Professional Documents
Culture Documents
Sy0 201
Sy0 201
Sy0 201
Practice Test
Version 2.4
CompTIA SY0-201: Practice Exam QUESTION NO: 1 All of the following provide confidentiality protection as part of the underlying protocol EXCEPT: A. SSL. B. SSH. C. L2TP. D. IPSeC. Answer: C
QUESTION NO: 2 Which of the following allows an attacker to manipulate files by using the least significant bit(s) to secretly embed data? A. Steganography B. Worm C. Trojan horse D. Virus Answer: A
QUESTION NO: 3
Which of the following type of attacks would allow an attacker to capture HTTP requests and send back a spoofed page? A. Teardrop B. TCP/IP hijacking C. Phishing D. Replay Answer: B
QUESTION NO: 4 How should a company test the integrity of its backup data? A. By conducting another backup B. By using software to recover deleted files C. By restoring part of the backup "Pass Any Exam. Any Time." - www.actualtests.com 2
Ac
tua
lTe
sts
.co
QUESTION NO: 5 Which of following can BEST be used to determine the topology of a network and discover unknown devices? A. Vulnerability scanner B. NIPS C. Protocol analyzer D. Networkmapper
QUESTION NO: 6
Answer: C
QUESTION NO: 7
An administrator has implemented a new SMTP service on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the servers public IP address is now reported in a spam real-time block list.Which of the following is wrong with the server? A. SMTP open relaying isenableD. B. It does not have a spam filter. C. The amount of sessions needs to belimiteD. D. The public IP address is incorrect. Answer: A
Ac
tua
lTe
A. When the technician suspects that weak passwords exist on the network B. When the technician is trying to guess passwords on a network C. When the technician has permission from the owner of the network D. When the technician is war driving and trying to gain access
sts
.co
Answer: D
CompTIA SY0-201: Practice Exam QUESTION NO: 8 Which of the following is MOST efficient for encrypting large amounts of data? A. Hashing algorithms B. Symmetric key algorithms C. Asymmetric key algorithms D. ECC algorithms Answer: B
QUESTION NO: 9 Which of the following is a reason why a company should disable the SSID broadcast of the wireless access points? A. Rogue access points B. War driving C. Weak encryption D. Session hijacking Answer: B
QUESTION NO: 10
Which of the following BEST describes ARP? A. Discovering the IP address of a device from the MAC address B. Discovering the IP address of a device from the DNS name C. Discovering the MAC address of a device from the IP address D. Discovering the DNS name of a device from the IP address Answer: C
QUESTION NO: 11 Which of the following would be BEST to use to apply corporate security settings to a device? A. A security patch B. A securityhotfix C. An OS service pack D. A security template "Pass Any Exam. Any Time." - www.actualtests.com 4
Ac
tua
lTe
sts
.co
QUESTION NO: 12 A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protected. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If the anti-malware software is purchased, which of the following is the expected net savings? A. $900 B. $2,290 C. $2,700 D. $5,000b Answer: B
QUESTION NO: 13
Which of the following is the main objective of steganography? A. Message digest B. Encrypt information C. Hide information D. Data integrity Answer: C
QUESTION NO: 14 Which of the following would allow for secure key exchange over an unsecured network without a pre-shared key? A. 3DES B. AES C. DH-ECC D. MD5 Answer: C
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam QUESTION NO: 15 Which of the following improves security in a wireless system? A. IP spoofing B. MAC filtering C. SSID spoofing D. Closed network Answer: B
QUESTION NO: 16 A user wants to implement secure LDAP on the network. Which of the following port numbers secure LDAP use by default? A. 53 B. 389 C. 443 D. 636 Answer: D
QUESTION NO: 17
On which of the following is a security technician MOST likely to find usernames? A. DNS logs B. Application logs C. Firewall logs D. DHCP logs Answer: B
QUESTION NO: 18 How many keys are utilized with asymmetric cryptography? A. One B. Two C. Five D. Seven "Pass Any Exam. Any Time." - www.actualtests.com 6
Ac
tua
lTe
sts
.co
QUESTION NO: 19 During a risk assessment it is discovered that only one system administrator is assigned several tasks critical to continuity of operations. It is recommended to cross train other system administrators to perform these tasks and mitigate which of the following risks? A. DDoS B. Privilege escalation C. Disclosure of PII D. Single point of failure Answer: D
QUESTION NO: 20
Which of the following network filtering devices will rely on signature updates to be effective? A. Proxy server B. Firewall C. NIDS D. Honeynet Answer: C
Which of the following is a single server that is setup in the DMZ or outer perimeter in order to distract attackers? A. Honeynet B. DMZ C. Honeypot D. VLAN Answer: C
QUESTION NO: 22
Ac
QUESTION NO: 21
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam Which of the following encryption algorithms is decrypted in the LEAST amount of time? A. RSA B. AES C. 3DES D. L2TP Answer: B
QUESTION NO: 23 An administrator is trying to secure a network from threats originating outside the network. Which of the following devices provides protection for the DMZ from attacks launched from the Internet? A. Antivirus B. Content filter C. Firewall D. Proxy server Answer: C
Which of the following is a way to manage operating system updates? A. Service pack management B. Patch application C. Hotfix management D. Change management Answer: D
QUESTION NO: 25 Which of the following is a list of discrete entries that are known to be benign? A. Whitelist B. Signature C. Blacklist D. ACL Answer: A "Pass Any Exam. Any Time." - www.actualtests.com 8
Ac
tua
lTe
QUESTION NO: 24
sts
.co
QUESTION NO: 26 Which of the following increases the collision resistance of a hash? A. Salt B. Increase the input length C. Rainbow Table D. Larger key space Answer: A
QUESTION NO: 27 A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production application server, which of the following processes should be followed? A. Change management B. Secure disposal C. Password complexity D. Chain of custody Answer: A
QUESTION NO: 28
When deploying 50 new workstations on the network, which of following should be completed FIRST? A. Install a word processor. B. Run the latestspywarE. C. Apply the baseline configuration. D. Run OS updates. Answer: C
QUESTION NO: 29 Which of the following should be implemented to have all workstations and servers isolated in their own broadcast domains? "Pass Any Exam. Any Time." - www.actualtests.com 9
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam A. VLANs B. NAT C. Access lists D. Intranet Answer: A
QUESTION NO: 30 End users are complaining about receiving a lot of email from online vendors and pharmacies. Which of the following is this an example of? A. Trojan B. Spam C. Phishing D. DNS poisoning Answer: B
QUESTION NO: 31
Answer: A
QUESTION NO: 32 Which of the following logs might reveal the IP address and MAC address of a rogue device within the local network? A. Security logs B. DHCP logs C. DNS logs D. Antivirus logs Answer: B
Ac
tua
A. The key owner has exclusive access to the private key. B. Everyone has access to the private key on the CA. C. Only the CA has access to the private key. D. The key owner and a recipient of an encrypted email have exclusive access to the private key.
lTe
Which of the following BEST describes a private key in regards to asymmetric encryption?
sts
.co
10
QUESTION NO: 33 Which of the following is commonly used in a distributed denial of service (DDOS) attack? A. Phishing B. Adware C. Botnet D. Trojan Answer: C
QUESTION NO: 34 Which of the following practices is MOST relevant to protecting against operating system security flaws? A. Network intrusion detection B. Patch management C. Firewall configuration D. Antivirus selection Answer: B
QUESTION NO: 35
Which of the following is a best practice for coding applications in a secure manner? A. Input validation B. Object oriented coding C. Rapid Application Development (RAD) D. Cross-site scripting Answer: A
QUESTION NO: 36 Which of the following technologies can be used as a means to isolate a host OS from some types of security threats?
Ac
tua
lTe
sts
.co
11
CompTIA SY0-201: Practice Exam A. Intrusion detection B. Virtualization C. Kiting D. Cloning Answer: B
QUESTION NO: 37 Which of the following network tools would provide the information on what an attacker is doing to compromise a system? A. Proxy server B. Honeypot C. Internet content filters D. Firewall Answer: B
QUESTION NO: 38
Answer: C
QUESTION NO: 39 Which of the following logical access controls would be MOST appropriate to use when creating an account for a temporary worker? A. ACL B. Account expiration C. Time of day restrictions D. Logical tokens
Ac
tua
lTe
Assigning proper security permissions to files and folders is the primary method of mitigating which of the following?
sts
.co
12
QUESTION NO: 40 Which of the following may be an indication of a possible system compromise? A. A port monitor utility shows that there are many connections to port 80 on the Internet facing web server. B. A performance monitor indicates a recent and ongoing drop in speed, disk space or memory utilization from the baseline. C. A protocol analyzer records a high number of UDP packets to a streaming media server on the Internet. D. The certificate for one of the web servers has expired and transactions on that server begins to drop rapidly. Answer: B
QUESTION NO: 41
Answer: B
QUESTION NO: 42 Which of the following access control methods gives the owner control over providing permissions? A. Role-Based Access Control (RBAC) B. Rule-Based Access control (RBAC) C. Mandatory Access Control (MAC) D. Discretionary Access Control (DAC) Answer: D "Pass Any Exam. Any Time." - www.actualtests.com 13
Ac
tua
lTe
An administrator suspects that files are being copied to a remote location during off hours. The file server does not have logging enabled. Which of the following logs would be the BEST place to look for information?
sts
.co
QUESTION NO: 43 Which of the following access control methods grants permissions based on the users position in the company? A. Mandatory Access Control (MAC) B. Rule-Based Access control (RBAC) C. Discretionary Access Control (DAC) D. Role-Based Access Control (RBAC) Answer: D
QUESTION NO: 44
Answer: A
QUESTION NO: 45
Which of the following authentication methods would MOST likely prevent an attacker from being able to successfully deploy a replay attack? A. TACACS B. RAS C. RADIUS D. Kerberos Answer: D
QUESTION NO: 46 Which of the following would an attacker use to footprint a system?
Ac
tua
lTe
sts
.co
Which of the following access control methods includes switching work assignments at preset intervals?
14
CompTIA SY0-201: Practice Exam A. RADIUS B. Password cracker C. Port scanner D. Man-in-the-middle attack Answer: C
QUESTION NO: 47 Which of the following ensures a user cannot deny having sent a message? A. Availability B. Integrity C. Non-repudiation D. Confidentiality Answer: C
Which of the following allows an attacker to embed a rootkit into a picture? A. Trojan horse B. Worm C. Steganography D. Virus Answer: C
QUESTION NO: 49
Which of the following is a publication of inactivated user certificates? A. Certificate revocation list B. Certificate suspension C. Recovery agent D. Certificate authority Answer: A
Ac
tua
lTe
sts
QUESTION NO: 48
.co
15
CompTIA SY0-201: Practice Exam QUESTION NO: 50 Which of the following is a method of encrypting email? A. S/MIME B. SMTP C. L2TP D. VPN Answer: A
QUESTION NO: 51 Which of the following risks would be reduced by implementing screen filters? A. Replay attacks B. Phishing C. Man-in-the-middle attacks D. Shoulder surfing Answer: D
QUESTION NO: 52
Answer: D
QUESTION NO: 53 Which of the following will propagate itself without any user interaction? A. Worm B. Rootkit C. Trojan D. Virus "Pass Any Exam. Any Time." - www.actualtests.com 16
Ac
tua
Which of the following allows an attacker to hide the presence of malicious code by altering the systems process and registry entries?
lTe
sts
.co
QUESTION NO: 54 An administrator wants to setup their network with only one public IP address. Which of the following would allow for this? A. DMZ B. VLAN C. NIDS D. NAT Answer: D
QUESTION NO: 55
Answer: B
QUESTION NO: 56
Which of the following allows a technician to correct a specific issue with a solution that has not been fully tested? A. Patch B. Hotfix C. Security roll-up D. Service pack Answer: B
Ac
tua
lTe
sts
An administrator wants to proactively collect information on attackers and their attempted methods of gaining access to the internal network. Which of the following would allow the administrator to do this?
