CompTIA SY0-101

SY0-101 Security+

Practice Test
Version 3.0

CompTIA SY0-101: Practice Exam QUESTION NO: 1 A real estate company recently deployed Kerberos authentication on the network. Which of the following does Kerberos require for correct operation? (Select TWO). A. POP-3 B. Accurate network time C. Key Distribution Center D. Extranets E. SSL/TLS Answer: B,C

QUESTION NO: 2 401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE).401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE). A. Content B. TLSs C. Keys D. URLs E. CRLs F. Certificates Answer: A,D,F

QUESTION NO: 3

An administrator is selecting a device to secure an internal network segment from traffic external to the segment. Which of the following devices could be selected to provide security to the network segment? A. NIPS B. HIDS C. Internet content filter D. DMZ Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

2

CompTIA SY0-101: Practice Exam QUESTION NO: 4 Which of the following VPN implementations consists of taking IPv6 security features and porting them to IPv4? A. SSL B. IPSec C. L2TP D. PPTP Answer: B

QUESTION NO: 5

QUESTION NO: 6 Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software? A. Trojan horse B. Worm C. Virus D. Logic bomb Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

tua

lTe

Answer: A

sts

A. Role Based Access Control (RBAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Discretionary Access Control (DAC)

.co

m

A user is assigned access rights based on the function within the organization. This is a feature of which of the following types of access control models?

3

Rule Based Access Control (RBAC) B. Role Based Access Control (RBAC) C.com 4 Ac tua lTe sts A. Any Time. when prompted. Mandatory Access Control (MAC) . Fault tolerant systems D.actualtests. Offsite storage Answer: B QUESTION NO: 8 Answer: B QUESTION NO: 9 Which of the following is often misused by spyware to collect and report a user's activities? A. Disaster recovery plan C." . Alternate sites B. Discretionary Access Control (DAC) D. in conjunction with the proper PIN (Personal Identification "Pass Any Exam. Persistent cookie D. A challenge-response session is a workstation or system that produces a random login ID that the user provides. Web bug Answer: B QUESTION NO: 10 Which definition best defines what a challenge-response session is? A.CompTIA SY0-101: Practice Exam QUESTION NO: 7 Which of the following would be MOST important to have to ensure that a company will be able to recover in case of severe environmental trouble or destruction? A. Tracking cookie C. Session cookie B.www.co A task-based control model is an example of which of the following? m .

A challenge-response session is a special hardware device used to produce random text in a cryptography system. Most security systems that rely on smart cards are based on challenge-response. A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated. Any Time.actualtests.www.webopedia. Asymmetric D. The smart card then displays a new code (the response) that the user can present to log in." .co m 5 . ACL C.html Which of the following describes a type of algorithm that cannot be reversed in order to decode the data? A. B. Proxy "Pass Any Exam. Which of the following would achieve this goal? A. Pseudorandom Number Generator (PRNG) Answer: A QUESTION NO: 12 An administrator wants to implement a procedure to control inbound and outbound traffic on a network segment. One Way Function B. Symmetric C. C. Reference: http://www.com/TERM/C/challenge_response. Answer: B Explanation: A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response). in conjunction with the proper PIN (Personal Identification Number). A challenge-response session is a workstation or system that produces a random challenge string that the user provides. D. A user is given a code (the challenge) which he or she enters into the smart card.com Ac tua lTe QUESTION NO: 11 sts . HIDS B.CompTIA SY0-101: Practice Exam Number). when prompted.

2 10.5.2 10.2. nmap B. tcpdump D.actualtests.168.10.2.5.2." . SNMP (Simple Network Management Protocol). the following entries are observed: Date Time Source IP Destination IP Port Type 10/21 0900 192. NESSUS C.1 23 SYN 10/21 0930 192.CompTIA SY0-101: Practice Exam D.168. Any Time. dd Answer: C When reviewing traces from an IDS. Domain Name Service (DNS) "Pass Any Exam. Denial of service (DoS) D.2 10.10.10.5. Network News Transfer Protocol (NNTP) C.www.5. NIDS Answer: B QUESTION NO: 13 Which of the following freeware forensic tools is used to capture packet traffic from a network? A.com 6 Ac tua lTe sts .1 20 SYN 10/21 0915 192.168.1 21 SYN 10/21 0920 192. SYN Flood C.2 10. Port scanning B.10.168.co QUESTION NO: 14 m . Expected TCP/IP traffic Answer: A QUESTION NO: 15 Which of the following protocols are not recommended due to them supplying passwords and information over the network? A. B.1 25 SYN Which of the following is MOST likely occurring? A.2.

Internet Control Message Protocol (ICMP) Answer: A QUESTION NO: 16 Which of the following must be installed for HTTPS to work properly on a web site? A. which is a tunneling protocol that can only work on IP networks because it requires IP connectivity? "Pass Any Exam. Security token Answer: A Answer: A Explanation: Wired Equivalent Privacy is a wireless protocol designed to provide privacy equivalent to that of a wired network. ISDN (Integrated Services Digital Network) D. Reference: Mike Pastore and Emmett Dulaney . p 372 QUESTION NO: 18 From the options. VPN (Virtual Private Network) C." . Digital certificate B. 2nd Edition.actualtests. Sybex . ISSE (Information Systems Security Engineering) lTe sts You work as the security administrator. Symmetric key C. 3DES encryption D. Alameda .www. Security+ Study Guide . You want to implement a solution which will provide a WLAN (Wireless Local Area Network) with the security typically associated with a wired LAN (Local Area Network): Which solution should you implement? . Any Time. 2004.CompTIA SY0-101: Practice Exam D.com 7 Ac tua A.co QUESTION NO: 17 m . WEP (Wired Equivalent Privacy) B.

Developed as an extension of the Point-to-Point Protocol (PPP). Any Time. Which of the following would be the BEST description of this program? sts . require IP connectivity between your computer and the server. PPTP tunnels and/or encapsulates. Software exploitation B. Brute force D. IPX. PPTP protocol B. Virus D. Like PPTP.com 8 Ac tua A. It does. IPX protocol D. which in turn encapsulate IP. Worm lTe A user downloads and installs a new screen saver and the program starts to rename and delete random files. Logic bomb C.co m .www. however.actualtests. Vulnerability C. IP. Spoofing Answer: A "Pass Any Exam. Trojan horse B. L2TP protocol Answer: A Explanation: Point-to-Point Tunneling Protocol You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP). L2TP encapsulates Point-to-Point Protocol (PPP) frames. Not B: L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP). SSH C.CompTIA SY0-101: Practice Exam A. or NetBEUI protocols inside of PPP datagrams PPTP does not require a dial-up connection. or NetBEUI protocols QUESTION NO: 19 Answer: A QUESTION NO: 20 Which of the following BEST describes an attack that takes advantage of a computer not fully updated with the most recent operating system patches? A. IPX." .

Host-based firewall D. Router with firewall rule set Answer: B. The network cannot be redesigned and the server cannot be moved. A. Which of the following is this an example of? A. Network-based IDS E. Which of the following should the security specialist implement to secure the web server? (Select TWO). Answer: A QUESTION NO: 22 A companys security' specialist is securing a web server that is reachable from the Internet.C QUESTION NO: 23 A program allows a user to execute code with a higher level of security than the user should have access to. symmetrical B. Host-based IDS C.com Ac tua lTe sts . Privilege escalation C." . Any Time.CompTIA SY0-101: Practice Exam QUESTION NO: 21 Secret Key encryption is also known as: A.www. replay D. Weak passwords Answer: B "Pass Any Exam.actualtests. DoS B. Default accounts D. The web server is located in the core internal corporate network.co m 9 . asymmetrical C. one way function. Router with an IDS module F. Network-basedfirewal B.

conduct a follow-up vulnerability analysis B." . update the baseline C.com 10 Ac tua QUESTION NO: 26 lTe Answer: D sts A. Answer: A Explanation: The actual verification of a client's identity is done by validating an authenticator. D. B. D. C. Clocks are used to ensure that tickets expire correctly. Any Time.www. To insure that the authenticator is up-to-date and is not an old one that has been captured by an attacker. Thus. the ultimate authority is called the: For which reason are clocks used in Kerberos authentication? A. If the timestamp is not close enough to the current time (typically within five minutes) then the authenticator is rejected as invalid. test the essential functionality Answer: D QUESTION NO: 25 In a certificate hierarchy. Terminal Access Controller Access Control System (TACACS). perform penetration testing D. Clocks are used to both benchmark and specify the optimal encryption algorithm. B. Kerberos requires your system clocks to be loosely synchronized (the "Pass Any Exam. The next step before placing the network back into operation would be to: A.CompTIA SY0-101: Practice Exam QUESTION NO: 24 A security specialist has completed a vulnerability assessment for a network and applied the most current software patches. Root Certifying Authority (Root CA). Clocks are used to generate the seed value for the encryptions keys. Private Branch Exchange (PBX). Certificate Revocation List (CRL). Clocks are used to ensure proper connections. . C. the timestamp in the authenticator is checked against the current time.actualtests. The authenticator contains the client's identity and a timestamp.co m .

" . Which of the following would be the BEST location for the web server? A. Service pack D. business partners. Internal network segment B. External network segment Answer: B. Hotfix B. Patch template lTe sts Which of the following is an installable package that includes several patches from the same vendor for various applications? . Key recovery B.com Ac tua A.co m Answer: B 11 .C "Pass Any Exam.CompTIA SY0-101: Practice Exam default is 5 minutes. Acknowledgement D. Demilitarized zone (DMZ) C.actualtests.org/faqs/kerberos-faq/general/section-22. Patch rollup C. Integrity C.www. Any Time. Reference: http://www. Faultrecover QUESTION NO: 28 Answer: C QUESTION NO: 29 A company's web server needs to be accessible by remote users. Network perimeter D. and corporate users.html QUESTION NO: 27 Message authentication codes are used to provide which service? A.faqs. but it can be adjusted in Version 5 to be whatever you want).

secure. Disabling them (which is as easy as setting your browser security level to High) is the best method of securing a web browser." . Any Time. IPSec F. a code of ethics D. Only use a VPN (Virtual Private Network) connection to connect to the Internet. JavaScript.CompTIA SY0-101: Practice Exam QUESTION NO: 30 In order to secure web-based communications. and cookies all poise security concerns. the need to know C. since its simple. and within every users reach.com Ac Explanation: Features that make web surfing more exciting like: ActiveX.www. Deploy a filtering policy for unknown and illegal websites that you do not want users to access. CGI scripts. C. Public-key cryptography D. tua lTe sts .actualtests.co m 12 .D QUESTION NO: 31 From the recommendations below. Do not upgrade web browsers because new versions have a tendency to contain more security flaws. the separation of duties "Pass Any Exam. PPP Answer: C. Java. Challenge Handshake Authentication Protocol (CHAP) B. D. acceptable usage B. Symmetric cryptography E. SSL uses: (Select TWO) A. B. which is considered the best method for securing a web browser? A. Disable all unused features of the web browser. Answer: B QUESTION NO: 32 Documentation describing a group expected minimum behavior is known as:Documentation describing a group? expected minimum behavior is known as: A. Blowfish encryption C.

decentralized management C.co m 13 . SOCKS D. single sign-on Answer: D QUESTION NO: 36 "Pass Any Exam.com Ac QUESTION NO: 35 tua lTe sts . Any Time.actualtests.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 33 Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header? A. D. Discretionary Access Control (DAC). DNS Answer: B QUESTION NO: 34 Which of the following describes backing up files and software that have changed since the last full or incremental backup? A. NAT C. Differential backup D. Delta backup B. Full backup C. need to know B. Incremental backup Answer: D The authentication process where the user can access several resources without the need for multiple credentials is known as: A. Private addressing B.www." .

" . Host to Host B. B. The server then evaluates the certificate and responds with a session key and an encrypted private key. D. Gateway to Host C. which represents the first action performed by an SSL (Secure Sockets Layer) enabled server when a user clicks to browse a secure page? A.co m 14 . The server requests the user to produce the CRL (Certificate Revocation List). The server validates the user by checking the CRL (Certificate Revocation List).CompTIA SY0-101: Practice Exam From the options below.www. The server uses its digital certificate to identify itself to the browser. QUESTION NO: 37 WEP uses which of the following stream ciphers? A. Answer: A Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. The server displays the page requested by the user on the browser. The client then sends the server a certificate indicating the capabilities of the client.com Ac tua lTe sts . the server sends a message back to the client indicating a secure connection is needed. QUESTION NO: 38 A VPN is needed for users to connect to a remote site and the VPN must be transparent to the user. The session is secure after this process. Host to Gateway D. 3DES B.actualtests. Gateway to Gateway "Pass Any Exam. and then provides its IP (Internet Protocol) address for verification purposes. RC2 Answer: B Explanation: NO XPLANATION. IKE D. This protocol uses the handshake method. Which of the following VPN models would be BEST to use? A. When a connection request is made to the server. RC4 C. C. Any Time.

Application Answer: C Explanation: SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. magnetic media sorting C. Common Gateway Interface (CGI) C. Any Time." . QUESTION NO: 41 An important component of a good data retention policy is: A.CompTIA SY0-101: Practice Exam Answer: D Explanation: NO XPLANATION.com 15 Ac tua lTe sts . Network C. QUESTION NO: 39 A web page becomes unresponsive whenever the embedded calendar control is used. Data link B. ActiveX B.actualtests. so naturally it operates between the top two layers of the OSI model. QUESTION NO: 40 SSL operates at which layer? A.co m . Cookies Answer: A Explanation: NO XPLANATION. Cross-site scripting D. offsite storage B. server drive redundancy "Pass Any Exam. Which of the following types of vulnerabilities is occurring? A.www. Transport D.

Or when they make new software release (Linux kernels seam to be updated every other day) they try to fix all known vulnerabilities. Use packet sniffing software on all inbound communications D. Social engineering Answer: C QUESTION NO: 44 Which of the following connectivity is required for a web server that is hosting an SSL based web site? "Pass Any Exam.com 16 Ac A person walks up to a group of people who have physical access to a network operations room. Enable auditing on the web server and periodically review the audit logs B. sts . Any Time. the more time a hacker's have to seek vulnerabilities.actualtests.co m Answer: D . As some of the group enters the room.CompTIA SY0-101: Practice Exam D. an administrator should adopt which of the following preventative measures? A. and the instant they realize that there's a security breach they assign a team on it to develop a security patch. Block all Domain Name Service (DNS) requests coming into the server. C. Which of the following would BEST describe this activity? tua lTe Explanation: Operating system manufacturers pride themselves in having a secure system. Apply the most recent manufacturer updates and patches to the server. Shoulder surfing C. backup software licensing Answer: A QUESTION NO: 42 To reduce vulnerabilities on a web server.www. this person walks into the room behind the group without providing credentials to gain access. Since the older an operating system is." . QUESTION NO: 43 A. Tailgating D. A simple security patch that takes a couple of minutes to download and install is the difference between having a secure network and having a system made completely useless by a worm. Walk behind B.

www. Port 80 inbound C. Hoaxes also often instruct the user to delete files on their computer that may cause their computer or a program to quit functioning. Single certificate authority (CA) B. Hoaxes are harmless pranks and should be ignored. Which of the following should the company implement? "Pass Any Exam." . Hoaxes can create as much damage as a real virus.co m . Hierarchical D. Any Time. B.CompTIA SY0-101: Practice Exam A. tua lTe On the topic of comparing viruses and hoaxes. Port 443 inbound D. Port 443 outbound B.actualtests. D. and least privilege. which statement is TRUE? Choose the best TRUE statement. Web-of-trust Answer: D QUESTION NO: 46 Answer: A Explanation: Hoaxes do have the possibility of causing as much damage as viruses. QUESTION NO: 47 A company conducts sensitive research and development and wants a strict environment for enforcing the principles of need to know.com 17 Ac A. sts . Hoaxes can help educate users about a virus. Many hoaxes instruct the recipient to forward the message to everyone that they know and thus causes network congestion and heavy e-mail activity. Port 80 outbound Answer: C QUESTION NO: 45 Which of the following trust models would allow each user to create and sign certificates for the people they know? A. separation of duties. C. Browser trust-list C. Hoaxes carry a malicious payload and can be destructive.

