|
|
|
|
CompTIA - Braindumps
Zurück
zu Braindumps zu CompTIA-Prüfung Nr. SY0-101
Prüfung: CompTIA SY0-101
Security+
|
Alles von & über CompTIA!
Braindumps-Eintrag:
| Gepostet von: MCSE2004 | | Titel: MASTERDUMP <> MASTERDUMP | | Datum: 05.12.2003 |
| In der Prüfung kommen 100 Fragen dran.
Alles da, was man braucht.
Viel Spass....
Security + SYO-101A
1. Following a disaster, while returning to the original site from an alternate site, the first process to resume-at the original site would be the:
A. least critical process
B. most critical process
C. process most expensive to maintain at an alternate site
D. process that has maximum visibility in the organization
Answer: A
2. Documenting change levels and revision information is most useful for:
A. theft tracking
B. security audits
C. disaster recovery
D. license enforcement
Answer: C
3. A recent audit shows that a user logged into a server with their user account and executed a program. The user then performed activities only available to an administrator. This is an example of what type of an attack?
A. Trojan horse
B. privilege escalation
C. subseven back door
D. security policy removal
Answer: B
4. Notable security organizations often recommend only essential services be provided by a particular hosts and any unnecessary services is disabled. Which of the following does NOT represent a reason supporting this recommendation?
A. Each additional service increases the risk of compromising the hosts, the-services that run on the hosts, and potential clients of these services.
B. Different services may require different hardware, software, or a different discipline of administration.
C. When fewer services and applications are running on a specific host fewer log entries and fewer interactions between different services are expected, which simplifies the analysis and maintenance of the system from a security point of view.
D. If a service is not using a well known port, firewalls will not be able to disable access to this ports and an administrator will not be able to restrict access to this service.
Answer: D
5. Which of the following is a technical solution that supports high availability?
A. UDP (User Datagram Protocol).
B. anti-virus solution.
C. RAID (Redundant Array of Independent Disks).
D. firewall.
Answer: C
6. In order for a user to obtain a certificate from a trusted CA (Certificate Authority), the user must present proof of identity and a:
A. private key.
B. public key.
C. password.
D. Kerberos key.
Answer: B
7. In the context of wireless networks, WEP (Wired Equivalent Privacy) was designed to:
A. provide the same level of security as a wired LAN (Local Area Network).
B. provide a collision preventive method of media access.
C. provide a wider access area than that of wired LANs (Local Area Network).
D. allow radio frequencies to penetrate walls.
Answer: A
8. A primary drawback to using shared storage clustering for high availability and disaster recovery is:
A. the creation of a single point of vulnerability.
B. the increased network latency between the host computers and the RAID (Redundant Array of Independent Disks) subsystem.
C. the asynchronous writes which must be used to flush the server cache.
D. the higher storage capacity required by the RAID (Redundant Array of Independent Disks) subsystem.
Answer: A
9. What are access decisions based on in a MAC (Mandatory Access Control) environment?
A. access control lists.
B. ownership.
C. group membership.
D. sensitivity labels.
Answer: D
10. Packet sniffing can be used to obtain usename and password information in clear text from which one of the following?
A. SSH (Secure Shell).
B. SSL (Secure Sockets Layer).
C. FTP (File Transfer Protocol).
D. H1TPS (Hypertext Transfer Protocol over Secure Sockets Layer).
Answer: C
11. When securing a FTP (File Transfer Protocol) server, what can be done to ensure that only authorized users can access the server?
A. allow blind authentication.
B. disable anonymous authentication.
C. redirect FTP (File Transfer Protocol) to another port.
D. only give the address to users that need access.
Answer: B
12. Asymmetric cryptography ensures that:
A. encryption and authentication can take place without sharing private keys.
B. encryption of the secret key is performed with the fastest algorithm available.
C. encryption occurs only when both parties have been authenticated.
D. encryption factoring is limited to the session key.
Answer: A
13. Which of the following media types is most immune to RF (Radio Frequency) eavesdropping?
A. coaxial cable.
B. fiber optic cable.
C. twisted pair wire.
D. unbounded.
Answer: B
14. Access controls that are created and administered by the data owner are considered.
A. MAC (Mandatory Access Control).
B. RBAC (Role Based Access Control).
C. LBACB (List Based Access Control).
D. DAC (Discretionary Access Control).
Answer: D
15. An administrator notices that an e-mail server is currently relaying e-mail (including spam) for an e-mail server requesting relaying. Upon further investigation the administrator notices the existence of/etc/mail relay domains. What modifications should the administrator make to the relay domains file to prevent relaying for non-explicitly named domains?
A. move the .* entry to the bottom of the relay domains file and restart the e-mail process.
B. move the .* entry to the top of the relay domains file and restart the e-mail process.
C. delete the .* entry in the relay domains file and restart the e-mail process.
D. delete the relay domains file from the /etc/mail folder and restart the e-mail process.
Answer: C
16. Providing false information about the source of an attack is known as:
A. aliasing.
B. spoofing.
C. flooding.
D. redirecting.
Answer: B
17. The term “due care” best relates to:
A. policies and procedures intended to reduce the likelihood of damage or injury.
B. scheduled activity in a comprehensive preventative maintenance program.
C. techniques and methods for secure shipment of equipment and supplies.
D. user responsibilities involved when sharing passwords in a secure environment.
Answer: A
18. A high profile company has been receiving a high volume of attacks on their public web site. The network administrator wants to be able to collect information on the attacker(s) so legal action can be taken. What should be implemented?
A. a DMZ (Demilitarized Zone).
B. a honey pot.
C. a firewall.
D. a new subnet.
Answer: B
19. Many intrusion detection systems look for known patterns or____ to aid in detecting attacks.
A. viruses.
B. signatures.
C. hackers.
D. malware.
Answer: B
20. After installing a new operating system, what configuration changes should be implemented?
A. create application user accounts.
B. rename the guest account.
C. rename the administrator account, disable the guest accounts.
D. create a secure administrator account.
Answer: C
21. In order to establish a secure connection between headquarters and a branch office over a public network, the router at each location should be configured to use IPSec (Intenet Protocol Security) in mode.
A. secure.
B. tunnel.
C. transport.
D. data link.
Answer: B
22. What type of authentication may be needed when a stored key and a memorized password are not strong enough and additional layers of security are needed?
A. mutual.
B. multi-factor.
C. biometric.
D. certificate.
Answer: B
23. What technology was originally designed to decrease broadcast traffic but is also beneficial in reducing the likelihood of having information compromised by sniffers?