.co
CompTIA SY0-201: Practice Exam A technician wants to regulate and deny traffic to websites that contain information on hacking. Which of the following would be the BEST solution to deploy? A. Internet content filter B. Proxy C. Protocol analyzer D. NIDS Answer: A
QUESTION NO: 58 Which of the following is the LEAST intrusive way of checking the environment for known software flaws? A. Protocol analyzer B. Vulnerability scanner C. Port scanner D. Penetration test Answer: B
QUESTION NO: 59
Answer: B
QUESTION NO: 60 Which of the following requires an update to the baseline after installing new software on a machine? A. Signature-based NIPS B. Signature-based NIDS C. Honeypot
Ac
A. Run the recovery agent. B. Put the certificate on the CRL. C. Put the certificate in key escrow. D. Suspend the certificate for further investigation.
tua
lTe
sts
.co
18
QUESTION NO: 61 Which of the following would be the MOST secure choice to implement for authenticating remote connections? A. LDAP B. 8021x C. RAS D. RADIUS
QUESTION NO: 62
Answer: C
QUESTION NO: 63
Which of the following can be used as a means for dual-factor authentication? A. RAS and username/password B. RADIUS and L2TP C. LDAP and WPA D. Iris scan and proximity card Answer: D
QUESTION NO: 64
Ac
tua
lTe
sts
Which of the following is the BEST way to reduce the number of accounts a user must maintain?
.co
Answer: D
19
CompTIA SY0-201: Practice Exam After implementing file auditing, which of the following logs would show unauthorized usage attempts? A. Performance B. System C. Security D. Application Answer: C
QUESTION NO: 65 Which of the following type of attacks requires an attacker to sniff the network? A. Man-in-the-Middle B. DDoS attack C. MAC flooding D. DNS poisoning Answer: A
Answer: C
QUESTION NO: 67 Which of the following attacks can be caused by a user being unaware of their physical surroundings? A. ARP poisoning B. Phishing C. Shoulder surfing
Ac
tua
If a user attempts to go to a website and notices the URL has changed, which of the following attacks is MOST likely the cause?
lTe
QUESTION NO: 66
sts
.co
20
QUESTION NO: 68 Which of the following actions should be performed upon discovering an unauthorized wireless access point attached to a network? A. Unplug the Ethernet cable from the wireless access point. B. Enable MAC filtering on the wireless access point. C. Change the SSID on the wireless access point. D. Run a ping against the wireless access point.
QUESTION NO: 69
Answer: C
QUESTION NO: 70
During the implementation of LDAP, which of the following will typically be changed within the organizations software programs? A. IP addresses B. Authentication credentials C. Non-repudiation policy D. Network protocol Answer: B
Ac
tua
A. Hot site B. Uninterruptible Power Supply (UPS) C. Warm site D. Cold site
lTe
sts
Which of the following redundancy solutions contains hardware systems similar to the affected organization, but does not provide live data?
.co
Answer: A
21
CompTIA SY0-201: Practice Exam QUESTION NO: 71 Which of the following would be MOST useful to determine why packets from a computer outside the network are being dropped on the way to a computer inside the network? A. HIDS log B. Security log C. Firewall log D. System log Answer: C
QUESTION NO: 72
An administrator has been asked to encrypt credit card datA. Which of the following algorithms would be the MOST secure with the least CPU utilization? A. 3DES B. AES C. SHA-1 D. MD5 Answer: B
QUESTION NO: 74 Which of the following algorithms is the LEAST secure? A. NTLM B. MD5 "Pass Any Exam. Any Time." - www.actualtests.com 22
Ac
tua
QUESTION NO: 73
lTe
Answer: A
sts
A. The cell phone should require a password after a set period of inactivity. B. The cell phone should only be used for company related emails. C. The cell phone data should be encrypted according to NIST standards. D. The cell phone should have data connection abilitiesdisableD.
.co
Which of the following security policies is BEST to use when trying to mitigate the risks involved with allowing a user to access company email via their cell phone?
QUESTION NO: 75 Which of the following algorithms is MOST closely associated with the signing of email messages? A. MD5 B. TKIP C. PGP D. SHA-1
QUESTION NO: 76
Answer: B
QUESTION NO: 77 A technician needs to detect staff members that are connecting to an unauthorized website. Which of the following could be used? A. Protocol analyzer B. Bluesnarfing C. Host routing table D. HIDS Answer: A
Ac
tua
lTe
An executive uses PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the body of the email, the executive wishes to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which of the following asymmetric keys should the executive use to encrypt the signature?
sts
.co
Answer: C
23
QUESTION NO: 78 An administrator suspects that multiple PCs are infected with a zombie. Which of the following tools could be used to confirm this? A. Antivirus B. Recovery agent C. Spyware D. Port scan Answer: A
QUESTION NO: 79
Answer: B
QUESTION NO: 80
A malware incident has just been detected within a company. Which of the following should be the administrators FIRST response? A. Removal B. Containment C. Recovery D. Monitor Answer: B
QUESTION NO: 81 Taking into account personal safety, which of the following types of fire suppression substances would BEST prevent damage to electronic equipment? "Pass Any Exam. Any Time." - www.actualtests.com 24
Ac
tua
lTe
sts
.co
Which of the following is an example of security personnel that administer access control functions, but do not administer audit functions?
QUESTION NO: 82 Which of the following describes the process of securely removing information from media (E. g. hard drive) for future use? A. Reformatting B. Destruction C. Sanitization D. Deleting Answer: C
QUESTION NO: 83
Answer: B
QUESTION NO: 84 Which of the following type of strategies can be applied to allow a user to enter their username and password once in order to authenticate to multiple systems and applications? A. Two-factor authentication B. Single sign-on C. Smart card D. Biometrics Answer: B
Ac
tua
lTe
sts
.co
25
QUESTION NO: 85 User A is a member of the payroll security group. Each member of the group should have read/write permissions to a share. User A was trying to update a file but when the user tried to access the file the user was denied. Which of the following would explain why User A could not access the file? A. Privilege escalation B. Rights are not set correctly C. Least privilege D. Read only access Answer: B
QUESTION NO: 86
Answer: A
QUESTION NO: 87
Which of the following methods is used to perform denial of service (DoS) attacks? A. Privilege escalation B. Botnet C. Adware D. Spyware Answer: B
QUESTION NO: 88
Ac
tua
lTe
sts
Which of the following threats is the MOST difficult to detect and hides itself from the operating system?
.co
26
CompTIA SY0-201: Practice Exam Which of the following is an attack that is triggered by a specific event or by a date? A. Logic bomb B. Spam C. Rootkit D. Privilege escalation Answer: A
QUESTION NO: 89 Which of the following can an attacker use to gather information on a system without having a user ID or password? A. NAT B. DNS poisoning C. Null session D. Spoofing Answer: C
Which of the following is a way to logically separate a network through a switch? A. Spanning port B. Subnetting C. VLAN D. NAT Answer: C
QUESTION NO: 91 Which of the following is a security threat when a new network device is configured for first-time installation? A. Attacker privilege escalation B. Installation of a back door C. Denial of Service (DoS) D. Use of default passwords
Ac
tua
lTe
QUESTION NO: 90
sts
.co
27
QUESTION NO: 92 Which of the following is an exploit against a device where only the hardware model and manufacturer are known? A. Replay attack B. Denial of service (DoS) C. Privilege escalation D. Default passwords Answer: D
QUESTION NO: 93
A technician is implementing a new wireless network for an organization. The technician should be concerned with all of the following wireless vulnerabilities EXCEPT: A. rogue access points. B. 80211 mode. C. weak encryption. D. SSID broadcasts. Answer: B
Which of the following tools will allow the technician to find all open ports on the network? A. Performance monitor B. Protocol analyzer C. Router ACL D. Network scanner Answer: D
QUESTION NO: 95 An organization is installing new servers into their infrastructure. A technician is responsible for making sure that all new servers meet security requirements for uptime. In which of the following is "Pass Any Exam. Any Time." - www.actualtests.com 28
Ac
QUESTION NO: 94
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam the availability requirements identified? A. Service level agreement B. Performance baseline C. Device manufacturer documentation D. Security template Answer: A
QUESTION NO: 96 After issuance a technician becomes aware that some keys were issued to individuals who are not authorized to use them. Which of the following should the technician use to correct this problem? A. Recovery agent B. Certificate revocation list C. Key escrow D. Public key recovery Answer: B
Password crackers are generally used by malicious attackers to: A. verify system access. B. facilitate penetration testing. C. gain system access. D. sniff network passwords. Answer: C
QUESTION NO: 98 Which of the following properly describes penetration testing? A. Penetration tests are generally used to scan the network and identify open ports. B. Penetration tests are generally used to map the network and grab banners. C. Penetration tests are generally used to exploit a weakness without permission and show how an attacker might compromise a system. D. Penetration tests are generally used to demonstrate a weakness in a system and then provide documentation on the weakness. "Pass Any Exam. Any Time." - www.actualtests.com 29
Ac
tua
lTe
QUESTION NO: 97
sts
.co
QUESTION NO: 99 Which of the following should a technician review when a user is moved from one department to another? A. User access and rights B. Data storage and retention policies C. Users group policy D. Acceptable usage policy Answer: A
Which of the following is a reason to implement security logging on a DNS server? A. To monitor unauthorized zone transfers B. To measure the DNS server performance C. To perform penetration testing on the DNS server D. To control unauthorized DNSDoS Answer: A
A technician is rebuilding the infrastructure for an organization. The technician has been tasked with making sure that the virtualization technology is implemented securely. Which of the following is a concern when implementing virtualization technology? A. The technician should verify that the virtual servers are dual homed so that traffic is securely separated. B. The technician should verify that the virtual servers and the host have the latest service packs and patches applied. C. The technician should subnet the network so each virtual server is on a different network segment. D. The technician should perform penetration testing on all the virtual servers to monitor performance. Answer: B "Pass Any Exam. Any Time." - www.actualtests.com 30
Ac
tua
lTe
sts
.co
QUESTION NO: 102 A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request? A. Enforce Kerberos B. Deploy smart cards C. Time of day restrictions D. Access control lists Answer: C
How would a technician implement a security patch in an enterprise environment? A. Download the patch from the vendors secure website and install it on the most vulnerable workstation. B. Download the patch from the vendors secure website, test the patch and install it on all workstations. C. Download the patch from the vendors secure website and install it as needed. D. Download the patch from the Internet, test the patch and install it on all of the productionservers.WBerlin Sans Answer: B
QUESTION NO: 104 Which of the following is considered the weakest encryption? A. AES B. DES C. SHA D. RSA Answer: B
Ac
tua
lTe
sts
.co
31
CompTIA SY0-201: Practice Exam QUESTION NO: 105 Which of the following encryption schemes is the public key infrastructure based on? A. Quantum B. Elliptical curve C. Asymmetric D. Symmetric Answer: C
QUESTION NO: 106 Which of the following BEST describes the term war driving? A. Driving from point to point with a laptop and an antenna to find unsecured wireless access points. B. Driving from point to point with a wireless scanner to read other users emails through the access point. C. Driving from point to point with a wireless network card and hacking into unsecured wireless access points. D. Driving from point to point with a wireless scanner to use unsecured access points. Answer: A
Which of the following statements BEST describes the implicit deny concept? A. Blocks everything and only allows privileges based on job description B. Blocks everything and only allows explicitly granted permissions C. Blocks everything and only allows the minimal required privileges D. Blocks everything and allows the maximum level of permissions Answer: B
QUESTION NO: 108 When is the BEST time to update antivirus definitions? A. At least once a week as part of system maintenance B. As the definitions become available from the vendor "Pass Any Exam. Any Time." - www.actualtests.com 32
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam C. When a new virus is discovered on the system D. When an attack occurs on the network Answer: B
QUESTION NO: 109 Why would a technician use a password cracker? A. To look for weak passwords on the network B. To changea users passwords when they leave the company C. To enforce password complexity requirements D. To change users passwords if they have forgotten them
Answer: C
Which of the following is a true statement with regards to a NIDS? A. A NIDS monitors and analyzes network traffic for possible intrusions. B. A NIDS is installed on the proxy server. C. A NIDS prevents certain types of traffic from entering a network. D. A NIDS is normally installed on the email server. Answer: A
Ac
tua
A. Configure a rule in eachusers router and restart the router. B. Configure rules on the users host and restart the host. C. Install an anti-spam filter on the domain mail servers and filter the email address. D. Install an ACL on the firewall to block traffic from the sender and filter the IP address.
lTe
sts
Users on a network report that they are receiving unsolicited emails from an email address that does not change. Which of the following steps should be taken to stop this from occurring?
