CompTIA SY0-201

SY0-201 CompTIA Security+ (2008 Edition) Exam

Practice Test
Version 1.9

CompTIA SY0-201: Practice Exam QUESTION NO: 1 All of the following provide confidentiality protection as part of the underlying protocol EXCEPT: A. SSL. B. SSH. C. L2TP. D. IPSeC. Answer: C

QUESTION NO: 2 Which of the following allows an attacker to manipulate files by using the least significant bit(s) to secretly embed data? A. Steganography B. Worm C. Trojan horse D. Virus Answer: A

QUESTION NO: 3

Which of the following type of attacks would allow an attacker to capture HTTP requests and send back a spoofed page? A. Teardrop B. TCP/IP hijacking C. Phishing D. Replay Answer: B

QUESTION NO: 4 How should a company test the integrity of its backup data? A. By conducting another backup B. By using software to recover deleted files C. By restoring part of the backup "Pass Any Exam. Any Time." - www.actualtests.com 2

Ac

tua

lTe

sts

.co

m

CompTIA SY0-201: Practice Exam D. By reviewing the written procedures Answer: C

QUESTION NO: 5 Which of following can BEST be used to determine the topology of a network and discover unknown devices? A. Vulnerability scanner B. NIPS C. Protocol analyzer D. Network mapper

QUESTION NO: 6

Answer: C

QUESTION NO: 7

An administrator has implemented a new SMTP service on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the servers public IP address is now reported in a spam real-time block list.Which of the following is wrong with the server? A. SMTP open relaying is enableD. B. It does not have a spam filter. C. The amount of sessions needs to be limiteD. D. The public IP address is incorrect. Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. When the technician suspects that weak passwords exist on the network B. When the technician is trying to guess passwords on a network C. When the technician has permission from the owner of the network D. When the technician is war driving and trying to gain access

sts

When should a technician perform penetration testing?

.co

m

Answer: D

3

CompTIA SY0-201: Practice Exam QUESTION NO: 8 Which of the following is MOST efficient for encrypting large amounts of data? A. Hashing algorithms B. Symmetric key algorithms C. Asymmetric key algorithms D. ECC algorithms Answer: B

QUESTION NO: 9 Which of the following is a reason why a company should disable the SSID broadcast of the wireless access points? A. Rogue access points B. War driving C. Weak encryption D. Session hijacking Answer: B

Which of the following BEST describes ARP? A. Discovering the IP address of a device from the MAC address B. Discovering the IP address of a device from the DNS name C. Discovering the MAC address of a device from the IP address D. Discovering the DNS name of a device from the IP address Answer: C

QUESTION NO: 11 Which of the following would be BEST to use to apply corporate security settings to a device? A. A security patch B. A security hotfix C. An OS service pack "Pass Any Exam. Any Time." - www.actualtests.com 4

Ac

tua

QUESTION NO: 10

lTe

sts

.co

m

Data integrity tua Which of the following is the main objective of steganography? lTe sts . Any Time.000b Answer: B QUESTION NO: 13 Answer: C QUESTION NO: 14 Which of the following would allow for secure key exchange over an unsecured network without a pre-shared key? A. $900 B. Hide information D.actualtests." . Encrypt information C. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5. If the anti-malware software is purchased. A security template Answer: D QUESTION NO: 12 A small call center business decided to install an email system to facilitate communications in the office.290 C. DH-ECC "Pass Any Exam. $5. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protecteD. $2. If workstations are compromised it will take three hours to restore services for the 30 staff.co m . Staff members in the call center are paid $90 per hour. $2. which of the following is the expected net savings? A.000 per year. AES C.www.700 D. 3DES B.CompTIA SY0-201: Practice Exam D.com 5 Ac A. Message digest B.

" . DNS logs B.co QUESTION NO: 16 m 6 . 636 sts A user wants to implement secure LDAP on the network.com Ac tua lTe A. MAC filtering C.actualtests. MD5 Answer: C QUESTION NO: 15 Which of the following improves security in a wireless system? A. Application logs C. 389 C. DHCP logs Answer: B QUESTION NO: 18 "Pass Any Exam. Any Time. 53 B. Firewall logs D. IP spoofing B. Which of the following port numbers secure LDAP use by default? . SSID spoofing D.CompTIA SY0-201: Practice Exam D. 443 D. Closed network Answer: B Answer: D QUESTION NO: 17 On which of the following is a security technician MOST likely to find usernames? A.www.

co m 7 .www. Five D. Seven Answer: B QUESTION NO: 19 During a risk assessment it is discovered that only one system administrator is assigned several tasks critical to continuity of operations. NIDS D." . Any Time. Disclosure of PII D.com Ac tua QUESTION NO: 20 lTe sts . Honeynet Answer: C QUESTION NO: 21 Which of the following is a single server that is setup in the DMZ or outer perimeter in order to distract attackers? "Pass Any Exam. Two C. One B. Single point of failure Answer: D Which of the following network filtering devices will rely on signature updates to be effective? A. Privilege escalation C.actualtests.CompTIA SY0-201: Practice Exam How many keys are utilized with asymmetric cryptography? A. DDoS B. It is recommended to cross train other system administrators to perform these tasks and mitigate which of the following risks? A. Proxy server B. Firewall C.

www." . AES C. Which of the following devices provides protection for the DMZ from attacks launched from the Internet? sts QUESTION NO: 23 . Any Time. 3DES D. Proxy server lTe An administrator is trying to secure a network from threats originating outside the network. Service pack management B.actualtests. VLAN Answer: C QUESTION NO: 22 Which of the following encryption algorithms is decrypted in the LEAST amount of time? A. Change management Answer: D "Pass Any Exam.co m 8 . Antivirus B. Firewall D. L2TP Answer: B Answer: C QUESTION NO: 24 Which of the following is a way to manage operating system updates? A. RSA B. Patch application C. Honeynet B.CompTIA SY0-201: Practice Exam A. Hotfix management D. Content filter C. Honeypot D.com Ac tua A. DMZ C.

Change management B. ACL Answer: A QUESTION NO: 26 Which of the following increases the collision resistance of a hash? A. which of following should be completed FIRST? A. which of the following processes should be followed? lTe sts . Whitelist B. "Pass Any Exam. Increase the input length C. Blacklist D. Chain of custody Answer: A QUESTION NO: 28 When deploying 50 new workstations on the network.actualtests." . Signature C. Any Time. Run the latest spywarE. Before implementing the new routine on the production application server. Secure disposal C. Password complexity D.co m . Larger key space Answer: A QUESTION NO: 27 A. Salt B.www. B. Install a word processor.com 9 Ac tua A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application.CompTIA SY0-201: Practice Exam QUESTION NO: 25 Which of the following is a list of discrete entries that are known to be benign? A. Rainbow Table D.

WBerlin Sans "Pass Any Exam. Any Time. Everyone has access to the private key on the CA. The key owner and a recipient of an encrypted email have exclusive access to the private key. Answer: C QUESTION NO: 29 Which of the following should be implemented to have all workstations and servers isolated in their own broadcast domains? A.Which of the following is this an example of? sts QUESTION NO: 30 .www. Access lists D. B. The key owner has exclusive access to the private key.actualtests. D. Spam C.co m . Trojan B. Run OS updates. Intranet Answer: A Answer: B QUESTION NO: 31 Which of the following BEST describes a private key in regards to asymmetric encryption? A. DNS poisoning tua lTe End users are complaining about receiving a lot of email from online vendors and pharmacies. NAT C.com 10 Ac A.CompTIA SY0-201: Practice Exam C. VLANs B. Apply the baseline configuration. Only the CA has access to the private key." . C. D. Phishing D.

www. Phishing B.CompTIA SY0-201: Practice Exam Answer: A QUESTION NO: 32 Which of the following logs might reveal the IP address and MAC address of a rogue device within the local network? A. Adware C. Antivirus selection Answer: B QUESTION NO: 35 Which of the following is a best practice for coding applications in a secure manner? "Pass Any Exam. Any Time. Antivirus logs Answer: B QUESTION NO: 33 Which of the following is commonly used in a distributed denial of service (DDOS) attack? A. Security logs B. Botnet D. Network intrusion detection B. Patch management C. DHCP logs C.co m 11 . Trojan Answer: C QUESTION NO: 34 Which of the following practices is MOST relevant to protecting against operating system security flaws? A. DNS logs D.actualtests. Firewall configuration D." .com Ac tua lTe sts .

Hijacking B.CompTIA SY0-201: Practice Exam A.www. DoS "Pass Any Exam. Firewall tua lTe Which of the following network tools would provide the information on what an attacker is doing to compromise a system? sts . Internet content filters D. Any Time." .com Ac A. Object oriented coding C. Intrusion detection B. Input validation B.co m 12 . Kiting D. Policy subversion C. Cloning Answer: B QUESTION NO: 37 Answer: B QUESTION NO: 38 Assigning proper security permissions to files and folders is the primary method of mitigating which of the following? A.actualtests. Proxy server B. Cross-site scripting Answer: A QUESTION NO: 36 Which of the following technologies can be used as a means to isolate a host OS from some types of security threats? A. Rapid Application Development (RAD) D. Trojan D. Honeypot C. Virtualization C.

B. The file server does not have logging enableD. Answer: B QUESTION NO: 41 An administrator suspects that files are being copied to a remote location during off hours. Firewall logs C. A port monitor utility shows that there are many connections to port 80 on the Internet facing web server. C." .CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 39 Which of the following logical access controls would be MOST appropriate to use when creating an account for a temporary worker? A. Intrusion detection logs B. D. Which of the following logs would be the BEST place to look for information? A. Antivirus logs D.com 13 Ac tua lTe sts . DNS logs "Pass Any Exam. Time of day restrictions D.actualtests.co m . Logical tokens Answer: B QUESTION NO: 40 Which of the following may be an indication of a possible system compromise? A.www. The certificate for one of the web servers has expired and transactions on that server begins to drop rapidly. disk space or memory utilization from the baselinE. ACL B. Any Time. A protocol analyzer records a high number of UDP packets to a streaming media server on the Internet. A performance monitor indicates a recent and ongoing drop in speed. Account expiration C.

Rule-Based Access control (RBAC) C.com Ac QUESTION NO: 44 tua lTe sts . Role-Based Access Control (RBAC) B. Mandatory Access Control (MAC) B.actualtests." . Any Time.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 42 Which of the following access control methods gives the owner control over providing permissions? A. Job rotation B. Least privilege D. Rule-Based Access control (RBAC) C. Discretionary Access Control (DAC) Answer: D QUESTION NO: 43 Which of the following access control methods grants permissions based on the users position in the company? A.co m 14 . Discretionary Access Control (DAC) D. Mandatory vacations C. Role-Based Access Control (RBAC) Answer: D Which of the following access control methods includes switching work assignments at preset intervals? A. Separation of duties Answer: A QUESTION NO: 45 "Pass Any Exam. Mandatory Access Control (MAC) D.www.

RAS C. Password cracker C. Virus Answer: C "Pass Any Exam. Any Time. RADIUS D.com 15 Ac tua lTe QUESTION NO: 47 sts . RADIUS B." . Availability B.co m . Confidentiality Answer: C QUESTION NO: 48 Which of the following allows an attacker to embed a rootkit into a picture? A. Worm C. Man-in-the-middle attack Answer: C Which of the following ensures a user cannot deny having sent a message? A.CompTIA SY0-201: Practice Exam Which of the following authentication methods would MOST likely prevent an attacker from being able to successfully deploy a replay attack? A. Non-repudiation D. Port scanner D. Trojan horse B.www.actualtests. TACACS B. Kerberos Answer: D QUESTION NO: 46 Which of the following would an attacker use to footprint a system? A. Integrity C. Steganography D.

actualtests.CompTIA SY0-201: Practice Exam QUESTION NO: 49 Which of the following is a publication of inactivated user certificates? A.com Ac tua QUESTION NO: 51 lTe sts . Certificate suspension C. Any Time. Replay attacks B.www.co m 16 . Shoulder surfing Answer: D QUESTION NO: 52 Which of the following allows an attacker to hide the presence of malicious code by altering the systems process and registry entries? A." . SMTP C. Certificate authority Answer: A QUESTION NO: 50 Which of the following is a method of encrypting email? A. L2TP D. Recovery agent D. VPN Answer: A Which of the following risks would be reduced by implementing screen filters? A. Logic bomb "Pass Any Exam. Man-in-the-middle attacks D. Certificate revocation list B. Phishing C. S/MIME B.

Worm C." . DMZ B. Rootkit C.com Ac tua lTe sts . Trojan D.co m 17 . Honeypot C. Any Time. NIPS B. Virus Answer: A QUESTION NO: 54 An administrator wants to setup their network with only one public IP address.www. Rootkit Answer: D QUESTION NO: 53 Which of the following will propagate itself without any user interaction? A. Which of the following would allow for this? A.actualtests.CompTIA SY0-201: Practice Exam B. Which of the following would allow the administrator to do this? A. NAT Answer: D QUESTION NO: 55 An administrator wants to proactively collect information on attackers and their attempted methods of gaining access to the internal network. VLAN C. DMZ D. NIDS Answer: B "Pass Any Exam. Trojan D. Worm B. NIDS D.

Which of the following would be the BEST solution to deploy? m 18 ." . Vulnerability scanner C. which of the following should be done? "Pass Any Exam.www. Security roll-up D. Proxy C. Any Time.com Ac tua lTe A. Hotfix C. Port scanner D. NIDS sts . Patch B.CompTIA SY0-201: Practice Exam QUESTION NO: 56 Which of the following allows a technician to correct a specific issue with a solution that has not been fully tested? A. Protocol analyzer B. Internet content filter B.co A technician wants to regulate and deny traffic to websites that contain information on hacking. Protocol analyzer D. Penetration test Answer: B QUESTION NO: 59 If a certificate has been compromised. Service pack Answer: B QUESTION NO: 57 Answer: A QUESTION NO: 58 Which of the following is the LEAST intrusive way of checking the environment for known software flaws? A.actualtests.

CompTIA SY0-201: Practice Exam A. Run the recovery agent. B. Put the certificate on the CRL. C. Put the certificate in key escrow. D. Suspend the certificate for further investigation. Answer: B

QUESTION NO: 60 Which of the following requires an update to the baseline after installing new software on a machine? A. Signature-based NIPS B. Signature-based NIDS C. Honeypot D. Behavior-based HIDS Answer: D

QUESTION NO: 61

Answer: D

QUESTION NO: 62 Which of the following is the BEST way to reduce the number of accounts a user must maintain? A. Kerberos B. CHAP C. SSO D. MD5 Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

A. LDAP B. 8021x C. RAS D. RADIUS

tua

lTe

Which of the following would be the MOST secure choice to implement for authenticating remote connections?

sts

.co

m

19

CompTIA SY0-201: Practice Exam

QUESTION NO: 63 Which of the following can be used as a means for dual-factor authentication? A. RAS and username/password B. RADIUS and L2TP C. LDAP and WPA D. Iris scan and proximity card Answer: D

QUESTION NO: 64 After implementing file auditing, which of the following logs would show unauthorized usage attempts? A. Performance B. System C. Security D. Application Answer: C

QUESTION NO: 65

Which of the following type of attacks requires an attacker to sniff the network? A. Man-in-the-Middle B. DDoS attack C. MAC flooding D. DNS poisoning Answer: A

QUESTION NO: 66 If a user attempts to go to a website and notices the URL has changed, which of the following attacks is MOST likely the cause?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

20

CompTIA SY0-201: Practice Exam A. DLL injection B. DDoS attack C. DNS poisoning D. ARP poisoning Answer: C

QUESTION NO: 67 Which of the following attacks can be caused by a user being unaware of their physical surroundings? A. ARP poisoning B. Phishing C. Shoulder surfing D. Man-in-the-middle Answer: C

QUESTION NO: 68

Answer: A

QUESTION NO: 69 Which of the following redundancy solutions contains hardware systems similar to the affected organization, but does not provide live data? A. Hot site B. Uninterruptible Power Supply (UPS) C. Warm site D. Cold site

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

A. Unplug the Ethernet cable from the wireless access point. B. Enable MAC filtering on the wireless access point. C. Change the SSID on the wireless access point. D. Run a ping against the wireless access point.

tua

lTe

Which of the following actions should be performed upon discovering an unauthorized wireless access point attached to a network?

sts

.co

m

21

CompTIA SY0-201: Practice Exam Answer: C

QUESTION NO: 70 During the implementation of LDAP, which of the following will typically be changed within the organizations software programs? A. IP addresses B. Authentication credentials C. Non-repudiation policy D. Network protocol Answer: B

QUESTION NO: 71

Which of the following would be MOST useful to determine why packets from a computer outside the network are being dropped on the way to a computer inside the network? A. HIDS log B. Security log C. Firewall log D. System log Answer: C

Which of the following security policies is BEST to use when trying to mitigate the risks involved with allowing a user to access company email via their cell phone? A. The cell phone should require a password after a set period of inactivity. B. The cell phone should only be used for company related emails. C. The cell phone data should be encrypted according to NIST standards. D. The cell phone should have data connection abilities disableD. Answer: A

QUESTION NO: 73

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

QUESTION NO: 72

tua

lTe

sts

.co

m

22

LANMAN D. Any Time. MD5 B.CompTIA SY0-201: Practice Exam An administrator has been asked to encrypt credit card datA. Private "Pass Any Exam. NTLM B. MD5 C. SHA-1 Answer: C Which of the following algorithms is MOST closely associated with the signing of email messages? A. TKIP C." . SHA-1 Answer: C QUESTION NO: 76 An executive uses PKI to encrypt sensitive emails sent to an assistant.www. In addition to encrypting the body of the email. PGP D.com Ac tua lTe QUESTION NO: 75 sts . MD5 Answer: B QUESTION NO: 74 Which of the following algorithms is the LEAST secure? A. SHA-1 D. 3DES B. AES C. the executive wishes to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which of the following algorithms would be the MOST secure with the least CPU utilization? A.co m 23 . Public B.actualtests. Which of the following asymmetric keys should the executive use to encrypt the signature? A.

co m 24 . Bluesnarfing C. Recovery agent C. Shared D.actualtests." .com Ac tua A. Any Time. Which of the following tools could be used to confirm this? sts .CompTIA SY0-201: Practice Exam C. Port scan lTe An administrator suspects that multiple PCs are infected with a zombie. Access enforcement B. Hash Answer: B QUESTION NO: 77 A technician needs to detect staff members that are connecting to an unauthorized website. HIDS Answer: A QUESTION NO: 78 Answer: A QUESTION NO: 79 Which of the following is an example of security personnel that administer access control functions. Separation of duties C.www. but do not administer audit functions? A. Spyware D. Antivirus B. Protocol analyzer B. Which of the following could be used? A. Least privilege D. Host routing table D. Account management "Pass Any Exam.

Deleting Answer: C QUESTION NO: 83 "Pass Any Exam. Reformatting B. Destruction C. Containment C. g. Which of the following should be the administrators FIRST response? A." . Halon D.co m 25 . Removal B. Any Time. Foam B.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 80 A malware incident has just been detected within a company.com Ac QUESTION NO: 82 tua lTe sts .www. Water Answer: B Which of the following describes the process of securely removing information from media (E. which of the following types of fire suppression substances would BEST prevent damage to electronic equipment? A. CO2 C. Sanitization D.actualtests. Recovery D. hard drive) for future use? A. Monitor Answer: B QUESTION NO: 81 Taking into account personal safety.

Two-factor authentication B. Privilege escalation B. Most privilege B.www. Each member of the group should have read/write permissions to a sharE. Read only access Answer: B QUESTION NO: 86 Which of the following threats is the MOST difficult to detect and hides itself from the operating system? A.actualtests. Any Time. Role based Answer: B QUESTION NO: 84 Which of the following type of strategies can be applied to allow a user to enter their username and password once in order to authenticate to multiple systems and applications? A. User A was trying to update a file but when the user tried to access the file the user was denieD. Which of the following would explain why User A could not access the file? lTe QUESTION NO: 85 sts . Least privilege D. Single sign-on C.com Ac tua User A is a member of the payroll security group." . Smart card D.co m 26 . Rule based D. Biometrics Answer: B A. Least privilege C. Rootkit "Pass Any Exam.CompTIA SY0-201: Practice Exam Which of the following principles should be applied when assigning permissions? A. Rights are not set correctly C.

Spyware D.www. Adware D.co m 27 . Spoofing Answer: C "Pass Any Exam.com Ac tua lTe sts .actualtests. Rootkit D. Null session D. Spyware Answer: B QUESTION NO: 88 Which of the following is an attack that is triggered by a specific event or by a date? A. Any Time. Spam C.CompTIA SY0-201: Practice Exam B. Adware C. Privilege escalation Answer: A QUESTION NO: 89 Which of the following can an attacker use to gather information on a system without having a user ID or password? A. NAT B." . Spam Answer: A QUESTION NO: 87 Which of the following methods is used to perform denial of service (DoS) attacks? A. DNS poisoning C. Botnet C. Logic bomb B. Privilege escalation B.

Privilege escalation D. Spanning port B.com 28 Ac tua lTe sts . Any Time. VLAN D. The technician should be concerned with all of the following wireless vulnerabilities EXCEPT: A." . Installation of a back door C.www.CompTIA SY0-201: Practice Exam QUESTION NO: 90 Which of the following is a way to logically separate a network through a switch? A. "Pass Any Exam.co m . rogue access points. Replay attack B. NAT Answer: C QUESTION NO: 91 Which of the following is a security threat when a new network device is configured for first-time installation? A. Subnetting C. Use of default passwords Answer: D QUESTION NO: 92 Which of the following is an exploit against a device where only the hardware model and manufacturer are known? A. Attacker privilege escalation B. Default passwords Answer: D QUESTION NO: 93 A technician is implementing a new wireless network for an organization.actualtests. Denial of service (DoS) C. Denial of Service (DoS) D.

Performance baseline C. SSID broadcasts.www. Key escrow D.com Ac tua A. C. Security template lTe An organization is installing new servers into their infrastructurE. 80211 modE. Router ACL D." .CompTIA SY0-201: Practice Exam B. Performance monitor B. Recovery agent B. Which of the following should the technician use to correct this problem? A. Certificate revocation list C. Any Time. Network scanner Answer: D QUESTION NO: 95 Answer: A QUESTION NO: 96 After issuance a technician becomes aware that some keys were issued to individuals who are not authorized to use them. Public key recovery Answer: B "Pass Any Exam. D. Service level agreement B. Device manufacturer documentation D. In which of the following is the availability requirements identified? sts . Protocol analyzer C. A technician is responsible for making sure that all new servers meet security requirements for uptimE. Answer: B QUESTION NO: 94 Which of the following tools will allow the technician to find all open ports on the network? A.co m 29 .actualtests. weak encryption.

www. Data storage and retention policies C. User access and rights B.actualtests. Penetration tests are generally used to scan the network and identify open ports. Penetration tests are generally used to exploit a weakness without permission and show how an attacker might compromise a system. Answer: C QUESTION NO: 98 Which of the following properly describes penetration testing? Answer: D QUESTION NO: 99 Which of the following should a technician review when a user is moved from one department to another? A. D." . B. sniff network passwords.co m 30 . Acceptable usage policy Answer: A QUESTION NO: 100 Which of the following is a reason to implement security logging on a DNS server? "Pass Any Exam. B. sts . D.CompTIA SY0-201: Practice Exam QUESTION NO: 97 Password crackers are generally used by malicious attackers to: A. gain system access.com Ac tua lTe A. Any Time. C. Penetration tests are generally used to map the network and grab banners. Penetration tests are generally used to demonstrate a weakness in a system and then provide documentation on the weakness. C. Users group policy D. facilitate penetration testing. verify system access.

