CompTIA SY0-101

SY0-101 Security+

Practice Test
Version 3.0

CompTIA SY0-101: Practice Exam QUESTION NO: 1 A real estate company recently deployed Kerberos authentication on the network. Which of the following does Kerberos require for correct operation? (Select TWO). A. POP-3 B. Accurate network time C. Key Distribution Center D. Extranets E. SSL/TLS Answer: B,C

QUESTION NO: 2 401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE).401.Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE). A. Content B. TLSs C. Keys D. URLs E. CRLs F. Certificates Answer: A,D,F

QUESTION NO: 3

An administrator is selecting a device to secure an internal network segment from traffic external to the segment. Which of the following devices could be selected to provide security to the network segment? A. NIPS B. HIDS C. Internet content filter D. DMZ Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

2

CompTIA SY0-101: Practice Exam QUESTION NO: 4 Which of the following VPN implementations consists of taking IPv6 security features and porting them to IPv4? A. SSL B. IPSec C. L2TP D. PPTP Answer: B

QUESTION NO: 5

QUESTION NO: 6 Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software? A. Trojan horse B. Worm C. Virus D. Logic bomb Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

tua

lTe

Answer: A

sts

A. Role Based Access Control (RBAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Discretionary Access Control (DAC)

.co

m

A user is assigned access rights based on the function within the organization. This is a feature of which of the following types of access control models?

3

Offsite storage Answer: B QUESTION NO: 8 Answer: B QUESTION NO: 9 Which of the following is often misused by spyware to collect and report a user's activities? A.CompTIA SY0-101: Practice Exam QUESTION NO: 7 Which of the following would be MOST important to have to ensure that a company will be able to recover in case of severe environmental trouble or destruction? A.com 4 Ac tua lTe sts A. Discretionary Access Control (DAC) D. Any Time.www. Persistent cookie D. Mandatory Access Control (MAC) . Fault tolerant systems D. when prompted. Role Based Access Control (RBAC) C.actualtests. A challenge-response session is a workstation or system that produces a random login ID that the user provides. Disaster recovery plan C. in conjunction with the proper PIN (Personal Identification "Pass Any Exam. Session cookie B. Tracking cookie C. Alternate sites B. Rule Based Access Control (RBAC) B." .co A task-based control model is an example of which of the following? m . Web bug Answer: B QUESTION NO: 10 Which definition best defines what a challenge-response session is? A.

Symmetric C. in conjunction with the proper PIN (Personal Identification Number). Which of the following would achieve this goal? A. Proxy "Pass Any Exam. HIDS B. when prompted. A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated. A challenge-response session is a workstation or system that produces a random challenge string that the user provides. Answer: B Explanation: A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response). Any Time. Pseudorandom Number Generator (PRNG) Answer: A QUESTION NO: 12 An administrator wants to implement a procedure to control inbound and outbound traffic on a network segment. One Way Function B.www.CompTIA SY0-101: Practice Exam Number).webopedia. A user is given a code (the challenge) which he or she enters into the smart card. A challenge-response session is a special hardware device used to produce random text in a cryptography system." .com/TERM/C/challenge_response. ACL C.actualtests. Asymmetric D. Reference: http://www.html Which of the following describes a type of algorithm that cannot be reversed in order to decode the data? A. The smart card then displays a new code (the response) that the user can present to log in.co m 5 .com Ac tua lTe QUESTION NO: 11 sts . Most security systems that rely on smart cards are based on challenge-response. B. D. C.

SYN Flood C. Network News Transfer Protocol (NNTP) C.2." .co QUESTION NO: 14 m .10.actualtests.com 6 Ac tua lTe sts . nmap B.10.168.168.1 23 SYN 10/21 0930 192.5.5.2 10. dd Answer: C When reviewing traces from an IDS. SNMP (Simple Network Management Protocol).2.2 10.1 25 SYN Which of the following is MOST likely occurring? A. Expected TCP/IP traffic Answer: A QUESTION NO: 15 Which of the following protocols are not recommended due to them supplying passwords and information over the network? A.10.5. tcpdump D.1 20 SYN 10/21 0915 192.CompTIA SY0-101: Practice Exam D. Port scanning B. Any Time. NESSUS C. NIDS Answer: B QUESTION NO: 13 Which of the following freeware forensic tools is used to capture packet traffic from a network? A. B.2.2 10.168. Domain Name Service (DNS) "Pass Any Exam.1 21 SYN 10/21 0920 192. Denial of service (DoS) D.168.10.2 10.www.2.5. the following entries are observed: Date Time Source IP Destination IP Port Type 10/21 0900 192.

WEP (Wired Equivalent Privacy) B. 2nd Edition.actualtests.co QUESTION NO: 17 m . You want to implement a solution which will provide a WLAN (Wireless Local Area Network) with the security typically associated with a wired LAN (Local Area Network): Which solution should you implement? . Digital certificate B. Symmetric key C. Sybex . p 372 QUESTION NO: 18 From the options. VPN (Virtual Private Network) C. ISDN (Integrated Services Digital Network) D. Alameda .com 7 Ac tua A. Any Time. 3DES encryption D. Security+ Study Guide . 2004.CompTIA SY0-101: Practice Exam D. Reference: Mike Pastore and Emmett Dulaney . which is a tunneling protocol that can only work on IP networks because it requires IP connectivity? "Pass Any Exam. Security token Answer: A Answer: A Explanation: Wired Equivalent Privacy is a wireless protocol designed to provide privacy equivalent to that of a wired network. Internet Control Message Protocol (ICMP) Answer: A QUESTION NO: 16 Which of the following must be installed for HTTPS to work properly on a web site? A." . ISSE (Information Systems Security Engineering) lTe sts You work as the security administrator.www.

IP. Brute force D. Worm lTe A user downloads and installs a new screen saver and the program starts to rename and delete random files. SSH C. Vulnerability C. Software exploitation B.www. IPX. or NetBEUI protocols QUESTION NO: 19 Answer: A QUESTION NO: 20 Which of the following BEST describes an attack that takes advantage of a computer not fully updated with the most recent operating system patches? A." . which in turn encapsulate IP. however. require IP connectivity between your computer and the server. Which of the following would be the BEST description of this program? sts . or NetBEUI protocols inside of PPP datagrams PPTP does not require a dial-up connection.co m . IPX. Virus D. Spoofing Answer: A "Pass Any Exam. Developed as an extension of the Point-to-Point Protocol (PPP). Like PPTP. L2TP protocol Answer: A Explanation: Point-to-Point Tunneling Protocol You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP). PPTP tunnels and/or encapsulates. Not B: L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP).actualtests. It does. L2TP encapsulates Point-to-Point Protocol (PPP) frames. Trojan horse B. PPTP protocol B. Logic bomb C.CompTIA SY0-101: Practice Exam A. IPX protocol D.com 8 Ac tua A. Any Time.

The web server is located in the core internal corporate network. Weak passwords Answer: B "Pass Any Exam. Any Time.www.C QUESTION NO: 23 A program allows a user to execute code with a higher level of security than the user should have access to.CompTIA SY0-101: Practice Exam QUESTION NO: 21 Secret Key encryption is also known as: A.com Ac tua lTe sts . Network-based IDS E. Host-based firewall D.co m 9 . Host-based IDS C. Answer: A QUESTION NO: 22 A companys security' specialist is securing a web server that is reachable from the Internet.actualtests. Which of the following should the security specialist implement to secure the web server? (Select TWO). DoS B. Network-basedfirewal B. symmetrical B. Privilege escalation C. Router with firewall rule set Answer: B. replay D. A. Which of the following is this an example of? A. one way function. Router with an IDS module F. The network cannot be redesigned and the server cannot be moved." . asymmetrical C. Default accounts D.

D. B. To insure that the authenticator is up-to-date and is not an old one that has been captured by an attacker. Clocks are used to both benchmark and specify the optimal encryption algorithm.com 10 Ac tua QUESTION NO: 26 lTe Answer: D sts A. C. test the essential functionality Answer: D QUESTION NO: 25 In a certificate hierarchy. conduct a follow-up vulnerability analysis B. Answer: A Explanation: The actual verification of a client's identity is done by validating an authenticator. update the baseline C. the ultimate authority is called the: For which reason are clocks used in Kerberos authentication? A.co m . The next step before placing the network back into operation would be to: A.actualtests. Thus. Terminal Access Controller Access Control System (TACACS)." . Clocks are used to generate the seed value for the encryptions keys. Clocks are used to ensure proper connections. C. perform penetration testing D.www. Root Certifying Authority (Root CA).CompTIA SY0-101: Practice Exam QUESTION NO: 24 A security specialist has completed a vulnerability assessment for a network and applied the most current software patches. Certificate Revocation List (CRL). Any Time. . If the timestamp is not close enough to the current time (typically within five minutes) then the authenticator is rejected as invalid. Private Branch Exchange (PBX). Clocks are used to ensure that tickets expire correctly. B. The authenticator contains the client's identity and a timestamp. the timestamp in the authenticator is checked against the current time. D. Kerberos requires your system clocks to be loosely synchronized (the "Pass Any Exam.

html QUESTION NO: 27 Message authentication codes are used to provide which service? A.www. Reference: http://www. Patch template lTe sts Which of the following is an installable package that includes several patches from the same vendor for various applications? .CompTIA SY0-101: Practice Exam default is 5 minutes.co m Answer: B 11 . Internal network segment B." .actualtests.faqs.com Ac tua A. Key recovery B. Which of the following would be the BEST location for the web server? A. business partners. Patch rollup C. Integrity C. External network segment Answer: B. and corporate users.C "Pass Any Exam. Any Time. Demilitarized zone (DMZ) C. Network perimeter D.org/faqs/kerberos-faq/general/section-22. Service pack D. Faultrecover QUESTION NO: 28 Answer: C QUESTION NO: 29 A company's web server needs to be accessible by remote users. but it can be adjusted in Version 5 to be whatever you want). Hotfix B. Acknowledgement D.

" . a code of ethics D. JavaScript. the need to know C. acceptable usage B. PPP Answer: C. and within every users reach. Disabling them (which is as easy as setting your browser security level to High) is the best method of securing a web browser. Deploy a filtering policy for unknown and illegal websites that you do not want users to access. SSL uses: (Select TWO) A.D QUESTION NO: 31 From the recommendations below. tua lTe sts . Blowfish encryption C.co m 12 . which is considered the best method for securing a web browser? A. Do not upgrade web browsers because new versions have a tendency to contain more security flaws. Answer: B QUESTION NO: 32 Documentation describing a group expected minimum behavior is known as:Documentation describing a group? expected minimum behavior is known as: A.com Ac Explanation: Features that make web surfing more exciting like: ActiveX. Public-key cryptography D. the separation of duties "Pass Any Exam. B.CompTIA SY0-101: Practice Exam QUESTION NO: 30 In order to secure web-based communications. and cookies all poise security concerns.actualtests. Java. since its simple. CGI scripts. D. C. Challenge Handshake Authentication Protocol (CHAP) B. Disable all unused features of the web browser. Only use a VPN (Virtual Private Network) connection to connect to the Internet. IPSec F. Any Time. Symmetric cryptography E.www. secure.

co m 13 . SOCKS D. Discretionary Access Control (DAC). Differential backup D. Any Time.actualtests. Incremental backup Answer: D The authentication process where the user can access several resources without the need for multiple credentials is known as: A.com Ac QUESTION NO: 35 tua lTe sts . NAT C. decentralized management C. single sign-on Answer: D QUESTION NO: 36 "Pass Any Exam. Private addressing B. D.www. need to know B. DNS Answer: B QUESTION NO: 34 Which of the following describes backing up files and software that have changed since the last full or incremental backup? A. Full backup C.CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 33 Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header? A. Delta backup B." .

When a connection request is made to the server. The server validates the user by checking the CRL (Certificate Revocation List).co m 14 . B. RC4 C. Gateway to Gateway "Pass Any Exam." . Gateway to Host C. RC2 Answer: B Explanation: NO XPLANATION. The client then sends the server a certificate indicating the capabilities of the client. QUESTION NO: 37 WEP uses which of the following stream ciphers? A. Host to Host B. C. The server displays the page requested by the user on the browser. which represents the first action performed by an SSL (Secure Sockets Layer) enabled server when a user clicks to browse a secure page? A. IKE D. The session is secure after this process. Any Time. and then provides its IP (Internet Protocol) address for verification purposes. D. Answer: A Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines.CompTIA SY0-101: Practice Exam From the options below.actualtests. The server requests the user to produce the CRL (Certificate Revocation List). the server sends a message back to the client indicating a secure connection is needed. QUESTION NO: 38 A VPN is needed for users to connect to a remote site and the VPN must be transparent to the user. 3DES B.com Ac tua lTe sts . Which of the following VPN models would be BEST to use? A. The server then evaluates the certificate and responds with a session key and an encrypted private key. This protocol uses the handshake method. Host to Gateway D.www. The server uses its digital certificate to identify itself to the browser.

QUESTION NO: 39 A web page becomes unresponsive whenever the embedded calendar control is used." .com 15 Ac tua lTe sts . Which of the following types of vulnerabilities is occurring? A. magnetic media sorting C. Cross-site scripting D.CompTIA SY0-101: Practice Exam Answer: D Explanation: NO XPLANATION. Any Time. server drive redundancy "Pass Any Exam. so naturally it operates between the top two layers of the OSI model. ActiveX B. QUESTION NO: 40 SSL operates at which layer? A.actualtests. Network C.co m . Transport D. offsite storage B.www. Common Gateway Interface (CGI) C. Application Answer: C Explanation: SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. Cookies Answer: A Explanation: NO XPLANATION. QUESTION NO: 41 An important component of a good data retention policy is: A. Data link B.

www. C.com 16 Ac A person walks up to a group of people who have physical access to a network operations room. Apply the most recent manufacturer updates and patches to the server. Or when they make new software release (Linux kernels seam to be updated every other day) they try to fix all known vulnerabilities." .CompTIA SY0-101: Practice Exam D. Since the older an operating system is. an administrator should adopt which of the following preventative measures? A.co m Answer: D . Use packet sniffing software on all inbound communications D. backup software licensing Answer: A QUESTION NO: 42 To reduce vulnerabilities on a web server. QUESTION NO: 43 A. and the instant they realize that there's a security breach they assign a team on it to develop a security patch. Any Time.actualtests. Tailgating D. Shoulder surfing C. As some of the group enters the room. this person walks into the room behind the group without providing credentials to gain access. Block all Domain Name Service (DNS) requests coming into the server. sts . Social engineering Answer: C QUESTION NO: 44 Which of the following connectivity is required for a web server that is hosting an SSL based web site? "Pass Any Exam. Walk behind B. Enable auditing on the web server and periodically review the audit logs B. the more time a hacker's have to seek vulnerabilities. Which of the following would BEST describe this activity? tua lTe Explanation: Operating system manufacturers pride themselves in having a secure system. A simple security patch that takes a couple of minutes to download and install is the difference between having a secure network and having a system made completely useless by a worm.