.co
Answer: A
33
CompTIA SY0-201: Practice Exam A technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which of the following will help determine the amount of CPU cycles that are being consumed? A. Install HIDS to determine the CPU usage. B. Run performance monitor to evaluate the CPU usage. C. Install malware scanning software. D. Use a protocol analyzer to find the cause of the traffic. Answer: B
QUESTION NO: 113 Which of the following are characteristics of a hash function? (Select TWO). A. One-way B. Encrypts a connection C. Ensures data can be easily decrypted D. Fixed length output E. Requires a key Answer: A,D
Which of the following is the MOST secure alternative for administrative access to a router? A. SSH B. Telnet C. rlogin D. HTTP Answer: A
QUESTION NO: 115 Which of the following might an attacker resort to in order to recover discarded company documents? A. Phishing B. Insider theft
Ac
tua
lTe
sts
.co
34
QUESTION NO: 116 Which of the following creates a security buffer zone between two rooms? A. Mantrap B. DMZ C. Turnstile D. Anti-pass back
Answer: B
Kerberos uses which of the following trusted entities to issue tickets? A. Ticket Granting System B. Certificate Authority C. Internet Key Exchange D. Key Distribution Center Answer: D
Ac
tua
lTe
sts
Which of the following tools would be used to review network traffic for clear text passwords?
.co
Answer: A
35
CompTIA SY0-201: Practice Exam Which of the following specifies a set of consistent requirements for a workstation or server? A. Vulnerability assessment B. Imaging software C. Patch management D. Configuration baseline Answer: D
QUESTION NO: 120 A companys website allows customers to search for a product and display the current price and quantity available of each product from the production database. Which of the following would invalidate an SQL injection attack launched from the lookup field at the web server level? A. Security template B. Buffer overflow protection C. NIPS D. Input validation Answer: D
QUESTION NO: 122 A smurf attack is an example of which of the following threats? A. ARP Poisoning B. DoS C. TCP/IP Hijacking
Ac
tua
Which of the following virtual machine components monitors and manages the various virtual instances?
lTe
sts
.co
36
QUESTION NO: 123 Which of the following is the BEST tool for allowing users to go to approved business-related websites only? A. Internet content filter B. Firewall C. ACL D. Caching server
Answer: D
An unauthorized user intercepted a users password and used this information to obtain the companys administrator password. The unauthorized user can use the administrators password to access sensitive information pertaining to client data. Which of the following is this an example of? A. Session hijacking B. Least privilege C. Privilege escalation D. Network address translation Answer: C
Ac
tua
lTe
A. Provides additional resources for testing B. Provides real-time access to all system processes C. Provides a read-only area for executing code D. Provides a restricted environment for executing code
sts
.co
Answer: A
37
CompTIA SY0-201: Practice Exam QUESTION NO: 126 Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO). A. Disable the USB root hub within the OS. B. Install anti-virus software on the USB drives. C. Disable USB within the workstations BIOS. D. Apply the concept of least privilege to USB devices. E. Run spyware detection against all workstations. Answer: A,C
Answer: B
After registering an email address on a website, a user starts receiving messages from unknown sources. The email account is new, and therefore the user is concerneD. This type of message traffic is referred to as: A. instant messagetraffiC. B. SPIM. C. S/MIME. D. spam. Answer: D
Ac
tua
lTe
A. Take screen shots of the configuration options. B. Create an image from the OS install. C. Create a boot disk for the operating system. D. Implement OS hardening procedures.
sts
.co
An administrator has developed an OS install that will implement the tightest security controls possible. In order to quickly replicate these controls on all systems, which of the following should be established?
CompTIA SY0-201: Practice Exam A technician is testing the security of a new database application with a website front-end. The technician notices that when certain characters are input into the application it will crash the server. Which of the following does the technician need to do? A. Utilize SSL on the website B. Implement an ACL C. Lock-down the database D. Input validation Answer: D
QUESTION NO: 130 An administrator in a small office environment has implemented an IDS on the network perimeter to detect malicious traffic patterns. The administrator still has a concern about traffic inside the network originating between client workstations. Which of the following could be implemented? A. HIDS B. A VLAN C. A network router D. An access list Answer: A
QUESTION NO: 132 A company wants to host public servers on a new network. These servers will include a website and mail server.Which of the following should be implemented on the network to isolate these public hosts from "Pass Any Exam. Any Time." - www.actualtests.com 39
Ac
A user is redirected to a different website when the user requests the DNS record www.xyz.comptiA. com. Which of the following is this an example of?
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam the rest of the network? A. IPv6 B. IPSec C. DMZ D. VLAN Answer: C
QUESTION NO: 133 A user has decided that they do not want an internal LAN segment to use public IP addresses. The user wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the Internet. Which of the following does the user want to implement? A. IPSec B. NAT C. SSH D. SFTP Answer: B
QUESTION NO: 135 Which of the following is the primary purpose of a honeypot? A. Translate addresses at the perimeter B. To provide a decoy target on the network
Ac
tua
An administrator has been studying stateful packet inspection and wants to implement this security technique on the network. Which of the following devices could the administrator use to BEST utilize stateful packet inspection?
lTe
sts
.co
40
CompTIA SY0-201: Practice Exam C. Provide cryptography for the network D. Work as a network proxy Answer: B
QUESTION NO: 136 An administrator wants to ensure that that no equipment is damaged when there is a fire or false alarm in the server room. Which of the following type of fire suppression systems should be used? A. Carbon Dioxide B. Hydrogen Peroxide C. Wet pipe sprinkler D. Deluge sprinkler Answer: A
QUESTION NO: 137 Which of the following is a CRL composed of? A. Public Key Infrastructure (PKI) B. Expired or revoked certificates C. Certificate authorities D. Expired user accounts Answer: B
Which of the following is the primary purpose of a CA? A. LANMAN validation B. Encrypt data C. Kerberos authentication D. Issue private/public keys Answer: D
Ac
tua
lTe
sts
.co
41
CompTIA SY0-201: Practice Exam An administrator wants to replace telnet with a more secure protocol to manage a network device. Which of the following should be implemented on the network? A. SMTP B. SNMP C. SFTP D. SSH Answer: D
QUESTION NO: 140 A user is attempting to receive digitally signed and encrypted email messages from a remote office. Which of the following protocols does the system need to support? A. SMTP B. S/MIME C. ISAKMP D. IPSec Answer: B
QUESTION NO: 142 An administrator is implementing a public website and they want all client connections to the server to be encrypted via their web browser. Which of the following should be implemented?
Ac
An administrator does not want anyone to VPN from inside the network to a remote office or network. Which of the following protocols should be blocked outbound on the network?
tua
lTe
sts
.co
42
QUESTION NO: 143 Which of the following is MOST likely provided by asymmetric key cryptography? A. Performance B. A pre-shared key C. Kiting D. Confidentiality Answer: D
All of the following are symmetric key algorithms EXCEPT: A. ECC. B. Rijndael. C. 3DES. D. RC4 Answer: A
Which of the following is true about ECC algorithms? A. It is the algorithm used in PGP. B. It is implemented in portable devices. C. It is a private key algorithm. D. It is CPUintensivE. Answer: B
Ac
tua
lTe
sts
.co
43
CompTIA SY0-201: Practice Exam QUESTION NO: 146 Which of the following is a way to encrypt session keys using SSL? A. Session keys are sentunencrypteD. B. Session keys are encrypted using an asymmetric algorithm. C. Session keys are sent in clear text because they are private keys. D. Session keys are encrypted using a symmetric algorithm. Answer: B
QUESTION NO: 147 Which of the following can reduce the risk associated with password guessing attacks? (Select TWO). A. Implement single sign-on. B. Implement shared passwords. C. Implement account-lockout thresholds. D. Implement shadow passwords. E. Implement stronger password complexity policies.
Which of the following is a common practice in forensic investigation? A. Performing aGutman sanitization of the drive B. Performing a binary copy of the systems storage media C. Performing a file level copy of the systems storage media D. Performing a sanitization of the drive Answer: B
QUESTION NO: 149 Which of the following is done to ensure appropriate personnel have access to systems and networks? (Select TWO). A. Conduct periodic penetration testing assessments. B. Conduct periodic personnel employment verifications. "Pass Any Exam. Any Time." - www.actualtests.com 44
Ac
tua
lTe
Answer: C,E
sts
.co
CompTIA SY0-201: Practice Exam C. Conduct rights review of users and groups. D. Conduct virus scan. E. Conduct vulnerability assessments. Answer: B,C
QUESTION NO: 150 Antivirus software products detect malware by comparing the characteristics of known instances against which of the following type of file sets? A. Signature B. Text C. NIDS signature D. Dynamic Library Answer: A
Answer: A
QUESTION NO: 152 Which of the following is the BEST process of removing PII data from a disk drive before reuse? A. Destruction B. Sanitization C. Reformatting D. Degaussing Answer: B
Ac
tua
lTe
Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment?
sts
.co
45
CompTIA SY0-201: Practice Exam QUESTION NO: 153 When assigning permissions, which of the following concepts should be applied to enable a person to perform their job task? A. Rule based B. Discretionary access control (DAC) C. Least privilege D. Role based Answer: C
Users do not want to enter credentials to each server or application to conduct their normal work. Which of the following type of strategies will resolve this issue? A. Smart card B. Two-factor authentication C. Biometrics D. SSO Answer: D
QUESTION NO: 156 A user was trying to update an open file but when they tried to access the file they were denied. Which of the following would explain why the user could not access the file? A. Audit only access "Pass Any Exam. Any Time." - www.actualtests.com 46
Ac
tua
lTe
Answer: A
sts
.co
While conducting a review of the system logs, a user had attempted to log onto the network over 250 times. Which of the following type of attacks is MOST likely occurring?