C. To perform penetration testing on the DNS server D." . The technician has been tasked with making sure that the virtualization technology is implemented securely.com Ac tua lTe sts . D. Which of the following should the technician implement to meet managements request? A.co m 31 . Time of day restrictions D. Which of the following is a concern when implementing virtualization technology? A.CompTIA SY0-201: Practice Exam A. To measure the DNS server performance C. To monitor unauthorized zone transfers B. To control unauthorized DNS DoS Answer: A QUESTION NO: 101 A technician is rebuilding the infrastructure for an organization. The technician should verify that the virtual servers and the host have the latest service packs and patches applieD. Access control lists Answer: C QUESTION NO: 103 "Pass Any Exam. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. The technician should subnet the network so each virtual server is on a different network segment.actualtests. Answer: B QUESTION NO: 102 A technician is reviewing the logical access control method an organization uses. B. The technician should verify that the virtual servers are dual homed so that traffic is securely separateD. Any Time. Deploy smart cards C. Enforce Kerberos B.www. The technician should perform penetration testing on all the virtual servers to monitor performancE.

Download the patch from the vendors secure website and install it on the most vulnerable workstation." . AES B. Symmetric Answer: C QUESTION NO: 106 Which of the following BEST describes the term war driving? A. test the patch and install it on all workstations. Download the patch from the Internet. Quantum B. DES C.com Ac tua QUESTION NO: 105 lTe sts . B. C. Elliptical curve C.www.CompTIA SY0-201: Practice Exam How would a technician implement a security patch in an enterprise environment? A.actualtests. Driving from point to point with a laptop and an antenna to find unsecured wireless access points. Download the patch from the vendors secure website.WBerlin Sans Answer: B QUESTION NO: 104 Which of the following is considered the weakest encryption? A.co m 32 . "Pass Any Exam. Download the patch from the vendors secure website and install it as needeD. Any Time. RSA Answer: B Which of the following encryption schemes is the public key infrastructure based on? A. Asymmetric D. D. SHA D. test the patch and install it on all of the production servers.

Blocks everything and allows the maximum level of permissions Answer: B QUESTION NO: 108 When is the BEST time to update antivirus definitions? A. To change a users passwords when they leave the company C. As the definitions become available from the vendor C." . Driving from point to point with a wireless network card and hacking into unsecured wireless access points.www.co m 33 . At least once a week as part of system maintenance B. Any Time. When a new virus is discovered on the system D. When an attack occurs on the network Answer: B QUESTION NO: 109 Why would a technician use a password cracker? A.actualtests. C.com Ac tua lTe sts .CompTIA SY0-201: Practice Exam B. To enforce password complexity requirements D. To look for weak passwords on the network B. D. Driving from point to point with a wireless scanner to read other users emails through the access point. Driving from point to point with a wireless scanner to use unsecured access points. Blocks everything and only allows the minimal required privileges D. Blocks everything and only allows privileges based on job description B. Answer: A QUESTION NO: 107 Which of the following statements BEST describes the implicit deny concept? A. To change users passwords if they have forgotten them Answer: A "Pass Any Exam. Blocks everything and only allows explicitly granted permissions C.

A NIDS is installed on the proxy server. D. A NIDS monitors and analyzes network traffic for possible intrusions. Install an ACL on the firewall to block traffic from the sender and filter the IP address. Answer: B QUESTION NO: 113 Which of the following are characteristics of a hash function? (Select TWO). Which of the following steps should be taken to stop this from occurring? A. Configure a rule in each users router and restart the router.www. Configure rules on the users host and restart the host. D. B. Run performance monitor to evaluate the CPU usage. Install HIDS to determine the CPU usage. A NIDS prevents certain types of traffic from entering a network. A NIDS is normally installed on the email server. C. C. Install an anti-spam filter on the domain mail servers and filter the email address. Which of the following will help determine the amount of CPU cycles that are being consumed? tua lTe sts A.CompTIA SY0-201: Practice Exam QUESTION NO: 110 Users on a network report that they are receiving unsolicited emails from an email address that does not change.co Which of the following is a true statement with regards to a NIDS? m 34 . B. C.com Ac A technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system.actualtests." . D. Install malware scanning software. . B. "Pass Any Exam. Answer: C QUESTION NO: 111 Answer: A QUESTION NO: 112 A. Use a protocol analyzer to find the cause of the traffic. Any Time.

" . Phishing B. Mantrap B.www. Encrypts a connection C. Telnet C.com Ac A.actualtests. rlogin D. SSH B. Insider theft C. Shoulder surfing tua lTe Which of the following might an attacker resort to in order to recover discarded company documents? sts . DMZ C. Fixed length output E. Turnstile D. Dumpster diving D. Ensures data can be easily decrypted D. Anti-pass back Answer: A "Pass Any Exam. One-way B. Requires a key Answer: A. Any Time.D QUESTION NO: 114 Which of the following is the MOST secure alternative for administrative access to a router? A. HTTP Answer: A QUESTION NO: 115 Answer: C QUESTION NO: 116 Which of the following creates a security buffer zone between two rooms? A.CompTIA SY0-201: Practice Exam A.co m 35 .

Password cracker Answer: B QUESTION NO: 118 Kerberos uses which of the following trusted entities to issue tickets? A. Patch management D. Which of the following would invalidate an SQL injection attack launched from the lookup field at the web server level? "Pass Any Exam. Firewall D.CompTIA SY0-201: Practice Exam QUESTION NO: 117 Which of the following tools would be used to review network traffic for clear text passwords? A. Vulnerability assessment B.www. Port scanner B. Certificate Authority C.com Ac tua QUESTION NO: 119 lTe sts . Any Time. Imaging software C. Configuration baseline Answer: D QUESTION NO: 120 A companys website allows customers to search for a product and display the current price and quantity available of each product from the production databasE. Key Distribution Center Answer: D Which of the following specifies a set of consistent requirements for a workstation or server? A." . Ticket Granting System B.co m 36 .actualtests. Protocol analyzer C. Internet Key Exchange D.

Hypervisor D. TCP/IP Hijacking D. ACL D. Firewall C. Caching server Answer: A "Pass Any Exam. VMOS B." . Any Time. Virtual supervisor Answer: C QUESTION NO: 122 Answer: B QUESTION NO: 123 Which of the following is the BEST tool for allowing users to go to approved business-related websites only? A.co m 37 .actualtests. ARP Poisoning B.com Ac tua A.CompTIA SY0-201: Practice Exam A. Input validation Answer: D QUESTION NO: 121 Which of the following virtual machine components monitors and manages the various virtual instances? A. DoS C. Buffer overflow protection C. NIPS D.www. VCPU C. Security template B. Internet content filter B. Man-in-the-middle lTe A smurf attack is an example of which of the following threats? sts .

Install anti-virus software on the USB drives. Provides a restricted environment for executing code Answer: D QUESTION NO: 125 An unauthorized user intercepted a users password and used this information to obtain the companys administrator password. The unauthorized user can use the administrators password to access sensitive information pertaining to client datA. Which of the following is this an example of? A. B. Least privilege C. Answer: A. C.CompTIA SY0-201: Practice Exam QUESTION NO: 124 Which of the following is a security trait of a virtual machine? A. Disable USB within the workstations BIOS. D.www. E. Privilege escalation D. Provides additional resources for testing B. Apply the concept of least privilege to USB devices. A technician is concerned that sensitive files can be copied to the USB drives. Provides a read-only area for executing code D. Provides real-time access to all system processes C.co m ." . A. Disable the USB root hub within the OS.Which of the following mitigation techniques would address this concern? (Select TWO). Session hijacking B. Network address translation Answer: C QUESTION NO: 126 Users are utilizing thumb drives to connect to USB ports on company workstations.C QUESTION NO: 127 "Pass Any Exam.actualtests. Any Time.com 38 Ac tua lTe sts . Run spyware detection against all workstations.

Create a boot disk for the operating system. C. and therefore the user is concerneD. Answer: D QUESTION NO: 129 A." . The technician notices that when certain characters are input into the application it will crash the server. The administrator still has a concern about traffic inside the "Pass Any Exam. Lock-down the database D. Any Time.com 39 Ac A technician is testing the security of a new database application with a website front-end. S/MIME. which of the following should be established? A. D. The email account is new. In order to quickly replicate these controls on all systems. a user starts receiving messages from unknown sources. Take screen shots of the configuration options. Which of the following does the technician need to do? tua lTe sts .co m . C. spam. D. This type of message traffic is referred to as: A. Utilize SSL on the website B. instant message traffiC. B. Create an image from the OS install. B.www. Implement an ACL C. Answer: B QUESTION NO: 128 After registering an email address on a website. Implement OS hardening procedures. Input validation Answer: D QUESTION NO: 130 An administrator in a small office environment has implemented an IDS on the network perimeter to detect malicious traffic patterns.CompTIA SY0-201: Practice Exam An administrator has developed an OS install that will implement the tightest security controls possible.actualtests. SPIM.

HIDS B. Any Time. IPv6 B. DMZ D.CompTIA SY0-201: Practice Exam network originating between client workstations.comptiA.xyz.Which of the following should be implemented on the network to isolate these public hosts from the rest of the network? tua lTe QUESTION NO: 132 sts . Which of the following is this an example of? A.actualtests. Which of the following does the user want to implement? "Pass Any Exam. DNS poisoning B. DoS C. Smurf attack Answer: A A. The user wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the Internet. A network router D. com. An access list Answer: A QUESTION NO: 131 A user is redirected to a different website when the user requests the DNS record www. Which of the following could be implemented? A.www. VLAN Answer: C QUESTION NO: 133 A user has decided that they do not want an internal LAN segment to use public IP addresses. These servers will include a website and mail server.com 40 Ac A company wants to host public servers on a new network. IPSec C. DNS caching D.co m ." . A VLAN C.

CompTIA SY0-201: Practice Exam A.com Ac tua lTe sts .actualtests. SFTP Answer: B QUESTION NO: 134 An administrator has been studying stateful packet inspection and wants to implement this security technique on the network. IPSec B.www. To provide a decoy target on the network C. Which of the following devices could the administrator use to BEST utilize stateful packet inspection? A. SSH D. Which of the following type of fire suppression systems should be used? A. Firewall Answer: D QUESTION NO: 135 Which of the following is the primary purpose of a honeypot? A. Carbon Dioxide B.co m 41 . IDS C. Provide cryptography for the network D. Wet pipe sprinkler D." . Translate addresses at the perimeter B. Any Time. Hub B. NAT C. Switch D. Deluge sprinkler "Pass Any Exam. Work as a network proxy Answer: B QUESTION NO: 136 An administrator wants to ensure that that no equipment is damaged when there is a fire or false alarm in the server room. Hydrogen Peroxide C.

" . Which of the following protocols does the system need to support? "Pass Any Exam. Issue private/public keys Answer: D QUESTION NO: 139 A. Kerberos authentication D.www. SFTP D.co m . SNMP C.CompTIA SY0-201: Practice Exam Answer: A QUESTION NO: 137 Which of the following is a CRL composed of? A. SSH Answer: D QUESTION NO: 140 A user is attempting to receive digitally signed and encrypted email messages from a remote office. Any Time. Expired user accounts Answer: B QUESTION NO: 138 Which of the following is the primary purpose of a CA? A. Certificate authorities D. Public Key Infrastructure (PKI) B. LANMAN validation B.actualtests. Expired or revoked certificates C. Which of the following should be implemented on the network? tua lTe sts . Encrypt data C.com 42 Ac An administrator wants to replace telnet with a more secure protocol to manage a network device. SMTP B.

actualtests. ISAKMP D. OVAL C. Kiting D. Any Time. Which of the following should be implemented? A.com Ac tua lTe sts . Blowfish D. SSL B. IPSec Answer: B QUESTION NO: 141 An administrator does not want anyone to VPN from inside the network to a remote office or network.co m 43 . 3DES Answer: A QUESTION NO: 143 Which of the following is MOST likely provided by asymmetric key cryptography? A. Which of the following protocols should be blocked outbound on the network? A. ISAKMP Answer: D QUESTION NO: 142 An administrator is implementing a public website and they want all client connections to the server to be encrypted via their web browser. SMTP B. SHA-1 C. S/MIME C.CompTIA SY0-201: Practice Exam A. Confidentiality "Pass Any Exam. SNMP D. Performance B.www." . A pre-shared key C. TPM B.

co m 44 .actualtests. "Pass Any Exam. Session keys are encrypted using a symmetric algorithm. It is implemented in portable devices. D. C. Rijndael. B. It is a private key algorithm.CompTIA SY0-201: Practice Exam Answer: D QUESTION NO: 144 All of the following are symmetric key algorithms EXCEPT: A. B. It is CPU intensivE. ECC. RC4 Answer: A QUESTION NO: 145 Which of the following is true about ECC algorithms? A. C. Any Time. D. B. D. 3DES. Answer: B QUESTION NO: 147 Which of the following can reduce the risk associated with password guessing attacks? (Select TWO). Answer: B QUESTION NO: 146 Which of the following is a way to encrypt session keys using SSL? A." . Session keys are encrypted using an asymmetric algorithm.www. Session keys are sent unencrypteD.com Ac tua lTe sts . Session keys are sent in clear text because they are private keys. It is the algorithm used in PGP. C.

Performing a Gutman sanitization of the drive B. B. D. D. Implement shared passwords.E QUESTION NO: 148 Which of the following is a common practice in forensic investigation? A. Conduct periodic personnel employment verifications. Implement shadow passwords. Answer: C. E. Performing a sanitization of the drive Answer: B QUESTION NO: 149 Answer: B. C. sts . Conduct periodic penetration testing assessments. Conduct vulnerability assessments. Implement account-lockout thresholds. Performing a binary copy of the systems storage media C. B. Conduct rights review of users and groups. Conduct virus scan. Signature B.www. Any Time. Implement stronger password complexity policies. NIDS signature "Pass Any Exam.C QUESTION NO: 150 Antivirus software products detect malware by comparing the characteristics of known instances against which of the following type of file sets? A.com 45 Ac A. C. Performing a file level copy of the systems storage media D. tua lTe Which of the following is done to ensure appropriate personnel have access to systems and networks? (Select TWO). E." .CompTIA SY0-201: Practice Exam A. Text C.actualtests.co m . Implement single sign-on.

com Ac tua lTe A. Sanitization C. Degaussing sts Which of the following is the BEST process of removing PII data from a disk drive before reuse? . Any Time.co m Answer: A 46 . Rule based B. Reformatting D. Least privilege D. Destruction B.CompTIA SY0-201: Practice Exam D. Halon D.actualtests.www. Water B. Foam QUESTION NO: 152 Answer: B QUESTION NO: 153 When assigning permissions. which of the following concepts should be applied to enable a person to perform their job task? A. Dynamic Library Answer: A QUESTION NO: 151 Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment? A." . Role based Answer: C QUESTION NO: 154 "Pass Any Exam. Discretionary access control (DAC) C. Carbon Dioxide C.

Execute only access C.co m 47 . Spamming D. Write only access Answer: C QUESTION NO: 157 Accessing a system or application using permissions from another users account is a form of which of the following? A. Phishing B. DNS spoofing Answer: A QUESTION NO: 155 Users do not want to enter credentials to each server or application to conduct their normal work. a user had attempted to log onto the network over 250 times. Rights are not set correctly D. Domain kiting "Pass Any Exam. Two-factor authentication C.CompTIA SY0-201: Practice Exam While conducting a review of the system logs. Brute force B. Biometrics D. Phishing C. Audit only access B. Which of the following type of attacks is MOST likely occurring? A. Which of the following would explain why the user could not access the file? lTe sts . Smart card B." . SSO Answer: D QUESTION NO: 156 A.actualtests. Any Time.www. Which of the following type of strategies will resolve this issue? A.com Ac tua A user was trying to update an open file but when they tried to access the file they were denied.

com Ac tua lTe A." .co m Answer: C 48 . A hotfix C. To prevent system start-up without knowing the password C. Weak passwords Answer: D "Pass Any Exam. Patch management B. To keep a user from changing the boot order of the system D. Any Time. The users are not required to change this password. by default the passwords are based off of the word $ervicexx. Privilege escalation Answer: D QUESTION NO: 158 Which of the following is an important reason for password protecting the BIOS? A. where xx is the last two numbers of the users cell phone number. Which of the following is this an example of? A. To keep a virus from overwriting the BIOS QUESTION NO: 159 Answer: C QUESTION NO: 160 A company uses a policy of assigning passwords to users.www. ARP spoofing D. Back door D. Known plain text C. Service pack D.actualtests. To maintain password complexity requirements B. Default accounts B. A patch sts Which of the following is a software bundle containing multiple security fixes? .CompTIA SY0-201: Practice Exam C.

Have a solid acceptable use policy in place with a click through banner.CompTIA SY0-201: Practice Exam QUESTION NO: 161 Which of the following is an installable package that includes several patches from the same vendor for various applications? A. D. One of the users forgot their password and kept trying to login." . C. Any Time. B. D. Patch rollup Answer: C QUESTION NO: 162 A. The error log shows unknown username or passworD. The end users ISP is having issues with packet loss. . C. Patch template C. Which of the following can be implemented to increase security and prevent this from happening? "Pass Any Exam. Provide a service level agreement that addresses social engineering issues. Which of the following is this an example of? tua QUESTION NO: 163 lTe Answer: B sts A. Have user sign both the acceptable use policy and security based HR policy.actualtests. Answer: B QUESTION NO: 164 An administrator notices that former temporary employees accounts are still active on a domain. The local firewall is blocking GRE packets.co m Which of the following is a best practice to prevent users from being vulnerable to social engineering? 49 .www. Service pack D. Provide thorough and frequent user awareness training.com Ac The RAS logs on a server show 100 errors in a two minute time period from an attempt to access an account. Hotfix B. B. An unauthorized attempt to access the server.

CompTIA SY0-201: Practice Exam A. Run a last logon script to look for inactive accounts. B. Implement an account expiration date for temporary employees. C. Implement a password expiration policy. D. Implement time of day restrictions for all temporary employees. Answer: B

QUESTION NO: 165 Which of the following is the primary security risk with coaxial cable? A. Diffusion of the core light source B. Data emanation from the core C. Crosstalk between the wire pairs D. Refraction of the signal Answer: B

Which of the following is a collection of patches? A. A security template B. A service pack C. A security hotfix D. A security baseline Answer: B

QUESTION NO: 167

Which of the following would allow an administrator to find weak passwords on the network? A. A network mapper B. A hash function C. A password generator D. A rainbow table Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

QUESTION NO: 166

.co

m

50

CompTIA SY0-201: Practice Exam QUESTION NO: 168 Which of the following is the BEST place where the disaster recovery plan should be kept? A. Printed out and kept in the desk of the CIO B. At multiple offsite locations C. Multiple copies printed out and kept in the server room D. On the network file server Answer: B

QUESTION NO: 169 Which of the following is established immediately upon evidence seizure? A. Start the incident respond plan B. Damage and loss control C. Chain of custody D. Forensic analysis Answer: C

QUESTION NO: 170

Answer: A

QUESTION NO: 171 Which of the following algorithms have the smallest key space? A. IDEA B. SHA-1 C. AES D. DES "Pass Any Exam. Any Time." - www.actualtests.com 51

Ac

A. Recovery agent B. Registration authority C. Domain administrator D. Group administrator

tua

Which of the following is a required privilege that an administrator must have in order to restore a public/private key set on a certificate authority (CA)?

lTe

sts

.co

m

CompTIA SY0-201: Practice Exam Answer: D

QUESTION NO: 172 Which of the following is the MOST recent addition to cryptography? A. AES B. DES C. 3DES D. PGP Answer: A

QUESTION NO: 173

Answer: B

QUESTION NO: 174

A. A warm site B. A cold site C. Amobile site D. A hot site Answer: D

QUESTION NO: 175 Which of the following allows devices attached to the same switch to have separate broadcast domains?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Which of the following provides the MOST comprehensive redundancy for an entire site with the least downtime?

tua

lTe

sts

A. Public key infrastructure B. Symmetric key cryptography C. Secure hashing algorithm D. Asymmetric key cryptography

.co

Which of the following requires a common pre-shared key before communication can begin?

m

52

CompTIA SY0-201: Practice Exam A. NAT B. DMZ C. NAC D. VLAN Answer: D

QUESTION NO: 176 Which of the following allows for notification when a hacking attempt is discovered? A. NAT B. NIDS C. Netflow D. Protocol analyzer Answer: B

When dealing with a 10BASE5 network, which of the following is the MOST likely security risk? A. An incorrect VLAN B. SSID broadcasting C. A repeater D. A vampire tap Answer: D

QUESTION NO: 178

Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem? A. A vulnerability scanner B. Security baselines C. A port scanner D. Group policy Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

QUESTION NO: 177

.co

m

53

actualtests. Disaster planning B.com Ac tua lTe sts . Acceptable use policies D.CompTIA SY0-201: Practice Exam QUESTION NO: 179 Which of the following allows for proof that a certain person sent a particular email? A. Single sign-on B. Steganography B. DES C." . NTLMv2 Answer: B QUESTION NO: 182 Sending a patch through a testing and approval process is an example of which of the following? A. PGP D. RSA Answer: C QUESTION NO: 181 Which of the following allows for the highest level of security at time of login? A. AES B. One-factor authentication D.www. Trusted Platform Module D. Integrity C. Two-factor authentication C. Change management C. Non-repudiation Answer: D QUESTION NO: 180 Which of the following uses a key ring? A. Any Time.co m 54 . User education and awareness training "Pass Any Exam.

co m 55 . MAC D.www. TCP/IP hijacking B. DDoS C. where can a technician generate the key pairs? "Pass Any Exam. Low humidity and low temperature D.actualtests. DoS Answer: D QUESTION NO: 184 Which of the following would use a group of bots to stop a web server from accepting new requests? A. High humidity and low temperature C. Any Time. High humidity and high temperature Answer: A QUESTION NO: 186 Using an asymmetric key cryptography system.com Ac QUESTION NO: 185 tua lTe sts .CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 183 Sending continuous TCP requests to a device and ignoring the return information until the device ceases to accept new connections is an example of which of the following? A. DNS poisoning C. ARP Answer: B Which of the following is the MOST likely to generate static electricity? A." . DoS B. Kiting D. Low humidity and high temperature B.

Weak encryption B. Rule-Based Access Control (RBAC) Answer: C "Pass Any Exam." .CompTIA SY0-201: Practice Exam A. Any Time.com Ac tua lTe sts QUESTION NO: 188 . A key escrow service D.www. Shielded twisted pair cable Answer: C Which of the following allows a person to find public wireless access points? A. A recovery agent Answer: A QUESTION NO: 187 Which of the following media is the LEAST likely to be successfully tapped into? A. Role-Based Access Control (RBAC) C. Mandatory Access Control (MAC) B. SSID broadcast D. Coaxial cable C. Fiber optic cable D.actualtests. 8021x C. Unshielded twisted pair cable B. Data emanation Answer: C QUESTION NO: 189 Which of the following allows a file to have different security permissions for users that have the same roles or user groups? A.co m 56 . Discretionary Access Control (DAC) D. IETF C. A certificate authority B.

That the user has sufficient rights to print to the printer D. Any Time. That the toner should be changed in the printer C. Firewall B. Least privilege B. Which of the following is this an example of? A. Separation of duties D. That the printer has the correct size of paper in each of the trays B." . The administrator logs onto the PC and prints successfully. Job rotation Answer: D QUESTION NO: 192 A. Honeypot Answer: D QUESTION NO: 191 A company decides that the purchasing agent and the accounts receivable agent should exchange positions in order to allow for more oversight of past transactions. Man-in-the-middle C.co m 57 . Proxy server D. Which of the following is this an example of? A.com Ac A user complains that the color laser printer continuously gives an access denied message while attempting to print a text document.CompTIA SY0-201: Practice Exam QUESTION NO: 190 A DMZ has a fake network that a hacker is attacking. Which of the following should the administrator check FIRST? tua lTe sts . Implicit deny C.actualtests. That the user is attempting to print to the correct printer tray Answer: C QUESTION NO: 193 Which of the following uses a sandbox to manage a programs ability to access system resources? "Pass Any Exam.www.

C. The local security template Answer: A Answer: C QUESTION NO: 196 A user is convinced that someone is attempting to use their user account at night. lTe A user is denied access to a filE. JavaScript D. Which of the following is the FIRST action for the technician to take? sts QUESTION NO: 195 .co m 58 . D.www.actualtests. Java B. Grant access to the filE. The IDS logs B. Reboot the system. The security application logs C. Verify that the users permissions are correct. The security baseline C. Deny the users request and forward to the human resources department. The firewall logs Answer: C "Pass Any Exam." . Cold Fusion Answer: A QUESTION NO: 194 Which of the following allows a technician to view the security permissions of a file? A. The local security logs D. Any Time. The user had access to the file yesterday. The data emanation D. Which of the following should an administrator check FIRST in order to prove or disprove this claim? A. The access control list B. B.com Ac tua A. ActiveX C.CompTIA SY0-201: Practice Exam A.

