CompTIA SY0-101

SY0-101 Security+

Practice Test
Version 3.0

CompTIA SY0-101: Practice Exam QUESTION NO: 1 A real estate company recently deployed Kerberos authentication on the network. Which of the following does Kerberos require for correct operation? (Select TWO). A. POP-3 B. Accurate network time C. Key Distribution Center D. Extranets E. SSL/TLS Answer: B,C

QUESTION NO: 2 401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE).401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE). A. Content B. TLSs C. Keys D. URLs E. CRLs F. Certificates Answer: A,D,F

QUESTION NO: 3

An administrator is selecting a device to secure an internal network segment from traffic external to the segment. Which of the following devices could be selected to provide security to the network segment? A. NIPS B. HIDS C. Internet content filter D. DMZ Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

2

CompTIA SY0-101: Practice Exam QUESTION NO: 4 Which of the following VPN implementations consists of taking IPv6 security features and porting them to IPv4? A. SSL B. IPSec C. L2TP D. PPTP Answer: B

QUESTION NO: 5

QUESTION NO: 6 Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software? A. Trojan horse B. Worm C. Virus D. Logic bomb Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

tua

lTe

Answer: A

sts

A. Role Based Access Control (RBAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Discretionary Access Control (DAC)

.co

m

A user is assigned access rights based on the function within the organization. This is a feature of which of the following types of access control models?

3

Mandatory Access Control (MAC) . Web bug Answer: B QUESTION NO: 10 Which definition best defines what a challenge-response session is? A.CompTIA SY0-101: Practice Exam QUESTION NO: 7 Which of the following would be MOST important to have to ensure that a company will be able to recover in case of severe environmental trouble or destruction? A.com 4 Ac tua lTe sts A." .actualtests. Rule Based Access Control (RBAC) B. Any Time. Persistent cookie D. Offsite storage Answer: B QUESTION NO: 8 Answer: B QUESTION NO: 9 Which of the following is often misused by spyware to collect and report a user's activities? A. Role Based Access Control (RBAC) C. Session cookie B.www. Alternate sites B. Fault tolerant systems D. in conjunction with the proper PIN (Personal Identification "Pass Any Exam. Disaster recovery plan C. A challenge-response session is a workstation or system that produces a random login ID that the user provides.co A task-based control model is an example of which of the following? m . Discretionary Access Control (DAC) D. when prompted. Tracking cookie C.

One Way Function B.www. Asymmetric D. A user is given a code (the challenge) which he or she enters into the smart card.com/TERM/C/challenge_response.actualtests. The smart card then displays a new code (the response) that the user can present to log in. Which of the following would achieve this goal? A.com Ac tua lTe QUESTION NO: 11 sts . Pseudorandom Number Generator (PRNG) Answer: A QUESTION NO: 12 An administrator wants to implement a procedure to control inbound and outbound traffic on a network segment. C. ACL C. D. HIDS B." . Any Time. A challenge-response session is a workstation or system that produces a random challenge string that the user provides. B. when prompted. Most security systems that rely on smart cards are based on challenge-response. Reference: http://www. Symmetric C. in conjunction with the proper PIN (Personal Identification Number). A challenge-response session is a special hardware device used to produce random text in a cryptography system.co m 5 . Answer: B Explanation: A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response).CompTIA SY0-101: Practice Exam Number).webopedia.html Which of the following describes a type of algorithm that cannot be reversed in order to decode the data? A. Proxy "Pass Any Exam. A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated.

5.www. dd Answer: C When reviewing traces from an IDS.com 6 Ac tua lTe sts . Denial of service (DoS) D.5. SYN Flood C.168.2.2 10.5. nmap B. B. Domain Name Service (DNS) "Pass Any Exam. the following entries are observed: Date Time Source IP Destination IP Port Type 10/21 0900 192.168.2.2 10.1 20 SYN 10/21 0915 192.10.168.1 25 SYN Which of the following is MOST likely occurring? A. SNMP (Simple Network Management Protocol)." .2 10.actualtests.10.1 23 SYN 10/21 0930 192.2.10. NESSUS C.2 10. Expected TCP/IP traffic Answer: A QUESTION NO: 15 Which of the following protocols are not recommended due to them supplying passwords and information over the network? A. Port scanning B.2. tcpdump D.CompTIA SY0-101: Practice Exam D.5.co QUESTION NO: 14 m .168.10. Network News Transfer Protocol (NNTP) C.1 21 SYN 10/21 0920 192. Any Time. NIDS Answer: B QUESTION NO: 13 Which of the following freeware forensic tools is used to capture packet traffic from a network? A.

co QUESTION NO: 17 m . Symmetric key C. Security+ Study Guide .com 7 Ac tua A. VPN (Virtual Private Network) C. Sybex . Reference: Mike Pastore and Emmett Dulaney . Digital certificate B. Alameda . which is a tunneling protocol that can only work on IP networks because it requires IP connectivity? "Pass Any Exam. Internet Control Message Protocol (ICMP) Answer: A QUESTION NO: 16 Which of the following must be installed for HTTPS to work properly on a web site? A.actualtests. 3DES encryption D. 2004. p 372 QUESTION NO: 18 From the options.CompTIA SY0-101: Practice Exam D." . ISSE (Information Systems Security Engineering) lTe sts You work as the security administrator. You want to implement a solution which will provide a WLAN (Wireless Local Area Network) with the security typically associated with a wired LAN (Local Area Network): Which solution should you implement? . Any Time. Security token Answer: A Answer: A Explanation: Wired Equivalent Privacy is a wireless protocol designed to provide privacy equivalent to that of a wired network. 2nd Edition. WEP (Wired Equivalent Privacy) B. ISDN (Integrated Services Digital Network) D.www.

SSH C.www. Brute force D.actualtests. however. Not B: L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP). PPTP tunnels and/or encapsulates. Any Time." . Logic bomb C. L2TP protocol Answer: A Explanation: Point-to-Point Tunneling Protocol You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP). IPX. L2TP encapsulates Point-to-Point Protocol (PPP) frames. which in turn encapsulate IP. IP. Like PPTP. Spoofing Answer: A "Pass Any Exam. Virus D. PPTP protocol B.com 8 Ac tua A. or NetBEUI protocols inside of PPP datagrams PPTP does not require a dial-up connection. or NetBEUI protocols QUESTION NO: 19 Answer: A QUESTION NO: 20 Which of the following BEST describes an attack that takes advantage of a computer not fully updated with the most recent operating system patches? A.co m . Worm lTe A user downloads and installs a new screen saver and the program starts to rename and delete random files. Software exploitation B. IPX protocol D. Developed as an extension of the Point-to-Point Protocol (PPP). Which of the following would be the BEST description of this program? sts . require IP connectivity between your computer and the server. Trojan horse B. Vulnerability C.CompTIA SY0-101: Practice Exam A. IPX. It does.

Which of the following is this an example of? A. Answer: A QUESTION NO: 22 A companys security' specialist is securing a web server that is reachable from the Internet.com Ac tua lTe sts .C QUESTION NO: 23 A program allows a user to execute code with a higher level of security than the user should have access to.co m 9 ." . Router with firewall rule set Answer: B. Privilege escalation C. Host-based firewall D. A. DoS B. Default accounts D. Weak passwords Answer: B "Pass Any Exam. symmetrical B. Network-basedfirewal B. Network-based IDS E. Which of the following should the security specialist implement to secure the web server? (Select TWO).actualtests. Host-based IDS C.www. one way function. The web server is located in the core internal corporate network. replay D.CompTIA SY0-101: Practice Exam QUESTION NO: 21 Secret Key encryption is also known as: A. The network cannot be redesigned and the server cannot be moved. asymmetrical C. Any Time. Router with an IDS module F.

Clocks are used to ensure proper connections. Certificate Revocation List (CRL). B. conduct a follow-up vulnerability analysis B. Private Branch Exchange (PBX). Any Time." . If the timestamp is not close enough to the current time (typically within five minutes) then the authenticator is rejected as invalid. update the baseline C. C. D. Terminal Access Controller Access Control System (TACACS).com 10 Ac tua QUESTION NO: 26 lTe Answer: D sts A. Clocks are used to generate the seed value for the encryptions keys. The authenticator contains the client's identity and a timestamp. D. The next step before placing the network back into operation would be to: A. C. Thus. test the essential functionality Answer: D QUESTION NO: 25 In a certificate hierarchy. Clocks are used to both benchmark and specify the optimal encryption algorithm. Clocks are used to ensure that tickets expire correctly.www.CompTIA SY0-101: Practice Exam QUESTION NO: 24 A security specialist has completed a vulnerability assessment for a network and applied the most current software patches. To insure that the authenticator is up-to-date and is not an old one that has been captured by an attacker. B. . Root Certifying Authority (Root CA). Answer: A Explanation: The actual verification of a client's identity is done by validating an authenticator. Kerberos requires your system clocks to be loosely synchronized (the "Pass Any Exam.co m . the ultimate authority is called the: For which reason are clocks used in Kerberos authentication? A.actualtests. perform penetration testing D. the timestamp in the authenticator is checked against the current time.

actualtests. Demilitarized zone (DMZ) C.html QUESTION NO: 27 Message authentication codes are used to provide which service? A. Hotfix B. Faultrecover QUESTION NO: 28 Answer: C QUESTION NO: 29 A company's web server needs to be accessible by remote users. business partners.co m Answer: B 11 .www. Patch template lTe sts Which of the following is an installable package that includes several patches from the same vendor for various applications? . External network segment Answer: B.C "Pass Any Exam. Any Time. Which of the following would be the BEST location for the web server? A. Key recovery B.faqs. Reference: http://www. Network perimeter D. but it can be adjusted in Version 5 to be whatever you want). and corporate users. Patch rollup C.org/faqs/kerberos-faq/general/section-22.com Ac tua A. Internal network segment B." .CompTIA SY0-101: Practice Exam default is 5 minutes. Integrity C. Service pack D. Acknowledgement D.

JavaScript.CompTIA SY0-101: Practice Exam QUESTION NO: 30 In order to secure web-based communications. Disable all unused features of the web browser. Any Time. PPP Answer: C. CGI scripts. B. which is considered the best method for securing a web browser? A. C. IPSec F. Deploy a filtering policy for unknown and illegal websites that you do not want users to access. the need to know C." . secure. Answer: B QUESTION NO: 32 Documentation describing a group expected minimum behavior is known as:Documentation describing a group? expected minimum behavior is known as: A. acceptable usage B. Blowfish encryption C.co m 12 . D. and within every users reach. Only use a VPN (Virtual Private Network) connection to connect to the Internet.D QUESTION NO: 31 From the recommendations below.www. and cookies all poise security concerns. since its simple. SSL uses: (Select TWO) A. Disabling them (which is as easy as setting your browser security level to High) is the best method of securing a web browser.com Ac Explanation: Features that make web surfing more exciting like: ActiveX. Java. Challenge Handshake Authentication Protocol (CHAP) B. Symmetric cryptography E. Do not upgrade web browsers because new versions have a tendency to contain more security flaws.actualtests. the separation of duties "Pass Any Exam. a code of ethics D. tua lTe sts . Public-key cryptography D.

need to know B. single sign-on Answer: D QUESTION NO: 36 "Pass Any Exam. Incremental backup Answer: D The authentication process where the user can access several resources without the need for multiple credentials is known as: A. decentralized management C. Delta backup B. Any Time. Full backup C.www.co m 13 . SOCKS D. D. NAT C. Differential backup D." . DNS Answer: B QUESTION NO: 34 Which of the following describes backing up files and software that have changed since the last full or incremental backup? A.actualtests. Discretionary Access Control (DAC).com Ac QUESTION NO: 35 tua lTe sts . Private addressing B.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 33 Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header? A.

B. D. QUESTION NO: 38 A VPN is needed for users to connect to a remote site and the VPN must be transparent to the user. Host to Gateway D. the server sends a message back to the client indicating a secure connection is needed.com Ac tua lTe sts . QUESTION NO: 37 WEP uses which of the following stream ciphers? A. RC2 Answer: B Explanation: NO XPLANATION. RC4 C. C. Host to Host B. Any Time. 3DES B. This protocol uses the handshake method. and then provides its IP (Internet Protocol) address for verification purposes." . IKE D.www. The server uses its digital certificate to identify itself to the browser.actualtests. Answer: A Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. The client then sends the server a certificate indicating the capabilities of the client.co m 14 . Gateway to Host C. The server displays the page requested by the user on the browser. Which of the following VPN models would be BEST to use? A. The session is secure after this process. When a connection request is made to the server.CompTIA SY0-101: Practice Exam From the options below. The server requests the user to produce the CRL (Certificate Revocation List). The server validates the user by checking the CRL (Certificate Revocation List). Gateway to Gateway "Pass Any Exam. The server then evaluates the certificate and responds with a session key and an encrypted private key. which represents the first action performed by an SSL (Secure Sockets Layer) enabled server when a user clicks to browse a secure page? A.

co m . server drive redundancy "Pass Any Exam. Common Gateway Interface (CGI) C. Network C. Application Answer: C Explanation: SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. so naturally it operates between the top two layers of the OSI model. offsite storage B. Cross-site scripting D. Which of the following types of vulnerabilities is occurring? A.com 15 Ac tua lTe sts . Transport D." . Any Time. magnetic media sorting C.www. ActiveX B.CompTIA SY0-101: Practice Exam Answer: D Explanation: NO XPLANATION. Cookies Answer: A Explanation: NO XPLANATION. QUESTION NO: 40 SSL operates at which layer? A. Data link B.actualtests. QUESTION NO: 41 An important component of a good data retention policy is: A. QUESTION NO: 39 A web page becomes unresponsive whenever the embedded calendar control is used.

com 16 Ac A person walks up to a group of people who have physical access to a network operations room. C. the more time a hacker's have to seek vulnerabilities. and the instant they realize that there's a security breach they assign a team on it to develop a security patch. Use packet sniffing software on all inbound communications D. QUESTION NO: 43 A. Block all Domain Name Service (DNS) requests coming into the server." . Walk behind B.co m Answer: D . this person walks into the room behind the group without providing credentials to gain access.CompTIA SY0-101: Practice Exam D. an administrator should adopt which of the following preventative measures? A. Enable auditing on the web server and periodically review the audit logs B. sts . Social engineering Answer: C QUESTION NO: 44 Which of the following connectivity is required for a web server that is hosting an SSL based web site? "Pass Any Exam. backup software licensing Answer: A QUESTION NO: 42 To reduce vulnerabilities on a web server. Since the older an operating system is. Apply the most recent manufacturer updates and patches to the server. Shoulder surfing C. A simple security patch that takes a couple of minutes to download and install is the difference between having a secure network and having a system made completely useless by a worm.www. Any Time.actualtests. Or when they make new software release (Linux kernels seam to be updated every other day) they try to fix all known vulnerabilities. Tailgating D. Which of the following would BEST describe this activity? tua lTe Explanation: Operating system manufacturers pride themselves in having a secure system. As some of the group enters the room.

www. Single certificate authority (CA) B.co m . Any Time. Hoaxes can create as much damage as a real virus.CompTIA SY0-101: Practice Exam A. Port 80 inbound C. Hoaxes can help educate users about a virus.actualtests. Port 80 outbound Answer: C QUESTION NO: 45 Which of the following trust models would allow each user to create and sign certificates for the people they know? A.com 17 Ac A." . Hierarchical D. Hoaxes are harmless pranks and should be ignored. Port 443 outbound B. Hoaxes also often instruct the user to delete files on their computer that may cause their computer or a program to quit functioning. sts . Hoaxes carry a malicious payload and can be destructive. B. Port 443 inbound D. Which of the following should the company implement? "Pass Any Exam. Web-of-trust Answer: D QUESTION NO: 46 Answer: A Explanation: Hoaxes do have the possibility of causing as much damage as viruses. separation of duties. Many hoaxes instruct the recipient to forward the message to everyone that they know and thus causes network congestion and heavy e-mail activity. tua lTe On the topic of comparing viruses and hoaxes. which statement is TRUE? Choose the best TRUE statement. QUESTION NO: 47 A company conducts sensitive research and development and wants a strict environment for enforcing the principles of need to know. C. D. and least privilege. Browser trust-list C.

