Practice Test Flashcards by James Parlier

802.1Q

Standard for virtual lans

How well did you know this?

Not at all

Perfectly

A sniffer is also known as a

protocol analyzer, but an analyzer analyzes and a sniffer doesn’t

How well did you know this?

Not at all

Perfectly

Administrative controls

train personnel on security policies

How well did you know this?

Not at all

Perfectly

deterrent controls

stop an attacker from attacking in the first place

How well did you know this?

Not at all

Perfectly

detective controls

identify an attack in progress

How well did you know this?

Not at all

Perfectly

preventive controls

stop an attack before it can cause damage

How well did you know this?

Not at all

Perfectly

warm site

Dormant or performs non critical function, ready to be adapted to critical

How well did you know this?

Not at all

Perfectly

cold site

has power and network hookups, think warehouse

How well did you know this?

Not at all

Perfectly

hot site

fully configured alternative network

How well did you know this?

Not at all

Perfectly

three major steps in a continuity of operations plan

audit mitigate and recover

How well did you know this?

Not at all

Perfectly

which term is correct, risk assessment or risk analysis?

Risk assessment

How well did you know this?

Not at all

Perfectly

periodic control testing

Best way to check effectiveness of safety measures

How well did you know this?

Not at all

Perfectly

DNS Poisoning

redirects a domain name to a malicious IP address

How well did you know this?

Not at all

Perfectly

DNS hijacking

setting up a fake DNS server

How well did you know this?

Not at all

Perfectly

802.1x is a port-based authentication mechanism T or F

True

How well did you know this?

Not at all

Perfectly

802.1x works over a LAN, a Wireless Lan, or both

both

How well did you know this?

Not at all

Perfectly

hardware security module

cryptoprocessor device attached to servers and computers to provide digital key security

How well did you know this?

Not at all

Perfectly

TPM

creates a secure computing environment with cryptoprocessors

How well did you know this?

Not at all

Perfectly

Mandatory Access Control

Assigns a security level for users and resources, and the two much “match.”

How well did you know this?

Not at all

Perfectly

Transitive Authentication is also known as

single sign on

How well did you know this?

Not at all

Perfectly

Discretionary Access control is managed by

Access control lists

How well did you know this?

Not at all

Perfectly

TOTP

Time-based one time password

How well did you know this?

Not at all

Perfectly

Chap is deprecated because it

uses MD5

How well did you know this?

Not at all

Perfectly

HMAC

Hash message authentication code - uses hash and key

How well did you know this?

Not at all

Perfectly

PBKDF2 is what?

A key and/or password stretching algorith

Bcrypt is what?

password stretching algorithm

ISA stands for

Interconnection Security Agreement

Radius is used for

wireless. Remote Authentication dial in user service

Mac

Mandatory Access control, restricted, public, private etc

DAC

Discretionary access control - based on object ownership

SFTP uses port

VSAN

virtual storage area network, similar to vlan in segmentation ability

Trusted Platform Module uses what key

storage root key

What is a TPM

Trusted Platform Module, chip that stores RSA keys and uses hardware encryption

Stages of common incident response

ale

sle

aro

``` Which of the following security devices can be replicated on a Linux based computer using IP tables to inspect and properly handle network based traffic? A. Sniffer B. Router C. Firewall D. Switch ```

c. Firewall

``` QUESTION NO: 11 Mike, a network administrator, has been asked to passively monitor network traffic to the company’s sales websites. Which of the following would be BEST suited for this task? A. HIDS B. Firewall C. NIPS D. ``` Spam filter

c nips

``` QUESTION NO: 12 Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network? A. HIPS on each virtual machine B. NIPS on the network C. NIDS on the network D. HIDS on each virtual machine ```

Answer: A Explanation: Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

``` QUESTION NO: 21 Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites? A. Spam filter B. URL filter C. Content inspection D. Malware inspection ```

B. | URL filter

QUESTION NO: 25 Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a ``` page is displayed notifying him that this site cannot be visited. Which of the following is MOST likely blocking Pete’s access to this site? A. Internet content filter B. Firewall C. Proxy server D. Protocol analyzer ```

