are provided by digital signatures? (Select THREE). Non-repudiation E. Authorization B. To implement additional network services at a lower cost C.

Plain text documents. The infected system includes an attachment to any email that you send to another user. Executable files. Defense in depth Answer: C QUESTION NO: 292 Which of the following types of servers should be placed on a private network? A. 2nd Edition. D. Web server Answer: B Which of the following should be scanned for viruses? A.actualtests. Any Time.www. Microsoft Word documents. The recipient opens this file thinking it is something you legitimately sent them. Many times the virus is in an executable attachment. the virus infects the target system. Reference: Mike Pastore and Emmett Dulaney . Access control C. Sybex . All of the above. C. Security+ Study Guide . When they open the file. Answer: A Explanation: Many newer viruses spread using email. Separation of duties B. File and print server C. p 78 QUESTION NO: 294 "Pass Any Exam. B. Least privilege D.com Ac tua lTe sts QUESTION NO: 293 . Remote Access Server (RAS) D.co m 102 ." . Email server B. Alameda . 2004.CompTIA SY0-101: Practice Exam A.

co m 103 . are not visible to an IDS F. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? tua QUESTION NO: 296 lTe sts . provide root level access E.CompTIA SY0-101: Practice Exam Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media? A. Extranet D.F A. Full B. Differential C. are not typically configured correctly or secured Answer: C." . sustain attacks that go unnoticed D.com Ac A company wants to connect the network to a manufacturer's network to be able to order parts.www. consume less bandwidth B. Incremental D. decrease the surface area for the attack C. Intranet B. Delta Answer: B QUESTION NO: 295 Non-essential services are often appealing to attackers because non-essential services: (Select TWO) A. Scatternet C.actualtests. VPN Answer: C QUESTION NO: 297 The IPSec Security Association is managed by "Pass Any Exam. Any Time.

CompTIA SY0-101: Practice Exam A. Security+ Study Guide . ISAKMP Answer: D QUESTION NO: 298 Which of the following actions can an attacker perform when network services are enabled on a target system? A. Many routers. D.co m 104 . p 69 tua Explanation: A TCP/IP network makes many of the ports available to outside users through the router. Alameda . MD5 because it produces fewer numbers of collisions. unless configured appropriately." . MD5 because it produces 160-bits message digests C. and it can reveal a great deal about your network. Sybex . Port scans can be performed both internally and externally. An attacker can run a port scan against the target system. RC4 because it produces 160-bits message digests Answer: B "Pass Any Exam.www. ESP D. lTe sts . Answer: A QUESTION NO: 299 Which of the following is a suitable hashing algorithm for a secure environment? A. An attacker can install arootkit on the target system. 2nd Edition. C. An attacker can check the services file.actualtests. AH C. SHA-1 because it produces 160-bits message digests. This process is called port scanning. IEEE B. Any Time. An attacker can enable logging on the target system. B. These ports will respond in a predictable manner when queried.com Ac Reference: Mike Pastore and Emmett Dulaney . will let all of the protocols pass through them. 2004. An attacker can systematically query a network to determine which services and ports are open. B. D.

"Pass Any Exam. Change this if you want but in the SYN flood the hacker sends a SYN packet to the receiving station with a spoofed return address of some broadcast address on their network. SYN attack C. 32 B. 128 D. The receiving station sends out this SYN packets (pings the broadcast address) which causes multiple servers or stations to respond to the ping. choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network? A. virus D.co m . 160 C.com 105 Ac tua lTe sts . logic bomb Answer: A QUESTION NO: 302 From the listing of attacks. worm B.www. Smurf attack B. Birthday attack D. The receiving station tries to respond to each SYN request for a connection. thereby tying up all the resources. Therefore. All incoming connections are rejected until all current connections can be established.CompTIA SY0-101: Practice Exam QUESTION NO: 300 How many characters is the output of a MD5 hash? A.actualtests. 64 Answer: A QUESTION NO: 301 Malicious software that travels across computer networks without user assistance is an example of a: A. Any Time. Trojan hors C. thus overloading the originator of the ping (the receiving station). Buffer Overflow attack Answer: B Explanation: SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets." .

Alameda . Security+ Study Guide . Web certificate B." . Sybex . sts . p 530 QUESTION NO: 303 While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in. Which of the following BEST describes this type of certificate? A. Certificate Authority (CA) certificate D. Software publisher certificate C. Which of the following BEST describes this document? "Pass Any Exam.com 106 Ac Which of the following authentication methods requires that the client authenticate itself to the server and the server authenticate itself to the client? tua lTe Explanation: This is not discussed in the book so much. Biometric Answer: B QUESTION NO: 305 A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems.www.CompTIA SY0-101: Practice Exam the hacker may send only 1 SYN packet. 2004.co m . Server certificate Answer: B QUESTION NO: 304 A. whereas the network of the attacked station is actually what does the barrage of return packets and overloads the receiving station. 2nd Edition. Any Time. Username/password B. but you can find online more information on software publisher certificate. The answer B is correct.actualtests. Multifactor D. Mutual C. Reference: Mike Pastore and Emmett Dulaney . The pop-up window is a certificate which validates the identity of the plug-in developer.

