You are on page 1of 222

CompTIA SY0-201

SY0-201 CompTIA Security+ (2008 Edition) Exam

Practice Test
Updated: Dec 2, 2009 Version 1.9

CompTIA SY0-201: Practice Exam QUESTION NO: 1 All of the following provide confidentiality protection as part of the underlying protocol EXCEPT: A. SSL. B. SSH. C. L2TP. D. IPSeC. Answer: C

QUESTION NO: 2 Which of the following allows an attacker to manipulate files by using the least significant bit(s) to secretly embed data? A. Steganography B. Worm C. Trojan horse D. Virus Answer: A

A. Teardrop B. TCP/IP hijacking C. Phishing D. Replay Answer: B

QUESTION NO: 4 How should a company test the integrity of its backup data? A. By conducting another backup B. By using software to recover deleted files C. By restoring part of the backup "Slay Your Exams" - www.certkiller.com 2

Ce

Which of the following type of attacks would allow an attacker to capture HTTP requests and send back a spoofed page?

rtK

QUESTION NO: 3

ille

r.c

om

CompTIA SY0-201: Practice Exam D. By reviewing the written procedures Answer: C

QUESTION NO: 5 Which of following can BEST be used to determine the topology of a network and discover unknown devices? A. Vulnerability scanner B. NIPS C. Protocol analyzer D. Network mapper Answer: D

QUESTION NO: 6

When should a technician perform penetration testing?

Answer: C

QUESTION NO: 7

An administrator has implemented a new SMTP service on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the servers public IP address is now reported in a spam real-time block list.Which of the following is wrong with the server? A. SMTP open relaying is enableD. B. It does not have a spam filter. C. The amount of sessions needs to be limiteD. D. The public IP address is incorrect. Answer: A

Ce
"Slay Your Exams" - www.certkiller.com

rtK

A. When the technician suspects that weak passwords exist on the network B. When the technician is trying to guess passwords on a network C. When the technician has permission from the owner of the network D. When the technician is war driving and trying to gain access

ille

r.c

om

3

CompTIA SY0-201: Practice Exam QUESTION NO: 8 Which of the following is MOST efficient for encrypting large amounts of data? A. Hashing algorithms B. Symmetric key algorithms C. Asymmetric key algorithms D. ECC algorithms Answer: B

QUESTION NO: 9 Which of the following is a reason why a company should disable the SSID broadcast of the wireless access points? A. Rogue access points B. War driving C. Weak encryption D. Session hijacking Answer: B

QUESTION NO: 10

A. Discovering the IP address of a device from the MAC address B. Discovering the IP address of a device from the DNS name C. Discovering the MAC address of a device from the IP address D. Discovering the DNS name of a device from the IP address Answer: C

QUESTION NO: 11 Which of the following would be BEST to use to apply corporate security settings to a device? A. A security patch B. A security hotfix C. An OS service pack "Slay Your Exams" - www.certkiller.com 4

Ce

Which of the following BEST describes ARP?

rtK

ille

r.c

om

The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protecteD. Hide information D. AES C.c om .700 D. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5.000 per year.www. $2. $5. Message digest B. A security template Answer: D QUESTION NO: 12 A small call center business decided to install an email system to facilitate communications in the office. If workstations are compromised it will take three hours to restore services for the 30 staff.CompTIA SY0-201: Practice Exam D. Staff members in the call center are paid $90 per hour.000b Answer: B QUESTION NO: 13 Which of the following is the main objective of steganography? A.com 5 Ce rtK ille r. $900 B. Encrypt information C. which of the following is the expected net savings? A. Data integrity Answer: C QUESTION NO: 14 Which of the following would allow for secure key exchange over an unsecured network without a pre-shared key? A. $2. 3DES B. DH-ECC "Slay Your Exams" .290 C. If the anti-malware software is purchased.certkiller.

c A user wants to implement secure LDAP on the network. 53 B. SSID spoofing D. MAC filtering C. 636 ille r. MD5 Answer: C QUESTION NO: 15 Which of the following improves security in a wireless system? A. Which of the following port numbers secure LDAP use by default? om 6 . 443 D. 389 C.CompTIA SY0-201: Practice Exam D. Application logs C. IP spoofing B. DHCP logs Answer: B QUESTION NO: 18 Ce "Slay Your Exams" .com rtK A.certkiller. Firewall logs D. Closed network Answer: B QUESTION NO: 16 Answer: D QUESTION NO: 17 On which of the following is a security technician MOST likely to find usernames? A.www. DNS logs B.

Privilege escalation C. Single point of failure Answer: D QUESTION NO: 20 A. Five D. Firewall C.c om 7 . It is recommended to cross train other system administrators to perform these tasks and mitigate which of the following risks? A. Two C. Seven Answer: B QUESTION NO: 19 During a risk assessment it is discovered that only one system administrator is assigned several tasks critical to continuity of operations.CompTIA SY0-201: Practice Exam How many keys are utilized with asymmetric cryptography? A. Honeynet Answer: C QUESTION NO: 21 Which of the following is a single server that is setup in the DMZ or outer perimeter in order to distract attackers? Ce Which of the following network filtering devices will rely on signature updates to be effective? "Slay Your Exams" . Disclosure of PII D. Proxy server B. DDoS B.www.certkiller. One B.com rtK ille r. NIDS D.

Content filter C. 3DES D. Hotfix management D.com A. Patch application C. DMZ C. RSA B. Honeynet B. Antivirus B. Which of the following devices provides protection for the DMZ from attacks launched from the Internet? r.certkiller. Change management Answer: D Ce "Slay Your Exams" . AES C.www. L2TP Answer: B QUESTION NO: 23 Answer: C QUESTION NO: 24 Which of the following is a way to manage operating system updates? A. Honeypot D. Proxy server rtK ille An administrator is trying to secure a network from threats originating outside the network.CompTIA SY0-201: Practice Exam A. VLAN Answer: C QUESTION NO: 22 Which of the following encryption algorithms is decrypted in the LEAST amount of time? A. Firewall D. Service pack management B.c om 8 .

Before implementing the new routine on the production application server. Increase the input length C.certkiller.CompTIA SY0-201: Practice Exam QUESTION NO: 25 Which of the following is a list of discrete entries that are known to be benign? A. Secure disposal C. which of following should be completed FIRST? A. which of the following processes should be followed? rtK ille r. "Slay Your Exams" .www. Whitelist B. ACL Answer: A QUESTION NO: 26 Which of the following increases the collision resistance of a hash? A. Rainbow Table D. Salt B. Run the latest spywarE. B.com 9 Ce A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application. Blacklist D. Password complexity D.c om . Larger key space Answer: A QUESTION NO: 27 A. Signature C. Change management B. Chain of custody Answer: A QUESTION NO: 28 When deploying 50 new workstations on the network. Install a word processor.

certkiller. D. B.c om . DNS poisoning rtK ille End users are complaining about receiving a lot of email from online vendors and pharmacies. Everyone has access to the private key on the CA.Which of the following is this an example of? r. Trojan B. Only the CA has access to the private key. The key owner has exclusive access to the private key. Spam C. D. C. The key owner and a recipient of an encrypted email have exclusive access to the private key. Answer: C QUESTION NO: 29 Which of the following should be implemented to have all workstations and servers isolated in their own broadcast domains? A. WBerlin Sans "Slay Your Exams" .CompTIA SY0-201: Practice Exam C.com 10 Ce A. Phishing D. Apply the baseline configuration. Access lists D. Intranet Answer: A QUESTION NO: 30 Answer: B QUESTION NO: 31 Which of the following BEST describes a private key in regards to asymmetric encryption? A.www. NAT C. Run OS updates. VLANs B.

certkiller. Antivirus logs Answer: B Which of the following is commonly used in a distributed denial of service (DDOS) attack? A.c om QUESTION NO: 33 11 .CompTIA SY0-201: Practice Exam Answer: A QUESTION NO: 32 Which of the following logs might reveal the IP address and MAC address of a rogue device within the local network? A.www. DHCP logs C. Phishing B. Antivirus selection Answer: B QUESTION NO: 35 Which of the following is a best practice for coding applications in a secure manner? Ce "Slay Your Exams" . Security logs B. Trojan Answer: C QUESTION NO: 34 Which of the following practices is MOST relevant to protecting against operating system security flaws? A. Network intrusion detection B. DNS logs D. Botnet D. Adware C. Firewall configuration D. Patch management C.com rtK ille r.

Cross-site scripting Answer: A QUESTION NO: 36 Which of the following technologies can be used as a means to isolate a host OS from some types of security threats? A. Proxy server B. Cloning Answer: B QUESTION NO: 37 Which of the following network tools would provide the information on what an attacker is doing to compromise a system? A. Trojan D. Honeypot C. Firewall Answer: B QUESTION NO: 38 Assigning proper security permissions to files and folders is the primary method of mitigating which of the following? A. Policy subversion C.com rtK ille r. Hijacking B.certkiller.c om 12 . Intrusion detection B. Internet content filters D. Virtualization C. DoS Ce "Slay Your Exams" .www.CompTIA SY0-201: Practice Exam A. Input validation B. Object oriented coding C. Kiting D. Rapid Application Development (RAD) D.

Intrusion detection logs B. C.www. DNS logs "Slay Your Exams" . A port monitor utility shows that there are many connections to port 80 on the Internet facing web server. A performance monitor indicates a recent and ongoing drop in speed. disk space or memory utilization from the baselinE.c om QUESTION NO: 40 .certkiller. B. Firewall logs C. Time of day restrictions D. The file server does not have logging enableD.com 13 Ce rtK ille r. Logical tokens Answer: B Which of the following may be an indication of a possible system compromise? A. ACL B. Antivirus logs D. The certificate for one of the web servers has expired and transactions on that server begins to drop rapidly. Answer: B QUESTION NO: 41 An administrator suspects that files are being copied to a remote location during off hours. A protocol analyzer records a high number of UDP packets to a streaming media server on the Internet. D. Account expiration C.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 39 Which of the following logical access controls would be MOST appropriate to use when creating an account for a temporary worker? A. Which of the following logs would be the BEST place to look for information? A.

Role-Based Access Control (RBAC) B. Separation of duties Answer: A QUESTION NO: 45 Ce "Slay Your Exams" . Discretionary Access Control (DAC) Answer: D Answer: D QUESTION NO: 44 Which of the following access control methods includes switching work assignments at preset intervals? A.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 42 Which of the following access control methods gives the owner control over providing permissions? A.com rtK ille A. Job rotation B. Role-Based Access Control (RBAC) r. Mandatory Access Control (MAC) B. Rule-Based Access control (RBAC) C.c Which of the following access control methods grants permissions based on the users position in the company? om QUESTION NO: 43 14 . Mandatory vacations C.certkiller. Least privilege D. Mandatory Access Control (MAC) D. Discretionary Access Control (DAC) D.www. Rule-Based Access control (RBAC) C.

Port scanner D. Availability B. Confidentiality rtK Which of the following ensures a user cannot deny having sent a message? ille r.c om . Man-in-the-middle attack Answer: C QUESTION NO: 47 Answer: C QUESTION NO: 48 Which of the following allows an attacker to embed a rootkit into a picture? A. Virus Answer: C "Slay Your Exams" . Integrity C. Steganography D. RADIUS B. Worm C.certkiller. Password cracker C. Non-repudiation D.www. Kerberos Answer: D QUESTION NO: 46 Which of the following would an attacker use to footprint a system? A.CompTIA SY0-201: Practice Exam Which of the following authentication methods would MOST likely prevent an attacker from being able to successfully deploy a replay attack? A. RADIUS D. RAS C. Trojan horse B.com 15 Ce A. TACACS B.

Recovery agent D.com rtK ille r. S/MIME B. Logic bomb Ce Which of the following risks would be reduced by implementing screen filters? "Slay Your Exams" . SMTP C.www.c A.CompTIA SY0-201: Practice Exam QUESTION NO: 49 Which of the following is a publication of inactivated user certificates? A. Shoulder surfing Answer: D QUESTION NO: 52 Which of the following allows an attacker to hide the presence of malicious code by altering the systems process and registry entries? A. Man-in-the-middle attacks D. Certificate revocation list B. L2TP D. Replay attacks B. Certificate suspension C. Certificate authority Answer: A QUESTION NO: 50 Answer: A QUESTION NO: 51 A.certkiller. VPN om Which of the following is a method of encrypting email? 16 . Phishing C.

www.com rtK A. Which of the following would allow the administrator to do this? A. DMZ B.CompTIA SY0-201: Practice Exam B. VLAN C. NAT ille An administrator wants to setup their network with only one public IP address. Worm C. Rootkit Answer: D QUESTION NO: 53 Which of the following will propagate itself without any user interaction? A. Virus Answer: A Answer: D QUESTION NO: 55 An administrator wants to proactively collect information on attackers and their attempted methods of gaining access to the internal network. NIDS D.certkiller. Which of the following would allow for this? r. Trojan D. DMZ D. Honeypot C. Worm B. NIPS B.c QUESTION NO: 54 om 17 . NIDS Answer: B Ce "Slay Your Exams" . Trojan D. Rootkit C.

NIDS Answer: A QUESTION NO: 58 Which of the following is the LEAST intrusive way of checking the environment for known software flaws? A. Service pack Answer: B QUESTION NO: 57 A technician wants to regulate and deny traffic to websites that contain information on hacking.c om 18 .com rtK ille r. Protocol analyzer B. Port scanner D. Patch B. Penetration test Answer: B QUESTION NO: 59 If a certificate has been compromised. Vulnerability scanner C. Security roll-up D.Which of the following would be the BEST solution to deploy? A. Hotfix C. Internet content filter B. which of the following should be done? Ce "Slay Your Exams" . Protocol analyzer D.certkiller. Proxy C.www.CompTIA SY0-201: Practice Exam QUESTION NO: 56 Which of the following allows a technician to correct a specific issue with a solution that has not been fully tested? A.

CompTIA SY0-201: Practice Exam A. Run the recovery agent. B. Put the certificate on the CRL. C. Put the certificate in key escrow. D. Suspend the certificate for further investigation. Answer: B

QUESTION NO: 60 Which of the following requires an update to the baseline after installing new software on a machine? A. Signature-based NIPS B. Signature-based NIDS C. Honeypot D. Behavior-based HIDS Answer: D

QUESTION NO: 61

Which of the following would be the MOST secure choice to implement for authenticating remote connections? A. LDAP B. 8021x C. RAS D. RADIUS Answer: D

QUESTION NO: 62 Which of the following is the BEST way to reduce the number of accounts a user must maintain? A. Kerberos B. CHAP C. SSO D. MD5 Answer: C

Ce
"Slay Your Exams" - www.certkiller.com

rtK

ille

r.c

om

19

CompTIA SY0-201: Practice Exam

QUESTION NO: 63 Which of the following can be used as a means for dual-factor authentication? A. RAS and username/password B. RADIUS and L2TP C. LDAP and WPA D. Iris scan and proximity card Answer: D

QUESTION NO: 64

Answer: C

QUESTION NO: 65

Which of the following type of attacks requires an attacker to sniff the network? A. Man-in-the-Middle B. DDoS attack C. MAC flooding D. DNS poisoning Answer: A

QUESTION NO: 66 If a user attempts to go to a website and notices the URL has changed, which of the following attacks is MOST likely the cause?

Ce

"Slay Your Exams" - www.certkiller.com

rtK

ille

A. Performance B. System C. Security D. Application

r.c

om

After implementing file auditing, which of the following logs would show unauthorized usage attempts?

20

CompTIA SY0-201: Practice Exam A. DLL injection B. DDoS attack C. DNS poisoning D. ARP poisoning Answer: C

QUESTION NO: 67 Which of the following attacks can be caused by a user being unaware of their physical surroundings? A. ARP poisoning B. Phishing C. Shoulder surfing D. Man-in-the-middle Answer: C

QUESTION NO: 68

Which of the following actions should be performed upon discovering an unauthorized wireless access point attached to a network? A. Unplug the Ethernet cable from the wireless access point. B. Enable MAC filtering on the wireless access point. C. Change the SSID on the wireless access point. D. Run a ping against the wireless access point. Answer: A

QUESTION NO: 69 Which of the following redundancy solutions contains hardware systems similar to the affected organization, but does not provide live data? A. Hot site B. Uninterruptible Power Supply (UPS) C. Warm site D. Cold site

Ce

"Slay Your Exams" - www.certkiller.com

rtK

ille

r.c

om

21

CompTIA SY0-201: Practice Exam Answer: C

QUESTION NO: 70 During the implementation of LDAP, which of the following will typically be changed within the organizations software programs? A. IP addresses B. Authentication credentials C. Non-repudiation policy D. Network protocol Answer: B

Answer: C

QUESTION NO: 72

Which of the following security policies is BEST to use when trying to mitigate the risks involved with allowing a user to access company email via their cell phone? A. The cell phone should require a password after a set period of inactivity. B. The cell phone should only be used for company related emails. C. The cell phone data should be encrypted according to NIST standards. D. The cell phone should have data connection abilities disableD. Answer: A

QUESTION NO: 73

Ce

"Slay Your Exams" - www.certkiller.com

rtK

ille

A. HIDS log B. Security log C. Firewall log D. System log

r.c

Which of the following would be MOST useful to determine why packets from a computer outside the network are being dropped on the way to a computer inside the network?

om

QUESTION NO: 71

22

In addition to encrypting the body of the email. MD5 B. Private Ce "Slay Your Exams" .www.CompTIA SY0-201: Practice Exam An administrator has been asked to encrypt credit card datA. Which of the following asymmetric keys should the executive use to encrypt the signature? A. Which of the following algorithms would be the MOST secure with the least CPU utilization? A. 3DES B. TKIP C. the executive wishes to encrypt the signature so that the assistant can verify that the email actually came from the executive. MD5 Answer: B QUESTION NO: 74 Which of the following algorithms is the LEAST secure? A. NTLM B. SHA-1 Answer: C QUESTION NO: 75 Answer: C QUESTION NO: 76 An executive uses PKI to encrypt sensitive emails sent to an assistant.c om 23 .certkiller. PGP D. LANMAN D. AES C.com A. SHA-1 D. MD5 C. SHA-1 rtK Which of the following algorithms is MOST closely associated with the signing of email messages? ille r. Public B.

Hash Answer: B QUESTION NO: 77 A technician needs to detect staff members that are connecting to an unauthorized website. Separation of duties C. Shared D. Host routing table D. Access enforcement B. Protocol analyzer B.c QUESTION NO: 78 om 24 . Antivirus B.certkiller. Spyware D. Which of the following could be used? A. Port scan rtK ille An administrator suspects that multiple PCs are infected with a zombie. Account management Ce "Slay Your Exams" .com A. HIDS Answer: A Answer: A QUESTION NO: 79 Which of the following is an example of security personnel that administer access control functions. Which of the following tools could be used to confirm this? r.CompTIA SY0-201: Practice Exam C. Recovery agent C. Bluesnarfing C.www. but do not administer audit functions? A. Least privilege D.

which of the following types of fire suppression substances would BEST prevent damage to electronic equipment? om QUESTION NO: 81 25 . Deleting Answer: C QUESTION NO: 83 Ce "Slay Your Exams" . CO2 C. hard drive) for future use? A.www. Water r. Removal B. g. Recovery D. Reformatting B. Containment C.com rtK ille A. Monitor Answer: B Answer: B QUESTION NO: 82 Which of the following describes the process of securely removing information from media (E.c Taking into account personal safety. Sanitization D. Destruction C. Halon D.certkiller. Foam B. Which of the following should be the administrators FIRST response? A.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 80 A malware incident has just been detected within a company.

Two-factor authentication B. Least privilege C. User A was trying to update a file but when the user tried to access the file the user was denieD. Single sign-on C.com rtK ille r. Most privilege B. Which of the following would explain why User A could not access the file? "Slay Your Exams" . Least privilege D. Rootkit Ce User A is a member of the payroll security group. Rule based D. Read only access Answer: B QUESTION NO: 86 Which of the following threats is the MOST difficult to detect and hides itself from the operating system? A. Each member of the group should have read/write permissions to a sharE. Rights are not set correctly C.www.certkiller.c om 26 . Role based Answer: B QUESTION NO: 84 Which of the following type of strategies can be applied to allow a user to enter their username and password once in order to authenticate to multiple systems and applications? A. Biometrics Answer: B QUESTION NO: 85 A.CompTIA SY0-201: Practice Exam Which of the following principles should be applied when assigning permissions? A. Smart card D. Privilege escalation B.

Spyware D. Spoofing Answer: C Ce "Slay Your Exams" . Privilege escalation Answer: A QUESTION NO: 89 Which of the following can an attacker use to gather information on a system without having a user ID or password? A. NAT B. Adware C. Logic bomb B. Rootkit D.www. DNS poisoning C. Privilege escalation B.certkiller. Adware D. Botnet C.CompTIA SY0-201: Practice Exam B.c QUESTION NO: 88 om 27 .com rtK ille r. Spam C. Null session D. Spyware Answer: B Which of the following is an attack that is triggered by a specific event or by a date? A. Spam Answer: A QUESTION NO: 87 Which of the following methods is used to perform denial of service (DoS) attacks? A.

The technician should be concerned with all of the following wireless vulnerabilities EXCEPT: A. Attacker privilege escalation B. Use of default passwords Answer: D A.com 28 Ce Which of the following is an exploit against a device where only the hardware model and manufacturer are known? rtK QUESTION NO: 92 ille r.certkiller. rogue access points. NAT Answer: C QUESTION NO: 91 Which of the following is a security threat when a new network device is configured for first-time installation? A. "Slay Your Exams" . Spanning port B. Installation of a back door C.CompTIA SY0-201: Practice Exam QUESTION NO: 90 Which of the following is a way to logically separate a network through a switch? A. Subnetting C. Privilege escalation D.c om . VLAN D.www. Default passwords Answer: D QUESTION NO: 93 A technician is implementing a new wireless network for an organization. Denial of service (DoS) C. Denial of Service (DoS) D. Replay attack B.

Recovery agent B. Key escrow D. Network scanner Answer: D Answer: A QUESTION NO: 96 After issuance a technician becomes aware that some keys were issued to individuals who are not authorized to use them. Which of the following should the technician use to correct this problem? A. Device manufacturer documentation D. Answer: B QUESTION NO: 94 Which of the following tools will allow the technician to find all open ports on the network? A.com A. 80211 modE. Protocol analyzer C.www. Public key recovery Answer: B Ce "Slay Your Exams" . Performance monitor B. Performance baseline C. C. In which of the following is the availability requirements identified? r. Router ACL D.c QUESTION NO: 95 om 29 .certkiller. Certificate revocation list C. D. Security template rtK ille An organization is installing new servers into their infrastructurE. SSID broadcasts. A technician is responsible for making sure that all new servers meet security requirements for uptimE. Service level agreement B.CompTIA SY0-201: Practice Exam B. weak encryption.

r.com rtK Answer: D ille A. verify system access. User access and rights B. B. Answer: C QUESTION NO: 98 QUESTION NO: 99 Which of the following should a technician review when a user is moved from one department to another? A.c om Which of the following properly describes penetration testing? 30 . Penetration tests are generally used to scan the network and identify open ports. Penetration tests are generally used to demonstrate a weakness in a system and then provide documentation on the weakness. C. Penetration tests are generally used to map the network and grab banners. Users group policy D. Penetration tests are generally used to exploit a weakness without permission and show how an attacker might compromise a system. facilitate penetration testing. D. B. D. gain system access. sniff network passwords.www.certkiller. Data storage and retention policies C. C.CompTIA SY0-201: Practice Exam QUESTION NO: 97 Password crackers are generally used by malicious attackers to: A. Acceptable usage policy Answer: A QUESTION NO: 100 Which of the following is a reason to implement security logging on a DNS server? Ce "Slay Your Exams" .