CompTIA SY0-201: Practice Exam B. Execute only access C. Rights are not set correctly D. Write only access Answer: C
QUESTION NO: 157 Accessing a system or application using permissions from another users account is a form of which of the following? A. Phishing B. Domain kiting C. ARP spoofing D. Privilege escalation Answer: D
Which of the following is an important reason for password protecting the BIOS? A. To maintain password complexity requirements B. To prevent system start-up without knowing the password C. To keep a user from changing the boot order of the system D. To keep a virus from overwriting the BIOS Answer: C
Which of the following is a software bundle containing multiple security fixes? A. Patch management B. Ahotfix C. Service pack D. A patch Answer: C
Ac
tua
lTe
sts
.co
47
CompTIA SY0-201: Practice Exam QUESTION NO: 160 A company uses a policy of assigning passwords to users, by default the passwords are based off of the word $ervicexx, where xx is the last two numbers of the users cell phone number. The users are not required to change this password. Which of the following is this an example of? A. Default accounts B. Known plain text C. Back door D. Weak passwords Answer: D
QUESTION NO: 161 Which of the following is an installable package that includes several patches from the same vendor for various applications? A. Hotfix B. Patch template C. Service pack D. Patch rollup Answer: C
A. Have a solid acceptable use policy in place with a click through banner. B. Provide thorough and frequent user awareness training. C. Haveuser sign both the acceptable use policy and security based HR policy. D. Provide a service level agreement that addresses social engineering issues. Answer: B
QUESTION NO: 163 The RAS logs on a server show 100 errors in a two minute time period from an attempt to access an account. The error log shows unknown username or password. Which of the following is this an example of? "Pass Any Exam. Any Time." - www.actualtests.com 48
Ac
Which of the following is a best practice to prevent users from being vulnerable to social engineering?
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam A. The local firewall is blocking GRE packets. B. An unauthorized attempt to access the server. C. The end users ISPis having issues with packet loss. D. One of the users forgot their password and kept trying to login. Answer: B
QUESTION NO: 164 An administrator notices that former temporary employees accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening? A. Run a last logon script to look for inactive accounts. B. Implement an account expiration date for temporary employees. C. Implement a password expiration policy. D. Implement time of day restrictions for all temporary employees. Answer: B
Answer: B
QUESTION NO: 166 Which of the following is a collection of patches? A. A security template B. A service pack C. A securityhotfix D. A security baseline Answer: B
Ac
tua
A. Diffusion of the core light source B. Data emanation from the core C. Crosstalk between the wire pairs D. Refraction of the signal
lTe
Which of the following is the primary security risk with coaxial cable?
sts
.co
49
CompTIA SY0-201: Practice Exam QUESTION NO: 167 Which of the following would allow an administrator to find weak passwords on the network? A. A networkmapper B. A hash function C. A password generator D. A rainbow table Answer: D
QUESTION NO: 168 Which of the following is the BEST place where the disaster recovery plan should be kept? A. Printed out and kept in the desk of the CIO B. At multiple offsite locations C. Multiple copies printed out and kept in the server room D. On the network file server Answer: B
Which of the following is established immediately upon evidence seizure? A. Start the incident respond plan B. Damage and loss control C. Chain of custody D. Forensic analysis Answer: C
QUESTION NO: 170 Which of the following is a required privilege that an administrator must have in order to restore a public/private key set on a certificate authority (CA)? A. Recovery agent B. Registration authority C. Domain administrator D. Group administrator "Pass Any Exam. Any Time." - www.actualtests.com 50
Ac
tua
lTe
sts
.co
QUESTION NO: 171 Which of the following algorithms have the smallest key space? A. IDEA B. SHA-1 C. AES D. DES Answer: D
Answer: A
Which of the following requires a common pre-shared key before communication can begin? A. Public key infrastructure B. Symmetric key cryptography C. Secure hashing algorithm D. Asymmetric key cryptography Answer: B
QUESTION NO: 174 Which of the following provides the MOST comprehensive redundancy for an entire site with the least downtime?
Ac
tua
lTe
sts
.co
51
CompTIA SY0-201: Practice Exam A. A warm site B. A cold site C. A mobile site D. A hot site Answer: D
QUESTION NO: 175 Which of the following allows devices attached to the same switch to have separate broadcast domains? A. NAT B. DMZ C. NAC D. VLAN Answer: D
Answer: B
QUESTION NO: 177 When dealing with a 10BASE5 network, which of the following is the MOST likely security risk? A. An incorrect VLAN B. SSID broadcasting C. A repeater D. A vampire tap Answer: D
Ac
tua
lTe
Which of the following allows for notification when a hacking attempt is discovered?
sts
.co
52
CompTIA SY0-201: Practice Exam QUESTION NO: 178 Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem? A. A vulnerability scanner B. Security baselines C. A port scanner D. Group policy Answer: A
Answer: D
Which of the following uses a key ring? A. AES B. DES C. PGP D. RSA Answer: C
QUESTION NO: 181 Which of the following allows for the highest level of security at time of login? A. Single sign-on B. Two-factor authentication C. One-factor authentication D. NTLMv2 "Pass Any Exam. Any Time." - www.actualtests.com 53
Ac
tua
lTe
sts
.co
Which of the following allows for proof that a certain person sent a particular email?
QUESTION NO: 182 Sending a patch through a testing and approval process is an example of which of the following? A. Disaster planning B. Change management C. Acceptable use policies D. User education and awareness training Answer: B
Answer: D
Which of the following would use a group of bots to stop a web server from accepting new requests? A. DoS B. DDoS C. MAC D. ARP Answer: B
QUESTION NO: 185 Which of the following is the MOST likely to generate static electricity?
Ac
tua
lTe
sts
.co
Sending continuous TCP requests to a device and ignoring the return information until the device ceases to accept new connections is an example of which of the following?
54
CompTIA SY0-201: Practice Exam A. Low humidity and high temperature B. High humidity and low temperature C. Low humidity and low temperature D. High humidity and high temperature Answer: A
QUESTION NO: 186 Using an asymmetric key cryptography system, where can a technician generate the key pairs? A. A certificate authority B. IETF C. A key escrow service D. A recovery agent Answer: A
Which of the following media is the LEAST likely to be successfully tapped into? A. Unshielded twisted pair cable B. Coaxial cable C. Fiber optic cable D. Shielded twisted pair cable Answer: C
Which of the following allows a person to find public wireless access points? A. Weak encryption B. 8021x C. SSID broadcast D. Data emanation Answer: C
Ac
tua
lTe
sts
.co
55
CompTIA SY0-201: Practice Exam QUESTION NO: 189 Which of the following allows a file to have different security permissions for users that have the same roles or user groups? A. Mandatory Access Control (MAC) B. Role-Based Access Control (RBAC) C. Discretionary Access Control (DAC) D. Rule-Based Access Control (RBAC) Answer: C
Answer: D
A company decides that the purchasing agent and the accounts receivable agent should exchange positions in order to allow for more oversight of past transactions. Which of the following is this an example of? A. Least privilege B. Implicit deny C. Separation of duties D. Job rotation Answer: D
QUESTION NO: 192 A user complains that the color laser printer continuously gives an access denied message while attempting to print a text document. The administrator logs onto the PC and prints successfully. Which of the following should the administrator check FIRST?
Ac
tua
lTe
sts
.co
A DMZ has a fake network that a hacker is attacking. Which of the following is this an example of?
56
CompTIA SY0-201: Practice Exam A. That the printer has the correct size of paper in each of the trays B. That the toner should be changed in the printer C. That the user has sufficient rights to print to the printer D. That the user is attempting to print to the correct printer tray Answer: C
QUESTION NO: 193 Which of the following uses a sandbox to manage a programs ability to access system resources? A. Java B. ActiveX C. JavaScript D. Cold Fusion Answer: A
Which of the following allows a technician to view the security permissions of a file? A. The access control list B. The security baseline C. The data emanation D. The local security template Answer: A
A user is denied access to a file. The user had access to the file yesterday. Which of the following is the FIRST action for the technician to take? A. Deny the users request and forward to the human resources department. B. Reboot the system. C. Verify that theusers permissions are correct. D. Grant access to the file. Answer: C
Ac
tua
lTe
sts
.co
57
CompTIA SY0-201: Practice Exam QUESTION NO: 196 A user is convinced that someone is attempting to use their user account at night. Which of the following should an administrator check FIRST in order to prove or disprove this claim? A. The IDS logs B. The security application logs C. The local security logs D. The firewall logs Answer: C
QUESTION NO: 197 A user reports that a web based application is not working after a browser upgrade. Before the upgrade, a login box would appear on the screen and disappear after login. The login box does not appear after the upgrade. Which of the following BEST describes what to check FIRST? A. That the software based firewall application trusts this site B. That the pop-up blocker application trusts this site C. That the antivirus application trusts this site D. That the anti-spam application trusts this site Answer: B
A. The firewall logs B. The DNS logs C. The access logs D. The performance logs Answer: A
QUESTION NO: 199 A user needs to verify that a patch file downloaded from a third party has not been modified since the time that the original manufacturer released the patch. Which of the following is the BEST way to verify that the file has not been modified? "Pass Any Exam. Any Time." - www.actualtests.com 58
Ac
An intrusion has been detected on a company's network from the Internet. Which of the following should be checked FIRST?
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam A. Compare the final MD5 hash with the original. B. Download the patch file over an AES encrypted VPN connection. C. Compare the final LANMAN hash with the original. D. Download the patch file through a SSL connection. Answer: A
QUESTION NO: 200 A technician suspects that one of the network cards on the internal LAN is causing a broadcast storm. Which of the following would BEST diagnose which NIC is causing this problem? A. The NIDS log file B. A protocol analyzer C. The local security log file D. The local firewall log file Answer: B
Answer: A
QUESTION NO: 202 A company needs to have multiple servers running low CPU utilization applications. Which of the following is the MOST cost efficient method for accomplishing this? A. Install multiple high end servers, sharing a clustered network operating system. B. Install a single low end server, running multiple virtual servers. C. Install a single high end server, running multiple virtual servers. D. Install multiple low end servers, each running a network operating system.
Ac
A. Explain how easy it is for a hacker to crack weak passwords. B. Show the user a domain overview, including a list of weak passwords. C. Refer the user to a strong password demonstrator. D. Ask the user to review the corporate policies and procedures manual.
tua
lTe
A user does not understand why the domain password policy is so stringent. Which of the following BEST demonstrates the security basis for the password policy?
sts
.co
59
QUESTION NO: 203 A programmer creates an application to accept data from a websitE. A user places more information than the program expects in the input field resulting in the back end database placing the extra information into the databasE. Which of the following is this an example of? A. Java input error B. Cross-site scripting C. Buffer overflow D. SQL injection Answer: D
Answer: C
A developer added code to a financial system designed to transfer money to a foreign bank account on a specific time and date. The code would activate only if human resources processed the developers termination papers. The developer implemented which of the following security threats? A. Logic bomb B. Rootkit C. Botnet D. Privilege escalation Answer: A
Ac
tua
lTe
sts
Which of the following security threats is MOST commonly associated with a targeted distributed denial of service (DDoS)?
.co
60
CompTIA SY0-201: Practice Exam QUESTION NO: 206 A CEO is concerned about staff browsing inappropriate material on the Internet via HTTPS. It has been suggested that the company purchase a product which could decrypt the SSL session, scan the content and then repackage the SSL session without staff knowing. Which of the following type of attacks is similar to this product? A. Replay B. Spoofing C. TCP/IP hijacking D. Man-in-the-middle Answer: D
Answer: A
A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protecteD. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If determining the risk, which of the following is the annual loss expectancy (ALE)? A. $2,700 B. $4,500 C. $5,000 D. $7,290b "Pass Any Exam. Any Time." - www.actualtests.com 61
Ac
tua
lTe
A. Accept the risk B. Mitigate the risk C. Reject the risk D. Run a new risk assessment
sts
.co
After a system risk assessment was performed it was found that the cost to mitigate the risk was higher than the expected loss if the risk was actualized. In this instance, which of the following is the BEST course of action?