Due diligence form Answer: B QUESTION NO: 306 MITRE and CERT are: A.actualtests. Authorized Access Policy D." . Write an LDAP query. Develop a security policy B. Privacy Act of 1974 B.CompTIA SY0-101: Practice Exam A.co m 107 . Piggybacking B. C. virus and malware cataloging organizations. spyware and virus distributing software B. double entry doors and security guards are all prevention measures for which of the following types of social engineering? A. anti-virus software companies. Answer: C Answer: A QUESTION NO: 308 Turnstiles. Looking through a co-worker's trash to retrieve information C. D. Any Time. Review the domain accounts D. Rename the system administrator account C. Acceptable Use Policy C. lTe Which of the following would be the FIRST step to take to mitigate the threat of non-essential domain accounts? sts QUESTION NO: 307 . Looking over a co-workersshould'er to retrieve information Answer: A "Pass Any Exam. Impersonation D.com Ac tua A.www. virus propagation monitoring utilities.

and waits for an unknowing authorized user to enter. B.com 108 Ac tua A newly hired security specialist is asked to evaluate a company's network security. The security specialist discovers that users have installed personal software. Password management D.CompTIA SY0-101: Practice Exam Explanation: Piggybacking is an espionage tactic commonly used in the movies. Any Time. Enforce the security policy. The hero or the villain hides by a secure entrance. When the authorized user enters.www. Foam Answer: C A. Answer: B QUESTION NO: 311 Which of the following would be an easy way to determine whether a secure web page has a valid certificate? A. C. the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Carbon Dioxide B. Halon C. "Pass Any Exam.actualtests. Ensure that the web URL starts with 'https:\\'.co m . where the authorized user will try to do the right thing. Which of the following would be the FIRST step to take? lTe QUESTION NO: 310 sts . Disable non-essential services." . Water D. Other forms of piggybacking take advantage of human altruism. Install software patches. and prop the door open for them. QUESTION NO: 309 Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment? A. An unauthorized person will put on a disguise and carry a heavy box to the door. they use stealth to sneak behind them and gain access without the authorized user even knowing. Right click on the lock at the bottom of the browser and check the certificate information B.

Physical Layer B. EAP B. D. SPAP QUESTION NO: 313 Answer: D QUESTION NO: 314 The SSL (Secure Sockets Layer) protocol operates between specific layers of the OSI (Open Systems Interconnection) reference model. Transport Layer E.9. A. Network Layer D. Which is it? Choose all correct answers. Any Time. B. SSL has enabled the Apache service with no virtual hosts configured C. Sendmail is configured to allow the administrator's web access. C.co m Answer: A . LDAP C. Contact the web page's web master Answer: A QUESTION NO: 312 Which of the following protocols works with 802.actualtests.8a is installed and configured for remote administration.D Explanation: "Pass Any Exam. ContactThawte or Verisign and ask about the web page D. CHAP D. Application Layer.CompTIA SY0-101: Practice Exam C.www. SSH with version 0.1X to authenticate a client to a network? A. lTe sts Which of the following daemons is MOST likely to be the cause if an unauthorized user obtains a copy of a Linux systems /etc/passwd file? . Data Link Layer Answer: B.com 109 Ac tua A." . FTP configures to allow anonymous user access.

D. SLA. VPN Answer: B QUESTION NO: 317 The purpose of the SSID in a wireless network is to: A. define the encryption protocols used. Which of the following steps should the specialist take? A. Answer: A QUESTION NO: 318 "Pass Any Exam. BCP. secure the WAP D. protect the client C.actualtests. so naturally it operates between the top two layers of the OSI model. C. The source has published the MD5 hash values for the executable program.CompTIA SY0-101: Practice Exam SSL is associated with secure transactions (credit card purchases and online banking) over your web browser.com 110 Ac tua lTe sts . D. Install the executable program because there was probably a mistake with the MD5 value. Re-run the anti-virus program to ensure that it contains no virus execute B. C." . identify the network B.co m . Ignore the MD5 hash values because the values can change during IP fragmentation. The specialist performs a successful virus scan on the download but the MD5 hash is different. Avoid executing the file and contact the source website administrator Answer: D QUESTION NO: 316 An end-to-end traffic performance guarantee made by a service provider to a customer is a: A. QUESTION NO: 315 A security specialist has downloaded a free security software tool from a trusted industry site. DRP. Any Time.www. B.