Enforce Kerberos B.com rtK ille r. Which of the following is a concern when implementing virtualization technology? A. To monitor unauthorized zone transfers B. C. Time of day restrictions D.www. To control unauthorized DNS DoS Answer: A QUESTION NO: 101 A technician is rebuilding the infrastructure for an organization. B. Deploy smart cards C. The technician should verify that the virtual servers and the host have the latest service packs and patches applieD. To perform penetration testing on the DNS server D. To measure the DNS server performance C.CompTIA SY0-201: Practice Exam A.c om 31 . The technician should verify that the virtual servers are dual homed so that traffic is securely separateD.certkiller. The technician should perform penetration testing on all the virtual servers to monitor performancE. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. D. The technician has been tasked with making sure that the virtualization technology is implemented securely. Access control lists Answer: C QUESTION NO: 103 Ce QUESTION NO: 102 "Slay Your Exams" . Which of the following should the technician implement to meet managements request? A. Answer: B A technician is reviewing the logical access control method an organization uses. The technician should subnet the network so each virtual server is on a different network segment.

Asymmetric D. Ce Which of the following encryption schemes is the public key infrastructure based on? "Slay Your Exams" .c A. Download the patch from the vendors secure website and install it on the most vulnerable workstation. Quantum B. AES B. C. Download the patch from the Internet.com rtK ille r.WBerlin Sans Answer: B QUESTION NO: 104 Answer: B QUESTION NO: 105 A. B. Elliptical curve C.certkiller. Download the patch from the vendors secure website and install it as needeD. Download the patch from the vendors secure website. SHA D.www. Driving from point to point with a laptop and an antenna to find unsecured wireless access points. RSA om Which of the following is considered the weakest encryption? 32 . DES C. test the patch and install it on all of the production servers.CompTIA SY0-201: Practice Exam How would a technician implement a security patch in an enterprise environment? A. test the patch and install it on all workstations. D. Symmetric Answer: C QUESTION NO: 106 Which of the following BEST describes the term war driving? A.

To changea users passwords when they leave the company C. Blocks everything and only allows privileges based on job description B. Driving from point to point with a wireless network card and hacking into unsecured wireless access points. Answer: A QUESTION NO: 107 Which of the following statements BEST describes the implicit deny concept? A. Blocks everything and only allows the minimal required privileges D. At least once a week as part of system maintenance B.com rtK ille r. Blocks everything and allows the maximum level of permissions Answer: B QUESTION NO: 108 When is the BEST time to update antivirus definitions? A. Driving from point to point with a wireless scanner to use unsecured access points. As the definitions become available from the vendor C.c om 33 . D. To look for weak passwords on the network B. C.CompTIA SY0-201: Practice Exam B. When an attack occurs on the network Answer: B QUESTION NO: 109 Why would a technician use a password cracker? A. To change users passwords if they have forgotten them Answer: A Ce "Slay Your Exams" . To enforce password complexity requirements D. Driving from point to point with a wireless scanner to read other users emails through the access point.certkiller. When a new virus is discovered on the system D. Blocks everything and only allows explicitly granted permissions C.www.

Install HIDS to determine the CPU usage. Use a protocol analyzer to find the cause of the traffic. Install an ACL on the firewall to block traffic from the sender and filter the IP address. Configure a rule in eachusers router and restart the router. Which of the following steps should be taken to stop this from occurring? A. C. Run performance monitor to evaluate the CPU usage. A NIDS prevents certain types of traffic from entering a network. Answer: B QUESTION NO: 113 Which of the following are characteristics of a hash function? (Select TWO). D. D. C. Configure rules on the users host and restart the host.www. B. A NIDS is normally installed on the email server. A NIDS monitors and analyzes network traffic for possible intrusions. Install an anti-spam filter on the domain mail servers and filter the email address.CompTIA SY0-201: Practice Exam QUESTION NO: 110 Users on a network report that they are receiving unsolicited emails from an email address that does not change. Ce "Slay Your Exams" . Answer: A QUESTION NO: 112 A technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which of the following will help determine the amount of CPU cycles that are being consumed? A.certkiller. A NIDS is installed on the proxy server. D. B. Install malware scanning software. B.c om 34 .com rtK ille r. C. Answer: C QUESTION NO: 111 Which of the following is a true statement with regards to a NIDS? A.

HTTP Answer: A QUESTION NO: 115 Which of the following might an attacker resort to in order to recover discarded company documents? A. DMZ C. SSH B. Encrypts a connection C.www. Ensures data can be easily decrypted D. Fixed length output E.certkiller. One-way B. rlogin D. Telnet C. Dumpster diving D.CompTIA SY0-201: Practice Exam A.D QUESTION NO: 114 Which of the following is the MOST secure alternative for administrative access to a router? A.c om 35 . Phishing B. Requires a key Answer: A. Shoulder surfing Answer: C QUESTION NO: 116 Which of the following creates a security buffer zone between two rooms? A. Turnstile D. Anti-pass back Answer: A Ce "Slay Your Exams" . Insider theft C. Mantrap B.com rtK ille r.

Imaging software C. Port scanner B.www. Ticket Granting System B. Password cracker Answer: B QUESTION NO: 118 Answer: D QUESTION NO: 119 A.CompTIA SY0-201: Practice Exam QUESTION NO: 117 Which of the following tools would be used to review network traffic for clear text passwords? A. Protocol analyzer C. Firewall D. Which of the following would invalidate an SQL injection attack launched from the lookup field at the web server level? Ce Which of the following specifies a set of consistent requirements for a workstation or server? "Slay Your Exams" . Patch management D. Certificate Authority C. Internet Key Exchange D.certkiller. Vulnerability assessment B. Key Distribution Center om Kerberos uses which of the following trusted entities to issue tickets? 36 . Configuration baseline Answer: D QUESTION NO: 120 A companys website allows customers to search for a product and display the current price and quantity available of each product from the production databasE.com rtK ille r.c A.

TCP/IP Hijacking D. Buffer overflow protection C. VCPU C. NIPS D. DoS C.www.CompTIA SY0-201: Practice Exam A. Hypervisor D. Input validation Answer: D QUESTION NO: 121 Which of the following virtual machine components monitors and manages the various virtual instances? A. Man-in-the-middle Answer: B QUESTION NO: 123 Which of the following is the BEST tool for allowing users to go to approved business-related websites only? A.certkiller. Virtual supervisor Answer: C QUESTION NO: 122 A smurf attack is an example of which of the following threats? A. Firewall C. Caching server Answer: A Ce "Slay Your Exams" . Security template B. ACL D. VMOS B.c om 37 . Internet content filter B.com rtK ille r. ARP Poisoning B.

Disable USB within the workstations BIOS. D. The unauthorized user can use the administrators password to access sensitive information pertaining to client datA. Provides a read-only area for executing code D. A. Answer: A. Run spyware detection against all workstations. Install anti-virus software on the USB drives. C. Provides a restricted environment for executing code Answer: D QUESTION NO: 125 QUESTION NO: 126 Users are utilizing thumb drives to connect to USB ports on company workstations. Network address translation r. Privilege escalation D. A technician is concerned that sensitive files can be copied to the USB drives. E. Session hijacking B. Disable the USB root hub within the OS. Provides additional resources for testing B.CompTIA SY0-201: Practice Exam QUESTION NO: 124 Which of the following is a security trait of a virtual machine? A.com 38 Ce rtK Answer: C ille A.www.C QUESTION NO: 127 "Slay Your Exams" .c om An unauthorized user intercepted a users password and used this information to obtain the companys administrator password.Which of the following mitigation techniques would address this concern? (Select TWO). B. Apply the concept of least privilege to USB devices. Provides real-time access to all system processes C. Least privilege C. Which of the following is this an example of? .certkiller.

Utilize SSL on the website B.CompTIA SY0-201: Practice Exam An administrator has developed an OS install that will implement the tightest security controls possible. The technician notices that when certain characters are input into the application it will crash the server.certkiller. Answer: D QUESTION NO: 129 A technician is testing the security of a new database application with a website front-end. In order to quickly replicate these controls on all systems. C. SPIM. The email account is new.www.com 39 Ce rtK ille r. Implement an ACL C. Take screen shots of the configuration options. Create a boot disk for the operating system. B. Create an image from the OS install.c om . Which of the following does the technician need to do? A. Answer: B QUESTION NO: 128 After registering an email address on a website. which of the following should be established? A. Lock-down the database D. a user starts receiving messages from unknown sources. D. Implement OS hardening procedures. and therefore the user is concerneD. B. Input validation Answer: D QUESTION NO: 130 An administrator in a small office environment has implemented an IDS on the network perimeter to detect malicious traffic patterns. S/MIME. D. C. This type of message traffic is referred to as: A. The administrator still has a concern about traffic inside the "Slay Your Exams" . spam. instant message traffiC.

IPv6 B.xyz.c om .Which of the following should be implemented on the network to isolate these public hosts from the rest of the network? rtK ille r. VLAN Answer: C QUESTION NO: 133 A user has decided that they do not want an internal LAN segment to use public IP addresses. Which of the following could be implemented? A. com. DMZ D. Which of the following does the user want to implement? "Slay Your Exams" .com 40 Ce A company wants to host public servers on a new network. An access list Answer: A QUESTION NO: 131 A user is redirected to a different website when the user requests the DNS record www. These servers will include a website and mail server. The user wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the Internet. Smurf attack Answer: A QUESTION NO: 132 A. A network router D. A VLAN C. IPSec C.certkiller. HIDS B.comptiA. Which of the following is this an example of? A. DNS caching D.CompTIA SY0-201: Practice Exam network originating between client workstations.www. DoS C. DNS poisoning B.

c om 41 . Carbon Dioxide B. Provide cryptography for the network D. Work as a network proxy Answer: B QUESTION NO: 136 An administrator wants to ensure that that no equipment is damaged when there is a fire or false alarm in the server room. Translate addresses at the perimeter B.www. Which of the following devices could the administrator use to BEST utilize stateful packet inspection? A.certkiller. Wet pipe sprinkler D. Deluge sprinkler Ce "Slay Your Exams" . Which of the following type of fire suppression systems should be used? A. IDS C. IPSec B. Firewall Answer: D QUESTION NO: 135 Which of the following is the primary purpose of a honeypot? A. SSH D. Switch D. Hub B. To provide a decoy target on the network C.CompTIA SY0-201: Practice Exam A. NAT C. Hydrogen Peroxide C.com rtK ille r. SFTP Answer: B QUESTION NO: 134 An administrator has been studying stateful packet inspection and wants to implement this security technique on the network.

Which of the following should be implemented on the network? A. Kerberos authentication D. SMTP B.com 42 Ce rtK ille r. Public Key Infrastructure (PKI) B. SSH Answer: D QUESTION NO: 140 A user is attempting to receive digitally signed and encrypted email messages from a remote office. SNMP C. Issue private/public keys Answer: D QUESTION NO: 139 An administrator wants to replace telnet with a more secure protocol to manage a network device.CompTIA SY0-201: Practice Exam Answer: A QUESTION NO: 137 Which of the following is a CRL composed of? A.www. LANMAN validation B. Expired user accounts Answer: B QUESTION NO: 138 Which of the following is the primary purpose of a CA? A. Encrypt data C.c om . Certificate authorities D. Which of the following protocols does the system need to support? "Slay Your Exams" . Expired or revoked certificates C.certkiller. SFTP D.

A pre-shared key C. TPM B. Which of the following should be implemented? ille r. Confidentiality Ce "Slay Your Exams" . Performance B.www. Blowfish D. SHA-1 C. SNMP D.com A. Which of the following protocols should be blocked outbound on the network? A. SMTP B.CompTIA SY0-201: Practice Exam A. ISAKMP Answer: D QUESTION NO: 142 Answer: A QUESTION NO: 143 Which of the following is MOST likely provided by asymmetric key cryptography? A.c om 43 . IPSec Answer: B QUESTION NO: 141 An administrator does not want anyone to VPN from inside the network to a remote office or network. SSL B. S/MIME C. 3DES rtK An administrator is implementing a public website and they want all client connections to the server to be encrypted via their web browser.certkiller. OVAL C. ISAKMP D. Kiting D.

B. Session keys are sent in clear text because they are private keys. Answer: B QUESTION NO: 146 Which of the following is a way to encrypt session keys using SSL? A. Session keys are encrypted using an asymmetric algorithm.c om 44 .CompTIA SY0-201: Practice Exam Answer: D QUESTION NO: 144 All of the following are symmetric key algorithms EXCEPT: A. 3DES. B. C. It is CPU intensivE. B.certkiller. C. It is a private key algorithm.www.com rtK ille r. Session keys are encrypted using a symmetric algorithm. Ce "Slay Your Exams" . D. RC4 Answer: A QUESTION NO: 145 Which of the following is true about ECC algorithms? A. D. It is implemented in portable devices. ECC. It is the algorithm used in PGP. Session keys are sent unencrypteD. Answer: B QUESTION NO: 147 Which of the following can reduce the risk associated with password guessing attacks? (Select TWO). D. C. Rijndael.

Implement account-lockout thresholds.C QUESTION NO: 150 Antivirus software products detect malware by comparing the characteristics of known instances against which of the following type of file sets? A. ille r. NIDS signature "Slay Your Exams" .c om . E. Implement shared passwords.com 45 Ce rtK Which of the following is done to ensure appropriate personnel have access to systems and networks? (Select TWO).certkiller. Conduct virus scan.E QUESTION NO: 148 Which of the following is a common practice in forensic investigation? A. Conduct rights review of users and groups. Conduct periodic penetration testing assessments. D. Performing a Gutman sanitization of the drive B. Implement single sign-on.CompTIA SY0-201: Practice Exam A.www. C. Signature B. Conduct periodic personnel employment verifications. D. Answer: C. E. B. C. B. Answer: B. Performing a sanitization of the drive Answer: B QUESTION NO: 149 A. Implement shadow passwords. Conduct vulnerability assessments. Text C. Performing a file level copy of the systems storage media D. Implement stronger password complexity policies. Performing a binary copy of the systems storage media C.

Halon D. Rule based B. Destruction B. Least privilege D. Degaussing Answer: B QUESTION NO: 153 When assigning permissions.com rtK ille r.www. which of the following concepts should be applied to enable a person to perform their job task? A. Reformatting D.CompTIA SY0-201: Practice Exam D.certkiller. Sanitization C. Discretionary access control (DAC) C.c om 46 . Foam Answer: A QUESTION NO: 152 Which of the following is the BEST process of removing PII data from a disk drive before reuse? A. Role based Answer: C QUESTION NO: 154 Ce "Slay Your Exams" . Carbon Dioxide C. Dynamic Library Answer: A QUESTION NO: 151 Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment? A. Water B.

CompTIA SY0-201: Practice Exam While conducting a review of the system logs.certkiller.c om 47 . Biometrics D. Rights are not set correctly D. Domain kiting Ce "Slay Your Exams" . a user had attempted to log onto the network over 250 times. Brute force B.www. Phishing B. Write only access Answer: C QUESTION NO: 157 Accessing a system or application using permissions from another users account is a form of which of the following? A. SSO Answer: D QUESTION NO: 156 A user was trying to update an open file but when they tried to access the file they were denied. Two-factor authentication C. Execute only access C.com rtK ille r. Phishing C. Which of the following type of strategies will resolve this issue? A. Smart card B. DNS spoofing Answer: A QUESTION NO: 155 Users do not want to enter credentials to each server or application to conduct their normal work. Which of the following would explain why the user could not access the file? A. Audit only access B. Spamming D. Which of the following type of attacks is MOST likely occurring? A.

by default the passwords are based off of the word $ervicexx. ARP spoofing D.com rtK ille r. Known plain text C.certkiller. Which of the following is this an example of? A. Back door D. To keep a user from changing the boot order of the system D. Privilege escalation Answer: D QUESTION NO: 158 Which of the following is an important reason for password protecting the BIOS? A. Weak passwords Answer: D Ce "Slay Your Exams" . To maintain password complexity requirements B. where xx is the last two numbers of the users cell phone number.CompTIA SY0-201: Practice Exam C. A hotfix C. The users are not required to change this password. A patch Answer: C QUESTION NO: 160 A company uses a policy of assigning passwords to users. Default accounts B. To prevent system start-up without knowing the password C. Patch management B.www. To keep a virus from overwriting the BIOS Answer: C QUESTION NO: 159 Which of the following is a software bundle containing multiple security fixes? A.c om 48 . Service pack D.

C.com rtK ille r. The local firewall is blocking GRE packets. Have a solid acceptable use policy in place with a click through banner. An unauthorized attempt to access the server. Which of the following can be implemented to increase security and prevent this from happening? Ce The RAS logs on a server show 100 errors in a two minute time period from an attempt to access an account. D. Answer: B QUESTION NO: 163 A. Provide thorough and frequent user awareness training. Patch template C. Provide a service level agreement that addresses social engineering issues. B.CompTIA SY0-201: Practice Exam QUESTION NO: 161 Which of the following is an installable package that includes several patches from the same vendor for various applications? A. One of the users forgot their password and kept trying to login. D. C. Service pack D. The error log shows unknown username or passworD. Patch rollup Answer: C QUESTION NO: 162 Which of the following is a best practice to prevent users from being vulnerable to social engineering? A. Answer: B QUESTION NO: 164 An administrator notices that former temporary employees accounts are still active on a domain. Hotfix B. Which of the following is this an example of? "Slay Your Exams" .certkiller. The end users ISPis having issues with packet loss.c om 49 . B. Haveuser sign both the acceptable use policy and security based HR policy.www.

CompTIA SY0-201: Practice Exam A. Run a last logon script to look for inactive accounts. B. Implement an account expiration date for temporary employees. C. Implement a password expiration policy. D. Implement time of day restrictions for all temporary employees. Answer: B

QUESTION NO: 165 Which of the following is the primary security risk with coaxial cable? A. Diffusion of the core light source B. Data emanation from the core C. Crosstalk between the wire pairs D. Refraction of the signal Answer: B

QUESTION NO: 166

Answer: B

QUESTION NO: 167 Which of the following would allow an administrator to find weak passwords on the network? A. A network mapper B. A hash function C. A password generator D. A rainbow table Answer: D

Ce
"Slay Your Exams" - www.certkiller.com

rtK

A. A security template B. A service pack C. A security hotfix D. A security baseline

ille

Which of the following is a collection of patches?

r.c

om

50

CompTIA SY0-201: Practice Exam QUESTION NO: 168 Which of the following is the BEST place where the disaster recovery plan should be kept? A. Printed out and kept in the desk of the CIO B. At multiple offsite locations C. Multiple copies printed out and kept in the server room D. On the network file server Answer: B

QUESTION NO: 169 Which of the following is established immediately upon evidence seizure? A. Start the incident respond plan B. Damage and loss control C. Chain of custody D. Forensic analysis Answer: C

QUESTION NO: 170

Which of the following is a required privilege that an administrator must have in order to restore a public/private key set on a certificate authority (CA)? A. Recovery agent B. Registration authority C. Domain administrator D. Group administrator Answer: A

QUESTION NO: 171 Which of the following algorithms have the smallest key space? A. IDEA B. SHA-1 C. AES D. DES "Slay Your Exams" - www.certkiller.com 51

Ce

rtK

ille

r.c

om

CompTIA SY0-201: Practice Exam Answer: D

QUESTION NO: 172 Which of the following is the MOST recent addition to cryptography? A. AES B. DES C. 3DES D. PGP Answer: A

QUESTION NO: 173 Which of the following requires a common pre-shared key before communication can begin? A. Public key infrastructure B. Symmetric key cryptography C. Secure hashing algorithm D. Asymmetric key cryptography Answer: B

QUESTION NO: 174

Which of the following provides the MOST comprehensive redundancy for an entire site with the least downtime? A. A warm site B. A cold site C. Amobile site D. A hot site Answer: D

QUESTION NO: 175 Which of the following allows devices attached to the same switch to have separate broadcast domains?

Ce

"Slay Your Exams" - www.certkiller.com

rtK

ille

r.c

om

52

CompTIA SY0-201: Practice Exam A. NAT B. DMZ C. NAC D. VLAN Answer: D

QUESTION NO: 176 Which of the following allows for notification when a hacking attempt is discovered? A. NAT B. NIDS C. Netflow D. Protocol analyzer Answer: B

QUESTION NO: 177

Answer: D

QUESTION NO: 178 Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem? A. A vulnerability scanner B. Security baselines C. A port scanner D. Group policy Answer: A

Ce
"Slay Your Exams" - www.certkiller.com

rtK

A. An incorrect VLAN B. SSID broadcasting C. A repeater D. A vampire tap

ille

When dealing with a 10BASE5 network, which of the following is the MOST likely security risk?

r.c

om

53

Disaster planning B. One-factor authentication D. Non-repudiation Answer: D QUESTION NO: 180 Which of the following uses a key ring? A.www. RSA Answer: C QUESTION NO: 181 Which of the following allows for the highest level of security at time of login? A. NTLMv2 Answer: B QUESTION NO: 182 Sending a patch through a testing and approval process is an example of which of the following? A. Single sign-on B.CompTIA SY0-201: Practice Exam QUESTION NO: 179 Which of the following allows for proof that a certain person sent a particular email? A. Trusted Platform Module D. Acceptable use policies D.c om 54 . User education and awareness training Ce "Slay Your Exams" . Integrity C. AES B. Two-factor authentication C. DES C. Steganography B.com rtK ille r. PGP D. Change management C.certkiller.

www. ARP r. DoS Answer: D Answer: B QUESTION NO: 185 Which of the following is the MOST likely to generate static electricity? A.certkiller.com rtK ille A. MAC D. TCP/IP hijacking B. DoS B. where can a technician generate the key pairs? Ce "Slay Your Exams" . DNS poisoning C. Low humidity and high temperature B.c Which of the following would use a group of bots to stop a web server from accepting new requests? om QUESTION NO: 184 55 . Kiting D. High humidity and high temperature Answer: A QUESTION NO: 186 Using an asymmetric key cryptography system.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 183 Sending continuous TCP requests to a device and ignoring the return information until the device ceases to accept new connections is an example of which of the following? A. DDoS C. Low humidity and low temperature D. High humidity and low temperature C.

Mandatory Access Control (MAC) B.CompTIA SY0-201: Practice Exam A.com rtK A. Role-Based Access Control (RBAC) C. Rule-Based Access Control (RBAC) Answer: C Ce "Slay Your Exams" .c om 56 . Weak encryption B. Coaxial cable C. Data emanation ille Which of the following allows a person to find public wireless access points? r. SSID broadcast D. Discretionary Access Control (DAC) D. A recovery agent Answer: A QUESTION NO: 187 Which of the following media is the LEAST likely to be successfully tapped into? A. IETF C. Shielded twisted pair cable Answer: C QUESTION NO: 188 Answer: C QUESTION NO: 189 Which of the following allows a file to have different security permissions for users that have the same roles or user groups? A. Fiber optic cable D. A certificate authority B.www. Unshielded twisted pair cable B. A key escrow service D. 8021x C.certkiller.

The administrator logs onto the PC and prints successfully. Implicit deny C. Which of the following is this an example of? A.com rtK ille r.c om 57 . That the user is attempting to print to the correct printer tray Answer: C QUESTION NO: 193 Which of the following uses a sandbox to manage a programs ability to access system resources? Ce "Slay Your Exams" . Man-in-the-middle C. Separation of duties D. Honeypot Answer: D QUESTION NO: 191 A company decides that the purchasing agent and the accounts receivable agent should exchange positions in order to allow for more oversight of past transactions. Which of the following should the administrator check FIRST? A. Job rotation Answer: D QUESTION NO: 192 A user complains that the color laser printer continuously gives an access denied message while attempting to print a text document.CompTIA SY0-201: Practice Exam QUESTION NO: 190 A DMZ has a fake network that a hacker is attacking.certkiller. That the user has sufficient rights to print to the printer D.www. Proxy server D. Least privilege B. That the printer has the correct size of paper in each of the trays B. Firewall B. Which of the following is this an example of? A. That the toner should be changed in the printer C.