A. | Internet content filter

A security engineer is reviewing log data and sees the output below: POST: /payload.php HTTP/1.1 HOST: localhost ``` Accept: */* Referrer: http://localhost/ ******* HTTP/1.1 403 Forbidden Connection: close Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log? A. Host-based Intrusion Detection System B. Web application firewall C. Network-based Intrusion Detection System D. Stateful Inspection Firewall E. URL Content Filter ```

B. | Web application firewall

QUESTION NO: 30 An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start? A. Review past security incidents and their resolution B. Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 21 Rewrite the existing security policy C. Implement an intrusion prevention system D. Install honey pot systems

C. | Implement an intrusion prevention system

SCP uses TCP/UDP or both

TCP

TFTP uses TCP/UDP or both

UDP

``` A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another? A. Implement a virtual firewall B. Install HIPS on each VM C. Virtual switches with VLANs D. Develop a patch management guide ```

C. | Virtual switches with VLANs

A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces? A. The network uses the subnet of 255.255.255.128. B. The switch has several VLANs configured on it. C. The sub-interfaces are configured for VoIP traffic. Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 31 D. The sub-interfaces each implement quality of service.

``` A company determines a need for additional protection from rogue devices plugging into physical ports around the building. Which of the following provides the highest degree of protection from unauthorized wired network access? A. Intrusion Prevention Systems B. MAC filtering C. Flood guards D. 802.1x ```

D. | 802.1x

QUESTION NO: 48 A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface. PERMIT TCP ANY ANY 80 PERMIT TCP ANY ANY 443 Which of the following rules would accomplish this task? (Select TWO). A. Change the firewall default settings so that it implements an implicit deny B. Apply the current ACL to all interfaces of the firewall C. Remove the current ACL D. Add the following ACL at the top of the current ACLDENY TCP ANY ANY 53 E. Add the following ACL at the bottom of the current ACLDENY ICMP ANY ANY 53 F. Add the following ACL at the bottom of the current ACLDENY IP ANY ANY 53

Answer: A,F

QUESTION NO: 50 The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder? A. Remove the staff group from the payroll folder B. Implicit deny on the payroll folder for the staff group C. Implicit deny on the payroll folder for the managers group D. Remove inheritance from the payroll folder

B. | Implicit deny on the payroll folder for the staff group

A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements? A. NAT and DMZ B. VPN and IPSec C. Switches and a firewall D. 802.1x and VLANs

D. | 802.1x and VLANs

``` A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network? A. VLAN B. Subnet C. VPN D. DMZ ```

D. | DMZ

``` When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator’s request? A. DMZ B. Cloud services C. Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 47 Virtualization D. Sandboxing Answer: A Explanation: A ```

A. | DMZ

``` Which of the following IP addresses would be hosts on the same subnet given the subnet mask 255.255.255.224? (Select TWO). A. 10.4.4.125 B. 10.4.4.158 C. 10.4.4.165 D. 10.4.4.189 E. 10.4.4.199 ```

Answer: C,D

``` Which of the following would the security engineer set as the subnet mask for the servers below to utilize host addresses on separate broadcast domains? Server 1: 192.168.100.6 Server 2: 192.168.100.9 Server 3: 192.169.100.20 A. /24 B. /27 C. /28 D. /29 E. /30 ```

D. | /29

A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO). A. Deny incoming connections to the outside router interface. B. Change the default HTTP port C. Implement EAP-TLS to establish mutual authentication D. Disable the physical switch ports E. Create a server VLAN F. Create an ACL to access the server

e,f

``` Pete, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic? A. Connect the WAP to a different switch. B. Create a voice VLAN. C. Create a DMZ. D. Set the switch ports to 802.1q mode. ```

B. | Create a voice VLAN.

``` Which of the following is a programming interface that allows a remote computer to run programs on a local machine? A. RPC B. RSH C. SSH Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 58 D. SSL ```

A. RPC remote procedure call

A company’s business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model? A. Software as a Service B. DMZ C. Remote access support D. Infrastructure as a Service

A. | Software as a Service

An IT director is looking to reduce the footprint of their company’s server environment. They have decided to move several internally developed software applications to an alternate environment, supported by an external company. Which of the following BEST describes this arrangement? A. Infrastructure as a Service B. Storage as a Service C. Platform as a Service D. Software as a Service