A. VPN (Virtual Private Network).
B. DMZ (Demilitarized Zone).
C. VLAN (Virtual Local Area Network).
D. RADIUS (Remote Authentication Dial-in User Service).
Answer: C
24. A DMZ (Demilitarized Zone) typically contains:
A. a customer account database.
B. staff workstations.
C. a FTP (File Transfer Protocol) server.
D. a SQL (Structured Query Language) based database server.
Answer: C
25. What kind of attack are hashed passwords vulnerable to?
A. man in the middle.
B. dictionary or brute force.
C. reverse engineering. .
D. DoS (Denial of Service).
Answer: B
26. Controlling access to information systems and associated networks is necessary for the preservation of their:
A. authenticity, confidentiality,and availability.
B. integrity, availability and reliability.
C. confidentiality, integrity and availability.
D. authenticity, confidentiality and availability.
Answer: C
27. A collection of information that includes login, file access, other various activities, and actual or attempted legitimate and unauthorized security violations is a (n):
A. audit.
B. ACL (Access Control List).
C. audit trail.
D. syslog.
Answer: C
28. What transport protocol and port number does SSH (Secure Shell) use?
A. TCP (Transmission Control Protocol) port 22.
B. UDP (User Datagram Protocol) port 69.
C. TCP (Transmission Control Protocol) port 179.
D. UDP (User Datagram Protocol) port 17.
Answer: A
29. What statement is most true about viruses and hoaxes?
A. Hoaxes can create as much damage as a real virus.
B. Hoaxes are harmless pranks and should be ignored.
C. Hoaxes can help educate users about a virus.
D. Hoaxes carry a malicious payload and can be destructive.
Answer: A
30. What is the greatest benefit to be gained through the use of S/MIME (Secure Multipurpose Internet Mail Extensions)? The ability to:
A. encrypt and digitally sign e-mail messages.
B. send anonymous e-mails.
C. send e-mails with a return receipt.
D. expedite the delivery of e-mail.
Answer: A
31. Access control decisions are based on responsibilities that an individual user or process has in an organization. This best describes:
A. MAC (Mandatory Access Control).
B. RBAC (Role Based Access Control).
C. DAC (Discretionary Access Control).
D. none of the above.
Answer: B
32. Which of the following results in a domain name server resolving the domain name to a different and wrong IP (internet Protocol) address and thus misdirecting Internet traffic?
A. DoS (Denial of Service).
B. spoofing.
C. brute force attack. D. reverse DNS (Domain Name Service).
D. Non of the above.
Answer: B
33. When examining the server’s list of protocols that are bound and active on each network interface card, the network administrator notices a relatively large number of protocols. Which actions should be taken to ensure network security?
A. Unnecessary protocols do net pose a significant risk to the system and should be left intact for compatibility reasons.
B. There are no unneeded protocols on most systems because protocols are chosen during the installation.
C. Unnecessary protocols should be disabled on all server and client machines on a network as they pose great-risk.
D. Using port filtering ACL’s (Access Control List) at firewalls and routers is sufficient to stop malicious attacks on unused protocols.
Answer: C
34. If a private key becomes compromised before its certificate’s normal expiration date, X.509 defines a method requiring each CA (Certificate Authority) to periodically issue a signed data structure called a certificate:
A. enrollment list.
B. expiration list.
C. revocation list.
D. validation list.
Answer: C
35. DAC (Discretionary Access Control) systems operate following which guideline statement.
A. files that don’t have an owner CAN NOT be modified.
B. the administrator of the system is an owner of each object.
C. the operating system is an owner of each object.
D. each object has an owner, which has full control over the object.
Answer: D
36. An autonomous agent that copies itself into one or more host programs, then propagates when the host is run, is best described as a:
A. Trojan horse.
B. backdoor.
C. logic bomb.
D. virus.
Answer: D
37. The defacto IT (Information Technology) security evaluation criteria for the international community is called?
A. Common Criteria.
B. Global Criteria.
C. TCSEC (Trusted Computer System Evaluation Criteria).
D. 1TSEC (Information Technology Security Evaluation Criteria).
Answer: A
38. The best protection against the abuse of remote maintenance of a PBX (Private Branch Exchange) system is to:
A. keep maintenance features turned off until needed.
B. insist on strong authentication before allowing remote maintenance.
C. keep PBX (Private Branch Exchange) in locked enclosure and restrict access to only a few people.
D. check to see if the maintenance caller is on the list of approved maintenance personnel.
Answer: B
39. At what stage of an assessment would an auditor test systems for weaknesses and attempt to defeat existing encryption, passwords and access lists?
A. penetration.
B. control.
C. audit planning.
D. discovery.
Answer: A
40. Computer forensics experts collect and analyze data using which of the following guidelines so as to minimize data loss?
A. evidence.
B. chain of custody.
C. chain of command.
D. incident response.
Answer: B
41. Data integrity is best achieved using a (n):
A. asymmetric cipher.
B. digital certificate.
C. message digest.
D. symmetric cipher.
Answer: C
42. A program that can infect other programs by modifying them to include a version of itself is a:
A. replicator.
B. virus.
C. Trojan horse.
D. logic bomb.
Answer: B
43. Which of the following is an example of an asymmetric algorithm?
A. CAST (Carlisle Adams Stafford Tavares).
B. RC5 (Rivest Cipher 5).
C. RSA (Rivest Shamir Adelman).
D. SHA-l (Secure Hashing Algorithm 1).
Answer: C
44. When a user clicks to browse a secure page, the SSL (Secure Sockets Layer) enabled server will first:
A. use its digital certificate to establish its identity to the browser.
B. validate the user by checking the CRL (Certificate Revocation List).
C. request the user to produce the CRL (Certificate Revocation List).
D. display the requested page on the browser, then provide its (Internet Protocol) address for verification.
Answer: A
45. User A needs to send a private e-mail to User B. User A does not want anyone to have the ability to read the e-mail except for User B, thus retaining privacy. Which tenet of information security is User A concerned about?
A. authentication.
B. integrity.
C. confidentiality.
D. non-repudiation.
Answer: C
46. A company uses WEP (Wired Equivalent Privacy) for wireless security. Who may authenticate to the company’s access point?
A. only the administrator.
B. anyone can authenticate.
C. only users within the company.
D. only users with the correct WEP (Wired Equivalent Privacy) key.
Answer: D
47. Giving each user or group of users only the access they need to do their job is an example of which security principal:
A. least privilege
B. defense in depth
C. separation of duties
D. access control
Answer: A
48. The primary purpose of NAT (Network Address Translation) is to:
A. translate (internet Protocol) addresses into user friendly names.
B. hide internal hosts from the public network.
C. use one public IP (internet Protocol) address on the intimae network as a name server.
D. hide the public network from internal hosts.
Answer: B
49. The start of the LDAP (Lightweight Directory Access Protocol) directory is called the:
A. head
B. root
C. top
D. tree
Answer: B
50. The protection of data, against unauthorized access or disclosure is an example of what?
A. confidentiality
B. integrity
C. signing
D. hashing
Answer: A
51. Which of the following backup methods copies only modified files since the last full backup?
A. full.
B. differential.
C. incremental.
D. archive.
Answer: B
52. While connected from home to an ISP (Internet Service Provider), a network administrator performs sport scan against a corporate server and encounters four open TCP (Transmission Control Protocol) ports 25,110,143, and 389. Corporate users in the organization must be able to connect from home, send and receive messages on the Internet, read e-mail by means of the IMAPv.4 (Internet Message Access Protocol version 4) protocol, and search into a directory services database for user e-mail addresses, and digital certificates. All the e-mail related services, as well as the directory server, run on the scanned server. Which of the above ports can be filtered out to decrease unnecessary exposure without affecting functionality?