Which of the following is the FIRST action for the technician to take? r. "Slay Your Exams" .www. Deny the users request and forward to the human resources department. JavaScript D. Grant access to the filE.CompTIA SY0-201: Practice Exam A. The access control list B. D. The local security logs D. Reboot the system.c om 58 . Java B. The local security template Answer: A QUESTION NO: 195 Answer: C QUESTION NO: 196 A user is convinced that someone is attempting to use their user account at night. Which of the following should an administrator check FIRST in order to prove or disprove this claim? A. B. C.com rtK ille A user is denied access to a filE. The security application logs C. The data emanation D. ActiveX C. The IDS logs B. The firewall logs Answer: C Ce A. The user had access to the file yesterday.certkiller. Verify that theusers permissions are correct. The security baseline C. Cold Fusion Answer: A QUESTION NO: 194 Which of the following allows a technician to view the security permissions of a file? A.

Which of the following BEST describes what to check FIRST? A.com 59 Ce rtK ille A. The access logs D.www. Compare the final MD5 hash with the original. B. That the software based firewall application trusts this site B. That the anti-spam application trusts this site Answer: B Answer: A QUESTION NO: 199 A user needs to verify that a patch file downloaded from a third party has not been modified since the time that the original manufacturer released the patch. The firewall logs B. Before the upgrade.c An intrusion has been detected on a companys network from the Internet. That the antivirus application trusts this site D. a login box would appear on the screen and disappear after login. Download the patch file through a SSL connection. Download the patch file over an AES encrypted VPN connection. The performance logs r. D. That the pop-up blocker application trusts this site C. Answer: A QUESTION NO: 200 "Slay Your Exams" . The DNS logs C.CompTIA SY0-201: Practice Exam QUESTION NO: 197 A user reports that a web based application is not working after a browser upgradE. Compare the final LANMAN hash with the original. Which of the following is the BEST way to verify that the file has not been modified? A. Which of the following should be checked FIRST? om QUESTION NO: 198 .certkiller. C. The login box does not appear after the upgradE.

Install a single high end server. each running a network operating system.certkiller. The local firewall log file Answer: B QUESTION NO: 201 A user does not understand why the domain password policy is so stringent. including a list of weak passwords. A user places more information than the program expects in the input field resulting in the back end database placing the extra information into the databasE. D. The local security log file D. A protocol analyzer C. running multiple virtual servers. Install multiple high end servers. D. Explain how easy it is for a hacker to crack weak passwords.CompTIA SY0-201: Practice Exam A technician suspects that one of the network cards on the internal LAN is causing a broadcast storm. B. QUESTION NO: 202 A.c om 60 . Which of the following BEST demonstrates the security basis for the password policy? A.www. Refer the user to a strong password demonstrator. The NIDS log file B. C. Answer: C QUESTION NO: 203 A programmer creates an application to accept data from a websitE.com rtK ille Answer: A r. Show the user a domain overview. Install a single low end server. B. Ask the user to review the corporate policies and procedures manual. Which of the following is this an example of? Ce A company needs to have multiple servers running low CPU utilization applications. Which of the following would BEST diagnose which NIC is causing this problem? A. C. sharing a clustered network operating system. running multiple virtual servers. Which of the following is the MOST cost efficient method for accomplishing this? "Slay Your Exams" . Install multiple low end servers.

The code would activate only if human resources processed the developers termination papers.www. Cross-site scripting C.c om 61 .CompTIA SY0-201: Practice Exam A. Logic bomb B. Buffer overflow D. Worms C.Which of the following type of attacks is similar to this product? Ce "Slay Your Exams" .com rtK A developer added code to a financial system designed to transfer money to a foreign bank account on a specific time and datE. Botnets D. Viruses B. Botnet D. Trojans Answer: C QUESTION NO: 205 A.certkiller. It has been suggested that the company purchase a product which could decrypt the SSL session. Java input error B. scan the content and then repackage the SSL session without staff knowing. SQL injection Answer: D QUESTION NO: 204 Which of the following security threats is MOST commonly associated with a targeted distributed denial of service (DDoS)? A. Rootkit C. Privilege escalation Answer: A QUESTION NO: 206 A CEO is concerned about staff browsing inappropriate material on the Internet via HTTPS. The developer implemented which of the following security threats? ille r.

CompTIA SY0-201: Practice Exam A. Man-in-the-middle Answer: D QUESTION NO: 207 After a system risk assessment was performed it was found that the cost to mitigate the risk was higher than the expected loss if the risk was actualizeD. In this instance. $7. $4. "Slay Your Exams" . Spoofing C. Which of the following are reasons why a NIDS may be better to implement? (Select TWO).www.000 D. Run a new risk assessment Answer: A QUESTION NO: 208 A small call center business decided to install an email system to facilitate communications in the office. Staff members in the call center are paid $90 per hour. $5. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protecteD. Replay B.500 C. If determining the risk.700 B. Reject the risk D. TCP/IP hijacking D.certkiller.com 62 Ce rtK ille r. If workstations are compromised it will take three hours to restore services for the 30 staff. which of the following is the BEST course of action? A. which of the following is the annual loss expectancy (ALE)? A. Mitigate the risk C. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5.000 per year.290b Answer: D QUESTION NO: 209 A technician is deciding between implementing a HIDS on the database server or implementing a NIDS. Accept the risk B. $2.c om .

such as virtualized browsers. Phishing and spam attacks D. controls applied to groups and permissions acquired by controls B. Many HIDS require frequent patches and updates. Roles applied to groups. Users assigned permissions. Many HIDS are not good at detecting attacks on database servers. Many HIDS have a negative impact on system performancE. Office laptop connected to a homeusers network Answer: D QUESTION NO: 211 Answer: A QUESTION NO: 212 A flat or simple role-based access control (RBAC) embodies which of the following principles? A. Remote access user connecting via corporate dial-in server D. Malware installation from suspects Internet sites B.CompTIA SY0-201: Practice Exam A.www.com 63 Ce A. Answer: B. Office laptop connected to the enterprise LAN C. permissions are assigned to groups. D. users assigned to groups and users acquire permissions by being a member of the group "Slay Your Exams" . are capable of protecting the underlying operating system from which of the following? ille r. C. Remote access user connecting via SSL VPN B. B. Many HIDS only offer a low level of detection granularity.C QUESTION NO: 210 Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a laptop? A. E. Users assigned to roles.certkiller. DDoS attacks against the underlying OS rtK Virtualized applications. Many HIDS are not able to detect network attacks. roles assigned to groups and users acquire additional permissions by being a member of a group C.c om . Man-in-the-middle attacks C.

Rootkit rtK ille Which of the following is a security threat that hides its processes and files from being easily detected? r. Which of the following is the BEST technology to install at the data center to prevent piggybacking? A. Worm D.com A.CompTIA SY0-201: Practice Exam D. Security badges C.c om 64 . Mantrap B. Token access Answer: A QUESTION NO: 214 Answer: D QUESTION NO: 215 Security templates are used for which of the following purposes? (Select TWO). Trojan B. A. To ensure that email is encrypted by users of PGP B.E Ce "Slay Your Exams" . To ensure that PKI will work properly within the companys trust model C. To ensure that servers are in compliance with the corporate security policy Answer: D. Users assigned to roles. Adware C.certkiller. permissions are assigned to roles and users acquire permissions by being a member of the role Answer: D QUESTION NO: 213 A number of unauthorized staff has been entering the data center by piggybacking authorized staff.www. Hardware locks D. To ensure that all servers start from a common security configuration E. To ensure that performance is standardized across all servers D. The CIO has mandated that this behavior stops.

com 65 Ce rtK A.c When choosing an antivirus product.www. PGP C. Antivirus B. applying the patches and which of the following? A. Running a NIDS report to list the remaining vulnerabilities C. The number of viruses the software can detect ille r. Firewall D.CompTIA SY0-201: Practice Exam QUESTION NO: 216 Frequent signature updates are required by which of the following security applications? (Select TWO). The availability of application programming interface D. which of the following are the MOST important security considerations? (Select TWO). Auditing for the successful application of the patches D. IDS Answer: A. Updating the firewall configuration to include the patches B. A.E QUESTION NO: 218 Three generally accepted activities of patch management are: determining which patches are needed. om QUESTION NO: 217 . The number of emails that can be scanned E.certkiller. The ability to scan encrypted files C. Backing up the patch file executables to a network share Answer: C QUESTION NO: 219 "Slay Your Exams" . The frequency of signature updates B. PKI E.E Answer: A.

Fingerprinting C. Penetration testing D.www.com rtK If an administrator does not have a NIDS examining network traffic. Answer: B QUESTION NO: 220 Social engineering. A patch in a service pack fixes the issue. A patch is too large to be distributed via a remote deployment tool. which of the following could be used to identify an active attack? ille r. Vulnerability scanner Answer: A QUESTION NO: 222 Configuration baselines should be taken at which of the following stages in the deployment of a new system? A. but has not yet been tested in a production environment. B.certkiller. Before initial configuration B.c om 66 . password cracking and vulnerability exploitation are examples of which of the following? A. Before loading the OS C. C. Vulnerability assessment B.CompTIA SY0-201: Practice Exam In which of the following situations would it be appropriate to install a hotfix? A. Penetration testing tool C. Protocol analyzer B. A patch is not available and workarounds do not correct the problem. but too many extra patches are includeD. D. Network mapper D. Fuzzing Answer: C QUESTION NO: 221 A. After a user logs in Ce "Slay Your Exams" . A patch is available.

Log on only as the administrator. A hash produces a variable output for any input size. Answer: C QUESTION NO: 226 Ce "Slay Your Exams" .com rtK A. Report all security incidents. a cipher cannot. a hash cannot.CompTIA SY0-201: Practice Exam D. A hash can be reversed. B.certkiller. C. Disable SSID broadcast ille r. Answer: B QUESTION NO: 224 Answer: C QUESTION NO: 225 Which of the following describes the difference between a secure cipher and a secure hash? A.www. After initial configuration Answer: D QUESTION NO: 223 Which of the following practices should be implemented to harden workstations and servers? A.c Which of the following is a mechanism that prevents electromagnetic emanations from being captured? om 67 . A cipher produces the same size output for any input size. D. Check the logs regularly. a hash does not. A cipher can be reversed. B. D. Install a repeater B. Faraday cage D. a cipher does not. C. Uninterruptible power supply (UPS) C. Install only needed softwarE.

authorization and auditing capabilities. SHA-1 produces fixed length message digests. RADIUS separates authentication. Computers must be tested against known TCP/IP vulnerabilities. SHA-1 produces few collisions than MD5 C.certkiller.CompTIA SY0-201: Practice Exam Which of the following physical threats is prevented with mantraps? A. Answer: B Which of the following BEST applies in the secure disposal of computers? A.com rtK ille QUESTION NO: 228 r. D. B. Social engineering C. C. Dumpster diving D. B. B. TACACS is a remote access authentication servicE.c om 68 . authorization and auditing capabilities. RADIUS is a remote access authentication servicE.www. Piggybacking B. Answer: A Ce "Slay Your Exams" . Computer media must be sanitizeD. Shoulder surfing Answer: A QUESTION NO: 227 Which of the following BEST describes the differences between SHA-1 and MD5? A. Answer: B QUESTION NO: 229 Which of the following BEST describes the differences between RADIUS and TACACS? A. D. Default passwords must be changed oncE. C. MD5 produces few collisions than SHA-1 D. MD5 produces variable length message digests. TACACS separates authentication. Computers must be configured for automated patch management.

RADIUS encrypts client-server negotiation dialog. Install a protocol analyzer.com 69 Ce rtK ille r. Answer: B QUESTION NO: 232 To evaluate the security compliance of a group of servers against best practices. TACACS because it encrypts client-server negotiation dialogs. D. Get a patch management report. Answer: C QUESTION NO: 231 Which of the following authentication mechanisms performs better in a secure environment? A. Vampire tap C. RADIUS because it is a remote access authentication servicE. which of the following BEST applies? A. Fuzzing B. Run a vulnerability assessment tool. Refraction "Slay Your Exams" . Crosstalk D. Conduct a penetration test. D. RADIUS is a remote access authentication servicE. B. D. TACACS because it is a remote access authentication servicE.c om . B. Answer: C QUESTION NO: 233 Which of the following is a problem MOST often associated with UTP cable? A. C. C. TACACS is a remote access authentication servicE.certkiller.www. C. B. TACACS encrypts client-server negotiation dialog.CompTIA SY0-201: Practice Exam QUESTION NO: 230 Which of the following BEST describes the differences between RADIUS and TACACS? A. RADIUS because it encrypts client-server passwords.

com 70 Ce rtK ille r. A S/MIME buffer overflow B.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 234 An administrator notices on the monthly firewall log that many of the internal PCs are sending packets on a routine basis to a single external PC.certkiller. Locked passwords D. Which of the following BEST describes what is occurring? A.www. Weak passwords B.c om . Expired passwords C. Answer: B QUESTION NO: 235 An administrator notices that a PC is sending an unusual amount of email at odd times of the day. Backdoor passwords Answer: A "Slay Your Exams" . B. A SMTP open relay Answer: D QUESTION NO: 236 Which of the following would a password cracker help an administrator to find? A. The remote PC has a spam slave application running and the local PCs have a spam master application running. Which of the following should the administrator check for FIRST? A. A POP3 protocol exception C. D. C. The remote PC has a zombie master application running and the local PCs have a zombie slave application running. The remote PC has a zombie slave application running and the local PCs have a zombie master application running. DNS poisoning D. The remote PC has a spam master application running and the local PCs have a spam slave application running.

CompTIA SY0-201: Practice Exam QUESTION NO: 237 Which of the following is setup within a router? A. At time of hire B. DDoS Answer: B QUESTION NO: 238 Answer: D QUESTION NO: 239 A. OVAL D. DMZ C. highly secure encryption of a USB flash drive? 71 . At time of departure D. SHA-1 B. AES256 om Which of the following would BEST allow for fast.www. At time of first system login Answer: A QUESTION NO: 240 Which of the following could BEST assist in the recovery of a crashed hard drive? A. At time of first correspondence C.certkiller. Forensics software Ce When is the correct time to discuss the appropriate use of electronic devices with a new employee? "Slay Your Exams" . ARP B. MD5 C. 3DES D.com rtK ille r.c A.

UPS line conditioner. Drive optimization C.certkiller.c QUESTION NO: 242 om 72 . backup generator B. L2TP B. PPTP Answer: C Which of the following allows for a secure connection to be made through a web browser? A. AES B. UPS line conditioner. Damage and loss control Answer: A QUESTION NO: 241 Which of the following facilitates the creation of an unencrypted tunnel between two devices? A. and backup generator Answer: D QUESTION NO: 244 Ce "Slay Your Exams" .CompTIA SY0-201: Practice Exam B. SSH C. Backup generator. UPS battery C. UPS battery.com rtK ille r.www. L2TP D. Backup generator. UPS line conditioner. UPS line conditioner D. HTTPS C. UPS battery. SSL D. HTTP Answer: C QUESTION NO: 243 Which of the following is the BEST order in which crucial equipment should draw power? A. Uninterruptible Power Supply (UPS) battery. Drive sanitization D.

A protocol analyzer D. Protocol analyzer B.www. SSID broadcasting enabled D.CompTIA SY0-201: Practice Exam Which of the following would require a pre-sharing of information before a home user could attach to a neighbors wireless adapter? A. Rainbow tables D.certkiller. Review security access logs B. Encryption disabled Answer: B QUESTION NO: 245 Which of the following would BEST allow an administrator to quickly find a rogue server on the network? A. Review DNS logs Answer: B QUESTION NO: 246 Which of the following would BEST allow an administrator to quickly find a PC with a blank database administrator password? A. A network mapper C. Backup all data at a preset interval to tape and store those tapes at a sister site across the street.c om . Which of the following additional steps should the administrator take for protection from disaster in the case the primary site is permanently lost? A. Anonymous connections enabled B. SSID broadcasting disabled C. Security access logs Answer: B QUESTION NO: 247 An administrator is backing up all server data nightly to a local NAS devicE.com 73 Ce rtK ille r. Vulnerability scanner C. "Slay Your Exams" .

Vulnerability testing Answer: A QUESTION NO: 249 A single sign-on requires which of the following? A.com rtK ille r.www. near a high end server. Protocol analyzers C. near a power linE. Backup all data at a preset interval to tape and store those tapes at a sister site in another city. A trust model between workstations D. Penetration testing B. C. near a fiber optic cable entrance. B. Answer: B QUESTION NO: 248 Which of the following is the MOST intrusive on a network? A.c om 74 . Backup all data at a preset interval to removable disk and store the disk in a safety deposit box at theadministrators homE. A unified trust model Answer: D QUESTION NO: 250 All of the following are where backup tapes should be kept EXCEPT: A. D.CompTIA SY0-201: Practice Exam B. Backup all data at a preset interval to removable disk and store the disk in a fireproof safe in the buildings basement. near a shared LCD screen. C. Answer: C Ce "Slay Your Exams" . Port scanners D. Multifactor authentication B. One-factor authentication C. D.certkiller.

A hotfix Answer: B QUESTION NO: 254 Which of the following usually applies specifically to a web browser? A. Answer: B QUESTION NO: 252 Which of the following is the quickest method to create a secure test server for a programmer? A. rootkit detection applications. Antivirus B. Install a network operating system on existing equipment.www. pop-up blocker applications. C. B.c om . Answer: B QUESTION NO: 253 Which of the following is a collection of fixes for an application or operating system that has been tested by the vendor? A.CompTIA SY0-201: Practice Exam QUESTION NO: 251 All of the following require periodic updates to stay accurate EXCEPT: A. A service pack C. A security template B. Anti-spyware D. B.com 75 Ce rtK ille r. Create a virtual server on existing equipment. antivirus applications.certkiller. C. Install a network operating system on new equipment. Personal software firewall "Slay Your Exams" . Create a virtual server on new equipment. Pop-up blocker C. D. D. A patch D. signature based HIDS.

r.com rtK ille A. CA B.c om 76 . penetration testing. If a virtual server crashes. B. Botnet D.www. C. D. If the physical server crashes. all of the physical servers go offline immediately.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 255 Pre-shared keys apply to which of the following? A. If a virtual server crashes. all of the local virtual servers go offline immediately. Worm C. PGP C. Digital signature Answer: B QUESTION NO: 256 Which of the following is a risk associated with a virtual server? Answer: A QUESTION NO: 257 Which of the following exploits is only triggered by a specific date or time key? A. all of the virtual servers go offline immediately. Ce "Slay Your Exams" . TPM D. If the physical server crashes. Logic bomb Answer: D QUESTION NO: 258 Threats to a network could include: (Select TWO) A.certkiller. all of the physical servers nearby go offline immediately. Trojan B.

"Slay Your Exams" . disabled user accounts.www. Answer: A QUESTION NO: 261 A technician is working on an end users desktop which has been having performance issues. B. dial-up access. service pack. The technician notices there seems to be a lot of activity on the NIC.c om . netstat. D. C.D QUESTION NO: 259 An antivirus server keeps flagging an approved application that the marketing department has installed on their local computers as a threat. true positivE. false negative.com 77 Ce rtK ille r.CompTIA SY0-201: Practice Exam B. C. hotfix. Answer: B QUESTION NO: 260 A vendor releases an application update to a recent service pack that addresses problems being experienced by some end users. C. netops. true negativE. D. false positivE. D. service pack rollup. C. patch. B. A good tool to quickly check the current network connections of the desktop would be: A. lanman. disgruntled employees. D. E. network audits. ipconfig /all.certkiller. This is an example of: A. Answer: C. B. This update would be considered a: A.

anomaly-based tool. The administrator needs to prevent both unauthorized access to the company email and data.certkiller. key recovery.www. signature-based tool. This is typical of a(n): A.c om 78 .com rtK ille r. B. Which of the following BEST achieves this goal? A. Provide web mail access to all users. C. protocol analyzer. Use group policy to lock computers after five minutes of inactivity. honeynet. and limit the impact on the VPN server. integrity. Answer: C QUESTION NO: 263 The service provided by message authentication code (MAC) hash is: A. C. fault tolerancE. B. Answer: D QUESTION NO: 264 An administrator is running a network monitoring application that looks for behaviors on the network outside the standard baseline that has been establisheD. B. and limit VPN connections to one hour. D. and limit VPN connections to two hours. D.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 262 A company has an issue with field users logging into VPN to connect to the mail server. C. Use registry settings to lock computers after five minutes of inactivity. D. Answer: D Ce "Slay Your Exams" . and leaving their computers connected while in public places. Set VPN to disconnect after five minutes of inactivity. data recovery.

use the company AUP to achieve the desired result. B. Answer: B QUESTION NO: 266 An administrator wants to block users from accessing a few inappropriate websites as soon as possiblE. C. upgrade to a text based filter to achieve the desired result. To achieve this goal the administrator will need to: A. Which of the following keys is used? A. Both public and private keys B.CompTIA SY0-201: Practice Exam QUESTION NO: 265 Some examples of hardening techniques include all of the following EXCEPT: A. applying security templates.c om . upgrade to a DNS based filter to achieve the desired result. The existing firewall allows blocking by IP address. Shared key C. C. disabling all non-required services. network-based patch management. Answer: C QUESTION NO: 267 A. Cipher key B. Public key "Slay Your Exams" . D. Private keys D. Public keys Answer: A QUESTION NO: 268 A user logs into their network with a smart carD.www.certkiller. D.com 79 Ce A CRL contains a list of which of the following type of keys? rtK ille r. upgrade to a URL based filter to achieve the desired result. B. running weekly spyware applications. Steganographic keys C.

Run anti-spyware on the drives.CompTIA SY0-201: Practice Exam D. which of the following keys are being used? (Select TWO). Which of the following will accomplish this? A. Session key D. Install antivirus on the drives. Store the keys in escrow. Obtain the employees hardware token. Use a certified wipe program to erase datA. Immediately delete the account. Which of the following should the user do to the drives before disposing of them? A.com rtK ille r.certkiller. D.c om 80 .www. Privatekey Answer: D QUESTION NO: 269 An administrator wants to ensure that when an employee leaves the company permanently. that the company will have access to their private keys. Reformat the hard drives oncE. Answer: B Ce "Slay Your Exams" . A. C. C.C QUESTION NO: 271 A user is going to dispose of some old hard drives. Answer: A QUESTION NO: 270 When a server and workstation communicate via SSL. D. Recovery key E. B. Public key B. Keylogger Answer: A. Store them in a CRL. B. Cipher key C.

System C.www. User authentication B. Magnetic lock and pin D. Biometric reader and smartcard Answer: D QUESTION NO: 273 Which of the following concepts. Smartcard and proximity readers C.c om 81 . Job role Answer: C QUESTION NO: 274 When using discretionary access control (DAC). Least privilege D. Which of the following solutions offers the BEST security controls? A. Combination locks and key locks B.CompTIA SY0-201: Practice Exam QUESTION NO: 272 A user wants to implement very tight security controls for technicians that seek to enter the users datacenter. Owner Answer: D QUESTION NO: 275 Which of the following is a security benefit of mandatory vacations? Ce "Slay Your Exams" . Help desk D.certkiller. Need-to-know C.com rtK ille r. User B. who determines access and what privileges they have? A. requires users and system processes to be assigned minimum levels of permission to carry out the assigned task? A.