That the antivirus application trusts this site D.actualtests.co m . The firewall logs B. That the anti-spam application trusts this site Answer: B QUESTION NO: 198 An intrusion has been detected on a companys network from the Internet." . That the pop-up blocker application trusts this site C. B. Compare the final LANMAN hash with the original.CompTIA SY0-201: Practice Exam QUESTION NO: 197 A user reports that a web based application is not working after a browser upgradE.com 59 Ac QUESTION NO: 199 tua lTe sts . That the software based firewall application trusts this site B. The DNS logs C. D. The performance logs Answer: A A user needs to verify that a patch file downloaded from a third party has not been modified since the time that the original manufacturer released the patch. The access logs D. Answer: A QUESTION NO: 200 "Pass Any Exam. Download the patch file over an AES encrypted VPN connection. Any Time. Download the patch file through a SSL connection. The login box does not appear after the upgradE. C. Compare the final MD5 hash with the original. Which of the following should be checked FIRST? A. Which of the following BEST describes what to check FIRST? A. Before the upgrade. a login box would appear on the screen and disappear after login.www. Which of the following is the BEST way to verify that the file has not been modified? A.

Ask the user to review the corporate policies and procedures manual.www. Refer the user to a strong password demonstrator. Which of the following BEST demonstrates the security basis for the password policy? A.com Ac tua lTe sts . including a list of weak passwords. Which of the following is this an example of? "Pass Any Exam. Install a single high end server. each running a network operating system. Explain how easy it is for a hacker to crack weak passwords. running multiple virtual servers. Any Time." . The NIDS log file B. C. Which of the following would BEST diagnose which NIC is causing this problem? A. D.co m 60 . Install multiple high end servers. Install multiple low end servers. A protocol analyzer C. running multiple virtual servers. D. Answer: A QUESTION NO: 202 A company needs to have multiple servers running low CPU utilization applications. Show the user a domain overview. B. A user places more information than the program expects in the input field resulting in the back end database placing the extra information into the databasE. Which of the following is the MOST cost efficient method for accomplishing this? A.actualtests. B.CompTIA SY0-201: Practice Exam A technician suspects that one of the network cards on the internal LAN is causing a broadcast storm. Install a single low end server. sharing a clustered network operating system. C. Answer: C QUESTION NO: 203 A programmer creates an application to accept data from a websitE. The local firewall log file Answer: B QUESTION NO: 201 A user does not understand why the domain password policy is so stringent. The local security log file D.

scan the content and then repackage the SSL session without staff knowing.com Ac tua A developer added code to a financial system designed to transfer money to a foreign bank account on a specific time and datE. Rootkit C. Privilege escalation Answer: A QUESTION NO: 206 A CEO is concerned about staff browsing inappropriate material on the Internet via HTTPS. SQL injection Answer: D QUESTION NO: 204 Which of the following security threats is MOST commonly associated with a targeted distributed denial of service (DDoS)? A.co m 61 . Botnets D.CompTIA SY0-201: Practice Exam A. Worms C. Buffer overflow D.actualtests.www. Botnet D. Logic bomb B.Which of the following type of attacks is similar to this product? "Pass Any Exam. It has been suggested that the company purchase a product which could decrypt the SSL session. Any Time. The developer implemented which of the following security threats? lTe sts ." . Java input error B. Trojans Answer: C QUESTION NO: 205 A. The code would activate only if human resources processed the developers termination papers. Cross-site scripting C. Viruses B.

co m . Any Time.www.700 B." . $4.actualtests. Accept the risk B.000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protecteD. Staff members in the call center are paid $90 per hour. $2.290b Answer: D QUESTION NO: 209 A technician is deciding between implementing a HIDS on the database server or implementing a NIDS. "Pass Any Exam.000 D. Man-in-the-middle Answer: D QUESTION NO: 207 After a system risk assessment was performed it was found that the cost to mitigate the risk was higher than the expected loss if the risk was actualizeD. $7. which of the following is the annual loss expectancy (ALE)? tua lTe sts . In this instance. If determining the risk. $5. Which of the following are reasons why a NIDS may be better to implement? (Select TWO). Run a new risk assessment Answer: A QUESTION NO: 208 A. Spoofing C. TCP/IP hijacking D. which of the following is the BEST course of action? A. Mitigate the risk C. Replay B.com 62 Ac A small call center business decided to install an email system to facilitate communications in the office. Reject the risk D. If workstations are compromised it will take three hours to restore services for the 30 staff. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5.500 C.CompTIA SY0-201: Practice Exam A.

such as virtualized browsers. Many HIDS are not able to detect network attacks. Remote access user connecting via SSL VPN B.www. are capable of protecting the underlying operating system from which of the following? A. Remote access user connecting via corporate dial-in server D.actualtests. Users assigned to roles. roles assigned to groups and users acquire additional permissions by being a member of a group C. users assigned to groups and users acquire permissions by being a member of the group "Pass Any Exam. Office laptop connected to the enterprise LAN C.CompTIA SY0-201: Practice Exam A. E. controls applied to groups and permissions acquired by controls B.co m . Many HIDS only offer a low level of detection granularity. Any Time. Man-in-the-middle attacks C. Roles applied to groups. D. C. Answer: B. Users assigned permissions. Office laptop connected to a home users network Answer: D QUESTION NO: 211 Virtualized applications. Malware installation from suspects Internet sites B. permissions are assigned to groups. Many HIDS have a negative impact on system performancE.com 63 Ac tua lTe sts . Phishing and spam attacks D.C QUESTION NO: 210 Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a laptop? A. Many HIDS are not good at detecting attacks on database servers. DDoS attacks against the underlying OS Answer: A QUESTION NO: 212 A flat or simple role-based access control (RBAC) embodies which of the following principles? A. B. Many HIDS require frequent patches and updates." .

Any Time. The CIO has mandated that this behavior stops. To ensure that all servers start from a common security configuration E. permissions are assigned to roles and users acquire permissions by being a member of the role Answer: D QUESTION NO: 213 A number of unauthorized staff has been entering the data center by piggybacking authorized staff. To ensure that servers are in compliance with the corporate security policy Answer: D. Rootkit lTe Which of the following is a security threat that hides its processes and files from being easily detected? sts QUESTION NO: 214 . Hardware locks D.actualtests. Token access Answer: A Answer: D QUESTION NO: 215 Security templates are used for which of the following purposes? (Select TWO). A.co m 64 . Users assigned to roles.com Ac tua A. To ensure that performance is standardized across all servers D.E "Pass Any Exam.CompTIA SY0-201: Practice Exam D." . Security badges C. Worm D. Which of the following is the BEST technology to install at the data center to prevent piggybacking? A. To ensure that PKI will work properly within the companys trust model C. Mantrap B. Adware C.www. To ensure that email is encrypted by users of PGP B. Trojan B.

CompTIA SY0-201: Practice Exam QUESTION NO: 216 Frequent signature updates are required by which of the following security applications? (Select TWO). The frequency of signature updates B." . Any Time. Running a NIDS report to list the remaining vulnerabilities C. Firewall D.com 65 Ac tua lTe sts . A. The availability of application programming interface D.actualtests. PKI E. The number of viruses the software can detect Answer: A.www. Auditing for the successful application of the patches D. which of the following are the MOST important security considerations? (Select TWO).co m . IDS Answer: A. Backing up the patch file executables to a network share Answer: C QUESTION NO: 219 "Pass Any Exam. PGP C.E QUESTION NO: 218 Three generally accepted activities of patch management are: determining which patches are needed. The number of emails that can be scanned E. applying the patches and which of the following? A. Antivirus B. The ability to scan encrypted files C.E QUESTION NO: 217 When choosing an antivirus product. Updating the firewall configuration to include the patches B. A.

which of the following could be used to identify an active attack? lTe QUESTION NO: 221 sts . Before loading the OS C. A patch is too large to be distributed via a remote deployment tool. password cracking and vulnerability exploitation are examples of which of the following? A. Fingerprinting C. Before initial configuration B. Penetration testing tool C. Network mapper D. Vulnerability assessment B. C. Penetration testing D.co m 66 . D." .www.com Ac A. A patch in a service pack fixes the issue. After a user logs in "Pass Any Exam. but too many extra patches are includeD.CompTIA SY0-201: Practice Exam In which of the following situations would it be appropriate to install a hotfix? A. Any Time. Protocol analyzer B. Answer: B QUESTION NO: 220 Social engineering. A patch is not available and workarounds do not correct the problem. B. Fuzzing Answer: C Answer: A QUESTION NO: 222 Configuration baselines should be taken at which of the following stages in the deployment of a new system? A.actualtests. Vulnerability scanner tua If an administrator does not have a NIDS examining network traffic. A patch is available. but has not yet been tested in a production environment.

After initial configuration Answer: D QUESTION NO: 223 Which of the following practices should be implemented to harden workstations and servers? A. A cipher can be reversed. Uninterruptible power supply (UPS) C. Faraday cage D. A hash can be reversed. A cipher produces the same size output for any input size. Install a repeater B. a hash cannot.actualtests. Report all security incidents. C. B.www. C. B.CompTIA SY0-201: Practice Exam D. a hash does not. Answer: B Answer: C QUESTION NO: 225 Which of the following describes the difference between a secure cipher and a secure hash? A. D. Check the logs regularly. D. Log on only as the administrator.com Ac tua lTe A. a cipher does not. Disable SSID broadcast sts Which of the following is a mechanism that prevents electromagnetic emanations from being captured? ." . a cipher cannot. A hash produces a variable output for any input size. Install only needed softwarE.co QUESTION NO: 224 m 67 . Answer: C QUESTION NO: 226 "Pass Any Exam. Any Time.

authorization and auditing capabilities.co m 68 . Any Time. MD5 produces variable length message digests. C. Computers must be tested against known TCP/IP vulnerabilities.com Ac tua lTe sts . B. Answer: A "Pass Any Exam. authorization and auditing capabilities. B. Default passwords must be changed oncE. D. D. RADIUS is a remote access authentication servicE. B.actualtests. Dumpster diving D. Computer media must be sanitizeD. Computers must be configured for automated patch management. Answer: B QUESTION NO: 228 Which of the following BEST applies in the secure disposal of computers? A. Social engineering C. Shoulder surfing Answer: A QUESTION NO: 227 Which of the following BEST describes the differences between SHA-1 and MD5? A. C. TACACS separates authentication. SHA-1 produces fixed length message digests.www. Piggybacking B. RADIUS separates authentication. SHA-1 produces few collisions than MD5 C. Answer: B QUESTION NO: 229 Which of the following BEST describes the differences between RADIUS and TACACS? A. TACACS is a remote access authentication servicE." . MD5 produces few collisions than SHA-1 D.CompTIA SY0-201: Practice Exam Which of the following physical threats is prevented with mantraps? A.

D. C. Any Time. RADIUS encrypts client-server negotiation dialog.www.com 69 Ac A. Answer: B QUESTION NO: 232 Answer: C QUESTION NO: 233 Which of the following is a problem MOST often associated with UTP cable? A.co m . RADIUS because it is a remote access authentication servicE. TACACS is a remote access authentication servicE. TACACS because it is a remote access authentication servicE. Vampire tap C. C. tua To evaluate the security compliance of a group of servers against best practices. RADIUS is a remote access authentication servicE. Answer: C QUESTION NO: 231 Which of the following authentication mechanisms performs better in a secure environment? A. C. D. B. RADIUS because it encrypts client-server passwords. Run a vulnerability assessment tool. B. Fuzzing B. Conduct a penetration test. Refraction "Pass Any Exam." . Get a patch management report.CompTIA SY0-201: Practice Exam QUESTION NO: 230 Which of the following BEST describes the differences between RADIUS and TACACS? A. D. Crosstalk D. TACACS because it encrypts client-server negotiation dialogs.actualtests. B. Install a protocol analyzer. which of the following BEST applies? lTe sts . TACACS encrypts client-server negotiation dialog.

co m . A S/MIME buffer overflow B. A POP3 protocol exception C. Locked passwords D.com 70 Ac tua lTe sts . A SMTP open relay Answer: D QUESTION NO: 236 Which of the following would a password cracker help an administrator to find? A." . Weak passwords B. B.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 234 An administrator notices on the monthly firewall log that many of the internal PCs are sending packets on a routine basis to a single external PC. The remote PC has a zombie master application running and the local PCs have a zombie slave application running. Any Time.actualtests. The remote PC has a spam master application running and the local PCs have a spam slave application running. The remote PC has a zombie slave application running and the local PCs have a zombie master application running. Expired passwords C. Backdoor passwords Answer: A "Pass Any Exam.www. C. Answer: B QUESTION NO: 235 An administrator notices that a PC is sending an unusual amount of email at odd times of the day. DNS poisoning D. Which of the following should the administrator check for FIRST? A. The remote PC has a spam slave application running and the local PCs have a spam master application running. D. Which of the following BEST describes what is occurring? A.

At time of first system login Answer: A QUESTION NO: 240 Which of the following could BEST assist in the recovery of a crashed hard drive? A. At time of hire B. AES256 Answer: D When is the correct time to discuss the appropriate use of electronic devices with a new employee? A.actualtests. At time of departure D. Forensics software "Pass Any Exam.www. OVAL D. ARP B.CompTIA SY0-201: Practice Exam QUESTION NO: 237 Which of the following is setup within a router? A. DDoS Answer: B QUESTION NO: 238 Which of the following would BEST allow for fast. highly secure encryption of a USB flash drive? A.co m 71 . MD5 C. 3DES D." . DMZ C.com Ac tua QUESTION NO: 239 lTe sts . SHA-1 B. At time of first correspondence C. Any Time.

Any Time. HTTP Answer: C QUESTION NO: 243 Which of the following is the BEST order in which crucial equipment should draw power? A.www. UPS line conditioner. HTTPS C. SSL D. UPS battery. Uninterruptible Power Supply (UPS) battery.com Ac tua lTe sts . SSH C. UPS battery. L2TP B. UPS battery C. Backup generator. Drive sanitization D. Backup generator. and backup generator Answer: D QUESTION NO: 244 "Pass Any Exam. UPS line conditioner D. L2TP D. Drive optimization C.CompTIA SY0-201: Practice Exam B. Damage and loss control Answer: A QUESTION NO: 241 Which of the following facilitates the creation of an unencrypted tunnel between two devices? A. backup generator B." . PPTP Answer: C QUESTION NO: 242 Which of the following allows for a secure connection to be made through a web browser? A.actualtests. UPS line conditioner.co m 72 . UPS line conditioner. AES B.

Which of the following additional steps should the administrator take for protection from disaster in the case the primary site is permanently lost? A.actualtests.www. Any Time. Encryption disabled Answer: B QUESTION NO: 245 Which of the following would BEST allow an administrator to quickly find a rogue server on the network? A. Review DNS logs Answer: B QUESTION NO: 246 A. A network mapper C. Vulnerability scanner C. Backup all data at a preset interval to tape and store those tapes at a sister site across the street. "Pass Any Exam. Rainbow tables D.CompTIA SY0-201: Practice Exam Which of the following would require a pre-sharing of information before a home user could attach to a neighbors wireless adapter? A. A protocol analyzer D.com 73 Ac tua Which of the following would BEST allow an administrator to quickly find a PC with a blank database administrator password? lTe sts . Review security access logs B. Anonymous connections enabled B.co m . Protocol analyzer B." . Security access logs Answer: B QUESTION NO: 247 An administrator is backing up all server data nightly to a local NAS devicE. SSID broadcasting disabled C. SSID broadcasting enabled D.

Vulnerability testing Answer: A QUESTION NO: 249 Answer: D QUESTION NO: 250 All of the following are where backup tapes should be kept EXCEPT: A.com Ac tua A.co m 74 . near a shared LCD screen. near a power linE. Backup all data at a preset interval to removable disk and store the disk in a safety deposit box at the administrators homE. Answer: B QUESTION NO: 248 Which of the following is the MOST intrusive on a network? A.actualtests." . Answer: C "Pass Any Exam. Penetration testing B. near a high end server. A unified trust model lTe A single sign-on requires which of the following? sts . Any Time. A trust model between workstations D. C. near a fiber optic cable entrance.www. D. One-factor authentication C. Multifactor authentication B. D.CompTIA SY0-201: Practice Exam B. B. Backup all data at a preset interval to tape and store those tapes at a sister site in another city. Backup all data at a preset interval to removable disk and store the disk in a fireproof safe in the buildings basement. C. Protocol analyzers C. Port scanners D.

Any Time. Create a virtual server on new equipment. A patch D. B. D. Personal software firewall "Pass Any Exam." . C.CompTIA SY0-201: Practice Exam QUESTION NO: 251 All of the following require periodic updates to stay accurate EXCEPT: A. pop-up blocker applications.co m . Antivirus B.actualtests.www. A security template B. Create a virtual server on existing equipment. A hotfix tua Which of the following is a collection of fixes for an application or operating system that has been tested by the vendor? lTe sts . signature based HIDS. Install a network operating system on existing equipment. C. B. Anti-spyware D. Pop-up blocker C. A service pack C. Install a network operating system on new equipment. antivirus applications. Answer: B QUESTION NO: 253 Answer: B QUESTION NO: 254 Which of the following usually applies specifically to a web browser? A. D.com 75 Ac A. rootkit detection applications. Answer: B QUESTION NO: 252 Which of the following is the quickest method to create a secure test server for a programmer? A.

If a virtual server crashes. Trojan B. all of the local virtual servers go offline immediately. all of the physical servers go offline immediately.www. all of the virtual servers go offline immediately. C. If a virtual server crashes.com Ac tua lTe sts A. CA B. If the physical server crashes.actualtests. D. Any Time. TPM D. Logic bomb Answer: D QUESTION NO: 258 Threats to a network could include: (Select TWO) A. Botnet D. . "Pass Any Exam. If the physical server crashes. B.co Which of the following is a risk associated with a virtual server? m 76 . PGP C. all of the physical servers nearby go offline immediately. Worm C. penetration testing. Digital signature Answer: B QUESTION NO: 256 Answer: A QUESTION NO: 257 Which of the following exploits is only triggered by a specific date or time key? A.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 255 Pre-shared keys apply to which of the following? A." .

netstat.actualtests. lanman. patch. true positivE. false negative. "Pass Any Exam. A good tool to quickly check the current network connections of the desktop would be: A. tua lTe A vendor releases an application update to a recent service pack that addresses problems being experienced by some end users.CompTIA SY0-201: Practice Exam B. D. C. network audits. disabled user accounts. service pack. dial-up access. D. Any Time." . The technician notices there seems to be a lot of activity on the NIC. C. C.co m . D. ipconfig /all. true negativE. hotfix. D. B. false positivE. netops. service pack rollup. Answer: C. C.com 77 Ac A. E. This update would be considered a: sts . B.D QUESTION NO: 259 An antivirus server keeps flagging an approved application that the marketing department has installed on their local computers as a threat. disgruntled employees. Answer: B QUESTION NO: 260 Answer: A QUESTION NO: 261 A technician is working on an end users desktop which has been having performance issues. B.www. This is an example of: A.

integrity. Answer: D QUESTION NO: 264 An administrator is running a network monitoring application that looks for behaviors on the network outside the standard baseline that has been establisheD. B. Answer: D "Pass Any Exam. C." . and limit VPN connections to two hours. anomaly-based tool. fault tolerancE. C. This is typical of a(n): A. Answer: C QUESTION NO: 263 The service provided by message authentication code (MAC) hash is: A. The administrator needs to prevent both unauthorized access to the company email and data. signature-based tool. Provide web mail access to all users. honeynet. data recovery. protocol analyzer. Use registry settings to lock computers after five minutes of inactivity.actualtests.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 262 A company has an issue with field users logging into VPN to connect to the mail server.www. Use group policy to lock computers after five minutes of inactivity.co m 78 . D. B. D. C. Set VPN to disconnect after five minutes of inactivity. and leaving their computers connected while in public places. D. Which of the following BEST achieves this goal? A. key recovery. B. and limit the impact on the VPN server. Any Time.com Ac tua lTe sts . and limit VPN connections to one hour.

Public keys Answer: A QUESTION NO: 268 A user logs into their network with a smart carD. running weekly spyware applications. upgrade to a URL based filter to achieve the desired result." . Steganographic keys C.www. upgrade to a DNS based filter to achieve the desired result.co m . disabling all non-required services. The existing firewall allows blocking by IP address.CompTIA SY0-201: Practice Exam QUESTION NO: 265 Some examples of hardening techniques include all of the following EXCEPT: A. applying security templates. Public key "Pass Any Exam. Cipher key B. B. Which of the following keys is used? A. B. use the company AUP to achieve the desired result.actualtests. Any Time. Shared key C. D. Private keys D. Both public and private keys B. upgrade to a text based filter to achieve the desired result. C. network-based patch management. C. A CRL contains a list of which of the following type of keys? A.com 79 Ac tua QUESTION NO: 267 lTe Answer: C sts . D. To achieve this goal the administrator will need to: A. Answer: B QUESTION NO: 266 An administrator wants to block users from accessing a few inappropriate websites as soon as possiblE.

Which of the following should the user do to the drives before disposing of them? A.co m Answer: A 80 . Private key Answer: D QUESTION NO: 269 An administrator wants to ensure that when an employee leaves the company permanently. Store the keys in escrow. Any Time. Answer: B "Pass Any Exam. . that the company will have access to their private keys.www. D. Recovery key E. Which of the following will accomplish this? A. Session key D. Run anti-spyware on the drives. C.CompTIA SY0-201: Practice Exam D.actualtests. C. Install antivirus on the drives." . Immediately delete the account. Obtain the employees hardware token. D. Store them in a CRL. Use a certified wipe program to erase datA. B. QUESTION NO: 270 Answer: A.C QUESTION NO: 271 A user is going to dispose of some old hard drives. which of the following keys are being used? (Select TWO).com Ac tua A. B. Reformat the hard drives oncE. Keylogger lTe sts When a server and workstation communicate via SSL. Public key B. Cipher key C.

User B.com Ac tua lTe A. Least privilege D.actualtests." . Owner Answer: D QUESTION NO: 275 Which of the following is a security benefit of mandatory vacations? "Pass Any Exam. Magnetic lock and pin D. Help desk D.www. Any Time. requires users and system processes to be assigned minimum levels of permission to carry out the assigned task? m 81 . Need-to-know C. Job role sts . System C.CompTIA SY0-201: Practice Exam QUESTION NO: 272 A user wants to implement very tight security controls for technicians that seek to enter the users datacenter. Biometric reader and smartcard Answer: D QUESTION NO: 273 Answer: C QUESTION NO: 274 When using discretionary access control (DAC). User authentication B.co Which of the following concepts. Which of the following solutions offers the BEST security controls? A. who determines access and what privileges they have? A. Combination locks and key locks B. Smartcard and proximity readers C.

recoverability of the datA. Guideline C. Least privilege B. Procedures lTe Which of the following organizational documentation describes how tasks or job functions should be conducted? sts QUESTION NO: 277 . Guideline Answer: B "Pass Any Exam. accuracy of the datA.www. B. Detecting fraud Answer: D QUESTION NO: 276 The data custodian in an organization is responsible for: A. Separation of duties C. Any Time.actualtests. C. D. Reducing stress D. Answer: A Answer: D QUESTION NO: 278 Which of the following organizational documentation provides high level objectives that change infrequently? A.com Ac tua A. Policy C.CompTIA SY0-201: Practice Exam A. Policy D. Standards B.co m 82 . Standards B." . Procedures D. classification of the datA. completeness of the datA.