Any Time. Port 80 inbound C. sts . Web-of-trust Answer: D QUESTION NO: 46 Answer: A Explanation: Hoaxes do have the possibility of causing as much damage as viruses.www. Port 443 outbound B.actualtests. B. Many hoaxes instruct the recipient to forward the message to everyone that they know and thus causes network congestion and heavy e-mail activity.CompTIA SY0-101: Practice Exam A. separation of duties. QUESTION NO: 47 A company conducts sensitive research and development and wants a strict environment for enforcing the principles of need to know. Hierarchical D. Hoaxes also often instruct the user to delete files on their computer that may cause their computer or a program to quit functioning. Hoaxes carry a malicious payload and can be destructive. Hoaxes can help educate users about a virus. C. Single certificate authority (CA) B. Port 80 outbound Answer: C QUESTION NO: 45 Which of the following trust models would allow each user to create and sign certificates for the people they know? A. Browser trust-list C. tua lTe On the topic of comparing viruses and hoaxes. D.com 17 Ac A. which statement is TRUE? Choose the best TRUE statement." . Port 443 inbound D. Which of the following should the company implement? "Pass Any Exam. Hoaxes are harmless pranks and should be ignored. and least privilege. Hoaxes can create as much damage as a real virus.co m .

com 18 Ac Reference: Mike Pastore and Emmett Dulaney . using a VPN D.D "Pass Any Exam. 2nd Edition. Single factor authentication Answer: A QUESTION NO: 48 Which access control method allowsusers to have some level of flexibility on how information is accessed. All of the above D. p 440 tua lTe Explanation: In a DAC model. but it increases the risk of unauthorized disclosure of information. network users have some flexibility regarding how information is accessed.www.co m . This model allows users to dynamically share information with other users." . Single sign on D. an intrusion prevention system (IPS) F. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given. access controls that restrict usage C. recording to write-once media.actualtests.CompTIA SY0-101: Practice Exam A. Sybex . Any Time. B. an IDS Answer: B. 2004. Role-Based Access Control (RBAC) method. Discretionary Access Control (DAC) method C. The process allows a more flexible environment. Mandatory Access Control (MAC) method Answer: B QUESTION NO: 49 Audit log information can BEST be protected by: (Select TWO). A. E. Mandatory Access Control (MAC) B. Alameda . but at the expense of increasing the risk of unauthorized disclosure of information? A. Discretionary Access Control (DAC) C. Security+ Study Guide . a firewall that creates an enclave B. sts .

Any Time. Answer: A QUESTION NO: 52 A. The email server capacity is consumed by message traffic. Automatic updates B. a logic bomb C.actualtests." .www. Answer: A. D. a worm D. a Trojan horse B.co m 19 . C.CompTIA SY0-101: Practice Exam QUESTION NO: 50 Which of the following would be considered a detrimental effect of a virus hoax? (Select TWO).com Ac Which of the following programming techniques should be used to prevent buffer overflow attacks? tua lTe sts . The model with no single trusted root is known as: "Pass Any Exam. Signed applets Answer: B QUESTION NO: 53 Pretty good privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. Users are tricked into changing the system configuration. B. Nested loops D. A. an email attachment.B QUESTION NO: 51 Malicious code that enters a computer by means of a freely distributed game that is intentionally installed and played is known as: A. Technical support resources are consumed by increased user calls. Users are at risk for identity theft. Input validation C.

A.co m 20 . sts . D. Security+ Study Guide .com Ac Reference: Mike Pastore and Emmett Dulaney . Any Time. hierarchical Answer: B QUESTION NO: 54 Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item. The system administrator establishes these parameters and associates them with an account. hybrid B. This is an example of: A. The MAC model can be very restrictive. MACs (Mandatory Access Control) method C. a man in the middle attack "Pass Any Exam. p 11 tua The MAC model is a static model that uses a predefined set of access privileges to files on the system. downlevel. C. 2nd Edition. LBACs (List Based Access Control) method B." . enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. DACs (Discretionary Access Control) method Answer: B QUESTION NO: 55 A person pretends to be a telecommunications repair technician. Sybex . RBACs (Role Based Access Control) method D. 2004. social engineering B. Then all users are given specific security clearances as to what they are allowed to access.actualtests. The person connects a packet sniffer to the network switch in the wiring closet and hides the sniffer behind the switch against a wall. files or resources. peer-to-peer.www. Alameda . lTe Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments.CompTIA SY0-101: Practice Exam A. All objects are given security labels known as sensitivity labels and are classified accordingly.

A. Which of the following would allow an administrator to find weak passwords on the network? A. A password generator Answer: A QUESTION NO: 58 Which of the following network authentication protocols uses symmetric key cryptography. A networkmapper C. RADIUS B. a penetration test Answer: A QUESTION NO: 56 Social engineering attacks would be MOST effective in which of the following environments? (Select TWO). A public building that has shared office space.CompTIA SY0-101: Practice Exam C." . A military facility with computer equipment containing biometrics. TACACS+ D.actualtests. Kerberos C.www. windowless building D. A company with a dedicated information technology (IT) security staff. A hash function D.co Answer: A. A company with a help desk whose personnel have minimal training. stores a shared key for each network resource and uses a Key Distribution Center (KDC)? A.com Ac tua lTe sts QUESTION NO: 57 . C. E. A locked. Any Time. B.D m 21 . A rainbow table B. PKI Answer: B "Pass Any Exam. a vulnerability scan D.

That challenge can also include a hash of transmitted data. Cryptographic keys B. Answer: C QUESTION NO: 61 A system administrator reports that an unauthorized user has accessed the network. QUESTION NO: 60 Choose the terminology or concept which best describes a (Mandatory Access Control) model.www.com Ac Explanation: The word lattice is used to describe the upper and lower level bounds of a user' access permission. but also the data integrity. "Pass Any Exam. Which of the following would be the FIRST action to take? A.CompTIA SY0-101: Practice Exam QUESTION NO: 59 Choose the password generator that uses a challenge-response method for authentication.co m 22 . Smart cards C. has an authentication server that generates a challenge (a large number or string) which is encrypted with the private key of the token device and has that token device's public key so it can verify authenticity of the request (which is independent from the time factor). Contact law enforcement officials. Clark and Wilson sts . B. A. Any Time. D. Determine the business impact. BIBA C. Lattice D. Notify management. Asynchronous password generator Answer: C Explanation: An synchronous password generator. Synchronous password generator D. Bell La-Padula B." . so not only can the authentication be assured. tua lTe A. C. Contain the problem.actualtests.

CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 62 One of the below attacks focus on the cracking of passwords. Log off the user lTe Which of the following should be done if an audit recording fails in an information system? sts . Although most systems resist such attacks. which one is it? A. 80 C. 443 Answer: D "Pass Any Exam.co m 23 . A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. 25 B.com Ac tua A. Dictionary B. Send an alert to the appropriate personnel C. QUESTION NO: 63 Answer: B QUESTION NO: 64 The MOST common Certificate Server port required for secure web page access is port: A. In one case.actualtests. Teardrop C. some do not.www. Any Time. Stop generating audit records D. Overwrite the oldest audit records B. Spamming D. one system in five yielded to a particular dictionary attack. 446 D. SMURF Answer: A Explanation: Dictionaries may be used in a cracking program to determine passwords." .

CompTIA SY0-101: Practice Exam QUESTION NO: 65 IPSec uses which of the following protocols to provide traffic security? (Select TWO).C QUESTION NO: 66 Which of the following would be an advantage for using PKI over a key server system? A. WPA D.actualtests. Certificate authority revocation is easy to implement.co m . L2TP B. WAN B. A small manufacturing company wants to deploy secure wireless on their network." . A. PPTP E. SSL F. The root certificate authority key can be stored offline. C.www. Phreaking "Pass Any Exam. The key server is superior in large systems. IPX C. Which of the following wireless security protocols could be used? (Select TWO). A. Any Time. WEP Answer: C. SSH Answer: B. AH C. Encapsulating Security Protocol (ESP) D. B. PKI is less complex to deploy. D.D QUESTION NO: 68 In addition to bribery and forgery.com 24 Ac tua QUESTION NO: 67 lTe Answer: C sts . which of the following are the MOST common techniques that attackers use to socially engineer people? (Select TWO) A.

" . Changing file level audit settings D. Dumpster diving D. Anti-aliasing D.com Ac tua A. Which of the following should the technician recommend to address this problem? A. RAID D. Clustering B. Implementing a host based intrusion prevention system "Pass Any Exam. Assuming a position of authority Answer: D.A technician is auditing the security posture of an organization.co m 25 . Remote access lTe Which of the following would be an example of a high-availability disk technology? sts . Implementing a host based intrusion detection system C. Non-repudiation Answer: D QUESTION NO: 70 Answer: C QUESTION NO: 71 .www. Changing the user rights and security groups B.CompTIA SY0-101: Practice Exam B. Any Time. Flattery E.actualtests. The audit shows that many of the users have the ability to access the company's accounting information.E QUESTION NO: 69 Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received? A. Data integrity B. Asymmetric cryptography C. Whois search C. Load balancing C.

Botnet C. B. p 136 QUESTION NO: 74 Choose the compoenent that you would locate in the DMZ (Demilitarized Zone). Phishing D. The HTTP (Hypertext Transfer Protocol) protocol. Any Time. sts . CGI scripts could be used to capture data from a user using simple forms. A. Alameda . 2nd Edition. Sybex . The CGI script ran on the web server." . Adware B.co Which scenario or element would typically cause a CGI (Common Gateway Interface) security issue? m . CGI is frowned upon in new applications because of its security issues. The web browser. The external data provided by the user. SQL (Structured Query Language) server "Pass Any Exam. D. 2004.www.CompTIA SY0-101: Practice Exam Answer: A QUESTION NO: 72 Which of the following is commonly used in a distributed denial of service (DDOS) attack? A. and it interacted with the client browser. C. Trojan Answer: B QUESTION NO: 73 Answer: A Explanation: Common Gateway Interface is an older form of scripting that was used extensively in early web systems. but it still widely used in older systems.com 26 Ac tua lTe A. Reference: Mike Pastore and Emmett Dulaney . The compiler or interpreter which runs the CGI script. Security+ Study Guide .actualtests. the answer would be D. Although the answer is not given in the paragraph from the book.

com 27 Ac tua lTe sts . the IDS detects a potential security breach. A network based IDS system can monitor and report on all network traffic. attack patterns within the network and malicious activities.co m . the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source. A network based IDS system can detect dial-in intrusions and attempts to physically access the server. Security+ Study Guide . p 26 QUESTION NO: 75 Of the intrusion detection capabilities listed below.actualtests. FTP (File Transfer Protocol) server D." . Any Time. C. By isolating a server in a DMZ. "Pass Any Exam. 2nd Edition. B. Answer: B Explanation: In a passive system. A FTP server can be used by people from outside of your network and should be placed in the DMZ. 2004. D. User workstations C. QUESTION NO: 76 A security specialist is called to an onsite vacant office where an employee has found an unauthorized wireless access device connected to an RJ-45 jack linked to the corporate LAN. Reference: Mike Pastore and Emmett Dulaney . A network based IDS system can detect attacks in progress.CompTIA SY0-101: Practice Exam B. A network based IDS system can see packet header information. Customer account database Answer: C Explanation: A DMZ is an area where you can place a public server for access by people you might not trust otherwise.www. In a reactive system. Sybex . Alameda . which is invisible to hostbased IDS systems. you can hide or remove access to other areas of your network. which is FALSE for a network based IDS system? A. based on where it is located. logs the information and signals an alert.

Application-proxy Answer: D QUESTION NO: 78 Choose the attack or malicious code that cannot be prevented or deterred solely through using technical measures. C. B.actualtests. Social engineering. Turn off the power. DoS (Denial of Service) attacks. newsletters. Packet filters B. it is unlawful to use technology to directly control people's emotions and behaviors.co m 28 . Answer: D QUESTION NO: 77 Which of the following types of firewalls provides inspection at layer 7 of the OSI model? A. B. login banners and e-mails would be good tools to utilize in a security: "Pass Any Exam.www." . Any Time. Dictionary attacks. C. Answer: B Explanation: Because of human rights laws.com Ac tua lTe sts . D. D. For this reason social engineering attacks cannot be deterred through technical means. QUESTION NO: 79 Company intranet. Man in the middle attacks. A. posters. Install a sniffer. Disconnect the network cable. Call the police. Network address translation (NAT) D.CompTIA SY0-101: Practice Exam Which of the following actions should the administrator take FIRST? A. Stateful inspection C.

CompTIA SY0-101: Practice Exam A. control test C. anti-virus program C. policy review Answer: A Explanation: Advertisement techniques are used to bring product awareness to a consumer.www. hub D. investigation D.actualtests. QUESTION NO: 80 An IDS sensor on a network is not capturing all the network data traffic. likewise advertising techniques can also be used to bring awareness to security programs. honeypot B.com Ac tua lTe sts . firewall Answer: D QUESTION NO: 82 Which of the following access decisions are based on a Mandatory Access Control (MAC) environment? A. packet sniffer D." .co m 29 . Sensitivity labels "Pass Any Exam. switch B. This may be happening because the sensor is connected to the network with a: A. Any Time. awareness program B. router Answer: A QUESTION NO: 81 A software or hardware device that allows only authorized network traffic in or out of a computer or network is called a: A. bridge C.

QUESTION NO: 83 Which of the following is a best practice for managing user rights and privileges? A. create groups. quarantine Answer: A QUESTION NO: 85 Choose the malicious code which can distribute itself without using having to attach to a host file. Create a list of departments.CompTIA SY0-101: Practice Exam B. sandbox B. Enroll users in a biometric authentication system.actualtests. Any Time. issue certificates to each user. B. assign rights and privileges based on individual certificates. Identify roles and objects to be accessed. Answer: B QUESTION NO: 84 The concept that a web script is run in its own environment and cannot interfere with any other process is known as a: A. All objects are given security labels known as sensitivity labels and are classified accordingly. C. Then all users are given specific security clearances as to what they are allowed to access. Create a certificate authority.www. "Pass Any Exam.com 30 Ac tua lTe sts .co m . meet with the departments and direct them to access their departmental folder. VLAN C." . Ownership C. Group membership D. honey pot D. and grant rights and privileges. and grant rights and privileges based on groups. create a folder for each department. deploy biometric hardware to the client computers. D. Access control lists Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments.

nmap C.www.actualtests.co m . A virus. NETSTAT B. Dry powder C. Carbon dioxide (CO2) D. A worm. Answer: C QUESTION NO: 86 During a live response to an unauthorized access. A logic bomb. Which of the following can be used to explain the reasons a security review must be completed? A. C. Which of the following commands would be used to display the current network connections on the local computer? A. IPCONFIG / IFCONFIG Answer: A QUESTION NO: 87 Which of the following is a suppression method for a Class C fire? A. Need to know policy B. netcat D. a forensics specialist executes a command on the computer being investigated. Water Answer: C QUESTION NO: 88 A computer system containing personal identification information is being implemented by a company's sales department.CompTIA SY0-101: Practice Exam A. A Trojan horse. The sales department has requested that the system become operational before a security review can be completed. Any Time. B. Corporate security policy "Pass Any Exam." .com 31 Ac tua lTe sts . Risk assessment C. D. Soda acid B.

com Ac tua A. Any Time. You want to reduce the likelihood of certpaper. D. . assets Answer: D How will you accomplish the task? Answer: C Explanation: The question doesn't ask what method can be used to best secure the emails. C.CompTIA SY0-101: Practice Exam D. Create and enforce ACLs (Access Control List). Implement a strong authentication method.com employees misusing your ORG. B.www. or what will best prevent the transmission of nonessential email. Create and enforce network security policy. so the correct answer is to create a network security policy that defines what kind of email use constitutes the term misuse. vulnerabilities D. Badge security system B. lTe sts You work as the security administrator.actualtests." . Vulnerability assessment Answer: C QUESTION NO: 89 The first step in risk identification would be to identify: A. e-mail. threats B. It asks what action will discourage the employees.co QUESTION NO: 90 m 32 . QUESTION NO: 91 Which of the following is the MOST effective social engineering defensive strategy? A. costs C. Encrypt all company e-mail messages. Escorting of guests "Pass Any Exam.

actualtests." . Alameda .co m 33 .CompTIA SY0-101: Practice Exam C. B. 2004. Rule Based Access Control (RBAC). 2nd Edition. Role Based Access Control (RBAC) C. This situation can cause an application to terminate. Security+ Study Guide . Mandatory Access Control (MAC) Answer: B QUESTION NO: 94 "Pass Any Exam.com Ac tua lTe Reference: Mike Pastore and Emmett Dulaney . Smurf attack Answer: C QUESTION NO: 93 An organization has a hierarchical-based concept of privilege management with administrators having full access.www. D. A. Marking of documents Answer: C QUESTION NO: 92 From the list below. p 135 sts Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. . This is BEST described as: A. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Discretionary Access Control (DAC). Any Time. Ping of death B. choose the exploit that can be considered a DoS attack because more traffic than what the node can handle is flooded to that node. Training and awareness D. Buffer overflow D. human resources personnel having slightly less access and managers having access to their own department files only. Sybex . Logic bomb C.