Separation of duties C. accuracy of the datA. C.c om 82 .www. D.CompTIA SY0-201: Practice Exam A. Policy C. recoverability of the datA. Guideline C. B. Answer: A QUESTION NO: 277 Answer: D QUESTION NO: 278 Which of the following organizational documentation provides high level objectives that change infrequently? A. Guideline Answer: B Ce "Slay Your Exams" . Standards B.com A. Procedures D.certkiller. Standards B. classification of the datA. Procedures rtK ille Which of the following organizational documentation describes how tasks or job functions should be conducted? r. completeness of the datA. Detecting fraud Answer: D QUESTION NO: 276 The data custodian in an organization is responsible for: A. Least privilege B. Reducing stress D. Policy D.

certkiller.E QUESTION NO: 281 The primary function of risk management in an organization is to reduce risk to a level: A. Certificates B. B.www.CompTIA SY0-201: Practice Exam QUESTION NO: 279 Which of the following sites can be online the QUICKEST and does not require data restoration from backup media to ensure the production data is as current as possible? A. Content F. URLs E. the organization will accept. where the ARO equals the SLE. Mobile site B. CRLs Answer: A. C. D. where the ALE is lower than the SLE. Hot site C.D. A. Answer: D QUESTION NO: 282 "Slay Your Exams" . TLSs D. the organization will mitigatE.com 83 Ce rtK ille r. Keys C.c om . Mirrored site Answer: D QUESTION NO: 280 Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE). Warm site D.

Kerberos Answer: A QUESTION NO: 285 An organization has recently implemented a work from home program. Monitoring and acceptance B.c om . Mitigation and repudiation Answer: B QUESTION NO: 283 A financial institution performed a risk assessment on the DLT backup system used to store customer account details. Application systems and technical staff C. Which of the following is the MOST likely reason for the risk being raised? A.www.CompTIA SY0-201: Practice Exam Which of the following BEST describes risk analysis? A. NTLM B. The main risk highlighted was the long-term retention of electronically stored datA. OVAL D. Employees need to connect securely from home to the corporate network.certkiller. Evaluation and assessment C.com 84 Ce Which of the following hashing techniques is commonly disabled to make password cracking more difficult? rtK ille r. Retention of data on the media Answer: A QUESTION NO: 284 A. Assessment and eradication D. Compatibility of media and application systems B. Compatibility and retention of data on the media D. AES C. Which of the following encryption technologies might BEST "Slay Your Exams" .

certkiller. E. B.com 85 Ce Port 3535 is typically blocked for outbound traffic on a companys LAN. Answer: B. Open the port on the VLAN. IPSec C. D. C. rtK ille r.CompTIA SY0-201: Practice Exam accomplish this? A. PPPoE Answer: B QUESTION NO: 286 The use of a physical token. An end-user has recently purchased a legitimate business program that needs to make outbound calls using this port. Three-factor authentication Answer: A QUESTION NO: 287 A. Open the port on the companys proxy server.c om . L2TP D. Kerberos authentication C.D QUESTION NO: 288 Which of the following describes software that is often written solely for a specific customers application? "Slay Your Exams" . EAP authentication D. Open the port on the companys firewall. Two-factor authentication B.www. Open the port on the users personal software firewall. Change theusers subnet mask. PPTP B. PIN and a password during authentication is an example of which of the following? A. Which of the following steps should a technician take to allow this? (Select TWO).

Steganography Answer: D QUESTION NO: 291 Which of the following encryption methods is often used along with L2TP? Ce "Slay Your Exams" . Hashing D. Which of the following tools might a security analyst use to determine services that are running on the server. Protocol analyzer D.com rtK ille r. Service pack D. Port scanner C. without logging into the machine? A. OVAL B. Digital signature C.CompTIA SY0-201: Practice Exam A.certkiller.c om 86 . NIDS Answer: B QUESTION NO: 290 A manufacturing corporation has decided to send a highly sensitive message to one of their suppliers. Cryptography B.www. Which of the following is this an example of? A. Hotfix C. Patch Answer: B QUESTION NO: 289 A security manager believes that too many services are running on a mission critical database server. Rootkit B. The message is concealed inside a JPEG image of a beach resort.

S/MIME B.c om . Implement session lock mechanism. Need-to-know B.www. 3DES D.CompTIA SY0-201: Practice Exam A. Implement session termination mechanism. A web server connected to the Internet suddenly experiences a large spike in CPU activity. SSH C. Answer: B QUESTION NO: 294 Ensuring administrators have both a regular user account and a privileged user account is an example of applying which security principle? A. Mandatory Access Control (MAC) C. D. B. Trojan C. C. Discretionary Access Control (DAC) "Slay Your Exams" . Which of the following is the MOST likely cause? A. Implement previous logon notification. Least privilege D. Implement two-factor authentication. Spyware B. IPSec Answer: D QUESTION NO: 292 An administrator is assigned to monitor servers in a data center. Privilege escalation D. DoS Answer: D QUESTION NO: 293 Which of the following methods will help to identify when unauthorized access has occurred? A.certkiller.com 87 Ce rtK ille r.

com rtK ille r. An association of a set of destination ports with an IDS sensor Answer: B QUESTION NO: 298 A technician is performing an assessment on a router and discovers packet filtering is employeD.www. Retina and fingerprint scanner D.c om 88 . ATM card and PIN B. An association of a set of destination ports with a single source port B. An association of a set of source ports with a single destination port C. B. Username and password C. Photo ID and PIN Answer: A QUESTION NO: 297 Which of the following describes a spanned switch port in the context of IDS traffic analysis? A. repudiation.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 295 All of the following are steps in the incident response process EXCEPT: A. D. An association of a set of source ports with multiple destination ports and an IDS sensor D. containment. recovery. Answer: B QUESTION NO: 296 Which of the following is an example of two-factor authentication for an information system? A. C.certkiller. Which of the following describes a security concern with stateless packet filtering? Ce "Slay Your Exams" . eradication.

Monitoring outbound calls C. Internet key exchange C.com rtK ille r. Certificate authority D. Host based intrusion detection C. Router performance is reduceD. Digital signature B. Symmetric key Answer: A QUESTION NO: 301 Which of the following reduces the effectiveness of telephone social engineering? A. Use of VoIP Answer: C Ce "Slay Your Exams" . File integrity auditing B. Awareness training D. Loose routing cannot determine the exact path a packet must follow.www. C. Automatic callback B. Packet payload is not checkeD. D. State connections are retained by the router. B. Answer: A QUESTION NO: 299 Which of the following describes the process of comparing cryptographic hash functions of system executables.CompTIA SY0-201: Practice Exam A. Stateful packet filtering Answer: A QUESTION NO: 300 Which of the following is a cryptographic representation of non-repudiation? A.c om 89 . configuration files. and log files? A.certkiller. Network based intrusion detection D.

Installing antivirus C. Logic Bomb B. Rootkit Answer: A QUESTION NO: 303 All of the following are weaknesses of WEP EXCEPT: A. Mandatory vacations B. DoS C. lack of strong keys. lack of integrity checking. Patch management B.com rtK ille r. D. B. Worm D. Disaster recovery exercises Answer: A QUESTION NO: 305 Which of the following reduces the attack surface of an operating system? A.www. C. Cross training C. initialization vector.c om 90 .CompTIA SY0-201: Practice Exam QUESTION NO: 302 Which of the following will execute malicious code at a pre-specified time? A. Clustered servers D. Disabling unused services Ce "Slay Your Exams" . Installing HIDS D. replay attacks. Answer: A QUESTION NO: 304 Which of the following is LEAST likely to help reduce single points of failure? A.certkiller.

Patch management D. Install a software firewall Answer: C QUESTION NO: 307 Which of the following provides the MOST control when deploying patches? A. Installing HIDS D. Configuration baselines B. Limiting administrative privileges C.CompTIA SY0-201: Practice Exam Answer: D QUESTION NO: 306 Which of the following is LEAST effective when hardening an operating system? A.certkiller. which of the following logs should be reviewed? A. Service packs Answer: C QUESTION NO: 308 If a technician wants to know when a computer application is accessing the network. Host firewall log Answer: D QUESTION NO: 309 All of the following are components of IPSec EXCEPT: Ce "Slay Your Exams" .www.c om 91 . RADIUS log C. Hotfix B. Remote desktop C. Antivirus log B.com rtK ille r. Performance log D.

certkiller. authentication header (AH). D.com rtK A.c om 92 . Collision resistance C. Security association database B. encapsulating security payloaD. Certificate authority Answer: A QUESTION NO: 311 Answer: A QUESTION NO: 312 Which of the following describes a hash algorithms ability to avoid the same output from two guessed inputs? A.CompTIA SY0-201: Practice Exam A. Security parameter index D. Internet key exchangE. Answer: C QUESTION NO: 310 IPSec connection parameters are stored in which of the following? A. AES128 C. B. C. temporal key interchange protocol. Security payload index C. Collision metric Answer: B Ce "Slay Your Exams" . SHA-1 ille Which of the following will provide a 128-bit hash? r. Collision avoidance B.www. MD5 B. ROT13 D. Collision strength D.

c om 93 . Evidence log Answer: C QUESTION NO: 315 Which of the following is the primary incident response function of a first responder? A. Affidavit C. Digital camera Answer: D QUESTION NO: 314 Which of the following BEST describes the form used while transferring evidence? A. To gather evidence and write reports Answer: B QUESTION NO: 316 Which of the following is the GREATEST problem with low humidity in a server room? A.com rtK ille r. Electromagnetic interference D. Compressed air B. To secure the scene and preserve evidence C. To evaluate the scene and determine the cause D. Brown out Ce "Slay Your Exams" . Static electricity B. To evaluate the scene and repair the problem B.certkiller. Power surge C. Booking slip B.www.CompTIA SY0-201: Practice Exam QUESTION NO: 313 Which of the following should be included in a forensic toolkit? A. Tape recorder C. Fingerprint cards D. Chain of custody D.

CompTIA SY0-201: Practice Exam Answer: A QUESTION NO: 317 Which of the following protocols is used to ensure secure transmissions on port 443? A. Differential Answer: C QUESTION NO: 320 How many keys are utilized in symmetric cryptography? Ce "Slay Your Exams" . In accordance with the disaster recovery plan Answer: D QUESTION NO: 319 Which of the following is the BEST backup method to restore the entire operating system and all related software? A. HTTPS B. Incremental C.certkiller. SHTTP Answer: A QUESTION NO: 318 When should a technician perform disaster recovery testing? A.com rtK ille r. SFTP D. Once a month. during peak business hours C. Telnet C. Weekly B. Disk Image D.c om 94 .www. Immediately following lessons learned sessions B. After the network is stable and online D.

Monitor network traffiC. Validate the user B.certkiller. Verify the user D. Elevate system privileges. C.www. Begin key recovery. B. D. Two C. Authorize the user C. Four Answer: A QUESTION NO: 321 Which of the following terms is BEST associated with public key infrastructure (PKI)? A.c om 95 .CompTIA SY0-201: Practice Exam A. Symmetric key C. One B. Capture private keys. Answer: A Ce "Slay Your Exams" .com rtK A. Authenticate the user ille Which of the following is the LAST step to granting access to specific domain resources? r. Digital signatures Answer: D QUESTION NO: 322 Answer: B QUESTION NO: 323 After an attacker has successfully gained remote access to a server with minimal privileges. Three D. MD5 hashing B. which of the following is their next step? A. Symmetric algorithm D.

Honeypot D. NAT D.CompTIA SY0-201: Practice Exam QUESTION NO: 324 Which of the following should the technician recommend as a way to logically separate various internal networks from each other? A.c om 96 . Which of the following should a technician implement? A. Which of the following should the technician implement? A.com rtK ille r. VLAN C.www. HIDS Answer: B QUESTION NO: 325 An organization has requested the ability to monitor all network traffic as it traverses their network. Spyware detection Answer: C QUESTION NO: 327 Which of the following is the MOST difficult security concern to detect when contractors enter a secured facility? Ce "Slay Your Exams" .certkiller. Centralized antivirus D. Host based intrusion detection C. NIDS B. Protocol analyzer C. Decentralized antivirus B. HIDS Answer: B QUESTION NO: 326 A large amount of viruses have been found on numerous domain workstations. Content filter B.

Separation of duties B.CompTIA SY0-201: Practice Exam A. Removing mass storage iSCSI drives D.www. Separation of duties C. Copying sensitive information with cellular phones C. Job rotation Answer: D Ce "Slay Your Exams" . At the middle of a vulnerability assessment B. Which of the following is this an example of? r. Rogue access points being installed B.c om 97 . Least privilege D. When there is a need to documentvulnerabilities D. Least privilege D. Job rotation rtK ille The staff must be cross-trained in different functional areas so that fraud can be detecteD. Removing network attached storage Answer: B QUESTION NO: 328 When are port scanners generally used on systems? A. Which of the following is this an example of? A.com A. At the beginning of a vulnerability assessment C. At the end of a penetration test assessment Answer: B QUESTION NO: 329 Answer: D QUESTION NO: 330 Human Resources has requested that staff members be moved to different parts of the country into new positions.certkiller. Implicit deny B. Implicit deny C.

certkiller. Which of the following is this an example of? A. Man-in-the-middle attack B. Protocol analysis C. Adware C. Viruses Answer: C QUESTION NO: 334 Ce "Slay Your Exams" .CompTIA SY0-201: Practice Exam QUESTION NO: 331 An administrator is worried about an attacker using a compromised user account to gain administrator access to a system. Botnets B. Privilege escalation D. Spyware D. Trojans Answer: A QUESTION NO: 333 An administrator recommends implementing whitelisting. blacklisting.www. Cross-site scripting Answer: C Which of the following is used to deny authorized users access to services? A.c om QUESTION NO: 332 98 . Adware B. Which of the following threats are being addressed? A.com rtK ille r. Spyware C. closing-open relays. Spam D. and strong authentication techniques to a server administrator.

www. Mantrap Answer: D QUESTION NO: 335 In regards to physical security. Port scanner B.com 99 Ce rtK ille r. Defense-in-depth B.CompTIA SY0-201: Practice Exam An administrator is asked to improve the physical security of a data center located inside the office building. ACL D. Which of the following additional controls could be implemented? A. DMZ Answer: C QUESTION NO: 336 A technician notices delays in mail delivery on the mail server. The data center already maintains a physical access log and has a video surveillance system. Which of the following tools could be used to determine the cause of the service degradation? A. Mantrap D.certkiller. Smart card B. Logical token C. Defense-in-depth C.c om . Performance monitor C. which of the following BEST describes an access control system which implements a non-trusted but secure zone immediately outside of the secure zone? A. TFTP Answer: B QUESTION NO: 337 Penetration testing should only be used once which of the following items is in place? "Slay Your Exams" . ipconfig /all D.

Recovery agent D. IP addresses of machines from which penetration testing will be executeD. C. Service level agreement D. a list of acceptable testing techniques and tools to be utilizeD. "Slay Your Exams" . Which of the following is the MOST effective method to accomplish this? ille r. B. Which of the following BEST describes the administrators recommendation? A.c om .CompTIA SY0-201: Practice Exam A. handling of information collected by the penetration testing team. D. Digital certificate Answer: C QUESTION NO: 340 All of the following should be identified within the penetration testing scope of work EXCEPT: A. Data retention and disclosure policy C. Key escrow Answer: D QUESTION NO: 339 A. a bank has implemented a requirement that all bank customers enter a different.com 100 Ce rtK To combat transaction fraud. Written permission Answer: D QUESTION NO: 338 An administrator recommends that management establish a trusted third party central repository to maintain all employees private keys.certkiller. Registration B. Acceptable use policy B. a complete list of all network vulnerabilities.www. One-time password D. ATM PIN code B. Certificate authority C. unique code to confirm every transaction. Elliptic curve C.

HIDS B.CompTIA SY0-201: Practice Exam Answer: A QUESTION NO: 341 Which of the following is the MOST efficient way that an administrator can restrict network access to certain ports enterprise wide? A. ille r. B. C. Install the server on a separate VLAN segment. Implement the server as a honeypot. Load balance between two identical servers. Identification C.com 101 Ce Answer: B rtK A.www. Personal software firewall C. Verification D.certkiller. Which of the following techniques could be used to decrease the recovery time following an incident? om . Validation Answer: A QUESTION NO: 344 "Slay Your Exams" . NIDS D. The only recourse has been to reload the server from scratch. Implement the server as a virtual server instance. Authentication B. ACL Answer: D QUESTION NO: 342 QUESTION NO: 343 Validating the users claimed identity is called which of the following? A.c An administrator is responsible for a server which has been attacked repeatedly in the past. D.

com 102 Ce rtK According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Logic bomb B. NIDS B. NAT D. DNS poisoning B. Kiting Answer: D this? A. Trojan horse C. DMZ C.Which of the following would be the simplest way to accomplish ille QUESTION NO: 346 r. Rootkit Answer: A QUESTION NO: 345 Which of the following allows a user to float a domain registration for a maximum of five days? A.CompTIA SY0-201: Practice Exam Which of the following is planted on an infected system and deployed at a predetermined time? A.www. Worm D.c om . Spoofing D. VLAN Answer: D QUESTION NO: 347 Which of the following is an attack which is launched from multiple zombie machines in attempt to bring down a service? "Slay Your Exams" . Domain hijacking C.certkiller.

Man-in-the-middle C. MAC flooding B. DDoS D.com rtK A. ARP poisoning C. Trojan ille Which of the following is commonly programmed into an application for ease of administration? r. TCP/IP hijacking Answer: C QUESTION NO: 348 Which of the following will MOST likely allow an attacker to make a switch function like a hub? A. Back door B.CompTIA SY0-201: Practice Exam A. Worm C. War dialing C. Bluesnarfing B.www.c om 103 . DoS B. DNS poisoning D. DNS spoofing Answer: A QUESTION NO: 349 Answer: A QUESTION NO: 350 Which of the following is a technique used by hackers to identify unsecured wireless network locations to other hackers? A.certkiller. War chalking D. War driving Answer: C Ce "Slay Your Exams" . Zombie D.

Hot site Answer: B A.www. B. PKI C. CHAP B. Due diligence C. Answer: C QUESTION NO: 354 Which of the following documents specifies the uptime guarantee of a web server? A. D.CompTIA SY0-201: Practice Exam QUESTION NO: 351 Which of the following authentication models uses a KDC? A.com 104 Ce Which of the following should be done if an organization intends to prosecute an attacker once an attack has been completed? rtK QUESTION NO: 353 ille r. Disconnect the entire network from the Internet.c om . Update antivirus definitions. Warm site D. C. PGP D. Restore missing files on the affected system. Mirrored site B. but allows the infrastructure to be built if the live site goes down? A. Due process B. Apply proper forensic techniques. Kerberos Answer: D QUESTION NO: 352 Which of the following disaster recovery components is a location that is completely empty.certkiller. Scope of work "Slay Your Exams" . Cold site C.

Password complexity requirements Answer: B Ce "Slay Your Exams" .CompTIA SY0-201: Practice Exam D.com rtK ille r. Kerberos Answer: D Which of the following protocols can be implemented as an alternative to the overhead of a VPN? A. Two-factor authentication B. LDAP D. SSH D.c QUESTION NO: 356 om 105 . Account lockout duration C.www. Key distribution center B. Account lockout threshold D. L2TP B. Service level agreement Answer: D QUESTION NO: 355 Which of the following authentication models uses a time stamp to prevent the risks associated with a replay attack? A. PPTP C.certkiller. RADIUS C. SSL Answer: D QUESTION NO: 357 Which of the following will set an account to lockout for 30 minutes after the maximum number attempts have failed? A.

Network mapper C. Protocol analyzer Ce "Slay Your Exams" . MD5 D. 3DES C. Firewall D. RSA Answer: B QUESTION NO: 360 Which of the following hashing algorithms is the MOST secure? A. Mobile device B. SHA-1 C. Port scanner D. Performance Answer: C QUESTION NO: 359 Which of the following encryption algorithms has the largest overhead? A.com rtK ille r. AES D. Security log B.www. AES256 B.CompTIA SY0-201: Practice Exam QUESTION NO: 358 Which of the following logs would reveal activities related to an ACL? A. Transaction C.c om 106 .certkiller. LANMAN B. CHAP Answer: C QUESTION NO: 361 Which of the following would allow a technician to compile a visual view of an infrastructure? A.

c om 107 . Replay D. VPN B. VLAN D. Subnetting Answer: D QUESTION NO: 363 Which of the following is an area of the network infrastructure that allows a technician to place public facing systems into it without compromising the entire infrastructure? A.www. NAC D. NAT C. NAT B.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 362 Which of the following creates separate logical networks? A. DMZ C.com rtK ille r.certkiller. DMZ Answer: D QUESTION NO: 364 Which of the following attacks commonly result in a buffer overflow? A. DoS Answer: D QUESTION NO: 365 Which of the following type of attacks is TCP/IP hijacking? Ce "Slay Your Exams" . DNS Poisoning C. ARP Poisoning B.

MAC flooding D. FIN/RST B.c om 108 .certkiller. ARP poisoning C.com rtK A. Protocol analyzer D.www. DMZ B. Man-in-the-middle Answer: D QUESTION NO: 366 Which of the following ports does SNMP run on? A. 25 B. VLAN ille Which of the following is a collection of servers that is setup to attract hackers? r. Birthday B. Honeynet D. Honeypot C. SYN/ACK C.CompTIA SY0-201: Practice Exam A. 161 D. 110 C. 443 Answer: C QUESTION NO: 367 Answer: C QUESTION NO: 368 Which of the following could be used to determine which flags are set in a TCP/IP handshake? A. Network mapper Answer: C Ce "Slay Your Exams" .

Firewall B. Coaxial Answer: A Which of the following is responsible for establishing trust models? A. Cross-site scripting D. The firewall B. Fiber B. The certificate authority D. SQL injection C.certkiller. 80 and 443 were open from outside of the network? A. DMZ C. The information security officer C. The key escrow agent Answer: C QUESTION NO: 372 Which of the following allows attackers to gain control over the web camera of a system? A. ActiveX component B. Proxy Answer: A QUESTION NO: 370 Which of the following media is LEAST susceptible to a tap being placed on the line? A.com 109 Ce rtK QUESTION NO: 371 ille r. STP D.www.c om . XML "Slay Your Exams" . UTP C. VLAN D.CompTIA SY0-201: Practice Exam QUESTION NO: 369 Which of the following would be the BEST choice to ensure only ports 25.

Antivirus B. Trojan D. DDoS D. NIDS D.www.CompTIA SY0-201: Practice Exam Answer: A QUESTION NO: 373 Which of the following type of attacks sends out numerous MAC resolution requests to create a buffer overflow attack? A. ARP poisoning C.com 110 Ce rtK ille A. Smurf B. DNS poisoning Answer: B Answer: B QUESTION NO: 375 Which of the following would be MOST effective in stopping phishing attempts? A. Virus r. User training C. Worm B. Logic bomb C.c Which of the following would a former employee MOST likely plant on a server that is not traceable? om QUESTION NO: 374 .certkiller. HIDS Answer: B QUESTION NO: 376 Which of the following consists of markings outside a building that indicate the connection speed of a nearby unsecured wireless network? "Slay Your Exams" .

c om 111 . Receipts from the supply store Answer: B QUESTION NO: 378 Answer: C QUESTION NO: 379 Which of the following could be used to capture website GET requests? A. Job rotation D. Business card of computer contractor C. User education manual B.www. Vulnerability scanner Answer: B Ce "Slay Your Exams" .com A. Bluesnarfing Answer: B QUESTION NO: 377 Which of the following would be of MOST interest to someone that is dumpster diving? A. Port scanner B.CompTIA SY0-201: Practice Exam A. List of expired usernames D. Protocol analyzer C.certkiller. War chalking C. Implicit deny B. Least privilege C. Network mapper D. War driving B. Blue jacking D. Separation of duties rtK ille Which of the following could involve moving physical locations every two years to help mitigate security risks? r.

com rtK ille r.c om 112 . AES256 D. S/MIME Ce "Slay Your Exams" . TLS B. L2TP D. LANMAN C.www. NTLM D. Non-repudiation C. 3DES B.CompTIA SY0-201: Practice Exam QUESTION NO: 380 Which of the following does the process of least privilege fall under? A. Integrity B.certkiller. MD5 Answer: B QUESTION NO: 382 Which of the following is the MOST secure transmission algorithm? A. TKIP C. Availability Answer: C QUESTION NO: 381 Which of the following hashing algorithms is the LEAST secure? A. AES Answer: B QUESTION NO: 383 Which of the following protocols is used for encryption between email servers? A. Confidentiality D. SHA-1 B. PPTP C.

certkiller. Application log C. LANMAN Answer: A QUESTION NO: 387 Which of the following is BEST used to determine whether network utilization is abnormal? A. NTLMv2 B.com rtK ille r.c om 113 . System log D. When providing a proof of concept demonstration for a vulnerability B. Performance monitor B. VLAN D. When performing network mapping D. While in the reconnaissance phase C. Security log Ce "Slay Your Exams" . Protocol analyzer Answer: A QUESTION NO: 386 Which of the following implements the strongest hashing algorithm? A. When conducting performance monitoring Answer: A QUESTION NO: 385 Which of the following would be the easiest to use in detection of a DDoS attack? A.CompTIA SY0-201: Practice Exam Answer: A QUESTION NO: 384 Which of the following scenarios would a penetration test BEST be used for? A.www. NTLM C.