p 432 lTe Explanation: The key word is decentralized.com 111 Ac tua Reference: Mike Pastore and Emmett Dulaney . so the best answer would be B. User accounts and passwords are stored on no more than two servers.CompTIA SY0-101: Practice Exam To preserve evidence for later use in court. Audit trail of systems usage D. 2nd Edition. Chain of certificates Answer: B QUESTION NO: 319 Which of the following coorectly specifies where user accounts and passwords are stored in a decentralized privilege management environment? A. B. C.www. which of the following needs to be documented? A. Salt B. Any Time.actualtests. 2004. Larger key space D. User accounts and passwords are stored on each individual server. User accounts and passwords are stored on a server configured for decentralized management. Disaster recovery plan B. Rainbow Table C. Sybex . Increase the input length Answer: A QUESTION NO: 321 "Pass Any Exam. Alameda .co m . User accounts and passwords are stored on a central authentication server." . Chain of custody C. sts . D. Security+ Study Guide . Answer: C QUESTION NO: 320 Which of the following increases the collision resistance of a hash? A.

What guidelines do they use? A. File integrity auditing D. Host based intrusion detection Answer: C QUESTION NO: 322 Computer forensics experts use specific guidelines to gather and analyze data while minimizing data loss. object identifiers. Reference: Mike Pastore and Emmett Dulaney . 2004. Stateful packet filtering C.actualtests.CompTIA SY0-101: Practice Exam Which of the following describes the process of comparing cryptographic hash functions of system executables. User's public key. Chain of command C. Evidence D.co m 112 .com Ac tua lTe sts . and the location of the user's electronic identity B. 2nd Edition. the Certificate Authority (CA) distinguished name." . the serial number of the CA certificate. p 457 QUESTION NO: 323 Which of the following correctly identifies some of the contents of an end user's X. Sybex . the certificate's serial number. Incident response Answer: A Explanation: The chain of custody is a log of the history of evidence that has been collected. and the Certificate Revocation List (CRL) entry point C. This log should catalog every event from the time the evidence is collected. and log files? A. Network based intrusion detection B. User's public key. Any Time. A: User's public key. Security+ Study Guide . configuration files. Alameda . Chain of custody B. User's public key. and the certificate's validity dates "Pass Any Exam. and the type of symmetric algorithm used for encryption D.www.509 certificate? A.

together with an algorithm identifier which specifies which public key crypto system this key belongs to and any associated key parameters.509 standard defines what information can go into a certificate.500 name of the entity that signed the certificate. in addition to the signature: QUESTION NO: 324 A. Validity Period Subject Name Subject Public Key Information This is the public key of the entity being named. Signature Algorithm Identifier Issuer Name The X. B." .co Version Serial Number The entity that created the certificate. m 113 .actualtests.509 certificates have the following data. and describes how to write it down (the data format).CompTIA SY0-101: Practice Exam Answer: D Explanation: The X. A courier x-raying the contents Answer: B QUESTION NO: 325 A workstation is being used as a zombie set to attack a web server on a certain date. All X. Timely restore of lost data D. The infected workstation is MOST likely part of a: A. Theft of the media C.gov/pki/panel/santosh/tsld002. DDoS attack. is responsible for assigning it a serial number to distinguish it from other certificates it issues. Any Time. This is normally a CA. "Pass Any Exam.nist. Using this certificate implies trusting the entity that signed this certificate.htm .com Ac tua Which of the following may be a security issue during transport of stored tape media to an offsite storage location? lTe sts Reference: http://csrc. Corruption of the media B. TCP/IP hijacking. the CA.www.

choose the disadvantage of implementing an IDS (Intrusion Detection System).www. A. False positives.CompTIA SY0-101: Practice Exam C." . QUESTION NO: 328 Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data. Install and monitoran IDS C. Asymmetric scheme "Pass Any Exam. A. man-in-the-middle attack.actualtests. Administration B. D. C. Decrease in throughput. If this happens too often then the IDS is not working properly. Any Time. Run a port scan Answer: A From the options. spoofing attack. D. Perform a vulnerability assessment B. Answer: A QUESTION NO: 326 Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network? A. . Compatibility.co m . Answer: C Explanation: A false positive is when legitimate traffic is picked up as an intruder.com 114 Ac tua lTe QUESTION NO: 327 sts Explanation: Performing a vulnerability assessment is one of the most effective way to find holes in the network. Symmetric key distribution system B. The other answers limit your assessment. Run a sniffer D.