Mobile site B. Content F. C. where the ARO equals the SLE. Answer: D QUESTION NO: 282 "Pass Any Exam. m . URLs E.actualtests. Hot site C. Mirrored site Answer: D QUESTION NO: 280 Answer: A. the organization will mitigatE." . Certificates B. B.CompTIA SY0-201: Practice Exam QUESTION NO: 279 Which of the following sites can be online the QUICKEST and does not require data restoration from backup media to ensure the production data is as current as possible? A. where the ALE is lower than the SLE. D. Warm site D. Keys C. the organization will accept.com 83 Ac tua A.D.E QUESTION NO: 281 The primary function of risk management in an organization is to reduce risk to a level: A.www.co Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE). Any Time. CRLs lTe sts . TLSs D.

co m . Compatibility and retention of data on the media D. Which of the following is the MOST likely reason for the risk being raised? A.actualtests. Assessment and eradication D. AES C. NTLM B.www. Which of the following encryption technologies might BEST "Pass Any Exam. Kerberos Answer: A QUESTION NO: 285 An organization has recently implemented a work from home program. Compatibility of media and application systems B." .CompTIA SY0-201: Practice Exam Which of the following BEST describes risk analysis? A.com 84 Ac Which of the following hashing techniques is commonly disabled to make password cracking more difficult? tua QUESTION NO: 284 lTe sts . Retention of data on the media Answer: A A. Evaluation and assessment C. Employees need to connect securely from home to the corporate network. OVAL D. Mitigation and repudiation Answer: B QUESTION NO: 283 A financial institution performed a risk assessment on the DLT backup system used to store customer account details. Monitoring and acceptance B. Application systems and technical staff C. Any Time. The main risk highlighted was the long-term retention of electronically stored datA.

PPTP B. D. An end-user has recently purchased a legitimate business program that needs to make outbound calls using this port. Which of the following steps should a technician take to allow this? (Select TWO). Three-factor authentication Answer: A QUESTION NO: 287 A. Kerberos authentication C. EAP authentication D. IPSec C. PIN and a password during authentication is an example of which of the following? A. Open the port on the companys firewall.actualtests. Answer: B. C. Open the port on the VLAN." . B. PPPoE Answer: B QUESTION NO: 286 The use of a physical token.co m . Open the port on the companys proxy server.D QUESTION NO: 288 Which of the following describes software that is often written solely for a specific customers application? "Pass Any Exam.CompTIA SY0-201: Practice Exam accomplish this? A.www. Change the users subnet mask. L2TP D.com 85 Ac Port 3535 is typically blocked for outbound traffic on a companys LAN. E. tua lTe sts . Any Time. Open the port on the users personal software firewall. Two-factor authentication B.

actualtests. without logging into the machine? A. OVAL B. Hashing D. Rootkit B. Which of the following tools might a security analyst use to determine services that are running on the server." .CompTIA SY0-201: Practice Exam A. Port scanner C. Hotfix C. Steganography Answer: D QUESTION NO: 291 Which of the following encryption methods is often used along with L2TP? "Pass Any Exam. Cryptography B. The message is concealed inside a JPEG image of a beach resort.www. Any Time. Which of the following is this an example of? tua lTe sts . Patch Answer: B QUESTION NO: 289 A security manager believes that too many services are running on a mission critical database server. Digital signature C. NIDS Answer: B QUESTION NO: 290 A. Protocol analyzer D. Service pack D.com Ac A manufacturing corporation has decided to send a highly sensitive message to one of their suppliers.co m 86 .

Least privilege D.actualtests. Answer: B QUESTION NO: 294 Ensuring administrators have both a regular user account and a privileged user account is an example of applying which security principle? A. S/MIME B. Trojan C. C. B. Spyware B." . Implement previous logon notification. Mandatory Access Control (MAC) C. Any Time.co m . Discretionary Access Control (DAC) "Pass Any Exam. Privilege escalation D. Which of the following is the MOST likely cause? A. D.www. Implement session lock mechanism. IPSec Answer: D QUESTION NO: 292 An administrator is assigned to monitor servers in a data center. Need-to-know B. Implement session termination mechanism. SSH C.CompTIA SY0-201: Practice Exam A. DoS Answer: D QUESTION NO: 293 Which of the following methods will help to identify when unauthorized access has occurred? A. Implement two-factor authentication. A web server connected to the Internet suddenly experiences a large spike in CPU activity.com 87 Ac tua lTe sts . 3DES D.

ATM card and PIN B.com Ac tua lTe sts A. Username and password C. D.actualtests.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 295 All of the following are steps in the incident response process EXCEPT: A. B. An association of a set of destination ports with an IDS sensor Answer: B QUESTION NO: 298 A technician is performing an assessment on a router and discovers packet filtering is employeD. Answer: B QUESTION NO: 296 Answer: A QUESTION NO: 297 Which of the following describes a spanned switch port in the context of IDS traffic analysis? A. Retina and fingerprint scanner D." . containment. An association of a set of destination ports with a single source port B. recovery. Photo ID and PIN . An association of a set of source ports with multiple destination ports and an IDS sensor D. An association of a set of source ports with a single destination port C.co Which of the following is an example of two-factor authentication for an information system? m 88 . Which of the following describes a security concern with stateless packet filtering? "Pass Any Exam. repudiation. C. Any Time.www. eradication.

Stateful packet filtering Answer: A QUESTION NO: 300 Answer: A QUESTION NO: 301 Which of the following reduces the effectiveness of telephone social engineering? A. Monitoring outbound calls C. and log files? A. C. Automatic callback B. Awareness training D.com Ac tua A. D. Internet key exchange C. Host based intrusion detection C.www. Answer: A QUESTION NO: 299 Which of the following describes the process of comparing cryptographic hash functions of system executables." . B. Symmetric key lTe Which of the following is a cryptographic representation of non-repudiation? sts . Digital signature B.co m 89 . Router performance is reduceD.actualtests. File integrity auditing B. configuration files. Any Time. Network based intrusion detection D. Packet payload is not checkeD.CompTIA SY0-201: Practice Exam A. State connections are retained by the router. Loose routing cannot determine the exact path a packet must follow. Certificate authority D. Use of VoIP Answer: C "Pass Any Exam.

Logic Bomb B. replay attacks. Installing antivirus C.com Ac tua lTe sts . initialization vector. Disabling unused services "Pass Any Exam. Cross training C. Worm D. Patch management B. DoS C. B.co m 90 . Installing HIDS D. C.CompTIA SY0-201: Practice Exam QUESTION NO: 302 Which of the following will execute malicious code at a pre-specified time? A. Clustered servers D. Answer: A QUESTION NO: 304 Which of the following is LEAST likely to help reduce single points of failure? A. Mandatory vacations B. D. Rootkit Answer: A QUESTION NO: 303 All of the following are weaknesses of WEP EXCEPT: A.actualtests. Disaster recovery exercises Answer: A QUESTION NO: 305 Which of the following reduces the attack surface of an operating system? A." . Any Time. lack of strong keys. lack of integrity checking.www.

Remote desktop C.actualtests. Install a software firewall Answer: C QUESTION NO: 307 Answer: C QUESTION NO: 308 A. which of the following logs should be reviewed? tua lTe sts A. Installing HIDS D." . Limiting administrative privileges C. Service packs . Host firewall log Answer: D QUESTION NO: 309 All of the following are components of IPSec EXCEPT: "Pass Any Exam.com Ac If a technician wants to know when a computer application is accessing the network.CompTIA SY0-201: Practice Exam Answer: D QUESTION NO: 306 Which of the following is LEAST effective when hardening an operating system? A.www. Performance log D. Antivirus log B. Hotfix B. Any Time. Patch management D. Configuration baselines B. RADIUS log C.co Which of the following provides the MOST control when deploying patches? m 91 .

www. temporal key interchange protocol. SHA-1 Answer: A QUESTION NO: 312 Which of the following describes a hash algorithms ability to avoid the same output from two guessed inputs? A. Collision strength D. Security parameter index D.co m 92 ." .CompTIA SY0-201: Practice Exam A. Internet key exchangE. Collision avoidance B.actualtests. D. Answer: C QUESTION NO: 310 IPSec connection parameters are stored in which of the following? A. B. Certificate authority Answer: A Which of the following will provide a 128-bit hash? A. encapsulating security payloaD. Security association database B. Security payload index C. Collision metric Answer: B "Pass Any Exam.com Ac tua lTe sts QUESTION NO: 311 . ROT13 D. Any Time. AES128 C. MD5 B. Collision resistance C. C. authentication header (AH).

To evaluate the scene and repair the problem B. Brown out "Pass Any Exam.com Ac tua lTe sts .actualtests.co m 93 . Digital camera Answer: D QUESTION NO: 314 Which of the following BEST describes the form used while transferring evidence? A. Power surge C. Any Time. Fingerprint cards D. Evidence log Answer: C QUESTION NO: 315 Which of the following is the primary incident response function of a first responder? A. Compressed air B. Static electricity B. Chain of custody D.CompTIA SY0-201: Practice Exam QUESTION NO: 313 Which of the following should be included in a forensic toolkit? A. To gather evidence and write reports Answer: B QUESTION NO: 316 Which of the following is the GREATEST problem with low humidity in a server room? A. Affidavit C. Tape recorder C.www. Electromagnetic interference D." . To secure the scene and preserve evidence C. To evaluate the scene and determine the cause D. Booking slip B.

Incremental C.CompTIA SY0-201: Practice Exam Answer: A QUESTION NO: 317 Which of the following protocols is used to ensure secure transmissions on port 443? A. Weekly B. Any Time. Once a month.actualtests. Differential Answer: C QUESTION NO: 320 How many keys are utilized in symmetric cryptography? "Pass Any Exam. After the network is stable and online D.www. SHTTP Answer: A QUESTION NO: 318 Answer: D QUESTION NO: 319 A. In accordance with the disaster recovery plan ." . Immediately following lessons learned sessions B. HTTPS B. during peak business hours C. SFTP D. Telnet C. Disk Image D.com Ac Which of the following is the BEST backup method to restore the entire operating system and all related software? tua lTe sts A.co When should a technician perform disaster recovery testing? m 94 .

D. which of the following is their next step? A.actualtests. Answer: A "Pass Any Exam. Begin key recovery. Elevate system privileges. Four Answer: A QUESTION NO: 321 Which of the following terms is BEST associated with public key infrastructure (PKI)? A.CompTIA SY0-201: Practice Exam A. Authorize the user C.com Ac tua lTe sts QUESTION NO: 322 . Symmetric key C. Authenticate the user Answer: B QUESTION NO: 323 After an attacker has successfully gained remote access to a server with minimal privileges." . Capture private keys.co m 95 . MD5 hashing B. Three D. Digital signatures Answer: D Which of the following is the LAST step to granting access to specific domain resources? A. One B. Monitor network traffiC. Verify the user D.www. Symmetric algorithm D. Two C. Any Time. Validate the user B. B. C.

www. Honeypot D. Host based intrusion detection C. VLAN C. Which of the following should the technician implement? tua lTe sts . HIDS Answer: B QUESTION NO: 326 A. Decentralized antivirus B.co m 96 . HIDS Answer: B QUESTION NO: 325 An organization has requested the ability to monitor all network traffic as it traverses their network. NAT D.CompTIA SY0-201: Practice Exam QUESTION NO: 324 Which of the following should the technician recommend as a way to logically separate various internal networks from each other? A." . Which of the following should a technician implement? A. Spyware detection Answer: C QUESTION NO: 327 Which of the following is the MOST difficult security concern to detect when contractors enter a secured facility? "Pass Any Exam. Centralized antivirus D. Content filter B.com Ac A large amount of viruses have been found on numerous domain workstations. Protocol analyzer C. Any Time.actualtests. NIDS B.

Any Time. Job rotation lTe The staff must be cross-trained in different functional areas so that fraud can be detecteD. Least privilege D. When there is a need to document vulnerabilities D. Copying sensitive information with cellular phones C. Implicit deny B. At the middle of a vulnerability assessment B. Which of the following is this an example of? sts QUESTION NO: 329 .actualtests. Implicit deny C. Rogue access points being installed B. Job rotation Answer: D "Pass Any Exam. Removing mass storage iSCSI drives D. Removing network attached storage Answer: B QUESTION NO: 328 When are port scanners generally used on systems? A. At the end of a penetration test assessment Answer: B Answer: D QUESTION NO: 330 Human Resources has requested that staff members be moved to different parts of the country into new positions.com Ac tua A. Separation of duties C. At the beginning of a vulnerability assessment C.CompTIA SY0-201: Practice Exam A. Least privilege D. Separation of duties B. Which of the following is this an example of? A." .co m 97 .www.

blacklisting. Man-in-the-middle attack B. Trojans Answer: A QUESTION NO: 333 An administrator recommends implementing whitelisting." . Viruses Answer: C QUESTION NO: 334 "Pass Any Exam. Spyware C.actualtests. Which of the following threats are being addressed? A.co m 98 . Cross-site scripting Answer: C QUESTION NO: 332 Which of the following is used to deny authorized users access to services? A. Spyware D. Which of the following is this an example of? A. Adware B. closing-open relays. Botnets B. and strong authentication techniques to a server administrator.CompTIA SY0-201: Practice Exam QUESTION NO: 331 An administrator is worried about an attacker using a compromised user account to gain administrator access to a system.com Ac tua lTe sts . Privilege escalation D. Protocol analysis C. Any Time.www. Adware C. Spam D.

CompTIA SY0-201: Practice Exam An administrator is asked to improve the physical security of a data center located inside the office building. Logical token C. Which of the following additional controls could be implemented? A. The data center already maintains a physical access log and has a video surveillance system.co m . Performance monitor C. which of the following BEST describes an access control system which implements a non-trusted but secure zone immediately outside of the secure zone? A. TFTP Answer: B QUESTION NO: 337 Penetration testing should only be used once which of the following items is in place? "Pass Any Exam. Any Time.com 99 Ac A technician notices delays in mail delivery on the mail server.actualtests. Mantrap Answer: D QUESTION NO: 335 In regards to physical security. DMZ Answer: C QUESTION NO: 336 A." . ACL D. Which of the following tools could be used to determine the cause of the service degradation? tua lTe sts . Smart card B. Mantrap D. Port scanner B. Defense-in-depth B.www. ipconfig /all D. Defense-in-depth C.

www.co m . B. Service level agreement D. "Pass Any Exam. Key escrow Answer: D QUESTION NO: 339 Answer: C QUESTION NO: 340 All of the following should be identified within the penetration testing scope of work EXCEPT: A. ATM PIN code B.CompTIA SY0-201: Practice Exam A. Data retention and disclosure policy C.com 100 Ac A. Registration B. Certificate authority C. a complete list of all network vulnerabilities. Which of the following BEST describes the administrators recommendation? A. IP addresses of machines from which penetration testing will be executeD. unique code to confirm every transaction. Acceptable use policy B. a bank has implemented a requirement that all bank customers enter a different. Written permission Answer: D QUESTION NO: 338 An administrator recommends that management establish a trusted third party central repository to maintain all employees private keys. Which of the following is the MOST effective method to accomplish this? lTe sts .actualtests. a list of acceptable testing techniques and tools to be utilizeD. One-time password D. Recovery agent D. D. Any Time." . Elliptic curve C. handling of information collected by the penetration testing team. Digital certificate tua To combat transaction fraud. C.

B. Validation Answer: A QUESTION NO: 344 "Pass Any Exam. The only recourse has been to reload the server from scratch. D. HIDS B.actualtests. Implement the server as a honeypot. C. NIDS D.CompTIA SY0-201: Practice Exam Answer: A QUESTION NO: 341 Which of the following is the MOST efficient way that an administrator can restrict network access to certain ports enterprise wide? A." .www. ACL Answer: D QUESTION NO: 342 Answer: B QUESTION NO: 343 Validating the users claimed identity is called which of the following? A. Personal software firewall C.com 101 Ac tua A. Which of the following techniques could be used to decrease the recovery time following an incident? . Any Time. Implement the server as a virtual server instance. Verification D. Authentication B. lTe sts An administrator is responsible for a server which has been attacked repeatedly in the past. Load balance between two identical servers. Identification C.co m . Install the server on a separate VLAN segment.

co m . NIDS B.CompTIA SY0-201: Practice Exam Which of the following is planted on an infected system and deployed at a predetermined time? A. Worm D. Rootkit Answer: A QUESTION NO: 345 Which of the following allows a user to float a domain registration for a maximum of five days? A.Which of the following would be the simplest way to accomplish lTe sts . NAT D. Kiting Answer: D QUESTION NO: 346 this? A." . VLAN Answer: D QUESTION NO: 347 Which of the following is an attack which is launched from multiple zombie machines in attempt to bring down a service? "Pass Any Exam. DNS poisoning B.com 102 Ac tua According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department.www. Any Time.actualtests. Logic bomb B. DMZ C. Trojan horse C. Spoofing D. Domain hijacking C.

DoS B. MAC flooding B." . Bluesnarfing B.CompTIA SY0-201: Practice Exam A. Worm C. Zombie D.www. War dialing C. DDoS D. DNS spoofing Answer: A Which of the following is commonly programmed into an application for ease of administration? A. Any Time.com Ac tua lTe sts QUESTION NO: 349 . Man-in-the-middle C. War driving Answer: C "Pass Any Exam. Trojan Answer: A QUESTION NO: 350 Which of the following is a technique used by hackers to identify unsecured wireless network locations to other hackers? A. War chalking D.co m 103 .actualtests. DNS poisoning D. Back door B. ARP poisoning C. TCP/IP hijacking Answer: C QUESTION NO: 348 Which of the following will MOST likely allow an attacker to make a switch function like a hub? A.

Any Time. D. Kerberos Answer: D QUESTION NO: 352 Which of the following disaster recovery components is a location that is completely empty.CompTIA SY0-201: Practice Exam QUESTION NO: 351 Which of the following authentication models uses a KDC? A. B. Warm site D. Cold site C. Due diligence C. Disconnect the entire network from the Internet. Update antivirus definitions.www." . Restore missing files on the affected system. PKI C. Answer: C QUESTION NO: 354 Which of the following documents specifies the uptime guarantee of a web server? A.actualtests.com 104 Ac tua lTe sts . CHAP B. C. Apply proper forensic techniques. but allows the infrastructure to be built if the live site goes down? A.co m . Scope of work "Pass Any Exam. Mirrored site B. Hot site Answer: B QUESTION NO: 353 Which of the following should be done if an organization intends to prosecute an attacker once an attack has been completed? A. PGP D. Due process B.

Kerberos Answer: D QUESTION NO: 356 Which of the following protocols can be implemented as an alternative to the overhead of a VPN? A. L2TP B. Two-factor authentication B.co m 105 . PPTP C. SSH D. LDAP D. Any Time. Service level agreement Answer: D QUESTION NO: 355 Which of the following authentication models uses a time stamp to prevent the risks associated with a replay attack? A. Account lockout threshold D. Account lockout duration C. Password complexity requirements Answer: B "Pass Any Exam.www. RADIUS C. Key distribution center B.CompTIA SY0-201: Practice Exam D. SSL Answer: D QUESTION NO: 357 Which of the following will set an account to lockout for 30 minutes after the maximum number attempts have failed? A." .actualtests.com Ac tua lTe sts .

CHAP Answer: C QUESTION NO: 361 Which of the following would allow a technician to compile a visual view of an infrastructure? A.actualtests. RSA Answer: B QUESTION NO: 360 Which of the following hashing algorithms is the MOST secure? A. Protocol analyzer "Pass Any Exam.www. Security log B.com Ac tua lTe sts .co m 106 . AES256 B. SHA-1 C. AES D. Any Time. Firewall D. Mobile device B." . 3DES C.CompTIA SY0-201: Practice Exam QUESTION NO: 358 Which of the following logs would reveal activities related to an ACL? A. MD5 D. Transaction C. LANMAN B. Performance Answer: C QUESTION NO: 359 Which of the following encryption algorithms has the largest overhead? A. Network mapper C. Port scanner D.

Any Time. Replay D. DoS Answer: D QUESTION NO: 365 Which of the following type of attacks is TCP/IP hijacking? "Pass Any Exam. VPN B. NAT C. ARP Poisoning B. DMZ sts ." . DNS Poisoning C. VLAN D.com Ac tua lTe A.actualtests.co Which of the following is an area of the network infrastructure that allows a technician to place public facing systems into it without compromising the entire infrastructure? m 107 . NAT B.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 362 Which of the following creates separate logical networks? A. DMZ C.www. NAC D. Subnetting Answer: D QUESTION NO: 363 Answer: D QUESTION NO: 364 Which of the following attacks commonly result in a buffer overflow? A.

Honeypot C. MAC flooding D. Network mapper Answer: C "Pass Any Exam.CompTIA SY0-201: Practice Exam A. DMZ B. FIN/RST B.actualtests.com Ac tua lTe sts QUESTION NO: 367 . Man-in-the-middle Answer: D QUESTION NO: 366 Which of the following ports does SNMP run on? A. 110 C. SYN/ACK C. VLAN Answer: C QUESTION NO: 368 Which of the following could be used to determine which flags are set in a TCP/IP handshake? A. Birthday B. Any Time. Protocol analyzer D. 443 Answer: C Which of the following is a collection of servers that is setup to attract hackers? A.www. 25 B. ARP poisoning C. Honeynet D.co m 108 . 161 D." .

The information security officer C.actualtests. Fiber B. The firewall B. The certificate authority D. 80 and 443 were open from outside of the network? A. Firewall B.www. UTP C. The key escrow agent Answer: C QUESTION NO: 372 Which of the following allows attackers to gain control over the web camera of a system? A. SQL injection C. STP D. DMZ C. Cross-site scripting D.co m Which of the following media is LEAST susceptible to a tap being placed on the line? ." . Any Time. ActiveX component B.CompTIA SY0-201: Practice Exam QUESTION NO: 369 Which of the following would be the BEST choice to ensure only ports 25. XML "Pass Any Exam. Proxy Answer: A QUESTION NO: 370 Answer: A QUESTION NO: 371 Which of the following is responsible for establishing trust models? A. VLAN D. Coaxial .com 109 Ac tua lTe sts A.

HIDS Answer: B QUESTION NO: 376 Which of the following consists of markings outside a building that indicate the connection speed of a nearby unsecured wireless network? "Pass Any Exam.www. Trojan D. Smurf B. DDoS D. Antivirus B. NIDS D. User training C. ARP poisoning C.actualtests. DNS poisoning Answer: B QUESTION NO: 374 Which of the following would a former employee MOST likely plant on a server that is not traceable? A.co m ." . Logic bomb C.com 110 Ac QUESTION NO: 375 tua lTe sts . Worm B. Any Time.CompTIA SY0-201: Practice Exam Answer: A QUESTION NO: 373 Which of the following type of attacks sends out numerous MAC resolution requests to create a buffer overflow attack? A. Virus Answer: B Which of the following would be MOST effective in stopping phishing attempts? A.

CompTIA SY0-201: Practice Exam A.actualtests.com Ac tua A. Separation of duties lTe Which of the following could involve moving physical locations every two years to help mitigate security risks? sts QUESTION NO: 378 . Blue jacking D. Job rotation D. Business card of computer contractor C." . Receipts from the supply store Answer: B Answer: C QUESTION NO: 379 Which of the following could be used to capture website GET requests? A. List of expired usernames D. Port scanner B. Network mapper D. Vulnerability scanner Answer: B "Pass Any Exam. Protocol analyzer C.www. User education manual B. War driving B. Bluesnarfing Answer: B QUESTION NO: 377 Which of the following would be of MOST interest to someone that is dumpster diving? A. Least privilege C. War chalking C.co m 111 . Any Time. Implicit deny B.

CompTIA SY0-201: Practice Exam QUESTION NO: 380 Which of the following does the process of least privilege fall under? A. 3DES B. Any Time. AES Answer: B QUESTION NO: 383 Which of the following protocols is used for encryption between email servers? A. MD5 Answer: B QUESTION NO: 382 Which of the following is the MOST secure transmission algorithm? A. Non-repudiation C. AES256 D. L2TP D. TLS B. NTLM D. SHA-1 B." .actualtests. Integrity B. Confidentiality D. PPTP C.com Ac tua lTe sts .co m 112 . LANMAN C. TKIP C.www. Availability Answer: C QUESTION NO: 381 Which of the following hashing algorithms is the LEAST secure? A. S/MIME "Pass Any Exam.