Single sign on D. but it increases the risk of unauthorized disclosure of information. Mandatory Access Control (MAC) method Answer: B QUESTION NO: 49 Audit log information can BEST be protected by: (Select TWO). Mandatory Access Control (MAC) B. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. an IDS Answer: B. E." . network users have some flexibility regarding how information is accessed. Security+ Study Guide . All of the above D.CompTIA SY0-101: Practice Exam A. a firewall that creates an enclave B. p 440 tua lTe Explanation: In a DAC model. A.actualtests. 2nd Edition. Alameda . 2004. Role-Based Access Control (RBAC) method. recording to write-once media. The process allows a more flexible environment. This model allows users to dynamically share information with other users. Any Time. access controls that restrict usage C. an intrusion prevention system (IPS) F.com 18 Ac Reference: Mike Pastore and Emmett Dulaney . Discretionary Access Control (DAC) C. sts . Sybex . B. Single factor authentication Answer: A QUESTION NO: 48 Which access control method allowsusers to have some level of flexibility on how information is accessed. Discretionary Access Control (DAC) method C.D "Pass Any Exam.www. using a VPN D. but at the expense of increasing the risk of unauthorized disclosure of information? A.co m .

Input validation C.com Ac Which of the following programming techniques should be used to prevent buffer overflow attacks? tua lTe sts . Automatic updates B. a Trojan horse B. Users are tricked into changing the system configuration. A. The email server capacity is consumed by message traffic.CompTIA SY0-101: Practice Exam QUESTION NO: 50 Which of the following would be considered a detrimental effect of a virus hoax? (Select TWO).actualtests.www. Signed applets Answer: B QUESTION NO: 53 Pretty good privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. Nested loops D. B. The model with no single trusted root is known as: "Pass Any Exam. Users are at risk for identity theft. a logic bomb C. C. Technical support resources are consumed by increased user calls." .co m 19 . Any Time. Answer: A. a worm D. D.B QUESTION NO: 51 Malicious code that enters a computer by means of a freely distributed game that is intentionally installed and played is known as: A. an email attachment. Answer: A QUESTION NO: 52 A.

com Ac Reference: Mike Pastore and Emmett Dulaney . The person connects a packet sniffer to the network switch in the wiring closet and hides the sniffer behind the switch against a wall. A.co m 20 . D." . 2004. Alameda . enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. peer-to-peer. Security+ Study Guide . hybrid B. The system administrator establishes these parameters and associates them with an account.www. p 11 tua The MAC model is a static model that uses a predefined set of access privileges to files on the system. All objects are given security labels known as sensitivity labels and are classified accordingly. DACs (Discretionary Access Control) method Answer: B QUESTION NO: 55 A person pretends to be a telecommunications repair technician. RBACs (Role Based Access Control) method D. The MAC model can be very restrictive. Any Time. social engineering B. sts . Sybex . lTe Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. a man in the middle attack "Pass Any Exam. C. This is an example of: A. downlevel.CompTIA SY0-101: Practice Exam A. Then all users are given specific security clearances as to what they are allowed to access. files or resources. LBACs (List Based Access Control) method B. hierarchical Answer: B QUESTION NO: 54 Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item. MACs (Mandatory Access Control) method C.actualtests. 2nd Edition.

CompTIA SY0-101: Practice Exam C. C. E. Which of the following would allow an administrator to find weak passwords on the network? A." . stores a shared key for each network resource and uses a Key Distribution Center (KDC)? A. A networkmapper C. a vulnerability scan D. TACACS+ D. A locked. windowless building D. A company with a dedicated information technology (IT) security staff. PKI Answer: B "Pass Any Exam.co Answer: A. Kerberos C. Any Time. B. A rainbow table B. RADIUS B. A. A hash function D. A public building that has shared office space.D m 21 . A company with a help desk whose personnel have minimal training.com Ac tua lTe sts QUESTION NO: 57 .www. a penetration test Answer: A QUESTION NO: 56 Social engineering attacks would be MOST effective in which of the following environments? (Select TWO). A military facility with computer equipment containing biometrics.actualtests. A password generator Answer: A QUESTION NO: 58 Which of the following network authentication protocols uses symmetric key cryptography.

Any Time.www. Determine the business impact. so not only can the authentication be assured. Contain the problem. Cryptographic keys B. tua lTe A.actualtests. That challenge can also include a hash of transmitted data.co m 22 . has an authentication server that generates a challenge (a large number or string) which is encrypted with the private key of the token device and has that token device's public key so it can verify authenticity of the request (which is independent from the time factor). Bell La-Padula B. Answer: C QUESTION NO: 61 A system administrator reports that an unauthorized user has accessed the network. C. Contact law enforcement officials. BIBA C.com Ac Explanation: The word lattice is used to describe the upper and lower level bounds of a user' access permission. Notify management. Which of the following would be the FIRST action to take? A. "Pass Any Exam. D. Asynchronous password generator Answer: C Explanation: An synchronous password generator. Clark and Wilson sts . B. Synchronous password generator D. Smart cards C. QUESTION NO: 60 Choose the terminology or concept which best describes a (Mandatory Access Control) model.CompTIA SY0-101: Practice Exam QUESTION NO: 59 Choose the password generator that uses a challenge-response method for authentication." . A. Lattice D. but also the data integrity.

Teardrop C. Any Time.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 62 One of the below attacks focus on the cracking of passwords.com Ac tua A. some do not. one system in five yielded to a particular dictionary attack." . In one case. Dictionary B. Log off the user lTe Which of the following should be done if an audit recording fails in an information system? sts . 25 B. A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. 443 Answer: D "Pass Any Exam.www. QUESTION NO: 63 Answer: B QUESTION NO: 64 The MOST common Certificate Server port required for secure web page access is port: A. Spamming D. Stop generating audit records D. Although most systems resist such attacks. Overwrite the oldest audit records B. SMURF Answer: A Explanation: Dictionaries may be used in a cracking program to determine passwords.actualtests. 446 D. Send an alert to the appropriate personnel C.co m 23 . 80 C. which one is it? A.

Which of the following wireless security protocols could be used? (Select TWO).C QUESTION NO: 66 Which of the following would be an advantage for using PKI over a key server system? A. B.com 24 Ac tua QUESTION NO: 67 lTe Answer: C sts . Any Time. D.D QUESTION NO: 68 In addition to bribery and forgery. PKI is less complex to deploy. SSH Answer: B. IPX C. The key server is superior in large systems. WEP Answer: C. PPTP E.CompTIA SY0-101: Practice Exam QUESTION NO: 65 IPSec uses which of the following protocols to provide traffic security? (Select TWO).co m . A. C.actualtests.www. The root certificate authority key can be stored offline. WPA D. L2TP B. AH C." . A small manufacturing company wants to deploy secure wireless on their network. Encapsulating Security Protocol (ESP) D. which of the following are the MOST common techniques that attackers use to socially engineer people? (Select TWO) A. WAN B. Phreaking "Pass Any Exam. SSL F. A. Certificate authority revocation is easy to implement.

Remote access lTe Which of the following would be an example of a high-availability disk technology? sts . Implementing a host based intrusion detection system C. Non-repudiation Answer: D QUESTION NO: 70 Answer: C QUESTION NO: 71 . Asymmetric cryptography C. Implementing a host based intrusion prevention system "Pass Any Exam. Clustering B.com Ac tua A.CompTIA SY0-101: Practice Exam B. Dumpster diving D. Load balancing C. Flattery E. Changing the user rights and security groups B.A technician is auditing the security posture of an organization. Any Time.E QUESTION NO: 69 Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received? A.actualtests. Whois search C. Which of the following should the technician recommend to address this problem? A." . RAID D.co m 25 . Changing file level audit settings D. The audit shows that many of the users have the ability to access the company's accounting information. Anti-aliasing D. Data integrity B.www. Assuming a position of authority Answer: D.

D. B. the answer would be D. Sybex . The compiler or interpreter which runs the CGI script. Reference: Mike Pastore and Emmett Dulaney . 2004. p 136 QUESTION NO: 74 Choose the compoenent that you would locate in the DMZ (Demilitarized Zone). C. Although the answer is not given in the paragraph from the book. The external data provided by the user." . Botnet C.co Which scenario or element would typically cause a CGI (Common Gateway Interface) security issue? m . The CGI script ran on the web server. The web browser. Adware B. SQL (Structured Query Language) server "Pass Any Exam. CGI is frowned upon in new applications because of its security issues.www. Phishing D. Security+ Study Guide .com 26 Ac tua lTe A. and it interacted with the client browser.CompTIA SY0-101: Practice Exam Answer: A QUESTION NO: 72 Which of the following is commonly used in a distributed denial of service (DDOS) attack? A. A. Trojan Answer: B QUESTION NO: 73 Answer: A Explanation: Common Gateway Interface is an older form of scripting that was used extensively in early web systems. CGI scripts could be used to capture data from a user using simple forms. Alameda . The HTTP (Hypertext Transfer Protocol) protocol. Any Time. 2nd Edition.actualtests. but it still widely used in older systems. sts .

User workstations C." . which is invisible to hostbased IDS systems. 2004. A network based IDS system can see packet header information. A FTP server can be used by people from outside of your network and should be placed in the DMZ. By isolating a server in a DMZ. Customer account database Answer: C Explanation: A DMZ is an area where you can place a public server for access by people you might not trust otherwise.co m . Answer: B Explanation: In a passive system. FTP (File Transfer Protocol) server D. Security+ Study Guide . A network based IDS system can detect attacks in progress. logs the information and signals an alert. based on where it is located. the IDS detects a potential security breach. A network based IDS system can monitor and report on all network traffic. p 26 QUESTION NO: 75 Of the intrusion detection capabilities listed below.com 27 Ac tua lTe sts . A network based IDS system can detect dial-in intrusions and attempts to physically access the server. Reference: Mike Pastore and Emmett Dulaney . which is FALSE for a network based IDS system? A. C. Any Time. 2nd Edition. attack patterns within the network and malicious activities. "Pass Any Exam.www. you can hide or remove access to other areas of your network.CompTIA SY0-101: Practice Exam B. Alameda . In a reactive system.actualtests. QUESTION NO: 76 A security specialist is called to an onsite vacant office where an employee has found an unauthorized wireless access device connected to an RJ-45 jack linked to the corporate LAN. B. Sybex . the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source. D.

Man in the middle attacks. it is unlawful to use technology to directly control people's emotions and behaviors. posters. Dictionary attacks. Network address translation (NAT) D. Answer: D QUESTION NO: 77 Which of the following types of firewalls provides inspection at layer 7 of the OSI model? A.actualtests. Answer: B Explanation: Because of human rights laws.co m 28 . Application-proxy Answer: D QUESTION NO: 78 Choose the attack or malicious code that cannot be prevented or deterred solely through using technical measures. A. Any Time.CompTIA SY0-101: Practice Exam Which of the following actions should the administrator take FIRST? A.www. Install a sniffer. Social engineering. For this reason social engineering attacks cannot be deterred through technical means. C. D. Disconnect the network cable.com Ac tua lTe sts . Turn off the power. newsletters. B. DoS (Denial of Service) attacks." . B. Call the police. D. Packet filters B. Stateful inspection C. login banners and e-mails would be good tools to utilize in a security: "Pass Any Exam. QUESTION NO: 79 Company intranet. C.

hub D. Sensitivity labels "Pass Any Exam.CompTIA SY0-101: Practice Exam A. packet sniffer D. awareness program B. This may be happening because the sensor is connected to the network with a: A. router Answer: A QUESTION NO: 81 A software or hardware device that allows only authorized network traffic in or out of a computer or network is called a: A." . policy review Answer: A Explanation: Advertisement techniques are used to bring product awareness to a consumer. bridge C.www. firewall Answer: D QUESTION NO: 82 Which of the following access decisions are based on a Mandatory Access Control (MAC) environment? A. control test C. switch B. QUESTION NO: 80 An IDS sensor on a network is not capturing all the network data traffic. likewise advertising techniques can also be used to bring awareness to security programs.com Ac tua lTe sts .co m 29 . Any Time. anti-virus program C. investigation D.actualtests. honeypot B.

com 30 Ac tua lTe sts . create a folder for each department. Enroll users in a biometric authentication system.actualtests. B. and grant rights and privileges based on groups. Access control lists Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. Identify roles and objects to be accessed. Answer: B QUESTION NO: 84 The concept that a web script is run in its own environment and cannot interfere with any other process is known as a: A. C. deploy biometric hardware to the client computers. meet with the departments and direct them to access their departmental folder. sandbox B. Group membership D. quarantine Answer: A QUESTION NO: 85 Choose the malicious code which can distribute itself without using having to attach to a host file. Create a list of departments. "Pass Any Exam. Then all users are given specific security clearances as to what they are allowed to access.CompTIA SY0-101: Practice Exam B. create groups. honey pot D.www. Ownership C.co m . and grant rights and privileges. Create a certificate authority. VLAN C." . assign rights and privileges based on individual certificates. Any Time. issue certificates to each user. D. All objects are given security labels known as sensitivity labels and are classified accordingly. QUESTION NO: 83 Which of the following is a best practice for managing user rights and privileges? A.

actualtests. The sales department has requested that the system become operational before a security review can be completed." . nmap C. Any Time. Risk assessment C. A Trojan horse. A logic bomb. netcat D. Soda acid B. a forensics specialist executes a command on the computer being investigated. A virus.www. Which of the following can be used to explain the reasons a security review must be completed? A. Carbon dioxide (CO2) D. Which of the following commands would be used to display the current network connections on the local computer? A. Water Answer: C QUESTION NO: 88 A computer system containing personal identification information is being implemented by a company's sales department. IPCONFIG / IFCONFIG Answer: A QUESTION NO: 87 Which of the following is a suppression method for a Class C fire? A.CompTIA SY0-101: Practice Exam A.co m . Dry powder C. Answer: C QUESTION NO: 86 During a live response to an unauthorized access. B.com 31 Ac tua lTe sts . D. NETSTAT B. C. Corporate security policy "Pass Any Exam. A worm. Need to know policy B.