D "Pass Any Exam. Discretionary Access Control (DAC) method C. Role-Based Access Control (RBAC) method.actualtests. sts . Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. access controls that restrict usage C. This model allows users to dynamically share information with other users. but it increases the risk of unauthorized disclosure of information. All of the above D. Alameda . using a VPN D. recording to write-once media. A.www. B. network users have some flexibility regarding how information is accessed. an intrusion prevention system (IPS) F. Any Time. E. Sybex . Single sign on D. Discretionary Access Control (DAC) C. p 440 tua lTe Explanation: In a DAC model. Security+ Study Guide . Mandatory Access Control (MAC) method Answer: B QUESTION NO: 49 Audit log information can BEST be protected by: (Select TWO).com 18 Ac Reference: Mike Pastore and Emmett Dulaney .CompTIA SY0-101: Practice Exam A.co m . Single factor authentication Answer: A QUESTION NO: 48 Which access control method allowsusers to have some level of flexibility on how information is accessed. but at the expense of increasing the risk of unauthorized disclosure of information? A." . The process allows a more flexible environment. 2nd Edition. an IDS Answer: B. Mandatory Access Control (MAC) B. 2004. a firewall that creates an enclave B.

com Ac Which of the following programming techniques should be used to prevent buffer overflow attacks? tua lTe sts . a logic bomb C. an email attachment. Users are at risk for identity theft.actualtests.B QUESTION NO: 51 Malicious code that enters a computer by means of a freely distributed game that is intentionally installed and played is known as: A. Answer: A. Input validation C. B. Signed applets Answer: B QUESTION NO: 53 Pretty good privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another.co m 19 .www. Automatic updates B. a worm D. C. a Trojan horse B. The model with no single trusted root is known as: "Pass Any Exam.CompTIA SY0-101: Practice Exam QUESTION NO: 50 Which of the following would be considered a detrimental effect of a virus hoax? (Select TWO). Technical support resources are consumed by increased user calls." . D. Answer: A QUESTION NO: 52 A. Nested loops D. A. Any Time. Users are tricked into changing the system configuration. The email server capacity is consumed by message traffic.

DACs (Discretionary Access Control) method Answer: B QUESTION NO: 55 A person pretends to be a telecommunications repair technician.com Ac Reference: Mike Pastore and Emmett Dulaney . 2nd Edition. hybrid B. The system administrator establishes these parameters and associates them with an account.co m 20 . downlevel.www. LBACs (List Based Access Control) method B. social engineering B. MACs (Mandatory Access Control) method C. Alameda . enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. A. files or resources.actualtests. All objects are given security labels known as sensitivity labels and are classified accordingly. D. 2004. a man in the middle attack "Pass Any Exam. RBACs (Role Based Access Control) method D. Any Time." . lTe Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments.CompTIA SY0-101: Practice Exam A. peer-to-peer. The MAC model can be very restrictive. The person connects a packet sniffer to the network switch in the wiring closet and hides the sniffer behind the switch against a wall. sts . p 11 tua The MAC model is a static model that uses a predefined set of access privileges to files on the system. hierarchical Answer: B QUESTION NO: 54 Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item. Then all users are given specific security clearances as to what they are allowed to access. Security+ Study Guide . Sybex . This is an example of: A. C.

www. A rainbow table B.CompTIA SY0-101: Practice Exam C. A hash function D. Which of the following would allow an administrator to find weak passwords on the network? A. A public building that has shared office space. A. stores a shared key for each network resource and uses a Key Distribution Center (KDC)? A. C. A company with a help desk whose personnel have minimal training.actualtests. TACACS+ D." . windowless building D.co Answer: A. E. PKI Answer: B "Pass Any Exam. a vulnerability scan D. A military facility with computer equipment containing biometrics. A locked. B. RADIUS B.com Ac tua lTe sts QUESTION NO: 57 .D m 21 . A networkmapper C. A company with a dedicated information technology (IT) security staff. Any Time. Kerberos C. A password generator Answer: A QUESTION NO: 58 Which of the following network authentication protocols uses symmetric key cryptography. a penetration test Answer: A QUESTION NO: 56 Social engineering attacks would be MOST effective in which of the following environments? (Select TWO).

B. Cryptographic keys B. Synchronous password generator D. tua lTe A. has an authentication server that generates a challenge (a large number or string) which is encrypted with the private key of the token device and has that token device's public key so it can verify authenticity of the request (which is independent from the time factor). Any Time. but also the data integrity. That challenge can also include a hash of transmitted data.co m 22 . Asynchronous password generator Answer: C Explanation: An synchronous password generator. Clark and Wilson sts . BIBA C. Smart cards C. Notify management. so not only can the authentication be assured. C. "Pass Any Exam. A.CompTIA SY0-101: Practice Exam QUESTION NO: 59 Choose the password generator that uses a challenge-response method for authentication." . QUESTION NO: 60 Choose the terminology or concept which best describes a (Mandatory Access Control) model. Bell La-Padula B. Contact law enforcement officials. Answer: C QUESTION NO: 61 A system administrator reports that an unauthorized user has accessed the network.www.com Ac Explanation: The word lattice is used to describe the upper and lower level bounds of a user' access permission. Which of the following would be the FIRST action to take? A.actualtests. Lattice D. D. Contain the problem. Determine the business impact.

In one case.co m 23 .com Ac tua A. 446 D. which one is it? A. 443 Answer: D "Pass Any Exam. Overwrite the oldest audit records B. Spamming D.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 62 One of the below attacks focus on the cracking of passwords. Stop generating audit records D. Although most systems resist such attacks. QUESTION NO: 63 Answer: B QUESTION NO: 64 The MOST common Certificate Server port required for secure web page access is port: A.actualtests. 80 C. Log off the user lTe Which of the following should be done if an audit recording fails in an information system? sts . Any Time. Teardrop C. one system in five yielded to a particular dictionary attack. some do not. SMURF Answer: A Explanation: Dictionaries may be used in a cracking program to determine passwords. Dictionary B. A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. Send an alert to the appropriate personnel C." . 25 B.www.

www.actualtests.C QUESTION NO: 66 Which of the following would be an advantage for using PKI over a key server system? A. PPTP E. The key server is superior in large systems. Phreaking "Pass Any Exam. B.com 24 Ac tua QUESTION NO: 67 lTe Answer: C sts . Which of the following wireless security protocols could be used? (Select TWO). Any Time. WPA D. Certificate authority revocation is easy to implement.co m . D. IPX C. A small manufacturing company wants to deploy secure wireless on their network. L2TP B. A. The root certificate authority key can be stored offline. SSH Answer: B. WAN B. C. AH C.D QUESTION NO: 68 In addition to bribery and forgery. Encapsulating Security Protocol (ESP) D." . WEP Answer: C. PKI is less complex to deploy. SSL F. which of the following are the MOST common techniques that attackers use to socially engineer people? (Select TWO) A. A.CompTIA SY0-101: Practice Exam QUESTION NO: 65 IPSec uses which of the following protocols to provide traffic security? (Select TWO).

Implementing a host based intrusion detection system C. Clustering B.E QUESTION NO: 69 Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received? A.com Ac tua A. Non-repudiation Answer: D QUESTION NO: 70 Answer: C QUESTION NO: 71 . RAID D. Remote access lTe Which of the following would be an example of a high-availability disk technology? sts . Anti-aliasing D. Asymmetric cryptography C. Data integrity B.www. The audit shows that many of the users have the ability to access the company's accounting information. Assuming a position of authority Answer: D. Flattery E. Dumpster diving D. Implementing a host based intrusion prevention system "Pass Any Exam.co m 25 .A technician is auditing the security posture of an organization. Load balancing C. Any Time. Whois search C. Changing the user rights and security groups B. Which of the following should the technician recommend to address this problem? A.actualtests.CompTIA SY0-101: Practice Exam B. Changing file level audit settings D." .

C. 2nd Edition. Botnet C. 2004.www.co Which scenario or element would typically cause a CGI (Common Gateway Interface) security issue? m . The external data provided by the user. Adware B. but it still widely used in older systems. Any Time. and it interacted with the client browser. Trojan Answer: B QUESTION NO: 73 Answer: A Explanation: Common Gateway Interface is an older form of scripting that was used extensively in early web systems." . A. The CGI script ran on the web server. Security+ Study Guide . CGI scripts could be used to capture data from a user using simple forms. p 136 QUESTION NO: 74 Choose the compoenent that you would locate in the DMZ (Demilitarized Zone).CompTIA SY0-101: Practice Exam Answer: A QUESTION NO: 72 Which of the following is commonly used in a distributed denial of service (DDOS) attack? A. D. The web browser.actualtests. Alameda . the answer would be D. Sybex . Although the answer is not given in the paragraph from the book. sts . Phishing D. SQL (Structured Query Language) server "Pass Any Exam. The HTTP (Hypertext Transfer Protocol) protocol.com 26 Ac tua lTe A. CGI is frowned upon in new applications because of its security issues. Reference: Mike Pastore and Emmett Dulaney . B. The compiler or interpreter which runs the CGI script.

p 26 QUESTION NO: 75 Of the intrusion detection capabilities listed below." . based on where it is located. 2nd Edition. attack patterns within the network and malicious activities. C. Sybex . Any Time. you can hide or remove access to other areas of your network. Security+ Study Guide . Reference: Mike Pastore and Emmett Dulaney . FTP (File Transfer Protocol) server D.www. the IDS detects a potential security breach. Answer: B Explanation: In a passive system. User workstations C. A network based IDS system can monitor and report on all network traffic. B. Alameda . A network based IDS system can detect attacks in progress.com 27 Ac tua lTe sts .CompTIA SY0-101: Practice Exam B. A FTP server can be used by people from outside of your network and should be placed in the DMZ. which is invisible to hostbased IDS systems. "Pass Any Exam. the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source. By isolating a server in a DMZ. Customer account database Answer: C Explanation: A DMZ is an area where you can place a public server for access by people you might not trust otherwise.actualtests. In a reactive system. QUESTION NO: 76 A security specialist is called to an onsite vacant office where an employee has found an unauthorized wireless access device connected to an RJ-45 jack linked to the corporate LAN. A network based IDS system can detect dial-in intrusions and attempts to physically access the server. 2004.co m . which is FALSE for a network based IDS system? A. A network based IDS system can see packet header information. D. logs the information and signals an alert.

Disconnect the network cable. Network address translation (NAT) D. Application-proxy Answer: D QUESTION NO: 78 Choose the attack or malicious code that cannot be prevented or deterred solely through using technical measures. Call the police. it is unlawful to use technology to directly control people's emotions and behaviors. Social engineering. posters. C.www. B. Answer: B Explanation: Because of human rights laws. Install a sniffer. Stateful inspection C. Packet filters B.co m 28 . Any Time.com Ac tua lTe sts . D. Dictionary attacks. Turn off the power. B. Man in the middle attacks.CompTIA SY0-101: Practice Exam Which of the following actions should the administrator take FIRST? A. C. A. For this reason social engineering attacks cannot be deterred through technical means.actualtests. newsletters. login banners and e-mails would be good tools to utilize in a security: "Pass Any Exam. QUESTION NO: 79 Company intranet. DoS (Denial of Service) attacks. Answer: D QUESTION NO: 77 Which of the following types of firewalls provides inspection at layer 7 of the OSI model? A. D." .

Any Time. firewall Answer: D QUESTION NO: 82 Which of the following access decisions are based on a Mandatory Access Control (MAC) environment? A.actualtests.com Ac tua lTe sts . hub D. QUESTION NO: 80 An IDS sensor on a network is not capturing all the network data traffic. bridge C. Sensitivity labels "Pass Any Exam." . anti-virus program C. likewise advertising techniques can also be used to bring awareness to security programs.co m 29 .www. This may be happening because the sensor is connected to the network with a: A.CompTIA SY0-101: Practice Exam A. policy review Answer: A Explanation: Advertisement techniques are used to bring product awareness to a consumer. switch B. investigation D. router Answer: A QUESTION NO: 81 A software or hardware device that allows only authorized network traffic in or out of a computer or network is called a: A. awareness program B. packet sniffer D. control test C. honeypot B.

Group membership D. Identify roles and objects to be accessed. Answer: B QUESTION NO: 84 The concept that a web script is run in its own environment and cannot interfere with any other process is known as a: A. create a folder for each department." . All objects are given security labels known as sensitivity labels and are classified accordingly. D. deploy biometric hardware to the client computers. Access control lists Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. and grant rights and privileges. and grant rights and privileges based on groups. Create a certificate authority. Create a list of departments. quarantine Answer: A QUESTION NO: 85 Choose the malicious code which can distribute itself without using having to attach to a host file. Any Time.co m . Enroll users in a biometric authentication system. assign rights and privileges based on individual certificates. C.actualtests.com 30 Ac tua lTe sts . issue certificates to each user. B. create groups. VLAN C. meet with the departments and direct them to access their departmental folder. Then all users are given specific security clearances as to what they are allowed to access. sandbox B.www.CompTIA SY0-101: Practice Exam B. honey pot D. Ownership C. QUESTION NO: 83 Which of the following is a best practice for managing user rights and privileges? A. "Pass Any Exam.