D QUESTION NO: 95 Which of the following is considered by some HIDS tools to detect system security related anomalies? A. Network Based Active Answer: A. A." . uses weak encryption "Pass Any Exam.com Ac tua Which of the following is the MOST efficient way to force a large number of users to change their passwords on logon? lTe sts . File hashing snapshot comparison C. Force the change with remote logon. Patch reports B. Vulnerability analysis snapshot comparison D. Force the change by security group. Force the change with registry editor. Virus signature reports Answer: B QUESTION NO: 96 A. Host Based Active C.CompTIA SY0-101: Practice Exam Which of the following types of IDS should be implemented to monitor traffic on a switch? (Select TWO).www. C. Host Based Passive D. Network Based Passive B.actualtests. D. Any Time. Force the change with group policy B. The MOST important security issue to address when using instant messaging is that instant messaging: A.co m 34 . Answer: A QUESTION NO: 97 The employees at a company are using instant messaging on company networked computers.

QUESTION NO: 100 "Pass Any Exam. Deploy a proxy server Deploy. communications are open and unprotected Answer: D QUESTION NO: 98 Which of the following is a reason to use a vulnerability scanner? A. C.CompTIA SY0-101: Practice Exam B.com.www.co m 35 . Deploy a VLAN (Virtual Local Area Network) Deploy. Any Time. Deploy firewalls between your subnets. How will you accomplish the task? sts . Deploy a VPN (Virtual Private Network). You also want to use the least amount of administrative effort to accomplish your task. VLAN's would restrict access only to their local VLAN. has no common protocol D. and this would require less administrative overhead than setting up firewalls at each subnet. tua lTe You work as the security administrator at Certpaper.com Ac A. They are also hardware based (at the switch and MAC level) Firewalls are used so that external users (outside the organization cannot get in). B. whereas VLAN's are used within an organization to provide security. To assist with PKI implementation C.actualtests." . D. To identify open ports on a system D. The solution which you implement to restrict network access must be hardware based. You must ensure that internal access to other parts of the network is controlled and restricted. To assist with protocol analyzing Answer: C QUESTION NO: 99 Answer: B Explanation: Implement a VLAN (Virtual Local Area Network) to restrict network access is the best answer. To identify remote access policies B. communications are a drain on bandwidth C.

Username/password D. Sybex . Certificates Answer: C QUESTION NO: 102 Which of the following authentication methods is based upon an authentication server that distributes tickets to clients? A. Results in disconnection from the file server." . A. and traditional DoS attacks. Challenge Handshake Authentication Protocol (CHAP) Answer: B "Pass Any Exam.actualtests. Kerberos D. Multifactor B. E. Security+ Study Guide . 2004. Reference: Mike Pastore and Emmett Dulaney . F. Trojan Horse programs. B.com Ac tua lTe sts . D. Any Time. Results in theft of root user credentials.co m 36 . C. CHAP C. 2nd Edition. Security Tokens B. p 197 QUESTION NO: 101 Which of the following authentication systems make use of the KDC Key Distribution Center? A. Results in Blue Screen of Death errors.CompTIA SY0-101: Practice Exam Choose the option that correctly details the greatest vulnerability of using Instant Messaging clients. Results in loss of email privileges. Alameda .www. Results in slow Internet connections. Results in malicious code being delivered by file transfer. Kerberos C. Answer: A Explanation: IM clients can also be compromised by malicious code.

then receiving a new temporary password on a pre-specified email address) without having to call the help desk. 8 Answer: B QUESTION NO: 104 Answer: A QUESTION NO: 105 Poor programming techniques and lack of code review can lead to which of the following types of attack? A. Birthday Answer: A "Pass Any Exam.www. Any Time. Dictionary C.com Ac Explanation: A self service password reset is a system where if an individual user forgets their password. one C. tua lTe sts A.CompTIA SY0-101: Practice Exam QUESTION NO: 103 Which of the following is the number of security associations in an IPSec encrypted session for each direction? A.actualtests. 4 B. For a system with many users." . multiple access methods management systems D. they can reset it on their own (usually by answering a secret question on a web prompt. Common Gateway Interface (CGI) script D. synchronized passwords management systems . Buffer overflow B.co Which password management system best provides for a system with a large number of users? m 37 . 2 D. Locally saved passwords management systems C. Self service password reset management systems B. this will significantly reduce the help desk call volume.

CompTIA SY0-101: Practice Exam Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. This exploitation is usually a result of a programming error in the development of the software. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 135

QUESTION NO: 106 Most current encryption schemes are based on: A. algorithms B. time stamps C. digital rights management D. randomizing Answer: A

QUESTION NO: 107

A. At the stage when the connection is established. B. At the stage when the connection is established and at whichever time after the connection has been established. C. At the stage when the connection is established and when the connection is disconnected. D. At the stage when the connection is disconnected. Answer: B Explanation: CHAP performs the handshake process when first establishing a connection; and then at random intervals during the transaction session.

QUESTION NO: 108

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer.

lTe

sts

.co

m

38

CompTIA SY0-101: Practice Exam One type of port scan can determine which ports are in a listening state on the network, and can then perform a two way handshake. Which type of port scan can perform this set of actions? A. A TCP (transmission Control Protocol) fin scan B. A TCP (transmission Control Protocol) connect scan C. A TCP (transmission Control Protocol) null scan D. A TCP (transmission Control Protocol) SYN (Synchronize) scan Answer: D Explanation: In SYN scanning, a TCP SYN packet is sent to the port(s) to be scanned. If the port responds with a TCP SYN ACK packet, then the port is listening. If it replies with a TCP RST packet, then it is not.

QUESTION NO: 109

Which of the following would be the MOST important reason to apply updates? A. Software is a productivity facilitator and as new functionality is available the functionality must be enabled. B. Software is inherently insecure and as new vulnerabilities are found the vulnerabilities must be fixed. C. Software is a supported product and vendors won't support the product if the latest version is not installed. D. Software is a licensed product and the license will expire if not updated Answer: B

QUESTION NO: 110

A security specialist for a large distributed network with numerous divisions is selecting an access control model. Employees in the human resource division need access to personnel information but not production data and operations employees need access to production data only. Which of the following access control models would be MOST appropriate? A. Role Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Rule Based Access Control (RBAC) D. Discretionary Access Control (DAC)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

39

CompTIA SY0-101: Practice Exam Answer: A Explanation: Role based access control contains components of MAC (mandatory access control) and DAC (discretionary access control), and is characterized by its use of profiles. A profile is a specific role that a group of employees perform in a function and the resources they need access to. When an employee is hired he is put into a profile, and when the entire profile of workers needs more or less resources they can all be facilitated together.

QUESTION NO: 111 You work as the security administrator at Certpaper.com. One morning you discover that a user named Mia Hamm has used her user account to log on to a network server. Mia has then executed a program and been able to perform operations which only a network administrator or security administrator should be able to. What type of attack has occurred? A. Trojan horse. B. Security policy removal. C. Privilege escalation attack. D. Subseven back door. Answer: C

QUESTION NO: 112 A company has instituted a VPN to allow remote users to connect to the office. As time progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? A. IKE B. AES

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 522

tua

Explanation: A user obtaining access to a resource they would not normally be able to access. This is done inadvertently by running a program with SUID (Set User ID) or SGID (Set Group ID) permissions or by temporarily becoming another user.

lTe

sts

.co

m

40

co Explanation: Spoofed e-mails will not be detected by the IDS.com Ac Answer: A tua A. C.www. Vulnerability exploits.actualtests. m Answer: A 41 . Any Time. Port scan attack D.CompTIA SY0-101: Practice Exam C. QUESTION NO: 114 QUESTION NO: 115 Non-repudiation is enforced by which of the following? A. choose the attack which an IDS (Intrusion Detection System) cannot detect. A. Digital signatures B." . SSH C. IPSec B. SSL D. Spoofed e-mail B. SHA D. PKI Answer: A "Pass Any Exam. L2F lTe L2TP tunneling replies on which of the following for security? sts . Cipher block chaining C. 3DES Answer: A QUESTION NO: 113 From the options. Secret keys D. DoS (Denial of Service) attack.

Unique user IDs show which files and data were changed. D. Warm site D. Hot site Answer: D QUESTION NO: 117 When reviewing audit trails. they think twice about doing something they shouldn't do. QUESTION NO: 119 "Pass Any Exam. Unique user IDs cannot be modified easily. Unique user IDs triggers corrective controls. Any Time. Unique user IDs establishes individual accountability. C.co m A security system that uses labels to identify objects and requires formal authorization to use is BEST described as: 42 . what makes unique user IDs especially important? A. Role-Based Access Control (RBAC) D. B. When a user known that they are being tracked. Reciprocal agreement C. Cold site B.com Ac tua QUESTION NO: 118 lTe Answer: A sts A.actualtests. Mandatory Access Control (MAC) B. Discretionary Access Control (DAC) . Kerberos C." .CompTIA SY0-101: Practice Exam QUESTION NO: 116 Which of the following would be the MOST effective backup site for disaster recovery? A. Answer: C Explanation: With a unique user ID you'll have soft evidence on the timing and the action any accessed user accomplishes.www.

downlevel C. Multiple applications can be installed. Security+ Study Guide .com Ac tua lTe Explanation: The Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. 2004. HTTP (Hypertext Transfer Protocol) Answer: C Reference: Mike Pastore and Emmett Dulaney . Users must log on twice at all times. Which is it? A. Alameda . 2nd Edition. Answer: C Explanation: "Pass Any Exam. Sybex .actualtests.co m 43 . You can configure system wide permissions. sts . IPSec (Internet Protocol Security) B. VPN (Virtual Private Network) C. which details a specific advantage of implementing a single sign-on technology? A. Any Time. SSL (Secure Sockets Layer) D. hierarchical B. B. C. p 365 QUESTION NO: 121 From the options.www. The model with no single trusted root is known as: A. Multiple directories can be browsed. D." . hybrid Answer: C QUESTION NO: 120 One of these protocols is used to encrypt traffic passed between a web browser and web server.CompTIA SY0-101: Practice Exam Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. peer-to-peer D.

delete the files that violate security policy and report the situation to authorities. "Pass Any Exam. review logs for other compromises and notify the human resources department. the specialist should: A. a trust relationship D.co m 44 .www. 2nd Edition. D. review logs for other compromises and report the situation to authorities.actualtests. In addition to checking the FTP server. Any Time. Reference: Mike Pastore and Emmett Dulaney . contain the affected system. worm Answer: C QUESTION NO: 124 A security specialist is reviewing writable FTP directories and observes several files that violate the company's security policy. virus C. p 434 QUESTION NO: 122 A credential that has been digitally signed by a trusted authority is known as: A. review logs for other compromises. Security+ Study Guide ." . Logic bomb B. review logs for other compromises and report the situation.CompTIA SY0-101: Practice Exam The purpose is so a user can gain access to all of the applications and systems they need when they log on with a single sign-on. a trusted packet B. Sybex . Alameda . a certificate Answer: D QUESTION NO: 123 Which of the following will allow you to monitor a user??s online activities? A. C. 2004. reboot the affected server. B. Spy ware D.com Ac tua lTe sts . an encrypted tunnel C.

This exploitation is usually a result of a programming error in the development of the software.com. This situation can cause an application to terminate. Sybex . which exploits poor programming techniques or lack of code review? sts QUESTION NO: 126 . Answer: C Explanation: TCP port 25 is reserved for SMTP while port 110 is for POP3. Open UDP (User Datagram Protocol) port 110 to inbound connections. Security+ Study Guide ." . Answer: C Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. The Certpaper . CGI (Common Gateway Interface) scripts B. D. Dictionary attacks lTe From the listing of attack types. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system.co m 45 . B.com Ac tua A. Buffer overflow attacks D. C. Open TCP (Transmission Control Protocol) port 25 to inbound and outbound connections. p 135 "Pass Any Exam. Which ports must you open on the firewall to support SMTP connections? A. Any Time. Birthday attacks C. 2004.www. Open UDP (User Datagram Protocol) port 25 to inbound connections. Alameda .com network must be configured to support e-mail communication using SMTP (Simple Mail Transfer Protocol).actualtests. Open TCP (Transmission Control Protocol) port 110 to inbound and outbound connections. Reference: Mike Pastore and Emmett Dulaney .CompTIA SY0-101: Practice Exam Answer: C QUESTION NO: 125 You work as a security administrator at Certpaper . 2nd Edition.

Many-to-one mapping Answer: B.www. Many-to-many mapping B.actualtests. This is a tricky question with many close answers. All auditors.com Ac tua QUESTION NO: 129 lTe sts . Replay B. Considering the question refers to a user security policy. C.CompTIA SY0-101: Practice Exam QUESTION NO: 127 Which of the following are types of certificate-based authentication? (Select TWO) A. All security administrators. but make your best decision. One-to-many mapping D. B. I would say D would be the best choice.co m 46 . All users. Answer: B Explanation: There are many policies for companies these days. Fraggle Answer: C You plan to update the user security policy. XMAS Tree C. D. One-to-one mapping C. Any Time. the users and staff need to know the policy. Smurf D.D QUESTION NO: 128 Which of the following types of attacks consists of a computer sending PING packets with the destination address set to the network's broadcast address and the source address set to the target computer's IP address? A. Whom should the new updated user security policy be distributed and made available to? A." . All staff. "Pass Any Exam.