CompTIA SY0-101: Practice Exam D. Badge security system B. D. Escorting of guests "Pass Any Exam. Create and enforce ACLs (Access Control List)." . .com employees misusing your ORG. It asks what action will discourage the employees. Vulnerability assessment Answer: C QUESTION NO: 89 The first step in risk identification would be to identify: A. assets Answer: D How will you accomplish the task? Answer: C Explanation: The question doesn't ask what method can be used to best secure the emails. costs C. lTe sts You work as the security administrator. Any Time.www. You want to reduce the likelihood of certpaper. Encrypt all company e-mail messages.co QUESTION NO: 90 m 32 . or what will best prevent the transmission of nonessential email. B. QUESTION NO: 91 Which of the following is the MOST effective social engineering defensive strategy? A. Implement a strong authentication method.actualtests. threats B. Create and enforce network security policy. so the correct answer is to create a network security policy that defines what kind of email use constitutes the term misuse.com Ac tua A. e-mail. C. vulnerabilities D.

Training and awareness D. D. 2nd Edition. Security+ Study Guide . human resources personnel having slightly less access and managers having access to their own department files only. A." . Mandatory Access Control (MAC) Answer: B QUESTION NO: 94 "Pass Any Exam. 2004. Alameda .com Ac tua lTe Reference: Mike Pastore and Emmett Dulaney . Marking of documents Answer: C QUESTION NO: 92 From the list below. Smurf attack Answer: C QUESTION NO: 93 An organization has a hierarchical-based concept of privilege management with administrators having full access.actualtests. This situation can cause an application to terminate. Role Based Access Control (RBAC) C. This is BEST described as: A. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Discretionary Access Control (DAC).www.co m 33 . choose the exploit that can be considered a DoS attack because more traffic than what the node can handle is flooded to that node. Rule Based Access Control (RBAC). Sybex . B.CompTIA SY0-101: Practice Exam C. Buffer overflow D. Ping of death B. Logic bomb C. . Any Time. p 135 sts Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept.

Vulnerability analysis snapshot comparison D. D. The MOST important security issue to address when using instant messaging is that instant messaging: A. Force the change with remote logon. Any Time. uses weak encryption "Pass Any Exam. Host Based Active C." .com Ac tua Which of the following is the MOST efficient way to force a large number of users to change their passwords on logon? lTe sts . Host Based Passive D.actualtests. Patch reports B. A.www. Force the change with group policy B. Network Based Active Answer: A.CompTIA SY0-101: Practice Exam Which of the following types of IDS should be implemented to monitor traffic on a switch? (Select TWO). C. File hashing snapshot comparison C. Network Based Passive B.co m 34 . Force the change by security group. Force the change with registry editor. Answer: A QUESTION NO: 97 The employees at a company are using instant messaging on company networked computers.D QUESTION NO: 95 Which of the following is considered by some HIDS tools to detect system security related anomalies? A. Virus signature reports Answer: B QUESTION NO: 96 A.

Deploy a proxy server Deploy. D.com. communications are open and unprotected Answer: D QUESTION NO: 98 Which of the following is a reason to use a vulnerability scanner? A. They are also hardware based (at the switch and MAC level) Firewalls are used so that external users (outside the organization cannot get in). Deploy a VPN (Virtual Private Network). How will you accomplish the task? sts .CompTIA SY0-101: Practice Exam B. To identify open ports on a system D.www. Deploy firewalls between your subnets. QUESTION NO: 100 "Pass Any Exam. You also want to use the least amount of administrative effort to accomplish your task. Deploy a VLAN (Virtual Local Area Network) Deploy. tua lTe You work as the security administrator at Certpaper.co m 35 . To assist with protocol analyzing Answer: C QUESTION NO: 99 Answer: B Explanation: Implement a VLAN (Virtual Local Area Network) to restrict network access is the best answer. You must ensure that internal access to other parts of the network is controlled and restricted. has no common protocol D.actualtests. VLAN's would restrict access only to their local VLAN. The solution which you implement to restrict network access must be hardware based. To identify remote access policies B. To assist with PKI implementation C. whereas VLAN's are used within an organization to provide security. C. and this would require less administrative overhead than setting up firewalls at each subnet. communications are a drain on bandwidth C. Any Time. B.com Ac A." .

CompTIA SY0-101: Practice Exam Choose the option that correctly details the greatest vulnerability of using Instant Messaging clients. Answer: A Explanation: IM clients can also be compromised by malicious code. Security+ Study Guide . and traditional DoS attacks. 2004. Security Tokens B." . 2nd Edition.com Ac tua lTe sts . A. p 197 QUESTION NO: 101 Which of the following authentication systems make use of the KDC Key Distribution Center? A.actualtests. Kerberos C. B.www. CHAP C. Sybex . C. Results in Blue Screen of Death errors. Reference: Mike Pastore and Emmett Dulaney . Results in disconnection from the file server. Trojan Horse programs. Results in malicious code being delivered by file transfer.co m 36 . Challenge Handshake Authentication Protocol (CHAP) Answer: B "Pass Any Exam. Username/password D. E. Kerberos D. Results in theft of root user credentials. Multifactor B. Any Time. Results in slow Internet connections. Alameda . D. Results in loss of email privileges. Certificates Answer: C QUESTION NO: 102 Which of the following authentication methods is based upon an authentication server that distributes tickets to clients? A. F.

Locally saved passwords management systems C. multiple access methods management systems D. Buffer overflow B. 8 Answer: B QUESTION NO: 104 Answer: A QUESTION NO: 105 Poor programming techniques and lack of code review can lead to which of the following types of attack? A. For a system with many users. tua lTe sts A. then receiving a new temporary password on a pre-specified email address) without having to call the help desk.com Ac Explanation: A self service password reset is a system where if an individual user forgets their password.actualtests. one C. 4 B. 2 D. they can reset it on their own (usually by answering a secret question on a web prompt.CompTIA SY0-101: Practice Exam QUESTION NO: 103 Which of the following is the number of security associations in an IPSec encrypted session for each direction? A. this will significantly reduce the help desk call volume. Birthday Answer: A "Pass Any Exam. Self service password reset management systems B. Common Gateway Interface (CGI) script D. Dictionary C. synchronized passwords management systems ." .co Which password management system best provides for a system with a large number of users? m 37 .www. Any Time.

CompTIA SY0-101: Practice Exam Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. This exploitation is usually a result of a programming error in the development of the software. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 135

QUESTION NO: 106 Most current encryption schemes are based on: A. algorithms B. time stamps C. digital rights management D. randomizing Answer: A

QUESTION NO: 107

A. At the stage when the connection is established. B. At the stage when the connection is established and at whichever time after the connection has been established. C. At the stage when the connection is established and when the connection is disconnected. D. At the stage when the connection is disconnected. Answer: B Explanation: CHAP performs the handshake process when first establishing a connection; and then at random intervals during the transaction session.

QUESTION NO: 108

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer.

lTe

sts

.co

m

38

CompTIA SY0-101: Practice Exam One type of port scan can determine which ports are in a listening state on the network, and can then perform a two way handshake. Which type of port scan can perform this set of actions? A. A TCP (transmission Control Protocol) fin scan B. A TCP (transmission Control Protocol) connect scan C. A TCP (transmission Control Protocol) null scan D. A TCP (transmission Control Protocol) SYN (Synchronize) scan Answer: D Explanation: In SYN scanning, a TCP SYN packet is sent to the port(s) to be scanned. If the port responds with a TCP SYN ACK packet, then the port is listening. If it replies with a TCP RST packet, then it is not.

QUESTION NO: 109

Which of the following would be the MOST important reason to apply updates? A. Software is a productivity facilitator and as new functionality is available the functionality must be enabled. B. Software is inherently insecure and as new vulnerabilities are found the vulnerabilities must be fixed. C. Software is a supported product and vendors won't support the product if the latest version is not installed. D. Software is a licensed product and the license will expire if not updated Answer: B

QUESTION NO: 110

A security specialist for a large distributed network with numerous divisions is selecting an access control model. Employees in the human resource division need access to personnel information but not production data and operations employees need access to production data only. Which of the following access control models would be MOST appropriate? A. Role Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Rule Based Access Control (RBAC) D. Discretionary Access Control (DAC)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

39

CompTIA SY0-101: Practice Exam Answer: A Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

QUESTION NO: 111 You work as the security administrator at Certpaper.com. One morning you discover that a user named Mia Hamm has used her user account to log on to a network server. Mia has then executed a program and been able to perform operations which only a network administrator or security administrator should be able to. What type of attack has occurred? A. Trojan horse. B. Security policy removal. C. Privilege escalation attack. D. Subseven back door. Answer: C

QUESTION NO: 112 A company has instituted a VPN to allow remote users to connect to the office. As time progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? A. IKE B. AES

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 522

tua

Explanation: A user obtaining access to a resource they would not normally be able to access. This is done inadvertently by running a program with SUID (Set User ID) or SGID (Set Group ID) permissions or by temporarily becoming another user.

lTe

sts

.co

m

40

L2F lTe L2TP tunneling replies on which of the following for security? sts . Spoofed e-mail B. Digital signatures B. m Answer: A 41 . C. Cipher block chaining C. A.co Explanation: Spoofed e-mails will not be detected by the IDS." . QUESTION NO: 114 QUESTION NO: 115 Non-repudiation is enforced by which of the following? A. SSH C.actualtests. PKI Answer: A "Pass Any Exam. IPSec B. DoS (Denial of Service) attack. Port scan attack D.www. Any Time. SSL D. choose the attack which an IDS (Intrusion Detection System) cannot detect. 3DES Answer: A QUESTION NO: 113 From the options. Secret keys D. SHA D.CompTIA SY0-101: Practice Exam C. Vulnerability exploits.com Ac Answer: A tua A.

Answer: C Explanation: With a unique user ID you'll have soft evidence on the timing and the action any accessed user accomplishes. Unique user IDs show which files and data were changed. Mandatory Access Control (MAC) B. When a user known that they are being tracked. D.actualtests.com Ac tua QUESTION NO: 118 lTe Answer: A sts A. what makes unique user IDs especially important? A." . Reciprocal agreement C. Kerberos C. C.co m A security system that uses labels to identify objects and requires formal authorization to use is BEST described as: 42 . Cold site B. Any Time. QUESTION NO: 119 "Pass Any Exam. Hot site Answer: D QUESTION NO: 117 When reviewing audit trails. B. Warm site D. they think twice about doing something they shouldn't do.CompTIA SY0-101: Practice Exam QUESTION NO: 116 Which of the following would be the MOST effective backup site for disaster recovery? A. Unique user IDs cannot be modified easily.www. Discretionary Access Control (DAC) . Unique user IDs establishes individual accountability. Role-Based Access Control (RBAC) D. Unique user IDs triggers corrective controls.

peer-to-peer D. Multiple directories can be browsed. Multiple applications can be installed.www. D. which details a specific advantage of implementing a single sign-on technology? A. Any Time. hierarchical B. The model with no single trusted root is known as: A.co m 43 . C. Answer: C Explanation: "Pass Any Exam. Users must log on twice at all times.com Ac tua lTe Explanation: The Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. Alameda . You can configure system wide permissions." . B. hybrid Answer: C QUESTION NO: 120 One of these protocols is used to encrypt traffic passed between a web browser and web server. downlevel C. Sybex . sts . SSL (Secure Sockets Layer) D. 2004. 2nd Edition. Which is it? A. IPSec (Internet Protocol Security) B.actualtests.CompTIA SY0-101: Practice Exam Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. VPN (Virtual Private Network) C. p 365 QUESTION NO: 121 From the options. HTTP (Hypertext Transfer Protocol) Answer: C Reference: Mike Pastore and Emmett Dulaney . Security+ Study Guide .

D. Sybex . review logs for other compromises and report the situation. p 434 QUESTION NO: 122 A credential that has been digitally signed by a trusted authority is known as: A.actualtests. review logs for other compromises and notify the human resources department.com Ac tua lTe sts . the specialist should: A. worm Answer: C QUESTION NO: 124 A security specialist is reviewing writable FTP directories and observes several files that violate the company's security policy. Spy ware D. "Pass Any Exam.www. reboot the affected server. Logic bomb B." . delete the files that violate security policy and report the situation to authorities. Reference: Mike Pastore and Emmett Dulaney . In addition to checking the FTP server. review logs for other compromises and report the situation to authorities.co m 44 . a trust relationship D. Alameda . 2nd Edition. a certificate Answer: D QUESTION NO: 123 Which of the following will allow you to monitor a user??s online activities? A. a trusted packet B. virus C. B. Security+ Study Guide . review logs for other compromises. 2004. contain the affected system. C. an encrypted tunnel C.CompTIA SY0-101: Practice Exam The purpose is so a user can gain access to all of the applications and systems they need when they log on with a single sign-on. Any Time.

2004. Sybex . Reference: Mike Pastore and Emmett Dulaney . B. Birthday attacks C. The Certpaper . This exploitation is usually a result of a programming error in the development of the software. Dictionary attacks lTe From the listing of attack types. This situation can cause an application to terminate.www. Alameda . which exploits poor programming techniques or lack of code review? sts QUESTION NO: 126 . 2nd Edition. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. C. Open TCP (Transmission Control Protocol) port 25 to inbound and outbound connections. Open UDP (User Datagram Protocol) port 110 to inbound connections. p 135 "Pass Any Exam. Open UDP (User Datagram Protocol) port 25 to inbound connections. CGI (Common Gateway Interface) scripts B. Answer: C Explanation: TCP port 25 is reserved for SMTP while port 110 is for POP3.com network must be configured to support e-mail communication using SMTP (Simple Mail Transfer Protocol). Any Time. D. Which ports must you open on the firewall to support SMTP connections? A.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 125 You work as a security administrator at Certpaper .com Ac tua A." .co m 45 . Buffer overflow attacks D. Answer: C Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept.actualtests.com. Open TCP (Transmission Control Protocol) port 110 to inbound and outbound connections. Security+ Study Guide .

Many-to-one mapping Answer: B. Smurf D. XMAS Tree C. Considering the question refers to a user security policy. B. Replay B. D. C. One-to-one mapping C." . Many-to-many mapping B. One-to-many mapping D. This is a tricky question with many close answers. the users and staff need to know the policy. All users. "Pass Any Exam. Fraggle Answer: C You plan to update the user security policy. Any Time.actualtests.www. All security administrators.co m 46 . Answer: B Explanation: There are many policies for companies these days. All staff. but make your best decision. Whom should the new updated user security policy be distributed and made available to? A. I would say D would be the best choice.com Ac tua QUESTION NO: 129 lTe sts . All auditors.CompTIA SY0-101: Practice Exam QUESTION NO: 127 Which of the following are types of certificate-based authentication? (Select TWO) A.D QUESTION NO: 128 Which of the following types of attacks consists of a computer sending PING packets with the destination address set to the network's broadcast address and the source address set to the target computer's IP address? A.