Answer: A

``` A company’s legacy server requires administration using Telnet. Which of the following protocols could be used to secure communication by offering encryption at a lower OSI layer? (Select TWO). A. IPv6 B. SFTP C. IPSec D. SSH E. IPv4 ```

Answer: A,C

Bind is what?

DNS

AAAA record does what?

links a FQDN to an ipv6 address

``` Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network? A. Single sign on Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 76 B. IPv6 C. Secure zone transfers D. VoIP ```

Answer: C

``` An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used? A. WEP B. LEAP C. EAP-TLS Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 78 D. TKIP ```

C. | EAP-TLS

``` FTP/S uses which of the following TCP ports by default? A. 20 and 21 B. 139 and 445 C. 443 and 22 D. 989 and 990 ```

D. | 989 and 990

``` Which of the following protocols is used by IPv6 for MAC address resolution? A. NDP B. ARP C. DNS D. NCP ```

Answer: A Explanation: The Neighbor Discovery Protocol (NDP) is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6).

``` Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections? A. 21/UDP B. 21/TCP C. 22/UDP D. 22/TCP ```

Answer: D Explanation: SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

A security analyst noticed a colleague typing the following command: `Telnet some-host 443’ Which of the following was the colleague performing? A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack. B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. C. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead. D. A mistaken port being entered because telnet servers typically do not listen on port 443.

B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.

``` A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this? Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 88 A. ICMP B. BGP C. NetBIOS D. DNS ```

C. | NetBIOS

LDAP Port

389

``` A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened on the firewall in order for this VPN to function properly? (Select TWO). A. UDP 1723 B. TCP 500 Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 94 C. TCP 1723 D. UDP 47 E. TCP 47 ```

C and D

DHCP Port

``` By default, which of the following uses TCP port 22? (Select THREE). A. FTPS B. STELNET C. TLS D. SCP E. SSL F. HTTPS G. SSH H. SFTP ```

Answer: D,G,H

A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place? A. IV attack B. WEP cracking C. WPA cracking D. Rogue AP

C. | WPA cracking

Which of the following is a step in deploying a WPA2-Enterprise wireless network? Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 106 A. Install a token on the authentication server B. Install a DHCP server on the authentication server C. Install an encryption key on the authentication server D. Install a digital certificate on the authentication server

``` A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption. Which of the following should be implemented? A. WPA2-CCMP with 802.1X B. WPA2-PSK C. WPA2-CCMP D. WPA2-Enterprise ```

Answer: D

``` A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network. Which of the following should the administrator implement? A. WPA2 over EAP-TTLS B. WPA-PSK C. WPA2 with WPS D. WEP over EAP-PEAP ```

Which of the following BEST describes the weakness in WEP encryption? A. The initialization vector of WEP uses a crack-able RC4 encryption algorithm.Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived. B. The WEP key is stored in plain text and split in portions across 224 packets of random data.Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key. C. The WEP key has a weak MD4 hashing algorithm used.A simple rainbow table can be used to generate key possibilities due to MD4 collisions. D. The WEP key is stored with a very small pool of random numbers to make the cipher text.As the random numbers are often reused it becomes easy to derive the remaining WEP key.

``` Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords? A. EAP-MD5 B. WEP C. PEAP-MSCHAPv2 D. EAP-TLS ```

Answer: C Explanation: PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards.

Matt, a systems security engineer, is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a server side certificate, and uses TLS tunnels for encryption. Which credential type authentication method BEST fits these requirements? A. EAP-TLS B. EAP-FAST C. PEAP-CHAP D. PEAP-MSCHAPv2

Answer: D Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 111 Explanation: PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards. Only servers running Network Policy Server (NPS) or PEAP-MS-CHAP v2 are required to have a certificate.

``` Which of the following means of wireless authentication is easily vulnerable to spoofing? A. MAC Filtering B. WPA - LEAP C. WPA - PEAP D. Enabled SSID ```

A. | MAC Filtering

QUESTION NO: 165 A company provides secure wireless Internet access for visitors and vendors working onsite. Some of the vendors using older technology report that they are unable to access the wireless network after entering the correct network information. Which of the following is the MOST likely reason for this issue? A. The SSID broadcast is disabled. B. The company is using the wrong antenna type. C. The MAC filtering is disabled on the access point. D. The company is not using strong enough encryption.

A. | The SSID broadcast is disabled.