NTLMv2 B.co Which of the following would be the easiest to use in detection of a DDoS attack? m 113 . Security log "Pass Any Exam.CompTIA SY0-201: Practice Exam Answer: A QUESTION NO: 384 Which of the following scenarios would a penetration test BEST be used for? A. When providing a proof of concept demonstration for a vulnerability B. When performing network mapping D.www. Any Time. System log D. LANMAN Answer: A QUESTION NO: 387 Which of the following is BEST used to determine whether network utilization is abnormal? A. Application log C. NTLM C.actualtests. Performance monitor B. When conducting performance monitoring Answer: A QUESTION NO: 385 Answer: A QUESTION NO: 386 Which of the following implements the strongest hashing algorithm? A. Protocol analyzer ." . VLAN D.com Ac tua lTe sts A. While in the reconnaissance phase C.

Antivirus D. Any Time. Performance baseline C.www. Personal software firewall Answer: B QUESTION NO: 389 Identification is a critical component of the authentication process because it is: A. Testing B. when the user is authorizeD. Pop-up blocker B. Identification Answer: D QUESTION NO: 391 "Pass Any Exam. Anti-spam C.actualtests. Answer: B QUESTION NO: 390 Identity proofing occurs during which phase of identification and authentication? A. Systems monitor Answer: B QUESTION NO: 388 Which of the following is the BEST solution to implement to reduce unsolicited email? A. when the user is verifieD. used to confirm the privileges of a user. D." .co m 114 .com Ac tua lTe sts .CompTIA SY0-201: Practice Exam B. Authentication D. C. Application log D. B. Verification C. used to prevent authorized access.

C. Answer: B QUESTION NO: 392 Implementation of proper environmental controls should be considered by administrators when recommending facility security controls because of which of the following? A. B. B. Sorting through the trash of an organization to obtain information found on their intranet. C. D. Sorting through the trash of an organization to recover an old user ID badge previously used for an attack.CompTIA SY0-201: Practice Exam Which of the following BEST describes the practice of dumpster diving? A. Any Time. Unshielded twisted pair cable B. Fiber optic cable C. Proper environmental controls provide redundancy to the facility.com 115 Ac An administrator is asked to recommend the most secure transmission mediA. Which of the following devices could be selected to provide security to the network segment? "Pass Any Exam.actualtests. Sorting through the garbage of an organization to obtain information used for a subsequent attack." . Which of the following should be recommended? tua lTe sts . Proper environmental controls provide integrity to IT systems.www. D. Coaxial cable Answer: B QUESTION NO: 394 An administrator is selecting a device to secure an internal network segment from traffic external to the segment. Proper environmental controls make authentication simpler. Proper environmental controls help ensure availability of IT systems. Ethernet CAT5 cable D.co m . Sorting through the garbage of an organization to obtain information used for configuration management. Answer: B QUESTION NO: 393 A.

CA Answer: B QUESTION NO: 397 To prevent the use of stolen PKI certificates on web servers. CRL D.D QUESTION NO: 396 To prevent the use of previously issued PKI credentials which have expired or otherwise become invalid. Escrow D. Registration B. PKI B. administrators should always design programs to check which of the following? A. NIPS B.CompTIA SY0-201: Practice Exam A. A. CA C.com 116 Ac tua lTe sts . NIPS B. Content filter C." . HIPS D. HIDS C. Key escrow "Pass Any Exam. DMZ Answer: A QUESTION NO: 395 Which of the following devices should be deployed to protect a network against attacks launched from a business to business intranet? (Select TWO). CRL C. Internet content filter D. which of the following should an administrator ensure is available to their web servers? A.www. Any Time. NIDS Answer: A.co m .actualtests. Firewall E.

A PKI enabled smart card. Any Time. Key escrow D. PKI enabled smart card and badge proximity reader D. Which of the following devices is the MOST reliable and has the lowest cross over error rate? .com Ac tua lTe A. Handprint scanner C. an administrator decides to implement three-factor authentication. Fingerprint scanner sts A security administrator has been asked to deploy a biometric authentication system in a corporation. PKI enabled smart card and a six-digit PIN C. Iris scanner B. a user generated pass phrase and a palm reader Answer: B "Pass Any Exam.www. Which of the following authentication combinations is a three-factor system? A. Recovery agent C. Asymmetric Answer: C QUESTION NO: 399 Answer: C QUESTION NO: 400 To increase the security of the network authentication process.actualtests. Registration B." . An Iris scanner. A retina scanner.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 398 Which of the following describes an implementation of PKI where a copy of a users private key is stored to provide third party access and to facilitate recovery operations? A. strong password and 12-digit PIN B. Retina scanner D. A fingerprint scanner.co m 117 .

Hardware IDS C. Internet content filter B. Potential for software introduction Answer: D QUESTION NO: 404 "Pass Any Exam. DMZ Answer: A Answer: A QUESTION NO: 403 USB drives create a potential security risk due to which of the following? A. Any Time.www. Software HIPS D.co m QUESTION NO: 402 118 .actualtests.com Ac tua lTe A. The cost associated with distributing a large volume of the USB pens D. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive datA. Which of the following would have provided an alternative simpler solution? A. Widespread use D. The risks associated with the large capacity of USB drives and their concealable nature B. The security administrator advises the marketing department not to distribute the USB pens due to which of the following? . Operating system incompatibility B. an administrator implements a series of proxy servers and firewalls." . The security risks associated with combining USB drives and cell phones on a network sts The marketing department wants to distribute pens with embedded USB drives to clients. The administrator further recommends installation of software based firewalls on each host on the network. Large storage capacity C.CompTIA SY0-201: Practice Exam QUESTION NO: 401 To facilitate compliance with the Internet use portion of the corporate acceptable use policy. The security costs associated with securing the USB drives over time C.

vulnerability scans.actualtests. potential threats and asset value C. penetration tests.CompTIA SY0-201: Practice Exam As a best practice. disaster exercises. Answer: D "Pass Any Exam. risk assessments should be based upon which of the following? A." . C. RSA B. which of the following is the BEST reason to implement performance monitoring applications on network systems? A. impact and asset value D. D. A survey of annual loss. To detect availability degradations caused by attackers Answer: D QUESTION NO: 407 All of the following are methods used to conduct risk assessments EXCEPT: A.www. security audits. Any Time. To detect host intrusions from external networks D.co m . ECC Answer: B QUESTION NO: 406 From a security standpoint. A quantitative measurement of risk. To detect network intrusions from external attackers B. B. An absolute measurement of threats Answer: C QUESTION NO: 405 Which of the following is a cryptographic hash function? A. To detect integrity degradations to network attached storage C. RC4 D. SHA C. A qualitative measurement of risk and impact B.com 119 Ac tua lTe sts .

CompTIA SY0-201: Practice Exam

QUESTION NO: 408 After conducting a risk assessment, the main focus of an administrator should be which of the following? A. To report the results of the assessment to the users B. To ensure all threats are mitigated C. To ensure all vulnerabilities are eliminated D. To ensure risk mitigation activities are implemented Answer: D

QUESTION NO: 409

Answer: A

QUESTION NO: 410

A. Use a strong firewall. B. Block inbound access to port 80 C. Apply all system patches. D. Use input validation. E. Install remote control softwarE. F. Apply all service packs. Answer: A,C,F

QUESTION NO: 411 "Pass Any Exam. Any Time." - www.actualtests.com 120

Ac

When installing and securing a new system for a home user which of the following are best practices? (Select THREE).

tua

lTe

sts

A. Disable unneeded services. B. Use group policies. C. Implement open source alternatives. D. Use default installations.

.co

Which of the following is a BEST practice when implementing a new system?

m

CompTIA SY0-201: Practice Exam Which of the following describes a logic bomb? A. A piece of malicious code that can spread on its own B. A piece of malicious code that is concealed from all detection C. A piece of malicious code that executes based on an event or date D. A piece of malicious code that exploits a race condition Answer: C

QUESTION NO: 412 Which of the following is a prerequisite for privilege escalation to occur? A. The attacker has to create their own zero day attack for privilege escalation. B. The attacker must already have physical access to the system. C. The attacker must use a rootkit in conjunction with privilege escalation. D. The attacker must have already gained entry into the system. Answer: D

QUESTION NO: 413

Which of the following is an example of an attack that executes once a year on a certain date? A. Virus B. Worm C. Logic bomb D. Rootkit Answer: C

QUESTION NO: 414 Which of the following is the GREATEST threat to highly secure environments? A. Network attached storage B. BIOS configuration C. RSA256 D. USB devices Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

121

CompTIA SY0-201: Practice Exam QUESTION NO: 415 Management has asked a technician to prevent data theft through the use of portable drives. Which of the following should the technician implement? A. Install a CCTV system. B. Use security templates. C. Implement a biometric system. D. Disable USB drives. Answer: D

QUESTION NO: 416

Which of the following BEST describes a way to prevent buffer overflows? A. Apply all security patches to workstations. B. Apply security templates enterprise widE. C. Apply group policy management techniques. D. Monitor P2P program usage through content filters. Answer: A

QUESTION NO: 418 Which of the following is a security reason to implement virtualization throughout the network infrastructure? A. To analyze the various network traffic with protocol analyzers B. To centralize the patch management of network servers "Pass Any Exam. Any Time." - www.actualtests.com 122

Ac

tua

QUESTION NO: 417

lTe

Answer: A

sts

A. Worm B. Logic bomb C. Virus D. Spam

.co

m

A technician has been informed that many of the workstations on the network are flooding servers. Which of the following is the MOST likely cause of this?

CompTIA SY0-201: Practice Exam C. To isolate the various network services and roles D. To implement additional network services at a lower cost Answer: C

QUESTION NO: 419 Which of the following is a reason to use a Faraday cage? A. To allow wireless usage B. To minimize weak encryption C. To mitigate data emanation D. To find rogue access points

QUESTION NO: 420

Answer: B

QUESTION NO: 421

Which of the following describes a tool used by organizations to verify whether or not a staff member has been involved in malicious activity? A. Mandatory vacations B. Implicit deny C. Implicit allow D. Time of day restrictions Answer: A

QUESTION NO: 422

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. WPA2-Enterprise B. WEP C. WPA2-Personal D. WPA

sts

Weak encryption is a common problem with which of the following wireless protocols?

.co

m

Answer: C

123

com 124 Ac tua lTe QUESTION NO: 424 sts .actualtests. Password policy enforcement Answer: B Which of the following is the MOST common logical access control method? A. Least privilege B. System administrator B. Separation of duties Answer: B QUESTION NO: 423 Which of the following will allow a technician to restrict a users access to the GUI? A.CompTIA SY0-201: Practice Exam Which of the following is a cross-training technique where organizations minimize collusion amongst staff? A. Usernames and password C." . Certificate revocation list Answer: B "Pass Any Exam. Security ID badges Answer: B QUESTION NO: 425 Which of the following verifies control for granting access in a PKI environment? A. Any Time. Multifactor authentication D.co m . Use of logical tokens D. Group policy implementation C. Certificate authority C. Access control lists B. Access control lists B. Recovery agent D. Job rotation C. Cross-site scripting D.www.

Redundant power supplies C. Both keys are mathematically relateD. Backup generator B. Any Time. The public key is only used by the client while the private key is available to all. The identification of mantraps D. D.com Ac tua A. Warm site lTe sts Which of the following is a countermeasure when power must be delivered to critical systems no matter what? . The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption.CompTIA SY0-201: Practice Exam QUESTION NO: 426 Which of the following explains the difference between a public key and a private key? A. The identification of disgruntled staff members Answer: B "Pass Any Exam.WBerlinSans QUESTION NO: 427 Answer: A QUESTION NO: 428 Which of the following is the MOST important step to conduct during a risk assessment of computing systems? A. Both keys are mathematically relateD.co m Answer: D 125 ." . C.www. The private key is only used by the client and kept secret while the public key is available to all. The private key only decrypts the data while the public key only encrypts the datA. Uninterruptible power supplies (UPSs) D. The identification of USB drives B.actualtests. The identification of missing patches C. B.

Anomaly-based D.com 126 Ac tua QUESTION NO: 431 lTe Answer: C sts A. NIPS . The cost of the device "Pass Any Exam. Signature-based B.co m Which of the following monitoring methodologies will allow a technician to determine when there is a security related problem that results in an abnormal condition? . Performance monitor C. NIDS C.CompTIA SY0-201: Practice Exam QUESTION NO: 429 Which of the following tools will allow a technician to detect security-related TCP connection anomalies? A. Any Time. HIDS D." . OVAL C. Trusted platform module Answer: B QUESTION NO: 430 Which of the following systems is BEST to use when monitoring application activity and modification? A. RADIUS B. Public key infrastructure D.actualtests.www. NIDS Answer: C QUESTION NO: 432 Which of the following is the MOST important thing to consider when implementing an IDS solution? A. Logical token B.

Distinguishing between false positives D. The personnel to interpret results Answer: D QUESTION NO: 433 Which of the following is the FIRST step in the implementation of an IDS? A. Any Time. Encrypt and Route B. RC5 Answer: D QUESTION NO: 435 Which of the following are the authentication header modes? A.co m 127 . NTLM D. Answer: D QUESTION NO: 434 Which of the following encryption algorithms is used for encryption and decryption of data? A.actualtests.www. D. MD5 B. B." . Transport and Tunnel C. Decide on the typE. Transport and Encrypt Answer: B QUESTION NO: 436 "Pass Any Exam. C.com Ac tua lTe sts . Purchase the equipment. SHA-1 C. Decide on the model. Tunnel and Encrypt D.CompTIA SY0-201: Practice Exam B. Distinguishing between false negatives C. Document the existing network.

sign. Any Time. Sign. encode and encrypt B. Rivest cipher 4 D. encrypt and verify C. Decrypt. Provides authorization D. Provides integrity C.actualtests. Message authentication code Answer: D QUESTION NO: 437 Which of the following are the functions of asymmetric keys? A. Digital signature algorithm B. Header injection B. Encrypt. encode and verify D. Encapsulating D.com Ac tua lTe sts . Encapsulating security protocol C. TCP hijacking C. validate. Padding Answer: D "Pass Any Exam." .CompTIA SY0-201: Practice Exam Which of the following would a technician use to check data integrity? A. decipher.co m 128 .www. Provides confidentiality Answer: B QUESTION NO: 439 Which of the following describes the insertion of additional bytes of data into a packet? A. validate. decrypt and verify Answer: D QUESTION NO: 438 Which of the following is the purpose of the AH? A. Decrypt. Provides non-repudiation B.

The false rejection rate B. Virtual Private Networking (VPN) D. D.CompTIA SY0-201: Practice Exam QUESTION NO: 440 Which of the following is true regarding authentication headers (AH)? A." . Remote authentication Answer: A QUESTION NO: 443 Which of the following is the main limitation with biometric devices? A. 8021x D. The authentication information hash will increase by one if the bytes remain the same on transfer.com 129 Ac tua QUESTION NO: 442 lTe sts .actualtests. The authentication information is a keyed hash based on all of the bytes in the packet. 80211n B. C. B. The authentication information hash will remain the same if the bytes change on transfer. 80211a Answer: C The method of controlling how and when users can connect in from home is called which of the following? A. 80211g C.co m . The authentication information may be the same on different packets if the integrity remains in placE. Terminal access control C. They are expensive and complex "Pass Any Exam. Answer: A QUESTION NO: 441 Which of the following will allow wireless access to network resources based on certain ports? A. Remote access policy B. Any Time.www.

Implicit allow C. They can be easily fooled or bypassed D. The error human factor Answer: B QUESTION NO: 444 Who is ultimately responsible for the amount of residual risk? A. The DRP coordinator QUESTION NO: 445 Answer: D QUESTION NO: 446 When designing a firewall policy. Any Time. Implicit deny Answer: D QUESTION NO: 447 "Pass Any Exam.com Ac tua lTe A. The senior management B. which of the following should be the default action? A. Least privilege B.actualtests. Worms D. DMZ D.CompTIA SY0-201: Practice Exam C.co m Answer: A 130 . Logic bombs C. The organizations security officer D.www. Botnets sts Which of the following typically use IRC for command and control activities? . The security technician C." . Trojan B.

obtaining management buy-in.co m 131 . patch management softwarE. Answer: D QUESTION NO: 450 Which of the following is MOST likely to make a disaster recovery exercise valuable? A. Conducting intricate. Cryptographic randomness C. A pseudo-random event D. Confidentiality Answer: A QUESTION NO: 449 All of the following are part of the disaster recovery plan EXCEPT: A. Amirror Answer: B QUESTION NO: 448 Which of the following type of protection is hashing used to provide? A. identifying all assets. D. A collision C. B.com Ac tua lTe sts ." . C. which of the following just occurred? A.actualtests. Collision D. A duplication B. Management participation Answer: C "Pass Any Exam.www. system backups. Learning from the mistakes of the exercise D. large-scale mock exercises C. Any Time.CompTIA SY0-201: Practice Exam If hashing two different files creates the same result. Integrity B. Revising the disaster recovery plan during the exercise B.

Mandatory Access Control (MAC) C. Host-based firewall C. Any Time.www.CompTIA SY0-201: Practice Exam QUESTION NO: 451 Which of the following allows directory permissions to filter down through the sub-directory hierarchy? A. The issue only seems to occur when the buildings roof air conditioning system runs. Virtualization B. Replication Answer: B QUESTION NO: 452 Answer: D QUESTION NO: 453 Which of the following would MOST likely prevent a PC application from accessing the network? A. Adding a heat deflector B. HIDS Answer: B QUESTION NO: 454 A technician is investigating intermittent switch degradation. Antivirus D. Redundant HVAC systems "Pass Any Exam.actualtests. Mirroring D.co m Which of the following access control models BEST follows the concept of separation of duties? . Role-based access control (RBAC) . Inheritance C." . Rule-base access control (RBAC) D. Which of the following would reduce the connectivity issues? A. Impedance B.com 132 Ac tua lTe sts A. Discretionary Access Control (DAC) B.

D. Answer: B QUESTION NO: 458 "Pass Any Exam. Any Time. Group policy C." . Shielding D. Patch management D. 3DES C. XOR D. verify the patch is relevant to the system.CompTIA SY0-201: Practice Exam C.com Ac tua lTe sts . B. a technician should do all of the following EXCEPT: A. Configuration baseline B. Add a wireless network Answer: C QUESTION NO: 455 A technician tracks the integrity of certain files on the server. C.actualtests.www. test it in a non-production environment. verify the integrity of the patch. Security template Answer: A QUESTION NO: 457 When testing a newly released patch. SHA-1 B. deploy immediately using Patch Management.co m 133 . AES Answer: A QUESTION NO: 456 Which of the following describes the standard load for all systems? A. Which of the following algorithms provide this ability? A.

C. B. B. passive security testing techniques. log review. Anomaly-based IDS D. invasive security testing techniques. black box testing techniques. Which of the following would detect this encapsulated traffic? A.CompTIA SY0-201: Practice Exam A botnet zombie is using HTTP traffic to encapsulate IRC traffiC. Conducted from outside the perimeter switch but inside the firewall B.com Ac tua lTe sts . system configuration review. active security testing techniques. and file integrity checking are examples of: A. network sniffing. Answer: D QUESTION NO: 460 To determine whether a system is properly documented and to gain insight into the systems security aspects that are only available through documentation is the purpose of: A. C. active security testing techniques. Rootkit Answer: C QUESTION NO: 459 Documentation review. invasive security testing techniques. D. rule-set review.co m 134 . Answer: C QUESTION NO: 461 Which of the following BEST describes external security testing? A.actualtests. passive security testing techniques. Any Time.www. hybrid security testing techniques. D. Proxy server C. Conducted from outside the building that hosts the organizations servers "Pass Any Exam." . Vulnerability scanner B.

D.co m Answer: C 135 .com Ac tua lTe A. Implementing two-factor authentication B. it relies on a repository of signatures. Any Time. QUESTION NO: 463 Answer: D QUESTION NO: 464 Which of the following can BEST aid in preventing a phishing attack? A. it only uncovers vulnerabilities for active systems. Conducted from outside the organizations security perimeter D. C. Requiring the use of stronger encryption Answer: C QUESTION NO: 465 "Pass Any Exam. sts All of the following are limitations of a vulnerability scanner EXCEPT: . Conducting user awareness training D. C.CompTIA SY0-201: Practice Exam C. applications. it generates less network traffic than port scanning. it generates a high false-positive error ratE.www. B. active hosts. vulnerabilities. Conducted from outside the perimeter switch but inside the border router Answer: C QUESTION NO: 462 Port scanners can identify all of the following EXCEPT: A. operating systems. Enabling complex password policies C.actualtests. B. D." .

HTTPS D. D. WANs. Any Time. Any downtime to this website results in substantial financial damage for the company. S/MIME Answer: C QUESTION NO: 467 A. One web server is connected to several distributed database servers. Warm site B.actualtests. Proxy server C.CompTIA SY0-201: Practice Exam A travel reservation company conducts the majority of its transactions through a public facing website.www. SSH C. LANs. RAID D." . SHTTP B.com 136 Ac One of the reasons that DNS attacks are so universal is DNS services are required for a computer to access: tua lTe sts . Which of the following describes this scenario? A. Single point of failure Answer: D QUESTION NO: 466 Which of the following is MOST commonly used to secure a web browsing session? A. Answer: B QUESTION NO: 468 One of the security benefits to using virtualization technology is: "Pass Any Exam. C. B. the Internet. WLANs.co m .

applying a patch to the server automatically patches all instances. Answer: D "Pass Any Exam. PAT provides the mail gateway with protection on port 24 B. Publishes the organizations external network addressing scheme C." . Publishes the organizations internal network addressing scheme B. Which of the following is the BEST reason for implementing NAT? sts QUESTION NO: 470 . B. Answer: A QUESTION NO: 469 A virtual server implementation attack that affects the: A. if one instance is compromised no other instances can be compromiseD. D. C.co m 137 . C.CompTIA SY0-201: Practice Exam A. Answer: D Answer: C QUESTION NO: 471 Which of the following is the BEST reason for an administrator to use port address translation (PAT) instead of NAT on a new corporate mail gateway? A. disk partition will affect all virtual instances. RAM will affect all virtual instances. PAT allows external users to access the mail gateway on random ports. OS kernel will affect all virtual instances. Hides the organizations internal network addressing scheme D. D.com Ac tua A. C. PAT allows external users to access the mail gateway on pre-selected ports. Any Time.actualtests. if an instance is compromised the damage can be compartmentalizeD. virtual instances are not affected by conventional port scanning techniques. B. PAT provides the mail gateway with protection on port 25 D. Hides the organizations external network addressing scheme lTe An administrator wants to set up a new web server with a static NAT.www. system registry will affect all virtual instances.

HIDS logs B." . A static NAT uses a many to one mapping. D. but not eliminate the risk of VLAN jumping? A. ARP caching C. A static NAT uses a one to one mapping. Which of the following could BEST be used to confirm the administrators suspicions? tua lTe sts . DTP on all ports D. Proxy logs C. Firewall logs Answer: D QUESTION NO: 475 Restricting access to files based on the identity of the user or group is an example of which of the following? "Pass Any Exam. AV server logs D. C. B. LAN manager B. TACACS Answer: C QUESTION NO: 474 A.com 138 Ac An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. Any Time.actualtests. Answer: D QUESTION NO: 473 Which of the following if disabled will MOST likely reduce.CompTIA SY0-201: Practice Exam QUESTION NO: 472 Which of the following describes a static NAT? A. A static NAT uses a many to many mapping. A static NAT uses a one to many mapping.www.co m .