Tunneling is the process of passing information over the Internet within the shortest time frame. Enable auditing and set auditing to record all events. Any Time. QUESTION NO: 131 Answer: C QUESTION NO: 132 Which of the following BEST describes the sequence of steps in the auditing process? A. or underneath a highway.CompTIA SY0-101: Practice Exam QUESTION NO: 130 Which of the following best describes what tunneling is? A. Tunneling is the process of moving through three levels of firewalls. Set auditing on the object and respond as alerts are generated. C. set auditing on objects and review event logs.actualtests. Enable auditing. Enable auditing. They tunnel by placing secure encrypted IP packets into a non-secure IP packet. D. C. Open relays D. B. Answer: D Explanation: Civil engineers build tunnels to allow one direction of traffic flow to be protected against another traffic flow. Tunneling is the process of utilizing the Internet as part of a private secure network. They will build a tunnel under a river. Network engineers use tunneling to protect a data flow from the elements of the internet. Trojan horse programs sts Which of the following would be the MOST common method for attackers to spoof email? . Man in the middle attacks C." . D.co m . Answer: D QUESTION NO: 133 Which of the following are components of host hardening? (Select TWO). Tunneling is the process of creating a tunnel capable of capturing data.www. Web proxy B.com 47 Ac tua lTe A. "Pass Any Exam. set auditing on the object and respond as alerts are generated. B.

Answer: C QUESTION NO: 135 Which of the following types of authentication models uses a smart card and a User ID/Password for accessing network resources? A. AH (Authentication Header). Adding users to the administrator group. p 127 lTe Explanation: IPSec provides secure authentication and encryption of data and headers. Sybex . C. In tunneling mode. D. Mutual D. E. A. D. B. Security+ Study Guide .www.actualtests. Removing a user's access to the user's data. 2004. Any Time. Configuring the Start menu and Desktop B. Multifactor Answer: D "Pass Any Exam.CompTIA SY0-101: Practice Exam A. sts . IPSec can work in tunneling mode or transport mode.C QUESTION NO: 134 From the options. Answer: B. choose the VPN (Virtual Private Network) tunneling protocol. 2nd Edition. Alameda . Transport modes encrypt only the payload." . the data or payload and message headers are encrypted. Disabling unnecessary services. Tokens B.co m 48 . Biometric C.com Ac tua Reference: Mike Pastore and Emmett Dulaney . IPSec (Internet Protocol Security). SSH (Secure Shell). Applying patches C. DES (Data Encryption Standard).

QUESTION NO: 139 When setting password rules. Anomaly based Answer: C QUESTION NO: 137 Which of the following is a port scanning utility? A.co m . All objects are given security labels known as sensitivity labels and are classified accordingly. John the Ripper B.CompTIA SY0-101: Practice Exam QUESTION NO: 136 Which of the following types of IDS uses known patterns to detect malicious activity? A. Then all users are given specific security clearances as to what they are allowed to access. Keyword based C.www.com 49 Ac A. Any Time. Cain & Abel Answer: C QUESTION NO: 138 Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. which of the following are access decisions based on? lTe sts ." . Ownership tua In a mandatory access control (MAC) environment. Sensitivity labels B. Group membership C. which of the following would lower the level of security of a network? "Pass Any Exam.actualtests. L0phtcrack C. Signature based D. Nmap D. Detection based B. Access control lists D.

which of the following inventory system permissions might be BEST aligned with the least privilege principle for the managers? sts .CompTIA SY0-101: Practice Exam A. QUESTION NO: 140 QUESTION NO: 141 What is the BEST process of removing PII data from a disk drive before reuse? A. Full access lTe A clothing store with a single location has one owner.www. Passwords must be greater than six characters and contain at least one non-alpha." . After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account. Sanitization Answer: D "Pass Any Exam. Write rights C.co m 50 . Destruction B. Under this scenario. B. Update rights B. Degaussing D.actualtests. Any Time. Since the user won' be able to reset the password themselves they'll have to make regular trips to help desk for a new password. there's a certain chance that they will forget the password or compromise security by writing down their password on a Post It note on their keyboard. Complex passwords that users can not remotely change are randomly generated by the administrator and given to users Answer: D Explanation: If a user gets a difficult password that they can't remember. D.com Ac Answer: A tua A. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before. Reformatting C. C. the risk of social engineering increases. Read rights D. and with regular disgruntled users getting emotional over passwords. two managers and six cashiers.

CompTIA SY0-101: Practice Exam QUESTION NO: 142 Which of the following is a solution that you can implement to protect against an intercepted password? A. Implement PPTP (Point-to-Point Tunneling Protocol).co m 51 . or be on the verge of expiration within a matter of hours. 49 F. 143 B.com Ac Answer: C tua A. 23 D. Non-repudiation lTe Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with? sts QUESTION NO: 143 . Implement a VPN (Virtual Private Network). effectively making any intercepted password good for only the brief interval of time before the legitimate user happens to login themselves. 194 "Pass Any Exam. 3389 C. Confidentiality C. B. Answer: C Explanation: A one time password is simply a password that has to be changed every time you log on. Integrity D. QUESTION NO: 144 Which of the following ports are typically used by email clients? (Select TWO) A.actualtests. Authentication B. if someone were to intercept a password it would probably already be expired." .www. Any Time. C. 110 E. Implement aone time password. So by chance. Implement complex password requirements. D.

CompTIA SY0-101: Practice Exam Answer: A.D QUESTION NO: 145 A URL for an Internet site begins with 'https:' rather than 'http:'' which is an indication that this web site uses: A. Vulnerability assessment C. PGP C. PKI Answer: A QUESTION NO: 146 Malicious port scanning is a method of attack to determine which of the following? A. Computer name D. the hacker can look up known vulnerabilities and exploits for that particular system.www. Any Time. The fingerprint of the operating system C. Network mapping Answer: C "Pass Any Exam.actualtests. The physical cabling topology of a network B. With knowledge of the operating system.com Ac Explanation: Malicious port scanning is an attempt to find an unused port that the system won't acknowledge. Several programs now can use port scanning for advanced host detection and operating system fingerprinting. Kerberos D. SSL B. tua lTe sts . SQL servers B. User IDs and passwords Answer: B QUESTION NO: 147 Which of the following activities is MOST closely associated with DLL injection? A." .co m 52 . Penetration testing D.

Any Time. Bastion host D. Buffer Overflow C. Demilitarized zone (DMZ) Answer: D QUESTION NO: 149 Answer: D QUESTION NO: 150 Which of the following could result in a DDoS? A. illicit servers D. a CRL "Pass Any Exam. active content (e.CompTIA SY0-101: Practice Exam QUESTION NO: 148 Which of the following portions of a company's network is between the Internet and an internal network? A. Filter router B. IDS C.actualtests. Java Applets) B. Trojan horse programs C. TCP/IP Hijacking B." . Privilege escalation Answer: D QUESTION NO: 151 If a user reports that the user's public/private key has been compromised.g.com Ac tua lTe sts A.co The MOST common exploits of Internet-exposed network services are due to: m 53 . buffer overflows . the CA should issue: A. NIPS D.www.

vulnerability testing. A. creating a security policy C.com Ac tua lTe sts . This is a feature of which of the following access control models? A. Network interface card (NIC) Answer: A. Discretionary Access Control (DAC) B.co m 54 . Mandatory Access Control (MAC) D. an LDAP C.CompTIA SY0-101: Practice Exam B.B QUESTION NO: 154 A user is assigned access rights explicitly. Rule Based Access Control (RBAC) C. a CPS D.www. PCI card D. identifying the use case Answer: B QUESTION NO: 153 Which of the following would be an example of a hardware device where keys can be stored? (Select TWO)." . Role Based Access Control (RBAC) Answer: A "Pass Any Exam. installing software patches B. Any Time. D. a PKCS Answer: A QUESTION NO: 152 The FIRST step in creating a security baseline would be: A.actualtests. PCMCIA card C. Smart card B.

What must you include in the SLA to achieve this objective? A. To allow or deny network traffic from server based systems "Pass Any Exam. To allow or deny network traffic from host based systems D. Hosting B.com Ac tua lTe sts . Security Answer: A Explanation: In the hosting business. To allow or deny specific actions to users or groups C. Baseline security analyzer C. hardware maintenance. software maintenance. Sadly. QUESTION NO: 157 Privileges are used for which of the following purposes? A. hacker attacks.CompTIA SY0-101: Practice Exam QUESTION NO: 155 Which of the following would be BEST for deploying third-party application security updates on a network with 1. and usually offer concessions for times of reduced availability.com. Any Time. You want to ensure the availability of server based resources over guaranteed server performance levels. Application C. sabotage. virus attacks. Enterprise System Management (ESM) B. To allow or deny signature updates to group applications B. You are defining a SLA (Service Level Agreement). every company aims for 100% availability in their service level agreements. war. Vulnerability scanner D.co m 55 . force majeure." . these agreements have exceptions which include: scheduled network maintenance. and past due accounts on your part.www.000 computers? A. Logon script Answer: A QUESTION NO: 156 You work as the security administrator at Certpaper . Network D. labour actions. insurrections.actualtests.

Grounded wiring frame Answer: A Which of the following methods will help to identify when unauthorized access has occurred? A.www. Implement two-factor authentication Answer: B QUESTION NO: 161 Which of the following is a critical element in private key technology? "Pass Any Exam. Any Time. Mantrap D. TEMPEST C. Implement session lock mechanism." . Web D. Implement previous logon notification. Faraday cage B.com Ac QUESTION NO: 160 tua lTe sts .CompTIA SY0-101: Practice Exam Answer: B QUESTION NO: 158 Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data? A. D. Implement session termination mechanism B. DNS B.actualtests.co m 56 . C. FTP C. Email Answer: B QUESTION NO: 159 An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following? A.

QUESTION NO: 164 On a Windows host." . then answer C would seem to be the best answer. which of the following event logs would contain failed logons? A. D. Passwords D. Distributing the key to everyone. Any Time. Keeping the key secret B. DNS log B. C. tua lTe You work as the security administrator at Certpaper . B. The storage and distribution of unlicensed software. The detailed logging information for each user. sts QUESTION NO: 163 .com Ac A. Less server connections and network bandwidth utilization. D.com. Key exchange C. You want to enable anonymous FTP (File Transfer Protocol) read/write access. But if it used to take advantage of the non-secure logon.www.co m 57 . Application log "Pass Any Exam. Using the key to decrypt messages. Digital signatures Answer: B Answer: D Explanation: Anonymous FTP is based on good faith. Choose the important factor which you should consider and be aware of. The upload and download directory for each user. C. Getting the proper key the first time. Tunneling B.actualtests.CompTIA SY0-101: Practice Exam A. Answer: A QUESTION NO: 162 The Diffie-Hellman encryption algorithm relies on which of the following? A.

a Post It note.E." . usually on a notepad. B. Boot sectors. A.E QUESTION NO: 167 Malicious code that enters a target system. System log Answer: C QUESTION NO: 165 Choose the items that an intruder would ignore when going through disposed garbage. Password history C. lays dormant until a user opens the certain program then deletes the contents of attached network drives and removable storage devices is known as a: "Pass Any Exam. Security log D. Password complexity controls B.www. or on their desk ledger. C. F. D. sts . Minimum password age Answer: B. Choose all options that apply. Answer: C. E. or are in a situation where they need multiple passwords they have a tendency of writing their passwords down.F Which of the following settings works BEST to avoid password reuse? (Select TWO). Network diagrams. Any Time.com 58 Ac tua QUESTION NO: 166 lTe Explanation: When people create complex passwords that they can't remember. IP (Internet Protocol) address lists. Account lockout D. Virtual memory.CompTIA SY0-101: Practice Exam C. Process lists. A.co m . Maximum password age E. Old passwords.actualtests.

Role Based Access Control (RBAC) Answer: A Answer: C QUESTION NO: 170 You work as the security administrator at Certpaper .com network must be configured to allow LDAP (Lightweight Directory Access Protocol) traffic. Rule Based Access Control (RBAC) C. honeypot C. worm Answer: C QUESTION NO: 168 A Windows file server is an example of which of the following types of models? A.www.com Ac tua A." . a man-in-the-middle attack C.com. logic bomb D. Which ports must you open on the firewall to allow LDAP traffic? A. Any Time.CompTIA SY0-101: Practice Exam A. Open ports 137 and 139 "Pass Any Exam. social engineering D.co m 59 . The Certpaper . Trojan horse B. Open ports 389 and 636 C.actualtests. Mandatory Access Control (MAC) D. Open ports 636 and 137 D. Open ports 389 and 139 B. a Trojan horse B. a phishing attack lTe Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as: sts QUESTION NO: 169 . Discretionary Access Control (DAC) B.

a user should: "Pass Any Exam. In practice.co Answer: C m 60 . a laptop with a wireless Ethernet card) and an access point ( ie .html QUESTION NO: 172 To keep an 802. no commercial system we are aware of has mechanisms to support such techniques.com wireless network environment uses WEP (Wired Equivalent Privacy) to provide wireless security. AllCertpaper . a base station).com users that have the correct WEP (Wired Equivalent Privacy) key. The standard does not discuss how the shared key is established.actualtests. More sophisticated key management techniques can be used to help defend from the attacks we describe. B. but it is frequently considered to be a feature of WEP.berkeley. Any Time.CompTIA SY0-101: Practice Exam Answer: B Explanation: The 'well known' LDAP ports are 389 for LDAP and 636 for LDAP SSL.isaac. Choose the entity or entities that can authenticate to an access point.edu/isaac/wep-faq. and an integrity check is used to ensure that packets are not modified in transit. this function is not an explicit goal in the 802. OnlyCertpaper . D. The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping. sts . however. A.cs.11 standard describes the communication that occurs in wireless local area networks (LANs).com users. The secret key is used to encrypt packets before they are transmitted. C." . most installations use a single key that is shared between all mobile stations and access points. Administrators only. A secondary function of WEP is to prevent unauthorized access to a wireless network. Anyone WEP relies on a secret key that is shared between a mobile station ( eg . QUESTION NO: 171 The Certpaper .11 standard.11x network from being automatically discovered.www. Reference: http://www.com Ac tua lTe Explanation: The 802.

Which of the following is the problem? A. Port scanner D.com 61 Ac tua lTe sts . This would be an example of: A. C. phishing D.CompTIA SY0-101: Practice Exam A. Identification "Pass Any Exam. activate the SSID password B. hijacking C. The email contains a link and when the user accesses the link. Allocation B. Vulnerability scanner C." . Password cracker B.actualtests. the URL that appears in the browser does not match the link.www. change the SSID name.co m . Protocol analyzer Answer: D QUESTION NO: 175 A user logs in with a domain account and is denied access to a specific file which the user should have access to. Any Time. leave the SSID default. redirecting B. Authentication C. turn off the SSID broadcast. Answer: D QUESTION NO: 173 A user receives an email asking the user to reset the online banking username and password. spoofing Answer: C QUESTION NO: 174 Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text? A. D. The server is not able to verify the identity of the user.