NESSUS D. if a threat becomes known. Asymmetric key distribution system D." . NetStumbler Answer: D QUESTION NO: 331 Default passwords in hardware and software should be changed: A.actualtests.www. D. MAC addresses are a secure authentication mechanism and DTP allows only authenticated users. Symmetric scheme Answer: B QUESTION NO: 329 A company wants to implement a VLAN. when the vendor requires it D. "Pass Any Exam. B. MAC addresses are a secure authentication mechanism and DTP allows rogue network devices to configure ports. Which of the following issues should be discussed with senior management before VLAN implementation? A. S/MIME C.com Ac tua lTe sts Answer: B . Senior management believes that a VLAN will be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocol (DTP) will facilitate network efficiency. once each month C. QUESTION NO: 330 A common tool used for wireless sniffing and war driving is: A.co m 115 .CompTIA SY0-101: Practice Exam C. when the hardware or software is turned on. Sam Spade B. Any Time. MAC addresses can be spoofed and DTP allows rogue network devices to configure ports C. B. MAC addresses can be spoofed and DTP allows only authenticated users.

WireShark D.CompTIA SY0-101: Practice Exam Answer: D QUESTION NO: 332 Which of the following is a protocol analyzer? A. Nessus C. Extranet D. Any Time.co Which of the following is MOST often used to allow a client or partner access to a network? m 116 . VLAN C. Penetration testing C. Networkmapper Answer: D QUESTION NO: 335 Controlling access to information systems and associated networks is necessary for the preservation of their: "Pass Any Exam." .www. Demilitarized zone (DMZ) B.actualtests. Intranet .com Ac Which of following can be used to determine the topology of a network and discover unknown devices? tua lTe sts A. Vulnerability scanner D. Password crackers B. John the Ripper B. Cain & Abel Answer: C QUESTION NO: 333 Answer: C QUESTION NO: 334 A.

Processor underutilization. QUESTION NO: 337 Choose the option that correctly specifies a likely negative technical impact of receiving large quantifies of spam. integrity and availability referred to as the CIA of network security. Increased network throughput. Reference: Mike Pastore and Emmett Dulaney .co m . monitor and analyze traffic. hackers use it to capture data. There legitimate purpose is to find traffic flow problems and bottlenecks for the sake of network optimization. C. confidentiality. "Pass Any Exam. Alameda . DoS (Denial of Service). Smurfer B. Reduction in hard drive space requirements. authenticity. confidentiality. availability and accountability. B. D. Security+ Study Guide . authenticity. Spoofer sts Which of the below options would you consider as a program that constantly observes data traveling over a network? . Sniffer D. Fragmenter C. The accountability is equally important. 2004.www.actualtests. integrity and availability D. integrity. 2nd Edition. You will often see the confidentiality. to use in replay attacks. Sybex . C. confidentiality and availability B. However. A. integrity and availability Answer: C Explanation: The design goals of a security topology must deal with issues of confidentiality.com 117 Ac tua lTe A." . p 22 QUESTION NO: 336 Answer: C Explanation: Packet sniffers are used to capture. integrity and availability.CompTIA SY0-101: Practice Exam A. Any Time.

Photo ID and PIN B. The system resources required to: process. Each operating system will quote definite amount of message to the ICMP error messages. lTe sts . which analyzes how the operating system (OS) responds to specific network traffic.com Ac tua Explanation: Fingerprinting is the act of inspecting returned information from a server ( ie . thus denying service. it is possible for some users to receive over a hundred unsolicited emails a day! If every user on a network received that much email. ATM card and PIN C. Answer: C QUESTION NO: 339 Which of the following is an example of two-factor authentication for an information system? A. QUESTION NO: 338 From the listing of attacks. and store such email can potentially reduce a networks availability to zero. Fingerprinting D. in an attempt to determine the operating system running in your networking environment? A. Host hijacking. Any Time. One method is ICMP Message quoting where the ICMP quotes back part of the original message with every ICMP error message.actualtests. Reverse engineering. B.CompTIA SY0-101: Practice Exam Answer: A Explanation: In systems where no email filters are set up. Operating system scanning." .co m 118 . The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS. download.www. the human time necessary to sort through those emails will be Herculean. Retina scan and mantrap D. Username and password Answer: B "Pass Any Exam. C.

com Ac tua lTe sts . Conduct vulnerability analysis. Disable any unnecessary ports and services.CompTIA SY0-101: Practice Exam QUESTION NO: 340 Which of the following is the primary method of performing network hardening? A.www. B. Deploy a firewall and IDS D. Any Time.co m 119 .actualtests." . C. Develop a trust model Answer: A "Pass Any Exam.

Sign up to vote on this title
UsefulNot useful