CompTIA SY0-201: Practice Exam A. CRL B. PKI C. MAC D. DAC Answer: D

QUESTION NO: 476 Restricting access to files based on the identity of the user or group and security classification of the information is an example of which of the following? A. RBAC B. DAC C. NTFS D. MAC Answer: D

QUESTION NO: 477

Answer: A

QUESTION NO: 478 Which of the following would BEST describe a disaster recovery plan (DRP)? A. Addresses the recovery of an organizations business documentation B. Addresses the recovery of an organizations email C. Addresses the recovery of an organizations backup site D. Addresses the recovery of an organizations IT infrastructure "Pass Any Exam. Any Time." - www.actualtests.com 139

Ac

A. Role-Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Lightweight Directory Access Protocol (LDAP) D. Discretionary Access Control (DAC)

tua

A new Internet content filtering device installed in a large financial institution allows IT administrators to log in and manage the device, but not the content filtering policy. Only the IT security operation staff can modify policies on the Internet filtering devicE. Which of the following is this an example of?

lTe

sts

.co

m

CompTIA SY0-201: Practice Exam Answer: D

QUESTION NO: 479 Which of the following is the primary objective of a business continuity plan (BCP)? A. Addresses the recovery of an organizations business operations B. Addresses the recovery of an organizations business payroll system C. Addresses the recovery of an organizations business facilities D. Addresses the recovery of an organizations backup site Answer: A

QUESTION NO: 480

Which of the following BEST describes an application or string of code that cannot automatically spread from one system to another but is designed to spread from file to file? A. Adware B. Worm C. Botnet D. Virus Answer: D

QUESTION NO: 482

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

QUESTION NO: 481

tua

Answer: C

lTe

A. Risk mitigation B. Risk avoidance C. Risk acceptance D. Risk transfer

sts

.co

A software manufacturer discovered a design flaw in a new application. Rather than recall the software, management decided to continue manufacturing the product with the flaw. Which of the following risk management strategies was adopted by management?

m

140

CompTIA SY0-201: Practice Exam Which of the following is considered an independent program that can copy itself from one system to another and its main purpose is to damage data or affect system performance? A. Virus B. Worm C. Spam D. Spyware Answer: B

QUESTION NO: 483 All of the following are considered malware EXCEPT: A. spam. B. Trojan. C. virus. D. logical bombs. Answer: A

Which of the following NIDS configurations is solely based on specific network traffic? A. Host-based B. Behavior-based C. Anomaly-based D. Signature-based Answer: D

QUESTION NO: 485 Which of the following only looks at header information of network traffic? A. Internet content filter B. Packet filter C. Application firewall D. Hybrid firewall Answer: B "Pass Any Exam. Any Time." - www.actualtests.com 141

Ac

tua

lTe

QUESTION NO: 484

sts

.co

m

CompTIA SY0-201: Practice Exam

QUESTION NO: 486 Which of the following access control methods could the administrator implement because of constant hiring of new personnel? A. Rule-based B. Role-based C. Discretionary D. Decentralized Answer: B

QUESTION NO: 487

Answer: D

QUESTION NO: 488

RADIUS uses all of the following authentication protocols EXCEPT: A. PAP. B. CHAP. C. EAP. D. L2TP. Answer: D

QUESTION NO: 489 A HIDS is installed to monitor which of following?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Workstation B. Biometrics C. Web server D. Authentication server

sts

.co

When using a single sign-on method, which of the following could adversely impact the entire network?

m

142

Any Time. Patch management D. Remote access C.co m 143 . NIC performance C. Behavior C. CPU performance B. Knowledge Answer: C Answer: C QUESTION NO: 492 Which of the following is a system that will automate the deployment of updates to workstations and servers? A. Anomaly lTe Which of the following intrusion detection systems uses well defined models of how an attack occurs? sts QUESTION NO: 491 . Protocol B.www. Installer package Answer: C "Pass Any Exam. Signature D. Temporary Internet files Answer: C QUESTION NO: 490 Which of the following intrusion detection systems uses statistical analysis to detect intrusions? A.com Ac tua A. Anomaly D. System files D. Honeynet C. Signature B.CompTIA SY0-201: Practice Exam A.actualtests." . Service pack B.

Policy analyzer B. The user does not want anyone to be able to access control functions except themselves. Any Time. Patch management C. P2P software Answer: B QUESTION NO: 496 Which of the following is a limitation of a HIDS? "Pass Any Exam. Group policy C. Password B. Create an access-list D.CompTIA SY0-201: Practice Exam QUESTION NO: 493 A user is concerned with the security of their laptops BIOS." .com Ac tua lTe sts . Configuration baseline D.www. Control panel D.co m 144 . Flash the BIOS Answer: A QUESTION NO: 494 Which of the following is a method to apply system security settings to all workstations at once? A. A security template Answer: D QUESTION NO: 495 Which of the following would be a method of securing the web browser settings on all network workstations? A. Encrypt the hard drive C. Internet content filter B.actualtests. Which of the following will make the BIOS more secure? A.

" .co m 145 .actualtests. SMTP B.CompTIA SY0-201: Practice Exam A. Someone must manually review the logs. Full control C. MIME D. The technician has created many shares on the storagE. Authentication D.www. Least privilege Answer: D QUESTION NO: 498 Which of the following is an example of a trust model? A. C. They are difficult to install. It does not capture MAC addresses. Managing the CA relationships Answer: D QUESTION NO: 499 Which of the following is the common mail format for digitally signed and encrypted messages? A.com Ac tua lTe sts . B. Separation of duties B. Which of the following is the MOST secure way to assign permissions? A. S/MIME Answer: D "Pass Any Exam. Any Time. Internet key exchange C. SSL/TLS B. It requires an open port on the firewall. SSL C. Recovery agent D. D. Answer: B QUESTION NO: 497 A technician has implemented a new network attached storage solution for a client.

co m 146 . Behavior-based Answer: A QUESTION NO: 503 An application that gets downloaded onto a system by appearing to be a useful tool for cleaning out duplicate contacts in a users emails would be considered: "Pass Any Exam.CompTIA SY0-201: Practice Exam QUESTION NO: 500 Which of the following is the common way of implementing cryptography on network devices for encapsulating traffic between the device and the host managing them? A. Anomaly-based C." .www. Heuristic-based D. Simulating an actual attack on a network B. SSH D. Hacking into a network for malicious reasons C. then which of the following is this referring to? tua lTe sts . Signature-based B. SNMP C. SMTP Answer: C QUESTION NO: 501 Which of the following describes penetration testing? A. Detecting active intrusions D. S/MIME B.actualtests. Establishing a security baseline Answer: A QUESTION NO: 502 A.com Ac When an IDS is configured to match a specific traffic pattern. Any Time.

B. B.com Ac A.www. C. C. A vulnerability scan D. yesterdays performancE. spyware. A port scanner B. the system monitor. D. a personal software firewall. the performance baselinE. D. a Trojan.CompTIA SY0-201: Practice Exam A." .co m 147 . spam. A penetration test "Pass Any Exam. This is an example of which of the following? A. D. A protocol analyzer C. the manufacturers websitE. DNS. a HIDS. Answer: D QUESTION NO: 504 Installing an application on every desktop in a companys network that watches for possible intrusions would be an example of: A. hardening. a NIDS. Any Time. POP3. B. Answer: A QUESTION NO: 505 Answer: A QUESTION NO: 506 An administrator runs a tool checking SMTP. C. a worm. and ICMP packets on the network. tua lTe An administrator suspects an issue retrieving files on the network and accesses the file servers performance monitor to check the results against: sts .actualtests.

shadow copy.actualtests. Least privilege lTe Users should be able to access their email and several secure applications from any workstation on the network. Which of the following is this an example of? sts . B.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 507 A company runs a backup after each shift and the main concern is how quickly the backups are completed between shifts. multifactor authentication. the administrator has implemented an authentication system requiring the use of a username. ACL D. Three factor authentication B. D. D. full backup.www. QUESTION NO: 508 Answer: B QUESTION NO: 509 Both the client and the server authenticate before exchanging datA. mutual authentication. differential backup. Additionally. B. The administrator decides that backing up all the data that has changed during the last shift is the best way to go. Answer: C "Pass Any Exam. SSO C. This would be considered a: A. C.co m Answer: A 148 ." . Any Time. SSO. C. password. and a company issued smart card. biometrics.com Ac tua A. incremental backup. Recovery time should be kept to a minimum. This is an example of: A.

D.com Ac tua lTe sts . IPSec D." .CompTIA SY0-201: Practice Exam QUESTION NO: 510 Which of the following could be used to institute a tunneling protocol for security? A.www. IPX/SPX B. Check DNS records regularly. PGP B. FTP Answer: C QUESTION NO: 511 Which of the following is an encryption program used to secure email and voice over the Internet? A. SHA-1 C.actualtests. Ping the DNS server every minute to verify connectivity. Use personal firewalls to block port 53 C. EAP C. NTLM B. Blowfish Answer: A QUESTION NO: 512 Which of the following is used for securing communication between a client and a server? A. SMTP Answer: A QUESTION NO: 513 Which of the following processes are used to monitor and protect the DNS server? A.co m 149 . Any Time. B. S/MIME C. "Pass Any Exam. ECC D. MD5 D. Set PTR records to purge daily.

Redundant ISP C. Any Time. Up-to-date antivirus definitions B.actualtests. Due diligence D. User education D. SLA C. Paper shredders C.www.co A corporation has a contractual obligation to provide a certain amount of system uptime to a client. SPAM filters Answer: C QUESTION NO: 515 Answer: B QUESTION NO: 516 Which of the following would allow for a network to remain operational after a T1 failure? A.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 514 Which of the following is the MOST effective method for stopping a phishing attempt? A. Uninterruptible Power Supply (UPS) B." . PII B.com Ac tua lTe A. RAID 5 drive array Answer: B QUESTION NO: 517 Which of the following asymmetric encryption algorithms was utilized FIRST? "Pass Any Exam. Redundant servers D. Redundancy sts . Which of the following is this contract an example of? m 150 .

Battery backup system D. OVAL B. Whirlpool D. HVAC C. RADIUS C. User ID and password B. AES B. Kerberos D. Fingerprint reader and iris scanner D.actualtests. DES Answer: D QUESTION NO: 518 A ticket granting server is an important concept in which of the following authentication models? A.CompTIA SY0-201: Practice Exam A.www.co m 151 . Serpent C. Shielding Answer: B "Pass Any Exam. Smart card and ID badge Answer: B QUESTION NO: 520 Which of the following could physically damage a device if a long term failure occurred? A." .com Ac tua lTe sts QUESTION NO: 519 . PAP B. Any Time. Smart card and PIN C. CHAP Answer: C Which of the following is an example of two-factor authentication? A.

Weld all terminators to the cable ends.co m 152 . Run all new cables parallel to existing alternating current (AC) cabling. Confidentiality of data "Pass Any Exam. Integrity of data B. Make sure all terminators are groundeD. D." . C0mpt!a2**8 D. D.www. C. Remove a terminator. B. B. Remove a vampire tap. C.actualtests. Install a zombiE. Answer: B QUESTION NO: 523 Which of the following is the weakest password? A. F%r3Walke3r C. Any Time.com Ac tua lTe sts . P^s5W0rd Answer: A QUESTION NO: 524 Which of the following is the GREATEST security risk regarding removable storage? A. Not enough space available C. Answer: C QUESTION NO: 522 Which of the following is the BEST method for securing the data on a coaxial network? A.CompTIA SY0-201: Practice Exam QUESTION NO: 521 Which of the following is the easiest way to disable a 10Base2 network? A. Introduce crosstalk. Availability of data D. Run all cables through a conduit. Indu5tr1als B.

Privilege escalation C. Trojan Answer: D QUESTION NO: 526 Answer: A QUESTION NO: 527 A manager needs to control employee overtimE. Botnet B. Job rotation D. Spam D. Implicit deny sts . Least privilege B. Domain password policy Answer: C QUESTION NO: 528 Which of the following BEST describes hashing? "Pass Any Exam. Which of the following would BEST allow for the manager to control when the employees are on the network? A.www." . Time of day restriction D.actualtests.CompTIA SY0-201: Practice Exam Answer: D QUESTION NO: 525 Which of the following mimics a legitimate program in order to steal sensitive data? A. Any Time.com Ac tua lTe A. Worm C. User account expiration C. Access control list B.co Which of the following allows for a user to have only the minimum level of access required for their job duties? m 153 .

Local firewall C. The encryption algorithm D. Computing a unique mathematic identifier in order to prevent change during transport. The key exchange algorithm B. Pop-up blocker B. D.www. Answer: D QUESTION NO: 529 Which of the following is MOST likely to crash a workstation? A." . Network mapper Answer: C QUESTION NO: 530 Which of the following is the critical piece of an encrypted communication that must be kept secret? A.co m . Password expiration D.actualtests. C. Any Time. Vulnerability assessment B. Protocol analyzer C. Encrypting the data payload and computing a unique mathematic identifier in order to prevent change during transport. The initial salt value C.com 154 Ac tua lTe sts . The final CRC of the key packet Answer: B QUESTION NO: 531 A PC is rejecting push updates from the server.CompTIA SY0-201: Practice Exam A. all other PCs on the network are accepting the updates successfully. Encrypting the data payload and computing a unique mathematic identifier in order to detect change during transport. Computing a unique mathematic identifier in order to detect change during transport. B. Penetration test D. Which of the following should the administrator check FIRST? A. Anti-spyware "Pass Any Exam.

Any Time. The antivirus settings on the remote PC C. A review of NTLM hashes on the domain servers B." . A review of group policies C. The antivirus settings on the local PC B.co After a period of high employee turnover. CHAP Answer: B QUESTION NO: 533 Answer: C QUESTION NO: 534 All PCs in a network share a single administrator ID and passworD. The HIPS on the local PC Answer: C QUESTION NO: 535 "Pass Any Exam. When the administrator attempts to remotely control a users PC the attempt fails.com Ac tua lTe sts A.www.actualtests. VPN C. A review of user access and rights D.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 532 Which of the following describes an encrypted connection across public communication lines? A. TACACS B. EAP D. A review of storage and retention policies . The HIPS on the remote PC D.Which of the following should the administrator check FIRST? A. which of the following should be implemented? m 155 .

separation of duties. KEA. Any Time. Private key of the sender C.com 156 Ac tua lTe QUESTION NO: 537 sts . C. escorting procedures." . password complexity rules. Public key of the receiver Answer: B Which of the following describes a weakness of the hash functions? A. Collision B. SAFER.CompTIA SY0-201: Practice Exam All of the following are considered key exchange protocols EXCEPT: A. Private key of the receiver B. Birthday attack C. RSA. D. B. Man-in-the-middle Answer: A QUESTION NO: 538 All of the following are organizational policies that reduce the impact of fraud EXCEPT: A. Answer: D QUESTION NO: 536 Which of the following keys is generally applied FIRST to a message digest to provide nonrepudiation using asymmetric cryptography? A. Collusion D. Public key of the sender D. Answer: B "Pass Any Exam. B. job rotation.co m . Diffie-Hellman.actualtests. D. C.www.

Which of the following should be done FIRST? A. Respond to the attacker.actualtests.co A technician noticed a remote attack taking place on a system. Answer: C QUESTION NO: 540 Answer: D QUESTION NO: 541 Which of the following IDS generally follows a learning process? A. Disconnect the system from the network. Event-based IDS D.www. Signature-based IDS C.CompTIA SY0-201: Practice Exam QUESTION NO: 539 A technician is conducting a forensics analysis on a computer system. Look for hidden files. D. sts . Contain the attack. Follow the incident management procedure in placE. C. B. Analyze temporary files." . Search for Trojans.com Ac tua lTe A. Rule-based IDS Answer: A QUESTION NO: 542 Which of the following algorithms is faster when encrypting data? "Pass Any Exam. D. C. Which of the following should be done FIRST? m 157 . Anomaly-based IDS B. Get a binary copy of the system. Any Time. B.

For use in disaster recovery of the DNS server D. For use in an investigation in the future Answer: D Which of the following is a best practice for securing log files? A. For complying with PII requirements C. System Answer: D "Pass Any Exam.co m 158 . Access D. Change security settings to avoid corruption. Any Time. For complying with payment card industry (PCI) requirements B.actualtests. B.com Ac tua lTe sts QUESTION NO: 544 . DHCP B. Copy or save the logs to a remote log server. Asymmetric key algorithms Answer: A QUESTION NO: 543 Which of the following is a reason why DNS logs should be archived? A." . Log all failed and successful login attempts. Security C. Deny administrators all access to log files to prevent write failures.www. C. D. Symmetric key algorithms B. Answer: A QUESTION NO: 545 Which of the following logs shows when the workstation was last shutdown? A. Whole disk encryption algorithms D.CompTIA SY0-201: Practice Exam A. Public key algorithms C.

" .com Ac tua lTe sts . Determining who logged on to a machine last night atmidnight B. Port scanning B. TCPDump and Wireshark are commonly used for which of the following? A. A network mapper Answer: A QUESTION NO: 548 Snort. Network sniffing Answer: D QUESTION NO: 549 Which of the following would typically require the use of a network protocol analyzer? A. Draft an email retention policy Answer: B QUESTION NO: 547 Which of the following tools is commonly used to detect security anomalies on a host? A. Determining what the speed is on the external interface of a firewall "Pass Any Exam. Host monitoring C.www. A remote protocol analyzer D.CompTIA SY0-201: Practice Exam QUESTION NO: 546 Which of the following is a best practice auditing procedure? A.actualtests. A TACACS+ implementation C. DDOS attacks D. A file system integrity checker B.co m 159 . Mitigate vulnerabilities B. Determining how many users are logged onto the domain controller C. Determining why authentication between two machines failed D. Any Time. Set strong password requirements D. Review user access and rights C.

MAC address B.co m 160 . Location C. Any Time. OS Answer: B Malware that uses virtualization techniques can be difficult to detect because of which of the following? A.www.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 550 Which of the following security related anomalies are MOST likely to be detected by a protocol analyzer? A. Many malformed or fragmented packets B. Decryption of encrypted network traffic C. A portion of the malware may have been removed by the IDS. The malware may be running at a more privileged level than the antivirus softwarE. Disabled network interface on a server D. Passive sniffing of local network traffic Answer: A QUESTION NO: 551 Users and computers are generally grouped into domains for security purposes. The malware may be implementing a proxy server for command and control. Answer: D QUESTION NO: 553 "Pass Any Exam.com Ac QUESTION NO: 552 tua lTe sts .actualtests. The malware may be using a Trojan to infect the system." . B. Password D. D.Which of the following is a common attribute used to determine which domain a user or computer belongs to? A. C.

rlogin D.actualtests. Continuity Answer: B QUESTION NO: 556 Which of the following can be used to centrally manage security settings? A. To reduce the number of connections allowed Answer: A QUESTION NO: 554 Which of the following is an industry standard for remote logging? A. Any Time. Group policy C. Accountability C. RDP C. ipfilter B. Service pack D. To hide the encryption being used in the honeynet C. Authorization D. To slow the intruders network connection speed D." .CompTIA SY0-201: Practice Exam Which of the following is a reason why virtualization techniques are often used to implement a honeynet? A.www. Availability B. NIDS Answer: B "Pass Any Exam. syslog Answer: D Audit trails are used for which of the following? A.com 161 Ac tua lTe QUESTION NO: 555 sts .co m . Cross-site scripting B. To reduce the number of physical devices needed B.

Test the recovery plan.com Ac tua QUESTION NO: 559 lTe sts . Use a reciprocal agreement. Penetration testing exploits a vulnerability Answer: D QUESTION NO: 560 Which of the following is a security risk of not password protecting the BIOS? A. Vulnerability assessment D. C. The antivirus software will not run because it needs a BIOS passworD. B. Penetration testing B. Answer: D QUESTION NO: 558 Which of the following activities is MOST closely associated with DLL injection? A. The system may be changed to boot from alternative mediA. B. Penetration testing removes malware if found during a scan C. Vulnerability assessment exploits a weakness in a system D. Hire an independent consultant.CompTIA SY0-201: Practice Exam QUESTION NO: 557 Which of the following is a best practice disaster recovery strategy? A. "Pass Any Exam.co m 162 . Network mapping C." .actualtests.www. D. SQL servers Answer: A Which of the following is true about penetration testing or vulnerability assessments? A. Any Time. Vulnerability assessment verifies incidence response B. Spend at least 5% of the IT budget.

A virus may corrupt the SCSI settings and the system will not boot. Need to capture monitor network traffic in real time Answer: B. Block suspicious queries to the DNS server. Any Time. Need to know which files have been accessed C. Need to prevent access to a file or folder B. Need to know who is logging on to the system D.C Executing proper logging procedures would facilitate which of the following requirements? A. Answer: A QUESTION NO: 561 Executing proper logging procedures would be the proper course of action in which of the following scenarios? (Select TWO).actualtests. Some important events will not get loggeD. Investigate suspicious queries to the DNS server.com Ac tua lTe sts QUESTION NO: 562 . Answer: B QUESTION NO: 563 Which of the following is a concern when setting logging to a debug level? A.www. Need to prevent users from logging on to the system E. C. The log may fill up with extraneous information. A. The authentication system may be subverteD. Ignore suspicious queries to the DNS server. D. B. C. D.co m 163 . The device or application will only operate in test modE. D.CompTIA SY0-201: Practice Exam C." . B. The events may not contain enough details. Monitor suspicious queries to the DNS server in real timE. Answer: A "Pass Any Exam.

Any Time. The password requirements for user accounts D. Caching D. False positive threshold B. Poisoning C. The virtual memory allocated on the log server E. ActiveX Answer: C QUESTION NO: 567 Common settings configured on an Internet content filtering device are database update settings." . Agent based C. The amount of disk space required Answer: A. A.actualtests.www.CompTIA SY0-201: Practice Exam QUESTION NO: 564 Which of the following should be considered when executing proper logging procedures? (Select TWO). Agentless D. Content rules "Pass Any Exam. Open ID B. Hijacking B.com 164 Ac tua QUESTION NO: 566 lTe sts . The information that is needed to reconstruct events B. log settings and which of the following? A. The number of disasters that may occur in one year C.E QUESTION NO: 565 Which of the following malicious activities might leave traces in a DNS log file? A.co m . Phishing Answer: B Which of the following NAC scanning types is the LEAST intrusive to the client? A.

Resetting an employee password C. B. Passwords that are blank D." .www. D.com Ac tua lTe sts . Answer: D QUESTION NO: 571 "Pass Any Exam. Set up an email proxy on the Internet and an email server in the internal network. Set up an email proxy in the DMZ and the email server in the internal network. Performance settings Answer: B QUESTION NO: 568 Which of the following activities commonly involves feedback from departmental managers or human resources? A. Accounts that need to be removed Answer: D QUESTION NO: 570 Which of the following is the BEST option for securing an email infrastructure? A. which of the following may be revealed? A. Accounts with weak passwords B.CompTIA SY0-201: Practice Exam C. User access and rights review D. Anomaly settings D. C. Clearing cookies from the browser B. Passwords with dictionary words C.actualtests. Set up an email proxy on the Internet and an email server in the DMZ. Set up the email server in a DMZ. Any Time.co m 165 . Setting system performance baseline Answer: C QUESTION NO: 569 While auditing a list of active user accounts.

Job rotation C. "Pass Any Exam. C. Apply retention policies on the log files. Asymmetric keys D.www. Least privilege Answer: C Which of the following key types does Kerberos use? A. Perform hashing of the log files. Perform a binary copy of the system. A.CompTIA SY0-201: Practice Exam Which of the following provides the BEST mechanism for non-repudiation? A. Digital signatures D. Separation of duties B. B.com Ac tua lTe QUESTION NO: 573 sts .actualtests. Collect system temporary files. Time of day restrictions D. Ticket Grating Service B. Message authentication codes Answer: C QUESTION NO: 572 Which of the following is the BEST logical access control method for controlling system access on teams working in shifts? A. Symmetric keys C." . D. Message digests C. Key Distribution Center Answer: C QUESTION NO: 574 Which of the following are recommended security measures when implementing system logging procedures? (Select TWO). Encryption B.co m 166 . Any Time.

D.C Which of the following BEST describes actions pertaining to user account reviews? (Select TWO). Any Time.C QUESTION NO: 577 All of the following are attributes of an x. A.actualtests. Perform CRC checks. E.CompTIA SY0-201: Practice Exam E. VLAN segment of the systems B. User accounts reports are periodically extracted from systems and user access dates are verified Answer: A.www. the symmetric key of the owner. the public key of the owner.D QUESTION NO: 575 Which of the following should be considered when implementing logging controls on multiple systems? (Select TWO). User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes. Answer: B. C. B. Network security zone of the systems Answer: B. the version of the certificatE.com 167 Ac tua lTe sts QUESTION NO: 576 . User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization. Systems clock synchronization C. B. User account reports are periodically extracted from systems and employment verification is performeD. "Pass Any Exam. User accounts reports are periodically extracted from systems and end users are informed. External network traffic E.509 certificate EXCEPT: A. Systems capacity and performance D. C." .co m . A.