CompTIA SY0-101: Practice Exam D. and bandwidth capability creating a security mechanism is a difficult task. Which is it? Choose all that apply. Wireless network interface card. WAP (Wireless Application Protocol) gateway B." . Selection of cryptographic keys. Identify the protocol (steps) that allow for the following: 1. access control Answer: D QUESTION NO: 178 SSL (Secure Socket Layer) establishes a stateful connection negotiated by a process performed between client and server. MAC (Mandatory Access Control) and encryption algorithm negotiation. Wireless client. D. . Client and server authentication. 3. E. concurrent session control B. WTLS is the method security for WAP (Wireless Application Protocol) and it provides transport layer security directly between a wireless device and the WAP gateway. A. This is an example of: A. Web server.co m .E QUESTION NO: 177 A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties. Any Time.actualtests. separation of duties C. Answer: A.com 62 Ac tua lTe sts Explanation: Since most wireless devices are low in: memory. processing power. least privilege D. C. 2.www. "Pass Any Exam. Mobile device. Authorization Answer: B QUESTION NO: 176 WTLS (Wireless Transport Layer Security) provides security services between network devices or mechanisms.

Sybex . C. Access control lists B. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system.actualtests. Any Time. SSL (Secure Sockets Layer) alert protocol.CompTIA SY0-101: Practice Exam A. D. Buffer Overflows. C. CGI. Alameda . 2nd Edition. B. D." . Security+ Study Guide . p 135 QUESTION NO: 180 Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications? A. 2004. tua lTe sts . This situation can cause an application to terminate. SSL (Secure Sockets Layer) handshake protocol.com 63 Ac Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept.co m . Cookies. Answer: C Reference: Mike Pastore and Emmett Dulaney . SSL (Secure Sockets Layer) change cipher spec protocol. Constrained user interfaces "Pass Any Exam.www. Answer: C Explanation: SSL Handshake Protocol * runs before any application data is transmitted * provides mutual authentication * establishes secret encryption keys * establishes secret MAC keys QUESTION NO: 179 Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept? A. SSL (Secure Sockets Layer) record protocol. SMTP Relay B.

A third party mail relay restricts spammers from gaining access. AV server logs C. Answer: C Explanation: Using a third party email relay can put you in an advantage of getting unnecessary spam. Spammers can utilize the third party mail relay. B. Worms are a form of malicious code while Trojan horses are not. Which of the following could BEST be used to confirm the administrator's suspicions? A. D. Worms self replicate while Trojan horses do not.co m 64 .actualtests." . B. Firewall logs Answer: D Choose the primary disadvantage of using a third party mail relay. HIDS logs D. C.com Ac tua lTe sts QUESTION NO: 182 . QUESTION NO: 183 Choose the statement that best details the difference between a worm and a Trojan horse? A. Single sign-on D.www. Encryption protocol Answer: C QUESTION NO: 181 An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. "Pass Any Exam.CompTIA SY0-101: Practice Exam C. A. and the message will appear to be legitimate coming from the email server. and it makes it much more difficult to trace the spammer. A third party mail relay limits access to specific users. Anyone on the internet can relay an unsolicited email through an SMTP server. Proxy logs B. Any Time. A third party mail relay restricts the types of e-mail that maybe sent.

WEP makes a wireless LAN link as secure as a wired link. Any Time. WAP (Wireless Application Protocol) B." . 2004. Data privacy 2. Data integrity 3. Authentication Which solution should you implement? sts . WSET (Wireless Secure Electronic Transaction) D. They do not reproduce or self replicate. Not A: WEP is one of the most popular features available for a Wireless LAN.com 65 Ac Answer: B tua A. You want to implement a solution which will provide the following for handled devices in your wireless network: 1. Answer: A Explanation: A worm is different from a virus. WEP (Wired Equivalent Privacy) lTe You work as the security administrator at Certpaper . 85 QUESTION NO: 184 Explanation: Short for Wireless Transport Layer Security. Worms are distributed through e-mail messages while Trojan horses do not. providing privacy. 2nd Edition. Security+ Study Guide . data integrity and authentication for WAP services.www.actualtests. It is used to encrypt and decrypt data signals transmitted between Wireless LAN devices. pp 83. D. There is no difference between a worm and a Trojan horse. In essence.CompTIA SY0-101: Practice Exam C. Worms reproduce themselves. WTLS is the security layer of the WAP. Alameda . The Trojan horse program may be installed as part of an installation process.co m . WTLS (Wireless Transport Layer Security) C. are self-contained and do not need a host application to be transported. QUESTION NO: 185 One type of network attack sends two different messages that use the same hash function to generate the same message digest. Which network attack does this? "Pass Any Exam.com. Reference: Mike Pastore and Emmett Dulaney . Sybex .

Birthday attack. the probability of 2 of them having the same birthday is greater the 50%.CompTIA SY0-101: Practice Exam A. Answer: A Explanation: A birthday attack is based on the principle that amongst 23 people. Answer: C Explanation: Microsoft Exchange Server 5.com 66 Ac tua lTe sts A. Any Time. Can create a virus that infects the computers of users. Man in the middle attack.0 & 5. Brute force attack. QUESTION NO: 186 Answer: B QUESTION NO: 187 A malformed MIME (Multipurpose Internet Mail Extensions) header can have a negative impact on the system. A. QUESTION NO: 188 "Pass Any Exam. which will enable attackers to access the internal network.actualtests.5 had a vulnerability that made it suspect to crashes following a malformed MIME header. Ciphertext only attack. D. D. they'll come up with some common denominators. Choose the option that correctly details this. Can result in an e-mail server crashing." . Can result in the unauthorized disclosure of private information. AES C. 3DES B. Diffie-Hellman D. By that rational if an attacker examines the hashes of an entire organizations passwords.www. Can lead to the creation of a back door. B.co m Which of the following provides the MOST secure form of encryption? . C. DES . C. Patches have since been released. B.

address on the same subnet. B. user awareness. Any Time. D. Common operating system. a specific element has to exist. Network firewall C. asset identification Answer: B "Pass Any Exam. Router with firewall rule set lTe sts A remote user has a laptop computer and wants to connect to a wireless network in a hotel. Address on the same subnet.CompTIA SY0-101: Practice Exam For a SSL (Secure Sockets Layer) connection to be automatically established between a web client and server. Privacy screen D.co m 67 . QUESTION NO: 189 Answer: A QUESTION NO: 190 The process of documenting who applied a patch to a specific firewall at a specific time and what the patch is supposed to accomplish is known as: A. Answer: B Explanation: For an SSL connection to compete. Which is it? A. D. logs and inventories B. the web client and server should have a trusted certificate to confirm authenticity." . Personal firewall B.actualtests. change control management C. A shared password.www. Certificate signed by a trusted root CA (Certificate Authority).com Ac tua A. Shared password. and a common operating system are ludicrous answers because they defy the reason why SSL exists. C. Which of the following should be implemented to protect the laptop computer when connecting to the hotel network? .

Any Time. "Pass Any Exam. B. storage and recovery.com 68 Ac tua lTe A. integrity and non-repudiation.co m . C. Accessibility C. Not B: A false positive is when legitimate traffic is picked up as an intruder. A. False alarm Answer: A Explanation: False intrusion is a false alarm.www. when there is no need of any alarm. Non-repudiation sts Audit logs must contain which of the following characteristics? .CompTIA SY0-101: Practice Exam QUESTION NO: 191 Choose the terminology used to refer to the situation when authorized access is perceived as an intrusion or network attack. QUESTION NO: 192 Answer: D QUESTION NO: 193 A digital signature is used for: A. Confidentiality D. Answer: D QUESTION NO: 194 Choose the mechanism that is NOT a valid access control mechanism. Authorization B.actualtests. confidentiality and encryption. D. access control and trusts. False negative D. False positive C. False intrusion B." .

SAC (Subjective Access Control) list. p 235 tua lTe Explanation: Access control lists enable devices in your network to ignore requests from specified users or systems. 2nd Edition. MAC (Mandatory Access Control) list. SYN flood Answer: B "Pass Any Exam.co m 69 . Answer: A Explanation: There is no such thing as a SAC (Subjective Access Control) list. DDoS C. Security+ Study Guide . Brute force D. C. DAC (Discretionary Access Control) list. RBAC (Role Based Access Control) list. D. Profiles B." . ACLs allow a stronger set of access controls to be established in your network.com Ac Reference: Mike Pastore and Emmett Dulaney . or grant certain network capabilities to them.actualtests.CompTIA SY0-101: Practice Exam A. XMAS tree scan B. 2004. sts . Capabilities C. Permission bits Answer: C QUESTION NO: 196 Which of the following types of attacks is targeting a web server if thousands of computers are simultaneously sending hundreds of FIN packets with spoofed source IP addresses? A.www. Any Time. Access control lists D. Sybex . QUESTION NO: 195 Choose the access control method which provides the most granular access to protected objects? A. B. The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats. Alameda .

CompTIA SY0-101: Practice Exam

QUESTION NO: 197 Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network? A. The attacking computer's audit logs B. The firewall's logs C. The domain controller's logs. D. The target computer's audit logs. Answer: D

QUESTION NO: 198

Answer: A

QUESTION NO: 199

Which of the following is used by anti-virus software to detect viruses that have not been previously identified? A. Zero-day algorithm B. Quarantining C. Random scanning D. Heuristic analysis Answer: D

QUESTION NO: 200 From the options, which explains the general standpoint behind a DMZ (Demilitarized Zone)?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Buffer overflow B. Brute force C. Denial of service (DoS) D. Syntax error

sts

.co

Which of the following describes a server or application that is accepting more input than the server or application is expecting?

m

70

CompTIA SY0-101: Practice Exam A. All systems on the DMZ can be compromised because the DMZ can be accessed from the Internet. B. Only those systems on the DMZ that can be accessed from the Internet can be compromised. C. No systems on the DMZ can be compromised because the DMZ is completely secure and cannot be accessed from the Internet. D. No systems on the DMZ can be compromised because the DMZ cannot be accessed from the Internet. Answer: A

QUESTION NO: 201 Which of the following describes an attacker encouraging a person to perform an action in order to be successful? A. Social engineering B. Password guessing C. Back door D. Man-in-the-middle Answer: A

QUESTION NO: 202

A. Provide the FTP server's address to only those users that must access it. B. Allow blind authentication. C. Do not allow anonymous authentication. D. Redirect FTP to a different port. Answer: C Explanation: Early FTP servers did not offer security. Security was based on the honor system. Most logons to an FTP site used the anonymous logon. By convention, the logon ID was the user's email address, and the password was anonymous. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 137 "Pass Any Exam. Any Time." - www.actualtests.com 71

Ac

tua

You work as the security administrator at Certpaper .com. You must secure the FTP (File Transfer Protocol) server by allowing only authorized users access to it. How will you accomplish this task?

lTe

sts

.co

m

CompTIA SY0-101: Practice Exam

QUESTION NO: 203 Choose the protocol used by a web server to encrypt data. A. ActiveX B. TCP/IP (Transmission Control Protocol/Internet Protocol) C. SSL (Secure Sockets Layer) D. IPSec (Internet Protocol Security) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.

QUESTION NO: 204

A. Role Based Access Control (RBAC) B. Discretionary Access Control (DAC) C. Rule Based Access Control (RBAC) D. Mandatory Access Control (MAC) Answer: D

QUESTION NO: 205 One of the following options details the main advantage of why you should choose to use SSL (Secure Sockets Layer) over using HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer). Which is it? "Pass Any Exam. Any Time." - www.actualtests.com 72

Ac

Which of the following access control models uses subject and object labels?

tua

lTe

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 365

sts

.co

m

3389 D. D. which of the following will allow this? A. 636 . C. Answer: A Explanation: SSL on its own works at the session layer (layer 5) so it has more versatility in protocols that it supports. QUESTION NO: 206 Answer: C QUESTION NO: 207 A technician wants to be able to add new users to a few key groups by default.com Ac tua lTe sts A. whereas HTTPS does not. for instance FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol).www. B. Inheritance B. Any Time. SSL provides full application security for HTTP whereas HTTPS does not.actualtests. SSL supports user authentication whereas HTTPS does not. SSL supports additional Application layer protocols. 8080 C.co m Which ports need to be open to allow a user to login remotely onto a workstation? 73 . Denial of Service (DoS) B. Auto-population Answer: A QUESTION NO: 208 All of the following types of attacks can be detected by an IDS EXCEPT: A. Template C. SSL and HTTPS are transparent to the application." .CompTIA SY0-101: Practice Exam A. 53 B. Default pairing D. spoofed e-mail "Pass Any Exam.

D. A map scanner. A. A. C. Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol). B. A port scanner. QUESTION NO: 209 You work as the security administrator at Certpaper . C.C. Answer: D Explanation: Ping confirms a connection by sending and receiving ICMP packets. Prevent members of the organization from entering the server room.CompTIA SY0-101: Practice Exam C. port scan D.B.D . D. Answer: B Explanation: Spoofed e-mails will not be detected by the IDS. Detach the network cable from the server to prevent the hacker from accessing more data. A ping scanner. exploits of bugs or hidden features.com.co m . QUESTION NO: 211 To aid in preventing the execution of malicious code in email clients.actualtests.com 74 Ac tua QUESTION NO: 210 lTe Explanation: Answer : B is correct to stop anyone from corrupting the evidence. B. Shut down the server to prevent the hacker from accessing more data. which of the following should be done by the email administrator? "Pass Any Exam. You have become aware of a hacker accessing confidential company data from over the network. sts Answer: A.www. Any Time." . Which of the following actions should you perform? Choose all correct answers. Prevent members of the incident response team from entering the server room. A share scanner.

Employ additional security staff D. 139 Answer: A QUESTION NO: 214 You work as the security administrator at Certpaper . Remove the contents of the trash can on a regular basis. Protocol analyzer B. B. 88 B.CompTIA SY0-101: Practice Exam A. Security log Answer: C Kerberos uses which of the following ports by default? A.com. Port scanner C. How will you accomplish the task? A. Destroy all paper and other media that are no longer required. C. Networkmapper D." . 23 C.co m 75 .www. Email client features should be disabled B. Answer: A "Pass Any Exam. You want to reduce the current vulnerability from dumpster diving. Any Time. Regular updates should be performed C. 443 D. Spam and anti-virus filters should be used D.actualtests.com Ac tua lTe sts QUESTION NO: 213 . Install expensive surveillance equipment. Preview screens should be disabled Answer: C QUESTION NO: 212 Which of the following would allow a technician to compile a visual view of an infrastructure? A.

the user community informed of threats B.co m Following a disaster. Reference: Mike Pastore and Emmett Dulaney . Any Time. Alameda . 2nd Edition." . law enforcement informed of what is being done Answer: A QUESTION NO: 217 Which of the following is the MOST secure way to implement data encryption between SMTP servers? A. which of the following functions should be returned FIRST from the backup facility to the primary facility? . 2004. Sybex .com 76 Ac tua QUESTION NO: 216 lTe Answer: A sts A. Executive functions D. SSL "Pass Any Exam. PPTP B.actualtests. Most businesses do not do this. sensitive papers are either shredded or burned. Security+ Study Guide . the IT security budget justified D. In high security government environments. Least critical functions B. Most of the information eventually winds up in dumpsters or recycle bins. Systems functions C. These dumpsters may contain information that is highly sensitive in nature. the network bandwidth usage under control C. Companies generate a huge amount of paper in the normal course of events.www.CompTIA SY0-101: Practice Exam Explanation: Dumpster diving is a very common physical access method. Web services . p 51 QUESTION NO: 215 Communication is important to maintaining security because communication keeps: A.