A. 25.
B. 110.
C. 143.
D. 389.
Answer: B
53. In a decentralized privilege management environment, user accounts and passwords are stored on:
A. One central authentication server.
B. each individual server.
C. no more than two servers.
D. One server configured for decentralized management.
Answer: B
54. A well defined business continuity plan must consist of risk analysis, business impact analysis, strategic planning and mitigation, training and awareness, maintenance and audit and:
A. security labeling and classification.
B. budgeting and acceptance.
C. documentation and security labeling.
D. integration and validation.
Answer: D
55. One way to limit hostile sniffing on a LAN (Local Area Network) is by installing:
A. an Ethernet switch.
B. an Ethernet hub.
C. a CSU/DSU (Channel Service Unit/Data Service Unit).
D. a firewall.
Answer: A
56. The WAP (Wireless Application Protocol) programming model is based on the following three elements:
A. client, original server, WEP (Wired Equivalent Privacy).
B. code design, code review, documentation.
C. client, original server, wireless interface card.
D. client, gateway, original server.
Answer: D
57. The first step in establishing a disaster recovery plan is to:
A. get budgetary approval for the plan.
B. agree on the objectives of the plan.
C. list possible alternative sites to be used in a disaster event.
D. prioritize processes requiring immediate attention in a disaster event.
Answer: B
58. When securing a DNS (Domain Name Service) server, and shutting down all unnecessary ports, which port should NOT be shut down?
A. 21
B. 23
C. 53
D. 55
Answer: C
59. What is the main advantage SSL (Secure Sockets Layer) has over HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer)?
A. SSL (Secure Sockets Layer) offers full application security for HTTP (Hypertext Transfer Protocol) while HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) does not.
B. SSL (Secure Sockets Layer) supports additional application layer protocols such as FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol) while HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) does not.
C. SSL (Secure Sockets Layer) and Https (Hypertext Transfer Protocol over Secure Sockets Layer) are transparent to the application.
D. SSL (Secure Sockets Layer) supports user authentication and HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) does not.
Answer: B
60. A sound security policy will define:
A. what is considered an organization’s assets.
B. what attacks are planned against the organization.
C. how an organization compares to others in security audits.
D. weaknesses in competitor’s systems.
Answer: A
61. What functionality should be disallowed between a DNS (Domain Name Service) server and untrusted node?
A. names resolutions.
B. reverse ARP (Address Resolution Protocol) requests.
C. system name resolutions.
D. zone transfers.
Answer: D
62. What is the most effective social engineering defensive strategy?
A. marking of documents.
B. escorting of guests.
C. badge security system.
D. training and awareness.
Answer: D
63. An IDS (Intrusion Detection System) is sending alerts that attacks are occurring which are not actually taking place. What is the IDS (Intrusion Detection System) registering?
A. false positives.
B. false negatives.
C. true negatives.
D. true positives.
Answer: A
64. When an employee is dismissed, the security administrator should:
A. allow the employee to backup computer files then disable network access.
B. change all network passwords.
C. disable the employee’s network access.
D. set rules to forward the employee’s e-mail to a home address.
Answer: C
65. How are honey pots used to collect information? Honey pots collect:
A. IP (Internet Protocol) addresses and identity of internal users.
B. data on the identity, access, and compromise methods used by the intruder.
C. data regarding and the identity of servers within the network.
D. IP (Internet Protocol) addresses and data of firewalls used within the network.
Answer: B
66. How must a firewall be configured to only allow employees within the company to download files from a FTP (File Transfer Protocol) server?
A. open port 119 to all inbound connections.
B. open port 119 to all outbound connections.
C. open port 20/21 to all inbound connections.
D. open port 20/21 to all outbound connections.
Answer: D
67. Administrators currently use telnet to remotely manage several servers. Security policy dictates that passwords and administrative activities must not be communicated in clear text. Which of the following is the best alterative to using telnet?
A. DES (Data Encryption Standard).
B. S-Telnet.
C. SSH (Secure Shell).
D. PKI (Public Key Infrastructure).
Answer: C
68. Which of the following provides privacy, data integrity and authentication for handheld devices in a wireless network environment?
A. WEP (Wired Equivalent Privacy).
B. WAP (Wireless Application Protocol).
C. WSET (Wireless Secure Electronic Transaction).
D. WTLS (Wireless Transport Layer Security).
Answer: D
69. Analyzing log files after an attack has started is an example of:
A. active detection.
B. overt detection.
C. covert detection.
D. passive detection.
Answer: D
70. How many characters should the minimum length of a password be to deter dictionary password cracks?
A. 6.
B. 8.
C. 10.
D. 12.
Answer: B
71. An acceptable use policy signed by an employee can be interpreted as an employee’s written______ for allowing an employer to search an employee’s workstation.
A. refusal.
B. policy.
C. guideline.
D. consent.
Answer: D
72. What protocol can be used to create a VPN (Virtual Private Network)?
A. PPP (Point-to-Point Protocol).
B. PPTP (Point-to-Point Tunneling Protocol).
C. SLIP (Serial Line Internet Protocol).
D. ESLIP (Encrypted Serial Line Internet Protocol).
Answer: B
73. An attack whereby two different messages using the same hash function produce a common message digest is also known as a:
A. man in the middle attack.
B. cipher text only attack.
C. birthday attack.
D. brute force attack.
Answer: C
74. A common algorithm used to verify the integrity of data from a remote user through the creation of a 128-bit hash from a data input is:
A. IPSec (Internet Protocol Security).
B. RSA (Rivest Shamir Adelman).
C. Blowfish.
D. MD5 (Message Digest).
Answer: D
75. In a RBAC (Role Based Access Control) contexts, which statement best describes the relation between users, roles and operations?
A. multiple users, single role and single operation.
B. multiple users, single role and multiple operations.
C. single user, single role and single operation.
D. multiple users, multiple roles and multiple operations.
Answer: D
76. An administrator is setting permissions on a file object in a network operating system which uses DAC (Discretionary Access Control). The ACL (Access Control List) of the file follows:
Owner: Read, Write, Execute; User. A: Read, Write, -; User B: -, -, - (None); Sales: Read,-, -; Marketing: -, Write,-; Other: Read, Write, -;
User "A" is the only owner of the file. User "B" is a member of the Sales group. What effective permissions does User "B" have on the file with the above access list?