``` An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue? A. WEP B. CCMP C. TKIP D. RC4 ```

B. | CCMP

``` A system administrator wants to enable WPA2 CCMP. Which of the following is the only encryption used? A. RC4 B. DES C. 3DES D. AES ```

``` Which of the following is a directional antenna that can be used in point-to-point or point-to-multipoint WiFi communication systems? (Select TWO). A. Backfire B. Dipole C. Omni D. PTZ E. Dish ```

Answer: A,E Explanation: Both the Backfire and the Dish antennae are high gain antenna types that transmit a narrow beam of signal. It can therefore be used as a point-to-point antenna over short distances, but as point-tomulti- point antenna over longer distances.

Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks? A. Implement a HIDS to protect the SCADA system B. Implement a Layer 2 switch to access the SCADA system Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 130 C. Implement a firewall to protect the SCADA system D. Implement a NIDS to protect the SCADA system

Answer: C Explanation: Firewalls manage traffic using filters, which is just a rule or set of rules. A recommended guideline for firewall rules is, “deny by default; allow by exception”. This means that if a network connection is not specifically allowed, it will be denied.

A security administrator must implement a firewall rule to allow remote employees to VPN onto the company network. The VPN concentrator implements SSL VPN over the standard HTTPS port. Which of the following is the MOST secure ACL to implement at the company's gateway firewall? A. PERMIT TCP FROM ANY 443 TO 199.70.5.25 443 B. PERMIT TCP FROM ANY ANY TO 199.70.5.23 ANY C. PERMIT TCP FROM 199.70.5.23 ANY TO ANY ANY D. PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443

Answer: D Explanation: The default HTTPS port is port 443. When configuring SSL VPN you can change the default port for HTTPS to a port within the 1024-65535 range. This ACL will allow traffic from VPNs using the 1024-65535 port range to access the company network via company's gateway firewall on port 443.

Ann, the Chief Information Officer (CIO) of a company, sees cloud computing as a way to save money while providing valuable services. She is looking for a cost-effective solution to assist in capacity planning as well as visibility into the performance of the network. Which of the following cloud technologies should she look into? A. Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 134 IaaS B. MaaS C. SaaS D. PaaS

Answer: B Explanation: Monitoring-as-a-service (MaaS) is a cloud delivery model that falls under anything as a service (XaaS). MaaS allows for the deployment of monitoring functionalities for several other services and applications within the cloud.

``` An organization recently switched from a cloud-based email solution to an in-house email server. The firewall needs to be modified to allow for sending and receiving email. Which of the following ports should be open on the firewall to allow for email traffic? (Select THREE). A. TCP 22 B. TCP 23 C. TCP 25 D. TCP 53 E. TCP 110 F. TCP 143 G. TCP 445 ```

Answer: C,E,F

Secure LDAP port

636

A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption. Which of the following would be the BEST course of action for the consultant to recommend? A. Replace the unidirectional antenna at the front of the store with an omni-directional antenna. B. Change the encryption used so that the encryption protocol is CCMP-based. C. Disable the network's SSID and configure the router to only access store devices based on MAC addresses. D. Increase the access point's encryption from WEP to WPA TKIP.

A server is configured to communicate on both VLAN 1 and VLAN 12. VLAN 1 communication works fine, but VLAN 12 does not. Which of the following MUST happen before the server can communicate on VLAN 12? A. The server's network switch port must be enabled for 802.11x on VLAN 12. B. The server's network switch port must use VLAN Q-in-Q for VLAN 12. C. The server's network switch port must be 802.1q untagged for VLAN 12. D. The server's network switch port must be 802.1q tagged for VLAN 12.

Answer: D Explanation: 802.1q is a standard that defines a system of VLAN tagging for Ethernet frames. The purpose of a tagged port is to pass traffic for multiple VLAN's.