QUESTION NO: 209 A technician is deciding between implementing a HIDS on the database server or implementing a NIDS. Which of the following are reasons why a NIDS may be better to implement? (Select TWO). A. Many HIDS require frequent patches and updates. B. Many HIDS are not able to detect network attacks. C. Many HIDS have a negative impact on systemperformancE. D. Many HIDS only offer a low level of detection granularity. E. Many HIDS are not good at detecting attacks on database servers. Answer: B,C
Answer: D
Virtualized applications, such as virtualized browsers, are capable of protecting the underlying operating system from which of the following? A. Malware installation from suspects Internet sites B. Man-in-the-middle attacks C. Phishing and spam attacks D. DDoS attacks against the underlying OS Answer: A
Ac
tua
lTe
A. Remote access user connecting via SSL VPN B. Office laptop connected to the enterprise LAN C. Remote access user connecting via corporate dial-in server D. Office laptop connected to a homeusers network
sts
Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a laptop?
.co
CompTIA SY0-201: Practice Exam A flat or simple role-based access control (RBAC) embodies which of the following principles? A. Users assigned to roles, permissions are assigned to groups, controls applied to groups and permissions acquired by controls B. Users assigned permissions, roles assigned to groups and users acquire additional permissions by being a member of a group C. Roles applied to groups, users assigned to groups and users acquire permissions by being a member of the group D. Users assigned to roles, permissions are assigned to roles and users acquire permissions by being a member of the role Answer: D
QUESTION NO: 213 A number of unauthorized staff has been entering the data center by piggybacking authorized staff. The CIO has mandated that this behavior stops. Which of the following is the BEST technology to install at the data center to prevent piggybacking? A. Mantrap B. Security badges C. Hardware locks D. Token access Answer: A
Which of the following is a security threat that hides its processes and files from being easily detected? A. Trojan B. Adware C. Worm D. Rootkit Answer: D
QUESTION NO: 215 Security templates are used for which of the following purposes? (Select TWO). "Pass Any Exam. Any Time." - www.actualtests.com 63
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam A. To ensure that email is encrypted by users of PGP B. To ensure that PKI will work properly within thecompanys trust model C. To ensure that performance is standardized across all servers D. To ensure that all servers start from a common security configuration E. To ensure that servers are in compliance with the corporate security policy Answer: D,E
QUESTION NO: 216 Frequent signature updates are required by which of the following security applications? (Select TWO). A. Antivirus B. PGP C. Firewall D. PKI E. IDS Answer: A,E
A. The frequency of signature updates B. The ability to scan encrypted files C. The availability of application programming interface D. The number of emails that can be scanned E. The number of viruses the software can detect Answer: A,E
QUESTION NO: 218 Three generally accepted activities of patch management are: determining which patches are needed, applying the patches and which of the following? A. Updating the firewall configuration to include the patches B. Running a NIDS report to list the remaining vulnerabilities "Pass Any Exam. Any Time." - www.actualtests.com 64
Ac
tua
When choosing an antivirus product, which of the following are the MOST important security considerations? (Select TWO).
lTe
sts
.co
CompTIA SY0-201: Practice Exam C. Auditing for the successful application of the patches D. Backing up the patch file executables to a network share Answer: C
QUESTION NO: 219 In which of the following situations would it be appropriate to install a hotfix? A. A patch in a service pack fixes the issue, but too many extra patches areincludeD. B. A patch is not available and workarounds do not correct the problem. C. A patch is available, but has not yet been tested in a production environment. D. A patch is too large to be distributed via a remote deployment tool.
Answer: C
If an administrator does not have a NIDS examining network traffic, which of the following could be used to identify an active attack? A. Protocol analyzer B. Penetration testing tool C. Networkmapper D. Vulnerability scanner Answer: A
Ac
tua
lTe
sts
Social engineering, password cracking and vulnerability exploitation are examples of which of the following?
.co
Answer: B
65
CompTIA SY0-201: Practice Exam QUESTION NO: 222 Configuration baselines should be taken at which of the following stages in the deployment of a new system? A. Before initial configuration B. Before loading the OS C. After a user logs in D. After initial configuration Answer: D
Answer: B
Which of the following is a mechanism that prevents electromagnetic emanations from being captured? A. Install a repeater B. Uninterruptible power supply (UPS) C. Faraday cage D. Disable SSID broadcast Answer: C
QUESTION NO: 225 Which of the following describes the difference between a secure cipher and a secure hash? A. A hash produces a variable output for any input size, a cipher does not. B. A cipher produces the same size output for any input size, a hash does not. C. A cipher can be reversed, a hash cannot. "Pass Any Exam. Any Time." - www.actualtests.com 66
Ac
tua
lTe
sts
A. Log on only as the administrator. B. Install only neededsoftwarE. C. Check the logs regularly. D. Report all security incidents.
.co
Which of the following practices should be implemented to harden workstations and servers?
CompTIA SY0-201: Practice Exam D. A hash can be reversed, a cipher cannot. Answer: C
QUESTION NO: 226 Which of the following physical threats is prevented with mantraps? A. Piggybacking B. Social engineering C. Dumpster diving D. Shoulder surfing Answer: A
Which of the following BEST describes the differences between SHA-1 and MD5? A. MD5 produces variable length message digests. B. SHA-1 produces few collisions than MD5 C. MD5 produces few collisions than SHA-1 D. SHA-1 produces fixed length message digests. Answer: B
Which of the following BEST applies in the secure disposal of computers? A. Computers must be configured for automated patch management. B. Computer media must besanitizeD. C. Default passwords must be changedoncE. D. Computers must be tested against known TCP/IP vulnerabilities. Answer: B
QUESTION NO: 229 Which of the following BEST describes the differences between RADIUS and TACACS?
Ac
tua
lTe
sts
.co
67
CompTIA SY0-201: Practice Exam A. TACACS separates authentication, authorization and auditing capabilities. B. TACACS is a remote access authenticationservicE. C. RADIUS is a remote access authenticationservicE. D. RADIUS separates authentication, authorization and auditing capabilities. Answer: A
QUESTION NO: 230 Which of the following BEST describes the differences between RADIUS and TACACS? A. RADIUS encrypts client-server negotiation dialog. B. RADIUS is a remote access authentication service. C. TACACS encrypts client-server negotiation dialog. D. TACACS is a remote access authentication service. Answer: C
Which of the following authentication mechanisms performs better in a secure environment? A. RADIUS because it is a remote access authentication service. B. TACACS because it encrypts client-server negotiation dialogs. C. RADIUS because it encrypts client-server passwords. D. TACACS because it is a remote access authentication service. Answer: B
To evaluate the security compliance of a group of servers against best practices, which of the following BEST applies? A. Get a patch management report. B. Conduct a penetration test. C. Run a vulnerability assessment tool. D. Install a protocol analyzer. Answer: C
Ac
tua
lTe
sts
.co
68
CompTIA SY0-201: Practice Exam QUESTION NO: 233 Which of the following is a problem MOST often associated with UTP cable? A. Fuzzing B. Vampire tap C. Crosstalk D. Refraction Answer: C
QUESTION NO: 234 An administrator notices on the monthly firewall log that many of the internal PCs are sending packets on a routine basis to a single external PC. Which of the following BEST describes what is occurring? A. The remote PC has a spam slave application running and the local PCs have a spam master application running. B. The remote PC has a zombie master application running and the local PCs have a zombie slave application running. C. The remote PC has a spam master application running and the local PCs have a spam slave application running. D. The remote PC has a zombie slave application running and the local PCs have a zombie master application running. Answer: B
An administrator notices that a PC is sending an unusual amount of email at odd times of the day. Which of the following should the administrator check for FIRST? A. A S/MIME buffer overflow B. A POP3 protocol exception C. DNS poisoning D. A SMTP open relay Answer: D
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam Which of the following would a password cracker help an administrator to find? A. Weak passwords B. Expired passwords C. Locked passwords D. Backdoor passwords Answer: A
QUESTION NO: 237 Which of the following is setup within a router? A. ARP B. DMZ C. OVAL D. DDoS Answer: B
Which of the following would BEST allow for fast, highly secure encryption of a USB flash drive? A. SHA-1 B. MD5 C. 3DES D. AES256 Answer: D
QUESTION NO: 239 When is the correct time to discuss the appropriate use of electronic devices with a new employee? A. At time of hire B. At time of first correspondence C. At time of departure D. At time of first system login Answer: A "Pass Any Exam. Any Time." - www.actualtests.com 70
Ac
tua
lTe
sts
.co
QUESTION NO: 240 Which of the following could BEST assist in the recovery of a crashed hard drive? A. Forensics software B. Drive optimization C. Drive sanitization D. Damage and loss control Answer: A
QUESTION NO: 241 Which of the following facilitates the creation of an unencrypted tunnel between two devices? A. AES B. HTTPS C. L2TP D. PPTP Answer: C
Which of the following allows for a secure connection to be made through a web browser? A. L2TP B. SSH C. SSL D. HTTP Answer: C
QUESTION NO: 243 Which of the following is the BEST order in which crucial equipment should draw power? A. Uninterruptible Power Supply (UPS) battery, UPS line conditioner, backup generator B. Backup generator, UPS line conditioner, UPS battery
Ac
tua
lTe
sts
.co
71
CompTIA SY0-201: Practice Exam C. Backup generator, UPS battery, UPS line conditioner D. UPS line conditioner, UPS battery, and backup generator Answer: D
QUESTION NO: 244 Which of the following would require a pre-sharing of information before a home user could attach to a neighbors wireless adapter? A. Anonymous connections enabled B. SSID broadcasting disabled C. SSID broadcasting enabled D. Encryption disabled Answer: B
Which of the following would BEST allow an administrator to quickly find a rogue server on the network? A. Review security access logs B. A networkmapper C. A protocol analyzer D. Review DNS logs Answer: B
Which of the following would BEST allow an administrator to quickly find a PC with a blank database administrator password? A. Protocol analyzer B. Vulnerability scanner C. Rainbow tables D. Security access logs Answer: B
Ac
tua
lTe
sts
.co
72
CompTIA SY0-201: Practice Exam QUESTION NO: 247 An administrator is backing up all server data nightly to a local NAS devicE. Which of the following additional steps should the administrator take for protection from disaster in the case the primary site is permanently lost? A. Backup all data at a preset interval to tape and store those tapes at a sister site across the street. B. Backup all data at a preset interval to tape and store those tapes at a sister site in another city. C. Backup all data at a preset interval to removable disk and store the disk in a safety deposit box at theadministrators homE. D. Backup all data at a preset interval to removable disk and store the disk in a fireproof safe in the buildings basement. Answer: B
Which of the following is the MOST intrusive on a network? A. Penetration testing B. Protocol analyzers C. Port scanners D. Vulnerability testing Answer: A
A single sign-on requires which of the following? A. Multifactor authentication B. One-factor authentication C. A trust model between workstations D. A unified trust model Answer: D
QUESTION NO: 250 All of the following are where backup tapes should be kept EXCEPT:
Ac
tua
lTe
sts
.co
73
CompTIA SY0-201: Practice Exam A. near a fiber optic cable entrance. B. near a shared LCD screen. C. near a power line. D. near a high end server. Answer: C
QUESTION NO: 251 All of the following require periodic updates to stay accurate EXCEPT: A. signature based HIDS. B. pop-up blocker applications. C. antivirus applications. D. rootkit detection applications. Answer: B
Which of the following is the quickest method to create a secure test server for a programmer? A. Install a network operating system on new equipment. B. Create a virtual server on existing equipment. C. Install a network operating system on existing equipment. D. Create a virtual server on new equipment. Answer: B
Which of the following is a collection of fixes for an application or operating system that has been tested by the vendor? A. A security template B. A service pack C. A patch D. Ahotfix Answer: B
Ac
tua
lTe
sts
.co
74
CompTIA SY0-201: Practice Exam QUESTION NO: 254 Which of the following usually applies specifically to a web browser? A. Antivirus B. Pop-up blocker C. Anti-spyware D. Personal software firewall Answer: B
QUESTION NO: 255 Pre-shared keys apply to which of the following? A. CA B. PGP C. TPM D. Digital signature Answer: B
Which of the following is a risk associated with a virtual server? A. If the physical server crashes, all of the local virtual servers go offline immediately. B. If the physical server crashes, all of the physical servers nearby go offline immediately. C. If a virtual server crashes, all of the virtual servers go offline immediately. D. If a virtual server crashes, all of the physical servers go offline immediately. Answer: A
QUESTION NO: 257 Which of the following exploits is only triggered by a specific date or time key? A. Trojan B. Worm C. Botnet D. Logic bomb
Ac
tua
lTe
sts
.co
75
QUESTION NO: 258 Threats to a network could include: (Select TWO) A. penetration testing. B. network audits. C. disgruntled employees. D. dial-up access. E. disabled user accounts. Answer: C,D
An antivirus server keeps flagging an approved application that the marketing department has installed on their local computers as a threat. This is an example of: A. false negative. B. false positive. C. true negative. D. true positive. Answer: B
A vendor releases an application update to a recent service pack that addresses problems being experienced by some end users. This update would be considered a: A. hotfix. B. patch. C. service pack rollup. D. service pack. Answer: A
Ac
tua
lTe
sts
.co
76
CompTIA SY0-201: Practice Exam A technician is working on an end users desktop which has been having performance issues. The technician notices there seems to be a lot of activity on the NIC. A good tool to quickly check the current network connections of the desktop would be: A. netops. B. lanman. C. netstat. D. ipconfig /all. Answer: C
QUESTION NO: 262 A company has an issue with field users logging into VPN to connect to the mail server, and leaving their computers connected while in public places. The administrator needs to prevent both unauthorized access to the company email and data, and limit the impact on the VPN server. Which of the following BEST achieves this goal? A. Set VPN to disconnect after five minutes of inactivity. B. Use registry settings to lock computers after five minutes of inactivity, and limit VPN connections to two hours. C. Use group policy to lock computers after five minutes of inactivity, and limit VPN connections to one hour. D. Provide web mail access to all users.