D. D. B. Tunneling is the process of moving through three levels of firewalls. C. set auditing on objects and review event logs.com 47 Ac tua lTe A. Enable auditing. Tunneling is the process of passing information over the Internet within the shortest time frame.CompTIA SY0-101: Practice Exam QUESTION NO: 130 Which of the following best describes what tunneling is? A.co m . Enable auditing. "Pass Any Exam. Enable auditing and set auditing to record all events. Tunneling is the process of utilizing the Internet as part of a private secure network.www. Any Time. They tunnel by placing secure encrypted IP packets into a non-secure IP packet. QUESTION NO: 131 Answer: C QUESTION NO: 132 Which of the following BEST describes the sequence of steps in the auditing process? A. Answer: D QUESTION NO: 133 Which of the following are components of host hardening? (Select TWO). Trojan horse programs sts Which of the following would be the MOST common method for attackers to spoof email? . Network engineers use tunneling to protect a data flow from the elements of the internet. Answer: D Explanation: Civil engineers build tunnels to allow one direction of traffic flow to be protected against another traffic flow. Open relays D.actualtests. set auditing on the object and respond as alerts are generated." . Man in the middle attacks C. Tunneling is the process of creating a tunnel capable of capturing data. or underneath a highway. C. They will build a tunnel under a river. B. Web proxy B. Set auditing on the object and respond as alerts are generated.

E. Biometric C. 2nd Edition. C. the data or payload and message headers are encrypted. SSH (Secure Shell). D. A. B. In tunneling mode. Adding users to the administrator group. DES (Data Encryption Standard). p 127 lTe Explanation: IPSec provides secure authentication and encryption of data and headers.CompTIA SY0-101: Practice Exam A. Answer: B. Configuring the Start menu and Desktop B.com Ac tua Reference: Mike Pastore and Emmett Dulaney .C QUESTION NO: 134 From the options. choose the VPN (Virtual Private Network) tunneling protocol. IPSec (Internet Protocol Security).co m 48 . Security+ Study Guide . D." . IPSec can work in tunneling mode or transport mode. Alameda . Answer: C QUESTION NO: 135 Which of the following types of authentication models uses a smart card and a User ID/Password for accessing network resources? A.actualtests. Mutual D. Sybex . sts . Tokens B. Transport modes encrypt only the payload. Applying patches C. AH (Authentication Header). Disabling unnecessary services. 2004.www. Multifactor Answer: D "Pass Any Exam. Any Time. Removing a user's access to the user's data.

Nmap D. Then all users are given specific security clearances as to what they are allowed to access.www. which of the following are access decisions based on? lTe sts . John the Ripper B. Detection based B. Group membership C. QUESTION NO: 139 When setting password rules. L0phtcrack C." . Signature based D. which of the following would lower the level of security of a network? "Pass Any Exam. Sensitivity labels B. Ownership tua In a mandatory access control (MAC) environment. Access control lists D.actualtests. Cain & Abel Answer: C QUESTION NO: 138 Answer: A Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments. Anomaly based Answer: C QUESTION NO: 137 Which of the following is a port scanning utility? A.CompTIA SY0-101: Practice Exam QUESTION NO: 136 Which of the following types of IDS uses known patterns to detect malicious activity? A. All objects are given security labels known as sensitivity labels and are classified accordingly.com 49 Ac A. Keyword based C.co m . Any Time.

D. Under this scenario.com Ac Answer: A tua A. which of the following inventory system permissions might be BEST aligned with the least privilege principle for the managers? sts . After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account. Write rights C. Degaussing D. Update rights B. Read rights D. the risk of social engineering increases. Full access lTe A clothing store with a single location has one owner. Sanitization Answer: D "Pass Any Exam. Destruction B. Complex passwords that users can not remotely change are randomly generated by the administrator and given to users Answer: D Explanation: If a user gets a difficult password that they can't remember. Passwords must be greater than six characters and contain at least one non-alpha. Any Time. two managers and six cashiers. Since the user won' be able to reset the password themselves they'll have to make regular trips to help desk for a new password. QUESTION NO: 140 QUESTION NO: 141 What is the BEST process of removing PII data from a disk drive before reuse? A.co m 50 . All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before. Reformatting C.actualtests.www. C. B." .CompTIA SY0-101: Practice Exam A. there's a certain chance that they will forget the password or compromise security by writing down their password on a Post It note on their keyboard. and with regular disgruntled users getting emotional over passwords.

49 F. Any Time. 143 B. Integrity D. D. effectively making any intercepted password good for only the brief interval of time before the legitimate user happens to login themselves.actualtests. 23 D. C. or be on the verge of expiration within a matter of hours. 3389 C. Answer: C Explanation: A one time password is simply a password that has to be changed every time you log on. if someone were to intercept a password it would probably already be expired. So by chance. Implement aone time password. Confidentiality C.com Ac Answer: C tua A.www. Non-repudiation lTe Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with? sts QUESTION NO: 143 . 110 E. Authentication B. Implement a VPN (Virtual Private Network). QUESTION NO: 144 Which of the following ports are typically used by email clients? (Select TWO) A. B." .CompTIA SY0-101: Practice Exam QUESTION NO: 142 Which of the following is a solution that you can implement to protect against an intercepted password? A. 194 "Pass Any Exam.co m 51 . Implement complex password requirements. Implement PPTP (Point-to-Point Tunneling Protocol).

Vulnerability assessment C. User IDs and passwords Answer: B QUESTION NO: 147 Which of the following activities is MOST closely associated with DLL injection? A. Any Time. tua lTe sts . The physical cabling topology of a network B. Network mapping Answer: C "Pass Any Exam.actualtests. PKI Answer: A QUESTION NO: 146 Malicious port scanning is a method of attack to determine which of the following? A. PGP C. The fingerprint of the operating system C. Several programs now can use port scanning for advanced host detection and operating system fingerprinting. Computer name D. the hacker can look up known vulnerabilities and exploits for that particular system.co m 52 .CompTIA SY0-101: Practice Exam Answer: A. SSL B.com Ac Explanation: Malicious port scanning is an attempt to find an unused port that the system won't acknowledge. With knowledge of the operating system.D QUESTION NO: 145 A URL for an Internet site begins with 'https:' rather than 'http:'' which is an indication that this web site uses: A. SQL servers B.www." . Kerberos D. Penetration testing D.

Demilitarized zone (DMZ) Answer: D QUESTION NO: 149 Answer: D QUESTION NO: 150 Which of the following could result in a DDoS? A.g.co The MOST common exploits of Internet-exposed network services are due to: m 53 . IDS C. Trojan horse programs C.www. TCP/IP Hijacking B. the CA should issue: A. Filter router B. illicit servers D.actualtests.CompTIA SY0-101: Practice Exam QUESTION NO: 148 Which of the following portions of a company's network is between the Internet and an internal network? A. Bastion host D.com Ac tua lTe sts A. Any Time. active content (e. Buffer Overflow C. buffer overflows . NIPS D. Privilege escalation Answer: D QUESTION NO: 151 If a user reports that the user's public/private key has been compromised." . Java Applets) B. a CRL "Pass Any Exam.

a CPS D. installing software patches B. a PKCS Answer: A QUESTION NO: 152 The FIRST step in creating a security baseline would be: A. vulnerability testing." . D. PCI card D. an LDAP C. Mandatory Access Control (MAC) D. identifying the use case Answer: B QUESTION NO: 153 Which of the following would be an example of a hardware device where keys can be stored? (Select TWO).com Ac tua lTe sts . This is a feature of which of the following access control models? A. Discretionary Access Control (DAC) B.www. Any Time. Network interface card (NIC) Answer: A. creating a security policy C.co m 54 . Smart card B.B QUESTION NO: 154 A user is assigned access rights explicitly.actualtests. PCMCIA card C. A. Role Based Access Control (RBAC) Answer: A "Pass Any Exam. Rule Based Access Control (RBAC) C.CompTIA SY0-101: Practice Exam B.

Security Answer: A Explanation: In the hosting business. hacker attacks.actualtests. labour actions. sabotage. Baseline security analyzer C. Vulnerability scanner D.com Ac tua lTe sts . To allow or deny specific actions to users or groups C. Application C. Any Time. Enterprise System Management (ESM) B. Network D. You want to ensure the availability of server based resources over guaranteed server performance levels. To allow or deny network traffic from host based systems D. force majeure. these agreements have exceptions which include: scheduled network maintenance. insurrections." . To allow or deny network traffic from server based systems "Pass Any Exam.000 computers? A.www.com. virus attacks. and usually offer concessions for times of reduced availability. To allow or deny signature updates to group applications B. and past due accounts on your part. Hosting B. every company aims for 100% availability in their service level agreements. software maintenance. Sadly. hardware maintenance. Logon script Answer: A QUESTION NO: 156 You work as the security administrator at Certpaper . You are defining a SLA (Service Level Agreement). What must you include in the SLA to achieve this objective? A. war.CompTIA SY0-101: Practice Exam QUESTION NO: 155 Which of the following would be BEST for deploying third-party application security updates on a network with 1.co m 55 . QUESTION NO: 157 Privileges are used for which of the following purposes? A.

Any Time. D." . Implement two-factor authentication Answer: B QUESTION NO: 161 Which of the following is a critical element in private key technology? "Pass Any Exam. C.co m 56 . Faraday cage B. DNS B. Mantrap D. Web D. Email Answer: B QUESTION NO: 159 An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following? A. Implement previous logon notification. TEMPEST C.CompTIA SY0-101: Practice Exam Answer: B QUESTION NO: 158 Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data? A. Implement session lock mechanism.actualtests. FTP C.www. Grounded wiring frame Answer: A Which of the following methods will help to identify when unauthorized access has occurred? A. Implement session termination mechanism B.com Ac QUESTION NO: 160 tua lTe sts .

D. You want to enable anonymous FTP (File Transfer Protocol) read/write access.CompTIA SY0-101: Practice Exam A. The storage and distribution of unlicensed software. DNS log B. QUESTION NO: 164 On a Windows host. Using the key to decrypt messages. The upload and download directory for each user. Distributing the key to everyone. Passwords D.actualtests.com. C. Choose the important factor which you should consider and be aware of. then answer C would seem to be the best answer. tua lTe You work as the security administrator at Certpaper .co m 57 . Answer: A QUESTION NO: 162 The Diffie-Hellman encryption algorithm relies on which of the following? A. Digital signatures Answer: B Answer: D Explanation: Anonymous FTP is based on good faith. Tunneling B.com Ac A. The detailed logging information for each user. Less server connections and network bandwidth utilization. Any Time. Keeping the key secret B.www. But if it used to take advantage of the non-secure logon. sts QUESTION NO: 163 . Key exchange C. C." . B. which of the following event logs would contain failed logons? A. D. Application log "Pass Any Exam. Getting the proper key the first time.

Process lists. Old passwords. Network diagrams. IP (Internet Protocol) address lists. lays dormant until a user opens the certain program then deletes the contents of attached network drives and removable storage devices is known as a: "Pass Any Exam. Boot sectors.CompTIA SY0-101: Practice Exam C.E QUESTION NO: 167 Malicious code that enters a target system. System log Answer: C QUESTION NO: 165 Choose the items that an intruder would ignore when going through disposed garbage. Security log D. D." . Minimum password age Answer: B. Account lockout D.com 58 Ac tua QUESTION NO: 166 lTe Explanation: When people create complex passwords that they can't remember. or on their desk ledger. Any Time. sts . A.actualtests. Password complexity controls B. B. A.www. F.E. E. Virtual memory. Password history C. C. Choose all options that apply. Maximum password age E. usually on a notepad.co m .F Which of the following settings works BEST to avoid password reuse? (Select TWO). a Post It note. or are in a situation where they need multiple passwords they have a tendency of writing their passwords down. Answer: C.

www. social engineering D. a Trojan horse B. logic bomb D. Open ports 636 and 137 D. honeypot C.com Ac tua A. worm Answer: C QUESTION NO: 168 A Windows file server is an example of which of the following types of models? A. Open ports 389 and 139 B. The Certpaper .com. a man-in-the-middle attack C. Discretionary Access Control (DAC) B. Which ports must you open on the firewall to allow LDAP traffic? A.co m 59 . Mandatory Access Control (MAC) D. Trojan horse B. Role Based Access Control (RBAC) Answer: A Answer: C QUESTION NO: 170 You work as the security administrator at Certpaper .actualtests. Any Time." . Open ports 389 and 636 C. a phishing attack lTe Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as: sts QUESTION NO: 169 . Open ports 137 and 139 "Pass Any Exam. Rule Based Access Control (RBAC) C.CompTIA SY0-101: Practice Exam A.com network must be configured to allow LDAP (Lightweight Directory Access Protocol) traffic.

cs.berkeley. D." . AllCertpaper . but it is frequently considered to be a feature of WEP. most installations use a single key that is shared between all mobile stations and access points. Anyone WEP relies on a secret key that is shared between a mobile station ( eg . QUESTION NO: 171 The Certpaper . B. A.com Ac tua lTe Explanation: The 802. Any Time. and an integrity check is used to ensure that packets are not modified in transit. a laptop with a wireless Ethernet card) and an access point ( ie .actualtests.isaac. The secret key is used to encrypt packets before they are transmitted. OnlyCertpaper .com users that have the correct WEP (Wired Equivalent Privacy) key.html QUESTION NO: 172 To keep an 802. a user should: "Pass Any Exam. Administrators only.11 standard describes the communication that occurs in wireless local area networks (LANs). The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping.edu/isaac/wep-faq.11x network from being automatically discovered.com wireless network environment uses WEP (Wired Equivalent Privacy) to provide wireless security. In practice.CompTIA SY0-101: Practice Exam Answer: B Explanation: The 'well known' LDAP ports are 389 for LDAP and 636 for LDAP SSL.11 standard.www.co Answer: C m 60 . C. a base station). sts . however. More sophisticated key management techniques can be used to help defend from the attacks we describe.com users. Choose the entity or entities that can authenticate to an access point. Reference: http://www. no commercial system we are aware of has mechanisms to support such techniques. A secondary function of WEP is to prevent unauthorized access to a wireless network. The standard does not discuss how the shared key is established. this function is not an explicit goal in the 802.

Identification "Pass Any Exam. change the SSID name. the URL that appears in the browser does not match the link. Allocation B. Protocol analyzer Answer: D QUESTION NO: 175 A user logs in with a domain account and is denied access to a specific file which the user should have access to. leave the SSID default. C. Authentication C.com 61 Ac tua lTe sts . The email contains a link and when the user accesses the link.co m . Answer: D QUESTION NO: 173 A user receives an email asking the user to reset the online banking username and password. redirecting B. D." . activate the SSID password B. The server is not able to verify the identity of the user. Vulnerability scanner C.www. Any Time. hijacking C.actualtests.CompTIA SY0-101: Practice Exam A. phishing D. This would be an example of: A. Port scanner D. spoofing Answer: C QUESTION NO: 174 Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text? A. Password cracker B. turn off the SSID broadcast. Which of the following is the problem? A.