Verification C.www.com Answer: B rtK ille r. Application log D. used to prevent authorized access. Identification Answer: D QUESTION NO: 391 Ce "Slay Your Exams" .c QUESTION NO: 389 om 114 .certkiller. Antivirus D. Authentication D. Systems monitor Answer: B QUESTION NO: 388 Which of the following is the BEST solution to implement to reduce unsolicited email? A. Testing B. when the user is verifieD. C. when the user is authorizeD. QUESTION NO: 390 Identity proofing occurs during which phase of identification and authentication? A. D.CompTIA SY0-201: Practice Exam B. B. Performance baseline C. Pop-up blocker B. Anti-spam C. used to confirm the privileges of a user. Personal software firewall Answer: B Identification is a critical component of the authentication process because it is: A.

r.CompTIA SY0-201: Practice Exam Which of the following BEST describes the practice of dumpster diving? A. Sorting through the trash of an organization to recover an old user ID badge previously used for an attack. Sorting through the garbage of an organization to obtain information used for a subsequent attack.c om Implementation of proper environmental controls should be considered by administrators when recommending facility security controls because of which of the following? . Which of the following should be recommended? A.www.certkiller. Proper environmental controls helpensure availability of IT systems.com 115 Ce rtK ille A. Coaxial cable Answer: B QUESTION NO: 394 An administrator is selecting a device to secure an internal network segment from traffic external to the segment. B. C. B. Unshielded twisted pair cable B. Proper environmental controls provide integrity to IT systems. Fiber optic cable C. Sorting through the garbage of an organization to obtain information used for configuration management. Which of the following devices could be selected to provide security to the network segment? "Slay Your Exams" . Answer: B QUESTION NO: 392 Answer: B QUESTION NO: 393 An administrator is asked to recommend the most secure transmission mediA. Ethernet CAT5 cable D. C. Proper environmental controls make authentication simpler. Proper environmental controls provide redundancy to the facility. D. D. Sorting through the trash of an organization to obtain information found on their intranet.

NIPS B.com 116 Ce A.CompTIA SY0-201: Practice Exam A. PKI B.c om . administrators should always design programs to check which of the following? ille r. CA rtK To prevent the use of previously issued PKI credentials which have expired or otherwise become invalid.www. which of the following should an administrator ensure is available to their web servers? A. NIPS B. HIDS C. NIDS Answer: A.certkiller. HIPS D. A. Escrow D.D QUESTION NO: 396 Answer: B QUESTION NO: 397 To prevent the use of stolen PKI certificates on web servers. Firewall E. Internet content filter D. Content filter C. Key escrow "Slay Your Exams" . CRL D. CA C. DMZ Answer: A QUESTION NO: 395 Which of the following devices should be deployed to protect a network against attacks launched from a business to business intranet? (Select TWO). CRL C. Registration B.

PKI enabled smart card and a six-digit PIN C. A PKI enabled smart card. Which of the following authentication combinations is a three-factor system? A. strong password and 12-digit PIN B. Fingerprint scanner ille r. Key escrow D. Which of the following devices is the MOST reliable and has the lowest cross over error rate? om QUESTION NO: 399 117 .CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 398 Which of the following describes an implementation of PKI where a copy of a users private key is stored to provide third party access and to facilitate recovery operations? A.com rtK A. a user generated pass phrase and a palm reader Answer: B Ce "Slay Your Exams" . Handprint scanner C. an administrator decides to implement three-factor authentication. Recovery agent C. A retina scanner. Iris scanner B. Retina scanner D. Registration B. Asymmetric Answer: C Answer: C QUESTION NO: 400 To increase the security of the network authentication process.c A security administrator has been asked to deploy a biometric authentication system in a corporation. A fingerprint scanner.certkiller. An Iris scanner.www. PKI enabled smart card and badge proximity reader D.

The administrator further recommends installation of software based firewalls on each host on the network. The security administrator advises the marketing department not to distribute the USB pens due to which of the following? A. an administrator implements a series of proxy servers and firewalls.certkiller.CompTIA SY0-201: Practice Exam QUESTION NO: 401 To facilitate compliance with the Internet use portion of the corporate acceptable use policy. The cost associated with distributing a large volume of the USB pens D. DMZ Answer: A QUESTION NO: 402 The marketing department wants to distribute pens with embedded USB drives to clients.com rtK ille r. The security risks associated with combining USB drives and cell phones on a network Answer: A QUESTION NO: 403 USB drives create a potential security risk due to which of the following? A. Potential for software introduction Answer: D QUESTION NO: 404 Ce "Slay Your Exams" . Internet content filter B. The risks associated with the large capacity of USB drives and their concealable nature B. The security costs associated with securing the USB drives over time C.www. Widespread use D. Large storage capacity C. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive datA. Which of the following would have provided an alternative simpler solution? A. Operating system incompatibility B.c om 118 . Hardware IDS C. Software HIPS D.

A quantitative measurement of risk. RC4 D. security audits. To detect availability degradations caused by attackers rtK From a security standpoint. Answer: D "Slay Your Exams" . penetration tests. To detect host intrusions from external networks D. D. which of the following is the BEST reason to implement performance monitoring applications on network systems? ille QUESTION NO: 406 r. To detect network intrusions from external attackers B.www. impact and asset value D. A qualitative measurement of risk and impact B. An absolute measurement of threats Answer: C QUESTION NO: 405 Which of the following is a cryptographic hash function? A. RSA B. A survey of annual loss. potential threats and asset value C.com 119 Ce A. C. disaster exercises.c om . To detect integrity degradations to network attached storage C. risk assessments should be based upon which of the following? A. B.certkiller. SHA C.CompTIA SY0-201: Practice Exam As a best practice. vulnerability scans. ECC Answer: B Answer: D QUESTION NO: 407 All of the following are methods used to conduct risk assessments EXCEPT: A.

CompTIA SY0-201: Practice Exam

QUESTION NO: 408 After conducting a risk assessment, the main focus of an administrator should be which of the following? A. To report the results of the assessment to the users B. To ensure all threats are mitigated C. To ensure all vulnerabilities are eliminated D. To ensure risk mitigation activities are implemented Answer: D

QUESTION NO: 409 Which of the following is a BEST practice when implementing a new system? A. Disable unneeded services. B. Use group policies. C. Implement open source alternatives. D. Use default installations. Answer: A

QUESTION NO: 410

When installing and securing a new system for a home user which of the following are best practices? (Select THREE). A. Use a strong firewall. B. Block inbound access to port 80 C. Apply all system patches. D. Use input validation. E. Install remote control softwarE. F. Apply all service packs. Answer: A,C,F

QUESTION NO: 411 "Slay Your Exams" - www.certkiller.com 120

Ce

rtK

ille

r.c

om

CompTIA SY0-201: Practice Exam Which of the following describes a logic bomb? A. A piece of malicious code that can spread on its own B. A piece of malicious code that is concealed from all detection C. A piece of malicious code that executes based on an event or date D. A piece of malicious code that exploits a race condition Answer: C

QUESTION NO: 412 Which of the following is a prerequisite for privilege escalation to occur? A. The attacker has to create their own zero day attack for privilege escalation. B. The attacker must already have physical access to the system. C. The attacker must use a rootkit in conjunction with privilege escalation. D. The attacker must have already gained entry into the system. Answer: D

Which of the following is an example of an attack that executes once a year on a certain date? A. Virus B. Worm C. Logic bomb D. Rootkit Answer: C

QUESTION NO: 414 Which of the following is the GREATEST threat to highly secure environments? A. Network attached storage B. BIOS configuration C. RSA256 D. USB devices Answer: D

Ce
"Slay Your Exams" - www.certkiller.com

rtK

ille

QUESTION NO: 413

r.c

om

121

CompTIA SY0-201: Practice Exam QUESTION NO: 415 Management has asked a technician to prevent data theft through the use of portable drives. Which of the following should the technician implement? A. Install a CCTV system. B. Use security templates. C. Implement a biometric system. D. Disable USB drives. Answer: D

QUESTION NO: 416 A technician has been informed that many of the workstations on the network are flooding servers. Which of the following is the MOST likely cause of this? A. Worm B. Logic bomb C. Virus D. Spam Answer: A

QUESTION NO: 417

A. Apply all security patches to workstations. B. Apply security templates enterprise widE. C. Apply group policy management techniques. D. Monitor P2P program usage through content filters. Answer: A

QUESTION NO: 418 Which of the following is a security reason to implement virtualization throughout the network infrastructure? A. To analyze the various network traffic with protocol analyzers B. To centralize the patch management of network servers "Slay Your Exams" - www.certkiller.com 122

Ce

Which of the following BEST describes a way to prevent buffer overflows?

rtK

ille

r.c

om

CompTIA SY0-201: Practice Exam C. To isolate the various network services and roles D. To implement additional network services at a lower cost Answer: C

QUESTION NO: 419 Which of the following is a reason to use a Faraday cage? A. To allow wireless usage B. To minimize weak encryption C. To mitigate data emanation D. To find rogue access points Answer: C

QUESTION NO: 420

Weak encryption is a common problem with which of the following wireless protocols? A. WPA2-Enterprise B. WEP C. WPA2-Personal D. WPA Answer: B

QUESTION NO: 421

Which of the following describes a tool used by organizations to verify whether or not a staff member has been involved in malicious activity? A. Mandatory vacations B. Implicit deny C. Implicit allow D. Time of day restrictions Answer: A

QUESTION NO: 422

Ce
"Slay Your Exams" - www.certkiller.com

rtK

ille

r.c

om

123

Group policy implementation C. Least privilege B. Recovery agent D. Certificate authority C. Access control lists B.certkiller. Job rotation C. Use of logical tokens D. Cross-site scripting D. Separation of duties Answer: B QUESTION NO: 423 Which of the following will allow a technician to restrict a users access to the GUI? A. System administrator B. Security ID badges rtK Which of the following is the MOST common logical access control method? ille r. Access control lists B. Certificate revocation list Answer: B "Slay Your Exams" .CompTIA SY0-201: Practice Exam Which of the following is a cross-training technique where organizations minimize collusion amongst staff? A. Multifactor authentication D. Usernames and password C.com 124 Ce A.www. Password policy enforcement Answer: B QUESTION NO: 424 Answer: B QUESTION NO: 425 Which of the following verifies control for granting access in a PKI environment? A.c om .

com Answer: A rtK ille r. D.certkiller. Both keys are mathematically relateD.www. Backup generator B.WBerlinSans Answer: D QUESTION NO: 427 Which of the following is a countermeasure when power must be delivered to critical systems no matter what? A. C. The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption. The identification of USB drives B.c om 125 . Uninterruptible power supplies (UPSs) D. B. Both keys are mathematically relateD. The public key is only used by the client while the private key is available to all. Redundant power supplies C. The private key only decrypts the data while the public key only encrypts the datA. The private key is only used by the client and kept secret while the public key is available to all.CompTIA SY0-201: Practice Exam QUESTION NO: 426 Which of the following explains the difference between a public key and a private key? A. The identification of missing patches C. The identification of mantraps D. The identification of disgruntled staff members Answer: B Ce "Slay Your Exams" . Warm site QUESTION NO: 428 Which of the following is the MOST important step to conduct during a risk assessment of computing systems? A.

RADIUS B. Logical token B.certkiller.CompTIA SY0-201: Practice Exam QUESTION NO: 429 Which of the following tools will allow a technician to detect security-related TCP connection anomalies? A. NIDS Answer: C QUESTION NO: 432 Which of the following is the MOST important thing to consider when implementing an IDS solution? A. Anomaly-based D.c om . Public key infrastructure D. Signature-based B. NIPS Answer: C QUESTION NO: 431 A. Trusted platform module Answer: B QUESTION NO: 430 Which of the following monitoring methodologies will allow a technician to determine when there is a security related problem that results in an abnormal condition? A. Performance monitor C. OVAL C.www. The cost of the device "Slay Your Exams" . HIDS D.com 126 Ce Which of the following systems is BEST to use when monitoring application activity and modification? rtK ille r. NIDS C.

B. Document the existing network. Encrypt and Route B. Tunnel and Encrypt D. Distinguishing between false negatives C. RC5 Answer: D QUESTION NO: 435 Which of the following are the authentication header modes? A. The personnel to interpret results Answer: D QUESTION NO: 433 Which of the following is the FIRST step in the implementation of an IDS? A. D.www. MD5 B. Decide on the model.certkiller.CompTIA SY0-201: Practice Exam B. Purchase the equipment. Transport and Tunnel C. C.c QUESTION NO: 434 om 127 . Distinguishing between false positives D. Transport and Encrypt Answer: B QUESTION NO: 436 Ce "Slay Your Exams" . Decide on the typE. SHA-1 C.com rtK ille r. Answer: D Which of the following encryption algorithms is used for encryption and decryption of data? A. NTLM D.

validate. Provides confidentiality Answer: B QUESTION NO: 439 Which of the following describes the insertion of additional bytes of data into a packet? A.validate. Encapsulating D. Padding Answer: D Ce "Slay Your Exams" .CompTIA SY0-201: Practice Exam Which of the following would a technician use to check data integrity? A. Provides authorization D.certkiller. Provides non-repudiation B. Rivest cipher 4 D. TCP hijacking C. Sign. Header injection B.decipher. sign. Provides integrity C. Message authentication code Answer: D QUESTION NO: 437 Which of the following are the functions of asymmetric keys? A. encode and encrypt B. encode and verify D.com rtK ille QUESTION NO: 438 r. Decrypt. Encapsulating security protocol C.www. Encrypt. Decrypt. encrypt and verify C. Digital signature algorithm B. decrypt and verify Answer: D Which of the following is the purpose of the AH? A.c om 128 .

D. Remote access policy B. 8021x D. The authentication information hash will increase by one if the bytes remain the same on transfer.www. The false rejection rate B. Terminal access control C.CompTIA SY0-201: Practice Exam QUESTION NO: 440 Which of the following is true regarding authentication headers (AH)? A.com 129 Ce The method of controlling how and when users can connect in from home is called which of the following? rtK ille r. 80211a Answer: C QUESTION NO: 442 A. 80211g C.c om . Remote authentication Answer: A QUESTION NO: 443 Which of the following is the main limitation with biometric devices? A. 80211n B. B. They are expensive and complex "Slay Your Exams" . Virtual Private Networking (VPN) D. C. The authentication information may be the same on different packets if the integrity remains in placE. The authentication information is a keyed hash based on all of the bytes in the packet. Answer: A QUESTION NO: 441 Which of the following will allow wireless access to network resources based on certain ports? A. The authentication information hash will remain the same if the bytes change on transfer.certkiller.

DMZ D. The DRP coordinator Answer: A QUESTION NO: 445 Which of the following typically use IRC for command and control activities? A.www. Implicit allow C. The error human factor Answer: B QUESTION NO: 444 Who is ultimately responsible for the amount of residual risk? A. They can be easily fooled or bypassed D.CompTIA SY0-201: Practice Exam C. The senior management B. The organizations security officer D.c om 130 . Botnets Answer: D QUESTION NO: 446 When designing a firewall policy. which of the following should be the default action? A.com rtK ille r.certkiller. Logic bombs C. Worms D. Trojan B. Implicit deny Answer: D QUESTION NO: 447 Ce "Slay Your Exams" . Least privilege B. The security technician C.

A collision C. Integrity B. which of the following just occurred? A. large-scale mock exercises C. D. Amirror Answer: B QUESTION NO: 448 Which of the following type of protection is hashing used to provide? A. C. Answer: D QUESTION NO: 450 Which of the following is MOST likely to make a disaster recovery exercise valuable? A. Management participation Answer: C Ce "Slay Your Exams" . identifying all assets. B. obtaining management buy-in. patch management softwarE.CompTIA SY0-201: Practice Exam If hashing two different files creates the same result. A duplication B. system backups. Learning from the mistakes of the exercise D.c om 131 . Collision D.certkiller.com rtK ille QUESTION NO: 449 r. Revising the disaster recovery plan during the exercise B. Conducting intricate. A pseudo-random event D. Cryptographic randomness C. Confidentiality Answer: A All of the following are part of the disaster recovery plan EXCEPT: A.www.

Discretionary Access Control (DAC) B. Inheritance C. Mandatory Access Control (MAC) C. Adding a heat deflector B. Antivirus D. Role-based access control (RBAC) Answer: D Which of the following would MOST likely prevent a PC application from accessing the network? A.certkiller. Redundant HVAC systems "Slay Your Exams" .c om . Host-based firewall C. Virtualization B. HIDS Answer: B QUESTION NO: 454 A technician is investigating intermittent switch degradation. The issue only seems to occur when the buildings roof air conditioning system runs. Impedance B. Rule-base access control (RBAC) D.com 132 Ce rtK QUESTION NO: 453 ille r.CompTIA SY0-201: Practice Exam QUESTION NO: 451 Which of the following allows directory permissions to filter down through the sub-directory hierarchy? A. Which of the following would reduce the connectivity issues? A. Replication Answer: B QUESTION NO: 452 Which of the following access control models BEST follows the concept of separation of duties? A. Mirroring D.www.

D. XOR D.CompTIA SY0-201: Practice Exam C. 3DES C. Answer: B QUESTION NO: 458 Ce "Slay Your Exams" .www. SHA-1 B. Security template Answer: A QUESTION NO: 457 When testing a newly released patch.c QUESTION NO: 456 om 133 . Group policy C. C.certkiller. a technician should do all of the following EXCEPT: A. Configuration baseline B.com rtK ille r. deploy immediately using Patch Management. test it in a non-production environment. B. Which of the following algorithms provide this ability? A. verify the integrity of the patch. verify the patch is relevant to the system. Shielding D. Patch management D. AES Answer: A Which of the following describes the standard load for all systems? A. Add a wireless network Answer: C QUESTION NO: 455 A technician tracks the integrity of certain files on the server.

hybrid security testing techniques. C. C. B. active security testing techniques. passive security testing techniques. network sniffing. and file integrity checking are examples of: A. Rootkit Answer: C QUESTION NO: 459 Documentation review. passive security testing techniques. black box testing techniques. invasive security testing techniques. Conducted from outside the building that hosts the organizations servers Ce To determine whether a system is properly documented and to gain insight into the systems security aspects that are only available through documentation is the purpose of: "Slay Your Exams" . active security testing techniques. Conducted from outside the perimeter switch but inside the firewall B. rule-set review.com rtK ille r. system configuration review. invasive security testing techniques. Answer: C QUESTION NO: 461 Which of the following BEST describes external security testing? A.c om 134 . D. B.CompTIA SY0-201: Practice Exam A botnet zombie is using HTTP traffic to encapsulate IRC traffiC. Vulnerability scanner B. Answer: D QUESTION NO: 460 A. Proxy server C.www. D. Anomaly-based IDS D. Which of the following would detect this encapsulated traffic? A. log review.certkiller.

Conducted from outside the organizations security perimeter D. operating systems.com rtK ille r. it generates a high false-positive error ratE. applications. Conducting user awareness training D. B. Answer: D QUESTION NO: 464 Which of the following can BEST aid in preventing a phishing attack? A. Implementing two-factor authentication B. Conducted from outside the perimeter switch but inside the border router Answer: C QUESTION NO: 462 Port scanners can identify all of the following EXCEPT: A. Answer: C QUESTION NO: 463 All of the following are limitations of a vulnerability scanner EXCEPT: A. it generates less network traffic than port scanning. it only uncovers vulnerabilities for active systems.www. active hosts. Enabling complex password policies C. C. D. B.c om 135 . Requiring the use of stronger encryption Answer: C QUESTION NO: 465 Ce "Slay Your Exams" . C. vulnerabilities. it relies on a repository of signatures.certkiller. D.CompTIA SY0-201: Practice Exam C.

Warm site B. SHTTP B. Which of the following describes this scenario? A. D.www. LANs. WANs. Proxy server C. HTTPS D. One web server is connected to several distributed database servers. the Internet.CompTIA SY0-201: Practice Exam A travel reservation company conducts the majority of its transactions through a public facing website.com 136 Ce rtK ille r.c om . S/MIME Answer: C QUESTION NO: 467 One of the reasons that DNS attacks are so universal is DNS services are required for a computer to access: A. WLANs. Single point of failure Answer: D QUESTION NO: 466 Which of the following is MOST commonly used to secure a web browsing session? A. RAID D. B. Any downtime to this website results in substantial financial damage for the company.certkiller. SSH C. Answer: B QUESTION NO: 468 One of the security benefits to using virtualization technology is: "Slay Your Exams" . C.

Answer: D QUESTION NO: 470 Answer: C QUESTION NO: 471 Which of the following is the BEST reason for an administrator to use port address translation (PAT) instead of NAT on a new corporate mail gateway? A. C. B. PAT provides the mail gateway with protection on port 24 B. D. D. B. Hides the organizations external network addressing scheme "Slay Your Exams" . Answer: D Ce A.www. Publishes the organizations external network addressing scheme C. if one instance is compromised no other instances can be compromiseD. PAT provides the mail gateway with protection on port 25 D.com rtK ille An administrator wants to set up a new web server with a static NAT. applying a patch to the server automatically patches all instances.c om 137 . PAT allows external users to access the mail gateway on pre-selected ports. Hides the organizations internal network addressing scheme D. RAM will affect all virtual instances. Publishes the organizations internal network addressing scheme B. Answer: A QUESTION NO: 469 A virtual server implementation attack that affects the: A. C. Which of the following is the BEST reason for implementing NAT? r. PAT allows external users to access the mail gateway on random ports.CompTIA SY0-201: Practice Exam A. C. virtual instances are not affected by conventional port scanning techniques.certkiller. system registry will affect all virtual instances. disk partition will affect all virtual instances. OS kernel will affect all virtual instances. if an instance is compromised the damage can be compartmentalizeD.

TACACS r.certkiller. HIDS logs B. DTP on all ports D. LAN manager B. D.CompTIA SY0-201: Practice Exam QUESTION NO: 472 Which of the following describes a static NAT? A. A static NAT uses a many to one mapping. Proxy logs C.www.c om Which of the following if disabled will MOST likely reduce. but not eliminate the risk of VLAN jumping? . Answer: D QUESTION NO: 473 Answer: C QUESTION NO: 474 An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. B. A static NAT uses a one to one mapping. AV server logs D. C. Firewall logs Answer: D QUESTION NO: 475 Restricting access to files based on the identity of the user or group is an example of which of the following? "Slay Your Exams" .com 138 Ce rtK ille A. A static NAT uses a one to many mapping. A static NAT uses a many to many mapping. ARP caching C. Which of the following could BEST be used to confirm the administrators suspicions? A.