Risk assessment C. Which of the following can be used to explain the reasons a security review must be completed? A." . netcat D. Dry powder C.CompTIA SY0-101: Practice Exam A.actualtests. a forensics specialist executes a command on the computer being investigated. A worm.co m . Answer: C QUESTION NO: 86 During a live response to an unauthorized access.com 31 Ac tua lTe sts . Soda acid B. A Trojan horse. D. IPCONFIG / IFCONFIG Answer: A QUESTION NO: 87 Which of the following is a suppression method for a Class C fire? A. nmap C. The sales department has requested that the system become operational before a security review can be completed. Corporate security policy "Pass Any Exam. C. Carbon dioxide (CO2) D. Any Time. B. Which of the following commands would be used to display the current network connections on the local computer? A. Water Answer: C QUESTION NO: 88 A computer system containing personal identification information is being implemented by a company's sales department. A logic bomb. NETSTAT B. Need to know policy B. A virus.www.

vulnerabilities D. .CompTIA SY0-101: Practice Exam D. Create and enforce network security policy. You want to reduce the likelihood of certpaper. costs C. C. Any Time. Escorting of guests "Pass Any Exam. or what will best prevent the transmission of nonessential email. Encrypt all company e-mail messages. It asks what action will discourage the employees.www. e-mail.com Ac tua A.actualtests. Badge security system B. Implement a strong authentication method. so the correct answer is to create a network security policy that defines what kind of email use constitutes the term misuse.com employees misusing your ORG. lTe sts You work as the security administrator. Vulnerability assessment Answer: C QUESTION NO: 89 The first step in risk identification would be to identify: A. assets Answer: D How will you accomplish the task? Answer: C Explanation: The question doesn't ask what method can be used to best secure the emails. D. QUESTION NO: 91 Which of the following is the MOST effective social engineering defensive strategy? A." . B. threats B. Create and enforce ACLs (Access Control List).co QUESTION NO: 90 m 32 .

The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. This situation can cause an application to terminate. Sybex . This is BEST described as: A. p 135 sts Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. Rule Based Access Control (RBAC). Discretionary Access Control (DAC). Ping of death B. Alameda . Marking of documents Answer: C QUESTION NO: 92 From the list below." . Logic bomb C. 2nd Edition. choose the exploit that can be considered a DoS attack because more traffic than what the node can handle is flooded to that node. 2004. Security+ Study Guide .www. Buffer overflow D. B. D.co m 33 . Training and awareness D. A. Any Time. . Mandatory Access Control (MAC) Answer: B QUESTION NO: 94 "Pass Any Exam. Role Based Access Control (RBAC) C.actualtests.com Ac tua lTe Reference: Mike Pastore and Emmett Dulaney . human resources personnel having slightly less access and managers having access to their own department files only. Smurf attack Answer: C QUESTION NO: 93 An organization has a hierarchical-based concept of privilege management with administrators having full access.CompTIA SY0-101: Practice Exam C.

Virus signature reports Answer: B QUESTION NO: 96 A." .D QUESTION NO: 95 Which of the following is considered by some HIDS tools to detect system security related anomalies? A. Vulnerability analysis snapshot comparison D. Force the change with group policy B.www. Patch reports B.CompTIA SY0-101: Practice Exam Which of the following types of IDS should be implemented to monitor traffic on a switch? (Select TWO). Network Based Active Answer: A. C. Host Based Active C. D. Force the change by security group. A.com Ac tua Which of the following is the MOST efficient way to force a large number of users to change their passwords on logon? lTe sts . uses weak encryption "Pass Any Exam. The MOST important security issue to address when using instant messaging is that instant messaging: A. Force the change with registry editor. File hashing snapshot comparison C.actualtests. Force the change with remote logon. Network Based Passive B. Any Time. Host Based Passive D. Answer: A QUESTION NO: 97 The employees at a company are using instant messaging on company networked computers.co m 34 .

and this would require less administrative overhead than setting up firewalls at each subnet. communications are a drain on bandwidth C. D. You also want to use the least amount of administrative effort to accomplish your task. communications are open and unprotected Answer: D QUESTION NO: 98 Which of the following is a reason to use a vulnerability scanner? A. Any Time. tua lTe You work as the security administrator at Certpaper. VLAN's would restrict access only to their local VLAN. They are also hardware based (at the switch and MAC level) Firewalls are used so that external users (outside the organization cannot get in). To identify remote access policies B. Deploy a VPN (Virtual Private Network)." . How will you accomplish the task? sts . Deploy a proxy server Deploy.co m 35 . The solution which you implement to restrict network access must be hardware based.actualtests.www. whereas VLAN's are used within an organization to provide security.CompTIA SY0-101: Practice Exam B.com. To assist with PKI implementation C. QUESTION NO: 100 "Pass Any Exam. has no common protocol D. To assist with protocol analyzing Answer: C QUESTION NO: 99 Answer: B Explanation: Implement a VLAN (Virtual Local Area Network) to restrict network access is the best answer. Deploy firewalls between your subnets. To identify open ports on a system D. B. C. Deploy a VLAN (Virtual Local Area Network) Deploy. You must ensure that internal access to other parts of the network is controlled and restricted.com Ac A.

co m 36 . Sybex . E. Results in disconnection from the file server. Challenge Handshake Authentication Protocol (CHAP) Answer: B "Pass Any Exam. Results in Blue Screen of Death errors. Security+ Study Guide . F. 2nd Edition. Certificates Answer: C QUESTION NO: 102 Which of the following authentication methods is based upon an authentication server that distributes tickets to clients? A. Results in malicious code being delivered by file transfer. Results in slow Internet connections. C. B. Answer: A Explanation: IM clients can also be compromised by malicious code. Username/password D.CompTIA SY0-101: Practice Exam Choose the option that correctly details the greatest vulnerability of using Instant Messaging clients. A." .actualtests. D. Reference: Mike Pastore and Emmett Dulaney . and traditional DoS attacks. Any Time. Alameda . Results in loss of email privileges. Results in theft of root user credentials. p 197 QUESTION NO: 101 Which of the following authentication systems make use of the KDC Key Distribution Center? A. Multifactor B. Kerberos C. Security Tokens B. CHAP C.www.com Ac tua lTe sts . Kerberos D. Trojan Horse programs. 2004.

multiple access methods management systems D. Common Gateway Interface (CGI) script D. they can reset it on their own (usually by answering a secret question on a web prompt. then receiving a new temporary password on a pre-specified email address) without having to call the help desk. this will significantly reduce the help desk call volume. 2 D.com Ac Explanation: A self service password reset is a system where if an individual user forgets their password. Any Time. 8 Answer: B QUESTION NO: 104 Answer: A QUESTION NO: 105 Poor programming techniques and lack of code review can lead to which of the following types of attack? A.www." . Dictionary C.actualtests. For a system with many users.CompTIA SY0-101: Practice Exam QUESTION NO: 103 Which of the following is the number of security associations in an IPSec encrypted session for each direction? A.co Which password management system best provides for a system with a large number of users? m 37 . Buffer overflow B. one C. 4 B. Birthday Answer: A "Pass Any Exam. synchronized passwords management systems . Locally saved passwords management systems C. Self service password reset management systems B. tua lTe sts A.

CompTIA SY0-101: Practice Exam Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. This exploitation is usually a result of a programming error in the development of the software. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 135

QUESTION NO: 106 Most current encryption schemes are based on: A. algorithms B. time stamps C. digital rights management D. randomizing Answer: A

QUESTION NO: 107

A. At the stage when the connection is established. B. At the stage when the connection is established and at whichever time after the connection has been established. C. At the stage when the connection is established and when the connection is disconnected. D. At the stage when the connection is disconnected. Answer: B Explanation: CHAP performs the handshake process when first establishing a connection; and then at random intervals during the transaction session.

QUESTION NO: 108

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer.

lTe

sts

.co

m

38

CompTIA SY0-101: Practice Exam One type of port scan can determine which ports are in a listening state on the network, and can then perform a two way handshake. Which type of port scan can perform this set of actions? A. A TCP (transmission Control Protocol) fin scan B. A TCP (transmission Control Protocol) connect scan C. A TCP (transmission Control Protocol) null scan D. A TCP (transmission Control Protocol) SYN (Synchronize) scan Answer: D Explanation: In SYN scanning, a TCP SYN packet is sent to the port(s) to be scanned. If the port responds with a TCP SYN ACK packet, then the port is listening. If it replies with a TCP RST packet, then it is not.

QUESTION NO: 109

Which of the following would be the MOST important reason to apply updates? A. Software is a productivity facilitator and as new functionality is available the functionality must be enabled. B. Software is inherently insecure and as new vulnerabilities are found the vulnerabilities must be fixed. C. Software is a supported product and vendors won't support the product if the latest version is not installed. D. Software is a licensed product and the license will expire if not updated Answer: B

QUESTION NO: 110

A security specialist for a large distributed network with numerous divisions is selecting an access control model. Employees in the human resource division need access to personnel information but not production data and operations employees need access to production data only. Which of the following access control models would be MOST appropriate? A. Role Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Rule Based Access Control (RBAC) D. Discretionary Access Control (DAC)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

39

CompTIA SY0-101: Practice Exam Answer: A Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

QUESTION NO: 111 You work as the security administrator at Certpaper.com. One morning you discover that a user named Mia Hamm has used her user account to log on to a network server. Mia has then executed a program and been able to perform operations which only a network administrator or security administrator should be able to. What type of attack has occurred? A. Trojan horse. B. Security policy removal. C. Privilege escalation attack. D. Subseven back door. Answer: C

QUESTION NO: 112 A company has instituted a VPN to allow remote users to connect to the office. As time progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? A. IKE B. AES

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 522

tua

Explanation: A user obtaining access to a resource they would not normally be able to access. This is done inadvertently by running a program with SUID (Set User ID) or SGID (Set Group ID) permissions or by temporarily becoming another user.

lTe

sts

.co

m

40

SHA D. Vulnerability exploits. Digital signatures B.com Ac Answer: A tua A. L2F lTe L2TP tunneling replies on which of the following for security? sts . QUESTION NO: 114 QUESTION NO: 115 Non-repudiation is enforced by which of the following? A. Secret keys D.www. DoS (Denial of Service) attack. Cipher block chaining C. Port scan attack D.CompTIA SY0-101: Practice Exam C. Any Time. PKI Answer: A "Pass Any Exam.co Explanation: Spoofed e-mails will not be detected by the IDS. Spoofed e-mail B. A. 3DES Answer: A QUESTION NO: 113 From the options. m Answer: A 41 . C." . IPSec B.actualtests. SSH C. SSL D. choose the attack which an IDS (Intrusion Detection System) cannot detect.

Hot site Answer: D QUESTION NO: 117 When reviewing audit trails.com Ac tua QUESTION NO: 118 lTe Answer: A sts A. Any Time. Mandatory Access Control (MAC) B. Unique user IDs cannot be modified easily. Kerberos C. Reciprocal agreement C. Answer: C Explanation: With a unique user ID you'll have soft evidence on the timing and the action any accessed user accomplishes. they think twice about doing something they shouldn't do. what makes unique user IDs especially important? A.co m A security system that uses labels to identify objects and requires formal authorization to use is BEST described as: 42 . Role-Based Access Control (RBAC) D.CompTIA SY0-101: Practice Exam QUESTION NO: 116 Which of the following would be the MOST effective backup site for disaster recovery? A. Unique user IDs establishes individual accountability. Cold site B. Discretionary Access Control (DAC) . B. Warm site D. D.actualtests. Unique user IDs triggers corrective controls.www. C. QUESTION NO: 119 "Pass Any Exam." . Unique user IDs show which files and data were changed. When a user known that they are being tracked.

D.CompTIA SY0-101: Practice Exam Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another.com Ac tua lTe Explanation: The Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. Which is it? A. The model with no single trusted root is known as: A. downlevel C. peer-to-peer D. Multiple applications can be installed. 2004. hierarchical B. You can configure system wide permissions. Multiple directories can be browsed. p 365 QUESTION NO: 121 From the options. hybrid Answer: C QUESTION NO: 120 One of these protocols is used to encrypt traffic passed between a web browser and web server. Any Time. which details a specific advantage of implementing a single sign-on technology? A. Users must log on twice at all times. Sybex ." . Security+ Study Guide .actualtests.co m 43 . sts .www. Alameda . VPN (Virtual Private Network) C. SSL (Secure Sockets Layer) D. B. IPSec (Internet Protocol Security) B. HTTP (Hypertext Transfer Protocol) Answer: C Reference: Mike Pastore and Emmett Dulaney . Answer: C Explanation: "Pass Any Exam. 2nd Edition. C.

worm Answer: C QUESTION NO: 124 A security specialist is reviewing writable FTP directories and observes several files that violate the company's security policy. the specialist should: A. Any Time. review logs for other compromises and notify the human resources department.CompTIA SY0-101: Practice Exam The purpose is so a user can gain access to all of the applications and systems they need when they log on with a single sign-on. an encrypted tunnel C. C. review logs for other compromises. 2004. a trust relationship D. a certificate Answer: D QUESTION NO: 123 Which of the following will allow you to monitor a user??s online activities? A. review logs for other compromises and report the situation to authorities. Sybex . delete the files that violate security policy and report the situation to authorities. contain the affected system. reboot the affected server. review logs for other compromises and report the situation. Logic bomb B." .actualtests. Security+ Study Guide . "Pass Any Exam. 2nd Edition. a trusted packet B. Reference: Mike Pastore and Emmett Dulaney . Alameda . virus C. B. Spy ware D.com Ac tua lTe sts . In addition to checking the FTP server.co m 44 . p 434 QUESTION NO: 122 A credential that has been digitally signed by a trusted authority is known as: A. D.www.

Open TCP (Transmission Control Protocol) port 110 to inbound and outbound connections. B. CGI (Common Gateway Interface) scripts B.www. This situation can cause an application to terminate. The Certpaper . Dictionary attacks lTe From the listing of attack types. Open UDP (User Datagram Protocol) port 110 to inbound connections. Open UDP (User Datagram Protocol) port 25 to inbound connections. Open TCP (Transmission Control Protocol) port 25 to inbound and outbound connections. Answer: C Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. 2004. C. Buffer overflow attacks D.com. Birthday attacks C. Alameda .com network must be configured to support e-mail communication using SMTP (Simple Mail Transfer Protocol)." . 2nd Edition. Security+ Study Guide . D. Reference: Mike Pastore and Emmett Dulaney . p 135 "Pass Any Exam. which exploits poor programming techniques or lack of code review? sts QUESTION NO: 126 . The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Any Time.co m 45 .com Ac tua A. This exploitation is usually a result of a programming error in the development of the software.actualtests. Answer: C Explanation: TCP port 25 is reserved for SMTP while port 110 is for POP3.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 125 You work as a security administrator at Certpaper . Which ports must you open on the firewall to support SMTP connections? A. Sybex .