A. User B has no permissions on the file.
B. User B has read permissions on the file.
C. User B has read and write permissions on the file.
D. User B has read, write and execute permissions on the file.
Answer: A
77. A user who has accessed an information system with a valid user ID and password combination is considered a (n):
A. manager
B. user
C. authenticated user
D. security officer
Answer: C
78. The use of embedded root certificates within web browsers is an example of which of the following trust models?
A. bridge.
B. mesh.
C. hierarchy.
D. trust list.
Answer: D
79. What is the most common method used by attackers to identify the presence of an 802.11b network?
A. war driving.
B. direct inward dialing.
C. war dialing.
D. packet driving.
Answer: A
80. The best way to harden an application that is developed in house is to:
A. use an industry recommended hardening tool.
B. ensure that security is given due considerations throughout the entire development process.
C. try attacking the application to detect vulnerabilities, then develop patches to fix any vulnerabilities found.
D. ensure that the auditing system is comprehensive enough to detect and log any possible intrusion, identifying existing vulnerabilities.
Answer: B
81. A security consideration that is introduced by a VPN (Virtual Private Network) is:
A. an intruder can intercept VPN (Virtual Private Network) traffic and create a man in the middle attack.
B. captured data is easily decrypted because there are a finite number of encryption keys.
C. tunneled data CAN NOT be authenticated, authorized or accounted for.
D. a firewall CAN NOT inspect encrypted traffic.
Answer: D
82. Which of the following would NOT be considered a method for managing the administration of accessibility?
A. DAC (Discretionary Access Control) list.
B. SAC (Subjective Access Control) list.
C. MAC (Mandatory Access Control) list.
D. RBAC (Role Based Access Control) list.
Answer: B
83. Which of the following is required to use S/MIME (Secure Multipurpose Internet Mail Extensions)?
A. digital certificate.
B. server side certificate.
C. SSL (Secure Sockets Layer) certificate.
D. public certificate.
Answer: A
84. Non-repudiation is generally used to:
A. protect the system from transmitting various viruses, worms and Trojan horses to other computers on the same network.
B. protect the system from DoS (Denial of Service) attacks.
C. prevent the sender or the receiver from denying that the communication between them has occurred.
D. ensure the confidentiality and integrity of the communication.
Answer: C
85. Which of the following hash functions generates a 160-bit output?
A. MD4 (Message Digest 4).
B. MD5 (Message Digest5).
C. UDES (Data Encryption Standard).
D. SHA-1 (Secure Hashing Algorithm 1).
Answer: D
86. Why are unique user IDs critical in the review of audit trails?
A. They CAN NOT be easily altered.
B. They establish individual accountability.
C. They show which files were changed.
D. They trigger corrective controls.
Answer: B
87. A DRP (Disaster Recovery Plan) typically includes which of the following:
A. penetration testing.
B. risk assessment.
C. DoS (Denial of Service) attack.
D. ACL (Access Control List).
Answer: B
88. An attacker can determine what network services are enabled on a target system by:
A. installing a rootkit on the target system.
B. checking the services file.
C. enabling logging on the target system.
D. running a port scan against the target system.
Answer: D
89. A police department has three types of employees: booking officers, investigators, and judges. Each group of employees is allowed different rights to files based on their need. The judges do not need access to the fingerprint database, the investigators need read access and the booking officers need read/write access. The booking officer would need no access to warrants, while an investigator would need read access and a judge would need read/write access. This is an example of:
A. DAC (Discretionary Access Control) level access control.
B. RBAC (Role Based Access Control) level access control.
C. MAC (Mandatory Access Control) level access control.
D. ACL (Access Control List) level access control.
Answer: B
90. Which of the following access control models introduces user security clearance and data classification?
A. RBAC (Role Based Access Control).
B. NDAC (Non-Discretionary Access Control).
C. MAC (Mandatory Access Control).
D. DAC (Discretionary Access Control).
Answer: C
91. A wireless network with three access points, two of which are used as repeaters, exists at a company. What step should be taken to secure the wireless network?
A. Ensure that employees use complex passwords.
B. Ensure that employees are only using issued wireless cards in their systems.
C. Ensure that WEP (Wired Equivalent Privacy) is being used.
D. Ensure that everyone is using adhoc mode.
Answer: C
92. Digital certificates can contain which of the following items:
A. the CA’s (Certificate Authority) private key.
B. the certificate holder’s private key.
C. the certificate’s revocation information.
D. the certificate’s validity period.
Answer: D
93. Which encryption key is used to verify a digital signature?
A. the signer’s public key.
B. the signer’s private key.
C. the recipient's public key.
D. the recipient's private key.
Answer: A
94. NetBus and Back Orifice are each considered an example of a (n):
A. virus.
B. illicit server.
C. spoofing tool.
D. allowable server.
Answer: B
95. The theft of network passwords without the use of software tools is an example of:
A. Trojan programs.
B. social engineering.
C. sniffing.
D. hacking.
Answer: B
96. An alternate site configured with necessary system hardware, supporting infrastructure and an on site staff able to respond to an activation of a contingency plan 24 hours a day, 7 days a week is a:
A. cold site.
B. warm site.
C. mirrored site.
D. hot site.
Answer: D
97. Security controls may become vulnerabilities in a system unless they are:
A. designed and implemented by the system vendor.
B. adequately tested.
C. implemented at the application layer in the system.
D. designed to use multiple factors of authentication.
Answer: B
98. Which of the following is likely to be found after enabling anonymous FTP (File Transfer Protocol) read/write access?
A. an upload and download directory for each user.
B. detailed logging information for each user.
C. storage and distribution of unlicensed software.
D. fewer server connections and less network bandwidth utilization.
Answer: C
99. LDAP (Lightweight Directory Access Protocol) directories are arranged as:
A. linked lists.
B. trees.
C. stacks.
D. queues.
Answer: B
100. An inherent flaw of DAC (Discretionary Access Control) relating to security is:
A. DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse.
B. DAC (Discretionary Access Control) relies on certificates, allowing attackers to use those certificates.
C. DAC (Discretionary Access Control) does not rely on the identity of a user, allowing anyone to use an account.
D. DAC (Discretionary Access Control) has no known security flaws.
Answer: A
Security+ SYO-101B
101. Which of the following is the greatest problem associated with Instant Messaging?
A. widely deployed and difficult to control.
B. created without security in mind.
C. easily spoofed.
D. created with file sharing enabled.
Answer: B
102. An organization is implementing Kerberos as its primary authentication protocol. Which of the following must be deployed for Kerberos to function properly?