CompTIA SY0-201: Practice Exam A. CRL B. PKI C. MAC D. DAC Answer: D

QUESTION NO: 476 Restricting access to files based on the identity of the user or group and security classification of the information is an example of which of the following? A. RBAC B. DAC C. NTFS D. MAC Answer: D

QUESTION NO: 477

A. Role-Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Lightweight Directory Access Protocol (LDAP) D. Discretionary Access Control (DAC) Answer: A

QUESTION NO: 478 Which of the following would BEST describe a disaster recovery plan (DRP)? A. Addresses the recovery of an organizations business documentation B. Addresses the recovery of an organizations email C. Addresses the recovery of an organizations backup site D. Addresses the recovery of an organizations IT infrastructure "Slay Your Exams" - www.certkiller.com 139

Ce

rtK

A new Internet content filtering device installed in a large financial institution allows IT administrators to log in and manage the device, but not the content filtering policy. Only the IT security operation staff can modify policies on the Internet filtering devicE. Which of the following is this an example of?

ille

r.c

om

CompTIA SY0-201: Practice Exam Answer: D

QUESTION NO: 479 Which of the following is the primary objective of a business continuity plan (BCP)? A. Addresses the recovery of an organizations business operations B. Addresses the recovery of an organizations business payroll system C. Addresses the recovery of an organizations business facilities D. Addresses the recovery of an organizations backup site Answer: A

QUESTION NO: 480 A software manufacturer discovered a design flaw in a new application. Rather than recall the software, management decided to continue manufacturing the product with the flaw. Which of the following risk management strategies was adopted by management? A. Risk mitigation B. Risk avoidance C. Risk acceptance D. Risk transfer Answer: C

QUESTION NO: 481

Which of the following BEST describes an application or string of code that cannot automatically spread from one system to another but is designed to spread from file to file? A. Adware B. Worm C. Botnet D. Virus Answer: D

QUESTION NO: 482

Ce

"Slay Your Exams" - www.certkiller.com

rtK

ille

r.c

om

140

CompTIA SY0-201: Practice Exam Which of the following is considered an independent program that can copy itself from one system to another and its main purpose is to damage data or affect system performance? A. Virus B. Worm C. Spam D. Spyware Answer: B

QUESTION NO: 483 All of the following are considered malware EXCEPT: A. spam. B. Trojan. C. virus. D. logical bombs. Answer: A

QUESTION NO: 484

Answer: D

QUESTION NO: 485 Which of the following only looks at header information of network traffic? A. Internet content filter B. Packet filter C. Application firewall D. Hybrid firewall Answer: B "Slay Your Exams" - www.certkiller.com 141

Ce

A. Host-based B. Behavior-based C. Anomaly-based D. Signature-based

rtK

Which of the following NIDS configurations is solely based on specific network traffic?

ille

r.c

om

CompTIA SY0-201: Practice Exam

QUESTION NO: 486 Which of the following access control methods could the administrator implement because of constant hiring of new personnel? A. Rule-based B. Role-based C. Discretionary D. Decentralized Answer: B

QUESTION NO: 487 When using a single sign-on method, which of the following could adversely impact the entire network? A. Workstation B. Biometrics C. Web server D. Authentication server Answer: D

QUESTION NO: 488

RADIUS uses all of the following authentication protocols EXCEPT: A. PAP. B. CHAP. C. EAP. D. L2TP. Answer: D

QUESTION NO: 489 A HIDS is installed to monitor which of following?

Ce

"Slay Your Exams" - www.certkiller.com

rtK

ille

r.c

om

142

Temporary Internet files Answer: C QUESTION NO: 490 Which of the following intrusion detection systems uses statistical analysis to detect intrusions? A. CPU performance B. Signature B. System files D.c om 143 . Anomaly D. Honeynet C. Knowledge Answer: C QUESTION NO: 491 Answer: C QUESTION NO: 492 Which of the following is a system that will automate the deployment of updates to workstations and servers? A. Protocol B.certkiller. Anomaly rtK ille Which of the following intrusion detection systems uses well defined models of how an attack occurs? r. Behavior C.www. Service pack B.CompTIA SY0-201: Practice Exam A. Remote access C. Installer package Answer: C Ce "Slay Your Exams" . NIC performance C. Patch management D.com A. Signature D.

Password B. Flash the BIOS Answer: A Which of the following is a method to apply system security settings to all workstations at once? A.www. Encrypt the hard drive C. Internet content filter B. Control panel D. Group policy C. A security template Answer: D QUESTION NO: 495 Which of the following would be a method of securing the web browser settings on all network workstations? A. P2P software Answer: B QUESTION NO: 496 Which of the following is a limitation of a HIDS? Ce "Slay Your Exams" .CompTIA SY0-201: Practice Exam QUESTION NO: 493 A user is concerned with the security of their laptops BIOS. Which of the following will make the BIOS more secure? A. Configuration baseline D. Create an access-list D. Policy analyzer B.com rtK ille r. The user does not want anyone to be able to access control functions except themselves.certkiller. Patch management C.c om QUESTION NO: 494 144 .

certkiller.c om 145 . B. Authentication D. D. SSL C. The technician has created many shares on the storagE. SSL/TLS B. Recovery agent D. Least privilege Answer: D QUESTION NO: 498 Which of the following is an example of a trust model? A. Someone must manually review the logs. MIME D. Separation of duties B. It does not capture MAC addresses. Full control C. SMTP B.com rtK ille r. It requires an open port on the firewall. Internet key exchange C. S/MIME Answer: D Ce "Slay Your Exams" .www. C. Which of the following is the MOST secure way to assign permissions? A. They are difficult to install.CompTIA SY0-201: Practice Exam A. Managing the CA relationships Answer: D QUESTION NO: 499 Which of the following is the common mail format for digitally signed and encrypted messages? A. Answer: B QUESTION NO: 497 A technician has implemented a new network attached storage solution for a client.

CompTIA SY0-201: Practice Exam QUESTION NO: 500 Which of the following is the common way of implementing cryptography on network devices for encapsulating traffic between the device and the host managing them? A. then which of the following is this referring to? A.com rtK ille r. Signature-based B. SMTP Answer: C QUESTION NO: 501 Which of the following describes penetration testing? A. Heuristic-based D. Anomaly-based C.c om 146 . Detecting active intrusions D. Hacking into a network for malicious reasons C. SNMP C.certkiller. Establishing a security baseline Answer: A QUESTION NO: 502 When an IDS is configured to match a specific traffic pattern. Simulating an actual attack on a network B. Behavior-based Answer: A QUESTION NO: 503 An application that gets downloaded onto a system by appearing to be a useful tool for cleaning out duplicate contacts in a users emails would be considered: Ce "Slay Your Exams" .www. S/MIME B. SSH D.

the performance baselinE.CompTIA SY0-201: Practice Exam A. POP3. A protocol analyzer C. and ICMP packets on the network. hardening. DNS. C. spam. yesterdays performancE. A vulnerability scan D. This is an example of which of the following? A. a NIDS. a personal software firewall. themanufacturers websitE. Answer: D QUESTION NO: 504 Installing an application on every desktop in a companys network that watches for possible intrusions would be an example of: A. a worm. a Trojan. B.com rtK ille r. B.certkiller. C. D. D. spyware. a HIDS. Answer: A QUESTION NO: 506 An administrator runs a tool checking SMTP. D. Answer: A QUESTION NO: 505 An administrator suspects an issue retrieving files on the network and accesses the file servers performance monitor to check the results against: A.c om 147 . B.www. C. A port scanner B. A penetration test Ce "Slay Your Exams" . the system monitor.

CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 507 A company runs a backup after each shift and the main concern is how quickly the backups are completed between shifts. C. Recovery time should be kept to a minimum. differential backup. incremental backup. SSO. Which of the following is this an example of? r. This is an example of: A. B. SSO C.c om 148 .www. the administrator has implemented an authentication system requiring the use of a username. D. ACL D. shadow copy. B. multifactor authentication. Least privilege rtK ille Users should be able to access their email and several secure applications from any workstation on the network. mutual authentication. Answer: C Ce "Slay Your Exams" . C. password. The administrator decides that backing up all the data that has changed during the last shift is the best way to go. This would be considered a: A. Three factor authentication B. biometrics. Additionally. full backup. Answer: A QUESTION NO: 508 Answer: B QUESTION NO: 509 Both the client and the server authenticate before exchanging datA. and a company issued smart card.certkiller.com A. D.

Check DNS records regularly. PGP B.CompTIA SY0-201: Practice Exam QUESTION NO: 510 Which of the following could be used to institute a tunneling protocol for security? A. IPX/SPX B.certkiller. Use personal firewalls to block port 53 C. ECC D. Ping the DNS server every minute to verify connectivity. SHA-1 C. B. Blowfish Answer: A QUESTION NO: 512 Which of the following is used for securing communication between a client and a server? A. FTP Answer: C QUESTION NO: 511 Which of the following is an encryption program used to secure email and voice over the Internet? A. Set PTR records to purge daily. S/MIME C. D. EAP C.www. NTLM B.com rtK ille r.c om 149 . IPSec D. Ce "Slay Your Exams" . SMTP Answer: A QUESTION NO: 513 Which of the following processes are used to monitor and protect the DNS server? A. MD5 D.

Which of the following is this contract an example of? A. RAID 5 drive array Answer: B QUESTION NO: 517 Which of the following asymmetric encryption algorithms was utilized FIRST? Ce "Slay Your Exams" .c om 150 . Redundant ISP C. User education D.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 514 Which of the following is the MOST effective method for stopping a phishing attempt? A. SLA C.certkiller. Due diligence D. Up-to-date antivirus definitions B. SPAM filters Answer: C QUESTION NO: 515 A corporation has a contractual obligation to provide a certain amount of system uptime to a client.www. Uninterruptible Power Supply (UPS) B. Redundant servers D. Paper shredders C. Redundancy Answer: B QUESTION NO: 516 Which of the following would allow for a network to remain operational after a T1 failure? A. PII B.com rtK ille r.

RADIUS C. User ID and password B.c om 151 . Smart card and PIN C.com rtK A. DES Answer: D QUESTION NO: 518 A ticket granting server is an important concept in which of the following authentication models? A.www. Whirlpool D. Fingerprint reader and iris scanner D. HVAC C. AES B. Serpent C. Smart card and ID badge ille Which of the following is an example of two-factor authentication? r. CHAP Answer: C QUESTION NO: 519 Answer: B QUESTION NO: 520 Which of the following could physically damage a device if a long term failure occurred? A.CompTIA SY0-201: Practice Exam A. OVAL B.certkiller. Kerberos D. Shielding Answer: B Ce "Slay Your Exams" . PAP B. Battery backup system D.

D. Confidentiality of data Ce "Slay Your Exams" .c om 152 . Introduce crosstalk. Remove a vampire tap. B. Install a zombiE. C. C. Integrity of data B. Answer: C QUESTION NO: 522 Which of the following is the BEST method for securing the data on a coaxial network? A. D.www. Weld all terminators to the cable ends. P^s5W0rd Answer: A QUESTION NO: 524 Which of the following is the GREATEST security risk regarding removable storage? A. Make sure all terminators are groundeD. F%r3Walke3r C. Run all new cables parallel to existing alternating current (AC) cabling. Availability of data D. Not enough space available C. C0mpt!a2**8 D.com rtK ille r. B. Run all cables through a conduit. Remove a terminator. Answer: B QUESTION NO: 523 Which of the following is the weakest password? A. Indu5tr1als B.CompTIA SY0-201: Practice Exam QUESTION NO: 521 Which of the following is the easiest way to disable a 10Base2 network? A.certkiller.

Time of day restriction D. Spam D. Which of the following would BEST allow for the manager to control when the employees are on the network? A. Trojan Answer: D QUESTION NO: 526 Which of the following allows for a user to have only the minimum level of access required for their job duties? A. User account expiration C.c om 153 . Least privilege B. Job rotation D. Privilege escalation C. Worm C. Implicit deny Answer: A QUESTION NO: 527 A manager needs to control employee overtimE.com rtK ille r. Domain password policy Answer: C QUESTION NO: 528 Which of the following BEST describes hashing? Ce "Slay Your Exams" . Botnet B.CompTIA SY0-201: Practice Exam Answer: D QUESTION NO: 525 Which of the following mimics a legitimate program in order to steal sensitive data? A.certkiller.www. Access control list B.

Which of the following should the administrator check FIRST? A. The final CRC of the key packet rtK Which of the following is the critical piece of an encrypted communication that must be kept secret? ille r. The initial salt value C. D. Password expiration D.com 154 Ce A. Network mapper Answer: C QUESTION NO: 530 Answer: B QUESTION NO: 531 A PC is rejecting push updates from the server. Vulnerability assessment B. Computing a unique mathematic identifier in order to prevent change during transport. Computing a unique mathematic identifier in order to detect change during transport.CompTIA SY0-201: Practice Exam A. all other PCs on the network are accepting the updates successfully.www. Answer: D QUESTION NO: 529 Which of the following is MOST likely to crash a workstation? A. The encryption algorithm D. Penetration test D. B.c om . Anti-spyware "Slay Your Exams" . Local firewall C. Protocol analyzer C. C. Encrypting the data payload and computing a unique mathematic identifier in order to detect change during transport. Encrypting the data payload and computing a unique mathematic identifier in order to prevent change during transport. Pop-up blocker B.certkiller. The key exchange algorithm B.

certkiller.com rtK ille r. A review of NTLM hashes on the domain servers B.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 532 Which of the following describes an encrypted connection across public communication lines? A. EAP D. When the administrator attempts to remotely control a users PC the attempt fails. which of the following should be implemented? A. CHAP Answer: B QUESTION NO: 533 After a period of high employee turnover. A review of group policies C. The HIPS on the remote PC D. TACACS B. The HIPS on the local PC Answer: C QUESTION NO: 535 Ce "Slay Your Exams" .Which of the following should the administrator check FIRST? A.www.c om 155 . The antivirus settings on the remote PC C. A review of storage and retention policies Answer: C QUESTION NO: 534 All PCs in a network share a single administrator ID and passworD. The antivirus settings on the local PC B. VPN C. A review of user access and rights D.

C.c om . KEA. C. Collision B. Answer: B "Slay Your Exams" . Public key of the receiver Answer: B QUESTION NO: 537 Answer: A QUESTION NO: 538 All of the following are organizational policies that reduce the impact of fraud EXCEPT: A. D. Privatekey of the sender C. Diffie-Hellman. job rotation. D. Birthday attack C. Privatekey of the receiver B. B. separation of duties. Man-in-the-middle rtK Which of the following describes a weakness of the hash functions? ille r. B.CompTIA SY0-201: Practice Exam All of the following are considered key exchange protocols EXCEPT: A. Answer: D QUESTION NO: 536 Which of the following keys is generally applied FIRST to a message digest to provide nonrepudiation using asymmetric cryptography? A. Collusion D.certkiller.www.com 156 Ce A. escorting procedures. Public key of the sender D. RSA. password complexity rules. SAFER.

Rule-based IDS Answer: A QUESTION NO: 542 Which of the following algorithms is faster when encrypting data? Ce "Slay Your Exams" . C. Signature-based IDS C. D. C.CompTIA SY0-201: Practice Exam QUESTION NO: 539 A technician is conducting a forensics analysis on a computer system. Contain the attack. B. D. Which of the following should be done FIRST? A. Search for Trojans.www. Answer: C QUESTION NO: 540 A technician noticed a remote attack taking place on a system. Disconnect the system from the network. Which of the following should be done FIRST? A. Event-based IDS D. Follow the incident management procedure in placE.certkiller. Analyze temporary files. B. Anomaly-based IDS B.c om 157 . QUESTION NO: 541 Which of the following IDS generally follows a learning process? A. Respond to the attacker. Get a binary copy of the system. Look for hidden files.com rtK Answer: D ille r.

For use in an investigation in the future Answer: D QUESTION NO: 544 Answer: A QUESTION NO: 545 Which of the following logs shows when the workstation was last shutdown? A. Security C.www. Copy or save the logs to a remote log server. C. B.com rtK A. For complying with payment card industry (PCI) requirements B. Access D. For use in disaster recovery of the DNS server D.certkiller. Whole disk encryption algorithms D. System Answer: D Ce "Slay Your Exams" . Log all failed and successful login attempts. Deny administrators all access to log files to prevent write failures.CompTIA SY0-201: Practice Exam A.c om 158 . Change security settings to avoid corruption. For complying with PII requirements C. Asymmetric key algorithms Answer: A QUESTION NO: 543 Which of the following is a reason why DNS logs should be archived? A. DHCP B. D. ille Which of the following is a best practice for securing log files? r. Symmetric key algorithms B. Public key algorithms C.

A remote protocol analyzer D. TCPDump and Wireshark are commonly used for which of the following? A. Determining who logged on to a machine last night atmidnight B.certkiller.www. DDOS attacks D. Determining how many users are logged onto the domain controller C. A TACACS+ implementation C. Review user access and rights C. Determining what the speed is on the external interface of a firewall Ce "Slay Your Exams" . Mitigate vulnerabilities B. A network mapper Answer: A QUESTION NO: 548 Snort. Host monitoring C. Draft an email retention policy Answer: B QUESTION NO: 547 Which of the following tools is commonly used to detect security anomalies on a host? A. Set strong password requirements D.com rtK ille r. Network sniffing Answer: D QUESTION NO: 549 Which of the following would typically require the use of a network protocol analyzer? A. Port scanning B.c om 159 . Determining why authentication between two machines failed D. A file system integrity checker B.CompTIA SY0-201: Practice Exam QUESTION NO: 546 Which of the following is a best practice auditing procedure? A.

Location C. B. The malware may be implementing a proxy server for command and control.certkiller. Decryption of encrypted network traffic C. The malware may be running at a more privileged level than the antivirus softwarE.Which of the following is a common attribute used to determine which domain a user or computer belongs to? om QUESTION NO: 551 160 . Disabled network interface on a server D. Passive sniffing of local network traffic Answer: A Answer: B QUESTION NO: 552 Malware that uses virtualization techniques can be difficult to detect because of which of the following? A. D.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 550 Which of the following security related anomalies are MOST likely to be detected by a protocol analyzer? A. Many malformed or fragmented packets B.c Users and computers are generally grouped into domains for security purposes. C. MAC address B.com rtK ille A. A portion of the malware may have been removed by the IDS. OS r.www. Answer: D QUESTION NO: 553 Ce "Slay Your Exams" . The malware may be using a Trojan to infect the system. Password D.

syslog Answer: D QUESTION NO: 555 Answer: B QUESTION NO: 556 Which of the following can be used to centrally manage security settings? A. NIDS Answer: B "Slay Your Exams" . To reduce the number of physical devices needed B. To hide the encryption being used in the honeynet C.c om . Cross-site scripting B.com 161 Ce A. Continuity rtK Audit trails are used for which of the following? ille r.www.certkiller. ipfilter B. Accountability C.CompTIA SY0-201: Practice Exam Which of the following is a reason why virtualization techniques are often used to implement a honeynet? A. rlogin D. To reduce the number of connections allowed Answer: A QUESTION NO: 554 Which of the following is an industry standard for remote logging? A. Authorization D. Group policy C. Availability B. To slow the intruders network connection speed D. Service pack D. RDP C.

Penetration testing removes malware if found during a scan C. Hire an independent consultant.certkiller. B. SQL servers om Which of the following activities is MOST closely associated with DLL injection? 162 .c A. Answer: D QUESTION NO: 558 Answer: A QUESTION NO: 559 A. Penetration testing B. B. Ce Which of the following is true about penetration testing or vulnerability assessments? "Slay Your Exams" . Use a reciprocal agreement. Vulnerability assessment exploits a weakness in a system D. C. The antivirus software will not run because it needs a BIOS passworD. Vulnerability assessment verifies incidence response B. Network mapping C. D. The system may be changed to boot from alternative mediA. Test the recovery plan.com rtK ille r.CompTIA SY0-201: Practice Exam QUESTION NO: 557 Which of the following is a best practice disaster recovery strategy? A. Vulnerability assessment D.www. Penetration testing exploitsa vulnerability Answer: D QUESTION NO: 560 Which of the following is a security risk of not password protecting the BIOS? A. Spend at least 5% of the IT budget.

Answer: A QUESTION NO: 561 Executing proper logging procedures would be the proper course of action in which of the following scenarios? (Select TWO). Investigate suspicious queries to the DNS server. The authentication system may be subverteD. C. B. Ignore suspicious queries to the DNS server.com rtK A. The log may fill up with extraneous information.CompTIA SY0-201: Practice Exam C. Monitor suspicious queries to the DNS server in real timE. Need to capture monitor network traffic in real time Answer: B. The events may not contain enough details. D.certkiller. A. D. C. ille Executing proper logging procedures would facilitate which of the following requirements? r. Need to prevent users from logging on to the system E. D. A virus may corrupt the SCSI settings and the system will not boot. Need to know which files have been accessed C.c om 163 .C QUESTION NO: 562 Answer: B QUESTION NO: 563 Which of the following is a concern when setting logging to a debug level? A. Answer: A Ce "Slay Your Exams" . Some important events will not get loggeD.www. B. Need to know who is logging on to the system D. The device or application will only operate in test modE. Need to prevent access to a file or folder B. Block suspicious queries to the DNS server.

Agentless D.E QUESTION NO: 565 Which of the following malicious activities might leave traces in a DNS log file? A. Agent based C. log settings and which of the following? A. Phishing Answer: B QUESTION NO: 566 A. Open ID B. The amount of disk space required Answer: A.c om . Hijacking B. The information that is needed to reconstruct events B. ActiveX Answer: C QUESTION NO: 567 Common settings configured on an Internet content filtering device are database update settings. Content rules "Slay Your Exams" .www.certkiller. A. False positive threshold B.com 164 Ce Which of the following NAC scanning types is the LEAST intrusive to the client? rtK ille r.CompTIA SY0-201: Practice Exam QUESTION NO: 564 Which of the following should be considered when executing proper logging procedures? (Select TWO). Poisoning C. The password requirements for user accounts D. Caching D. The number of disasters that may occur in one year C. The virtual memory allocated on the log server E.

D. Set up an email proxy in the DMZ and the email server in the internal network.CompTIA SY0-201: Practice Exam C. Resetting an employee password C. Set up an email proxy on the Internet and an email server in the internal network. which of the following may be revealed? A. User access and rights review D. C. Performance settings Answer: B QUESTION NO: 568 Which of the following activities commonly involves feedback from departmental managers or human resources? A. Accounts that need to be removed Answer: D QUESTION NO: 570 Which of the following is the BEST option for securing an email infrastructure? A. Anomaly settings D.www. Answer: D QUESTION NO: 571 Ce "Slay Your Exams" . Passwords with dictionary words C.certkiller. Passwordsthat are blank D. Setting system performance baseline Answer: C While auditing a list of active user accounts. Clearing cookies from the browser B.c QUESTION NO: 569 om 165 .com rtK ille r. B. Set up an email proxy on the Internet and an email server in the DMZ. Set up the email server in a DMZ. Accounts with weak passwords B.

Collect system temporary files. Encryption B. Key Distribution Center rtK Which of the following key types does Kerberos use? ille r. Time of day restrictions D. D. Perform a binary copy of the system. Apply retention policies on the log files.CompTIA SY0-201: Practice Exam Which of the following provides the BEST mechanism for non-repudiation? A. A. Least privilege Answer: C QUESTION NO: 573 Answer: C QUESTION NO: 574 Which of the following are recommended security measures when implementing system logging procedures? (Select TWO). Message digests C.com A. C.www. B. Separation of duties B. Ticket Grating Service B. Ce "Slay Your Exams" . Digital signatures D.c om 166 . Message authentication codes Answer: C QUESTION NO: 572 Which of the following is the BEST logical access control method for controlling system access on teams working in shifts? A.certkiller. Perform hashing of the log files. Asymmetric keys D. Symmetric keys C. Job rotation C.