All security administrators.CompTIA SY0-101: Practice Exam QUESTION NO: 127 Which of the following are types of certificate-based authentication? (Select TWO) A. All auditors. Many-to-one mapping Answer: B. C. I would say D would be the best choice.D QUESTION NO: 128 Which of the following types of attacks consists of a computer sending PING packets with the destination address set to the network's broadcast address and the source address set to the target computer's IP address? A. B. All users. the users and staff need to know the policy." .co m 46 . Smurf D.www. Considering the question refers to a user security policy.com Ac tua QUESTION NO: 129 lTe sts .actualtests. This is a tricky question with many close answers. Many-to-many mapping B. Any Time. Fraggle Answer: C You plan to update the user security policy. One-to-many mapping D. Whom should the new updated user security policy be distributed and made available to? A. D. One-to-one mapping C. "Pass Any Exam. XMAS Tree C. All staff. Replay B. Answer: B Explanation: There are many policies for companies these days. but make your best decision.

or underneath a highway. Answer: D Explanation: Civil engineers build tunnels to allow one direction of traffic flow to be protected against another traffic flow.com 47 Ac tua lTe A. Open relays D. B. Enable auditing.actualtests.CompTIA SY0-101: Practice Exam QUESTION NO: 130 Which of the following best describes what tunneling is? A. Tunneling is the process of moving through three levels of firewalls.co m . Enable auditing and set auditing to record all events. D. C. Tunneling is the process of creating a tunnel capable of capturing data. B. set auditing on the object and respond as alerts are generated. Web proxy B. Network engineers use tunneling to protect a data flow from the elements of the internet. Man in the middle attacks C. Enable auditing. Answer: D QUESTION NO: 133 Which of the following are components of host hardening? (Select TWO). QUESTION NO: 131 Answer: C QUESTION NO: 132 Which of the following BEST describes the sequence of steps in the auditing process? A. "Pass Any Exam. Set auditing on the object and respond as alerts are generated. Trojan horse programs sts Which of the following would be the MOST common method for attackers to spoof email? . They tunnel by placing secure encrypted IP packets into a non-secure IP packet. Tunneling is the process of passing information over the Internet within the shortest time frame. Tunneling is the process of utilizing the Internet as part of a private secure network. Any Time.www. They will build a tunnel under a river. C. D. set auditing on objects and review event logs." .

2nd Edition. Mutual D. B. IPSec (Internet Protocol Security). Applying patches C. Disabling unnecessary services. E. AH (Authentication Header). Answer: B. IPSec can work in tunneling mode or transport mode. Sybex . Biometric C. Removing a user's access to the user's data. Alameda . SSH (Secure Shell).www. choose the VPN (Virtual Private Network) tunneling protocol. 2004. the data or payload and message headers are encrypted. D. Security+ Study Guide . sts .C QUESTION NO: 134 From the options. p 127 lTe Explanation: IPSec provides secure authentication and encryption of data and headers. Multifactor Answer: D "Pass Any Exam.CompTIA SY0-101: Practice Exam A. Configuring the Start menu and Desktop B. In tunneling mode. Adding users to the administrator group.actualtests. Transport modes encrypt only the payload. Answer: C QUESTION NO: 135 Which of the following types of authentication models uses a smart card and a User ID/Password for accessing network resources? A. Tokens B." .com Ac tua Reference: Mike Pastore and Emmett Dulaney . DES (Data Encryption Standard). A. C.co m 48 . Any Time. D.

Access control lists D. Ownership tua In a mandatory access control (MAC) environment. Keyword based C.www. Nmap D. Cain & Abel Answer: C QUESTION NO: 138 Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. which of the following would lower the level of security of a network? "Pass Any Exam. All objects are given security labels known as sensitivity labels and are classified accordingly. Signature based D. Group membership C. QUESTION NO: 139 When setting password rules.com 49 Ac A. Any Time." .actualtests.co m . John the Ripper B. Anomaly based Answer: C QUESTION NO: 137 Which of the following is a port scanning utility? A. Sensitivity labels B. Detection based B.CompTIA SY0-101: Practice Exam QUESTION NO: 136 Which of the following types of IDS uses known patterns to detect malicious activity? A. L0phtcrack C. which of the following are access decisions based on? lTe sts . Then all users are given specific security clearances as to what they are allowed to access.

Destruction B. After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account. Degaussing D. B. which of the following inventory system permissions might be BEST aligned with the least privilege principle for the managers? sts . Sanitization Answer: D "Pass Any Exam.com Ac Answer: A tua A. Update rights B. Passwords must be greater than six characters and contain at least one non-alpha. there's a certain chance that they will forget the password or compromise security by writing down their password on a Post It note on their keyboard. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before.actualtests. Complex passwords that users can not remotely change are randomly generated by the administrator and given to users Answer: D Explanation: If a user gets a difficult password that they can't remember. Under this scenario. D. the risk of social engineering increases.CompTIA SY0-101: Practice Exam A. QUESTION NO: 140 QUESTION NO: 141 What is the BEST process of removing PII data from a disk drive before reuse? A. and with regular disgruntled users getting emotional over passwords. two managers and six cashiers.co m 50 . Since the user won' be able to reset the password themselves they'll have to make regular trips to help desk for a new password. C. Any Time. Read rights D." . Write rights C. Full access lTe A clothing store with a single location has one owner. Reformatting C.www.

49 F. 3389 C. 23 D.com Ac Answer: C tua A. 143 B. Any Time. 110 E. QUESTION NO: 144 Which of the following ports are typically used by email clients? (Select TWO) A. B. if someone were to intercept a password it would probably already be expired. D. 194 "Pass Any Exam. Authentication B. Integrity D. Implement PPTP (Point-to-Point Tunneling Protocol).actualtests.www.co m 51 . Implement complex password requirements.CompTIA SY0-101: Practice Exam QUESTION NO: 142 Which of the following is a solution that you can implement to protect against an intercepted password? A. Confidentiality C. Implement a VPN (Virtual Private Network). So by chance." . C. Answer: C Explanation: A one time password is simply a password that has to be changed every time you log on. effectively making any intercepted password good for only the brief interval of time before the legitimate user happens to login themselves. Non-repudiation lTe Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with? sts QUESTION NO: 143 . Implement aone time password. or be on the verge of expiration within a matter of hours.

User IDs and passwords Answer: B QUESTION NO: 147 Which of the following activities is MOST closely associated with DLL injection? A.CompTIA SY0-101: Practice Exam Answer: A.D QUESTION NO: 145 A URL for an Internet site begins with 'https:' rather than 'http:'' which is an indication that this web site uses: A. the hacker can look up known vulnerabilities and exploits for that particular system. The physical cabling topology of a network B. PKI Answer: A QUESTION NO: 146 Malicious port scanning is a method of attack to determine which of the following? A. Any Time. SQL servers B. Network mapping Answer: C "Pass Any Exam.www. tua lTe sts .com Ac Explanation: Malicious port scanning is an attempt to find an unused port that the system won't acknowledge. Kerberos D. With knowledge of the operating system. PGP C.actualtests.co m 52 . Penetration testing D. SSL B. The fingerprint of the operating system C. Several programs now can use port scanning for advanced host detection and operating system fingerprinting. Vulnerability assessment C. Computer name D." .

active content (e.CompTIA SY0-101: Practice Exam QUESTION NO: 148 Which of the following portions of a company's network is between the Internet and an internal network? A. a CRL "Pass Any Exam. IDS C.www. NIPS D. Filter router B. illicit servers D. buffer overflows ." .co The MOST common exploits of Internet-exposed network services are due to: m 53 . Bastion host D. Any Time. Privilege escalation Answer: D QUESTION NO: 151 If a user reports that the user's public/private key has been compromised.g.com Ac tua lTe sts A. Demilitarized zone (DMZ) Answer: D QUESTION NO: 149 Answer: D QUESTION NO: 150 Which of the following could result in a DDoS? A. Java Applets) B. Trojan horse programs C. TCP/IP Hijacking B. Buffer Overflow C. the CA should issue: A.actualtests.

creating a security policy C. vulnerability testing.com Ac tua lTe sts . a CPS D. PCMCIA card C.co m 54 .CompTIA SY0-101: Practice Exam B. A.B QUESTION NO: 154 A user is assigned access rights explicitly. an LDAP C. a PKCS Answer: A QUESTION NO: 152 The FIRST step in creating a security baseline would be: A. D. PCI card D. Rule Based Access Control (RBAC) C. Role Based Access Control (RBAC) Answer: A "Pass Any Exam. installing software patches B. Smart card B. identifying the use case Answer: B QUESTION NO: 153 Which of the following would be an example of a hardware device where keys can be stored? (Select TWO). Discretionary Access Control (DAC) B. Any Time.www. Mandatory Access Control (MAC) D. This is a feature of which of the following access control models? A.actualtests." . Network interface card (NIC) Answer: A.

Vulnerability scanner D. Logon script Answer: A QUESTION NO: 156 You work as the security administrator at Certpaper .com Ac tua lTe sts . You want to ensure the availability of server based resources over guaranteed server performance levels." . labour actions.co m 55 . To allow or deny specific actions to users or groups C. and usually offer concessions for times of reduced availability. Any Time.www. hacker attacks. Network D. To allow or deny network traffic from server based systems "Pass Any Exam. Baseline security analyzer C. these agreements have exceptions which include: scheduled network maintenance. force majeure. QUESTION NO: 157 Privileges are used for which of the following purposes? A. insurrections. Application C. Security Answer: A Explanation: In the hosting business. sabotage. To allow or deny signature updates to group applications B. You are defining a SLA (Service Level Agreement). hardware maintenance. every company aims for 100% availability in their service level agreements. Hosting B.000 computers? A.actualtests.com.CompTIA SY0-101: Practice Exam QUESTION NO: 155 Which of the following would be BEST for deploying third-party application security updates on a network with 1. virus attacks. software maintenance. Enterprise System Management (ESM) B. and past due accounts on your part. What must you include in the SLA to achieve this objective? A. war. Sadly. To allow or deny network traffic from host based systems D.

www. Implement two-factor authentication Answer: B QUESTION NO: 161 Which of the following is a critical element in private key technology? "Pass Any Exam.com Ac QUESTION NO: 160 tua lTe sts . Web D. TEMPEST C.actualtests. Email Answer: B QUESTION NO: 159 An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following? A. DNS B. Faraday cage B.co m 56 . Any Time. Implement session lock mechanism." . Implement previous logon notification. FTP C. Grounded wiring frame Answer: A Which of the following methods will help to identify when unauthorized access has occurred? A. Mantrap D. D.CompTIA SY0-101: Practice Exam Answer: B QUESTION NO: 158 Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data? A. C. Implement session termination mechanism B.

DNS log B." . Digital signatures Answer: B Answer: D Explanation: Anonymous FTP is based on good faith. B. D. The storage and distribution of unlicensed software. Any Time.co m 57 . Application log "Pass Any Exam. Answer: A QUESTION NO: 162 The Diffie-Hellman encryption algorithm relies on which of the following? A. You want to enable anonymous FTP (File Transfer Protocol) read/write access. Using the key to decrypt messages. Choose the important factor which you should consider and be aware of. Less server connections and network bandwidth utilization. which of the following event logs would contain failed logons? A. tua lTe You work as the security administrator at Certpaper .actualtests. then answer C would seem to be the best answer. QUESTION NO: 164 On a Windows host. C.com. Tunneling B. Getting the proper key the first time. Keeping the key secret B. But if it used to take advantage of the non-secure logon.com Ac A. D. Distributing the key to everyone.www. Passwords D. sts QUESTION NO: 163 . C. The detailed logging information for each user. Key exchange C.CompTIA SY0-101: Practice Exam A. The upload and download directory for each user.

B. Process lists. Boot sectors. Security log D. Minimum password age Answer: B. A. F.co m . System log Answer: C QUESTION NO: 165 Choose the items that an intruder would ignore when going through disposed garbage.CompTIA SY0-101: Practice Exam C. IP (Internet Protocol) address lists. A. Maximum password age E. Choose all options that apply. a Post It note. lays dormant until a user opens the certain program then deletes the contents of attached network drives and removable storage devices is known as a: "Pass Any Exam. Password history C.actualtests.E QUESTION NO: 167 Malicious code that enters a target system.F Which of the following settings works BEST to avoid password reuse? (Select TWO). Account lockout D.www.E. Old passwords. Network diagrams. C.com 58 Ac tua QUESTION NO: 166 lTe Explanation: When people create complex passwords that they can't remember. D. sts . Any Time. or on their desk ledger." . E. Answer: C. usually on a notepad. Password complexity controls B. Virtual memory. or are in a situation where they need multiple passwords they have a tendency of writing their passwords down.

com.actualtests. logic bomb D. Mandatory Access Control (MAC) D.co m 59 . Trojan horse B. Open ports 137 and 139 "Pass Any Exam. Open ports 389 and 636 C. Any Time.www.com network must be configured to allow LDAP (Lightweight Directory Access Protocol) traffic.com Ac tua A. Discretionary Access Control (DAC) B. a man-in-the-middle attack C. worm Answer: C QUESTION NO: 168 A Windows file server is an example of which of the following types of models? A. Rule Based Access Control (RBAC) C. Which ports must you open on the firewall to allow LDAP traffic? A. social engineering D. a Trojan horse B.CompTIA SY0-101: Practice Exam A. The Certpaper . Open ports 636 and 137 D. Open ports 389 and 139 B." . a phishing attack lTe Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as: sts QUESTION NO: 169 . honeypot C. Role Based Access Control (RBAC) Answer: A Answer: C QUESTION NO: 170 You work as the security administrator at Certpaper .

cs. Reference: http://www.www.com Ac tua lTe Explanation: The 802.11 standard.co Answer: C m 60 .html QUESTION NO: 172 To keep an 802. Any Time. B. Choose the entity or entities that can authenticate to an access point.com users that have the correct WEP (Wired Equivalent Privacy) key. A. a user should: "Pass Any Exam. this function is not an explicit goal in the 802.actualtests. The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping.CompTIA SY0-101: Practice Exam Answer: B Explanation: The 'well known' LDAP ports are 389 for LDAP and 636 for LDAP SSL. and an integrity check is used to ensure that packets are not modified in transit. no commercial system we are aware of has mechanisms to support such techniques. a base station).11 standard describes the communication that occurs in wireless local area networks (LANs).11x network from being automatically discovered." . AllCertpaper . QUESTION NO: 171 The Certpaper . C.edu/isaac/wep-faq. D. Anyone WEP relies on a secret key that is shared between a mobile station ( eg . but it is frequently considered to be a feature of WEP. sts . a laptop with a wireless Ethernet card) and an access point ( ie . The standard does not discuss how the shared key is established. The secret key is used to encrypt packets before they are transmitted. however.isaac. In practice.berkeley. Administrators only. A secondary function of WEP is to prevent unauthorized access to a wireless network. most installations use a single key that is shared between all mobile stations and access points.com wireless network environment uses WEP (Wired Equivalent Privacy) to provide wireless security.com users. More sophisticated key management techniques can be used to help defend from the attacks we describe. OnlyCertpaper .

The server is not able to verify the identity of the user. Identification "Pass Any Exam.actualtests. Port scanner D.CompTIA SY0-101: Practice Exam A.www. turn off the SSID broadcast. the URL that appears in the browser does not match the link. Authentication C. change the SSID name. Protocol analyzer Answer: D QUESTION NO: 175 A user logs in with a domain account and is denied access to a specific file which the user should have access to.co m ." . Answer: D QUESTION NO: 173 A user receives an email asking the user to reset the online banking username and password. The email contains a link and when the user accesses the link. Which of the following is the problem? A. D. This would be an example of: A. Allocation B. phishing D.com 61 Ac tua lTe sts . activate the SSID password B. hijacking C. Any Time. leave the SSID default. Vulnerability scanner C. spoofing Answer: C QUESTION NO: 174 Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text? A. C. redirecting B. Password cracker B.