The service provided by message authentication code (MAC) hash is: A. fault tolerance. B. key recovery. C. data recovery. D. integrity. Answer: D
QUESTION NO: 264 An administrator is running a network monitoring application that looks for behaviors on the network outside the standard baseline that has been established. This is typical of a(n): "Pass Any Exam. Any Time." - www.actualtests.com 77
Ac
tua
Answer: C
lTe
sts
.co
CompTIA SY0-201: Practice Exam A. signature-based tool. B. protocol analyzer. C. honeynet. D. anomaly-based tool. Answer: D
QUESTION NO: 265 Some examples of hardening techniques include all of the following EXCEPT: A. applying security templates. B. running weekly spyware applications. C. network-based patch management. D. disabling all non-required services. Answer: B
Answer: C
QUESTION NO: 267 A CRL contains a list of which of the following type of keys? A. Both public and private keys B. Steganographic keys C. Private keys D. Public keys Answer: A
Ac
A. upgrade to a DNS based filter to achieve the desired result. B. use the company AUP to achieve the desired result. C. upgrade to a URL based filter to achieve the desired result. D. upgrade to a text based filter to achieve the desired result.
tua
lTe
An administrator wants to block users from accessing a few inappropriate websites as soon as possible. The existing firewall allows blocking by IP address. To achieve this goal the administrator will need to:
sts
.co
78
QUESTION NO: 268 A user logs into their network with a smart carD. Which of the following keys is used? A. Cipher key B. Shared key C. Public key D. Privatekey Answer: D
QUESTION NO: 269 An administrator wants to ensure that when an employee leaves the company permanently, that the company will have access to their private keys. Which of the following will accomplish this? A. Store the keys in escrow. B. Immediately delete the account. C. Store them in a CRL. D. Obtain the employees hardware token. Answer: A
A. Public key B. Cipher key C. Session key D. Recovery key E. Keylogger Answer: A,C
QUESTION NO: 271 A user is going to dispose of some old hard drives. Which of the following should the user do to the "Pass Any Exam. Any Time." - www.actualtests.com 79
Ac
When a server and workstation communicate via SSL, which of the following keys are being used? (Select TWO).
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam drives before disposing of them? A. Reformat the hard drivesoncE. B. Use a certified wipe program to erasedatA. C. Install antivirus on the drives. D. Run anti-spyware on the drives. Answer: B
QUESTION NO: 272 A user wants to implement very tight security controls for technicians that seek to enter the users datacenter. Which of the following solutions offers the BEST security controls? A. Combination locks and key locks B. Smartcard and proximity readers C. Magnetic lock and pin D. Biometric reader and smartcard Answer: D
Answer: C
QUESTION NO: 274 When using discretionary access control (DAC), who determines access and what privileges they have? A. User B. System C. Help desk
Ac
tua
Which of the following concepts, requires users and system processes to be assigned minimum levels of permission to carry out the assigned task?
lTe
sts
.co
80
QUESTION NO: 275 Which of the following is a security benefit of mandatory vacations? A. Least privilege B. Separation of duties C. Reducing stress D. Detecting fraud Answer: D
The data custodian in an organization is responsible for: A. recoverability of thedatA. B. classification of thedatA. C. completeness of thedatA. D. accuracy of thedatA. Answer: A
Which of the following organizational documentation describes how tasks or job functions should be conducted? A. Standards B. Guideline C. Policy D. Procedures Answer: D
Ac
tua
lTe
sts
.co
81
CompTIA SY0-201: Practice Exam Which of the following organizational documentation provides high level objectives that change infrequently? A. Standards B. Policy C. Procedures D. Guideline Answer: B
QUESTION NO: 279 Which of the following sites can be online the QUICKEST and does not require data restoration from backup media to ensure the production data is as current as possible? A. Mobile site B. Hot site C. Warm site D. Mirrored site Answer: D
QUESTION NO: 281 The primary function of risk management in an organization is to reduce risk to a level: A. where the ARO equals the SLE.
Ac
tua
Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE).
lTe
sts
.co
82
CompTIA SY0-201: Practice Exam B. the organization willmitigatE. C. where the ALE is lower than the SLE. D. the organization will accept. Answer: D
QUESTION NO: 282 Which of the following BEST describes risk analysis? A. Monitoring and acceptance B. Evaluation and assessment C. Assessment and eradication D. Mitigation and repudiation Answer: B
Answer: A
QUESTION NO: 284 Which of the following hashing techniques is commonly disabled to make password cracking more difficult? A. NTLM B. AES C. OVAL D. Kerberos "Pass Any Exam. Any Time." - www.actualtests.com 83
Ac
A. Compatibility of media and application systems B. Application systems and technical staff C. Compatibility and retention of data on the media D. Retention of data on the media
tua
lTe
A financial institution performed a risk assessment on the DLT backup system used to store customer account details. The main risk highlighted was the long-term retention of electronically stored datA. Which of the following is the MOST likely reason for the risk being raised?
sts
.co
QUESTION NO: 285 An organization has recently implemented a work from home program. Employees need to connect securely from home to the corporate network. Which of the following encryption technologies might BEST accomplish this? A. PPTP B. IPSec C. L2TP D. PPPoE Answer: B
Answer: A
Port 3535 is typically blocked for outbound traffic on a companys LAN. An end-user has recently purchased a legitimate business program that needs to make outbound calls using this port. Which of the following steps should a technician take to allow this? (Select TWO). A. Open the port on thecompanys proxy server. B. Open the port on thecompanys firewall. C. Change theusers subnet mask. D. Open the port on the users personal software firewall. E. Open the port on the VLAN. Answer: B,D
Ac
tua
lTe
sts
The use of a physical token, PIN and a password during authentication is an example of which of the following?
.co
84
CompTIA SY0-201: Practice Exam QUESTION NO: 288 Which of the following describes software that is often written solely for a specific customer's application? A. Rootkit B. Hotfix C. Service pack D. Patch Answer: B
QUESTION NO: 289 A security manager believes that too many services are running on a mission critical database server. Which of the following tools might a security analyst use to determine services that are running on the server, without logging into the machine? A. OVAL B. Port scanner C. Protocol analyzer D. NIDS Answer: B
A manufacturing corporation has decided to send a highly sensitive message to one of their suppliers. The message is concealed inside a JPEG image of a beach resort. Which of the following is this an example of? A. Cryptography B. Digital signature C. Hashing D. Steganography Answer: D
Ac
tua
lTe
sts
.co
85
CompTIA SY0-201: Practice Exam QUESTION NO: 291 Which of the following encryption methods is often used along with L2TP? A. S/MIME B. SSH C. 3DES D. IPSec Answer: D
QUESTION NO: 292 An administrator is assigned to monitor servers in a data center. A web server connected to the Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely cause? A. Spyware B. Trojan C. Privilege escalation D. DoS Answer: D
Which of the following methods will help to identify when unauthorized access has occurred? A. Implement two-factor authentication. B. Implement previous logon notification. C. Implement session termination mechanism. D. Implement session lock mechanism. Answer: B
QUESTION NO: 294 Ensuring administrators have both a regular user account and a privileged user account is an example of applying which security principle? A. Need-to-know B. Mandatory Access Control (MAC) "Pass Any Exam. Any Time." - www.actualtests.com 86
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam C. Least privilege D. Discretionary Access Control (DAC) Answer: C
QUESTION NO: 295 All of the following are steps in the incident response process EXCEPT: A. eradication. B. repudiation. C. recovery. D. containment.