External network traffic E.com 167 Ce rtK ille Which of the following BEST describes actions pertaining to user account reviews? (Select TWO). the symmetric key of the owner. "Slay Your Exams" . E. the version of the certificatE. User account reports are periodically extracted from systems and employment verification is performeD. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization. Perform CRC checks.C QUESTION NO: 577 All of the following are attributes of an x.CompTIA SY0-201: Practice Exam E. C. User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes. D. A. Systems capacity and performance D. Systems clock synchronization C. Answer: B. the public key of the owner.C QUESTION NO: 576 A.www.certkiller. VLAN segment of the systems B.c om .509 certificate EXCEPT: A. User accounts reports are periodically extracted from systems and end users are informed. r. Network security zone of the systems Answer: B.D QUESTION NO: 575 Which of the following should be considered when implementing logging controls on multiple systems? (Select TWO). B. C. B. User accounts reports are periodically extracted from systems and user access dates are verified Answer: A.

One replaces blocks with other blocks while the other rearranges only. speeD. B. storage capacity. The technician is skeptical because the antivirus definitions on the machine are up-to-datE.CompTIA SY0-201: Practice Exam D. D. SQL injection B.certkiller. B.c om 168 . physical sizE. OS compatibility. One is a symmetric block cipher and the other is asymmetriC. the issuer. Answer: A QUESTION NO: 578 A user complains that pop-up windows continuously appear on their screen with a message stating that they have a virus and offering to see a program that will remove it.www. Spyware C. Adware D. One rearranges and replaces blocks while the other rearranges only. C. Answer: B Ce "Slay Your Exams" . Which of the following BEST describes what the user is seeing? A.com rtK A. One replaces blocks while the other rearranges and replaces only. ille The GREATEST security concern in regards to data leakage with USB devices is: r. C. SMTP open relay Answer: C QUESTION NO: 579 Answer: B QUESTION NO: 580 Which of the following is the main difference between a substitution cipher and a transposition cipher when used to encode messages? A. D.

physical access controls. Voltage regulator B. Encrypting all network traffic B. password complexity rules. Redundant power supplies "Slay Your Exams" . Battery backup D. RADIUS Answer: C QUESTION NO: 584 To prevent disk integrity errors due to small line-power fluctuations. Network placement D. Continued tuning C. C. Answer: B QUESTION NO: 582 Which of the following reduces effectiveness when deploying and managing NIPS? A. Reviewing the logs Answer: A QUESTION NO: 583 Which of the following authentication methods prevents a replay attack from occurring? A. Kerberos D. CHAP C. Line conditioner C. L2TP B. D. retention periods.CompTIA SY0-201: Practice Exam QUESTION NO: 581 All of the following can be found in the document retention policy EXCEPT: A. B.certkiller. a system administrator should install which of the following? A. type of storage mediA.www.com 169 Ce rtK ille r.c om .

Security templates Answer: D Answer: D QUESTION NO: 587 Which of the following is a password cracker? A.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 585 Which of the following is the BEST way to mass deploy security configurations to numerous workstations? A. Cain & Abel C.com rtK A.www. To provide an environment where malware can be executed with minimal risk to equipment and software ille r.certkiller. To provide a virtual collaboration environment to discuss security research C. WireShark D. NMAP Answer: B QUESTION NO: 588 Ce "Slay Your Exams" . Configuration baseline C. To provide an environment where new network applications can be tested D. CORE Impact B. Patch management D. Security hotfix B. To provide a secure virtual environment to conduct online deployments B.c Virtual machines are MOST often used by security researchers for which of the following purposes? om QUESTION NO: 586 170 .

Poisoning D. Dumpster diving B. Striping without parity B.certkiller. Chain of custody B.CompTIA SY0-201: Practice Exam Which of the following characteristics of RAID increases availability? A. Viruses Answer: A Which of the following would BEST prevent the spread of a hoax? A. User education C. Privilege escalation Answer: A "Slay Your Exams" . Phishing C. Default account C. Up-to-date anti-spyware definitions Answer: B QUESTION NO: 591 Which of the following is a term referring to the situation when a programmer leaves an unauthorized entry point into a program or system? A. Low cost Answer: B QUESTION NO: 589 A document shredder will BEST prevent which of the following? A. Up-to-date antivirus definitions D. Mirroring C. Kiting D. Back door B.c om .www.com 171 Ce rtK ille QUESTION NO: 590 r. Shoulder surfing D.

Airsnort B. Fingerprint reader D.com rtK ille r. Which of the following documents would provide this? Ce "Slay Your Exams" . Smurf C.c om 172 . User ID and password Answer: D QUESTION NO: 595 An attorney demands to know exactly who had possession of a piece of evidence at a certain time after seizurE. Installation key B. Physical token and a password C. DoS Answer: D QUESTION NO: 593 Which of the following would refer to a key fob with a periodically changing number that is used as part of the authentication process? A. Physical token Answer: D QUESTION NO: 594 Which of the following is the MOST common method of one-factor authentication? A. Teardrop D.CompTIA SY0-201: Practice Exam QUESTION NO: 592 Which of the following refers to a system that is unable to accept new TCP connections due to a SYN flood attack? A. Biometric device C. Smart card and a PIN B.www.certkiller. Hardware lock D.

PAP changes its initialization vector with each packet. C. ille Which of the following is a drawback of using PAP authentication? r.certkiller. Recovery agent C. Change management Answer: B QUESTION NO: 596 Which of the following prevents damage to evidence during forensic analysis? A. Due process D. D. Public key infrastructure B. Due diligence B. PAP sends all passwords across the network as clear text. Drive recovery tools Answer: C QUESTION NO: 597 Answer: D QUESTION NO: 598 Which of the following BEST describes using a third party to store the public and private keys? A.c om 173 . Write-only drive connectors B.CompTIA SY0-201: Practice Exam A.www. B. Key escrow D. Chain of custody C. Drive sanitization tools C.com rtK A. PAP only authenticates between same vendor servers. Read-only drive connectors D. Registration authority Answer: C Ce "Slay Your Exams" . PAP requires that both workstations mutually authenticatE.

EAP B. SSO C. Single-factor authentication Answer: D QUESTION NO: 601 A user ID. Internet mail "Slay Your Exams" . Which of the following is this an example of? A. Single-factor authentication D. WPA2 D. ActiveX controls C. PIN. SSO B.www. CHAP C. RAS Answer: B QUESTION NO: 600 A biometric fingerprint scanner is an example of which of the following? A.com 174 Ce rtK ille r. Three-factor authentication D. Three-factor authentication Answer: B QUESTION NO: 602 Which of the following would be disabled to prevent SPIM? A. Two-factor authentication B. P2P B.c om . Two-factor authentication C.CompTIA SY0-201: Practice Exam QUESTION NO: 599 Which of the following requires the server to periodically request authentication from the client? A. Instant messaging D.certkiller. and a palm scan are all required to authenticate a system.

certkiller. which of the following must happen during a power outage before an uninterruptible power supply (UPS) drains its battery? A. C. Answer: B QUESTION NO: 605 Which of the following would give a technician the MOST information regarding an external attack on the network? A. B. Answer: D QUESTION NO: 604 According to a good disaster recovery plan. Full electrical service is restoreD. A hash is a unique number that is generated based upon the files contents and used as the SSL key during downloaD.www. D. Firewall Answer: C "Slay Your Exams" .c om .com 175 Ce rtK ille r. A hash is a unique number that is generated after the file has been encrypted and used as the SSL key during downloaD. C. Which of the following BEST describes a hash? A. A hash is a unique number that is generated based upon the TCP/IP transmission header and should be verified before downloaD. B. The PKI CA is relocateD.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 603 A user sees an MD5 hash number beside a file that they wish to downloaD. The single point of failure is remedieD. A hash is a unique number that is generated based upon the files contents and should be verified after downloaD. Proxy server C. NIDS D. D. The backup generator activates. Internet content filter B.

Account expiration B. Performance log C. Domain password policy C.certkiller. Antivirus logs Answer: A QUESTION NO: 609 Which of the following would BEST allow an administrator to find the IP address of an external attacker? Ce "Slay Your Exams" . Logical tokens D. ACL B.c om 176 . Account lockout D.www. Access logs B.CompTIA SY0-201: Practice Exam QUESTION NO: 606 Which of the following would BEST prevent night shift workers from logging in with IDs and passwords stolen from the day shift workers? A. Domain password policy Answer: B QUESTION NO: 607 Which of the following would BEST ensure that users have complex passwords? A. Which of the following would BEST allow for the user to be identified? A. Time of day restriction C. Firewall logs D. Time of day restrictions Answer: B QUESTION NO: 608 A technician finds that a malicious user has introduced an unidentified virus to a single file on the network.com rtK ille r.

DES with SHA-1 C. D. C. PGP with SHA-1 D. Perform a penetration test. Apply a security patch from the vendor. AES Answer: C QUESTION NO: 612 Which of the following BEST allows for a high level of encryption? A. Update the antivirus definition filE. NTLM B. Firewall logs D.www.certkiller. Antivirus logs B. which of the following nonintrusive actions should an administrator take to verify that the vulnerability was truly removed? A. Performance logs Answer: C QUESTION NO: 610 After performing a vulnerability analysis and applying a security patch. Answer: C QUESTION NO: 611 Which of the following could be used by a technician needing to send data while ensuring that any data tampering is easily detectible? A. B. AES with ECC B. SHA-1 D. 3DES with MD5 Answer: A Ce "Slay Your Exams" .com rtK ille r.c om 177 . LANMAN C.CompTIA SY0-201: Practice Exam A. Repeat the vulnerability scan. DNS logs C.

Injection D. r.c om After reading about the vulnerability issues with open SMTP relays. protocol analyzer.CompTIA SY0-201: Practice Exam QUESTION NO: 613 Which of the following is the primary security risk associated with removable storage? A. Privilege escalation Answer: C QUESTION NO: 616 "Slay Your Exams" . Integrity Answer: B QUESTION NO: 614 Answer: D QUESTION NO: 615 A companys accounting application requires users to be administrators for the software to function correctly. Security template D. Availability B. B. network mapper. Confidentiality C. D. Because of the security implications of this.www. C. a technician runs an application to see if port 25 is open.com 178 Ce rtK ille A. a network administrator builds a user profile which allows the user to still use the application but no longer requires them to have administrator permissions. Configuration baseline B. vulnerabilityscan. Group policy C.certkiller. port scan. Which of the following is this an example of? A. This would be considered a: .

The file server crashes on Wednesday afternoon.m. Two C. Daily differential backups C. Which of the following is the BEST recommendation? "Slay Your Exams" . Full backups every day B. Four Answer: C QUESTION NO: 618 A.www. how many tapes will the technician need to restore the data on the file server for Thursday morning? A.CompTIA SY0-201: Practice Exam Which of the following backup techniques resets the archive bit and allows for the fastest recovery? A. The company is looking for a compromise between speed of backup and speed of recovery. Incremental backup Answer: A QUESTION NO: 617 The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p. One B. ACL Ce A company is addressing backup and recovery issues. Differential backup D. Three D.certkiller. Full backups weekly with differential backups daily D.c om 179 . Shadow copies C. Weekly differential with incremental backups daily Answer: C QUESTION NO: 619 Which of the following would define document destruction requirements? A.com rtK ille r. Full backup B.

patches and hotfixes immediately.com A.c om 180 . Storage and retention policies Answer: D QUESTION NO: 620 Part of a standard policy for hardening workstations and servers should include applying the company security template and: A. installing the NIDS.CompTIA SY0-201: Practice Exam B.certkiller. Anomaly-based monitoring B. D. Trojan C. NIDS C. Signature-based monitoring D. disabling SSID broadcast.E QUESTION NO: 622 Which of the following hidden programs gathers information with or without the users knowledge with the primary purpose of advertising? A.www. closing unnecessary network ports. Spyware D. Worm B. B. User access and rights review policies C. C. Virus Answer: C Ce "Slay Your Exams" . Behavior-based monitoring rtK ille Setting a baseline is required in which of the following? (Select TWO). NIPS E. r. applying all updates. Group policy D. Answer: B QUESTION NO: 621 Answer: A.

Logical access E. which of the following items should be included in the assessment? (Select THREE). g. WPA B. Off-site data storage D. A. WEP 128-bit Answer: B QUESTION NO: 624 Answer: B QUESTION NO: 625 When conducting an environmental security assessment. Hot site C. Fire detection Answer: A.c om Which of the following sites has the means (E. equipment.CompTIA SY0-201: Practice Exam QUESTION NO: 623 Which of the following provides best practice with a wireless network? A. Warm site B.F QUESTION NO: 626 Ce "Slay Your Exams" . Card access system C. Cold site r.com rtK ille A. Reciprocal site D. HVAC B. software. WPA with RADIUS C. 3DES with RADIUS D.www. and communications) to facilitate a full recovery within minutes? 181 .E.certkiller. Utilities F.

The recommended placement of a NIDS would be: ille r. D. B. often the attacker will upload various tools that can be used at a later date. The attacker could use which of the following to hide these tools? A. inside the firewall. Identification and authorization D. Full-duplex C. Auto D.c om 182 . the NIC has to be placed in which of the following modes to monitor all network traffic? A.com rtK An administrator wants to obtain a view of the type of attacks that are being targeted against the network perimeter. E.www. Authentication and password B. Rootkit Ce "Slay Your Exams" .CompTIA SY0-201: Practice Exam Which of the following security steps must a user complete before access is given to the network? A. C. outside the proxy. Identification and authentication C. inside the proxy. Authentication and authorization Answer: B QUESTION NO: 627 When placing a NIDS onto the network. Promiscuous B. Half-duplex Answer: A QUESTION NO: 628 A. inside the DMZ. outside the firewall. Answer: D QUESTION NO: 629 Once a system has been compromised.certkiller. Logic bomb B.

Running key cipher B. the message digest is encrypted with which of the following keys? A. Senders public key D.certkiller.CompTIA SY0-201: Practice Exam C. Anomaly Answer: A QUESTION NO: 633 Ce "Slay Your Exams" .www. Statistical D. Virus D. Concealment cipher C.com rtK ille r. Senders private key Answer: D QUESTION NO: 632 Which of the following is the MOST basic form of IDS? A. Receivers private key B. One-time pad D. Behavioral C. Steganography Answer: C When using a digital signature.c QUESTION NO: 631 om 183 . Receivers public key C. Signature B. Trojan Answer: B QUESTION NO: 630 Which of the following is the perfect encryption scheme and is considered unbreakable when properly used? A.

Watermark graphics for copyright. Algorithms are not used to encrypt datA. Encrypt data in graphics. Replacing the least significant bit of each byte Answer: D Ce A. "Slay Your Exams" . Encrypt a message in WAV files.c om 184 . B. Decrypt data in graphics. C. B. Keys are used to encrypt datA.CompTIA SY0-201: Practice Exam Which of the following BEST applies to steganography? A. C. Replacing the most significant byte of each bit B. encrypt and decrypt messages in graphics.certkiller. decrypt data stored in unused disk spacE. Keys are concealed in the datA.com rtK ille QUESTION NO: 635 r. C. Answer: A QUESTION NO: 634 Which of the following can steganography be used for? A. D. B. Replacing the most significant bit of each byte D. Answer: A Steganography could be used by attackers to: Answer: D QUESTION NO: 636 Which of the following BEST describes how steganography can be accomplished in graphic files? A. D. encrypt and conceal messages in microdots. Algorithms are used to encrypt datA.www. hide and conceal messages in WAV files. D. Replacing the least significant byte of each bit C.

B.CompTIA SY0-201: Practice Exam QUESTION NO: 637 An application developer is looking for an encryption algorithm which is fast and hard to break if a large key size is used. Stream ciphers Answer: B A.www. log details and level of verbose logging. Asymmetric Answer: C QUESTION NO: 638 Which of the following if used incorrectly would be susceptible to frequency analysis? A. Transposition B. time stamping and integrity of the logs. Asymmetric algorithms B.000 users would like to store six months of Internet proxy logs on a dedicated logging server for analysis and content reporting. Answer: C QUESTION NO: 640 Which of the following BEST describes when a hashing algorithm generates the same hash for two different messages? Ce An administrator in an organization with 33.certkiller. Transposition ciphers C. Symmetric D. D. Which of the following BEST meets these requirements? A. but are required by upper management for legal obligations. log storage and backup requirements. Symmetric algorithms D. performance baseline and audit trails. Substitution C.com rtK QUESTION NO: 639 ille r.c om 185 . C. All of the following apply when determining the requirements for the logging server EXCEPT: "Slay Your Exams" . The reports are not time critical.

A hashing chain occurreD.certkiller. Worm C. A collision occurreD. A deviation occurreD. B.CompTIA SY0-201: Practice Exam A. Adware rtK ille Which of the following security threats affects PCs and can have its software updated remotely by a command and control center? r. Adware Answer: B QUESTION NO: 642 Answer: A QUESTION NO: 643 Multiple web servers are fed from a load balancer. Worm C. C. Spam D. RAID B. Spyware B. Answer: C QUESTION NO: 641 Which of the following is BEST known for self-replication in networks? A. Redundant servers Answer: D Ce "Slay Your Exams" .c om 186 . Backup generator C.com A. A one-way hash occurreD.www. Virus D. D. Zombie B. Hot site D. Which of the following is this an example of? A.

the auditor is running a password cracker against the master password filE. logic bombs cannot spread from computer to computer. D. logic bombs always have a date or time component.www. Malware scan D. logic bombs cannot be sent through email. C. To do this. Vulnerability assessment B.CompTIA SY0-201: Practice Exam QUESTION NO: 644 An outside auditor has been contracted to determine if weak passwords are being used on the network. C. cannot exploit weaknesses in encryption algorithms. D.com 187 Ce Answer: D rtK A. B.c QUESTION NO: 645 om Answer: A . Answer: D QUESTION NO: 647 "Slay Your Exams" . Fingerprinting C. B. ille r. are sometimes able to crack both passwords and physical tokens. are sometimes able to crack both Windows and UNIX passwords. Which of the following is this an example of? A. Baselining Password crackers: QUESTION NO: 646 Logic bombs differ from worms in that: A.certkiller. cannot be run remotely. logic bombs always contain a Trojan component.

An administrator using a TCP/IP monitoring tool discovers that the accountant was actually using a spoofed banking websitE. Shutdown all affected servers until management can be notifieD. B. Wait for an automatic update to be pushed out to the server from the manufacturer. Which of the following describes the BEST course of action? A.com A.CompTIA SY0-201: Practice Exam A firewall differs from a NIDS in which of the following ways? A. C. C. corporate hardware firewalls. rtK Personal software firewalls can be updated automatically using: ille r. cookies.www. Visit the operating systemmanufacturers website for a possible patch.certkiller. D. Visit a search engine and search for a possible patch. A firewall operates on a rule list and a NIDS attempts to detect patterns. B. Answer: D QUESTION NO: 649 Answer: A QUESTION NO: 650 An accountant has logged onto the companys external banking websitE. group policy. C. Answer: B QUESTION NO: 648 A vulnerability has recently been identified for a servers OS. Altered hosts file B. A firewall prevents outside attacks and a NIDS prevents inside attacks. D. A firewall prevents inside attacks and a NIDS prevents outside attacks. Which of the following could have caused this attack? (Select TWO). Packet sniffing Ce "Slay Your Exams" . Network mapper C.c om 188 . cross-site scripting. D. A. B. A firewall attempts to detect patterns and a NIDS operates on a rule list.

Enterprise antivirus software D.CompTIA SY0-201: Practice Exam D. NIDS.c QUESTION NO: 652 om 189 .certkiller. HIPS. C. antivirus softwarE. Enterprise resource planning software B. show that unnecessary services are blocked on workstations. DNS poisoning E. Answer: B QUESTION NO: 653 A periodic security audit of group policy can: A. Enterprise performance monitoring software C. D. B. Answer: D QUESTION NO: 654 Ce "Slay Your Exams" .D QUESTION NO: 651 Which of the following tools would be BEST for monitoring changes to the approved system baseline? A. show that data is being correctly backed up. C. show that PII data is being properly protecteD.com rtK ille r. B. Bluesnarfing Answer: A. personal software firewall. show that virus definitions are up to date on all workstations.www. D. Enterprise key management software Answer: B All of the following security applications can proactively detect workstation anomalies EXCEPT: A.

RSA B. To prevent a user from changing security permissions C. B. The client relies on the MAC value sent by the server. Answer: A "Slay Your Exams" . D. B. The client relies on the MD5 value sent by the server. It is an elliptical curvE. IKE rtK Which of the following describes the cryptographic algorithm employed by TLS to establish a session key? ille QUESTION NO: 656 r. C. C. It is a hash valuE.c om . To detect the encryption algorithm used for files Answer: A QUESTION NO: 655 Which of the following describes a characteristic of the session key in an SSL connection? A. The client compares the actual DNS name of the server to the DNS name on the certificatE. D.com 190 Ce A. It is symmetriC. It is asymmetriC.CompTIA SY0-201: Practice Exam Which of the following is the primary purpose of an audit trail? A.certkiller. The client compares the server certificate with the certificate listed on the CRL. To prevent a user from changing security settings D. To detect when a user changes security permissions B. Blowfish D.www. Diffie-Hellman C. Answer: A Answer: B QUESTION NO: 657 Which of the following describes how TLS protects against man-in-the-middle attacks? A.

C.certkiller. SSLv2 is susceptible to man-in-the-middle attacks.www.com 191 Ce rtK ille A. The timestamp for the servers are not synchronizeD. SSLv2 only uses message authentication code values. To demonstrate least privilege to management C. C. To improve the server performance Answer: A QUESTION NO: 659 Answer: A QUESTION NO: 660 A technician is conducting a web server audit and discovers that SSLv2 is implementeD. The servers are not synchronized with the clients. SSLv2 reduces server performancE. The audit logs cannot be imported into a spreadsheet. B.CompTIA SY0-201: Practice Exam QUESTION NO: 658 Which of the following is the primary purpose of removing audit logs from a server? A. D. SSLv2 is susceptible to network sniffing. Which of the following describes a BEST business practice when conducting a password audit? "Slay Your Exams" . To protect against the log file being changed B. The audit logs are pulled from servers on different days. The technician wants to recommend that the organization consider using TLS. To reduce network latency D.c om Which of the following describes a common problem encountered when conducting audit log reviews? . D. r. Which of the following reasons could the technician use to support the recommendation? A. B. Answer: D QUESTION NO: 661 A technician is conducting a password audit using a password cracking tool.

Data leakage D. Cross-site scripting B. Rootkit C. Buffer overflows D. Licensing Answer: C QUESTION NO: 663 Answer: A QUESTION NO: 664 Heaps and stacks are susceptible to which of the following? A. B. Multiple streams C. SQL injection Answer: C Ce "Slay Your Exams" . D.CompTIA SY0-201: Practice Exam A.certkiller. Answer: A QUESTION NO: 662 Which of the following is a security risk when using peer-to-peer software? A. Single out the accounts to crack. Use password masking.c om 192 .www. Buffer overflow B. C. Rootkits C. Use hybrid modE. Logic bomb D. Cookies B. Reveal the passworD. Privilege escalation ille Which of the following overwrites the return address within a program to execute malicious code? r.com rtK A.

Honeypot D. firewalls.com 193 Ce Which of the following creates an emulated or virtual environment to detect and monitor malicious activity? rtK QUESTION NO: 667 ille r. Protocol analyzer Answer: D A. B. NAC Answer: B QUESTION NO: 668 A technician wants better insight into the websites that employees are visiting. Honeypot C. Proxy server B. C. NIDS D.certkiller. Firewall B. HIDS. NIPS. routers. D. Answer: C QUESTION NO: 666 Which of the following would a technician use to validate whether specific network traffic is indeed an attack? A.CompTIA SY0-201: Practice Exam QUESTION NO: 665 All of the following are inline devices EXCEPT: A. DHCP server "Slay Your Exams" .www.Which of the following is BEST suited to accomplish this? A. NIDS B.c om . Firewall C.

blue jacking.certkiller. B. C. Answer: D QUESTION NO: 671 Which of the following is the BEST approach when reducing firewall logs? A.com rtK ille r. Search for encrypted protocol usagE. bluesnarfing. DNS server D. Fuzzing Answer: A QUESTION NO: 670 All of the following are Bluetooth threats EXCEPT: A. a smurf attack. SSID broadcast B. D. Firewall Answer: A QUESTION NO: 669 Bluetooth discover mode is similar to which of the following? A.CompTIA SY0-201: Practice Exam C. RF analysis D.www. Review each protocol one at a timE. discovery modE.c om 194 . Answer: B QUESTION NO: 672 Ce "Slay Your Exams" . Discard known traffic first. Review chronologically. C. Data emanation C. B. D.