WTLS is the method security for WAP (Wireless Application Protocol) and it provides transport layer security directly between a wireless device and the WAP gateway. Any Time. access control Answer: D QUESTION NO: 178 SSL (Secure Socket Layer) establishes a stateful connection negotiated by a process performed between client and server.com 62 Ac tua lTe sts Explanation: Since most wireless devices are low in: memory. WAP (Wireless Application Protocol) gateway B. 3. Which is it? Choose all that apply. This is an example of: A. C. concurrent session control B. Client and server authentication.CompTIA SY0-101: Practice Exam D. E. and bandwidth capability creating a security mechanism is a difficult task. Web server. processing power. Wireless client." . separation of duties C.actualtests. A.E QUESTION NO: 177 A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties. D. Wireless network interface card. 2. . Identify the protocol (steps) that allow for the following: 1.www. "Pass Any Exam. Authorization Answer: B QUESTION NO: 176 WTLS (Wireless Transport Layer Security) provides security services between network devices or mechanisms.co m . Mobile device. MAC (Mandatory Access Control) and encryption algorithm negotiation. least privilege D. Selection of cryptographic keys. Answer: A.

2nd Edition. SSL (Secure Sockets Layer) record protocol.co m . This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. SSL (Secure Sockets Layer) alert protocol. CGI. SSL (Secure Sockets Layer) change cipher spec protocol. Sybex . Alameda . Buffer Overflows. 2004. Security+ Study Guide . C." . D.www. Access control lists B. Cookies. Constrained user interfaces "Pass Any Exam.CompTIA SY0-101: Practice Exam A. SSL (Secure Sockets Layer) handshake protocol. Answer: C Reference: Mike Pastore and Emmett Dulaney . C.com 63 Ac Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. Answer: C Explanation: SSL Handshake Protocol * runs before any application data is transmitted * provides mutual authentication * establishes secret encryption keys * establishes secret MAC keys QUESTION NO: 179 Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept? A. B. D. p 135 QUESTION NO: 180 Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications? A. tua lTe sts . SMTP Relay B.actualtests. Any Time.

Worms self replicate while Trojan horses do not. Which of the following could BEST be used to confirm the administrator's suspicions? A. B. A third party mail relay limits access to specific users. Encryption protocol Answer: C QUESTION NO: 181 An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. A third party mail relay restricts the types of e-mail that maybe sent. Proxy logs B.actualtests. Any Time. and it makes it much more difficult to trace the spammer. Spammers can utilize the third party mail relay. Firewall logs Answer: D Choose the primary disadvantage of using a third party mail relay. C.CompTIA SY0-101: Practice Exam C.com Ac tua lTe sts QUESTION NO: 182 . A. D.www. HIDS logs D. Anyone on the internet can relay an unsolicited email through an SMTP server." . AV server logs C. Worms are a form of malicious code while Trojan horses are not. and the message will appear to be legitimate coming from the email server. Single sign-on D. QUESTION NO: 183 Choose the statement that best details the difference between a worm and a Trojan horse? A. Answer: C Explanation: Using a third party email relay can put you in an advantage of getting unnecessary spam. "Pass Any Exam.co m 64 . A third party mail relay restricts spammers from gaining access. B.

They do not reproduce or self replicate. In essence. Alameda . are self-contained and do not need a host application to be transported.com 65 Ac Answer: B tua A. Worms are distributed through e-mail messages while Trojan horses do not. Reference: Mike Pastore and Emmett Dulaney . 85 QUESTION NO: 184 Explanation: Short for Wireless Transport Layer Security. You want to implement a solution which will provide the following for handled devices in your wireless network: 1. It is used to encrypt and decrypt data signals transmitted between Wireless LAN devices. pp 83. data integrity and authentication for WAP services.com. WEP makes a wireless LAN link as secure as a wired link. WSET (Wireless Secure Electronic Transaction) D. WEP (Wired Equivalent Privacy) lTe You work as the security administrator at Certpaper . QUESTION NO: 185 One type of network attack sends two different messages that use the same hash function to generate the same message digest.www. Sybex .co m . Authentication Which solution should you implement? sts . WAP (Wireless Application Protocol) B. D. providing privacy. Worms reproduce themselves.CompTIA SY0-101: Practice Exam C. Data integrity 3. Any Time. Security+ Study Guide . WTLS (Wireless Transport Layer Security) C." . The Trojan horse program may be installed as part of an installation process. Data privacy 2. There is no difference between a worm and a Trojan horse. Answer: A Explanation: A worm is different from a virus. 2nd Edition. 2004. Not A: WEP is one of the most popular features available for a Wireless LAN. Which network attack does this? "Pass Any Exam. WTLS is the security layer of the WAP.actualtests.

Can result in an e-mail server crashing. D. Can result in the unauthorized disclosure of private information. A. Ciphertext only attack. Patches have since been released. Brute force attack.actualtests. which will enable attackers to access the internal network. Choose the option that correctly details this. Answer: A Explanation: A birthday attack is based on the principle that amongst 23 people.com 66 Ac tua lTe sts A. QUESTION NO: 186 Answer: B QUESTION NO: 187 A malformed MIME (Multipurpose Internet Mail Extensions) header can have a negative impact on the system. By that rational if an attacker examines the hashes of an entire organizations passwords. B. B.5 had a vulnerability that made it suspect to crashes following a malformed MIME header.co m Which of the following provides the MOST secure form of encryption? . Can create a virus that infects the computers of users. Diffie-Hellman D. C. DES . Birthday attack. QUESTION NO: 188 "Pass Any Exam. AES C.CompTIA SY0-101: Practice Exam A. they'll come up with some common denominators. Man in the middle attack.www. Any Time. Answer: C Explanation: Microsoft Exchange Server 5.0 & 5. the probability of 2 of them having the same birthday is greater the 50%. D. 3DES B." . Can lead to the creation of a back door. C.

user awareness. and a common operating system are ludicrous answers because they defy the reason why SSL exists.www. C. asset identification Answer: B "Pass Any Exam. B. Network firewall C. Personal firewall B. D. the web client and server should have a trusted certificate to confirm authenticity.com Ac tua A. Router with firewall rule set lTe sts A remote user has a laptop computer and wants to connect to a wireless network in a hotel. Which of the following should be implemented to protect the laptop computer when connecting to the hotel network? . change control management C." . QUESTION NO: 189 Answer: A QUESTION NO: 190 The process of documenting who applied a patch to a specific firewall at a specific time and what the patch is supposed to accomplish is known as: A. Answer: B Explanation: For an SSL connection to compete. Address on the same subnet. Any Time. logs and inventories B. address on the same subnet. A shared password. Shared password. D. Common operating system.actualtests. Certificate signed by a trusted root CA (Certificate Authority). a specific element has to exist.co m 67 . Privacy screen D.CompTIA SY0-101: Practice Exam For a SSL (Secure Sockets Layer) connection to be automatically established between a web client and server. Which is it? A.

False alarm Answer: A Explanation: False intrusion is a false alarm. False positive C. "Pass Any Exam." . access control and trusts.CompTIA SY0-101: Practice Exam QUESTION NO: 191 Choose the terminology used to refer to the situation when authorized access is perceived as an intrusion or network attack. Authorization B. Any Time. Accessibility C. Answer: D QUESTION NO: 194 Choose the mechanism that is NOT a valid access control mechanism. QUESTION NO: 192 Answer: D QUESTION NO: 193 A digital signature is used for: A. A. False negative D. Non-repudiation sts Audit logs must contain which of the following characteristics? . False intrusion B.co m . C. confidentiality and encryption. Not B: A false positive is when legitimate traffic is picked up as an intruder.com 68 Ac tua lTe A. B. integrity and non-repudiation.www. Confidentiality D. storage and recovery.actualtests. when there is no need of any alarm. D.

Profiles B. D. Any Time.CompTIA SY0-101: Practice Exam A. Sybex . SYN flood Answer: B "Pass Any Exam. RBAC (Role Based Access Control) list. QUESTION NO: 195 Choose the access control method which provides the most granular access to protected objects? A. or grant certain network capabilities to them. Security+ Study Guide .actualtests. Answer: A Explanation: There is no such thing as a SAC (Subjective Access Control) list. sts . The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats. Permission bits Answer: C QUESTION NO: 196 Which of the following types of attacks is targeting a web server if thousands of computers are simultaneously sending hundreds of FIN packets with spoofed source IP addresses? A. Alameda .www. p 235 tua lTe Explanation: Access control lists enable devices in your network to ignore requests from specified users or systems." . C. B. Capabilities C. MAC (Mandatory Access Control) list. 2004. 2nd Edition.co m 69 . Brute force D. ACLs allow a stronger set of access controls to be established in your network. DAC (Discretionary Access Control) list.com Ac Reference: Mike Pastore and Emmett Dulaney . Access control lists D. SAC (Subjective Access Control) list. XMAS tree scan B. DDoS C.

CompTIA SY0-101: Practice Exam

QUESTION NO: 197 Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network? A. The attacking computer's audit logs B. The firewall's logs C. The domain controller's logs. D. The target computer's audit logs. Answer: D

QUESTION NO: 198

Answer: A

QUESTION NO: 199

Which of the following is used by anti-virus software to detect viruses that have not been previously identified? A. Zero-day algorithm B. Quarantining C. Random scanning D. Heuristic analysis Answer: D

QUESTION NO: 200 From the options, which explains the general standpoint behind a DMZ (Demilitarized Zone)?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Buffer overflow B. Brute force C. Denial of service (DoS) D. Syntax error

sts

.co

Which of the following describes a server or application that is accepting more input than the server or application is expecting?

m

70

CompTIA SY0-101: Practice Exam A. All systems on the DMZ can be compromised because the DMZ can be accessed from the Internet. B. Only those systems on the DMZ that can be accessed from the Internet can be compromised. C. No systems on the DMZ can be compromised because the DMZ is completely secure and cannot be accessed from the Internet. D. No systems on the DMZ can be compromised because the DMZ cannot be accessed from the Internet. Answer: A

QUESTION NO: 201 Which of the following describes an attacker encouraging a person to perform an action in order to be successful? A. Social engineering B. Password guessing C. Back door D. Man-in-the-middle Answer: A

QUESTION NO: 202

A. Provide the FTP server's address to only those users that must access it. B. Allow blind authentication. C. Do not allow anonymous authentication. D. Redirect FTP to a different port. Answer: C Explanation: Early FTP servers did not offer security. Security was based on the honor system. Most logons to an FTP site used the anonymous logon. By convention, the logon ID was the user's email address, and the password was anonymous. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 137 "Pass Any Exam. Any Time." - www.actualtests.com 71

Ac

tua

You work as the security administrator at Certpaper .com. You must secure the FTP (File Transfer Protocol) server by allowing only authorized users access to it. How will you accomplish this task?

lTe

sts

.co

m

CompTIA SY0-101: Practice Exam

QUESTION NO: 203 Choose the protocol used by a web server to encrypt data. A. ActiveX B. TCP/IP (Transmission Control Protocol/Internet Protocol) C. SSL (Secure Sockets Layer) D. IPSec (Internet Protocol Security) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.

QUESTION NO: 204

A. Role Based Access Control (RBAC) B. Discretionary Access Control (DAC) C. Rule Based Access Control (RBAC) D. Mandatory Access Control (MAC) Answer: D

QUESTION NO: 205 One of the following options details the main advantage of why you should choose to use SSL (Secure Sockets Layer) over using HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer). Which is it? "Pass Any Exam. Any Time." - www.actualtests.com 72

Ac

Which of the following access control models uses subject and object labels?

tua

lTe

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 365

sts

.co

m

QUESTION NO: 206 Answer: C QUESTION NO: 207 A technician wants to be able to add new users to a few key groups by default. Auto-population Answer: A QUESTION NO: 208 All of the following types of attacks can be detected by an IDS EXCEPT: A. B. for instance FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol). SSL provides full application security for HTTP whereas HTTPS does not. spoofed e-mail "Pass Any Exam. SSL and HTTPS are transparent to the application. which of the following will allow this? A. SSL supports additional Application layer protocols. C.com Ac tua lTe sts A. 3389 D.co m Which ports need to be open to allow a user to login remotely onto a workstation? 73 . D." . Answer: A Explanation: SSL on its own works at the session layer (layer 5) so it has more versatility in protocols that it supports. Any Time. 53 B. Template C. SSL supports user authentication whereas HTTPS does not. 636 . 8080 C.CompTIA SY0-101: Practice Exam A. Denial of Service (DoS) B. whereas HTTPS does not.actualtests. Default pairing D. Inheritance B.www.

sts Answer: A.com 74 Ac tua QUESTION NO: 210 lTe Explanation: Answer : B is correct to stop anyone from corrupting the evidence.www. Prevent members of the organization from entering the server room. C. Prevent members of the incident response team from entering the server room. Detach the network cable from the server to prevent the hacker from accessing more data. A port scanner.com. Answer: D Explanation: Ping confirms a connection by sending and receiving ICMP packets. QUESTION NO: 209 You work as the security administrator at Certpaper . D. C.D . B.B. A map scanner. port scan D. A share scanner. Which of the following actions should you perform? Choose all correct answers. A. B. Answer: B Explanation: Spoofed e-mails will not be detected by the IDS. Any Time.co m . D. Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol). A.actualtests. You have become aware of a hacker accessing confidential company data from over the network. A ping scanner. which of the following should be done by the email administrator? "Pass Any Exam. Shut down the server to prevent the hacker from accessing more data.CompTIA SY0-101: Practice Exam C. QUESTION NO: 211 To aid in preventing the execution of malicious code in email clients." .C. exploits of bugs or hidden features.

How will you accomplish the task? A. Email client features should be disabled B. Preview screens should be disabled Answer: C QUESTION NO: 212 Which of the following would allow a technician to compile a visual view of an infrastructure? A.CompTIA SY0-101: Practice Exam A. Destroy all paper and other media that are no longer required. Remove the contents of the trash can on a regular basis.www. 443 D. 23 C. 139 Answer: A QUESTION NO: 214 You work as the security administrator at Certpaper .com. Install expensive surveillance equipment. 88 B. Networkmapper D. Answer: A "Pass Any Exam.com Ac tua lTe sts QUESTION NO: 213 . Port scanner C. B. Security log Answer: C Kerberos uses which of the following ports by default? A. Employ additional security staff D. Protocol analyzer B.actualtests. C. Regular updates should be performed C.co m 75 . Any Time. You want to reduce the current vulnerability from dumpster diving. Spam and anti-virus filters should be used D." .

the user community informed of threats B. PPTP B. p 51 QUESTION NO: 215 Communication is important to maintaining security because communication keeps: A. Most of the information eventually winds up in dumpsters or recycle bins. sensitive papers are either shredded or burned.www.CompTIA SY0-101: Practice Exam Explanation: Dumpster diving is a very common physical access method. 2nd Edition. law enforcement informed of what is being done Answer: A QUESTION NO: 217 Which of the following is the MOST secure way to implement data encryption between SMTP servers? A. Companies generate a huge amount of paper in the normal course of events.actualtests. Most businesses do not do this. Web services . SSL "Pass Any Exam.co m Following a disaster." . Executive functions D. These dumpsters may contain information that is highly sensitive in nature. Least critical functions B.com 76 Ac tua QUESTION NO: 216 lTe Answer: A sts A. Systems functions C. Security+ Study Guide . 2004. which of the following functions should be returned FIRST from the backup facility to the primary facility? . Sybex . Reference: Mike Pastore and Emmett Dulaney . the IT security budget justified D. Alameda . the network bandwidth usage under control C. Any Time. In high security government environments.