B. One is a symmetric block cipher and the other is asymmetriC. D.com Ac tua lTe sts QUESTION NO: 579 . Adware D. storage capacity.co m 168 . Any Time. C.actualtests. One replaces blocks while the other rearranges and replaces only. One rearranges and replaces blocks while the other rearranges only. B.CompTIA SY0-201: Practice Exam D. D. Spyware C. speeD. C. Which of the following BEST describes what the user is seeing? A. One replaces blocks with other blocks while the other rearranges only. The technician is skeptical because the antivirus definitions on the machine are up-to-datE. Answer: B QUESTION NO: 580 Which of the following is the main difference between a substitution cipher and a transposition cipher when used to encode messages? A." . Answer: B "Pass Any Exam. SQL injection B. OS compatibility. SMTP open relay Answer: C The GREATEST security concern in regards to data leakage with USB devices is: A. physical sizE. Answer: A QUESTION NO: 578 A user complains that pop-up windows continuously appear on their screen with a message stating that they have a virus and offering to see a program that will remove it.www. the issuer.

Encrypting all network traffic B. retention periods. Line conditioner C. password complexity rules. CHAP C. Voltage regulator B.actualtests. RADIUS Answer: C QUESTION NO: 584 To prevent disk integrity errors due to small line-power fluctuations.CompTIA SY0-201: Practice Exam QUESTION NO: 581 All of the following can be found in the document retention policy EXCEPT: A. D. L2TP B.co m . Any Time. physical access controls.www. Answer: B QUESTION NO: 582 Which of the following reduces effectiveness when deploying and managing NIPS? A." . Kerberos D. Continued tuning C. type of storage mediA. a system administrator should install which of the following? A. B. Network placement D.com 169 Ac tua lTe sts . Redundant power supplies "Pass Any Exam. Reviewing the logs Answer: A QUESTION NO: 583 Which of the following authentication methods prevents a replay attack from occurring? A. C. Battery backup D.

To provide an environment where malware can be executed with minimal risk to equipment and software Answer: D QUESTION NO: 587 Which of the following is a password cracker? A. Any Time." . To provide an environment where new network applications can be tested D. Patch management D. Security hotfix B. To provide a virtual collaboration environment to discuss security research C. Configuration baseline C.co m 170 . To provide a secure virtual environment to conduct online deployments B. NMAP Answer: B QUESTION NO: 588 "Pass Any Exam. WireShark D. Cain & Abel C.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 585 Which of the following is the BEST way to mass deploy security configurations to numerous workstations? A.com Ac tua lTe sts . CORE Impact B.actualtests.www. Security templates Answer: D QUESTION NO: 586 Virtual machines are MOST often used by security researchers for which of the following purposes? A.

Dumpster diving B. Shoulder surfing D.co m . Striping without parity B. Privilege escalation Answer: A "Pass Any Exam. Viruses Answer: A QUESTION NO: 590 Which of the following would BEST prevent the spread of a hoax? A. Up-to-date anti-spyware definitions Answer: B QUESTION NO: 591 Which of the following is a term referring to the situation when a programmer leaves an unauthorized entry point into a program or system? A. Poisoning D.CompTIA SY0-201: Practice Exam Which of the following characteristics of RAID increases availability? A. Up-to-date antivirus definitions D.www.actualtests.com 171 Ac tua lTe sts . Default account C." . Any Time. Chain of custody B. Phishing C. Mirroring C. Low cost Answer: B QUESTION NO: 589 A document shredder will BEST prevent which of the following? A. Kiting D. User education C. Back door B.

CompTIA SY0-201: Practice Exam QUESTION NO: 592 Which of the following refers to a system that is unable to accept new TCP connections due to a SYN flood attack? A.actualtests. Smurf C. Hardware lock D. Physical token and a password C.www.co Which of the following would refer to a key fob with a periodically changing number that is used as part of the authentication process? m 172 . Biometric device C. Airsnort B. Any Time. Fingerprint reader D. Physical token sts . Installation key B. Which of the following documents would provide this? "Pass Any Exam.com Ac tua lTe A. DoS Answer: D QUESTION NO: 593 Answer: D QUESTION NO: 594 Which of the following is the MOST common method of one-factor authentication? A." . Smart card and a PIN B. Teardrop D. User ID and password Answer: D QUESTION NO: 595 An attorney demands to know exactly who had possession of a piece of evidence at a certain time after seizurE.

PAP only authenticates between same vendor servers. Due diligence B. PAP requires that both workstations mutually authenticatE. Key escrow D. Read-only drive connectors D.com Ac tua lTe sts QUESTION NO: 597 . Drive recovery tools Answer: C Which of the following is a drawback of using PAP authentication? A. Write-only drive connectors B. Any Time.www. PAP sends all passwords across the network as clear text. Change management Answer: B QUESTION NO: 596 Which of the following prevents damage to evidence during forensic analysis? A. Drive sanitization tools C. D. Answer: D QUESTION NO: 598 Which of the following BEST describes using a third party to store the public and private keys? A. Public key infrastructure B. C.actualtests." .co m 173 . Due process D. PAP changes its initialization vector with each packet. Recovery agent C. B. Registration authority Answer: C "Pass Any Exam.CompTIA SY0-201: Practice Exam A. Chain of custody C.

Three-factor authentication tua A user ID. WPA2 D. Single-factor authentication D. SSO C.actualtests. Internet mail "Pass Any Exam. and a palm scan are all required to authenticate a system. Any Time. PIN.www.com 174 Ac A. Two-factor authentication C. SSO B. Three-factor authentication D. Single-factor authentication Answer: D QUESTION NO: 601 Answer: B QUESTION NO: 602 Which of the following would be disabled to prevent SPIM? A. ActiveX controls C." . Which of the following is this an example of? lTe sts . P2P B. Two-factor authentication B. CHAP C. RAS Answer: B QUESTION NO: 600 A biometric fingerprint scanner is an example of which of the following? A.CompTIA SY0-201: Practice Exam QUESTION NO: 599 Which of the following requires the server to periodically request authentication from the client? A. EAP B.co m . Instant messaging D.

D. Any Time. C. A hash is a unique number that is generated based upon the files contents and used as the SSL key during downloaD. lTe According to a good disaster recovery plan. Firewall Answer: C "Pass Any Exam. Proxy server C.actualtests. The PKI CA is relocateD.co m . NIDS D. B. A hash is a unique number that is generated based upon the TCP/IP transmission header and should be verified before downloaD. A hash is a unique number that is generated after the file has been encrypted and used as the SSL key during downloaD. B. Internet content filter B. which of the following must happen during a power outage before an uninterruptible power supply (UPS) drains its battery? sts ." . The backup generator activates. Which of the following BEST describes a hash? A.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 603 A user sees an MD5 hash number beside a file that they wish to downloaD. A hash is a unique number that is generated based upon the files contents and should be verified after downloaD.www. The single point of failure is remedieD. C.com 175 Ac tua A. Answer: D QUESTION NO: 604 Answer: B QUESTION NO: 605 Which of the following would give a technician the MOST information regarding an external attack on the network? A. D. Full electrical service is restoreD.

ACL B. Antivirus logs Answer: A QUESTION NO: 609 Which of the following would BEST allow an administrator to find the IP address of an external attacker? "Pass Any Exam. Time of day restriction C. Time of day restrictions . Firewall logs D. Logical tokens D.CompTIA SY0-201: Practice Exam QUESTION NO: 606 Which of the following would BEST prevent night shift workers from logging in with IDs and passwords stolen from the day shift workers? A.www." . Which of the following would BEST allow for the user to be identified? tua lTe sts A. Domain password policy Answer: B QUESTION NO: 607 Answer: B QUESTION NO: 608 A.actualtests. Performance log C. Account expiration B. Access logs B.com Ac A technician finds that a malicious user has introduced an unidentified virus to a single file on the network.co Which of the following would BEST ensure that users have complex passwords? m 176 . Any Time. Domain password policy C. Account lockout D.

co m 177 . NTLM B. AES with ECC B. D. B.www. DES with SHA-1 C. Any Time. PGP with SHA-1 D.com Ac A. Performance logs Answer: C QUESTION NO: 610 After performing a vulnerability analysis and applying a security patch.CompTIA SY0-201: Practice Exam A. SHA-1 D. 3DES with MD5 Answer: A "Pass Any Exam. C. Update the antivirus definition filE." . AES tua lTe Which of the following could be used by a technician needing to send data while ensuring that any data tampering is easily detectible? sts . Apply a security patch from the vendor. Repeat the vulnerability scan. Firewall logs D. Antivirus logs B.actualtests. DNS logs C. which of the following nonintrusive actions should an administrator take to verify that the vulnerability was truly removed? A. Answer: C QUESTION NO: 611 Answer: C QUESTION NO: 612 Which of the following BEST allows for a high level of encryption? A. LANMAN C. Perform a penetration test.

actualtests. Integrity Answer: B QUESTION NO: 614 After reading about the vulnerability issues with open SMTP relays. Answer: D QUESTION NO: 615 A companys accounting application requires users to be administrators for the software to function correctly. port scan. D. Privilege escalation Answer: C QUESTION NO: 616 "Pass Any Exam.com 178 Ac tua lTe sts . Configuration baseline B.co m . B." . a technician runs an application to see if port 25 is open. Confidentiality C. a network administrator builds a user profile which allows the user to still use the application but no longer requires them to have administrator permissions.www. This would be considered a: A. Any Time. Because of the security implications of this. vulnerability scan. Availability B. protocol analyzer. Injection D. Group policy C.CompTIA SY0-201: Practice Exam QUESTION NO: 613 Which of the following is the primary security risk associated with removable storage? A. C. Which of the following is this an example of? A. network mapper. Security template D.

Full backups weekly with differential backups daily D. Full backups every day B. The company is looking for a compromise between speed of backup and speed of recovery. One B. Four Answer: C QUESTION NO: 618 A.co m 179 . Differential backup D.www. ACL "Pass Any Exam. Full backup B.actualtests. The file server crashes on Wednesday afternoon.CompTIA SY0-201: Practice Exam Which of the following backup techniques resets the archive bit and allows for the fastest recovery? A.m. Weekly differential with incremental backups daily Answer: C QUESTION NO: 619 Which of the following would define document destruction requirements? A. Any Time. how many tapes will the technician need to restore the data on the file server for Thursday morning? A. Two C. Three D. Which of the following is the BEST recommendation? tua lTe sts .com Ac A company is addressing backup and recovery issues. Incremental backup Answer: A QUESTION NO: 617 The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p." . Daily differential backups C. Shadow copies C.

Answer: B Setting a baseline is required in which of the following? (Select TWO). Behavior-based monitoring Answer: A. Spyware D. patches and hotfixes immediately. installing the NIDS. closing unnecessary network ports. Anomaly-based monitoring B. applying all updates.co m 180 .com Ac tua lTe sts QUESTION NO: 621 . C. B.E QUESTION NO: 622 Which of the following hidden programs gathers information with or without the users knowledge with the primary purpose of advertising? A. Trojan C.www. Virus Answer: C "Pass Any Exam. Worm B. D.actualtests. disabling SSID broadcast. Group policy D. NIPS E.CompTIA SY0-201: Practice Exam B. Storage and retention policies Answer: D QUESTION NO: 620 Part of a standard policy for hardening workstations and servers should include applying the company security template and: A. Any Time. Signature-based monitoring D. User access and rights review policies C. A. NIDS C." .

Hot site C.CompTIA SY0-201: Practice Exam QUESTION NO: 623 Which of the following provides best practice with a wireless network? A." . Fire detection Answer: A. software. tua lTe sts . Card access system C.www. which of the following items should be included in the assessment? (Select THREE). Warm site B. Off-site data storage D. Reciprocal site D. Any Time. and communications) to facilitate a full recovery within minutes? A.actualtests. equipment.co m 181 .com Ac When conducting an environmental security assessment. Cold site Answer: B QUESTION NO: 625 A.F QUESTION NO: 626 "Pass Any Exam. WEP 128-bit Answer: B QUESTION NO: 624 Which of the following sites has the means (E. Logical access E. g. Utilities F.E. WPA B. WPA with RADIUS C. HVAC B. 3DES with RADIUS D.

co m 182 . Half-duplex Answer: A A. E. the NIC has to be placed in which of the following modes to monitor all network traffic? A.actualtests. The attacker could use which of the following to hide these tools? A. The recommended placement of a NIDS would be: lTe QUESTION NO: 628 sts . C.CompTIA SY0-201: Practice Exam Which of the following security steps must a user complete before access is given to the network? A. outside the proxy. B. Authentication and password B. Auto D. Logic bomb B. inside the DMZ. Rootkit "Pass Any Exam. inside the proxy." . often the attacker will upload various tools that can be used at a later date. Any Time. Authentication and authorization Answer: B QUESTION NO: 627 When placing a NIDS onto the network. D. Full-duplex C.com Ac tua An administrator wants to obtain a view of the type of attacks that are being targeted against the network perimeter. Identification and authentication C.www. Answer: D QUESTION NO: 629 Once a system has been compromised. Identification and authorization D. Promiscuous B. inside the firewall. outside the firewall.

Running key cipher B. Receivers private key B. Trojan Answer: B QUESTION NO: 630 Which of the following is the perfect encryption scheme and is considered unbreakable when properly used? A.CompTIA SY0-201: Practice Exam C. Any Time." . the message digest is encrypted with which of the following keys? A. Behavioral C. Senders private key Answer: D QUESTION NO: 632 Which of the following is the MOST basic form of IDS? A.com Ac tua lTe sts . Signature B. Steganography Answer: C QUESTION NO: 631 When using a digital signature. Statistical D. Concealment cipher C. One-time pad D.co m 183 . Virus D. Senders public key D. Receivers public key C. Anomaly Answer: A QUESTION NO: 633 "Pass Any Exam.www.actualtests.

actualtests. Answer: A QUESTION NO: 634 Which of the following can steganography be used for? A. Algorithms are used to encrypt datA. B. D. C. B. Algorithms are not used to encrypt datA. Encrypt a message in WAV files. Replacing the most significant bit of each byte D. encrypt and decrypt messages in graphics.www. Answer: A QUESTION NO: 635 Steganography could be used by attackers to: Answer: D QUESTION NO: 636 Which of the following BEST describes how steganography can be accomplished in graphic files? A. B." . C. encrypt and conceal messages in microdots. lTe sts .com Ac tua A. Replacing the least significant byte of each bit C. Replacing the most significant byte of each bit B. Encrypt data in graphics.CompTIA SY0-201: Practice Exam Which of the following BEST applies to steganography? A. decrypt data stored in unused disk spacE. Keys are used to encrypt datA. D. Replacing the least significant bit of each byte Answer: D "Pass Any Exam. Keys are concealed in the datA. Decrypt data in graphics. hide and conceal messages in WAV files. C. D. Watermark graphics for copyright.co m 184 . Any Time.

000 users would like to store six months of Internet proxy logs on a dedicated logging server for analysis and content reporting. log storage and backup requirements." . but are required by upper management for legal obligations. D. Symmetric algorithms D. Substitution C.CompTIA SY0-201: Practice Exam QUESTION NO: 637 An application developer is looking for an encryption algorithm which is fast and hard to break if a large key size is used. Stream ciphers . Transposition ciphers C.co m Which of the following if used incorrectly would be susceptible to frequency analysis? 185 . Asymmetric algorithms B. Transposition B. All of the following apply when determining the requirements for the logging server EXCEPT: tua lTe sts A. performance baseline and audit trails. Symmetric D. Which of the following BEST meets these requirements? A.www.com Ac An administrator in an organization with 33. B. Any Time. The reports are not time critical. Answer: C QUESTION NO: 640 Which of the following BEST describes when a hashing algorithm generates the same hash for two different messages? "Pass Any Exam. log details and level of verbose logging. Asymmetric Answer: C QUESTION NO: 638 Answer: B QUESTION NO: 639 A.actualtests. time stamping and integrity of the logs. C.

Redundant servers Answer: D "Pass Any Exam. Any Time. D. Adware tua lTe Which of the following security threats affects PCs and can have its software updated remotely by a command and control center? sts QUESTION NO: 642 . Which of the following is this an example of? A.com Ac A. A collision occurreD. Worm C. B.CompTIA SY0-201: Practice Exam A.co m 186 . Spam D. Hot site D. Zombie B. Backup generator C. Spyware B. A hashing chain occurreD. Adware Answer: B Answer: A QUESTION NO: 643 Multiple web servers are fed from a load balancer. Worm C. A one-way hash occurreD. RAID B. Answer: C QUESTION NO: 641 Which of the following is BEST known for self-replication in networks? A. C.actualtests. Virus D. A deviation occurreD.www." .

logic bombs cannot be sent through email. Which of the following is this an example of? A.com 187 Ac tua A. cannot exploit weaknesses in encryption algorithms. To do this.CompTIA SY0-201: Practice Exam QUESTION NO: 644 An outside auditor has been contracted to determine if weak passwords are being used on the network.co m . logic bombs always have a date or time component. D.www. the auditor is running a password cracker against the master password filE. Malware scan D. cannot be run remotely. Baselining Answer: A QUESTION NO: 645 Password crackers: Answer: D QUESTION NO: 646 Logic bombs differ from worms in that: A. B. logic bombs always contain a Trojan component. Any Time. logic bombs cannot spread from computer to computer.actualtests. C. B. are sometimes able to crack both Windows and UNIX passwords. Fingerprinting C." . D. C. are sometimes able to crack both passwords and physical tokens. lTe sts . Vulnerability assessment B. Answer: D QUESTION NO: 647 "Pass Any Exam.

A firewall operates on a rule list and a NIDS attempts to detect patterns. Answer: B QUESTION NO: 648 A vulnerability has recently been identified for a servers OS. Wait for an automatic update to be pushed out to the server from the manufacturer. group policy. Answer: A QUESTION NO: 650 An accountant has logged onto the companys external banking websitE. Which of the following could have caused this attack? (Select TWO).www. B. Shutdown all affected servers until management can be notifieD. A firewall attempts to detect patterns and a NIDS operates on a rule list. cross-site scripting.actualtests. Any Time. Network mapper C. Packet sniffing "Pass Any Exam. Personal software firewalls can be updated automatically using: A. Visit a search engine and search for a possible patch.com Ac tua lTe QUESTION NO: 649 sts Answer: D . B. D. D. Altered hosts file B. A firewall prevents inside attacks and a NIDS prevents outside attacks. cookies." . C. corporate hardware firewalls. C. Visit the operating system manufacturers website for a possible patch.co m 188 . Which of the following describes the BEST course of action? A. D.CompTIA SY0-201: Practice Exam A firewall differs from a NIDS in which of the following ways? A. B. An administrator using a TCP/IP monitoring tool discovers that the accountant was actually using a spoofed banking websitE. C. A firewall prevents outside attacks and a NIDS prevents inside attacks. A.

Bluesnarfing Answer: A. Any Time. C. Enterprise performance monitoring software C. show that data is being correctly backed up. C.com Ac tua lTe sts . antivirus softwarE. B. DNS poisoning E. personal software firewall.D QUESTION NO: 651 Which of the following tools would be BEST for monitoring changes to the approved system baseline? A.CompTIA SY0-201: Practice Exam D. D. Enterprise antivirus software D. Enterprise resource planning software B. D. Answer: B QUESTION NO: 653 A periodic security audit of group policy can: A.co m 189 ." .actualtests.www. Answer: D QUESTION NO: 654 "Pass Any Exam. show that virus definitions are up to date on all workstations. show that PII data is being properly protecteD. show that unnecessary services are blocked on workstations. HIPS. Enterprise key management software Answer: B QUESTION NO: 652 All of the following security applications can proactively detect workstation anomalies EXCEPT: A. NIDS. B.

com 190 Ac tua lTe sts . D. It is symmetriC. IKE Answer: B QUESTION NO: 657 Which of the following describes how TLS protects against man-in-the-middle attacks? A." . C. D. Answer: A QUESTION NO: 656 Which of the following describes the cryptographic algorithm employed by TLS to establish a session key? A. B. Any Time. The client relies on the MD5 value sent by the server.CompTIA SY0-201: Practice Exam Which of the following is the primary purpose of an audit trail? A. To detect the encryption algorithm used for files Answer: A QUESTION NO: 655 Which of the following describes a characteristic of the session key in an SSL connection? A.co m . B. Answer: A "Pass Any Exam. It is a hash valuE. Blowfish D. To prevent a user from changing security permissions C. It is asymmetriC. To prevent a user from changing security settings D. The client compares the server certificate with the certificate listed on the CRL. C. RSA B.actualtests. To detect when a user changes security permissions B. It is an elliptical curvE.www. The client compares the actual DNS name of the server to the DNS name on the certificatE. The client relies on the MAC value sent by the server. Diffie-Hellman C.

D. The timestamp for the servers are not synchronizeD. SSLv2 is susceptible to network sniffing. Any Time. The technician wants to recommend that the organization consider using TLS. C.com 191 Ac A technician is conducting a web server audit and discovers that SSLv2 is implementeD. B. To improve the server performance Answer: A QUESTION NO: 659 Which of the following describes a common problem encountered when conducting audit log reviews? A.CompTIA SY0-201: Practice Exam QUESTION NO: 658 Which of the following is the primary purpose of removing audit logs from a server? A. SSLv2 only uses message authentication code values. To demonstrate least privilege to management C." . Which of the following reasons could the technician use to support the recommendation? tua lTe sts . B. SSLv2 is susceptible to man-in-the-middle attacks. C. The audit logs are pulled from servers on different days. To reduce network latency D.actualtests. SSLv2 reduces server performancE. To protect against the log file being changed B. D. The audit logs cannot be imported into a spreadsheet.www. The servers are not synchronized with the clients. Answer: A QUESTION NO: 660 A. Answer: D QUESTION NO: 661 A technician is conducting a password audit using a password cracking tool. Which of the following describes a BEST business practice when conducting a password audit? "Pass Any Exam.co m .

Rootkit C. Data leakage D.com Ac tua lTe sts QUESTION NO: 663 . Any Time. Licensing Answer: C Which of the following overwrites the return address within a program to execute malicious code? A. C.co m 192 . Buffer overflows D. Multiple streams C. B. Rootkits C. Logic bomb D. Buffer overflow B. Privilege escalation Answer: A QUESTION NO: 664 Heaps and stacks are susceptible to which of the following? A.CompTIA SY0-201: Practice Exam A. Reveal the passworD. Cookies B.actualtests. D. Use hybrid modE. Answer: A QUESTION NO: 662 Which of the following is a security risk when using peer-to-peer software? A. Use password masking.www. Single out the accounts to crack." . Cross-site scripting B. SQL injection Answer: C "Pass Any Exam.

NIDS B. Honeypot D. D.actualtests.com 193 Ac tua lTe sts .co m . Protocol analyzer Answer: D QUESTION NO: 667 Which of the following creates an emulated or virtual environment to detect and monitor malicious activity? A. HIDS. Firewall C. NIDS D." . routers. B. Honeypot C. C. Proxy server B. NIPS. DHCP server "Pass Any Exam. firewalls. Answer: C QUESTION NO: 666 Which of the following would a technician use to validate whether specific network traffic is indeed an attack? A.Which of the following is BEST suited to accomplish this? A.www. NAC Answer: B QUESTION NO: 668 A technician wants better insight into the websites that employees are visiting. Any Time. Firewall B.CompTIA SY0-201: Practice Exam QUESTION NO: 665 All of the following are inline devices EXCEPT: A.

" .CompTIA SY0-201: Practice Exam C. Search for encrypted protocol usagE. Fuzzing QUESTION NO: 670 All of the following are Bluetooth threats EXCEPT: A. Answer: B QUESTION NO: 672 "Pass Any Exam. Answer: D QUESTION NO: 671 Which of the following is the BEST approach when reducing firewall logs? A. D.actualtests. discovery modE.co m Answer: A 194 . C. DNS server D. Review chronologically.com Ac tua lTe sts . a smurf attack. Firewall Answer: A QUESTION NO: 669 Bluetooth discover mode is similar to which of the following? A. RF analysis D. B.www. C. blue jacking. SSID broadcast B. Data emanation C. bluesnarfing. B. Any Time. D. Review each protocol one at a timE. Discard known traffic first.