``` A major security risk with co-mingling of hosts with different security requirements is: A. Security policy violations. B. Zombie attacks. C. Password compromises. D. Privilege creep. Comptia SY0-401 Exam " ```

Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together? A. Least privilege access B. Separation of duties C. Mandatory access control D. Mandatory vacations

While rarely enforced, mandatory vacation policies are effective at uncovering: A. Help desk technicians with oversight by multiple supervisors and detailed quality control systems. B. Collusion between two employees who perform the same business function. C. Acts of incompetence by a systems engineer designing complex architectures as a member of a team. Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 154 D. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.

``` A company that has a mandatory vacation policy has implemented which of the following controls? A. Risk control B. Privacy control C. Technical control D. Physical control ```

The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine who may be responsible. Which of the following would be the BEST course of action? A. Create a single, shared user account for every system that is audited and logged based upon time of use. B. Implement a single sign-on application on equipment with sensitive data and high-profile shares. C. Enact a policy that employees must use their vacation time in a staggered schedule. D. Separate employees into teams led by a person who acts as a single point of contact for observation purposes.

Answer: C

``` In order to prevent and detect fraud, which of the following should be implemented? A. Job rotation B. Risk analysis C. Incident management D. Employee evaluations ```

The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future? A. Job rotation B. Separation of duties C. Mandatory Vacations D. Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 159 Least Privilege

Answer: B

One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following? A. Mandatory access B. Rule-based access control C. Least privilege D. Job rotation

C. | Least privilege

A security administrator notices that a specific network administrator is making unauthorized changes to the firewall every Saturday morning. Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall? A. Mandatory vacations B. Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 162 Job rotation C. Least privilege D. Time of day restrictions

C. | Least privilege

``` Identifying residual risk is MOST important to which of the following concepts? A. Risk deterrence B. Risk acceptance C. Risk mitigation D. Risk avoidance ```

RPO stands for

Recovery Point Objective

CIA

Confidentiality , Integrity, Availability

Which of the following is the GREATEST security risk of two or more companies working together under a Memorandum of Understanding? A. Budgetary considerations may not have been written into the MOU, leaving an entity to absorb more cost than intended at signing. B. MOUs have strict policies in place for services performed between the entities and the penalties for compromising a partner are high. C. MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities. D. MOUs between two companies working together cannot be held to the same legal standards as SLAs.

C. MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities.

``` The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity? Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 179 A. Application hardening B. Application firewall review C. Application change management D. Application patch management ```

``` Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages? A. Risk transference B. Change management C. Configuration management D. Access control revalidation ```

``` A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals? (Select TWO). A. Patch Audit Policy B. Change Control Policy C. Incident Management Policy D. Regression Testing Policy E. Escalation Policy F. Application Audit Policy ```

b,d

Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes? A. User rights and permissions review B. Configuration management C. Incident management D. Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 186 Implement security controls on Layer 3 devices

``` The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future? A. User permissions reviews B. Incident response team C. Change management D. Routine auditing ```

D. | Routine auditing

The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture. Which of the following risk mitigation strategies is MOST important to the security manager? A. User permissions B. Policy enforcement Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 188 C. Routine audits D. Change management

C. | Routine audits

DLP

Data Loss Prevention

Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed. Which of the following would be the BEST control to implement? A. File encryption B. Printer hardening C. Clean desk policies D. Data loss prevention

DLP

``` Which of the following security strategies allows a company to limit damage to internal systems and provides loss control? A. Restoration and recovery strategies Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 191 B. Deterrent strategies C. Containment strategies D. Detection strategies ```

``` Which of the following assets is MOST likely considered for DLP? Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 194 A. Application server content B. USB mass storage devices C. Reverse proxy D. Print server ```

``` Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use? A. Email scanning B. Content discovery C. Database fingerprinting D. Endpoint protection ```

``` Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools? A. Identify user habits B. Disconnect system from network C. Capture system image D. Interview witnesses ```

C. | Capture system image

``` A security administrator needs to image a large hard drive for forensic analysis. Which of the following will allow for faster imaging to a second hard drive? A. cp /dev/sda /dev/sdb bs=8k B. Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 202 tail -f /dev/sda > /dev/sdb bs=8k C. dd in=/dev/sda out=/dev/sdb bs=4k D. locate /dev/sda /dev/sdb bs=4k ```

Answer: C

NTP

Network Time Protocol

``` The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. Which of the following phases of incident response is MOST appropriate as a FIRST response? A. Recovery B. Follow-up C. Validation D. Identification E. Eradication F. Containment ```

``` In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence? A. Mitigation B. Identification C. Preparation D. Lessons learned ```

QUESTION NO: 307 A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server? A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan. C. Format the storage and reinstall both the OS and the data from the most current backup. Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 214 D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.