Answer: A
Which of the following describes a spanned switch port in the context of IDS traffic analysis? A. An association of a set of destination ports with a single source port B. An association of a set of source ports with a single destination port C. An association of a set of source ports with multiple destination ports and an IDS sensor D. An association of a set of destination ports with an IDS sensor Answer: B
Ac
tua
lTe
A. ATM card and PIN B. Username and password C. Retina and fingerprint scanner D. Photo ID and PIN
sts
.co
Answer: B
87
CompTIA SY0-201: Practice Exam A technician is performing an assessment on a router and discovers packet filtering is employed. Which of the following describes a security concern with stateless packet filtering? A. Packet payload is notcheckeD. B. State connections are retained by the router. C. Router performance isreduceD. D. Loose routing cannot determine the exact path a packet must follow. Answer: A
QUESTION NO: 299 Which of the following describes the process of comparing cryptographic hash functions of system executables, configuration files, and log files? A. File integrity auditing B. Host based intrusion detection C. Network based intrusion detection D. Stateful packet filtering Answer: A
Answer: A
QUESTION NO: 301 Which of the following reduces the effectiveness of telephone social engineering? A. Automatic callback B. Monitoring outbound calls C. Awareness training D. Use of VoIP
Ac
tua
lTe
sts
.co
88
QUESTION NO: 302 Which of the following will execute malicious code at a pre-specified time? A. Logic Bomb B. DoS C. Worm D. Rootkit Answer: A
QUESTION NO: 303 All of the following are weaknesses of WEP EXCEPT: A. lack of integrity checking. B. initialization vector. C. replay attacks. D. lack of strong keys. Answer: A
Which of the following is LEAST likely to help reduce single points of failure? A. Mandatory vacations B. Cross training C. Clustered servers D. Disaster recovery exercises Answer: A
QUESTION NO: 305 Which of the following reduces the attack surface of an operating system? A. Patch management
Ac
tua
lTe
sts
.co
89
CompTIA SY0-201: Practice Exam B. Installing antivirus C. Installing HIDS D. Disabling unused services Answer: D
QUESTION NO: 306 Which of the following is LEAST effective when hardening an operating system? A. Configuration baselines B. Limiting administrative privileges C. Installing HIDS D. Install a software firewall Answer: C
Which of the following provides the MOST control when deploying patches? A. Hotfix B. Remote desktop C. Patch management D. Service packs Answer: C
If a technician wants to know when a computer application is accessing the network, which of the following logs should be reviewed? A. Antivirus log B. RADIUS log C. Performance log D. Host firewall log Answer: D
Ac
tua
lTe
sts
.co
90
CompTIA SY0-201: Practice Exam QUESTION NO: 309 All of the following are components of IPSec EXCEPT: A. encapsulating security payload. B. Internet key exchange. C. temporal key interchange protocol. D. authentication header (AH). Answer: C
QUESTION NO: 310 IPSec connection parameters are stored in which of the following? A. Security association database B. Security payload index C. Security parameter index D. Certificate authority Answer: A
Which of the following will provide a 128-bit hash? A. MD5 B. AES128 C. ROT13 D. SHA-1 Answer: A
QUESTION NO: 312 Which of the following describes a hash algorithms ability to avoid the same output from two guessed inputs? A. Collision avoidance B. Collision resistance C. Collision strength D. Collision metric "Pass Any Exam. Any Time." - www.actualtests.com 91
Ac
tua
lTe
sts
.co
QUESTION NO: 313 Which of the following should be included in a forensic toolkit? A. Compressed air B. Tape recorder C. Fingerprint cards D. Digital camera Answer: D
Answer: C
Which of the following is the primary incident response function of a first responder? A. To evaluate the scene and repair the problem B. To secure the scene and preserve evidence C. To evaluate the scene and determine the cause D. To gather evidence and write reports Answer: B
QUESTION NO: 316 Which of the following is the GREATEST problem with low humidity in a server room? A. Static electricity
Ac
tua
lTe
sts
.co
Which of the following BEST describes the form used while transferring evidence?
92
CompTIA SY0-201: Practice Exam B. Power surge C. Electromagnetic interference D. Brown out Answer: A
QUESTION NO: 317 Which of the following protocols is used to ensure secure transmissions on port 443? A. HTTPS B. Telnet C. SFTP D. SHTTP Answer: A
When should a technician perform disaster recovery testing? A. Immediately following lessons learned sessions B. Once a month, during peak business hours C. After the network is stable and online D. In accordance with the disaster recovery plan Answer: D
Which of the following is the BEST backup method to restore the entire operating system and all related software? A. Weekly B. Incremental C. Disk Image D. Differential Answer: C
Ac
tua
lTe
sts
.co
93
CompTIA SY0-201: Practice Exam QUESTION NO: 320 How many keys are utilized in symmetric cryptography? A. One B. Two C. Three D. Four Answer: A
QUESTION NO: 321 Which of the following terms is BEST associated with public key infrastructure (PKI)? A. MD5 hashing B. Symmetric key C. Symmetric algorithm D. Digital signatures Answer: D
Which of the following is the LAST step to granting access to specific domain resources? A. Validate the user B. Authorize the user C. Verify the user D. Authenticate the user Answer: B
QUESTION NO: 323 After an attacker has successfully gained remote access to a server with minimal privileges, which of the following is their next step? A. Elevate system privileges. B. Monitor networktraffiC. C. Capture private keys. D. Begin key recovery. "Pass Any Exam. Any Time." - www.actualtests.com 94
Ac
tua
lTe
sts
.co
QUESTION NO: 324 Which of the following should the technician recommend as a way to logically separate various internal networks from each other? A. NIDS B. VLAN C. NAT D. HIDS Answer: B
Answer: B
A large amount of viruses have been found on numerous domain workstations. Which of the following should the technician implement? A. Decentralized antivirus B. Host based intrusion detection C. Centralized antivirus D. Spyware detection Answer: C
Ac
tua
lTe
sts
An organization has requested the ability to monitor all network traffic as it traverses their network. Which of the following should a technician implement?
.co
CompTIA SY0-201: Practice Exam Which of the following is the MOST difficult security concern to detect when contractors enter a secured facility? A. Rogue access points being installed B. Copying sensitive information with cellular phones C. Removing mass storageiSCSI drives D. Removing network attached storage Answer: B
QUESTION NO: 328 When are port scanners generally used on systems? A. At the middle of a vulnerability assessment B. At the beginning of a vulnerability assessment C. When there is a need to documentvulnerabilities D. At the end of a penetration test assessment Answer: B
Answer: D
QUESTION NO: 330 Human Resources has requested that staff members be moved to different parts of the country into new positions. Which of the following is this an example of? A. Implicit deny B. Separation of duties C. Least privilege
Ac
tua
The staff must be cross-trained in different functional areas so that fraud can be detected. Which of the following is this an example of?
lTe
sts
.co
96
QUESTION NO: 331 An administrator is worried about an attacker using a compromised user account to gain administrator access to a system. Which of the following is this an example of? A. Man-in-the-middle attack B. Protocol analysis C. Privilege escalation D. Cross-site scripting
Answer: A
An administrator recommends implementing whitelisting, blacklisting, closing-open relays, and strong authentication techniques to a server administrator. Which of the following threats are being addressed? A. Adware B. Spyware C. Spam D. Viruses Answer: C
Ac
tua
lTe
sts
.co
Answer: C
97
CompTIA SY0-201: Practice Exam QUESTION NO: 334 An administrator is asked to improve the physical security of a data center located inside the office building. The data center already maintains a physical access log and has a video surveillance system. Which of the following additional controls could be implemented? A. Defense-in-depth B. Logical token C. ACL D. Mantrap Answer: D
QUESTION NO: 335 In regards to physical security, which of the following BEST describes an access control system which implements a non-trusted but secure zone immediately outside of the secure zone? A. Smart card B. Defense-in-depth C. Mantrap D. DMZ Answer: C
QUESTION NO: 337 Penetration testing should only be used once which of the following items is in place? A. Acceptable use policy "Pass Any Exam. Any Time." - www.actualtests.com 98
Ac
A technician notices delays in mail delivery on the mail server. Which of the following tools could be used to determine the cause of the service degradation?
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam B. Data retention and disclosure policy C. Service level agreement D. Written permission Answer: D
QUESTION NO: 338 An administrator recommends that management establish a trusted third party central repository to maintain all employees private keys. Which of the following BEST describes the administrators recommendation? A. Registration B. Certificate authority C. Recovery agent D. Key escrow Answer: D
Answer: C
QUESTION NO: 340 All of the following should be identified within the penetration testing scope of work EXCEPT: A. a complete list of all network vulnerabilities. B. IP addresses of machines from which penetration testing will be executed. C. a list of acceptable testing techniques and tools to be utilized. D. handling of information collected by the penetration testing team.
Ac
tua
lTe
To combat transaction fraud, a bank has implemented a requirement that all bank customers enter a different, unique code to confirm every transaction. Which of the following is the MOST effective method to accomplish this?
sts
.co
99
QUESTION NO: 341 Which of the following is the MOST efficient way that an administrator can restrict network access to certain ports enterprise wide? A. HIDS B. Personal software firewall C. NIDS D. ACL Answer: D
Answer: B
Validating the users claimed identity is called which of the following? A. Authentication B. Identification C. Verification D. Validation Answer: A
Ac
tua
lTe
A. Implement the server as ahoneypot. B. Implement the server as a virtual server instance. C. Load balance between two identical servers. D. Install the server on a separate VLAN segment.
sts
An administrator is responsible for a server which has been attacked repeatedly in the past. The only recourse has been to reload the server from scratch. Which of the following techniques could be used to decrease the recovery time following an incident?
.co
100
CompTIA SY0-201: Practice Exam Which of the following is planted on an infected system and deployed at a predetermined time? A. Logic bomb B. Trojan horse C. Worm D. Rootkit Answer: A
QUESTION NO: 345 Which of the following allows a user to float a domain registration for a maximum of five days? A. DNS poisoning B. Domain hijacking C. Spoofing D. Kiting Answer: D
Answer: D
QUESTION NO: 347 Which of the following is an attack which is launched from multiple zombie machines in attempt to bring down a service? A. DoS B. Man-in-the-middle C. DDoS
Ac
tua
According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?
lTe
sts
.co
101
QUESTION NO: 348 Which of the following will MOST likely allow an attacker to make a switch function like a hub? A. MAC flooding B. ARP poisoning C. DNS poisoning D. DNS spoofing Answer: A
Which of the following is commonly programmed into an application for ease of administration? A. Back door B. Worm C. Zombie D. Trojan Answer: A
Which of the following is a technique used by hackers to identify unsecured wireless network locations to other hackers? A. Bluesnarfing B. War dialing C. War chalking D. War driving Answer: C
Ac
tua
lTe
sts
.co
102
CompTIA SY0-201: Practice Exam Which of the following authentication models uses a KDC? A. CHAP B. PKI C. PGP D. Kerberos Answer: D
QUESTION NO: 352 Which of the following disaster recovery components is a location that is completely empty, but allows the infrastructure to be built if the live site goes down? A. Mirrored site B. Cold site C. Warm site D. Hot site Answer: B
Answer: C
QUESTION NO: 354 Which of the following documents specifies the uptime guarantee of a web server? A. Due process B. Due diligence C. Scope of work D. Service level agreement
Ac
A. Update antivirus definitions. B. Disconnect the entire network from the Internet. C. Apply proper forensic techniques. D. Restore missing files on the affected system.
tua
Which of the following should be done if an organization intends to prosecute an attacker once an attack has been completed?
lTe
sts
.co
103
QUESTION NO: 355 Which of the following authentication models uses a time stamp to prevent the risks associated with a replay attack? A. Two-factor authentication B. RADIUS C. LDAP D. Kerberos Answer: D
Which of the following protocols can be implemented as an alternative to the overhead of a VPN? A. L2TP B. PPTP C. SSH D. SSL Answer: D
Which of the following will set an account to lockout for 30 minutes after the maximum number attempts have failed? A. Key distribution center B. Account lockout duration C. Account lockout threshold D. Password complexity requirements Answer: B
QUESTION NO: 358 Which of the following logs would reveal activities related to an ACL?