SHA-1 Answer: C QUESTION NO: 675 All of the following provide a host active protection EXCEPT: A. antivirus. Answer: D Ce "Slay Your Exams" . 3DES B. B. Antivirus B. HIDS. Firewall C. NAC Answer: A QUESTION NO: 673 Which of the following provides the MOST mathematically secure encryption for a file? A. AES256 C. C. Router D. D. RSA D. Elliptic curve Answer: C Which of the following encryption algorithms relies on the inability to factor large prime numbers? A. HIPS.CompTIA SY0-201: Practice Exam In which of the following logs would notation of a quarantined file appear? A.com rtK ille QUESTION NO: 674 r. One-time pad C.c om 195 . AES256 D. host-based firewall. Elliptic Curve B.certkiller.www.

Printing policies C. Botnets B.certkiller. which of the following would be the BEST way to structure a directory information tree? A. By location C. each being responsible for separate facilities. Data retention D. Trojan C.CompTIA SY0-201: Practice Exam QUESTION NO: 676 Which of the following simplifies user and computer security administration? A. By role D. By department B.com 196 Ce rtK ille r. Encrypted file system (EFS) B. Logic bomb D. Directory services Answer: D QUESTION NO: 677 Which of the following is MOST likely to cause pop-ups? A.www. Botnet B. Worm Answer: B QUESTION NO: 679 If a company has a distributed IT staff. Adware C. Spam D.c om . Rootkit Answer: B QUESTION NO: 678 Which of the following is MOST likely to open a backdoor on a system? A. By name "Slay Your Exams" .

Answer: A QUESTION NO: 683 Using the same initial computer image for all systems is similar to which of the following? Ce "Slay Your Exams" . Default ACL D. ACL. Auto-population B. Non-repudiation C. Template C. biometrics. Access control list B. Hardware token Answer: B QUESTION NO: 682 All of the following are logical access control methods EXCEPT: A. C.com rtK ille r. which of the following would allow this? A. Inheritance Answer: B Which of the following is a reason to use digital signatures? A. D. group policy.certkiller.www. Logical token D. software token.c om QUESTION NO: 681 197 .CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 680 A technician wants to be able to add new users to a few key groups by default. B.

NIDS D. If a technician finds illegal content. the first thing a technician should do is unplug the machine and back it up. D. B. Answer: C Ce A. If a technician finds illegal content.CompTIA SY0-201: Practice Exam A. Configuration baseline D. C. Virtual machine C. B. "Slay Your Exams" . Group policy B. they should follow company incident response procedures. Stop and immediately perform a full system backup and contact the owner of the datA. Stop and immediately make a backup of the account and contact the owner of the data. Stop and immediatelyfollow company approved incident response procedures. Antivirus B.certkiller. The first thing a technician should perform is a file system backup. NIPS Answer: A QUESTION NO: 685 Answer: B QUESTION NO: 686 Which of the following is a true statement in regards to incident response? A. Which of the following should the technician do? r.www. The first thing a technician should do is call in law enforcement. Patch management Answer: C QUESTION NO: 684 Which of the following has the LEAST amount of issues when inspecting encrypted traffic? A. C. D.com rtK ille A technician has come across content on a server that is illegal. Firewall C.c om 198 . Stop and immediately copy the system files and contact the ISP.

www.CompTIA SY0-201: Practice Exam QUESTION NO: 687 If a technician is unable to get to a website by its address but the technician can get there by the IP address. Appliance Answer: C QUESTION NO: 690 An instance where an IDS identifies legitimate traffic as malicious activity is called which of the following? Ce "Slay Your Exams" . which of the following provides a user interface? A. Filter D. which of the following is MOST likely the issue? A. Firewall D. to allow a NIDS to monitor the traffic? A. Appliance Answer: B QUESTION NO: 689 In a NIDS. Console D.com rtK ille r.c om 199 .certkiller. Filter B. Screen C. Console B. DNS server C. in line with the data flow. DHCP server B. Sensor C. Proxy server Answer: B QUESTION NO: 688 Which of the following is placed in promiscuous mode.

False acceptance Answer: C QUESTION NO: 692 An instance where a biometric system identifies users that are authorized and allows them access is called which of the following? A. False positive C. False rejection D. True positive Answer: D QUESTION NO: 693 An instance where an IDS identifies malicious activity as being legitimate activity is called which of the following? A. False rejection Ce "Slay Your Exams" . False acceptance B. False positive D. True positive Answer: A QUESTION NO: 691 An instance where a biometric system identifies legitimate users as being unauthorized is called which of the following? A. False negative C. False negative D.www.c om 200 .com rtK ille r. False positive B. False positive B. False negative B.certkiller. False negative D. True negative C.CompTIA SY0-201: Practice Exam A. True negative C.

Answer: D QUESTION NO: 696 When choosing a disaster recovery site.com rtK ille r. The distance and size of the facility Answer: D QUESTION NO: 697 Who should be notified FIRST before testing the disaster recovery plan? Ce "Slay Your Exams" . D. false positivE.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 694 An instance where a biometric system identifies unauthorized users and allows them access is called: A. D. data backups and recovery tapes. false rejection. Answer: C When executing a disaster recovery plan the MOST important thing to consider is: A. The amount of emergency rescue personnel D. safety and welfare of personnel. B. C.certkiller. The cost to rebuild the existing facility C.c om QUESTION NO: 695 201 . C. legal and financial responsibilities. financial obligations to stockholders. The amount of data that will be stored B. false negativE. B. false acceptancE.www. which of the following is the MOST important consideration? A.

A detailed process of recovering information or IT systems after a catastrophic event B. The amount of personnel D. risk management matrix. "Slay Your Exams" .www. An emergency plan that will allow the company to recover financially C. an administrator would assist in conducting a: A. The physical security department C. D. B. A plan that is mandated by law to ensure liability issues are addressed in a catastrophic eventWBerlin Sans Answer: A QUESTION NO: 699 Answer: A QUESTION NO: 700 In order to provide management with a prioritized list of time critical business processes. The cost of the project C. C. Senior management B.certkiller. disaster recovery plan.CompTIA SY0-201: Practice Exam A. All employees and key staff D. A plan that is put in place to recover the company assets in an emergency D.c om . Human resources Answer: A QUESTION NO: 698 Which of the following BEST describes the disaster recovery plan? A. Management buy-in B. The planning team rtK Which of the following is the MOST important consideration when developing a disaster recovery plan? ille r. business impact assessment.com 202 Ce A. continuity of operations plan.

Implement an identification system and WPA2 B. D.com rtK ille A. Implement an authentication system and WEP. D. Implement an authentication system and WPA.certkiller.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 701 Which of the following BEST allows a technician to mitigate the chances of a successful attack against the wireless network? A. The attacker is working with outside entities to test the companys coding practices. Implement a biometric system and WEP. An implicitdeny statement denies all traffic from one network to another. The attacker is working with inside entities to test the companys firewall. r. The attacker is attempting to distract the company from the real underlining attack. C. The attacker wants to prevent authorized users from using a certain servicE. An ACL is a way to secure traffic from one network to another. Which of the following is an example of an implicit deny? om QUESTION NO: 702 203 . B. C. D. B. C.c A technician is reviewing the system logs for a firewall and is told that there is an implicit deny within the ACL. Answer: B QUESTION NO: 704 Which of the following is a way to gather reconnaissance information from a printer resource? Ce "Slay Your Exams" .www. Items which are not specifically given access are denied by default. Answer: C Answer: C QUESTION NO: 703 Which of the following is the MOST likely reason that an attacker would use a DoS attack? A. Each item is denied by default because of the implicit deny.

Performance logs D.Which of the following should the technician review to discover the internal source of the worm? A. Hashing function B. SNMP Answer: D QUESTION NO: 705 A technician gets informed that there is a worm loose on the network. Public key infrastructure Answer: B QUESTION NO: 707 Which of the following would a Faraday cage prevent usage of? A. Asymmetric algorithm D. RADIUS D.com rtK ille r. Maintenance logs B. HTTP B. Access logs Answer: B QUESTION NO: 706 Which of the following BEST allows for the encryption of an entire hard drive? A. Antivirus logs C. SMTP C.CompTIA SY0-201: Practice Exam A. Storage drive Answer: A Ce "Slay Your Exams" . Cell phone B.certkiller.c om 204 . Symmetric algorithm C. USB key C. Uninterruptible Power Supply (UPS) D.www.

certkiller. 636 "Slay Your Exams" . Worm B. Logic bomb C.www.c om .CompTIA SY0-201: Practice Exam QUESTION NO: 708 Which of the following will allow a technician to block certain HTTP traffic from company staff members? A. Botnet Answer: C QUESTION NO: 710 A. BIOS password settings B. NIDS Answer: B QUESTION NO: 709 Which of the following is a security threat to a workstation that requires interaction from a staff member? A. BIOS power on settings C. Content filter C.com 205 Ce Which of the following will prevent a person from booting into removal storage media if the correct boot sequence is already set? rtK ille r. USB key settings D. 53 B. VLAN B. BIOS boot options Answer: A QUESTION NO: 711 Which of the following ports need to be open to allow a user to login remotely onto a workstation? A. DMZ D. Virus D.

Group policy C.c om 206 . 8080 Answer: C QUESTION NO: 712 Which of the following. Vulnerability scanners B. Browser cookies B. Enterprise software firewall C. could allow an attacker to access a users email information? A. HIDS software Answer: D Ce "Slay Your Exams" .CompTIA SY0-201: Practice Exam C. Network mappers D. Cross-site scripting C.com rtK ille r. Password crackers Answer: B QUESTION NO: 714 Which of the following is the MOST effective application to implement to identify malicious traffic on a server? A. Cell traffic D. 3389 D. SMTP traffic Answer: A QUESTION NO: 713 Which of the following would allow a technician to minimize the risk associated with staff running port scanners on the network? A. Antivirus software D. Personal software firewall B.certkiller.www. if intercepted.

Configuration baseline Answer: D Which of the following is a way to correct a single security issue on a workstation? A.com 207 Ce rtK QUESTION NO: 717 ille r. Personal firewall C.certkiller. Patch management D. Antivirus application "Slay Your Exams" . Pop-up blocker software D. Security templates D. Service pack application C. Configuration baseline Answer: A QUESTION NO: 718 Which of the following protects a home user from the Internet? A. HIDS B.www. Anti-malware software D. HIDS Answer: B QUESTION NO: 716 Which of the following is a way for a technician to identify security changes on a workstation? A.c om . Personal software firewall C. A patch B. Group policy management B. A service pack C.CompTIA SY0-201: Practice Exam QUESTION NO: 715 Which of the following is the MOST appropriate type of software to apply on a workstation that needs to be protected from other locally accessible workstations? A. Antivirus software B.

www. Retina scanner D. D.certkiller. To prevent future thefts from occurring and to safeguard the companys trade secrets which of the following should be implemented? A. r. Allow authorized personnel access to the data center. Maintain a list of personnel who enter the facility.CompTIA SY0-201: Practice Exam Answer: B QUESTION NO: 719 Computer equipment has been stolen from a companys officE. Iris scanner B.com rtK ille A. B.c Which of the following is the primary purpose for a physical access log in a data center? om 208 . Video surveillance and access logs B. ID badges and passwords C. Fingerprint scanner C. Hardware locks and door access systems Answer: D QUESTION NO: 720 Answer: D QUESTION NO: 721 Which of the following biometric authentication devices also carries significant privacy implications due to personal health information that can be discovered during the authentication process? A. Facial recognition Answer: C QUESTION NO: 722 Ce "Slay Your Exams" . Maintain a list of personnel who exit the facility. Prevent unauthorized personnel access to the data center. C. Multifactor authentication D.

Answer: C QUESTION NO: 724 Which of the following is an example of remote authentication? A. reader.CompTIA SY0-201: Practice Exam An administrator has already implemented two-factor authentication and now wishes to install a third authentication factor. password. Six digit PINs Answer: C QUESTION NO: 723 A biometric authentication system consists of all of the following components EXCEPT: A. B. A user in one building logs on to the network by entering a username and password into a host in the same building. D. token and iris scanner Ce "Slay Your Exams" . credential storE. Answer: D QUESTION NO: 725 Which of the following is a three-factor authentication system? A. C. If the existing authentication system uses strong passwords and PKI tokens which of the following would provide a third factor? A.com rtK ille r. Fingerprint scanner D.certkiller. supplicant. A user on a campus area network (CAN) connects to a server in another building and enters a username and password pair. Elliptic curve C. hardware token.www. D. A user on a metropolitan area network (MAN) accesses a host by entering a username and password pair while not connected to the LAN. Pass phrases B. B. C. A user in one city logs onto a network by connecting to a domain server in another city. Username.c om 209 .

Username. PIN and iris scanner C. To detect malware C.CompTIA SY0-201: Practice Exam B. Password. Administrators B.certkiller. Continuity of operations in the event of a virus outbreak C. Backup operators C. PIN and fingerprint reader Answer: A QUESTION NO: 726 Which of the following is an acceptable group in which to place end users? A. Root Answer: C Answer: D QUESTION NO: 728 According to industry best practices. PIN. To detect viruses D.com rtK A.c QUESTION NO: 727 om 210 . administrators should institute a mandatory rotation of duties policy due to which of the following? A. Continuity of operations in the event of a spam outbreak B. Continuity of operations in the event of absence or accident ille According to industry best practices. administrators should institute a mandatory rotation of duties policy due to which of the following? r. palm recognition scanner and passphrase D. Domain users D. Continuity of operations in the event of future growth of the network D. passphrase. To detect outside attackers B. To detect an inside threat Answer: D Ce "Slay Your Exams" .www.

Whole disk encryption D.com rtK ille r. WPA2 with a strong pass-phrase B. Sensitive file encryption B. Confidentiality C. ROT13 B. WPA2 with TKIP D. WPA with MAC filtering Answer: C QUESTION NO: 732 Which of the following can prevent malicious software applications from being introduced while browsing the Internet? Ce "Slay Your Exams" . Disabling of the SSID broadcast C. Dual-sided certificates Answer: C QUESTION NO: 731 Which of the following is the BEST wireless security practice that could be implemented to prevent unauthorized access? A. AES D.certkiller. laptops)? A.www.c om 211 . g. 3DES Answer: C QUESTION NO: 730 Which of the following should be implemented when protecting personally identifiable information (PII) and sensitive information on IT equipment that can be easily stolen (E.CompTIA SY0-201: Practice Exam QUESTION NO: 729 Which of the following is considered the strongest encryption by use of mathematical evaluation techniques? A. DES C. USB drive.

Input validation D. Acceptable use policy B.certkiller. A. Risk mitigation D. To reduce recovery time in the event of application failure B. Pop-up blockers B.E QUESTION NO: 734 Network security administrators should implement which of the following to ensure system abuse by administrators does not go undetected in the logs? A. Risk acceptance B. Risk avoidance C. To eliminate virtual redundancy D. Least privilege Answer: B QUESTION NO: 735 After completing a risk assessment and penetration test against a network.www.CompTIA SY0-201: Practice Exam A. Which of the following describes this type of action? A. To provide a secure virtual environment for testing Answer: A. To decrease access to security resources E. Risk transference "Slay Your Exams" . a security administrator recommends the network owner take actions to prevent future security incidents. Anti-spyware scanners C.c om . Separation of duties C. Strong authentication Answer: A QUESTION NO: 733 Which of the following are reasons to implement virtualization technology? (Select TWO).com 212 Ce rtK ille r. To decrease false positives on the NIDS C. Implicit deny D.

www. ACL D. public keys and asymmetric cryptography C. Maintaining the cipher block chain C. HIDS C. Maintaining the browsers PKI store Answer: A QUESTION NO: 739 In PKI. Private keys. Public keys.c om 213 . the CA is responsible for which of the following? A. One time keys. Maintaining all private keys D. Maintaining the CRL B. Proxy Answer: C QUESTION NO: 738 In PKI. Which of the following would achieve this goal? A.certkiller.CompTIA SY0-201: Practice Exam Answer: C QUESTION NO: 736 Public key infrastructure uses which of the following combinations of cryptographic items? A. NIDS B. Private keys. symmetric keys and ECC-based keys Answer: B QUESTION NO: 737 An administrator wants to implement a procedure to control inbound and outbound traffic on a network segment. which of the following entities is responsible for publishing the CRL? Ce "Slay Your Exams" . WEP and symmetric cryptography B.com rtK ille r. public keys and ECC-based keys D.

War-driving DDoS attacks against the network D. New vector to introduce VoIP to the network "Slay Your Exams" . Easy to conceal and detect B. War-dialing DoS attacks against the network C.certkiller. New vector to introduce viruses and malware to the network B. ACL C. Small storage capacity and low visibility D. Introduction of rogue wireless access points C. Increased loss business data Answer: C Ce A. Introduction of material on to the network B. Removal of sensitive and PII data D. User Answer: A QUESTION NO: 740 Which of the following is a security risk associated with USB drives? A. Easy to conceal and large storage capacity Answer: D QUESTION NO: 741 Answer: A QUESTION NO: 742 The availability of portable external storage such as USB hard drives has increased which of the following threats to networks? A.c om 214 .www.com rtK ille Which of the following is a security risk associated with introducing cellular telephones with mobile OS installed on a closed network? r.CompTIA SY0-201: Practice Exam A. CA B. Recovery agent D. Large storage capacity and high visibility C.

Which of the following is MOST likely the cause of the problem? om QUESTION NO: 744 215 . RSA Answer: C QUESTION NO: 746 Which of the following can be used to encrypt FTP or telnet credentials over the wire? Ce "Slay Your Exams" . The administrator has also noticed large documents being transmitted from the host to a host on an external network. In-line network analyzer D.CompTIA SY0-201: Practice Exam QUESTION NO: 743 An administrator finds a device attached between the USB port on a host and the attached USB keyboarD. B.com rtK ille A. External USB drive B. A patch was pushed out.www. The device is MOST likely which of the following? A. A signature update was completed on the NIPS. HTTPS C.certkiller. USB external hub Answer: B Answer: A QUESTION NO: 745 Which of the following is used to encrypt email and create digital signatures? A. The HIDS baseline has been updateD. r. D.c A user is receiving an error which they have not seen before when opening an application. S/MIME D. The NIDS baseline has been updateD. LDAP B. In-line keystroke logger C. C.

CompTIA SY0-201: Practice Exam A. Wireshark Answer: C Ce "Slay Your Exams" . AirSnort D. S/MIME Answer: A QUESTION NO: 747 Which of the following is a vulnerability assessment tool? A. Microsoft Baseline Security Analyzer D. HTTPS C.c om 216 . SHTTP D. Cain & Abel C. John the Ripper D. Nessus B.www. Cain & Abel C. SSH B. AirSnort C. John the Ripper B. Nessus Answer: D QUESTION NO: 748 Answer: C QUESTION NO: 749 Which of the following is a password cracking tool? A.certkiller. AirSnort ille Which of the following is a vulnerability scanner? r.com rtK A. John the Ripper B.

Separation of duties B. DMZ Answer: C QUESTION NO: 752 Changing roles every couple of months as a security mitigation technique is an example of which of the following? A.com 217 Ce rtK ille r. WireShark C. VLAN B.certkiller.c om . John the Ripper B. Least privilege D. Nessus Answer: B QUESTION NO: 751 Which of the following is a system setup to distract potential attackers? A. Honeypot D.www. Job rotation Answer: D QUESTION NO: 753 Which of the following should be checked if an email server is forwarding emails for another domain? A. Firewall C. DNS zone transfers B.CompTIA SY0-201: Practice Exam QUESTION NO: 750 Which of the following is a protocol analyzer? A. Cain & Abel D. Mandatory vacations C. SMTP open relay C. Cookies "Slay Your Exams" .

com rtK ille r. ActiveX controls Answer: B QUESTION NO: 754 Which of the following will allow the running of a system integrity verifier on only a single host? A. Anti-spam scanner Answer: B QUESTION NO: 756 Which of the following will be prevented by setting a BIOS password? A. Changing the system boot order C. Replacing a video card on a machine D. NIDS C.c om 218 . NIPS Answer: A QUESTION NO: 755 Which of the following has the ability to find a rootkit? A.www. Adware scanner B. VLAN D. Email scanner D. Amachine becoming infected with a virus B.CompTIA SY0-201: Practice Exam D. HIDS B. Amachine becoming infected with a botnet Answer: B QUESTION NO: 757 Which of the following is a security limitation of virtualization technology? Ce "Slay Your Exams" . Malware scanner C.certkiller.

Configuration baseline C. it could potentially disrupt multiple servers. Answer: D QUESTION NO: 758 Which of the following must be used to setup a DMZ? A. Local security policy ille Which of the following would be used to push out additional security hotfixes? r. If an attack occurs. NIDS C. C. Redundant power supply D. A compromise of one instance will immediately compromise all instances.CompTIA SY0-201: Practice Exam A. Patch management B. Router Answer: D QUESTION NO: 759 Answer: A QUESTION NO: 760 Which of the following would be used to allow a server to shut itself down normally upon a loss of power? A.c om 219 .certkiller. Patch management becomes more time consuming. Proxy B.www. Cookies D. It increases false positives on the NIDS. Honeypot D.com rtK A. B. Uninterruptible Power Supply (UPS) Answer: D Ce "Slay Your Exams" . D. Backup generator B. Redundant ISP C.

Time of day restrictions C. As an added security measure if employees work set schedules Ce "Slay Your Exams" . In order to ensure false positives are not received during baseline testing B.certkiller. Password complexity requirements B. TKIP C. Signature-based NIDS D. WPA Answer: C QUESTION NO: 764 When would it be appropriate to use time of day restrictions on an account? A. WEP D. Honeynet B. To eliminate attack attempts of the network during peak hours D.c om 220 . To ensure the DMZ is not overloaded during server maintenance C. Signature-based NIPS Answer: B QUESTION NO: 763 Which of the following is the strongest encryption form that can be used in all countries? A. Disabling SSID broadcast Answer: A QUESTION NO: 762 Applying a service pack could affect the baseline of which of the following? A.com rtK ille r.www. Heuristic-based NIDS C. Changing default passwords D.CompTIA SY0-201: Practice Exam QUESTION NO: 761 Which of the following is the BEST security measure to use when implementing access control? A. WPA2 B.

Domain kiting B. Recovery agent Answer: D QUESTION NO: 766 Which of the following is a possible security risk associated with USB devices? A. Input validation D.www. Pop-up blocker Answer: D QUESTION NO: 768 Which of the following is the MOST important when implementing heuristic-based NIPS? A. Bluesnarfing Answer: D QUESTION NO: 767 Which of the following is MOST effective in preventing adware? A. Cross-site scripting C. Trust model verification B. Ce "Slay Your Exams" . Perform comprehensive heuristic-based analysis on the system. CRL D.CompTIA SY0-201: Practice Exam Answer: D QUESTION NO: 765 Which of the following could be used to restore a private key in the event of a CA server crashing? A. Key escrow C. HIDS C. Firewall B.com rtK ille r.c om 221 . Antivirus D.certkiller.

Virus infections B.www.com rtK ille r. The brand of NIPS that is being useD.certkiller. Ensure the network is secure when baseline is establisheD. D. Enable automatic updates to the heuristic databasE. Answer: C QUESTION NO: 769 Which of the following attacks enabling logging for DNS aids? A. Botnet attacks Answer: D Ce "Slay Your Exams" . C.CompTIA SY0-201: Practice Exam B. SQL injection C. Local hosts file corruption D.c om 222 .