A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.

``` In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Select TWO). A. Take hashes B. Begin the chain of custody paperwork C. Take screen shots D. Capture the system image E. Decompile suspicious files ```

a , d

Sara, a company’s security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of the following? ``` A. Acceptable Use Policy B. Physical security controls C. Technical controls D. Security awareness training ```

Answer: D

Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks? A. User Awareness B. Acceptable Use Policy C. Personal Identifiable Information D. Information Sharing

``` QUESTION NO: 319 End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer: A. Date of birth. B. First and last name. C. Phone number. D. Employer name. ```

Answer: A Explanation: Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Date of birth is personally identifiable information.

``` Which of the following policies is implemented in order to minimize data loss or theft? A. PII handling B. Password policy C. Chain of custody D. Zero day exploits ```

Answer: A

``` QUESTION NO: 326 What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)? A. Enticement B. Entrapment C. Deceit D. Sting ```

A. | Enticement

QUESTION NO: 329 Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company’s network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement? A. line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password B. line console 0 password password line vty 0 4 password P@s5W0Rd C. line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd D. line vty 0 3 password Qwer++!Y line console 0 password P@s5W0Rd

``` Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss? A. Record time offset B. Clean desk policy C. Cloud computing D. Routine log review ```

``` The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Select TWO). A. Fire- or water-proof safe. B. Department door locks. C. Proximity card. D. 24-hour security guard. E. Locking cabinets and drawers. ```

a, e

A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature? A. TCP/IP socket design review B. Executable code review C. OS Baseline comparison D. Software architecture review

The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST Comptia SY0-401 Exam "Pass Any Exam. Any Time." - www.actualtests.com 235 protect people from which of the following? A. Rainbow tables attacks B. Brute force attacks C. Birthday attacks D. Cognitive passwords attacks

``` Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment? A. Water base sprinkler system B. Electrical C. HVAC D. Video surveillance ```

Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter? A. Increased availability of network services due to higher throughput B. Longer MTBF of hardware due to lower operating temperatures C. Higher data integrity due to more efficient SSD cooling D. Longer UPS run time due to increased airflow

B. | Longer MTBF of hardware due to lower operating temperatures

EMI Shielding prevents theft of data t/f

EMI Shielding is an environmental control t/f

Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this? A. ``` Structured walkthrough B. Full Interruption test C. Checklist test D. Tabletop exercise ```

Structured walkthrough

``` Which of the following is the MOST specific plan for various problems that can arise within a system? A. Business Continuity Plan B. Continuity of Operation Plan C. Disaster Recovery Plan D. IT Contingency Plan ```

``` Which of the following provides the LEAST availability? A. RAID 0 B. RAID 1 C. RAID 3 D. RAID 5 ```

TPM

Trusted platform module - has hard drive encryption

AES is symmetric or Asymmetric?

Symmetric

SAML

Xml based, security assertion markup language

what auth method uses shared secrets?

RADIUS

Host software baseline identifies what?

list of approved software.

Host software baseline is also called

application baseline

TOTP

Time based one time password

which review ensures systems are developed properly?

Design review

What uses a storage root key?

TPM

STP and RSTP do what

prevent loop switching problems

PKI requires what?

a CA

RTO

Recovery Time Objective. When do you have to be back on line?

RPO

Recovery Point Objective - how much data can you lose?

``` After copying a sensitive document from his desktop to a flash drive, Joe, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Joe’s desktop remain encrypted when moved to external media or other network based storage? A. Whole disk encryption B. Removable disk encryption C. Database record level encryption D. File level encryption ```

Answer: D Explanation: Encryption is used to ensure the confidentiality of information. In this case you should make use of file level encryption. File level encryption is a form of disk encryption where individual files or directories are encrypted by the file system itself. This is in contrast to full disk encryption where the entire partition or disk, in which the file system resides, is encrypted.

DLP

Data Loss Prevention

``` Which of the following will BEST mitigate the risk if implemented on the switches? A. Spanning tree B. Flood guards C. Access control lists D. Syn flood ```

IPV6 uses NDP/ARP

NDP

HMAC is included in IPSEC

True

Practice Test Flashcards

(161 cards)