2nd Edition. Reference: Mike Pastore and Emmett Dulaney . Involve someone who routinely monitors network traffic QUESTION NO: 219 Answer: A Explanation: In a DAC model. Choose the option that describes this flaw. . This allows anyone to use an account to access resources.www.CompTIA SY0-101: Practice Exam C. This creates an opportunity for attackers to use your certificates. C. Placing a computer system between the sender and receiver to capture information. network users have some flexibility regarding how information is accessed. The DAC (Discretionary Access Control) model does not have any known security flaws. Alameda . p 440 "Pass Any Exam. C. B." . This creates a security loophole for Trojan horse attacks. The process allows a more flexible environment.co m Answer: B 77 . but it increases the risk of unauthorized disclosure of information. Listening or overhearing parts of a conversation B. Someone looking through your files D. The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources. L2TP Answer: C QUESTION NO: 218 Which of the following definitions would be correct regarding Active Inception? A. Security+ Study Guide . Any Time. This model allows users to dynamically share information with other users. 2004. TLS D. The DAC (Discretionary Access Control) model uses certificates to control access to resources. The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource.com Ac A. Sybex . D.actualtests. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. tua lTe sts The DAC (Discretionary Access Control) model has an inherent flaw.

B. Any Time. It would be wise to backup your data BEFORE. a patch is still very beneficial. Phishing Answer: B. D. C. When you patch an operating system. . Virus B. test the patch on a non-production server then install the patch to production. SPIM E. Adwar C.www. there's always a risk that something can go wrong which can compromise your data and server operation. immediatelydownload and install the patch.co m When a patch is released for a server the administrator should: 78 . lTe sts A. and it would also be wise to test the patch on your least important servers first. installing a patch. Port 161 D. Port 21 Answer: A "Pass Any Exam. Port 53 C. notinstall the patch unless there is a current need. because they are developed the fix known vulnerabilities. Worm D. You must configure the firewall to support TACACS.com Ac tua Explanation: Software patches are good for network security.actualtests.com. Which port(s) should you open on the firewall? A. install the patch and then backup the production server." . Port 49 B.CompTIA SY0-101: Practice Exam QUESTION NO: 220 Which of the following will allow a credit card information theft? (chose TWO) A.E QUESTION NO: 221 Answer: A QUESTION NO: 222 You work as the security administrator at Certpaper . So even if everything's operating normally.

A newsgroup or forum D. Biometrics B. Token Answer: C. A. DNS spoofing D.com Ac tua lTe sts . QUESTION NO: 223 CGI scripts are susceptible to which of the following types of attacks? A. Certificates E.CompTIA SY0-101: Practice Exam Explanation: TACACS uses both TCP and UDP port 49.E QUESTION NO: 226 "Pass Any Exam.co m 79 . Any Time. The manufacturer's website C. Kerberos C.www. SQL injection Answer: A QUESTION NO: 224 Which of the following is the BEST place to obtain a hotfix or patch for an application or system? A. Username/password D." . A CD-ROM Answer: B QUESTION NO: 225 Most key fob based identification systems use which of the following types of authentication mechanisms? (Select TWO).actualtests. Cross site scripting B. An email from the vendor B. Buffer overflows C.

B. Sybex . digital certificates. A. cryptography scheme C. Use the FDISK Command D." .CompTIA SY0-101: Practice Exam Choose the most effective method of preventing computer viruses from spreading throughout the network. Any Time.www. Reference: Mike Pastore and Emmett Dulaney .com Ac tua lTe sts . C. or as a part of another program. D. non-repudiation. Perform multiple bit level overwrites B. and key history management. You should enable scanning of all e-mail attachments. 2nd Edition. You should prevent the execution of .vbs files. infrastructure B. Format the drive C. p 76 QUESTION NO: 227 Which of the following would be the minimally acceptable method of ensuring that a disposed hard drive does not reveal sensitive data? A. You should require root/administrator access to run programs and applications. through e-mail. Delete the files and re-install the operating system Answer: A QUESTION NO: 228 A public key _____________ is a pervasive system whose services are implemented and delivered using public key technologies that include Certificate Authority (CA). You should install a host based IDS (Intrusion Detection System) Answer: C Explanation: Viruses get into your computer in one of three ways. 2004. Security+ Study Guide . distribution authority Answer: A "Pass Any Exam. exchange D.co m 80 . A.actualtests. Alameda . They may enter your computer on a contaminated floppy or CD-ROM.

Deployan IDS Answer: A Explanation: Switches don't send all traffic on the segment to every port so conventional sniffing methods don't work. QUESTION NO: 230 A.actualtests. XML (Extensible Makeup Language) B. Disable promiscuous mode C. When a connection request is made to the server. 2004. The session is secure after this process. "Pass Any Exam. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. S/MIME (Secure Multipurpose Internet Mail Extensions) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method.com Ac Which of the following would be MOST effective in preventing network traffic sniffing? tua lTe Reference: Mike Pastore and Emmett Dulaney . p 365 sts .www. Any Time. Use switches instead of hubs B. which is used to secure web transactions? A. Alameda . Use hubs instead of routers D. 2nd Edition. SSL (Secure Sockets Layer) D. Security+ Study Guide .CompTIA SY0-101: Practice Exam QUESTION NO: 229 From the list of protocols." . Sybex . SMTP (Simple Mail Transfer Protocol) C. the server sends a message back to the client indicating a secure connection is needed.co m 81 .

Alameda . Hardware D. Sandbox. Any Time. Birthday C. Guest. 2nd Edition. Hypervisor. network monitoring D. Hypervisor. Buffer overflow B. a hub Answer: A "Pass Any Exam. Hardware lTe Which of the following is the BEST description of the basic elements of virtualization? sts . This situation can cause an application to terminate.CompTIA SY0-101: Practice Exam QUESTION NO: 231 Which of the following is a common type of attack on web servers? A. Hypervisor. p 135 QUESTION NO: 232 QUESTION NO: 233 Stateful packet inspection is a methodology used by: A. Security+ Study Guide . Sandbox." . Spam D. Hardware C. NAT C. Emulator. Brute force Answer: A Explanation: Buffer overflow occur when an application receives more data that it is programmed to accept.com Ac Answer: A tua A. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. 2004. Host.www. Sandbox. a firewall B. Hypervisor.co m 82 . Reference: Mike Pastore and Emmett Dulaney .actualtests. Host. Sybex . Hardware B. Guest.

www. the user is rerouted to a protest webpage.E sts A. Kerberos B. the user is rerouted to a protest webpage.com 83 Ac Users are reporting that when attempting to access the company web page on the Internet. Multifactor Answer: D QUESTION NO: 235 A. This is MOSTUsers are reporting that when attempting to access the company? web page on the Internet.C. password and undergoing a thumb print scan to access a workstation? A. Answer: B QUESTION NO: 237 Using software on an individual computer to generate a key pair is an example of which of the following approaches to PKI architecture? "Pass Any Exam. .co m Which of the following would be achieved by using encryption? (Select THREE). Integrity . This is MOST likely: tua QUESTION NO: 236 lTe Answer: A. Availability C.CompTIA SY0-101: Practice Exam QUESTION NO: 234 Which of the following types of authentication BEST describes providing a username. a replay attack. Authorization E. Mutual D.actualtests. aDDoS attack B. DNS Poisoning C. a social engineering attack D." . Any Time. Non-repudiation B. Confidentiality D. Biometric C.

com Ac A. Answer: A "Pass Any Exam. Distributed key B. Centralized Answer: B QUESTION NO: 238 A representative from the human resources department informs a security specialist that an employee has been terminated. Active prevention C. Hardening B. Change the employee's user password and keep the data for a specified period.co m 84 . C." . Which of the following would be the BEST action to take? A. Decentralized C. Using an independent security instructor. Enumerating D. Hub and spoke D. Minimizing development cost. Passive detection tua lTe Which of the following BEST describes the baseline process of securing devices on a network infrastructure? sts . Answer: A QUESTION NO: 239 Answer: A QUESTION NO: 240 Which of the following would be MOST important when designing a security awareness program? A. Creating security awareness posters and notices. C. Contact the employee's supervisor regarding disposition of user accounts D.www. D.CompTIA SY0-101: Practice Exam A. Conducting user training sessions. B. Disable the employee's user accounts and delete all data. Any Time. B.actualtests. Disable the employee's user accounts and keep the data for a specified period of time.

Answer: D Explanation: Replication mechanism: To replicate a virus needs to attach itself to the right code. C. Smurf D. A computer virus is a find mechanism. Any Time. connection mechanism and can integrate. initiation mechanism and can propagate. A computer virus is a learning mechanism.www.co m . Disk storage consumption Answer: D QUESTION NO: 242 A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. Memory starvation C. D. or inserted a new "Pass Any Exam. During the 80's and early 90's most viruses were activated when you booted from a floppy disk. Activation mechanism: Most viruses require the user to actually do something.CompTIA SY0-101: Practice Exam QUESTION NO: 241 Open FTP file shares on servers can facilitate which of the following types of attacks? A. where it can replicate and spread past security systems into other systems. activation mechanism and has an objective. contamination mechanism and can exploit. A. A computer virus is a replication mechanism. Switch D. Which of the following network devices should be used? A. Hub Answer: C QUESTION NO: 243 Choose the statement which best defines the characteristics of a computer virus. Firewall C." . B.actualtests. Router B. A computer virus is a search mechanism.com 85 Ac tua lTe sts . CPU starvation B.

one firewall and one VPN B.com. it is easy for someone to sniff your conversation and eavesdrop on every single word you type. Objective: many viruses have no objective at all. QUESTION NO: 244 A demilitarized zone (DMZ) is a network segment that can be created by using: A. hog up memory. A. Nowadays most computer virus's come as email forwards. or crash the system. Answer: A Explanation: Since only clear unencrypted text is being sent across the world through multitudes of WAN equipment and routers. QUESTION NO: 246 You work as the security administrator at Certpaper . Reverse engineering.co m . You must implement an authentication protocol that uses only encrypted passwords during the authentication process. one router and one firewall C. C. Kerberos "Pass Any Exam.actualtests. Cryptanalysis. Choose the authentication protocol that accomplishes this.www. Which is it? A.com 86 Ac tua lTe sts .CompTIA SY0-101: Practice Exam floppy disk into an infected drive. Packet sniffing. and they require the user to execute. D. two firewalls Answer: D QUESTION NO: 245 An attacker can use a specific method to exploit the clear-text attribute of Instant-Messaging sessions. Port scanning." . Any Time. two routers D. but some have the objective to delete data. B.

Disaster planning C. B. D. The challenge response uses a hashing function derived from the Message Digest 5 (MD5) algorithm. C. Renewal keeps the log files from getting too large.A user has received an email from a mortgage company asking for personal information including bank account numbers.com Ac tua . The longer an encryption key is used the more processing power it will consume. CHAP (Challenge Handshake Authentication Protocol) Answer: D Explanation: CHAP is commonly used to encrypt passwords. Acceptable use policies "Pass Any Exam.co m 87 . packet sniffing D. This would BEST be described as: lTe sts . SMTP (Simple Mail Transfer Protocol) C. that is repeated at random intervals during a session. QUESTION NO: 247 Which of the following would be the BEST reason for certificate expiration? A.actualtests. Any Time. phishing B.CompTIA SY0-101: Practice Exam B. Brute force techniques are likely to break the key if given enough time. PPTP (Point-to-Point Tunneling Protocol) D. a hoax Answer: A QUESTION NO: 249 Sending a patch through a testing and approval process is an example of which of the following? A. Answer: B QUESTION NO: 248 A. It provides for on-demand authentication within an ongoing data transmission. spam C. User education and awareness training B.www." . To keep the server from using the same key for two sessions.

Any Time. Hierarchical lTe sts Which of the following trust models would allow each user to create and sign certificates for the people they know? .co m Answer: C 88 .actualtests." .CompTIA SY0-101: Practice Exam D. signature-based D. anomaly-based Answer: A.E "Pass Any Exam. Rootkit D. A. behavior-based.com Ac tua A. Browser trust-list B. Change management Answer: D QUESTION NO: 250 Which of the following BEST describes a set of programs and code that allows an undetectable presence on a system with administrative rights? A. Single certificate authority (CA) D. B. rate-based C. Trojan horse B. Worm QUESTION NO: 251 Answer: B QUESTION NO: 252 All of the following monitoring types evaluate pre-specified conditions EXCEPT: (Select TWO). Web-of-trust C. performance-based E.www. Virus C.

com 89 Ac tua QUESTION NO: 255 lTe sts . System state D. Brute force C. System files Answer: C QUESTION NO: 256 Choose the ports that are used to access the FTP (File Transfer Protocol) protocol.www. Ports 80 and 443. A. User date B. Writing the password on a note and placing the note under the computer keyboard. Answer: C QUESTION NO: 254 Which of the following methods of password guessing typically requires the longest attack time? A. B. B. Any Time. C.actualtests.co m . Dictionary D. Placing the password in a text document and saving the document on the system administrator's computer." . Writing the password on a piece of paper and storing the paper in a locked safe. Birthday B.CompTIA SY0-101: Practice Exam QUESTION NO: 253 Which of the following methods of documenting and storing a password is considered acceptable? A. Operating system C. Sharing the password with a family member and asking the family member not to reveal the password. D. Rainbow Answer: B Which of the following needs to be backed up on a domain controller to be able to recover Active Directory? A. "Pass Any Exam. Ports 20 and 21.