2nd Edition. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given.www. TLS D. Any Time. L2TP Answer: C QUESTION NO: 218 Which of the following definitions would be correct regarding Active Inception? A. This model allows users to dynamically share information with other users. B. Someone looking through your files D. Involve someone who routinely monitors network traffic QUESTION NO: 219 Answer: A Explanation: In a DAC model.co m Answer: B 77 . The DAC (Discretionary Access Control) model uses certificates to control access to resources. Placing a computer system between the sender and receiver to capture information. Security+ Study Guide . network users have some flexibility regarding how information is accessed. C. The DAC (Discretionary Access Control) model does not have any known security flaws. Reference: Mike Pastore and Emmett Dulaney ." . The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources. 2004. but it increases the risk of unauthorized disclosure of information. The process allows a more flexible environment. tua lTe sts The DAC (Discretionary Access Control) model has an inherent flaw. Sybex . Choose the option that describes this flaw. This creates an opportunity for attackers to use your certificates. The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. . C. This creates a security loophole for Trojan horse attacks.actualtests.CompTIA SY0-101: Practice Exam C. Alameda .com Ac A. p 440 "Pass Any Exam. This allows anyone to use an account to access resources. D. Listening or overhearing parts of a conversation B.

because they are developed the fix known vulnerabilities. a patch is still very beneficial. It would be wise to backup your data BEFORE. Which port(s) should you open on the firewall? A.www. Port 49 B. notinstall the patch unless there is a current need. and it would also be wise to test the patch on your least important servers first. D. You must configure the firewall to support TACACS. SPIM E. Port 53 C. install the patch and then backup the production server. Port 161 D.actualtests. test the patch on a non-production server then install the patch to production. there's always a risk that something can go wrong which can compromise your data and server operation. . Port 21 Answer: A "Pass Any Exam.com. C. Phishing Answer: B. Adwar C.CompTIA SY0-101: Practice Exam QUESTION NO: 220 Which of the following will allow a credit card information theft? (chose TWO) A. When you patch an operating system. B. immediatelydownload and install the patch. installing a patch. So even if everything's operating normally." .co m When a patch is released for a server the administrator should: 78 .E QUESTION NO: 221 Answer: A QUESTION NO: 222 You work as the security administrator at Certpaper .com Ac tua Explanation: Software patches are good for network security. Any Time. Virus B. lTe sts A. Worm D.

DNS spoofing D. Any Time. Username/password D. Certificates E. Biometrics B. A newsgroup or forum D. Token Answer: C. An email from the vendor B. Buffer overflows C.actualtests. Cross site scripting B.www.com Ac tua lTe sts ." . Kerberos C.CompTIA SY0-101: Practice Exam Explanation: TACACS uses both TCP and UDP port 49.E QUESTION NO: 226 "Pass Any Exam. The manufacturer's website C. A. A CD-ROM Answer: B QUESTION NO: 225 Most key fob based identification systems use which of the following types of authentication mechanisms? (Select TWO). QUESTION NO: 223 CGI scripts are susceptible to which of the following types of attacks? A.co m 79 . SQL injection Answer: A QUESTION NO: 224 Which of the following is the BEST place to obtain a hotfix or patch for an application or system? A.

through e-mail. Use the FDISK Command D. You should prevent the execution of . distribution authority Answer: A "Pass Any Exam.com Ac tua lTe sts .co m 80 . Alameda . A. Any Time. exchange D. 2nd Edition.actualtests.www. infrastructure B.CompTIA SY0-101: Practice Exam Choose the most effective method of preventing computer viruses from spreading throughout the network. C. Security+ Study Guide . cryptography scheme C. p 76 QUESTION NO: 227 Which of the following would be the minimally acceptable method of ensuring that a disposed hard drive does not reveal sensitive data? A. non-repudiation. B. They may enter your computer on a contaminated floppy or CD-ROM. Delete the files and re-install the operating system Answer: A QUESTION NO: 228 A public key _____________ is a pervasive system whose services are implemented and delivered using public key technologies that include Certificate Authority (CA).vbs files. You should enable scanning of all e-mail attachments. Perform multiple bit level overwrites B. You should install a host based IDS (Intrusion Detection System) Answer: C Explanation: Viruses get into your computer in one of three ways. or as a part of another program. Format the drive C. digital certificates. Reference: Mike Pastore and Emmett Dulaney . A." . Sybex . 2004. D. and key history management. You should require root/administrator access to run programs and applications.

2004. When a connection request is made to the server. XML (Extensible Makeup Language) B. SMTP (Simple Mail Transfer Protocol) C. which is used to secure web transactions? A. Sybex .www.co m 81 . Use hubs instead of routers D. the server sends a message back to the client indicating a secure connection is needed.CompTIA SY0-101: Practice Exam QUESTION NO: 229 From the list of protocols. Any Time.com Ac Which of the following would be MOST effective in preventing network traffic sniffing? tua lTe Reference: Mike Pastore and Emmett Dulaney . SSL (Secure Sockets Layer) D. The session is secure after this process. Security+ Study Guide . QUESTION NO: 230 A. Disable promiscuous mode C. 2nd Edition. This protocol uses the handshake method. Alameda . The client then sends the server a certificate indicating the capabilities of the client. p 365 sts . S/MIME (Secure Multipurpose Internet Mail Extensions) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines." . The server then evaluates the certificate and responds with a session key and an encrypted private key. Use switches instead of hubs B.actualtests. "Pass Any Exam. Deployan IDS Answer: A Explanation: Switches don't send all traffic on the segment to every port so conventional sniffing methods don't work.

Hardware D. Sandbox. a firewall B. network monitoring D. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system.com Ac Answer: A tua A. Security+ Study Guide . Hypervisor. Spam D. Hardware lTe Which of the following is the BEST description of the basic elements of virtualization? sts . Reference: Mike Pastore and Emmett Dulaney . Guest. Sandbox. Hardware B. p 135 QUESTION NO: 232 QUESTION NO: 233 Stateful packet inspection is a methodology used by: A." . Buffer overflow B. Alameda . Host. Hardware C. 2nd Edition. NAT C. Guest. Hypervisor.co m 82 . Host. 2004. Sandbox. Sybex . a hub Answer: A "Pass Any Exam. Brute force Answer: A Explanation: Buffer overflow occur when an application receives more data that it is programmed to accept.www. Birthday C. Any Time. Emulator.actualtests. Hypervisor. Hypervisor. This situation can cause an application to terminate.CompTIA SY0-101: Practice Exam QUESTION NO: 231 Which of the following is a common type of attack on web servers? A.

password and undergoing a thumb print scan to access a workstation? A. Multifactor Answer: D QUESTION NO: 235 A.actualtests." . Kerberos B. a replay attack. . Answer: B QUESTION NO: 237 Using software on an individual computer to generate a key pair is an example of which of the following approaches to PKI architecture? "Pass Any Exam. Biometric C. aDDoS attack B. Non-repudiation B. the user is rerouted to a protest webpage.CompTIA SY0-101: Practice Exam QUESTION NO: 234 Which of the following types of authentication BEST describes providing a username.com 83 Ac Users are reporting that when attempting to access the company web page on the Internet. the user is rerouted to a protest webpage.co m Which of the following would be achieved by using encryption? (Select THREE). Availability C. Mutual D. DNS Poisoning C. This is MOSTUsers are reporting that when attempting to access the company? web page on the Internet. This is MOST likely: tua QUESTION NO: 236 lTe Answer: A.www.E sts A.C. Integrity . a social engineering attack D. Confidentiality D. Authorization E. Any Time.

B. Which of the following would be the BEST action to take? A. D. Disable the employee's user accounts and keep the data for a specified period of time. C. Answer: A QUESTION NO: 239 Answer: A QUESTION NO: 240 Which of the following would be MOST important when designing a security awareness program? A.www. Using an independent security instructor. Distributed key B.co m 84 . Conducting user training sessions." . B. Decentralized C. Hub and spoke D. Creating security awareness posters and notices. Active prevention C. Contact the employee's supervisor regarding disposition of user accounts D. Centralized Answer: B QUESTION NO: 238 A representative from the human resources department informs a security specialist that an employee has been terminated.actualtests. Change the employee's user password and keep the data for a specified period. Enumerating D. Hardening B. Answer: A "Pass Any Exam. Minimizing development cost.CompTIA SY0-101: Practice Exam A.com Ac A. Passive detection tua lTe Which of the following BEST describes the baseline process of securing devices on a network infrastructure? sts . Disable the employee's user accounts and delete all data. Any Time. C.

Router B. B. contamination mechanism and can exploit. During the 80's and early 90's most viruses were activated when you booted from a floppy disk. activation mechanism and has an objective. Activation mechanism: Most viruses require the user to actually do something.com 85 Ac tua lTe sts . Memory starvation C. Firewall C." . where it can replicate and spread past security systems into other systems. A computer virus is a learning mechanism. Answer: D Explanation: Replication mechanism: To replicate a virus needs to attach itself to the right code. initiation mechanism and can propagate.CompTIA SY0-101: Practice Exam QUESTION NO: 241 Open FTP file shares on servers can facilitate which of the following types of attacks? A. A computer virus is a find mechanism. A computer virus is a search mechanism. Hub Answer: C QUESTION NO: 243 Choose the statement which best defines the characteristics of a computer virus.co m .actualtests. connection mechanism and can integrate. D. Any Time. C.www. Which of the following network devices should be used? A. Disk storage consumption Answer: D QUESTION NO: 242 A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. or inserted a new "Pass Any Exam. A. Smurf D. CPU starvation B. Switch D. A computer virus is a replication mechanism.

two routers D. Objective: many viruses have no objective at all. QUESTION NO: 244 A demilitarized zone (DMZ) is a network segment that can be created by using: A. Port scanning. B. two firewalls Answer: D QUESTION NO: 245 An attacker can use a specific method to exploit the clear-text attribute of Instant-Messaging sessions." . Packet sniffing. or crash the system. Any Time. and they require the user to execute. one router and one firewall C. hog up memory. D. You must implement an authentication protocol that uses only encrypted passwords during the authentication process. A. it is easy for someone to sniff your conversation and eavesdrop on every single word you type. QUESTION NO: 246 You work as the security administrator at Certpaper . Answer: A Explanation: Since only clear unencrypted text is being sent across the world through multitudes of WAN equipment and routers. Nowadays most computer virus's come as email forwards.actualtests.co m . Choose the authentication protocol that accomplishes this. Which is it? A.com.www. Reverse engineering.CompTIA SY0-101: Practice Exam floppy disk into an infected drive. Kerberos "Pass Any Exam. C. but some have the objective to delete data. one firewall and one VPN B. Cryptanalysis.com 86 Ac tua lTe sts .

CHAP (Challenge Handshake Authentication Protocol) Answer: D Explanation: CHAP is commonly used to encrypt passwords.actualtests. that is repeated at random intervals during a session. Acceptable use policies "Pass Any Exam. Renewal keeps the log files from getting too large. D. Any Time.CompTIA SY0-101: Practice Exam B. User education and awareness training B. To keep the server from using the same key for two sessions. spam C. B. SMTP (Simple Mail Transfer Protocol) C. Brute force techniques are likely to break the key if given enough time." . a hoax Answer: A QUESTION NO: 249 Sending a patch through a testing and approval process is an example of which of the following? A. The challenge response uses a hashing function derived from the Message Digest 5 (MD5) algorithm. packet sniffing D. QUESTION NO: 247 Which of the following would be the BEST reason for certificate expiration? A. PPTP (Point-to-Point Tunneling Protocol) D. This would BEST be described as: lTe sts . phishing B. The longer an encryption key is used the more processing power it will consume. It provides for on-demand authentication within an ongoing data transmission. Disaster planning C.com Ac tua .www. C. Answer: B QUESTION NO: 248 A.co m 87 .A user has received an email from a mortgage company asking for personal information including bank account numbers.

performance-based E. Trojan horse B. Worm QUESTION NO: 251 Answer: B QUESTION NO: 252 All of the following monitoring types evaluate pre-specified conditions EXCEPT: (Select TWO). Web-of-trust C. Change management Answer: D QUESTION NO: 250 Which of the following BEST describes a set of programs and code that allows an undetectable presence on a system with administrative rights? A.co m Answer: C 88 .actualtests. anomaly-based Answer: A.com Ac tua A.www." . A. signature-based D. Hierarchical lTe sts Which of the following trust models would allow each user to create and sign certificates for the people they know? . Browser trust-list B.E "Pass Any Exam. rate-based C. B. Any Time. Virus C. Rootkit D. Single certificate authority (CA) D. behavior-based.CompTIA SY0-101: Practice Exam D.

System files Answer: C QUESTION NO: 256 Choose the ports that are used to access the FTP (File Transfer Protocol) protocol. B. Brute force C. Writing the password on a piece of paper and storing the paper in a locked safe. System state D. B. A. Birthday B. D. Answer: C QUESTION NO: 254 Which of the following methods of password guessing typically requires the longest attack time? A. Writing the password on a note and placing the note under the computer keyboard.co m . Placing the password in a text document and saving the document on the system administrator's computer. Rainbow Answer: B Which of the following needs to be backed up on a domain controller to be able to recover Active Directory? A. Sharing the password with a family member and asking the family member not to reveal the password.com 89 Ac tua QUESTION NO: 255 lTe sts . User date B. Dictionary D." . Operating system C. Any Time.actualtests.www. C. Ports 80 and 443. "Pass Any Exam. Ports 20 and 21.CompTIA SY0-101: Practice Exam QUESTION NO: 253 Which of the following methods of documenting and storing a password is considered acceptable? A.