Wireless client. "Pass Any Exam. separation of duties C. access control Answer: D QUESTION NO: 178 SSL (Secure Socket Layer) establishes a stateful connection negotiated by a process performed between client and server.E QUESTION NO: 177 A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties. A. 3. C. Wireless network interface card. Client and server authentication.co m . and bandwidth capability creating a security mechanism is a difficult task. Identify the protocol (steps) that allow for the following: 1. Web server.actualtests. Any Time. Selection of cryptographic keys. Authorization Answer: B QUESTION NO: 176 WTLS (Wireless Transport Layer Security) provides security services between network devices or mechanisms.CompTIA SY0-101: Practice Exam D. WAP (Wireless Application Protocol) gateway B. MAC (Mandatory Access Control) and encryption algorithm negotiation. concurrent session control B. This is an example of: A. 2. processing power. E. WTLS is the method security for WAP (Wireless Application Protocol) and it provides transport layer security directly between a wireless device and the WAP gateway." . D.www.com 62 Ac tua lTe sts Explanation: Since most wireless devices are low in: memory. Mobile device. Answer: A. least privilege D. . Which is it? Choose all that apply.

C. tua lTe sts . Cookies." . Answer: C Reference: Mike Pastore and Emmett Dulaney . Buffer Overflows. Sybex . Security+ Study Guide . 2nd Edition. Access control lists B.com 63 Ac Explanation: Buffer overflows occur when an application receives more data than it is programmed to accept. D. C. Answer: C Explanation: SSL Handshake Protocol * runs before any application data is transmitted * provides mutual authentication * establishes secret encryption keys * establishes secret MAC keys QUESTION NO: 179 Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept? A. CGI. This situation can cause an application to terminate. SSL (Secure Sockets Layer) change cipher spec protocol.actualtests. p 135 QUESTION NO: 180 Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications? A. Any Time.www. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. Alameda .co m . SMTP Relay B. SSL (Secure Sockets Layer) alert protocol. D. Constrained user interfaces "Pass Any Exam. 2004.CompTIA SY0-101: Practice Exam A. SSL (Secure Sockets Layer) handshake protocol. SSL (Secure Sockets Layer) record protocol. B.

Firewall logs Answer: D Choose the primary disadvantage of using a third party mail relay. Single sign-on D. B.actualtests. and the message will appear to be legitimate coming from the email server. B.co m 64 . Anyone on the internet can relay an unsolicited email through an SMTP server. A third party mail relay restricts the types of e-mail that maybe sent. AV server logs C. Which of the following could BEST be used to confirm the administrator's suspicions? A. Spammers can utilize the third party mail relay.com Ac tua lTe sts QUESTION NO: 182 . "Pass Any Exam. QUESTION NO: 183 Choose the statement that best details the difference between a worm and a Trojan horse? A." . C.www. HIDS logs D. A third party mail relay restricts spammers from gaining access. Encryption protocol Answer: C QUESTION NO: 181 An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. Worms self replicate while Trojan horses do not. and it makes it much more difficult to trace the spammer. Any Time. Proxy logs B. D.CompTIA SY0-101: Practice Exam C. A. Answer: C Explanation: Using a third party email relay can put you in an advantage of getting unnecessary spam. A third party mail relay limits access to specific users. Worms are a form of malicious code while Trojan horses are not.

actualtests. It is used to encrypt and decrypt data signals transmitted between Wireless LAN devices. Alameda . WTLS is the security layer of the WAP. Authentication Which solution should you implement? sts ." . They do not reproduce or self replicate.co m . Worms reproduce themselves. D. WTLS (Wireless Transport Layer Security) C. are self-contained and do not need a host application to be transported. Sybex . Data integrity 3. WSET (Wireless Secure Electronic Transaction) D. data integrity and authentication for WAP services. WAP (Wireless Application Protocol) B. WEP (Wired Equivalent Privacy) lTe You work as the security administrator at Certpaper . providing privacy. Reference: Mike Pastore and Emmett Dulaney . Worms are distributed through e-mail messages while Trojan horses do not. Security+ Study Guide . There is no difference between a worm and a Trojan horse. Which network attack does this? "Pass Any Exam. 2004. In essence.com.com 65 Ac Answer: B tua A. 85 QUESTION NO: 184 Explanation: Short for Wireless Transport Layer Security. QUESTION NO: 185 One type of network attack sends two different messages that use the same hash function to generate the same message digest. WEP makes a wireless LAN link as secure as a wired link. Not A: WEP is one of the most popular features available for a Wireless LAN. You want to implement a solution which will provide the following for handled devices in your wireless network: 1. pp 83.www. Answer: A Explanation: A worm is different from a virus. 2nd Edition.CompTIA SY0-101: Practice Exam C. Any Time. The Trojan horse program may be installed as part of an installation process. Data privacy 2.

Birthday attack. AES C. Answer: C Explanation: Microsoft Exchange Server 5. DES . Any Time. Can result in the unauthorized disclosure of private information. C.5 had a vulnerability that made it suspect to crashes following a malformed MIME header. D.actualtests." .co m Which of the following provides the MOST secure form of encryption? . Diffie-Hellman D. QUESTION NO: 188 "Pass Any Exam. B. Can lead to the creation of a back door. QUESTION NO: 186 Answer: B QUESTION NO: 187 A malformed MIME (Multipurpose Internet Mail Extensions) header can have a negative impact on the system. Man in the middle attack. which will enable attackers to access the internal network. By that rational if an attacker examines the hashes of an entire organizations passwords.0 & 5. they'll come up with some common denominators.CompTIA SY0-101: Practice Exam A. Answer: A Explanation: A birthday attack is based on the principle that amongst 23 people. Can result in an e-mail server crashing. D. B. 3DES B.www. Patches have since been released. Choose the option that correctly details this.com 66 Ac tua lTe sts A. the probability of 2 of them having the same birthday is greater the 50%. C. A. Brute force attack. Can create a virus that infects the computers of users. Ciphertext only attack.

Any Time. Router with firewall rule set lTe sts A remote user has a laptop computer and wants to connect to a wireless network in a hotel. Network firewall C.com Ac tua A." . Which of the following should be implemented to protect the laptop computer when connecting to the hotel network? . QUESTION NO: 189 Answer: A QUESTION NO: 190 The process of documenting who applied a patch to a specific firewall at a specific time and what the patch is supposed to accomplish is known as: A. address on the same subnet. user awareness. B. D. the web client and server should have a trusted certificate to confirm authenticity.actualtests.CompTIA SY0-101: Practice Exam For a SSL (Secure Sockets Layer) connection to be automatically established between a web client and server. Privacy screen D. Certificate signed by a trusted root CA (Certificate Authority). asset identification Answer: B "Pass Any Exam. D.www. C. A shared password. change control management C. and a common operating system are ludicrous answers because they defy the reason why SSL exists.co m 67 . Personal firewall B. Address on the same subnet. Shared password. Answer: B Explanation: For an SSL connection to compete. a specific element has to exist. Which is it? A. logs and inventories B. Common operating system.

storage and recovery. when there is no need of any alarm.co m . Authorization B. access control and trusts. QUESTION NO: 192 Answer: D QUESTION NO: 193 A digital signature is used for: A. False negative D.CompTIA SY0-101: Practice Exam QUESTION NO: 191 Choose the terminology used to refer to the situation when authorized access is perceived as an intrusion or network attack. Non-repudiation sts Audit logs must contain which of the following characteristics? ." .actualtests. D. False intrusion B. False positive C. Not B: A false positive is when legitimate traffic is picked up as an intruder. A. False alarm Answer: A Explanation: False intrusion is a false alarm. Confidentiality D. confidentiality and encryption. "Pass Any Exam. integrity and non-repudiation. C. Accessibility C.com 68 Ac tua lTe A. Any Time. Answer: D QUESTION NO: 194 Choose the mechanism that is NOT a valid access control mechanism.www. B.

Access control lists D. Permission bits Answer: C QUESTION NO: 196 Which of the following types of attacks is targeting a web server if thousands of computers are simultaneously sending hundreds of FIN packets with spoofed source IP addresses? A.co m 69 . Any Time.CompTIA SY0-101: Practice Exam A.com Ac Reference: Mike Pastore and Emmett Dulaney . Brute force D.actualtests. RBAC (Role Based Access Control) list. 2004. Alameda . MAC (Mandatory Access Control) list. DAC (Discretionary Access Control) list. B. Sybex .www. Profiles B. XMAS tree scan B. Answer: A Explanation: There is no such thing as a SAC (Subjective Access Control) list. Security+ Study Guide . p 235 tua lTe Explanation: Access control lists enable devices in your network to ignore requests from specified users or systems. SYN flood Answer: B "Pass Any Exam. ACLs allow a stronger set of access controls to be established in your network. sts . or grant certain network capabilities to them. Capabilities C. DDoS C. D. C. QUESTION NO: 195 Choose the access control method which provides the most granular access to protected objects? A. 2nd Edition. The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats. SAC (Subjective Access Control) list." .

CompTIA SY0-101: Practice Exam

QUESTION NO: 197 Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network? A. The attacking computer's audit logs B. The firewall's logs C. The domain controller's logs. D. The target computer's audit logs. Answer: D

QUESTION NO: 198

Answer: A

QUESTION NO: 199

Which of the following is used by anti-virus software to detect viruses that have not been previously identified? A. Zero-day algorithm B. Quarantining C. Random scanning D. Heuristic analysis Answer: D

QUESTION NO: 200 From the options, which explains the general standpoint behind a DMZ (Demilitarized Zone)?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Buffer overflow B. Brute force C. Denial of service (DoS) D. Syntax error

sts

.co

Which of the following describes a server or application that is accepting more input than the server or application is expecting?

m

70

CompTIA SY0-101: Practice Exam A. All systems on the DMZ can be compromised because the DMZ can be accessed from the Internet. B. Only those systems on the DMZ that can be accessed from the Internet can be compromised. C. No systems on the DMZ can be compromised because the DMZ is completely secure and cannot be accessed from the Internet. D. No systems on the DMZ can be compromised because the DMZ cannot be accessed from the Internet. Answer: A

QUESTION NO: 201 Which of the following describes an attacker encouraging a person to perform an action in order to be successful? A. Social engineering B. Password guessing C. Back door D. Man-in-the-middle Answer: A

QUESTION NO: 202

A. Provide the FTP server's address to only those users that must access it. B. Allow blind authentication. C. Do not allow anonymous authentication. D. Redirect FTP to a different port. Answer: C Explanation: Early FTP servers did not offer security. Security was based on the honor system. Most logons to an FTP site used the anonymous logon. By convention, the logon ID was the user's email address, and the password was anonymous. Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 137 "Pass Any Exam. Any Time." - www.actualtests.com 71

Ac

tua

You work as the security administrator at Certpaper .com. You must secure the FTP (File Transfer Protocol) server by allowing only authorized users access to it. How will you accomplish this task?

lTe

sts

.co

m

CompTIA SY0-101: Practice Exam

QUESTION NO: 203 Choose the protocol used by a web server to encrypt data. A. ActiveX B. TCP/IP (Transmission Control Protocol/Internet Protocol) C. SSL (Secure Sockets Layer) D. IPSec (Internet Protocol Security) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method. When a connection request is made to the server, the server sends a message back to the client indicating a secure connection is needed. The client then sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted private key. The session is secure after this process.

QUESTION NO: 204

A. Role Based Access Control (RBAC) B. Discretionary Access Control (DAC) C. Rule Based Access Control (RBAC) D. Mandatory Access Control (MAC) Answer: D

QUESTION NO: 205 One of the following options details the main advantage of why you should choose to use SSL (Secure Sockets Layer) over using HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer). Which is it? "Pass Any Exam. Any Time." - www.actualtests.com 72

Ac

Which of the following access control models uses subject and object labels?

tua

lTe

Reference: Mike Pastore and Emmett Dulaney , Security+ Study Guide , 2nd Edition, Alameda , Sybex , 2004, p 365

sts

.co

m

B. Default pairing D." . Auto-population Answer: A QUESTION NO: 208 All of the following types of attacks can be detected by an IDS EXCEPT: A. 53 B. SSL provides full application security for HTTP whereas HTTPS does not. D. Denial of Service (DoS) B.CompTIA SY0-101: Practice Exam A. C. Any Time. Answer: A Explanation: SSL on its own works at the session layer (layer 5) so it has more versatility in protocols that it supports. whereas HTTPS does not.com Ac tua lTe sts A. QUESTION NO: 206 Answer: C QUESTION NO: 207 A technician wants to be able to add new users to a few key groups by default. Inheritance B.actualtests. SSL and HTTPS are transparent to the application. SSL supports user authentication whereas HTTPS does not. spoofed e-mail "Pass Any Exam. SSL supports additional Application layer protocols. for instance FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol). 3389 D. 8080 C. which of the following will allow this? A. Template C.co m Which ports need to be open to allow a user to login remotely onto a workstation? 73 .www. 636 .

CompTIA SY0-101: Practice Exam C. Which of the following actions should you perform? Choose all correct answers. Answer: D Explanation: Ping confirms a connection by sending and receiving ICMP packets. A share scanner. A. QUESTION NO: 209 You work as the security administrator at Certpaper . exploits of bugs or hidden features. which of the following should be done by the email administrator? "Pass Any Exam. You have become aware of a hacker accessing confidential company data from over the network. Shut down the server to prevent the hacker from accessing more data. B. C.com. D.com 74 Ac tua QUESTION NO: 210 lTe Explanation: Answer : B is correct to stop anyone from corrupting the evidence.www. D. port scan D. Prevent members of the organization from entering the server room. C. B. A. Detach the network cable from the server to prevent the hacker from accessing more data. A port scanner.D ." . QUESTION NO: 211 To aid in preventing the execution of malicious code in email clients.C. sts Answer: A.B. A ping scanner. Answer: B Explanation: Spoofed e-mails will not be detected by the IDS.co m . A map scanner.actualtests. Any Time. Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol). Prevent members of the incident response team from entering the server room.

Any Time.com Ac tua lTe sts QUESTION NO: 213 . Answer: A "Pass Any Exam. Protocol analyzer B. Email client features should be disabled B.com. 443 D. Preview screens should be disabled Answer: C QUESTION NO: 212 Which of the following would allow a technician to compile a visual view of an infrastructure? A.CompTIA SY0-101: Practice Exam A.www. 88 B.actualtests. 139 Answer: A QUESTION NO: 214 You work as the security administrator at Certpaper . Remove the contents of the trash can on a regular basis. Employ additional security staff D. How will you accomplish the task? A. Install expensive surveillance equipment.co m 75 . B. Networkmapper D." . Port scanner C. Security log Answer: C Kerberos uses which of the following ports by default? A. Spam and anti-virus filters should be used D. 23 C. Regular updates should be performed C. Destroy all paper and other media that are no longer required. You want to reduce the current vulnerability from dumpster diving. C.