Ports 21 and 23. when someone asks for help. monitoring and administration Answer: C QUESTION NO: 258 Explanation: Social engineering attacks work because of the availability heuristic. By availability. and be more suspect of an attack when someone does ask for a favor. and times when they needed help themselves and were helped.CompTIA SY0-101: Practice Exam C." . QUESTION NO: 257 Human resource department personnel should be trained about security policy: A. Lack of security awareness C. D. port 20 is the data port and port 21 is the command port. so essentially they're being a good Samaritan. Ports 20 and 80. Any Time.co m 90 . With this knowledge in intuition. D. In the past people have had experiences where a co-worker with a legitimate problem asked for help and been grateful for it. If an awareness program were to be implemented where employees could be aware of social engineering tactics. guidelines and enforcement. Audit logs are not monitored frequently B. they associate that ask for help for every legitimate cry for help. they would be more likely to think about them. they feel the urge to help others again the way they've helped out somebody in the past. and law of consistency.www. Answer: A Explanation: In basic FTP operations. So by consistency. Multiple logins are allowed lTe Which of the following is a major reason that social engineering attacks succeed? sts . law of reciprocity. maintenance. implementation C.com Ac Answer: B tua A. "Pass Any Exam.actualtests. B. an employee will make a smarter decision. Strong passwords are not required D.

www. The attack aims to store and distribute malicious code. Answer: C Reference: http://www. The attack aims to establish a connection between the FTP server and another computer. Address internal threats D.CompTIA SY0-101: Practice Exam QUESTION NO: 259 A company implements an SMTP server on their firewall. There have been ongoing discussions about this problem (called "FTP bounce") for several years. the PORT command can be misused to open a connection to a port of the attacker's choosing on a machine that the attacker could not have accessed directly. Keep the solution simple C. and some vendors have developed solutions for this problem.com. tua lTe sts . Create an in-depth defense Answer: A QUESTION NO: 260 You work as the security administrator at Certpaper .html QUESTION NO: 261 Which of the following types of IDS should be employed to obtain the MOST information about the enterprise? A. C. This implementation would violate which of the following security principles? A. Server based "Pass Any Exam. Unix based B. For more detailed information on this FTP Bounce attack refer to the hyperlink.org/advisories/CA-1997-27. B. Any Time.com Ac Explanation: In some implementations of FTP daemons." .cert. You are investigating the consequences of networks attacks aimed at FTP servers. The attack aims to exploita buffer overflow vulnerability on the FTP server. Use a device as intended B. Which of the following states the aim of a FTP (File Transfer Protocol) bounce attack? A. The attack aims to reboot the FTP server. D.co m 91 .actualtests.

Answer: C.E QUESTION NO: 263 A. Confidentiality C. B. Any Time. D.co m 92 . User account reports are periodically extracted from systems and employment verification is performed." . User accounts reports are periodically extracted from systems and user access dates are verified C.com Ac What is the primary security risk associated with removable storage? tua lTe sts . Availability Answer: C QUESTION NO: 264 A programming mechanism used to allow administrative access while bypassing the usual access control methods is known as a: "Pass Any Exam. Network based D. Host based Answer: C Explanation: A network based Intrusion Detection System is not limited to a single server or network segment like a host based IDS. Integrity B. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization. it monitors all the traffic over the entire network QUESTION NO: 262 Which of the following BEST describes actions pertaining to user account reviews? (Select TWO).www. E. User accounts reports are periodically extracted from systems and end users are informed. User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes. Continuity D.CompTIA SY0-101: Practice Exam C.actualtests. A.

By network B.actualtests. First broadcast a message to the all users to alert them of the presence of a virus.com Ac tua lTe sts QUESTION NO: 266 . By group D. First investigate the e-mail message as a possible hoax with a trusted anti-virus vendor. Choose the action which you should specify to perform when receiving an e-mail message warning of the existence of a virus on the system if a specific executable file exists? A. "Pass Any Exam. software exploit D. expiration Answer: C Which is a BEST practice method to assign rights and privileges? A. B. logic bomb C. validation D. You must document the procedure for handling computer virus infections. revocation C.com. By individual C. C. By location Answer: B QUESTION NO: 267 You work as the security administrator at Certpaper . D. destruction B. First locate and download a patch to repair the file. back door Answer: D QUESTION NO: 265 PKI provides non-repudiation by providing third-party assurance of certificate: A.CompTIA SY0-101: Practice Exam A. First search for and delete the virus file.co m 93 .www. Any Time. Trojan horse B." .

are digitally signed C. The process of predicting threats and vulnerabilities to assets is known as threat: A." . the major anti-virus players like Symantec. the wrong file can be deleted.www. avoidance. but there's a chance that the patch itself could be the virus. McAfee. or Sophos will know about it before you. Incorrect answers: Searching for and deleting a file is not only a waste of time with today's OS's complex directory systems. and perhaps terrorizing the users is the original intent of the attack. and worst of all: when you delete a file it doesn't really get completely deleted. the file could be hidden. Answer: B QUESTION NO: 269 Reusing a ticket. instead it gets sent to a 'recycle bin. use a token B.CompTIA SY0-101: Practice Exam Answer: D Explanation: If a virus threat is for real. are time stamped Answer: D "Pass Any Exam. and they will have details on their sites. acceptance. but its also ineffective. because it will waste bandwidth.co m 94 .' Broadcasting an alert and creating panic isn't the right thing to do. D.actualtests. modeling C. or the process of resetting the computer could activate the virus. as a replay attack. in Kerberos authentication will not be successful because the tickets: A. The act of locating and downloading a patch isn't just time consuming. are encrypted D. One can miss a file.com Ac tua lTe sts QUESTION NO: 268 . Any Time. mitigation B.

A. While browsing the retailer's web site. Reference: Mike Pastore and Emmett Dulaney . Which of the following actions should the user take? A. Weak encryption can be easily broken B. Implementations have been limited in many applications because of the high cost associated with these technologies. Privatekeys can be compromised. It is subject to a man-in-the-middle attack C. Any Time.actualtests. The user later observes unknown charges on the credit card bill and has not received the purchased items. Check for shipping delays for the requested items. A user must trust the public key that is received Answer: D QUESTION NO: 272 A user accesses a retailer from an Internet search. the user wants to purchase an item and enters the credit card information.co m 95 . D.CompTIA SY0-101: Practice Exam QUESTION NO: 270 Choose the method of authentication which is the most COSTLY method. Security+ Study Guide . p 265 QUESTION NO: 271 Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication? A. 2nd Edition. Sybex . 2004. Tokens D. and they will become widely used over the next few years. Alameda .www." .com Ac tua lTe sts . B. Many companies use smart cards as their primary method of access control. "Pass Any Exam. Passwords Answer: B Explanation: Biometrics These technologies are becoming more reliable. Shared secrets B. Biometrics C. Be sure that a URL is secure before entering personal information.

Applying patches lTe sts Which of the following are components of host hardening? (Select TWO) .400 connectors have not been password protected.CompTIA SY0-101: Practice Exam C. 20 QUESTION NO: 274 Answer: D. Which of the following is MOST likely the cause? A.com Ac tua A. B. C. Adding users to the administrator group D. 25 C. Remote access to the email application's install directory has not been removed. The administrator account was not secured. Disabling unnecessary services E. 51 D. X. Type the retailer's web address directly into the URL in the future D." .co m Answer: A 96 .actualtests. Limit the number of times online purchases are made monthly.www. Configuring the Start menu and Desktop. 50 B. Answer: B "Pass Any Exam. C. Any Time. Removing a user access to the user data B.E QUESTION NO: 275 An SMTP server is the source of email spam in an organization. Anonymous relays have not been disabled. Answer: A QUESTION NO: 273 Which of the following protocols is used by Encapsulating Security Payload (ESP) in IPSec? A. D.

protecting againstDDoS attacks Answer: C Explanation: What good is a firewall without any kind of policy or configuration policy to be implemented? "Pass Any Exam. Physically locking the WAP. Changing the default SSID. blocking unwanted incoming traffic C. Expedite the request since the caller's identity has been verified. Answer: B.com Ac tua lTe sts . C. however." . C. the caller claims there is an emergency and asks that the request be expedited. The caller is knowledgeable about the company and the caller's name is listed in the company telephone and email directory. Broadcasting a false domain name.CompTIA SY0-101: Practice Exam QUESTION NO: 276 Which of the following would be the BEST step to take to stop unauthorized users from targeting a wireless network with a site survey? (Select TWO). Which of the following would be the BEST action for the employee to take? A. B. D.C QUESTION NO: 277 An employee receives a request from a person claiming to be an employee at a remote office location. A.actualtests. B. developing a firewall policy D. Ask a supervisor for permission to deviate from established procedures due to the emergency Answer: C QUESTION NO: 278 The first step in effectively implementing a firewall is: A. E.www. Follow established procedures and report any abnormal incidents. Any Time. blocking unwanted outgoing traffic B. Disabling SSID broadcasting. Using a switch rather than a hub. D. Give the caller a supervisor's name and telephone number to request authority to expedite the request.co m 97 .

com Ac Which of the following describes an unauthorized user redirecting wireless network traffic from the intended access point to a laptop to inject a packet with malware? tua lTe sts .CompTIA SY0-101: Practice Exam QUESTION NO: 279 Which of the following logs shows when the workstation was last shutdown? A.co m 98 . DHCP Answer: C QUESTION NO: 280 Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? A. A: Social engineering D." .actualtests. Security C. A replay attack C.www. Revoke the key B. Delete the key Answer: A QUESTION NO: 281 A. Access B. A man-in-the-middle attack B. A weak key Answer: A QUESTION NO: 282 The difference between identification and authentication is that: "Pass Any Exam. Renew the key C. Reconfigure the key D. Any Time. System D.

authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials. Intranet D. Oakley "Pass Any Exam. Answer: C QUESTION NO: 283 Which of the following describes a semi-trusted location used to securely house public facing servers between the Internet and the local network? A. VLAN C. the IPSec Protocol Suite uses which of the following specific protocols for securing the data packet? (Select TWO). Secure Key Exchange Mechanism for Internet (SKEMI) C.www. authentication verifies a set of credentials while identification verifies the identity of the network. Block cipher D. Any Time.co m . authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials. authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group. Weak key B. D. B. Encapsulating Security Payload (ESP) B." .com 99 Ac A. A. Algorithm used tua Which of the following would be MOST desirable when attacking encrypted data? lTe sts .actualtests. Demilitarized zone (DMZ) B. C.CompTIA SY0-101: Practice Exam A. Sniffed traffic C. VPN Answer: A QUESTION NO: 284 Answer: A QUESTION NO: 285 After establishing a tunnel.

To perform penetration testing on the DNS server C.CompTIA SY0-101: Practice Exam D. Security+ Study Guide . IPSec can use AH or ESP. To control unauthorized DNSDoS D. E-mail hoaxes can result in buffer overflows on the e-mail server.www. cancer victim child suffering from Herpes it creates undue panic and emotion in the work setting.D have a degree of truth to them.com Ac Explanation: Although answer choices B . Alameda . E-mail hoaxes tend to encourage malicious users. Email hoaxes often create unnecessary traffic because they ask users to forward an email to everyone in address book." . To monitor unauthorized zone transfers B. and whether it is a computer virus or a blind. B. Answer: C QUESTION NO: 287 Which of the following is a reason to implement security logging on a DNS server? A. A. the BEST answer is A. chose the primary attribute associated with e-mail hoaxes. Authentication Header (AH) Answer: A. as well as panic in users that are not technically inclined. starving. D. 2004. tua lTe sts . Internet Security Association and Key Management Protocol (ISAKMP) E.actualtests. 2nd Edition. Any Time. Reference: Mike Pastore and Emmett Dulaney . To measure the DNS server performance Answer: A "Pass Any Exam. E-mail hoaxes consume large quantities of server disk space. p 371 QUESTION NO: 286 From the list of options. Sybex . E-mail hoaxes create unnecessary e-mail traffic. C.E Explanation: IPSec is a security protocol that provides authentication and encryption across the Internet.co m 100 . crippled.C.

B QUESTION NO: 289 Answer: C. Any Time. identity verification methods C. To centralize the patch management of network servers D." . To implement additional network services at a lower cost C.www. 101 . To analyze the various network traffic with protocol analyzers B.F QUESTION NO: 290 A. Authentication D. Authorization B.com Ac Which of the following is a security reason to implement virtualization throughout the network infrastructure? tua lTe sts A. Non-repudiation E. Integrity .co m Which of the following security services are provided by digital signatures? (Select THREE). operating system patching instructions Answer: A.CompTIA SY0-101: Practice Exam QUESTION NO: 288 The risks of social engineering can be decreased by implementing: (Select TWO) A. To isolate the various network services and roles Answer: D QUESTION NO: 291 Giving each user or group of users only the access they need to do their job is an example of which of the following security principals? "Pass Any Exam.actualtests.D. security awareness training B. Confidentiality F. Encryption C. risk assessment policies D. vulnerability testing techniques E.

Least privilege D. Separation of duties B. File and print server C. Access control C. Microsoft Word documents. B. Answer: A Explanation: Many newer viruses spread using email. Sybex . C. Email server B. Security+ Study Guide .www. All of the above. Defense in depth Answer: C QUESTION NO: 292 Which of the following types of servers should be placed on a private network? A. 2nd Edition.CompTIA SY0-101: Practice Exam A. The recipient opens this file thinking it is something you legitimately sent them. p 78 QUESTION NO: 294 "Pass Any Exam. Many times the virus is in an executable attachment. Web server Answer: B Which of the following should be scanned for viruses? A. D. Alameda .com Ac tua lTe sts QUESTION NO: 293 . Any Time. When they open the file.co m 102 . Executable files. Plain text documents. the virus infects the target system.actualtests. The infected system includes an attachment to any email that you send to another user. Remote Access Server (RAS) D." . Reference: Mike Pastore and Emmett Dulaney . 2004.

Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? tua QUESTION NO: 296 lTe sts . decrease the surface area for the attack C." . Scatternet C. Differential C. sustain attacks that go unnoticed D. Incremental D. are not visible to an IDS F.F A.CompTIA SY0-101: Practice Exam Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media? A. Extranet D. Delta Answer: B QUESTION NO: 295 Non-essential services are often appealing to attackers because non-essential services: (Select TWO) A.co m 103 . are not typically configured correctly or secured Answer: C. consume less bandwidth B.actualtests.www.com Ac A company wants to connect the network to a manufacturer's network to be able to order parts. Full B. VPN Answer: C QUESTION NO: 297 The IPSec Security Association is managed by "Pass Any Exam. Intranet B. Any Time. provide root level access E.

Security+ Study Guide . D. ESP D. Answer: A QUESTION NO: 299 Which of the following is a suitable hashing algorithm for a secure environment? A. C. An attacker can enable logging on the target system. lTe sts . An attacker can run a port scan against the target system. p 69 tua Explanation: A TCP/IP network makes many of the ports available to outside users through the router.www. Port scans can be performed both internally and externally. and it can reveal a great deal about your network. RC4 because it produces 160-bits message digests Answer: B "Pass Any Exam. 2nd Edition. MD5 because it produces 160-bits message digests C. This process is called port scanning." . will let all of the protocols pass through them. ISAKMP Answer: D QUESTION NO: 298 Which of the following actions can an attacker perform when network services are enabled on a target system? A. IEEE B. SHA-1 because it produces 160-bits message digests. B. Any Time.com Ac Reference: Mike Pastore and Emmett Dulaney .CompTIA SY0-101: Practice Exam A. Many routers. AH C. An attacker can install arootkit on the target system.co m 104 . B. These ports will respond in a predictable manner when queried. 2004.actualtests. An attacker can check the services file. MD5 because it produces fewer numbers of collisions. Sybex . D. unless configured appropriately. An attacker can systematically query a network to determine which services and ports are open. Alameda .

virus D.actualtests. 64 Answer: A QUESTION NO: 301 Malicious software that travels across computer networks without user assistance is an example of a: A. Smurf attack B. Change this if you want but in the SYN flood the hacker sends a SYN packet to the receiving station with a spoofed return address of some broadcast address on their network. thereby tying up all the resources. Trojan hors C." . The receiving station tries to respond to each SYN request for a connection.CompTIA SY0-101: Practice Exam QUESTION NO: 300 How many characters is the output of a MD5 hash? A.com 105 Ac tua lTe sts . 128 D.www. SYN attack C. Any Time.co m . Birthday attack D. 32 B. Therefore. thus overloading the originator of the ping (the receiving station). All incoming connections are rejected until all current connections can be established. "Pass Any Exam. 160 C. choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network? A. worm B. The receiving station sends out this SYN packets (pings the broadcast address) which causes multiple servers or stations to respond to the ping. logic bomb Answer: A QUESTION NO: 302 From the listing of attacks. Buffer Overflow attack Answer: B Explanation: SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets.