By availability.www. so essentially they're being a good Samaritan. they would be more likely to think about them. Ports 20 and 80. guidelines and enforcement. implementation C. Multiple logins are allowed lTe Which of the following is a major reason that social engineering attacks succeed? sts . In the past people have had experiences where a co-worker with a legitimate problem asked for help and been grateful for it. With this knowledge in intuition. If an awareness program were to be implemented where employees could be aware of social engineering tactics." . Strong passwords are not required D.actualtests. Lack of security awareness C. an employee will make a smarter decision.com Ac Answer: B tua A. B. Any Time. D.co m 90 .CompTIA SY0-101: Practice Exam C. and law of consistency. Answer: A Explanation: In basic FTP operations. and times when they needed help themselves and were helped. So by consistency. QUESTION NO: 257 Human resource department personnel should be trained about security policy: A. Audit logs are not monitored frequently B. maintenance. law of reciprocity. "Pass Any Exam. they feel the urge to help others again the way they've helped out somebody in the past. D. port 20 is the data port and port 21 is the command port. when someone asks for help. and be more suspect of an attack when someone does ask for a favor. monitoring and administration Answer: C QUESTION NO: 258 Explanation: Social engineering attacks work because of the availability heuristic. Ports 21 and 23. they associate that ask for help for every legitimate cry for help.

the PORT command can be misused to open a connection to a port of the attacker's choosing on a machine that the attacker could not have accessed directly. The attack aims to reboot the FTP server. and some vendors have developed solutions for this problem.com Ac Explanation: In some implementations of FTP daemons.actualtests.com. You are investigating the consequences of networks attacks aimed at FTP servers. Which of the following states the aim of a FTP (File Transfer Protocol) bounce attack? A. This implementation would violate which of the following security principles? A. tua lTe sts . B. Server based "Pass Any Exam. D.CompTIA SY0-101: Practice Exam QUESTION NO: 259 A company implements an SMTP server on their firewall. Unix based B. C. There have been ongoing discussions about this problem (called "FTP bounce") for several years.co m 91 . Address internal threats D. Keep the solution simple C. The attack aims to store and distribute malicious code. For more detailed information on this FTP Bounce attack refer to the hyperlink.org/advisories/CA-1997-27.html QUESTION NO: 261 Which of the following types of IDS should be employed to obtain the MOST information about the enterprise? A.www. The attack aims to exploita buffer overflow vulnerability on the FTP server. Create an in-depth defense Answer: A QUESTION NO: 260 You work as the security administrator at Certpaper . Any Time. The attack aims to establish a connection between the FTP server and another computer." .cert. Answer: C Reference: http://www. Use a device as intended B.

User account reports are periodically extracted from systems and employment verification is performed. User accounts reports are periodically extracted from systems and user access dates are verified C. Host based Answer: C Explanation: A network based Intrusion Detection System is not limited to a single server or network segment like a host based IDS. User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes. D. B." . User accounts reports are periodically extracted from systems and end users are informed.co m 92 .CompTIA SY0-101: Practice Exam C. Answer: C.www. A.E QUESTION NO: 263 A. it monitors all the traffic over the entire network QUESTION NO: 262 Which of the following BEST describes actions pertaining to user account reviews? (Select TWO). Availability Answer: C QUESTION NO: 264 A programming mechanism used to allow administrative access while bypassing the usual access control methods is known as a: "Pass Any Exam. E.actualtests. Confidentiality C. Network based D. Integrity B.com Ac What is the primary security risk associated with removable storage? tua lTe sts . User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization. Continuity D. Any Time.

By group D.com Ac tua lTe sts QUESTION NO: 266 . Trojan horse B. back door Answer: D QUESTION NO: 265 PKI provides non-repudiation by providing third-party assurance of certificate: A.com. revocation C. validation D.actualtests.CompTIA SY0-101: Practice Exam A. expiration Answer: C Which is a BEST practice method to assign rights and privileges? A. By network B. First broadcast a message to the all users to alert them of the presence of a virus. destruction B.www. D. By location Answer: B QUESTION NO: 267 You work as the security administrator at Certpaper . First search for and delete the virus file. Choose the action which you should specify to perform when receiving an e-mail message warning of the existence of a virus on the system if a specific executable file exists? A. Any Time. First locate and download a patch to repair the file. By individual C. software exploit D.co m 93 . C. "Pass Any Exam." . B. First investigate the e-mail message as a possible hoax with a trusted anti-virus vendor. logic bomb C. You must document the procedure for handling computer virus infections.

www. or Sophos will know about it before you. are time stamped Answer: D "Pass Any Exam. The act of locating and downloading a patch isn't just time consuming. are digitally signed C. in Kerberos authentication will not be successful because the tickets: A. but there's a chance that the patch itself could be the virus. avoidance. are encrypted D. and perhaps terrorizing the users is the original intent of the attack. modeling C. but its also ineffective. the major anti-virus players like Symantec.co m 94 . The process of predicting threats and vulnerabilities to assets is known as threat: A. the wrong file can be deleted. mitigation B. acceptance. and worst of all: when you delete a file it doesn't really get completely deleted. and they will have details on their sites. McAfee. Any Time. the file could be hidden.actualtests. One can miss a file.CompTIA SY0-101: Practice Exam Answer: D Explanation: If a virus threat is for real. as a replay attack." .com Ac tua lTe sts QUESTION NO: 268 . instead it gets sent to a 'recycle bin. D. use a token B. Incorrect answers: Searching for and deleting a file is not only a waste of time with today's OS's complex directory systems. Answer: B QUESTION NO: 269 Reusing a ticket.' Broadcasting an alert and creating panic isn't the right thing to do. or the process of resetting the computer could activate the virus. because it will waste bandwidth.

Passwords Answer: B Explanation: Biometrics These technologies are becoming more reliable. 2nd Edition. 2004. Weak encryption can be easily broken B. B. Check for shipping delays for the requested items. the user wants to purchase an item and enters the credit card information.CompTIA SY0-101: Practice Exam QUESTION NO: 270 Choose the method of authentication which is the most COSTLY method. Shared secrets B. The user later observes unknown charges on the credit card bill and has not received the purchased items. Sybex . Implementations have been limited in many applications because of the high cost associated with these technologies.com Ac tua lTe sts . Privatekeys can be compromised." . Be sure that a URL is secure before entering personal information.www. D. "Pass Any Exam. It is subject to a man-in-the-middle attack C. Tokens D. While browsing the retailer's web site. Which of the following actions should the user take? A. p 265 QUESTION NO: 271 Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication? A. Many companies use smart cards as their primary method of access control. A user must trust the public key that is received Answer: D QUESTION NO: 272 A user accesses a retailer from an Internet search.actualtests. Security+ Study Guide . Alameda . Reference: Mike Pastore and Emmett Dulaney .co m 95 . Biometrics C. Any Time. A. and they will become widely used over the next few years.

Applying patches lTe sts Which of the following are components of host hardening? (Select TWO) .co m Answer: A 96 . Configuring the Start menu and Desktop. 20 QUESTION NO: 274 Answer: D." . X. Remote access to the email application's install directory has not been removed. B.www. Any Time. The administrator account was not secured. Anonymous relays have not been disabled.com Ac tua A. Type the retailer's web address directly into the URL in the future D. Answer: B "Pass Any Exam. 25 C. Which of the following is MOST likely the cause? A. Removing a user access to the user data B.actualtests. 51 D.E QUESTION NO: 275 An SMTP server is the source of email spam in an organization. Adding users to the administrator group D. D. Limit the number of times online purchases are made monthly. 50 B.CompTIA SY0-101: Practice Exam C. Disabling unnecessary services E. C. Answer: A QUESTION NO: 273 Which of the following protocols is used by Encapsulating Security Payload (ESP) in IPSec? A.400 connectors have not been password protected. C.

E. Changing the default SSID.www. B. D. blocking unwanted outgoing traffic B. Any Time. Disabling SSID broadcasting.CompTIA SY0-101: Practice Exam QUESTION NO: 276 Which of the following would be the BEST step to take to stop unauthorized users from targeting a wireless network with a site survey? (Select TWO). A.C QUESTION NO: 277 An employee receives a request from a person claiming to be an employee at a remote office location.actualtests. Using a switch rather than a hub. Follow established procedures and report any abnormal incidents. B. The caller is knowledgeable about the company and the caller's name is listed in the company telephone and email directory. D. the caller claims there is an emergency and asks that the request be expedited. developing a firewall policy D. Broadcasting a false domain name. Ask a supervisor for permission to deviate from established procedures due to the emergency Answer: C QUESTION NO: 278 The first step in effectively implementing a firewall is: A. blocking unwanted incoming traffic C. Physically locking the WAP. Answer: B. protecting againstDDoS attacks Answer: C Explanation: What good is a firewall without any kind of policy or configuration policy to be implemented? "Pass Any Exam. Expedite the request since the caller's identity has been verified. Which of the following would be the BEST action for the employee to take? A. Give the caller a supervisor's name and telephone number to request authority to expedite the request.com Ac tua lTe sts .co m 97 . C. however." . C.

Access B. A weak key Answer: A QUESTION NO: 282 The difference between identification and authentication is that: "Pass Any Exam. Any Time.CompTIA SY0-101: Practice Exam QUESTION NO: 279 Which of the following logs shows when the workstation was last shutdown? A.com Ac Which of the following describes an unauthorized user redirecting wireless network traffic from the intended access point to a laptop to inject a packet with malware? tua lTe sts .co m 98 . System D.www. A replay attack C. DHCP Answer: C QUESTION NO: 280 Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? A. Security C. Delete the key Answer: A QUESTION NO: 281 A.actualtests. Revoke the key B." . A: Social engineering D. Renew the key C. Reconfigure the key D. A man-in-the-middle attack B.

com 99 Ac A. Secure Key Exchange Mechanism for Internet (SKEMI) C. authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials. authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group. B. VPN Answer: A QUESTION NO: 284 Answer: A QUESTION NO: 285 After establishing a tunnel. Algorithm used tua Which of the following would be MOST desirable when attacking encrypted data? lTe sts . C. Block cipher D. the IPSec Protocol Suite uses which of the following specific protocols for securing the data packet? (Select TWO). authentication verifies a set of credentials while identification verifies the identity of the network." . Demilitarized zone (DMZ) B.www. D. A.actualtests. Weak key B.co m . authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials. Sniffed traffic C. Intranet D. Answer: C QUESTION NO: 283 Which of the following describes a semi-trusted location used to securely house public facing servers between the Internet and the local network? A. Any Time. VLAN C.CompTIA SY0-101: Practice Exam A. Oakley "Pass Any Exam. Encapsulating Security Payload (ESP) B.

com Ac Explanation: Although answer choices B . crippled. B. cancer victim child suffering from Herpes it creates undue panic and emotion in the work setting. To measure the DNS server performance Answer: A "Pass Any Exam.www.E Explanation: IPSec is a security protocol that provides authentication and encryption across the Internet. starving. 2004. To perform penetration testing on the DNS server C. A. Sybex . Security+ Study Guide .actualtests. Alameda . Answer: C QUESTION NO: 287 Which of the following is a reason to implement security logging on a DNS server? A. 2nd Edition. p 371 QUESTION NO: 286 From the list of options. tua lTe sts . E-mail hoaxes create unnecessary e-mail traffic. Reference: Mike Pastore and Emmett Dulaney . as well as panic in users that are not technically inclined.co m 100 . Authentication Header (AH) Answer: A. Email hoaxes often create unnecessary traffic because they ask users to forward an email to everyone in address book. Any Time. the BEST answer is A. E-mail hoaxes can result in buffer overflows on the e-mail server. E-mail hoaxes consume large quantities of server disk space. chose the primary attribute associated with e-mail hoaxes." . To control unauthorized DNSDoS D. IPSec can use AH or ESP. To monitor unauthorized zone transfers B. E-mail hoaxes tend to encourage malicious users.C. Internet Security Association and Key Management Protocol (ISAKMP) E. D.CompTIA SY0-101: Practice Exam D.D have a degree of truth to them. C. and whether it is a computer virus or a blind.

Encryption C. vulnerability testing techniques E. To analyze the various network traffic with protocol analyzers B.com Ac Which of the following is a security reason to implement virtualization throughout the network infrastructure? tua lTe sts A.CompTIA SY0-101: Practice Exam QUESTION NO: 288 The risks of social engineering can be decreased by implementing: (Select TWO) A. Integrity . identity verification methods C.F QUESTION NO: 290 A. To isolate the various network services and roles Answer: D QUESTION NO: 291 Giving each user or group of users only the access they need to do their job is an example of which of the following security principals? "Pass Any Exam. Confidentiality F. Any Time.co m Which of the following security services are provided by digital signatures? (Select THREE). security awareness training B. operating system patching instructions Answer: A.www. To centralize the patch management of network servers D. To implement additional network services at a lower cost C. 101 ." . risk assessment policies D.actualtests.B QUESTION NO: 289 Answer: C.D. Authentication D. Authorization B. Non-repudiation E.

Security+ Study Guide . C. Remote Access Server (RAS) D. Email server B.co m 102 . Microsoft Word documents. File and print server C. Many times the virus is in an executable attachment. B.CompTIA SY0-101: Practice Exam A. All of the above. Plain text documents. D. Reference: Mike Pastore and Emmett Dulaney .com Ac tua lTe sts QUESTION NO: 293 . When they open the file. Web server Answer: B Which of the following should be scanned for viruses? A. Separation of duties B.actualtests. The recipient opens this file thinking it is something you legitimately sent them. 2004. Access control C. Sybex . the virus infects the target system. Any Time. p 78 QUESTION NO: 294 "Pass Any Exam. Defense in depth Answer: C QUESTION NO: 292 Which of the following types of servers should be placed on a private network? A. Alameda ." . The infected system includes an attachment to any email that you send to another user. Least privilege D. Answer: A Explanation: Many newer viruses spread using email.www. 2nd Edition. Executable files.

Intranet B.co m 103 . Delta Answer: B QUESTION NO: 295 Non-essential services are often appealing to attackers because non-essential services: (Select TWO) A. Scatternet C. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? tua QUESTION NO: 296 lTe sts .com Ac A company wants to connect the network to a manufacturer's network to be able to order parts. sustain attacks that go unnoticed D." . Differential C. consume less bandwidth B.F A.actualtests. Extranet D. Any Time.CompTIA SY0-101: Practice Exam Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media? A. provide root level access E. are not visible to an IDS F. decrease the surface area for the attack C. VPN Answer: C QUESTION NO: 297 The IPSec Security Association is managed by "Pass Any Exam. Full B.www. are not typically configured correctly or secured Answer: C. Incremental D.

ESP D. 2nd Edition. These ports will respond in a predictable manner when queried. C.com Ac Reference: Mike Pastore and Emmett Dulaney . Many routers. An attacker can enable logging on the target system. p 69 tua Explanation: A TCP/IP network makes many of the ports available to outside users through the router. IEEE B. and it can reveal a great deal about your network. Answer: A QUESTION NO: 299 Which of the following is a suitable hashing algorithm for a secure environment? A. Alameda . B. AH C. An attacker can check the services file. RC4 because it produces 160-bits message digests Answer: B "Pass Any Exam. MD5 because it produces 160-bits message digests C. D. Sybex .CompTIA SY0-101: Practice Exam A. SHA-1 because it produces 160-bits message digests." . An attacker can run a port scan against the target system. MD5 because it produces fewer numbers of collisions. ISAKMP Answer: D QUESTION NO: 298 Which of the following actions can an attacker perform when network services are enabled on a target system? A. B.co m 104 . 2004.www.actualtests. Port scans can be performed both internally and externally. D. will let all of the protocols pass through them. An attacker can install arootkit on the target system. This process is called port scanning. lTe sts . unless configured appropriately. An attacker can systematically query a network to determine which services and ports are open. Security+ Study Guide . Any Time.

thus overloading the originator of the ping (the receiving station). Trojan hors C. Therefore. logic bomb Answer: A QUESTION NO: 302 From the listing of attacks. All incoming connections are rejected until all current connections can be established.www. SYN attack C. Buffer Overflow attack Answer: B Explanation: SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets. 128 D. The receiving station sends out this SYN packets (pings the broadcast address) which causes multiple servers or stations to respond to the ping. thereby tying up all the resources. "Pass Any Exam.co m .actualtests. worm B.com 105 Ac tua lTe sts ." . Birthday attack D. Smurf attack B. 64 Answer: A QUESTION NO: 301 Malicious software that travels across computer networks without user assistance is an example of a: A. Any Time. Change this if you want but in the SYN flood the hacker sends a SYN packet to the receiving station with a spoofed return address of some broadcast address on their network.CompTIA SY0-101: Practice Exam QUESTION NO: 300 How many characters is the output of a MD5 hash? A. choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network? A. 32 B. 160 C. The receiving station tries to respond to each SYN request for a connection. virus D.