Alameda . the user community informed of threats B. PPTP B. Any Time.CompTIA SY0-101: Practice Exam Explanation: Dumpster diving is a very common physical access method.www. In high security government environments. Sybex . Companies generate a huge amount of paper in the normal course of events. sensitive papers are either shredded or burned. Executive functions D.co m Following a disaster. SSL "Pass Any Exam. Systems functions C." .com 76 Ac tua QUESTION NO: 216 lTe Answer: A sts A. law enforcement informed of what is being done Answer: A QUESTION NO: 217 Which of the following is the MOST secure way to implement data encryption between SMTP servers? A. Reference: Mike Pastore and Emmett Dulaney . Most businesses do not do this. the IT security budget justified D. 2nd Edition. Web services . Least critical functions B. Most of the information eventually winds up in dumpsters or recycle bins. which of the following functions should be returned FIRST from the backup facility to the primary facility? . These dumpsters may contain information that is highly sensitive in nature.actualtests. 2004. Security+ Study Guide . p 51 QUESTION NO: 215 Communication is important to maintaining security because communication keeps: A. the network bandwidth usage under control C.

co m Answer: B 77 . Someone looking through your files D. The DAC (Discretionary Access Control) model does not have any known security flaws. Sybex . The DAC (Discretionary Access Control) model uses certificates to control access to resources. The process allows a more flexible environment. Alameda . Security+ Study Guide . D.CompTIA SY0-101: Practice Exam C. Listening or overhearing parts of a conversation B." . This model allows users to dynamically share information with other users. network users have some flexibility regarding how information is accessed. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given.actualtests. Placing a computer system between the sender and receiver to capture information. This creates an opportunity for attackers to use your certificates.com Ac A. Involve someone who routinely monitors network traffic QUESTION NO: 219 Answer: A Explanation: In a DAC model. 2nd Edition. L2TP Answer: C QUESTION NO: 218 Which of the following definitions would be correct regarding Active Inception? A. B. 2004. tua lTe sts The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option that describes this flaw. C. . C. The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources. but it increases the risk of unauthorized disclosure of information.www. This allows anyone to use an account to access resources. Reference: Mike Pastore and Emmett Dulaney . TLS D. p 440 "Pass Any Exam. This creates a security loophole for Trojan horse attacks. The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. Any Time.

install the patch and then backup the production server. B. So even if everything's operating normally.CompTIA SY0-101: Practice Exam QUESTION NO: 220 Which of the following will allow a credit card information theft? (chose TWO) A.www. Port 49 B. . You must configure the firewall to support TACACS. C." .E QUESTION NO: 221 Answer: A QUESTION NO: 222 You work as the security administrator at Certpaper . Adwar C. Port 161 D. Phishing Answer: B. Which port(s) should you open on the firewall? A. there's always a risk that something can go wrong which can compromise your data and server operation. Worm D. immediatelydownload and install the patch. When you patch an operating system.com. Port 21 Answer: A "Pass Any Exam.actualtests. notinstall the patch unless there is a current need.co m When a patch is released for a server the administrator should: 78 . lTe sts A. because they are developed the fix known vulnerabilities. Port 53 C. Virus B. test the patch on a non-production server then install the patch to production. SPIM E.com Ac tua Explanation: Software patches are good for network security. installing a patch. It would be wise to backup your data BEFORE. Any Time. D. and it would also be wise to test the patch on your least important servers first. a patch is still very beneficial.

QUESTION NO: 223 CGI scripts are susceptible to which of the following types of attacks? A. Kerberos C.E QUESTION NO: 226 "Pass Any Exam.actualtests.www. Any Time. The manufacturer's website C. A CD-ROM Answer: B QUESTION NO: 225 Most key fob based identification systems use which of the following types of authentication mechanisms? (Select TWO). Cross site scripting B." . DNS spoofing D.co m 79 . A newsgroup or forum D.com Ac tua lTe sts . SQL injection Answer: A QUESTION NO: 224 Which of the following is the BEST place to obtain a hotfix or patch for an application or system? A. A. Buffer overflows C. Username/password D.CompTIA SY0-101: Practice Exam Explanation: TACACS uses both TCP and UDP port 49. An email from the vendor B. Biometrics B. Token Answer: C. Certificates E.

You should enable scanning of all e-mail attachments. and key history management. Reference: Mike Pastore and Emmett Dulaney . cryptography scheme C.CompTIA SY0-101: Practice Exam Choose the most effective method of preventing computer viruses from spreading throughout the network. You should prevent the execution of . 2nd Edition.co m 80 . C.com Ac tua lTe sts . Use the FDISK Command D. Perform multiple bit level overwrites B. A.vbs files. distribution authority Answer: A "Pass Any Exam.www. exchange D. p 76 QUESTION NO: 227 Which of the following would be the minimally acceptable method of ensuring that a disposed hard drive does not reveal sensitive data? A. D. Delete the files and re-install the operating system Answer: A QUESTION NO: 228 A public key _____________ is a pervasive system whose services are implemented and delivered using public key technologies that include Certificate Authority (CA). 2004. Sybex . or as a part of another program.actualtests. through e-mail. You should install a host based IDS (Intrusion Detection System) Answer: C Explanation: Viruses get into your computer in one of three ways. B. Alameda . You should require root/administrator access to run programs and applications. Any Time. A. Format the drive C. Security+ Study Guide ." . digital certificates. They may enter your computer on a contaminated floppy or CD-ROM. non-repudiation. infrastructure B.

CompTIA SY0-101: Practice Exam QUESTION NO: 229 From the list of protocols. Security+ Study Guide . Deployan IDS Answer: A Explanation: Switches don't send all traffic on the segment to every port so conventional sniffing methods don't work. Any Time. The client then sends the server a certificate indicating the capabilities of the client. SMTP (Simple Mail Transfer Protocol) C. p 365 sts ." . 2004. Use switches instead of hubs B. XML (Extensible Makeup Language) B. S/MIME (Secure Multipurpose Internet Mail Extensions) Answer: C Explanation: The Secure Socket Layer is used to establish a secure communication connection between two TCP-based machines. 2nd Edition. This protocol uses the handshake method. Sybex . Disable promiscuous mode C. "Pass Any Exam.www. QUESTION NO: 230 A. Use hubs instead of routers D.co m 81 . SSL (Secure Sockets Layer) D. The session is secure after this process. The server then evaluates the certificate and responds with a session key and an encrypted private key. When a connection request is made to the server. Alameda . which is used to secure web transactions? A.actualtests.com Ac Which of the following would be MOST effective in preventing network traffic sniffing? tua lTe Reference: Mike Pastore and Emmett Dulaney . the server sends a message back to the client indicating a secure connection is needed.

This situation can cause an application to terminate.CompTIA SY0-101: Practice Exam QUESTION NO: 231 Which of the following is a common type of attack on web servers? A.actualtests. Sandbox.co m 82 . Sandbox. Hardware C. Alameda . a firewall B. Hardware lTe Which of the following is the BEST description of the basic elements of virtualization? sts . network monitoring D. Hypervisor. Host. 2004. 2nd Edition. Any Time. Birthday C.com Ac Answer: A tua A. NAT C. Hardware D. Spam D. Sybex . Brute force Answer: A Explanation: Buffer overflow occur when an application receives more data that it is programmed to accept. Hypervisor.www. Hardware B. Host. Emulator. Buffer overflow B. Reference: Mike Pastore and Emmett Dulaney . Sandbox. Guest. Guest. Security+ Study Guide . Hypervisor. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. a hub Answer: A "Pass Any Exam." . p 135 QUESTION NO: 232 QUESTION NO: 233 Stateful packet inspection is a methodology used by: A. Hypervisor.

This is MOSTUsers are reporting that when attempting to access the company? web page on the Internet. DNS Poisoning C. a replay attack. Non-repudiation B. Kerberos B. Availability C. password and undergoing a thumb print scan to access a workstation? A. Authorization E. Answer: B QUESTION NO: 237 Using software on an individual computer to generate a key pair is an example of which of the following approaches to PKI architecture? "Pass Any Exam. This is MOST likely: tua QUESTION NO: 236 lTe Answer: A." .www. Integrity .E sts A. the user is rerouted to a protest webpage. aDDoS attack B.com 83 Ac Users are reporting that when attempting to access the company web page on the Internet. Mutual D. Biometric C.C. Any Time. .actualtests.co m Which of the following would be achieved by using encryption? (Select THREE). Confidentiality D. the user is rerouted to a protest webpage. a social engineering attack D.CompTIA SY0-101: Practice Exam QUESTION NO: 234 Which of the following types of authentication BEST describes providing a username. Multifactor Answer: D QUESTION NO: 235 A.

D. C. B. Answer: A QUESTION NO: 239 Answer: A QUESTION NO: 240 Which of the following would be MOST important when designing a security awareness program? A. B. Disable the employee's user accounts and keep the data for a specified period of time. Decentralized C.com Ac A.CompTIA SY0-101: Practice Exam A. C. Which of the following would be the BEST action to take? A. Hardening B. Using an independent security instructor. Centralized Answer: B QUESTION NO: 238 A representative from the human resources department informs a security specialist that an employee has been terminated. Any Time. Minimizing development cost. Passive detection tua lTe Which of the following BEST describes the baseline process of securing devices on a network infrastructure? sts . Creating security awareness posters and notices. Hub and spoke D." .actualtests. Change the employee's user password and keep the data for a specified period. Conducting user training sessions. Contact the employee's supervisor regarding disposition of user accounts D. Disable the employee's user accounts and delete all data. Active prevention C. Distributed key B. Enumerating D.co m 84 . Answer: A "Pass Any Exam.www.

or inserted a new "Pass Any Exam. A computer virus is a find mechanism. D. Router B. Answer: D Explanation: Replication mechanism: To replicate a virus needs to attach itself to the right code. Memory starvation C.actualtests. Any Time. A." . Firewall C. A computer virus is a learning mechanism.com 85 Ac tua lTe sts . During the 80's and early 90's most viruses were activated when you booted from a floppy disk. where it can replicate and spread past security systems into other systems. A computer virus is a search mechanism. Smurf D.www. initiation mechanism and can propagate. activation mechanism and has an objective. Switch D. A computer virus is a replication mechanism. C. Activation mechanism: Most viruses require the user to actually do something.CompTIA SY0-101: Practice Exam QUESTION NO: 241 Open FTP file shares on servers can facilitate which of the following types of attacks? A.co m . CPU starvation B. Hub Answer: C QUESTION NO: 243 Choose the statement which best defines the characteristics of a computer virus. Which of the following network devices should be used? A. contamination mechanism and can exploit. B. Disk storage consumption Answer: D QUESTION NO: 242 A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. connection mechanism and can integrate.

QUESTION NO: 246 You work as the security administrator at Certpaper . two routers D. D. Any Time. Answer: A Explanation: Since only clear unencrypted text is being sent across the world through multitudes of WAN equipment and routers. Nowadays most computer virus's come as email forwards.actualtests. or crash the system. and they require the user to execute. QUESTION NO: 244 A demilitarized zone (DMZ) is a network segment that can be created by using: A. Reverse engineering. Which is it? A.com 86 Ac tua lTe sts . Port scanning.com. Objective: many viruses have no objective at all. A. Choose the authentication protocol that accomplishes this.CompTIA SY0-101: Practice Exam floppy disk into an infected drive.www. C.co m . hog up memory. it is easy for someone to sniff your conversation and eavesdrop on every single word you type. two firewalls Answer: D QUESTION NO: 245 An attacker can use a specific method to exploit the clear-text attribute of Instant-Messaging sessions. Cryptanalysis. B. Kerberos "Pass Any Exam." . but some have the objective to delete data. one router and one firewall C. Packet sniffing. one firewall and one VPN B. You must implement an authentication protocol that uses only encrypted passwords during the authentication process.

a hoax Answer: A QUESTION NO: 249 Sending a patch through a testing and approval process is an example of which of the following? A. Acceptable use policies "Pass Any Exam. Renewal keeps the log files from getting too large. D. It provides for on-demand authentication within an ongoing data transmission. QUESTION NO: 247 Which of the following would be the BEST reason for certificate expiration? A.actualtests. CHAP (Challenge Handshake Authentication Protocol) Answer: D Explanation: CHAP is commonly used to encrypt passwords. The challenge response uses a hashing function derived from the Message Digest 5 (MD5) algorithm.CompTIA SY0-101: Practice Exam B.com Ac tua . C.www. that is repeated at random intervals during a session. spam C. To keep the server from using the same key for two sessions. SMTP (Simple Mail Transfer Protocol) C. This would BEST be described as: lTe sts . The longer an encryption key is used the more processing power it will consume. Disaster planning C.A user has received an email from a mortgage company asking for personal information including bank account numbers. phishing B. B.co m 87 . User education and awareness training B. PPTP (Point-to-Point Tunneling Protocol) D. packet sniffing D. Answer: B QUESTION NO: 248 A. Any Time. Brute force techniques are likely to break the key if given enough time." .

rate-based C. Any Time. Browser trust-list B. Web-of-trust C." . Worm QUESTION NO: 251 Answer: B QUESTION NO: 252 All of the following monitoring types evaluate pre-specified conditions EXCEPT: (Select TWO).actualtests. Rootkit D. Single certificate authority (CA) D. Virus C. A.E "Pass Any Exam. B. Change management Answer: D QUESTION NO: 250 Which of the following BEST describes a set of programs and code that allows an undetectable presence on a system with administrative rights? A.www. Hierarchical lTe sts Which of the following trust models would allow each user to create and sign certificates for the people they know? .CompTIA SY0-101: Practice Exam D. behavior-based.co m Answer: C 88 . signature-based D.com Ac tua A. Trojan horse B. anomaly-based Answer: A. performance-based E.

Birthday B. Dictionary D. Answer: C QUESTION NO: 254 Which of the following methods of password guessing typically requires the longest attack time? A. Placing the password in a text document and saving the document on the system administrator's computer.actualtests. Ports 80 and 443. System state D. B. D. System files Answer: C QUESTION NO: 256 Choose the ports that are used to access the FTP (File Transfer Protocol) protocol. User date B. Writing the password on a note and placing the note under the computer keyboard." . Writing the password on a piece of paper and storing the paper in a locked safe. Rainbow Answer: B Which of the following needs to be backed up on a domain controller to be able to recover Active Directory? A.co m . A. Ports 20 and 21. B.www.CompTIA SY0-101: Practice Exam QUESTION NO: 253 Which of the following methods of documenting and storing a password is considered acceptable? A. "Pass Any Exam.com 89 Ac tua QUESTION NO: 255 lTe sts . Operating system C. Any Time. C. Brute force C. Sharing the password with a family member and asking the family member not to reveal the password.

"Pass Any Exam. Strong passwords are not required D. B. QUESTION NO: 257 Human resource department personnel should be trained about security policy: A. Ports 21 and 23. If an awareness program were to be implemented where employees could be aware of social engineering tactics. Ports 20 and 80. and times when they needed help themselves and were helped. they feel the urge to help others again the way they've helped out somebody in the past. With this knowledge in intuition. they would be more likely to think about them. and law of consistency.com Ac Answer: B tua A. they associate that ask for help for every legitimate cry for help. D. Audit logs are not monitored frequently B.co m 90 . Multiple logins are allowed lTe Which of the following is a major reason that social engineering attacks succeed? sts .www. Lack of security awareness C. an employee will make a smarter decision. monitoring and administration Answer: C QUESTION NO: 258 Explanation: Social engineering attacks work because of the availability heuristic. So by consistency.CompTIA SY0-101: Practice Exam C. implementation C. port 20 is the data port and port 21 is the command port.actualtests. when someone asks for help." . law of reciprocity. Answer: A Explanation: In basic FTP operations. Any Time. D. By availability. maintenance. In the past people have had experiences where a co-worker with a legitimate problem asked for help and been grateful for it. guidelines and enforcement. and be more suspect of an attack when someone does ask for a favor. so essentially they're being a good Samaritan.