Biometric Answer: B QUESTION NO: 305 A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems. Mutual C.CompTIA SY0-101: Practice Exam the hacker may send only 1 SYN packet.www.co m . Security+ Study Guide . Software publisher certificate C. Reference: Mike Pastore and Emmett Dulaney . Which of the following BEST describes this type of certificate? A." . Sybex . whereas the network of the attacked station is actually what does the barrage of return packets and overloads the receiving station. The answer B is correct. Certificate Authority (CA) certificate D. but you can find online more information on software publisher certificate.actualtests. 2004. Any Time. Server certificate Answer: B QUESTION NO: 304 A. sts . Web certificate B.com 106 Ac Which of the following authentication methods requires that the client authenticate itself to the server and the server authenticate itself to the client? tua lTe Explanation: This is not discussed in the book so much. 2nd Edition. The pop-up window is a certificate which validates the identity of the plug-in developer. Alameda . Which of the following BEST describes this document? "Pass Any Exam. Multifactor D. p 530 QUESTION NO: 303 While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in. Username/password B.

Write an LDAP query. Develop a security policy B. anti-virus software companies.actualtests. Due diligence form Answer: B QUESTION NO: 306 MITRE and CERT are: A. Piggybacking B. Answer: C Answer: A QUESTION NO: 308 Turnstiles.com Ac tua A.CompTIA SY0-101: Practice Exam A. Looking over a co-workersshould'er to retrieve information Answer: A "Pass Any Exam. lTe Which of the following would be the FIRST step to take to mitigate the threat of non-essential domain accounts? sts QUESTION NO: 307 . Authorized Access Policy D. spyware and virus distributing software B. Acceptable Use Policy C. D.www. Impersonation D. Any Time. virus propagation monitoring utilities. Rename the system administrator account C. Privacy Act of 1974 B.co m 107 . double entry doors and security guards are all prevention measures for which of the following types of social engineering? A. Review the domain accounts D. virus and malware cataloging organizations." . C. Looking through a co-worker's trash to retrieve information C.

Water D. C.com 108 Ac tua A newly hired security specialist is asked to evaluate a company's network security. Carbon Dioxide B. B. The hero or the villain hides by a secure entrance.CompTIA SY0-101: Practice Exam Explanation: Piggybacking is an espionage tactic commonly used in the movies. Enforce the security policy. QUESTION NO: 309 Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment? A." . Answer: B QUESTION NO: 311 Which of the following would be an easy way to determine whether a secure web page has a valid certificate? A.www. When the authorized user enters. Other forms of piggybacking take advantage of human altruism. An unauthorized person will put on a disguise and carry a heavy box to the door. Foam Answer: C A. Ensure that the web URL starts with 'https:\\'. and waits for an unknowing authorized user to enter. Right click on the lock at the bottom of the browser and check the certificate information B. Password management D. Install software patches. Any Time. where the authorized user will try to do the right thing. the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. they use stealth to sneak behind them and gain access without the authorized user even knowing. Halon C. and prop the door open for them. "Pass Any Exam. Which of the following would be the FIRST step to take? lTe QUESTION NO: 310 sts .co m .actualtests. Disable non-essential services. The security specialist discovers that users have installed personal software.

CompTIA SY0-101: Practice Exam C. FTP configures to allow anonymous user access. LDAP C. D. C. EAP B. SPAP QUESTION NO: 313 Answer: D QUESTION NO: 314 The SSL (Secure Sockets Layer) protocol operates between specific layers of the OSI (Open Systems Interconnection) reference model. CHAP D.com 109 Ac tua A.actualtests.8a is installed and configured for remote administration. B.D Explanation: "Pass Any Exam.www. Transport Layer E. Application Layer. Any Time. Contact the web page's web master Answer: A QUESTION NO: 312 Which of the following protocols works with 802.1X to authenticate a client to a network? A. Sendmail is configured to allow the administrator's web access. SSL has enabled the Apache service with no virtual hosts configured C. lTe sts Which of the following daemons is MOST likely to be the cause if an unauthorized user obtains a copy of a Linux systems /etc/passwd file? ." . A. ContactThawte or Verisign and ask about the web page D. Data Link Layer Answer: B. SSH with version 0.9.co m Answer: A . Network Layer D. Which is it? Choose all correct answers. Physical Layer B.

C. The source has published the MD5 hash values for the executable program. Avoid executing the file and contact the source website administrator Answer: D QUESTION NO: 316 An end-to-end traffic performance guarantee made by a service provider to a customer is a: A. DRP. The specialist performs a successful virus scan on the download but the MD5 hash is different. SLA. D. secure the WAP D. D. Ignore the MD5 hash values because the values can change during IP fragmentation. define the encryption protocols used. BCP. Any Time. Re-run the anti-virus program to ensure that it contains no virus execute B. Which of the following steps should the specialist take? A. B. VPN Answer: B QUESTION NO: 317 The purpose of the SSID in a wireless network is to: A. identify the network B.CompTIA SY0-101: Practice Exam SSL is associated with secure transactions (credit card purchases and online banking) over your web browser.www. Install the executable program because there was probably a mistake with the MD5 value. protect the client C. C. QUESTION NO: 315 A security specialist has downloaded a free security software tool from a trusted industry site." .actualtests.com 110 Ac tua lTe sts .co m . so naturally it operates between the top two layers of the OSI model. Answer: A QUESTION NO: 318 "Pass Any Exam.

sts . Chain of certificates Answer: B QUESTION NO: 319 Which of the following coorectly specifies where user accounts and passwords are stored in a decentralized privilege management environment? A. Rainbow Table C. C.CompTIA SY0-101: Practice Exam To preserve evidence for later use in court. User accounts and passwords are stored on each individual server. D.actualtests.www. so the best answer would be B. Larger key space D. Chain of custody C. p 432 lTe Explanation: The key word is decentralized. Alameda . B. Security+ Study Guide . Increase the input length Answer: A QUESTION NO: 321 "Pass Any Exam.co m . Any Time. User accounts and passwords are stored on no more than two servers. Salt B. 2nd Edition. User accounts and passwords are stored on a central authentication server." .com 111 Ac tua Reference: Mike Pastore and Emmett Dulaney . Sybex . 2004. Audit trail of systems usage D. Disaster recovery plan B. Answer: C QUESTION NO: 320 Which of the following increases the collision resistance of a hash? A. User accounts and passwords are stored on a server configured for decentralized management. which of the following needs to be documented? A.

Alameda . and the type of symmetric algorithm used for encryption D.co m 112 . Chain of command C. User's public key. This log should catalog every event from the time the evidence is collected. User's public key.actualtests. Security+ Study Guide . Sybex . object identifiers.CompTIA SY0-101: Practice Exam Which of the following describes the process of comparing cryptographic hash functions of system executables." . 2004. Evidence D. the serial number of the CA certificate. File integrity auditing D. and log files? A. Host based intrusion detection Answer: C QUESTION NO: 322 Computer forensics experts use specific guidelines to gather and analyze data while minimizing data loss. and the certificate's validity dates "Pass Any Exam. Stateful packet filtering C. Chain of custody B. Reference: Mike Pastore and Emmett Dulaney . p 457 QUESTION NO: 323 Which of the following correctly identifies some of the contents of an end user's X. Network based intrusion detection B. A: User's public key. User's public key. What guidelines do they use? A. Incident response Answer: A Explanation: The chain of custody is a log of the history of evidence that has been collected. configuration files.www. the Certificate Authority (CA) distinguished name. Any Time.509 certificate? A. the certificate's serial number.com Ac tua lTe sts . 2nd Edition. and the Certificate Revocation List (CRL) entry point C. and the location of the user's electronic identity B.

and describes how to write it down (the data format).actualtests.509 certificates have the following data.co Version Serial Number The entity that created the certificate. Signature Algorithm Identifier Issuer Name The X. Using this certificate implies trusting the entity that signed this certificate.500 name of the entity that signed the certificate.nist." .htm . All X. TCP/IP hijacking. DDoS attack.CompTIA SY0-101: Practice Exam Answer: D Explanation: The X. Timely restore of lost data D. Corruption of the media B. Validity Period Subject Name Subject Public Key Information This is the public key of the entity being named. A courier x-raying the contents Answer: B QUESTION NO: 325 A workstation is being used as a zombie set to attack a web server on a certain date. The infected workstation is MOST likely part of a: A. This is normally a CA. is responsible for assigning it a serial number to distinguish it from other certificates it issues.509 standard defines what information can go into a certificate. "Pass Any Exam. the CA. together with an algorithm identifier which specifies which public key crypto system this key belongs to and any associated key parameters. Theft of the media C.gov/pki/panel/santosh/tsld002.www.com Ac tua Which of the following may be a security issue during transport of stored tape media to an offsite storage location? lTe sts Reference: http://csrc. in addition to the signature: QUESTION NO: 324 A. B. m 113 . Any Time.

Perform a vulnerability assessment B. Compatibility. False positives. Answer: A QUESTION NO: 326 Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network? A. QUESTION NO: 328 Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data. Decrease in throughput. C. Asymmetric scheme "Pass Any Exam. choose the disadvantage of implementing an IDS (Intrusion Detection System). A.actualtests. The other answers limit your assessment. D. D.co m . spoofing attack. ." . If this happens too often then the IDS is not working properly. Run a port scan Answer: A From the options.CompTIA SY0-101: Practice Exam C. Administration B. Run a sniffer D. Install and monitoran IDS C. man-in-the-middle attack. A. Symmetric key distribution system B.com 114 Ac tua lTe QUESTION NO: 327 sts Explanation: Performing a vulnerability assessment is one of the most effective way to find holes in the network.www. Any Time. Answer: C Explanation: A false positive is when legitimate traffic is picked up as an intruder.

NetStumbler Answer: D QUESTION NO: 331 Default passwords in hardware and software should be changed: A. Sam Spade B. Any Time.www. if a threat becomes known. once each month C. MAC addresses can be spoofed and DTP allows only authenticated users. S/MIME C. when the vendor requires it D.CompTIA SY0-101: Practice Exam C. when the hardware or software is turned on. B. MAC addresses can be spoofed and DTP allows rogue network devices to configure ports C. QUESTION NO: 330 A common tool used for wireless sniffing and war driving is: A. Which of the following issues should be discussed with senior management before VLAN implementation? A." . D. B. Symmetric scheme Answer: B QUESTION NO: 329 A company wants to implement a VLAN.co m 115 .com Ac tua lTe sts Answer: B . MAC addresses are a secure authentication mechanism and DTP allows rogue network devices to configure ports. MAC addresses are a secure authentication mechanism and DTP allows only authenticated users. Asymmetric key distribution system D.actualtests. NESSUS D. Senior management believes that a VLAN will be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocol (DTP) will facilitate network efficiency. "Pass Any Exam.

Cain & Abel Answer: C QUESTION NO: 333 Answer: C QUESTION NO: 334 A." . WireShark D. Penetration testing C.co Which of the following is MOST often used to allow a client or partner access to a network? m 116 .CompTIA SY0-101: Practice Exam Answer: D QUESTION NO: 332 Which of the following is a protocol analyzer? A. Intranet . Any Time. Vulnerability scanner D. Password crackers B. Networkmapper Answer: D QUESTION NO: 335 Controlling access to information systems and associated networks is necessary for the preservation of their: "Pass Any Exam. VLAN C. Demilitarized zone (DMZ) B. Extranet D. Nessus C.www. John the Ripper B.com Ac Which of following can be used to determine the topology of a network and discover unknown devices? tua lTe sts A.actualtests.

com 117 Ac tua lTe A. to use in replay attacks. integrity. There legitimate purpose is to find traffic flow problems and bottlenecks for the sake of network optimization. Sybex . Spoofer sts Which of the below options would you consider as a program that constantly observes data traveling over a network? . C. hackers use it to capture data. DoS (Denial of Service). The accountability is equally important. integrity and availability referred to as the CIA of network security. authenticity.www. You will often see the confidentiality." . confidentiality and availability B. Smurfer B. authenticity. Security+ Study Guide . Processor underutilization. integrity and availability. "Pass Any Exam. integrity and availability D. Reference: Mike Pastore and Emmett Dulaney . QUESTION NO: 337 Choose the option that correctly specifies a likely negative technical impact of receiving large quantifies of spam. Any Time.actualtests. confidentiality. B. However. integrity and availability Answer: C Explanation: The design goals of a security topology must deal with issues of confidentiality. 2004. Alameda . A. Sniffer D. C. monitor and analyze traffic. Increased network throughput. D. 2nd Edition.co m . p 22 QUESTION NO: 336 Answer: C Explanation: Packet sniffers are used to capture.CompTIA SY0-101: Practice Exam A. availability and accountability. Reduction in hard drive space requirements. Fragmenter C. confidentiality.

Operating system scanning. The system resources required to: process. Fingerprinting D.CompTIA SY0-101: Practice Exam Answer: A Explanation: In systems where no email filters are set up. download. the human time necessary to sort through those emails will be Herculean. lTe sts .co m 118 . and store such email can potentially reduce a networks availability to zero. QUESTION NO: 338 From the listing of attacks. Each operating system will quote definite amount of message to the ICMP error messages. B. it is possible for some users to receive over a hundred unsolicited emails a day! If every user on a network received that much email. One method is ICMP Message quoting where the ICMP quotes back part of the original message with every ICMP error message. thus denying service. Host hijacking. Answer: C QUESTION NO: 339 Which of the following is an example of two-factor authentication for an information system? A. C. ATM card and PIN C. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS. Retina scan and mantrap D. Photo ID and PIN B. Reverse engineering. which analyzes how the operating system (OS) responds to specific network traffic.com Ac tua Explanation: Fingerprinting is the act of inspecting returned information from a server ( ie . Any Time.actualtests. Username and password Answer: B "Pass Any Exam.www. in an attempt to determine the operating system running in your networking environment? A." .

actualtests.www. Any Time. Develop a trust model Answer: A "Pass Any Exam.co m 119 . Disable any unnecessary ports and services.CompTIA SY0-101: Practice Exam QUESTION NO: 340 Which of the following is the primary method of performing network hardening? A." .com Ac tua lTe sts . Conduct vulnerability analysis. C. B. Deploy a firewall and IDS D.

Sign up to vote on this title
UsefulNot useful