A. dynamic IP (Internet Protocol) routing protocols for routers and servers.
B. separate network segments for the realms.
C. token authentication devices.
D. time synchronization services for clients and servers.
Answer: D
103. Searching through trash is used by an attacker to acquire data such as network diagrams, IP (Internet Protocol) address lists and:
A. boot sectors.
B. process lists.
C. old passwords.
D. virtual memory.
Answer: C
104. Discouraging employees from misusing company e-mail is best handled by:
A. enforcing ACL (Access Control List).
B. creating a network security policy.
C. implementing strong authentication.
D. encrypting company e-mail messages.
Answer: B
105. The Diffie-Hellman algorithm allows:
A. access to digital certificate stores from s-certificate authority.
B. a secret key exchange over an insecure medium without any prior secrets.
C. authentication without the use of hashing algorithms.
D. multiple protocols to be used in key exchange negotiations.
Answer: B
106. Which of the following type of attack CAN NOT be deterred solely through technical means?
A. dictionary.
B. man in the middle.
C. DoS (Denial of Service).
D. social engineering.
Answer: D
107. Which of the following is the best description of “separation of duties”?
A. assigning different parts of tasks to different employees.
B. employees are granted only the privileges necessary to perform their tasks.
C. each employee is granted specific information that is required to carry out a job function.
D. screening employees before assigning them to a position.
Answer: A
108. How must a firewall be configured to make sure that a company can communicate with other companies using SMTP (Simple Mail Transfer Protocol) e-mail?
A. Open TCP (transmission Control Protocol) port 110 to all inbound and outbound connections.
B. Open UDP (User Datagram Protocol) port 110 to all inbound connections.
C. Open UUP (User Datagram Protocol) port 25 to all inbound connections.
D. Open TCP (Transmission Control Protocol) port 25 to all inbound and outbound connections.
Answer: D
109. An organization’s primary purpose in conducting risk analysis in dealing with computer security is:
A. to identify vulnerabilities to the computer systems within the organization.
B. to quantify the impact of potential threats in relation to the cost of lost business-functionality.
C. to identify how much it will cost to implement countermeasures.
D. to delegate responsibility.
Answer: B
110. A user wants to send an e-mail and ensure that the message is not tampered with while in transit. Which feature of modern cryptographic systems will facilitate this?
A. confidentiality.
B. authentication.
C. integrity.
D. non-repudiation.
Answer: C
111. WTLS (Wireless Transport Layer Security) provides security services between a mobile device and a:
A. WAP (Wireless Application Protocol) gateway.
B. web server.
C. wireless client.
D. wireless network interface card.
Answer: A
112. What are three measures which aid in the prevention of a social engineering attack?
A. education, limit available information and security policy.
B. education, firewalls and security policy.
C. security policy, firewalls and incident response.
D. security policy, system logging and incident response.
Answer: A
113. A server placed into service for the purpose of attracting a potential intruder’s attention is known as a:
A. honey pot.
B. lame duck.
C. teaser.
D. pigeon.
Answer: A
114. Which of the following would be most effective in preventing network traffic sniffing?
A. deploy an IDS (Intrusion Detection System).
B. disable promiscuous mode.
C. use hubs instead of routers.
D. use switches instead of hubs.
Answer: D
115. What ports does FTP (File Transfer Protocol) use?
A. 20 and 21.
B. 25 and 110.
C. 80 and 443.
D. 161 and 162.
Answer: A
116. A decoy system that is designed to devert an attacker from accessing critical systems while collecting information about the attacker’s activity, and encouraging the attacker to sts-y on the system long enough for administrators to respond is known as:
A. DMZ (Demilitarized Zone).
B. honey pot.
C. intrusion detector.
D. screened host.
Answer: B
117. An e-mail relay server is mainly used to:
A. block all spam, which allows the e-mail system to function more efficiently without the additional load of spam.
B. prevent viruses from entering the network.
C. defend the primary e-mail server and limit the effects of any attack.
D. eliminate e-mail vulnerabilities since all e-mail is passed through the relay first.
Answer: C
118. What network mapping tool uses ICMP (Internet Control Message Protocol)?
A. port scanner.
B. map scanner.
C. ping scanner.
D. share scanner.
Answer: C
119. Which two protocols are VPN (Virtual Private Network) tunneling protocols?
A. PPP (point-to-Point Protocol) and SliP (Serial Line Internet Protocol).
B. PPP (Point-Point-Protocol) and PPTP (Point-to-Point Tunneling Protocol).
C. L2TP (Layer Two Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol).
D. SMTP (Simple Mail Transfer Protocol) and L2TP (Layer Two Tunneling Protocol).
Answer: C
120. File encryption using symmetric cryptography satisfies what security requirement?
A. confidentiality.
B. access control.
C. data integrity.
D. authentication.
Answer: A
121. An e-mail is received alerting the network administrator to the presence of a virus on the system if a specific executable file exists. What should be the first course of action?
A. Investigate the e-mail as a possible hoax with a reputable anti-virus vendor.
B. Immediately search for and delete the file if discovered.
C. Broadcast amessage to the entire organization to alert users to the presence of a virus.
D. Locate and download a patch to repair the file.
Answer: A
122. Part of a fire protection plan for a computer room should include;
A. procedures for an emergency shutdown of equipment.
B. a sprinkler system that exceeds local code requirements.
C. the exclusive use of non-flammable materials within the room.
D. fireproof doors that can be easily opened if an alarm is sounded.
Answer: A
123. Which of the following is an HTTP (Hypertext Transfer Protocol) extension or mechanism used to retain connection data, user information, history of sites visited, and can be used by attackers for spoofing an on-line identity?
A. HTTPS (Hypertext Transfer Protocol over SSL).
B. cookies.
C. HTTP (Hypertext Transfer Protocol)/l.0 Caching.
D. vCard v3.0.
Answer: B
124. ActiveX controls__________ to prove where they originated.
A. are encrypted.
B. are stored on the web server.
C. use SSL (Secure Sockets Layer).
D. are digitally signed.
Answer: D
125. A virus that hides itself by intercepting disk access requests is:
A. multipartite.
B. stealth.
C. interceptor.
D. polymorphic.
Answer: B
126. When a potential hacker looks through trash, the most useful items or information that might be found include all except:
A. an IP (Internet Protocol) address.
B. system configuration or network map.
C. old passwords.
D. system access requests.
Answer: D
127. A user logs onto a workstation using a smart card containing a private key. The user is verified when the public key is successfully factored with the private key. What security service is being provided?
A. authentication.
B. confidentiality.
C. integuity.
D. non-repudiation.
Answer: A
128. In cryptographic operations, digital signatures can be used for which of the following systems?
A. encryption.
B. asymmetric key.
C. symmetric and encryption.
D. public and decryption.
Answer: B
129. Which of the following programs is able to distribute itself without using a host file?
A. virus.
B. Trojan horse.
C. logic bomb.
D. worm.
Answer: D
130. Malicious code is installed on a server that will e-mail system keystrokes stored in a text file to the author and delete system logs every five days or whenever a backup is performed. What type of program is this?