The attack aims to establish a connection between the FTP server and another computer. D. For more detailed information on this FTP Bounce attack refer to the hyperlink. Use a device as intended B. C.html QUESTION NO: 261 Which of the following types of IDS should be employed to obtain the MOST information about the enterprise? A. There have been ongoing discussions about this problem (called "FTP bounce") for several years.com Ac Explanation: In some implementations of FTP daemons. The attack aims to exploita buffer overflow vulnerability on the FTP server.com. The attack aims to store and distribute malicious code. You are investigating the consequences of networks attacks aimed at FTP servers.actualtests.co m 91 .CompTIA SY0-101: Practice Exam QUESTION NO: 259 A company implements an SMTP server on their firewall.www. Server based "Pass Any Exam. tua lTe sts . and some vendors have developed solutions for this problem. B." .org/advisories/CA-1997-27. Create an in-depth defense Answer: A QUESTION NO: 260 You work as the security administrator at Certpaper .cert. Unix based B. Address internal threats D. Keep the solution simple C. the PORT command can be misused to open a connection to a port of the attacker's choosing on a machine that the attacker could not have accessed directly. Answer: C Reference: http://www. The attack aims to reboot the FTP server. Any Time. This implementation would violate which of the following security principles? A. Which of the following states the aim of a FTP (File Transfer Protocol) bounce attack? A.

A. User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes.co m 92 . Confidentiality C.com Ac What is the primary security risk associated with removable storage? tua lTe sts . Continuity D.E QUESTION NO: 263 A. Answer: C.www. B.CompTIA SY0-101: Practice Exam C. D. Integrity B. Host based Answer: C Explanation: A network based Intrusion Detection System is not limited to a single server or network segment like a host based IDS. User account reports are periodically extracted from systems and employment verification is performed." . Network based D. User accounts reports are periodically extracted from systems and end users are informed. it monitors all the traffic over the entire network QUESTION NO: 262 Which of the following BEST describes actions pertaining to user account reviews? (Select TWO). Availability Answer: C QUESTION NO: 264 A programming mechanism used to allow administrative access while bypassing the usual access control methods is known as a: "Pass Any Exam. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization.actualtests. E. User accounts reports are periodically extracted from systems and user access dates are verified C. Any Time.

B.com Ac tua lTe sts QUESTION NO: 266 . destruction B.com. By individual C. D. validation D. First locate and download a patch to repair the file. software exploit D.co m 93 . First broadcast a message to the all users to alert them of the presence of a virus.CompTIA SY0-101: Practice Exam A. By network B. By group D. By location Answer: B QUESTION NO: 267 You work as the security administrator at Certpaper ." . C. First search for and delete the virus file. First investigate the e-mail message as a possible hoax with a trusted anti-virus vendor. back door Answer: D QUESTION NO: 265 PKI provides non-repudiation by providing third-party assurance of certificate: A.www. Trojan horse B. Choose the action which you should specify to perform when receiving an e-mail message warning of the existence of a virus on the system if a specific executable file exists? A. logic bomb C. expiration Answer: C Which is a BEST practice method to assign rights and privileges? A. Any Time.actualtests. "Pass Any Exam. You must document the procedure for handling computer virus infections. revocation C.

instead it gets sent to a 'recycle bin. the wrong file can be deleted.com Ac tua lTe sts QUESTION NO: 268 . but there's a chance that the patch itself could be the virus. but its also ineffective. One can miss a file. The act of locating and downloading a patch isn't just time consuming. and they will have details on their sites. Answer: B QUESTION NO: 269 Reusing a ticket. or Sophos will know about it before you. in Kerberos authentication will not be successful because the tickets: A. are encrypted D. are time stamped Answer: D "Pass Any Exam. Incorrect answers: Searching for and deleting a file is not only a waste of time with today's OS's complex directory systems. and perhaps terrorizing the users is the original intent of the attack. or the process of resetting the computer could activate the virus. mitigation B. The process of predicting threats and vulnerabilities to assets is known as threat: A.actualtests. avoidance. the file could be hidden.CompTIA SY0-101: Practice Exam Answer: D Explanation: If a virus threat is for real. are digitally signed C.www. modeling C.' Broadcasting an alert and creating panic isn't the right thing to do. D. as a replay attack. Any Time. because it will waste bandwidth. acceptance. the major anti-virus players like Symantec. McAfee.co m 94 ." . and worst of all: when you delete a file it doesn't really get completely deleted. use a token B.

Biometrics C. Which of the following actions should the user take? A. Privatekeys can be compromised. Check for shipping delays for the requested items. Security+ Study Guide . Many companies use smart cards as their primary method of access control." .com Ac tua lTe sts . D. A. the user wants to purchase an item and enters the credit card information. Reference: Mike Pastore and Emmett Dulaney . A user must trust the public key that is received Answer: D QUESTION NO: 272 A user accesses a retailer from an Internet search.CompTIA SY0-101: Practice Exam QUESTION NO: 270 Choose the method of authentication which is the most COSTLY method. It is subject to a man-in-the-middle attack C. p 265 QUESTION NO: 271 Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication? A.actualtests. Any Time. Shared secrets B.www. Tokens D. The user later observes unknown charges on the credit card bill and has not received the purchased items. Sybex . While browsing the retailer's web site. Passwords Answer: B Explanation: Biometrics These technologies are becoming more reliable. and they will become widely used over the next few years.co m 95 . "Pass Any Exam. 2nd Edition. 2004. Be sure that a URL is secure before entering personal information. B. Alameda . Implementations have been limited in many applications because of the high cost associated with these technologies. Weak encryption can be easily broken B.

X. Removing a user access to the user data B. 51 D. Answer: A QUESTION NO: 273 Which of the following protocols is used by Encapsulating Security Payload (ESP) in IPSec? A. C.E QUESTION NO: 275 An SMTP server is the source of email spam in an organization. Which of the following is MOST likely the cause? A.actualtests. Configuring the Start menu and Desktop. 50 B.com Ac tua A. Type the retailer's web address directly into the URL in the future D.400 connectors have not been password protected. Answer: B "Pass Any Exam. Applying patches lTe sts Which of the following are components of host hardening? (Select TWO) .co m Answer: A 96 . 20 QUESTION NO: 274 Answer: D. D. Disabling unnecessary services E. B. Limit the number of times online purchases are made monthly. The administrator account was not secured. Anonymous relays have not been disabled." . 25 C. Any Time. C.CompTIA SY0-101: Practice Exam C. Remote access to the email application's install directory has not been removed. Adding users to the administrator group D.www.

Broadcasting a false domain name. E. Which of the following would be the BEST action for the employee to take? A. however. D. protecting againstDDoS attacks Answer: C Explanation: What good is a firewall without any kind of policy or configuration policy to be implemented? "Pass Any Exam.co m 97 .com Ac tua lTe sts . blocking unwanted outgoing traffic B." . Ask a supervisor for permission to deviate from established procedures due to the emergency Answer: C QUESTION NO: 278 The first step in effectively implementing a firewall is: A. A. Answer: B. B. Expedite the request since the caller's identity has been verified. Changing the default SSID.actualtests. blocking unwanted incoming traffic C. the caller claims there is an emergency and asks that the request be expedited. C. developing a firewall policy D. The caller is knowledgeable about the company and the caller's name is listed in the company telephone and email directory. Follow established procedures and report any abnormal incidents. D. Disabling SSID broadcasting. Give the caller a supervisor's name and telephone number to request authority to expedite the request.CompTIA SY0-101: Practice Exam QUESTION NO: 276 Which of the following would be the BEST step to take to stop unauthorized users from targeting a wireless network with a site survey? (Select TWO).www. Any Time. Physically locking the WAP. B. Using a switch rather than a hub. C.C QUESTION NO: 277 An employee receives a request from a person claiming to be an employee at a remote office location.

Any Time. A: Social engineering D. A weak key Answer: A QUESTION NO: 282 The difference between identification and authentication is that: "Pass Any Exam. Delete the key Answer: A QUESTION NO: 281 A. Revoke the key B. Reconfigure the key D. DHCP Answer: C QUESTION NO: 280 Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? A. A man-in-the-middle attack B. Access B." .com Ac Which of the following describes an unauthorized user redirecting wireless network traffic from the intended access point to a laptop to inject a packet with malware? tua lTe sts .actualtests. System D.co m 98 .CompTIA SY0-101: Practice Exam QUESTION NO: 279 Which of the following logs shows when the workstation was last shutdown? A. A replay attack C. Renew the key C. Security C.www.

Any Time. authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials. authentication verifies a set of credentials while identification verifies the identity of the network. VPN Answer: A QUESTION NO: 284 Answer: A QUESTION NO: 285 After establishing a tunnel.CompTIA SY0-101: Practice Exam A." .com 99 Ac A. Encapsulating Security Payload (ESP) B. Oakley "Pass Any Exam. Algorithm used tua Which of the following would be MOST desirable when attacking encrypted data? lTe sts .co m .actualtests. the IPSec Protocol Suite uses which of the following specific protocols for securing the data packet? (Select TWO). Intranet D. authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group. Weak key B. Block cipher D. Secure Key Exchange Mechanism for Internet (SKEMI) C. A. Sniffed traffic C. Answer: C QUESTION NO: 283 Which of the following describes a semi-trusted location used to securely house public facing servers between the Internet and the local network? A. B. authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials.www. C. VLAN C. D. Demilitarized zone (DMZ) B.

actualtests. the BEST answer is A. To control unauthorized DNSDoS D. chose the primary attribute associated with e-mail hoaxes. Internet Security Association and Key Management Protocol (ISAKMP) E. tua lTe sts . Authentication Header (AH) Answer: A. Alameda . 2004.www.E Explanation: IPSec is a security protocol that provides authentication and encryption across the Internet. Email hoaxes often create unnecessary traffic because they ask users to forward an email to everyone in address book. E-mail hoaxes create unnecessary e-mail traffic. To perform penetration testing on the DNS server C. C. Reference: Mike Pastore and Emmett Dulaney .D have a degree of truth to them.co m 100 . E-mail hoaxes tend to encourage malicious users. Answer: C QUESTION NO: 287 Which of the following is a reason to implement security logging on a DNS server? A. B. 2nd Edition. D. E-mail hoaxes can result in buffer overflows on the e-mail server.CompTIA SY0-101: Practice Exam D. To monitor unauthorized zone transfers B. Any Time. and whether it is a computer virus or a blind. as well as panic in users that are not technically inclined. Sybex . crippled. A. p 371 QUESTION NO: 286 From the list of options. To measure the DNS server performance Answer: A "Pass Any Exam. IPSec can use AH or ESP. starving. Security+ Study Guide ." . E-mail hoaxes consume large quantities of server disk space.com Ac Explanation: Although answer choices B .C. cancer victim child suffering from Herpes it creates undue panic and emotion in the work setting.

Any Time.F QUESTION NO: 290 A. risk assessment policies D.com Ac Which of the following is a security reason to implement virtualization throughout the network infrastructure? tua lTe sts A. Confidentiality F.co m Which of the following security services are provided by digital signatures? (Select THREE)." . Non-repudiation E. vulnerability testing techniques E. 101 . Integrity . identity verification methods C. security awareness training B. Authorization B. operating system patching instructions Answer: A.D. Encryption C.CompTIA SY0-101: Practice Exam QUESTION NO: 288 The risks of social engineering can be decreased by implementing: (Select TWO) A. To implement additional network services at a lower cost C. To isolate the various network services and roles Answer: D QUESTION NO: 291 Giving each user or group of users only the access they need to do their job is an example of which of the following security principals? "Pass Any Exam.actualtests.www.B QUESTION NO: 289 Answer: C. To analyze the various network traffic with protocol analyzers B. Authentication D. To centralize the patch management of network servers D.

com Ac tua lTe sts QUESTION NO: 293 .CompTIA SY0-101: Practice Exam A. Microsoft Word documents. Access control C. p 78 QUESTION NO: 294 "Pass Any Exam. Least privilege D. File and print server C. D. Any Time. 2004. 2nd Edition." . Web server Answer: B Which of the following should be scanned for viruses? A.co m 102 . Executable files. Remote Access Server (RAS) D. All of the above. Plain text documents. Alameda . Email server B. When they open the file.www. Reference: Mike Pastore and Emmett Dulaney . B. Security+ Study Guide . Answer: A Explanation: Many newer viruses spread using email. the virus infects the target system.actualtests. The infected system includes an attachment to any email that you send to another user. Defense in depth Answer: C QUESTION NO: 292 Which of the following types of servers should be placed on a private network? A. C. Many times the virus is in an executable attachment. Separation of duties B. The recipient opens this file thinking it is something you legitimately sent them. Sybex .

Full B.CompTIA SY0-101: Practice Exam Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media? A. Incremental D. Differential C. consume less bandwidth B. are not typically configured correctly or secured Answer: C." .actualtests. are not visible to an IDS F. Scatternet C. Intranet B.com Ac A company wants to connect the network to a manufacturer's network to be able to order parts. Any Time. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? tua QUESTION NO: 296 lTe sts . Extranet D. provide root level access E. decrease the surface area for the attack C.F A.co m 103 . Delta Answer: B QUESTION NO: 295 Non-essential services are often appealing to attackers because non-essential services: (Select TWO) A.www. sustain attacks that go unnoticed D. VPN Answer: C QUESTION NO: 297 The IPSec Security Association is managed by "Pass Any Exam.

Sybex . An attacker can install arootkit on the target system.www. An attacker can enable logging on the target system. MD5 because it produces fewer numbers of collisions. Port scans can be performed both internally and externally. lTe sts . ESP D. 2004. ISAKMP Answer: D QUESTION NO: 298 Which of the following actions can an attacker perform when network services are enabled on a target system? A. MD5 because it produces 160-bits message digests C. C.co m 104 . An attacker can check the services file. RC4 because it produces 160-bits message digests Answer: B "Pass Any Exam. These ports will respond in a predictable manner when queried. Answer: A QUESTION NO: 299 Which of the following is a suitable hashing algorithm for a secure environment? A. Security+ Study Guide . unless configured appropriately. IEEE B. 2nd Edition.com Ac Reference: Mike Pastore and Emmett Dulaney . Any Time. An attacker can systematically query a network to determine which services and ports are open. D.actualtests. SHA-1 because it produces 160-bits message digests.CompTIA SY0-101: Practice Exam A. B. p 69 tua Explanation: A TCP/IP network makes many of the ports available to outside users through the router. Many routers. and it can reveal a great deal about your network. AH C. Alameda . This process is called port scanning." . B. D. will let all of the protocols pass through them. An attacker can run a port scan against the target system.