Multifactor D. Alameda . 2nd Edition. Which of the following BEST describes this document? "Pass Any Exam. Security+ Study Guide .CompTIA SY0-101: Practice Exam the hacker may send only 1 SYN packet." . Sybex . Software publisher certificate C. Reference: Mike Pastore and Emmett Dulaney . Mutual C. sts .co m . The answer B is correct. but you can find online more information on software publisher certificate. whereas the network of the attacked station is actually what does the barrage of return packets and overloads the receiving station. Username/password B.actualtests. p 530 QUESTION NO: 303 While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in. Any Time.www. Server certificate Answer: B QUESTION NO: 304 A.com 106 Ac Which of the following authentication methods requires that the client authenticate itself to the server and the server authenticate itself to the client? tua lTe Explanation: This is not discussed in the book so much. Certificate Authority (CA) certificate D. Biometric Answer: B QUESTION NO: 305 A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems. The pop-up window is a certificate which validates the identity of the plug-in developer. Which of the following BEST describes this type of certificate? A. 2004. Web certificate B.

Rename the system administrator account C. Authorized Access Policy D. C.www. Acceptable Use Policy C. Write an LDAP query. Review the domain accounts D. virus and malware cataloging organizations. double entry doors and security guards are all prevention measures for which of the following types of social engineering? A. Answer: C Answer: A QUESTION NO: 308 Turnstiles. Looking through a co-worker's trash to retrieve information C. Any Time. Due diligence form Answer: B QUESTION NO: 306 MITRE and CERT are: A. spyware and virus distributing software B. Develop a security policy B." . anti-virus software companies. D.actualtests. Impersonation D.com Ac tua A. lTe Which of the following would be the FIRST step to take to mitigate the threat of non-essential domain accounts? sts QUESTION NO: 307 .CompTIA SY0-101: Practice Exam A. virus propagation monitoring utilities. Piggybacking B.co m 107 . Privacy Act of 1974 B. Looking over a co-workersshould'er to retrieve information Answer: A "Pass Any Exam.

"Pass Any Exam. the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Halon C. Right click on the lock at the bottom of the browser and check the certificate information B. and prop the door open for them. Other forms of piggybacking take advantage of human altruism. Disable non-essential services. Password management D. Foam Answer: C A. QUESTION NO: 309 Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment? A. where the authorized user will try to do the right thing. An unauthorized person will put on a disguise and carry a heavy box to the door. Water D.co m . B.CompTIA SY0-101: Practice Exam Explanation: Piggybacking is an espionage tactic commonly used in the movies. and waits for an unknowing authorized user to enter.actualtests. Install software patches. When the authorized user enters. Enforce the security policy.com 108 Ac tua A newly hired security specialist is asked to evaluate a company's network security. Which of the following would be the FIRST step to take? lTe QUESTION NO: 310 sts . The security specialist discovers that users have installed personal software. The hero or the villain hides by a secure entrance. Answer: B QUESTION NO: 311 Which of the following would be an easy way to determine whether a secure web page has a valid certificate? A. Carbon Dioxide B." . Any Time.www. Ensure that the web URL starts with 'https:\\'. C. they use stealth to sneak behind them and gain access without the authorized user even knowing.

CHAP D.CompTIA SY0-101: Practice Exam C. FTP configures to allow anonymous user access. Contact the web page's web master Answer: A QUESTION NO: 312 Which of the following protocols works with 802. Application Layer. D. Transport Layer E.actualtests.9. Any Time.com 109 Ac tua A. SPAP QUESTION NO: 313 Answer: D QUESTION NO: 314 The SSL (Secure Sockets Layer) protocol operates between specific layers of the OSI (Open Systems Interconnection) reference model. SSL has enabled the Apache service with no virtual hosts configured C. A." . Data Link Layer Answer: B.8a is installed and configured for remote administration. EAP B. B.www. Sendmail is configured to allow the administrator's web access. SSH with version 0.D Explanation: "Pass Any Exam. C.1X to authenticate a client to a network? A. Network Layer D. Physical Layer B.co m Answer: A . LDAP C. lTe sts Which of the following daemons is MOST likely to be the cause if an unauthorized user obtains a copy of a Linux systems /etc/passwd file? . Which is it? Choose all correct answers. ContactThawte or Verisign and ask about the web page D.

Answer: A QUESTION NO: 318 "Pass Any Exam. Which of the following steps should the specialist take? A. Any Time. Ignore the MD5 hash values because the values can change during IP fragmentation.CompTIA SY0-101: Practice Exam SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. DRP. VPN Answer: B QUESTION NO: 317 The purpose of the SSID in a wireless network is to: A. Avoid executing the file and contact the source website administrator Answer: D QUESTION NO: 316 An end-to-end traffic performance guarantee made by a service provider to a customer is a: A. C." . C. so naturally it operates between the top two layers of the OSI model. BCP. D. protect the client C. The source has published the MD5 hash values for the executable program. Install the executable program because there was probably a mistake with the MD5 value. define the encryption protocols used.co m .com 110 Ac tua lTe sts . QUESTION NO: 315 A security specialist has downloaded a free security software tool from a trusted industry site.www. SLA. D.actualtests. identify the network B. secure the WAP D. B. Re-run the anti-virus program to ensure that it contains no virus execute B. The specialist performs a successful virus scan on the download but the MD5 hash is different.

Rainbow Table C. p 432 lTe Explanation: The key word is decentralized.www. Disaster recovery plan B. Chain of custody C.com 111 Ac tua Reference: Mike Pastore and Emmett Dulaney .co m . User accounts and passwords are stored on a central authentication server. Salt B. sts . Security+ Study Guide . Sybex . Audit trail of systems usage D. so the best answer would be B. D. Chain of certificates Answer: B QUESTION NO: 319 Which of the following coorectly specifies where user accounts and passwords are stored in a decentralized privilege management environment? A. User accounts and passwords are stored on no more than two servers. which of the following needs to be documented? A.CompTIA SY0-101: Practice Exam To preserve evidence for later use in court." . 2nd Edition. User accounts and passwords are stored on each individual server. Any Time.actualtests. Larger key space D. C. B. User accounts and passwords are stored on a server configured for decentralized management. Alameda . Answer: C QUESTION NO: 320 Which of the following increases the collision resistance of a hash? A. Increase the input length Answer: A QUESTION NO: 321 "Pass Any Exam. 2004.

and log files? A. and the certificate's validity dates "Pass Any Exam. the Certificate Authority (CA) distinguished name. 2nd Edition. object identifiers. This log should catalog every event from the time the evidence is collected. Evidence D. User's public key. Chain of command C. Sybex . User's public key. and the Certificate Revocation List (CRL) entry point C. What guidelines do they use? A.www.co m 112 . Stateful packet filtering C. 2004. Incident response Answer: A Explanation: The chain of custody is a log of the history of evidence that has been collected. p 457 QUESTION NO: 323 Which of the following correctly identifies some of the contents of an end user's X.com Ac tua lTe sts . File integrity auditing D. User's public key. and the type of symmetric algorithm used for encryption D. Security+ Study Guide . Network based intrusion detection B. Chain of custody B." .actualtests. Reference: Mike Pastore and Emmett Dulaney . Host based intrusion detection Answer: C QUESTION NO: 322 Computer forensics experts use specific guidelines to gather and analyze data while minimizing data loss. and the location of the user's electronic identity B. configuration files. the serial number of the CA certificate. the certificate's serial number.CompTIA SY0-101: Practice Exam Which of the following describes the process of comparing cryptographic hash functions of system executables. A: User's public key. Any Time.509 certificate? A. Alameda .

actualtests. is responsible for assigning it a serial number to distinguish it from other certificates it issues. in addition to the signature: QUESTION NO: 324 A. DDoS attack. Corruption of the media B. the CA.500 name of the entity that signed the certificate. m 113 . and describes how to write it down (the data format).www.com Ac tua Which of the following may be a security issue during transport of stored tape media to an offsite storage location? lTe sts Reference: http://csrc. Using this certificate implies trusting the entity that signed this certificate.CompTIA SY0-101: Practice Exam Answer: D Explanation: The X. This is normally a CA. "Pass Any Exam. A courier x-raying the contents Answer: B QUESTION NO: 325 A workstation is being used as a zombie set to attack a web server on a certain date.htm .nist." . TCP/IP hijacking.gov/pki/panel/santosh/tsld002. Any Time.509 certificates have the following data.co Version Serial Number The entity that created the certificate. Theft of the media C. Validity Period Subject Name Subject Public Key Information This is the public key of the entity being named. The infected workstation is MOST likely part of a: A. B. All X. Signature Algorithm Identifier Issuer Name The X.509 standard defines what information can go into a certificate. Timely restore of lost data D. together with an algorithm identifier which specifies which public key crypto system this key belongs to and any associated key parameters.

Run a port scan Answer: A From the options. Install and monitoran IDS C. If this happens too often then the IDS is not working properly. spoofing attack. Decrease in throughput.actualtests. choose the disadvantage of implementing an IDS (Intrusion Detection System). man-in-the-middle attack. D. The other answers limit your assessment. Answer: C Explanation: A false positive is when legitimate traffic is picked up as an intruder. Any Time.www. Compatibility. Answer: A QUESTION NO: 326 Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network? A.com 114 Ac tua lTe QUESTION NO: 327 sts Explanation: Performing a vulnerability assessment is one of the most effective way to find holes in the network. Run a sniffer D. Symmetric key distribution system B. A. Perform a vulnerability assessment B. Administration B.co m . C." . QUESTION NO: 328 Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data. Asymmetric scheme "Pass Any Exam. D. False positives. . A.CompTIA SY0-101: Practice Exam C.

"Pass Any Exam. MAC addresses are a secure authentication mechanism and DTP allows only authenticated users. Senior management believes that a VLAN will be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocol (DTP) will facilitate network efficiency. NetStumbler Answer: D QUESTION NO: 331 Default passwords in hardware and software should be changed: A. D. MAC addresses can be spoofed and DTP allows rogue network devices to configure ports C. Sam Spade B. when the vendor requires it D. S/MIME C. once each month C. Any Time.CompTIA SY0-101: Practice Exam C.com Ac tua lTe sts Answer: B . QUESTION NO: 330 A common tool used for wireless sniffing and war driving is: A. Asymmetric key distribution system D.actualtests." . MAC addresses are a secure authentication mechanism and DTP allows rogue network devices to configure ports. Symmetric scheme Answer: B QUESTION NO: 329 A company wants to implement a VLAN. B. Which of the following issues should be discussed with senior management before VLAN implementation? A. NESSUS D. MAC addresses can be spoofed and DTP allows only authenticated users.co m 115 .www. if a threat becomes known. B. when the hardware or software is turned on.

Networkmapper Answer: D QUESTION NO: 335 Controlling access to information systems and associated networks is necessary for the preservation of their: "Pass Any Exam. WireShark D." . John the Ripper B. VLAN C. Intranet . Any Time.com Ac Which of following can be used to determine the topology of a network and discover unknown devices? tua lTe sts A. Password crackers B.www. Extranet D. Vulnerability scanner D.actualtests. Nessus C.co Which of the following is MOST often used to allow a client or partner access to a network? m 116 . Cain & Abel Answer: C QUESTION NO: 333 Answer: C QUESTION NO: 334 A.CompTIA SY0-101: Practice Exam Answer: D QUESTION NO: 332 Which of the following is a protocol analyzer? A. Demilitarized zone (DMZ) B. Penetration testing C.

Reduction in hard drive space requirements. Fragmenter C. C. 2nd Edition. authenticity. Alameda . Spoofer sts Which of the below options would you consider as a program that constantly observes data traveling over a network? . The accountability is equally important. confidentiality and availability B. integrity and availability referred to as the CIA of network security.co m . Security+ Study Guide . availability and accountability. 2004. D. monitor and analyze traffic." . confidentiality. Sniffer D. C. Smurfer B. B. to use in replay attacks. integrity and availability. integrity and availability D. You will often see the confidentiality. Reference: Mike Pastore and Emmett Dulaney . authenticity. Increased network throughput. confidentiality. QUESTION NO: 337 Choose the option that correctly specifies a likely negative technical impact of receiving large quantifies of spam.www. p 22 QUESTION NO: 336 Answer: C Explanation: Packet sniffers are used to capture. There legitimate purpose is to find traffic flow problems and bottlenecks for the sake of network optimization. A. hackers use it to capture data.CompTIA SY0-101: Practice Exam A. However.actualtests. Processor underutilization. Sybex . "Pass Any Exam. DoS (Denial of Service).com 117 Ac tua lTe A. Any Time. integrity and availability Answer: C Explanation: The design goals of a security topology must deal with issues of confidentiality. integrity.

www.CompTIA SY0-101: Practice Exam Answer: A Explanation: In systems where no email filters are set up. One method is ICMP Message quoting where the ICMP quotes back part of the original message with every ICMP error message. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS. thus denying service. the human time necessary to sort through those emails will be Herculean.co m 118 . which analyzes how the operating system (OS) responds to specific network traffic. it is possible for some users to receive over a hundred unsolicited emails a day! If every user on a network received that much email. QUESTION NO: 338 From the listing of attacks.com Ac tua Explanation: Fingerprinting is the act of inspecting returned information from a server ( ie . lTe sts .actualtests. download. The system resources required to: process. Any Time. Operating system scanning. Fingerprinting D. in an attempt to determine the operating system running in your networking environment? A. Retina scan and mantrap D. Reverse engineering. Host hijacking. B. C. and store such email can potentially reduce a networks availability to zero. Username and password Answer: B "Pass Any Exam." . Photo ID and PIN B. Answer: C QUESTION NO: 339 Which of the following is an example of two-factor authentication for an information system? A. ATM card and PIN C. Each operating system will quote definite amount of message to the ICMP error messages.

actualtests. Deploy a firewall and IDS D." . Disable any unnecessary ports and services.www. C. Develop a trust model Answer: A "Pass Any Exam. Conduct vulnerability analysis. B.com Ac tua lTe sts .CompTIA SY0-101: Practice Exam QUESTION NO: 340 Which of the following is the primary method of performing network hardening? A.co m 119 . Any Time.

Sign up to vote on this title
UsefulNot useful