A. virus.
B. back door.
C. logic bomb.
D. worm.
Answer: C
131. What is a common type of attack on web servers?
A. birthday.
B. buffer overflow.
C. spam.
D. brute force.
Answer: B
132. Digital signatures can be used for which of the following?
A. availability.
B. encryption.
C. decryption.
D. non-repudiation.
Answer: D
133. Malicious port scanning is a methed of attack to determine which of the following?
A. computer name
B. the fingerprint of the operating system
C. the physical cabling topology of a network
D. user IDs and passwords
Answer: B
134. What should be done to secure a DHCP (Dynamic Host Configuration Protocol) service?
A. block ports 67 and 68 at the firewall.
B. block port 53 at the firewall.
C. block ports 25 and 26 at the firewall.
D.block port 110 at the flrewall.
Answer: A
135. During the digital signature process, asymmetric cryptography satisfies what security requirement?
A. confidentiality.
B. access control.
C. data. integrity.
D. authentication.
Answer: D
136. Which security method is in place when the administrator of a network enables access lists on the routers to disable all ports that are not used?
A. MAC (Mandatory Access Control).
B. DAC (fliscretionary Access Control).
C. RBAC (Role Based Access Control).
D. SAC (Subjective Access Control).
Answer: A
137. What is the first step before a wireless solution is implemented?
A. ensure adhoc mode is enabled on the access points.
B. ensure that all users have strong passwords.
C. purchase only Wi-Fi (Wireless Fidelity) equipment.
D. perform a thorough site survey.
Answer: D
138. A system administrator discovers suspicious activity that might indicate a computer crime. The administrator should flrst:
A. refer to incident response plan.
B. change ownership of any related files to prevent tampering.
C. move any related programs and files to non-erasable media.
D. set the system time to ensure any logged information is accurate.
Answer: A
139. The information that governs and associates users and groups to certain rights to use, read, write, modify, or execute objects on the system is called a(n):
A. public key ring.
B. ACL (Access Control List).
C. digital signature.
D. CRL (Certificate Revocation Lists).
Answer: B
140. Which of the following is expected network behavior?
A. traffic coming from or going to unexpected locations.
B. non-standard or malformed packets/protocol violations.
C. repeated, failed connection attempts.
D. changes in network performance such as variations in traffic load.
Answer: D
141. Security training should emphasize that the weakest links in the security of an organization are typically:
A. firewalls.
B. policies.
C. viruses.
D. people.
Answer: D
142. For system logging to be an effective security measure, an administrator must:
A. review the logs on a regular basis.
B. implement circular logging.
C. configure the system to shutdown when the logs are fill.
D. configure SNMP (Simple Network Management Protocol) traps for logging events.
Answer: A
143. A perimeter router is configured with a restrictive ACL (Access Control List). Which transport layer protocols and ports must be allowed in order to support L2TP (Layer Two Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol) connections respectively, through the perimeter router?
A. TCP (rransmission Control Protocol) port 635 and UDP (User Dalagram Protocol) port 654
B. TCP (Fransmission Control Protocol) port 749 and UDP (User Datagram Protocol) port 781
C. UDP (User Datagram Protocol) port 1701 and TCP (transmission Control Protocol) port 1723
D. TCP (rransmission Control Protocol) port 1812 and UDP (User Datagram Protocol) port 1813
Answer: C
144. Which of the following keys is contained in a digital certificate?
A. public key.
B. private key.
C. hashing key.
D. session key.
Answer: A
145. Which of the following options describes a challenge-response session?
A. A workstation or system that generates a random challenge string that the user enters when prompted along with the proper PIN (Personal Identificatton Number).
B. a workstaiion or system Ihat generates a random login ID that the user enters when prompted along with the proper PIN (Personal Identification Number).
C. a special hardware device that is used to generate random text in a cryptography system.
D. the authentication mechanism in the workstation or system does act determine if the owner should be authenticated.
Answer: A
146. Message authentication codes are used to provide which service?
A. integrity.
B. fault recovery.
C. key recovery.
D. acknowledgement.
Answer: A
147. Single servers are frequently the targets of attacks because they contain:
A. application launch scripts.
B. security policy settings.
C. credentials for many systems and users.
D. master encryption keys.
Answer: C
148. Sensitive data traffic can be confined to workstations on a specific subnet using privilege policy based tables in the:
A. router.
B. server.
C. modem.
D. VPN (Virtual Private Network).
Answer: A
149. Which one of the following would most likely lead to a CGI (Common Gateway Interface) security problem?
A. HTTP (Hypertext Transfer Protocol) protocol.
B. compiler or interpreter that DNS the CGI (Common Gateway Interface) script.
C. the web browser.
D. external data supplied by the user.
Answer: D
150. An attacker manipulates what field of an IP (Internet Protocol) packet in an IP (Internet Protocol) spoofing attack?
A. version field.
B. source address field.
C. source port field.
D. destination address field.
Answer: B
151. What is the best method of defense against IP (Internet Protocol) spoofing attacks?
A. deploying intrusion detection systems.
B. creating a DMZ (Demilitarized Zone).
C. applying ingress filtering to routers.
D. There is not a good defense against IP (Internet Protocol) spoofing.
Answer: C
152. What access control principle requires that every user or process is given the most restricted privileges?
A. control permissions.
B. least privilege.
C. hierarchical permissions.
D. access mode.
Answer: B
153. Incorrectly detecting authorized access as an intrusion or attack is called a false:
A. negative.
B. intrusion.
C. positive.
D. alarm.
Answer: C
154. A VPN (Virtual Private Network) using IPSec (Internet Protocol Security) in the tunnel mode will provide encryption for the:
A. one time pad used in handshaking.
B. payload and message header.
C. hashing algorithm and all e-mail messages.
D. message payload only.
Answer: B
155. When implementing Kerberos authentication, which of the following factors must be accounted for?
A. Kerberos can be susceptible to man in the middle attacks to gain unauthorized access.
B. Kerberos tickets can be spoofed using replay attacks to network resources.
C. Kerberos requires a centrally managed database of all user and resource passwords.
D. Kerberos uses clear text passwords.
Answer: C
156. Which of the following protocols is most similar to SSLv3 (Secure Sockets Layer version 3)?
A. TLS (transport Layer Security).
B. MPLS (Multi-Protocol Label Switching).
C. SASL (Simple Authentication and Security Layer).
D. MLS (Multi-Layer Switching).
Answer: A
157. How should a primary DNS (D)omain Name Service) server be configured to-provide the best security against DoS (Denial of Service) and hackers?
A. disable the DNS (Domain Name Service) cache function.
B. disable application services other than DNS (Domain Name Service).
C. disable the DNS (Domain Name Service) reverse lookup function.
D. allow only encrypted zone transfer to a secondary DNS (Domain Name Service) server.
Answer: B
158. What type of security process will allow others to verify the originator of an e-mail message?
A. authentication.
B. integrity.
C. non-repudiation.
D. confidentiality.
Answer: C
159. Which of the following statements is true about Network based IDS (Intrusion Detection System)?
A. Network based (Intrusion Detection System) are never passive devices that listen on a network wire-without interfering with the normal operation of a network.