Trojan hors C. Birthday attack D.CompTIA SY0-101: Practice Exam QUESTION NO: 300 How many characters is the output of a MD5 hash? A. thereby tying up all the resources. virus D. All incoming connections are rejected until all current connections can be established.actualtests. thus overloading the originator of the ping (the receiving station). logic bomb Answer: A QUESTION NO: 302 From the listing of attacks. The receiving station tries to respond to each SYN request for a connection. 128 D.www. "Pass Any Exam. Therefore. Smurf attack B.co m . Buffer Overflow attack Answer: B Explanation: SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets. Change this if you want but in the SYN flood the hacker sends a SYN packet to the receiving station with a spoofed return address of some broadcast address on their network. 32 B." . worm B.com 105 Ac tua lTe sts . Any Time. The receiving station sends out this SYN packets (pings the broadcast address) which causes multiple servers or stations to respond to the ping. 160 C. SYN attack C. choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network? A. 64 Answer: A QUESTION NO: 301 Malicious software that travels across computer networks without user assistance is an example of a: A.

Reference: Mike Pastore and Emmett Dulaney .actualtests." . Alameda . but you can find online more information on software publisher certificate. Multifactor D. Software publisher certificate C.co m . 2nd Edition.com 106 Ac Which of the following authentication methods requires that the client authenticate itself to the server and the server authenticate itself to the client? tua lTe Explanation: This is not discussed in the book so much. sts . The pop-up window is a certificate which validates the identity of the plug-in developer. 2004.CompTIA SY0-101: Practice Exam the hacker may send only 1 SYN packet.www. Web certificate B. Biometric Answer: B QUESTION NO: 305 A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems. whereas the network of the attacked station is actually what does the barrage of return packets and overloads the receiving station. The answer B is correct. Certificate Authority (CA) certificate D. Any Time. Username/password B. Security+ Study Guide . Server certificate Answer: B QUESTION NO: 304 A. Which of the following BEST describes this document? "Pass Any Exam. Sybex . Which of the following BEST describes this type of certificate? A. Mutual C. p 530 QUESTION NO: 303 While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in.

Authorized Access Policy D. anti-virus software companies. Review the domain accounts D.com Ac tua A.CompTIA SY0-101: Practice Exam A. D. Write an LDAP query. Acceptable Use Policy C.co m 107 . virus and malware cataloging organizations. lTe Which of the following would be the FIRST step to take to mitigate the threat of non-essential domain accounts? sts QUESTION NO: 307 . Looking through a co-worker's trash to retrieve information C. Due diligence form Answer: B QUESTION NO: 306 MITRE and CERT are: A. virus propagation monitoring utilities.actualtests. C. Looking over a co-workersshould'er to retrieve information Answer: A "Pass Any Exam. Develop a security policy B." .www. Impersonation D. double entry doors and security guards are all prevention measures for which of the following types of social engineering? A. Any Time. Answer: C Answer: A QUESTION NO: 308 Turnstiles. Piggybacking B. Rename the system administrator account C. Privacy Act of 1974 B. spyware and virus distributing software B.

Other forms of piggybacking take advantage of human altruism. Disable non-essential services. When the authorized user enters. where the authorized user will try to do the right thing. Foam Answer: C A. they use stealth to sneak behind them and gain access without the authorized user even knowing. Halon C.com 108 Ac tua A newly hired security specialist is asked to evaluate a company's network security." . and waits for an unknowing authorized user to enter. Water D. Install software patches.co m . Enforce the security policy.www. C. Right click on the lock at the bottom of the browser and check the certificate information B. the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Carbon Dioxide B. "Pass Any Exam. B. Any Time. The hero or the villain hides by a secure entrance. An unauthorized person will put on a disguise and carry a heavy box to the door. The security specialist discovers that users have installed personal software.actualtests. Password management D. Ensure that the web URL starts with 'https:\\'. Answer: B QUESTION NO: 311 Which of the following would be an easy way to determine whether a secure web page has a valid certificate? A.CompTIA SY0-101: Practice Exam Explanation: Piggybacking is an espionage tactic commonly used in the movies. and prop the door open for them. Which of the following would be the FIRST step to take? lTe QUESTION NO: 310 sts . QUESTION NO: 309 Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment? A.

Contact the web page's web master Answer: A QUESTION NO: 312 Which of the following protocols works with 802.www. Application Layer. SSH with version 0.actualtests. ContactThawte or Verisign and ask about the web page D. EAP B. C. CHAP D. D. LDAP C. Data Link Layer Answer: B. SSL has enabled the Apache service with no virtual hosts configured C. Physical Layer B. Network Layer D. FTP configures to allow anonymous user access. SPAP QUESTION NO: 313 Answer: D QUESTION NO: 314 The SSL (Secure Sockets Layer) protocol operates between specific layers of the OSI (Open Systems Interconnection) reference model.8a is installed and configured for remote administration. lTe sts Which of the following daemons is MOST likely to be the cause if an unauthorized user obtains a copy of a Linux systems /etc/passwd file? . Any Time. Sendmail is configured to allow the administrator's web access.CompTIA SY0-101: Practice Exam C.1X to authenticate a client to a network? A.com 109 Ac tua A. Which is it? Choose all correct answers.9. Transport Layer E. B." . A.co m Answer: A .D Explanation: "Pass Any Exam.

Re-run the anti-virus program to ensure that it contains no virus execute B. secure the WAP D. BCP. C.com 110 Ac tua lTe sts . SLA. D.co m .www. define the encryption protocols used.CompTIA SY0-101: Practice Exam SSL is associated with secure transactions (credit card purchases and online banking) over your web browser. The source has published the MD5 hash values for the executable program. D." . DRP. The specialist performs a successful virus scan on the download but the MD5 hash is different. protect the client C. Avoid executing the file and contact the source website administrator Answer: D QUESTION NO: 316 An end-to-end traffic performance guarantee made by a service provider to a customer is a: A. Any Time.actualtests. so naturally it operates between the top two layers of the OSI model. Which of the following steps should the specialist take? A. identify the network B. VPN Answer: B QUESTION NO: 317 The purpose of the SSID in a wireless network is to: A. Install the executable program because there was probably a mistake with the MD5 value. Ignore the MD5 hash values because the values can change during IP fragmentation. B. QUESTION NO: 315 A security specialist has downloaded a free security software tool from a trusted industry site. C. Answer: A QUESTION NO: 318 "Pass Any Exam.

co m . so the best answer would be B." . Any Time. Salt B.CompTIA SY0-101: Practice Exam To preserve evidence for later use in court. Security+ Study Guide . Larger key space D. User accounts and passwords are stored on no more than two servers. Rainbow Table C. sts . D. Chain of certificates Answer: B QUESTION NO: 319 Which of the following coorectly specifies where user accounts and passwords are stored in a decentralized privilege management environment? A. Disaster recovery plan B. User accounts and passwords are stored on a server configured for decentralized management. C. B. Sybex . 2nd Edition. Chain of custody C. User accounts and passwords are stored on each individual server. p 432 lTe Explanation: The key word is decentralized. Increase the input length Answer: A QUESTION NO: 321 "Pass Any Exam. Alameda . which of the following needs to be documented? A.com 111 Ac tua Reference: Mike Pastore and Emmett Dulaney . Audit trail of systems usage D. User accounts and passwords are stored on a central authentication server. 2004.www.actualtests. Answer: C QUESTION NO: 320 Which of the following increases the collision resistance of a hash? A.

CompTIA SY0-101: Practice Exam Which of the following describes the process of comparing cryptographic hash functions of system executables. Chain of command C.co m 112 . Incident response Answer: A Explanation: The chain of custody is a log of the history of evidence that has been collected.509 certificate? A. Stateful packet filtering C. p 457 QUESTION NO: 323 Which of the following correctly identifies some of the contents of an end user's X. 2004. Security+ Study Guide .www. Alameda . and the certificate's validity dates "Pass Any Exam.com Ac tua lTe sts . and the location of the user's electronic identity B. Host based intrusion detection Answer: C QUESTION NO: 322 Computer forensics experts use specific guidelines to gather and analyze data while minimizing data loss. object identifiers. This log should catalog every event from the time the evidence is collected. Network based intrusion detection B. File integrity auditing D. Chain of custody B." . configuration files. 2nd Edition.actualtests. A: User's public key. User's public key. and the type of symmetric algorithm used for encryption D. What guidelines do they use? A. the certificate's serial number. and the Certificate Revocation List (CRL) entry point C. Any Time. Sybex . Evidence D. User's public key. the serial number of the CA certificate. Reference: Mike Pastore and Emmett Dulaney . User's public key. the Certificate Authority (CA) distinguished name. and log files? A.

Using this certificate implies trusting the entity that signed this certificate. "Pass Any Exam.500 name of the entity that signed the certificate. DDoS attack. Timely restore of lost data D. A courier x-raying the contents Answer: B QUESTION NO: 325 A workstation is being used as a zombie set to attack a web server on a certain date. m 113 . Any Time. Corruption of the media B.gov/pki/panel/santosh/tsld002. and describes how to write it down (the data format). This is normally a CA. Theft of the media C.co Version Serial Number The entity that created the certificate.nist.CompTIA SY0-101: Practice Exam Answer: D Explanation: The X.com Ac tua Which of the following may be a security issue during transport of stored tape media to an offsite storage location? lTe sts Reference: http://csrc. Signature Algorithm Identifier Issuer Name The X.htm . is responsible for assigning it a serial number to distinguish it from other certificates it issues." .www. Validity Period Subject Name Subject Public Key Information This is the public key of the entity being named. the CA. All X. in addition to the signature: QUESTION NO: 324 A. B.509 certificates have the following data. The infected workstation is MOST likely part of a: A.509 standard defines what information can go into a certificate. together with an algorithm identifier which specifies which public key crypto system this key belongs to and any associated key parameters. TCP/IP hijacking.actualtests.

Answer: C Explanation: A false positive is when legitimate traffic is picked up as an intruder. QUESTION NO: 328 Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data. choose the disadvantage of implementing an IDS (Intrusion Detection System). Compatibility. C. Install and monitoran IDS C. False positives. Answer: A QUESTION NO: 326 Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network? A. Symmetric key distribution system B. Asymmetric scheme "Pass Any Exam.com 114 Ac tua lTe QUESTION NO: 327 sts Explanation: Performing a vulnerability assessment is one of the most effective way to find holes in the network. D. Run a port scan Answer: A From the options. If this happens too often then the IDS is not working properly. . A.co m . Run a sniffer D. spoofing attack." . Perform a vulnerability assessment B. man-in-the-middle attack. Administration B. Decrease in throughput.www.CompTIA SY0-101: Practice Exam C. A. Any Time. The other answers limit your assessment. D.actualtests.

MAC addresses can be spoofed and DTP allows rogue network devices to configure ports C. when the hardware or software is turned on.com Ac tua lTe sts Answer: B . Any Time. B. B. Senior management believes that a VLAN will be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocol (DTP) will facilitate network efficiency. Which of the following issues should be discussed with senior management before VLAN implementation? A. QUESTION NO: 330 A common tool used for wireless sniffing and war driving is: A. D. Symmetric scheme Answer: B QUESTION NO: 329 A company wants to implement a VLAN. MAC addresses are a secure authentication mechanism and DTP allows rogue network devices to configure ports.CompTIA SY0-101: Practice Exam C." . Asymmetric key distribution system D. NetStumbler Answer: D QUESTION NO: 331 Default passwords in hardware and software should be changed: A. "Pass Any Exam. if a threat becomes known.www. MAC addresses can be spoofed and DTP allows only authenticated users. once each month C. S/MIME C. MAC addresses are a secure authentication mechanism and DTP allows only authenticated users. NESSUS D.actualtests. when the vendor requires it D.co m 115 . Sam Spade B.

WireShark D. Demilitarized zone (DMZ) B. Nessus C." .com Ac Which of following can be used to determine the topology of a network and discover unknown devices? tua lTe sts A.CompTIA SY0-101: Practice Exam Answer: D QUESTION NO: 332 Which of the following is a protocol analyzer? A. Networkmapper Answer: D QUESTION NO: 335 Controlling access to information systems and associated networks is necessary for the preservation of their: "Pass Any Exam.actualtests. Intranet . VLAN C. John the Ripper B. Cain & Abel Answer: C QUESTION NO: 333 Answer: C QUESTION NO: 334 A. Vulnerability scanner D.co Which of the following is MOST often used to allow a client or partner access to a network? m 116 .www. Any Time. Penetration testing C. Password crackers B. Extranet D.

2004. Smurfer B. The accountability is equally important.com 117 Ac tua lTe A. D. QUESTION NO: 337 Choose the option that correctly specifies a likely negative technical impact of receiving large quantifies of spam. Fragmenter C. B. confidentiality. Sniffer D. DoS (Denial of Service). hackers use it to capture data. Any Time. C." . integrity and availability D. A. availability and accountability. Sybex . Increased network throughput. "Pass Any Exam. integrity and availability. Processor underutilization.www. monitor and analyze traffic. C. Alameda . integrity and availability Answer: C Explanation: The design goals of a security topology must deal with issues of confidentiality. Spoofer sts Which of the below options would you consider as a program that constantly observes data traveling over a network? . 2nd Edition. to use in replay attacks. You will often see the confidentiality. There legitimate purpose is to find traffic flow problems and bottlenecks for the sake of network optimization. confidentiality. Security+ Study Guide . Reduction in hard drive space requirements. However.co m . p 22 QUESTION NO: 336 Answer: C Explanation: Packet sniffers are used to capture. integrity and availability referred to as the CIA of network security. authenticity. authenticity.actualtests. confidentiality and availability B.CompTIA SY0-101: Practice Exam A. Reference: Mike Pastore and Emmett Dulaney . integrity.

download. it is possible for some users to receive over a hundred unsolicited emails a day! If every user on a network received that much email. Username and password Answer: B "Pass Any Exam. Host hijacking. C. and store such email can potentially reduce a networks availability to zero. ATM card and PIN C. Each operating system will quote definite amount of message to the ICMP error messages.actualtests. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS.co m 118 . Reverse engineering. Answer: C QUESTION NO: 339 Which of the following is an example of two-factor authentication for an information system? A." . The system resources required to: process. Any Time. Retina scan and mantrap D. which analyzes how the operating system (OS) responds to specific network traffic. thus denying service. B. in an attempt to determine the operating system running in your networking environment? A. lTe sts . Operating system scanning. One method is ICMP Message quoting where the ICMP quotes back part of the original message with every ICMP error message. the human time necessary to sort through those emails will be Herculean.CompTIA SY0-101: Practice Exam Answer: A Explanation: In systems where no email filters are set up. Photo ID and PIN B.com Ac tua Explanation: Fingerprinting is the act of inspecting returned information from a server ( ie .www. QUESTION NO: 338 From the listing of attacks. Fingerprinting D.

C. B.com Ac tua lTe sts ." . Disable any unnecessary ports and services.actualtests. Develop a trust model Answer: A "Pass Any Exam.www. Conduct vulnerability analysis.CompTIA SY0-101: Practice Exam QUESTION NO: 340 Which of the following is the primary method of performing network hardening? A.co m 119 . Deploy a firewall and IDS D. Any Time.

Sign up to vote on this title
UsefulNot useful