AES256 D. SHA-1 Answer: C QUESTION NO: 675 All of the following provide a host active protection EXCEPT: A. HIPS." .actualtests. B. Elliptic Curve B. Router D.www. One-time pad C.com Ac tua lTe sts . D. Answer: D "Pass Any Exam. HIDS.CompTIA SY0-201: Practice Exam In which of the following logs would notation of a quarantined file appear? A. RSA D.co m 195 . Firewall C. AES256 C. host-based firewall. Elliptic curve Answer: C QUESTION NO: 674 Which of the following encryption algorithms relies on the inability to factor large prime numbers? A. antivirus. Antivirus B. C. NAC Answer: A QUESTION NO: 673 Which of the following provides the MOST mathematically secure encryption for a file? A. Any Time. 3DES B.

www.co m .actualtests. Any Time. Spam D." . Adware C.CompTIA SY0-201: Practice Exam QUESTION NO: 676 Which of the following simplifies user and computer security administration? A. Data retention D. By role D. Botnets B. Directory services Answer: D QUESTION NO: 677 Which of the following is MOST likely to cause pop-ups? A. which of the following would be the BEST way to structure a directory information tree? A. each being responsible for separate facilities. Printing policies C. By name "Pass Any Exam. Worm Answer: B QUESTION NO: 679 If a company has a distributed IT staff. Botnet B. Rootkit Answer: B QUESTION NO: 678 Which of the following is MOST likely to open a backdoor on a system? A. Encrypted file system (EFS) B.com 196 Ac tua lTe sts . Logic bomb D. By department B. By location C. Trojan C.

B.www.com Ac tua lTe sts .CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 680 A technician wants to be able to add new users to a few key groups by default. Non-repudiation C. Default ACL D. which of the following would allow this? A." . Answer: A QUESTION NO: 683 Using the same initial computer image for all systems is similar to which of the following? "Pass Any Exam. Inheritance Answer: B QUESTION NO: 681 Which of the following is a reason to use digital signatures? A. Logical token D. group policy. D. Auto-population B. software token. Any Time. C.co m 197 . Access control list B. ACL.actualtests. Hardware token Answer: B QUESTION NO: 682 All of the following are logical access control methods EXCEPT: A. Template C. biometrics.

If a technician finds illegal content. C. Stop and immediately copy the system files and contact the ISP.com Ac tua A. Which of the following should the technician do? sts QUESTION NO: 685 . Patch management Answer: C QUESTION NO: 684 Which of the following has the LEAST amount of issues when inspecting encrypted traffic? A. D.actualtests. The first thing a technician should perform is a file system backup. Stop and immediately perform a full system backup and contact the owner of the datA. the first thing a technician should do is unplug the machine and back it up. NIDS D. lTe A technician has come across content on a server that is illegal.www. Configuration baseline D. Virtual machine C. C. B. Firewall C. NIPS Answer: A Answer: B QUESTION NO: 686 Which of the following is a true statement in regards to incident response? A. Any Time. The first thing a technician should do is call in law enforcement. Stop and immediately follow company approved incident response procedures. Antivirus B.co m 198 ." .CompTIA SY0-201: Practice Exam A. B. Group policy B. D. Stop and immediately make a backup of the account and contact the owner of the data. Answer: C "Pass Any Exam. If a technician finds illegal content. they should follow company incident response procedures.

Filter D. to allow a NIDS to monitor the traffic? m 199 . Appliance Answer: C QUESTION NO: 690 An instance where an IDS identifies legitimate traffic as malicious activity is called which of the following? "Pass Any Exam. DNS server C. Appliance sts .www. Console B. DHCP server B." .co Which of the following is placed in promiscuous mode. Proxy server Answer: B QUESTION NO: 688 Answer: B QUESTION NO: 689 In a NIDS. Filter B. Sensor C.actualtests.CompTIA SY0-201: Practice Exam QUESTION NO: 687 If a technician is unable to get to a website by its address but the technician can get there by the IP address. Console D. Screen C. Firewall D. Any Time. in line with the data flow.com Ac tua lTe A. which of the following is MOST likely the issue? A. which of the following provides a user interface? A.

com Ac A.actualtests. True positive Answer: A QUESTION NO: 691 An instance where a biometric system identifies legitimate users as being unauthorized is called which of the following? A. False positive D." . False rejection D. False negative D. False positive C. False rejection "Pass Any Exam. True positive tua lTe An instance where a biometric system identifies users that are authorized and allows them access is called which of the following? sts . Any Time. False negative C.co m 200 . False acceptance Answer: C QUESTION NO: 692 Answer: D QUESTION NO: 693 An instance where an IDS identifies malicious activity as being legitimate activity is called which of the following? A. False positive B. False positive B.CompTIA SY0-201: Practice Exam A. True negative C. False negative D. True negative C. False acceptance B.www. False negative B.

The amount of data that will be stored B. B.actualtests. Any Time. financial obligations to stockholders. legal and financial responsibilities. C. false rejection. C.co m 201 . Answer: C QUESTION NO: 695 When executing a disaster recovery plan the MOST important thing to consider is: A. The cost to rebuild the existing facility C.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 694 An instance where a biometric system identifies unauthorized users and allows them access is called: A. false positivE." . false negativE. The distance and size of the facility Answer: D QUESTION NO: 697 Who should be notified FIRST before testing the disaster recovery plan? "Pass Any Exam. D.www. The amount of emergency rescue personnel D. D. false acceptancE. Answer: D QUESTION NO: 696 When choosing a disaster recovery site. which of the following is the MOST important consideration? A. data backups and recovery tapes. safety and welfare of personnel. B.com Ac tua lTe sts .

business impact assessment. B. Any Time." .www.actualtests. The physical security department C. disaster recovery plan. an administrator would assist in conducting a: A. Human resources Answer: A QUESTION NO: 698 Which of the following BEST describes the disaster recovery plan? A. continuity of operations plan. Senior management B. A plan that is put in place to recover the company assets in an emergency D.com 202 Ac tua lTe sts . risk management matrix. A plan that is mandated by law to ensure liability issues are addressed in a catastrophic eventWBerlin Sans Answer: A QUESTION NO: 699 Which of the following is the MOST important consideration when developing a disaster recovery plan? A. The planning team Answer: A QUESTION NO: 700 In order to provide management with a prioritized list of time critical business processes. D. The amount of personnel D. Management buy-in B.CompTIA SY0-201: Practice Exam A. A detailed process of recovering information or IT systems after a catastrophic event B. C. The cost of the project C.co m . An emergency plan that will allow the company to recover financially C. All employees and key staff D. "Pass Any Exam.

The attacker wants to prevent authorized users from using a certain servicE." . Implement a biometric system and WEP.com Ac QUESTION NO: 703 tua Answer: C lTe sts . The attacker is working with outside entities to test the companys coding practices. Answer: B QUESTION NO: 704 Which of the following is a way to gather reconnaissance information from a printer resource? "Pass Any Exam. B. Items which are not specifically given access are denied by default.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 701 Which of the following BEST allows a technician to mitigate the chances of a successful attack against the wireless network? A. The attacker is attempting to distract the company from the real underlining attack. An implicit deny statement denies all traffic from one network to another. Which of the following is the MOST likely reason that an attacker would use a DoS attack? A. Implement an authentication system and WPA. Any Time. Each item is denied by default because of the implicit deny. D. Which of the following is an example of an implicit deny? A. D.actualtests.www. Implement an identification system and WPA2 B. Implement an authentication system and WEP. C. B.co m 203 . An ACL is a way to secure traffic from one network to another. Answer: C QUESTION NO: 702 A technician is reviewing the system logs for a firewall and is told that there is an implicit deny within the ACL. C. The attacker is working with inside entities to test the companys firewall. C. D.

Which of the following should the technician review to discover the internal source of the worm? A.actualtests. Antivirus logs C. SMTP C. Performance logs D.www. HTTP B.CompTIA SY0-201: Practice Exam A. SNMP Answer: D QUESTION NO: 705 A technician gets informed that there is a worm loose on the network. USB key C. Access logs Answer: B QUESTION NO: 706 Answer: B QUESTION NO: 707 Which of the following would a Faraday cage prevent usage of? A.co m 204 . Any Time. Uninterruptible Power Supply (UPS) D. Asymmetric algorithm D.com Ac tua A." . Cell phone B. Public key infrastructure lTe Which of the following BEST allows for the encryption of an entire hard drive? sts . Symmetric algorithm C. Hashing function B. RADIUS D. Maintenance logs B. Storage drive Answer: A "Pass Any Exam.

VLAN B.www. USB key settings D.com 205 Ac tua QUESTION NO: 710 lTe Answer: C sts A." . Logic bomb C. Content filter C. BIOS boot options Answer: A QUESTION NO: 711 Which of the following ports need to be open to allow a user to login remotely onto a workstation? A. 636 "Pass Any Exam.actualtests. Any Time. Virus D. Botnet .co m Which of the following is a security threat to a workstation that requires interaction from a staff member? . NIDS Answer: B QUESTION NO: 709 Which of the following will prevent a person from booting into removal storage media if the correct boot sequence is already set? A. BIOS password settings B.CompTIA SY0-201: Practice Exam QUESTION NO: 708 Which of the following will allow a technician to block certain HTTP traffic from company staff members? A. Worm B. BIOS power on settings C. 53 B. DMZ D.

CompTIA SY0-201: Practice Exam C.actualtests. Vulnerability scanners B. could allow an attacker to access a users email information? A. 3389 D. Group policy C. 8080 Answer: C QUESTION NO: 712 Which of the following." . Cell traffic D. Antivirus software D. Network mappers D. Any Time.com Ac tua A. Enterprise software firewall C. Personal software firewall B. SMTP traffic QUESTION NO: 713 Answer: B QUESTION NO: 714 Which of the following is the MOST effective application to implement to identify malicious traffic on a server? A. Browser cookies B. Cross-site scripting C. if intercepted. HIDS software Answer: D "Pass Any Exam. Password crackers lTe sts Which of the following would allow a technician to minimize the risk associated with staff running port scanners on the network? .co m Answer: A 206 .www.

Antivirus software B.www. Patch management D. A service pack C.co m Which of the following is a way for a technician to identify security changes on a workstation? . Personal firewall C." . A patch B.CompTIA SY0-201: Practice Exam QUESTION NO: 715 Which of the following is the MOST appropriate type of software to apply on a workstation that needs to be protected from other locally accessible workstations? A. Security templates D. Configuration baseline Answer: A QUESTION NO: 718 Which of the following protects a home user from the Internet? A. Pop-up blocker software D.actualtests. Any Time. Configuration baseline . Group policy management B. Personal software firewall C. Antivirus application "Pass Any Exam. Anti-malware software D.com 207 Ac tua lTe sts A. HIDS B. Service pack application C. HIDS Answer: B QUESTION NO: 716 Answer: D QUESTION NO: 717 Which of the following is a way to correct a single security issue on a workstation? A.

co m 208 ." . Hardware locks and door access systems Answer: D QUESTION NO: 720 Which of the following is the primary purpose for a physical access log in a data center? A.com Ac QUESTION NO: 721 tua Answer: D lTe sts . Iris scanner B.www. Allow authorized personnel access to the data center. Fingerprint scanner C. ID badges and passwords C. Retina scanner D. Multifactor authentication D. Which of the following biometric authentication devices also carries significant privacy implications due to personal health information that can be discovered during the authentication process? A. Video surveillance and access logs B. Maintain a list of personnel who exit the facility. Facial recognition Answer: C QUESTION NO: 722 "Pass Any Exam. Any Time. D.actualtests. Prevent unauthorized personnel access to the data center. B. To prevent future thefts from occurring and to safeguard the companys trade secrets which of the following should be implemented? A. Maintain a list of personnel who enter the facility.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 719 Computer equipment has been stolen from a companys officE. C.

www. A user on a metropolitan area network (MAN) accesses a host by entering a username and password pair while not connected to the LAN. Pass phrases B. supplicant. Elliptic curve C. reader. C. Fingerprint scanner D. D. Username.com Ac tua Which of the following is an example of remote authentication? lTe sts . Six digit PINs Answer: C QUESTION NO: 723 A biometric authentication system consists of all of the following components EXCEPT: A. C. hardware token. A user in one building logs on to the network by entering a username and password into a host in the same building. If the existing authentication system uses strong passwords and PKI tokens which of the following would provide a third factor? A. A user on a campus area network (CAN) connects to a server in another building and enters a username and password pair. Answer: C QUESTION NO: 724 A. B. B.co m 209 . D. Any Time. A user in one city logs onto a network by connecting to a domain server in another city. token and iris scanner "Pass Any Exam.actualtests." .CompTIA SY0-201: Practice Exam An administrator has already implemented two-factor authentication and now wishes to install a third authentication factor. Answer: D QUESTION NO: 725 Which of the following is a three-factor authentication system? A. credential storE. password.

PIN and iris scanner C. To detect viruses D. To detect an inside threat Answer: D "Pass Any Exam. palm recognition scanner and passphrase D. To detect outside attackers B.www." . administrators should institute a mandatory rotation of duties policy due to which of the following? A. Backup operators C. Username. Administrators B. Continuity of operations in the event of a spam outbreak B. Domain users D. administrators should institute a mandatory rotation of duties policy due to which of the following? A. Continuity of operations in the event of a virus outbreak C. PIN. Continuity of operations in the event of absence or accident Answer: D QUESTION NO: 728 According to industry best practices. Password. passphrase. PIN and fingerprint reader Answer: A QUESTION NO: 726 Which of the following is an acceptable group in which to place end users? A. To detect malware C.com Ac tua lTe sts .co m 210 . Continuity of operations in the event of future growth of the network D.actualtests. Root Answer: C QUESTION NO: 727 According to industry best practices.CompTIA SY0-201: Practice Exam B. Any Time.

www.co m 211 . g.CompTIA SY0-201: Practice Exam QUESTION NO: 729 Which of the following is considered the strongest encryption by use of mathematical evaluation techniques? A. Any Time.actualtests. AES D. DES C. USB drive. 3DES Answer: C QUESTION NO: 730 Which of the following should be implemented when protecting personally identifiable information (PII) and sensitive information on IT equipment that can be easily stolen (E. Confidentiality C." . WPA with MAC filtering Answer: C QUESTION NO: 732 Which of the following can prevent malicious software applications from being introduced while browsing the Internet? "Pass Any Exam. laptops)? A. Whole disk encryption D. WPA2 with TKIP D. Dual-sided certificates Answer: C QUESTION NO: 731 A.com Ac Which of the following is the BEST wireless security practice that could be implemented to prevent unauthorized access? tua lTe sts . ROT13 B. Sensitive file encryption B. WPA2 with a strong pass-phrase B. Disabling of the SSID broadcast C.

Any Time. To decrease access to security resources E. Acceptable use policy B.actualtests. Pop-up blockers B. Least privilege tua lTe Network security administrators should implement which of the following to ensure system abuse by administrators does not go undetected in the logs? sts . To decrease false positives on the NIDS C. Anti-spyware scanners C. Strong authentication Answer: A QUESTION NO: 733 Which of the following are reasons to implement virtualization technology? (Select TWO). Implicit deny D.co m . Input validation D.E QUESTION NO: 734 Answer: B QUESTION NO: 735 After completing a risk assessment and penetration test against a network. A. To provide a secure virtual environment for testing Answer: A.www. Risk acceptance B. Separation of duties C.com 212 Ac A. Which of the following describes this type of action? A. To eliminate virtual redundancy D.CompTIA SY0-201: Practice Exam A. Risk mitigation D. Risk avoidance C. a security administrator recommends the network owner take actions to prevent future security incidents. To reduce recovery time in the event of application failure B. Risk transference "Pass Any Exam." .

Maintaining the CRL B. symmetric keys and ECC-based keys Answer: B QUESTION NO: 737 Answer: C QUESTION NO: 738 In PKI." . Which of the following would achieve this goal? m 213 .co An administrator wants to implement a procedure to control inbound and outbound traffic on a network segment. Public keys. Any Time. Private keys. HIDS C.com Ac tua lTe A.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 736 Public key infrastructure uses which of the following combinations of cryptographic items? A. One time keys. ACL D. public keys and ECC-based keys D. Proxy sts . which of the following entities is responsible for publishing the CRL? "Pass Any Exam. Maintaining all private keys D. public keys and asymmetric cryptography C.www.actualtests. the CA is responsible for which of the following? A. Private keys. Maintaining the cipher block chain C. WEP and symmetric cryptography B. Maintaining the browsers PKI store Answer: A QUESTION NO: 739 In PKI. NIDS B.

CompTIA SY0-201: Practice Exam A. Increased loss business data Answer: C "Pass Any Exam. ACL C. New vector to introduce VoIP to the network lTe Which of the following is a security risk associated with introducing cellular telephones with mobile OS installed on a closed network? sts QUESTION NO: 741 . CA B.com Ac tua A. Any Time. Introduction of material on to the network B. User Answer: A QUESTION NO: 740 Which of the following is a security risk associated with USB drives? A. War-driving DDoS attacks against the network D.actualtests. Small storage capacity and low visibility D.co m 214 ." . Removal of sensitive and PII data D. Easy to conceal and large storage capacity Answer: D Answer: A QUESTION NO: 742 The availability of portable external storage such as USB hard drives has increased which of the following threats to networks? A. Recovery agent D. Introduction of rogue wireless access points C. Large storage capacity and high visibility C. War-dialing DoS attacks against the network C. New vector to introduce viruses and malware to the network B. Easy to conceal and detect B.www.

com Ac QUESTION NO: 745 tua Answer: A lTe sts . Which of the following is used to encrypt email and create digital signatures? A.www. HTTPS C. USB external hub Answer: B QUESTION NO: 744 A user is receiving an error which they have not seen before when opening an application.CompTIA SY0-201: Practice Exam QUESTION NO: 743 An administrator finds a device attached between the USB port on a host and the attached USB keyboarD." . B. External USB drive B. In-line network analyzer D. LDAP B. The HIDS baseline has been updateD. Which of the following is MOST likely the cause of the problem? A. The administrator has also noticed large documents being transmitted from the host to a host on an external network. A patch was pushed out. D.actualtests. RSA Answer: C QUESTION NO: 746 Which of the following can be used to encrypt FTP or telnet credentials over the wire? "Pass Any Exam. C. S/MIME D. A signature update was completed on the NIPS. In-line keystroke logger C. The NIDS baseline has been updateD.co m 215 . The device is MOST likely which of the following? A. Any Time.

John the Ripper B. HTTPS C. Any Time. SSH B. Microsoft Baseline Security Analyzer D. John the Ripper B. Cain & Abel C.www.CompTIA SY0-201: Practice Exam A. AirSnort D. John the Ripper D. Cain & Abel C. AirSnort C. S/MIME Answer: A QUESTION NO: 747 Which of the following is a vulnerability assessment tool? A.actualtests. AirSnort Answer: C QUESTION NO: 749 Which of the following is a password cracking tool? A. Nessus Answer: D Which of the following is a vulnerability scanner? A. Nessus B.com Ac tua lTe sts QUESTION NO: 748 ." . Wireshark Answer: C "Pass Any Exam. SHTTP D.co m 216 .

VLAN B. John the Ripper B.co m . Cookies "Pass Any Exam. DNS zone transfers B.com 217 Ac A. SMTP open relay C. Mandatory vacations C. Firewall C." . Job rotation tua Changing roles every couple of months as a security mitigation technique is an example of which of the following? lTe sts . Any Time. Cain & Abel D. Least privilege D. WireShark C.www.actualtests.CompTIA SY0-201: Practice Exam QUESTION NO: 750 Which of the following is a protocol analyzer? A. Separation of duties B. Nessus Answer: B QUESTION NO: 751 Which of the following is a system setup to distract potential attackers? A. Honeypot D. DMZ Answer: C QUESTION NO: 752 Answer: D QUESTION NO: 753 Which of the following should be checked if an email server is forwarding emails for another domain? A.

NIPS Answer: A Which of the following has the ability to find a rootkit? A.CompTIA SY0-201: Practice Exam D. VLAN D.actualtests.www. Any Time. Malware scanner C. NIDS C. Adware scanner B." . Replacing a video card on a machine D.co QUESTION NO: 755 m 218 . Anti-spam scanner Answer: B QUESTION NO: 756 Which of the following will be prevented by setting a BIOS password? A. HIDS B. Email scanner D. ActiveX controls Answer: B QUESTION NO: 754 Which of the following will allow the running of a system integrity verifier on only a single host? A.com Ac tua lTe sts . Changing the system boot order C. Amachine becoming infected with a virus B. Amachine becoming infected with a botnet Answer: B QUESTION NO: 757 Which of the following is a security limitation of virtualization technology? "Pass Any Exam.

D. Backup generator B. Any Time. Patch management B. Uninterruptible Power Supply (UPS) Answer: D "Pass Any Exam. B. Proxy B. Patch management becomes more time consuming. it could potentially disrupt multiple servers. If an attack occurs. It increases false positives on the NIDS. NIDS C. A compromise of one instance will immediately compromise all instances. Redundant power supply D. Honeypot D. Local security policy Answer: A QUESTION NO: 760 Which of the following would be used to allow a server to shut itself down normally upon a loss of power? A.com Ac tua lTe sts QUESTION NO: 759 . Configuration baseline C.CompTIA SY0-201: Practice Exam A.co m 219 . Redundant ISP C. C.actualtests.www. Cookies D." . Router Answer: D Which of the following would be used to push out additional security hotfixes? A. Answer: D QUESTION NO: 758 Which of the following must be used to setup a DMZ? A.

Time of day restrictions C. To eliminate attack attempts of the network during peak hours D.www." . WPA Answer: C QUESTION NO: 764 When would it be appropriate to use time of day restrictions on an account? A. To ensure the DMZ is not overloaded during server maintenance C. WEP D.actualtests. As an added security measure if employees work set schedules "Pass Any Exam. Signature-based NIDS D. Password complexity requirements B. In order to ensure false positives are not received during baseline testing B. Changing default passwords D.com Ac tua lTe sts .CompTIA SY0-201: Practice Exam QUESTION NO: 761 Which of the following is the BEST security measure to use when implementing access control? A. Signature-based NIPS Answer: B QUESTION NO: 763 Which of the following is the strongest encryption form that can be used in all countries? A. Honeynet B. Any Time. Heuristic-based NIDS C. Disabling SSID broadcast Answer: A QUESTION NO: 762 Applying a service pack could affect the baseline of which of the following? A. WPA2 B.co m 220 . TKIP C.

Bluesnarfing . Pop-up blocker Answer: D QUESTION NO: 768 Which of the following is the MOST important when implementing heuristic-based NIPS? A.CompTIA SY0-201: Practice Exam Answer: D QUESTION NO: 765 Which of the following could be used to restore a private key in the event of a CA server crashing? A. Trust model verification B. CRL D. Perform comprehensive heuristic-based analysis on the system.actualtests. Any Time.co Which of the following is a possible security risk associated with USB devices? m 221 . HIDS C.www. Firewall B. Recovery agent Answer: D QUESTION NO: 766 Answer: D QUESTION NO: 767 Which of the following is MOST effective in preventing adware? A. Domain kiting B. Input validation D." . Cross-site scripting C. Key escrow C. "Pass Any Exam.com Ac tua lTe sts A. Antivirus D.

Local hosts file corruption D. Botnet attacks Answer: D "Pass Any Exam.CompTIA SY0-201: Practice Exam B.www. Enable automatic updates to the heuristic databasE. D. The brand of NIPS that is being useD. SQL injection C.com Ac tua lTe sts . Any Time.co m 222 . Virus infections B. Answer: C QUESTION NO: 769 Which of the following attacks enabling logging for DNS aids? A. C.actualtests. Ensure the network is secure when baseline is establisheD." .

Sign up to vote on this title
UsefulNot useful