B. Network based IDS (Intrusion Detection System) are usually passive devices that listen on a network wire while interfering with the normal operation of a network.
C. Network based IDS (Intrusion Detection System) are usually intrusive devices that listen on a network wire while interfering with the normal operation of a network.
D. Network based IDS (Intrusion Detection System) are usually passive devices that listen on a network wire without interfering with the normal operation of a network.
Answer: D
160. What physical access control most adequately protects against physical piggybacking?
A. man trap.
B. security guard.
C. CCTV (Closed-Circuit Television).
D. biometrics.
Answer: A
161. Management wants to track personnel who visit unauthorized web sites. What type of detection will this be?
A. abusive detection.
B. misuse detection.
C. anomaly detection.
D. site filtering.
Answer: B
162. An administrator of a web server notices many port scans to a server. To limit exposure and vulnerability exposed by these port scans
the administrator should:
A. disable the ability to remotely scan the registry.
B. leave all processes running for possible future use.
C. close all programs or processes that use a UDP (User Datagram Protocol) or TCP (Transmission Control Protocol) port.
D. uninstall or disable any programs or processes that are not needed for the proper use of the server.
Answer: D
163. Which protocol is typically used for encrypting traffic between a web browser and web server?
A. IPSec (Internet Protocol Security).
B. HTTP (IIypertext Transfer Protocol).
C. SSL (Secure Sockets Layer).
D. VPN (Virtual Private Network).
Answer: C
164. Which of the following best describes TCP/IP (Transmission Control Protocol/Internet Protocol) session hijacking?
A. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets.
B. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered allowing third party hosts to create new IP (Internet Protocol) addresses.
C. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the server.
D. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the client.
Answer: A
165. A malformed MIME (Multipurpose Internet Mail Extensions) header can:
A. create a back door that will allow an attacker free access to a company private network.
B. create a virus that infects a user’s computer.
C. cause an unauthorized disclosure of private information.
D. cause an e-mail server to crash.
Answer: D
166. When a change to user security policy is made, the policy maker should provide appropriate documentation to:
A. the security-administrator.
B. auditors.
C. users.
D. all staff.
Answer: D
167. What technical impact may occur due to the receipt of large quantifies of spam?
A. DoS (Denial of Service).
B. processor underutilization.
C. reduction in hard drive space requirements.
D. increased network throughput.
Answer: A
168. A public key ___________ is a pervasive system whose services are implemented and delivered using public key technologies that include CAs (Certificate Authority), digital certificates, non-repudiation, and key history management.
A. cryptography scheme.
B. distribution authority.
C. exchange.
D. infrastructure.
Answer: D
169. Forging an IP (Internet Protocol) address to impersonate another machine is best defined as:
A. TCP/IP (Transmission Control Protocol/Intemet Protocol) hijacking.
B. IF (Internet Protocol) spoofing.
C. man in the middle.
D. replay.
Answer: B
170. When setting password rules, which of the following would LOWER the level of security of a network?
A. Passwords must be greater than six characters and consist at least one non-alpha.
B. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before.
C. Complex passwords that users CAN NOT remotely change are randomly generated by the administrator and given to users.
D. After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account.
Answer: C
171. Which of the following can be used to track a user’s browsing habits on the Internet
and may contain usernames and passwords?
A. digital certificates.
B. cookies.
C. ActiveX controls.
D. web server cache.
Answer: B
172. Currently, the most costly method of authentication is the use of:
A. passwords.
B. tokens.
C. biometrics.
D. shared secrets.
Answer: C
173. One of the factors that influence the lifespan of a public key certificate and its associated keys is the:
A. value of the information it is used to protect
B. cost and management fees
C. length of the asymmetric hash
D. data-available openly on the cryptographic system
Answer: A
174. FTP (Fi1e Transfer Protocol) is accessed through what ports?
A. 80 and 443.
B. 20 and 21.
C. 21 and 23.
D. 20 and 80.
Answer: B
175. The best method to use for protecting a password stored on the server used for user authentication is to:
A. store the server password in clear text.
B. hash the server password.
C. encrypt the server password with asymmetric keys.
D. encrypt the server password with a public key.
Answer: B
176. In a typical file encryption process, the asymmetric algorithm is used to?
A. encrypt symmetric keys.
B. encrypt file contents.
C. encrypt certiflcates.
D. encrypt hash results.
Answer: A
177. Which of the following protocols is used by web servers to encrypt data?
A. TCP/IP (transmission Control Protocol/Internet Protocol)
B. ActiveX
C. IPSec (Internet Protocol Security)
D. SSL (Secure Sockets Layer)
Answer: D
178. A piece of code that appears to do something useful while performing a harmful and unexpected function like stealing passwords is a:
A. virus.
B. logic bomb.
C. worm.
D. Trojan horse.
Answer: D
179. The integrity of a cryptographic system is considered compromised if which of the following conditions exist?
A. a 40-bit algorithm is used for a large financial transaction
B. the public key is disclosed
C. the private key is disclosed
D. the validity of the data source is compromised
Answer: C
180. During the digital signature process, hashing provides a means to verify what security requirement?
A. non-pudiation.
B. access control.
C. data integrity.
D. authentication.
Answer: C
181. Which of the following often requires the most effort when securing a server due to lack of available documentation?
A. hardening the OS (Operating System)
B. configuring the network
C. creating a proper security policy
D. installing the latest hot fixes and patches
Answer: A
182. One of the most effective ways for an administrator to determine what security holes reside on a network is is to:
A. perform a vulnerability assessment.
B. run a port scan.
C. run a sniffer.
D. install and monitor an IDS (Intrusion Detection System).
Answer: A
183. As it relates to digital certificates, SSLv3.0 (Secure Sockets Layer version 3.0) added which of the following key functionalities? The ability to:
A. act as a CA (Certificate Authority).
B. force client side authentication via digital certificates.
C. use x.400 certificates.
D. protect transmissions with 1024-bit symmetric encryption.
Answer: B
184. In responding to incidents such as security breaches, one of the most important steps taken is:
A. encryption.
B. authentication.
C. containment.
D. intrusion.
Answer: C
185. Missing audit log entries rnost seriously affect an organization’s ability to;
A. recover destroyed data.
B. legally prosecute an attacker.
C. evaluate system vulnerabilities.
D. create reliable system backups.
Answer: B
186. SSL (Secure Sockets Layer) is used for secure communications with:
A. file and print servers.
B. RADIUS (Remote Authentication Dial-in User Service) servers.
C. AAA (Authentication, Authorization, and Administration) servers.
D. web servers.
Answer: D
187. Non-repudiation is based on what type of key infrastructure?
A. symmetric.
B. distributed trust.
C. asymmetric.
D. user-centric.
Answer: C
188. The first step in effectively implementing a firewall is:
A. blocking unwanted incoming traffic.
B. blocking unwanted outgoing traffic.
C. developing a firewall policy.
D. protecting against DDoS (Distributed Denial of Service) attacks.
Answer: C
189. Which of the following provides the strongest authentication?
A. token
B. username and password
C. biometrics
D. one time password
Answer: C
190. A security administrator tasked with confining sensitive data traffic to a specific subnet would do so by manipulating privilege policy based tables in the networks:
A. server
B. router
C. VPN (Virtual Private Network)
D. switch
Answer: B
191. What is the best method to secure a web browser?
A. do not upgrade, as neW versions tend to have more security flaws.
B. disable any unused features of the web browser.
C. connect to the Internet using only a VPN (Virtual Private Network) connection.
D. implement a filtering policy for illegal, unknown and undesirable sites.
Answer: B
192. The most common form of authentication is the use of:
A. certificates.
B. tokens.
C. passwords.
D. biometrics.
Answer: C
193. What are the three main components of a Kerberos server?
A. authentication server, security database and a privilege server.
B. SAM (Sequential Access Method), security database and an authentication server.
C. application database, security database and system manager.
D. authentication server, security database and system manager.
Answer: A
194. Which of the following methods may be used to exploit the clear text nature of an instant-Messaging session?
A. packet sniffing.
B. port scanning.
C. crypt analysis.
D. reverse engineering.
Answer: A
195. A user receives an e-mail from a colleague in another company. The e-mail message warns of a virus that may have been accidentally sent in the pasts, and warns the user to delete a specific file if it appears on the user’s computer. The user checks and has the file. What is the best next step for the user?
A. Delete the file immediately.
B. Delete the file immediately and copy the e-mail to all distribution lists.
C. Report the contents of the message to the network administrator.
D. Ignore the message. This is a virus hoax and no action is required.
Answer: C
196. A need to know security policy Would grant access based on:
A. least privilege.
B. less privilege.
C. loss of privilege.
D. single privilege.
Answer: A
197. IDEA (International Data Encryption Algorithm), Blowfish, RC5 (Rivest Cipher 5)
and CAST-128 are encryption algorithms of which type?
A. symmetric.
B. asymmetric.
C. hashing.
D. elliptic curve.
Answer: A
198. A CRL (Certificate Revocation List) query that receives a response in near real time:
A. indicates that high availability equipment is used.
B. implies that a fault tolerant database is being used.
C. does not guarantee that fresh data is being returned.
D. indicates that the CA (Certificate Authority) is providing near real time updates.
Answer: C
199. Which of the following is a VPN (Virtual Private Network) tunneling protocol?
A. AH (Authentication Header).
B. SSH (Secure Shell).
C. IPSec (Internet Protocol Security).
D. DES (Data Encryption Standard).
Answer: C
200. Appropriate documentation of a security incident is important for each of the following reasons EXCEPT:
A. The documentation serves as a lessons learned which may help avoid further exploitation of the same vulnerability.
B. The documentation will serve as an aid to updating policy and procedure.
C. The documentation will indicate who should be fired for the incident.
D. The documentation will serve as a tool to assess the impact and damage for the incident.
Answer: C
Security+ SYO-101C
201. A network attack method that uses ICMP (Internet Control Message Protocol) and improperly formatted MTUs (Maximum Transmission Unit) to crash a target computer is known as as:
A. man in the middle attack.
B. smurf attack.
C. ping of death attack.
D. TCP SYN (Transmission Control Protocol / Synchronized) attack.
Answer: C
202. The standard encryption algorithm based on Rijndeel is known as:
A. AES (Advanced Encryption Standard).
B. 3DES (rriple Data Encryption Standard).
C. DES (Data Encryption Standard).
D. Skipjack.
Answer: A
203. A DoS (Denial of Service) attack which takes advantage of TCP’s (Transmission Control Protocol) three way handshake for new connections is known as as:
A. SYN (Synchronize) flood.
B. ping of death attack.
C. land attack.
D. buffer overflow attack.
Answer: A
204. The Bell La-Padula access control model consists of four elements. These elements are
A. subjects, objects, access modes and security levels.
B. subjects, objects, roles and groups.
C. read only, read/write, write only and read/write/delete.
D. groups, roles, access modes and security levels.
Answer: A
205. What is generally the most overlooked element of security management?
A. security awareness.
B. intrusion detection.
C. risk assessment.
D. vulnerability control.
Answer: A
206. What is the advantage of a multi-homed firewall?
A. It is relatively inexpensive to implement.
B. The firewall rules are easier to manage.
C. If the firewall is compromised, only the systems in the DMZ Demilitarized Zone) are exposed.
D. An attacker must circumvent two firewalls.
Answer: A
207. Which of the following is an example of an asymmetric encryption algorithm?
A. RCA (Rivest Cipher 4)
B. IDEA (International Data Encryption Algorithm)
C. MD5 (Message Digest-5)
D. RSA (Rivest Shamir Adelman)
Answer: D
208. Which of the following needs to be included in a SLA (Service Level Agreement) to ensure the availability of server based resources rather than guaranteed server performance levels?
A. network
B. hosting
C. application
D. security
Answer: B
209. Which access control method provides the most granular access to protected objects?
A. capabilities
B. access control lists
C. permission bits
D. profiles
Answer: B
210. The process by which remote users can make a secure connection to internal resources after establishing an Internet connection could correctly be referred to as:
A. channeling
B. tunneling
C. throughput
D. forwarding
Answer: B
211. When an ActiveX control is executed, it executes with the privileges of the:
A. current user account.
B. administrator account.
C. guest account.
D. system account.
Answer: A
212. Which of the following would best protect the confidentiality and integrity of an e-mail message?
A. SHA-1 (Secure Hashing Algorithm I).
B. IPSec (Internet Protocol Security).
C. digital signature.
D. S/MIME (Secure Multipurpose Internet Mail Extensions).
Answer: D
213. When does CHAP (Challenge Handshake Authentication Protocol) perform the handshake process?
A. when establishing a connection and at anytime after the connection is established.
B. only when establishing a connection and disconnecting.
C. only when establishing a connection.
D. only when disconnecting.
Answer: A
214. What should a firewall employ to ensure that each packet is part of an established TCP (Transmission Control Protocol) session?
A. packet filter.
B. stateless inspection.
C. stateful like inspection.
D. circuit level gateway.
Answer: C
215. Which of the following is most commonly used by an intruder to gain unauthorized-access to a system?
A. brute force attack.
B. key logging.
C. Trojan horse.
D. social engineering.
Answer: D
216. A minor configuration change which can help secure DNS (Domain Name Service) information is:
A. block all unnecessary traffic by using port filtering.
B. prevent unauthorized zone transfers.
C. require password changes every 30 days.
D. change the default password.
Answer: B
217. What determines if a user is presented with a dialog box prior to downloading an Active-X component?
A. the user’s browser setting.
B. the
|
|
|
|
|
|
|
Braindumps-Eintrag 
zurück]