Ac
tua
lTe
sts
.co
104
CompTIA SY0-201: Practice Exam A. Mobile device B. Transaction C. Firewall D. Performance Answer: C
QUESTION NO: 359 Which of the following encryption algorithms has the largest overhead? A. AES256 B. 3DES C. AES D. RSA Answer: B
Which of the following hashing algorithms is the MOST secure? A. LANMAN B. SHA-1 C. MD5 D. CHAP Answer: C
Which of the following would allow a technician to compile a visual view of an infrastructure? A. Security log B. Networkmapper C. Port scanner D. Protocol analyzer Answer: B
Ac
tua
lTe
sts
.co
105
CompTIA SY0-201: Practice Exam QUESTION NO: 362 Which of the following creates separate logical networks? A. NAT B. DMZ C. NAC D. Subnetting Answer: D
QUESTION NO: 363 Which of the following is an area of the network infrastructure that allows a technician to place public facing systems into it without compromising the entire infrastructure? A. VPN B. NAT C. VLAN D. DMZ Answer: D
Which of the following attacks commonly result in a buffer overflow? A. ARP Poisoning B. DNS Poisoning C. Replay D. DoS Answer: D
QUESTION NO: 365 Which of the following type of attacks is TCP/IP hijacking? A. Birthday B. ARP poisoning C. MAC flooding D. Man-in-the-middle "Pass Any Exam. Any Time." - www.actualtests.com 106
Ac
tua
lTe
sts
.co
QUESTION NO: 366 Which of the following ports does SNMP run on? A. 25 B. 110 C. 161 D. 443 Answer: C
Answer: C
Which of the following could be used to determine which flags are set in a TCP/IP handshake? A. FIN/RST B. SYN/ACK C. Protocol analyzer D. Networkmapper Answer: C
QUESTION NO: 369 Which of the following would be the BEST choice to ensure only ports 25, 80 and 443 were open from outside of the network?
Ac
tua
lTe
sts
.co
107
QUESTION NO: 370 Which of the following media is LEAST susceptible to a tap being placed on the line? A. Fiber B. UTP C. STP D. Coaxial Answer: A
Which of the following is responsible for establishing trust models? A. The firewall B. The information security officer C. The certificate authority D. The key escrow agent Answer: C
Which of the following allows attackers to gain control over the web camera of a system? A. ActiveX component B. SQL injection C. Cross-site scripting D. XML Answer: A
Ac
tua
lTe
sts
.co
108
CompTIA SY0-201: Practice Exam QUESTION NO: 373 Which of the following type of attacks sends out numerous MAC resolution requests to create a buffer overflow attack? A. Smurf B. ARP poisoning C. DDoS D. DNS poisoning Answer: B
Which of the following would be MOST effective in stopping phishing attempts? A. Antivirus B. User training C. NIDS D. HIDS Answer: B
QUESTION NO: 376 Which of the following consists of markings outside a building that indicate the connection speed of a nearby unsecured wireless network? A. War driving B. War chalking "Pass Any Exam. Any Time." - www.actualtests.com 109
Ac
tua
lTe
Answer: B
sts
.co
Which of the following would a former employee MOST likely plant on a server that is not traceable?
QUESTION NO: 377 Which of the following would be of MOST interest to someone that is dumpster diving? A. User education manual B. Business card of computer contractor C. List of expired usernames D. Receipts from the supply store
Answer: C
Which of the following could be used to capture website GET requests? A. Port scanner B. Protocol analyzer C. Networkmapper D. Vulnerability scanner Answer: B
Ac
tua
lTe
sts
Which of the following could involve moving physical locations every two years to help mitigate security risks?
.co
Answer: B
110
CompTIA SY0-201: Practice Exam Which of the following does the process of least privilege fall under? A. Integrity B. Non-repudiation C. Confidentiality D. Availability Answer: C
QUESTION NO: 381 Which of the following hashing algorithms is the LEAST secure? A. SHA-1 B. LANMAN C. NTLM D. MD5 Answer: B
Which of the following is the MOST secure transmission algorithm? A. 3DES B. TKIP C. AES256 D. AES Answer: B
QUESTION NO: 383 Which of the following protocols is used for encryption between email servers? A. TLS B. PPTP C. L2TP D. S/MIME Answer: A
Ac
tua
lTe
sts
.co
111
CompTIA SY0-201: Practice Exam QUESTION NO: 384 Which of the following scenarios would a penetration test BEST be used for? A. When providing a proof of concept demonstration for a vulnerability B. While in the reconnaissance phase C. When performing network mapping D. When conducting performance monitoring Answer: A
QUESTION NO: 385 Which of the following would be the easiest to use in detection of a DDoS attack? A. Performance monitor B. Application log C. System log D. Protocol analyzer Answer: A
Which of the following implements the strongest hashing algorithm? A. NTLMv2 B. NTLM C. VLAN D. LANMAN Answer: A
QUESTION NO: 387 Which of the following is BEST used to determine whether network utilization is abnormal? A. Security log B. Performance baseline C. Application log D. Systems monitor
Ac
tua
lTe
sts
.co
112
QUESTION NO: 388 Which of the following is the BEST solution to implement to reduce unsolicited email? A. Pop-up blocker B. Anti-spam C. Antivirus D. Personal software firewall Answer: B
Answer: B
Identity proofing occurs during which phase of identification and authentication? A. Testing B. Verification C. Authentication D. Identification Answer: D
QUESTION NO: 391 Which of the following BEST describes the practice of dumpster diving? A. Sorting through the garbage of an organization to obtain information used for configuration management. "Pass Any Exam. Any Time." - www.actualtests.com 113
Ac
tua
lTe
sts
A. used to confirm the privileges of a user. B. when the user isverifieD. C. when the user isauthorizeD. D. used to prevent authorized access.
.co
CompTIA SY0-201: Practice Exam B. Sorting through the garbage of an organization to obtain information used for a subsequent attack. C. Sorting through the trash of an organization to obtain information found on their intranet. D. Sorting through the trash of an organization to recover an old user ID badge previously used for an attack. Answer: B
QUESTION NO: 392 Implementation of proper environmental controls should be considered by administrators when recommending facility security controls because of which of the following? A. Proper environmental controls provide redundancy to the facility. B. Proper environmental controls helpensure availability of IT systems. C. Proper environmental controls make authentication simpler. D. Proper environmental controls provide integrity to IT systems. Answer: B
An administrator is asked to recommend the most secure transmission mediA. Which of the following should be recommended? A. Unshielded twisted pair cable B. Fiber optic cable C. Ethernet CAT5 cable D. Coaxial cable Answer: B
QUESTION NO: 394 An administrator is selecting a device to secure an internal network segment from traffic external to the segment. Which of the following devices could be selected to provide security to the network segment? A. NIPS B. HIDS C. Internet content filter "Pass Any Exam. Any Time." - www.actualtests.com 114
Ac
tua
lTe
sts
.co
QUESTION NO: 395 Which of the following devices should be deployed to protect a network against attacks launched from a business to business intranet? (Select TWO). A. NIPS B. Content filter C. HIPS D. Firewall E. NIDS Answer: A,D
To prevent the use of previously issued PKI credentials which have expired or otherwise become invalid, administrators should always design programs to check which of the following? A. PKI B. CRL C. Escrow D. CA Answer: B
To prevent the use of stolen PKI certificates on web servers, which of the following should an administrator ensure is available to their web servers? A. Registration B. CA C. CRL D. Key escrow Answer: C
Ac
tua
lTe
sts
.co
115
CompTIA SY0-201: Practice Exam QUESTION NO: 398 Which of the following describes an implementation of PKI where a copy of a users private key is stored to provide third party access and to facilitate recovery operations? A. Registration B. Recovery agent C. Key escrow D. Asymmetric Answer: C
QUESTION NO: 399 A security administrator has been asked to deploy a biometric authentication system in a corporation. Which of the following devices is the MOST reliable and has the lowest cross over error rate? A. Iris scanner B. Handprint scanner C. Retina scanner D. Fingerprint scanner Answer: C
A. A PKI enabled smart card, strong password and 12-digit PIN B. A retina scanner, PKI enabled smart card and a six-digit PIN C. A fingerprint scanner, PKI enabled smart card and badge proximity reader D. An Iris scanner, a user generated pass phrase and a palm reader Answer: B
QUESTION NO: 401 To facilitate compliance with the Internet use portion of the corporate acceptable use policy, an administrator implements a series of proxy servers and firewalls. The administrator further "Pass Any Exam. Any Time." - www.actualtests.com 116
Ac
To increase the security of the network authentication process, an administrator decides to implement three-factor authentication. Which of the following authentication combinations is a three-factor system?
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam recommends installation of software based firewalls on each host on the network. Which of the following would have provided an alternative simpler solution? A. Internet content filter B. Hardware IDS C. Software HIPS D. DMZ Answer: A
QUESTION NO: 402 The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive datA. The security administrator advises the marketing department not to distribute the USB pens due to which of the following? A. The risks associated with the large capacity of USB drives and their concealable nature B. The security costs associated with securing the USB drives over time C. The cost associated with distributing a large volume of the USB pens D. The security risks associated with combining USB drives and cell phones on a network
USB drives create a potential security risk due to which of the following? A. Operating system incompatibility B. Large storage capacity C. Widespread use D. Potential for software introduction Answer: D
QUESTION NO: 404 As a best practice, risk assessments should be based upon which of the following? A. A qualitative measurement of risk and impact B. A survey of annual loss, potential threats and asset value
Ac
tua
lTe
Answer: A
sts
.co
117
CompTIA SY0-201: Practice Exam C. A quantitative measurement of risk, impact and asset value D. An absolute measurement of threats Answer: C
QUESTION NO: 405 Which of the following is a cryptographic hash function? A. RSA B. SHA C. RC4 D. ECC
Answer: D
All of the following are methods used to conduct risk assessments EXCEPT: A. penetration tests. B. security audits. C. vulnerability scans. D. disaster exercises. Answer: D
Ac
tua
A. To detect network intrusions from external attackers B. To detect integrity degradations to network attached storage C. To detect host intrusions from external networks D. To detect availability degradations caused by attackers
lTe
sts
From a security standpoint, which of the following is the BEST reason to implement performance monitoring applications on network systems?
.co
Answer: B
118
CompTIA SY0-201: Practice Exam After conducting a risk assessment, the main focus of an administrator should be which of the following? A. To report the results of the assessment to the users B. To ensure all threats are mitigated C. To ensure all vulnerabilities are eliminated D. To ensure risk mitigation activities are implemented Answer: D
QUESTION NO: 409 Which of the following is a BEST practice when implementing a new system? A. Disable unneeded services. B. Use group policies. C. Implement open source alternatives. D. Use default installations. Answer: A
A. Use a strong firewall. B. Block inbound access to port 80 C. Apply all system patches. D. Use input validation. E. Install remote control software. F. Apply all service packs. Answer: A,C,F
QUESTION NO: 411 Which of the following describes a logic bomb? A. A piece of malicious code that can spread on its own
Ac
tua
When installing and securing a new system for a home user which of the following are best practices? (Select THREE).
lTe
sts
.co
119
CompTIA SY0-201: Practice Exam B. A piece of malicious code that is concealed from all detection C. A piece of malicious code that executes based on an event or date D. A piece of malicious code that exploits a race condition Answer: C
QUESTION NO: 412 Which of the following is a prerequisite for privilege escalation to occur? A. The attacker has to create their own zero day attack for privilege escalation. B. The attacker must already have physical access to the system. C. The attacker must use arootkit in conjunction with privilege escalation. D. The attacker must have already gained entry into the system. Answer: D
Which of the following is an example of an attack that executes once a year on a certain date? A. Virus B. Worm C. Logic bomb D. Rootkit Answer: C
Which of the following is the GREATEST threat to highly secure environments? A. Network attached storage B. BIOS configuration C. RSA256 D. USB devices Answer: D
Ac
tua
lTe
sts
.co
120
CompTIA SY0-201: Practice Exam Management has asked a technician to prevent data theft through the use of portable drives. Which of the following should the technician implement? A. Install a CCTV system. B. Use security templates. C. Implement a biometric system. D. Disable USB drives. Answer: D
QUESTION NO: 416 A technician has been informed that many of the workstations on the network are flooding servers. Which of the following is the MOST likely cause of this? A. Worm B. Logic bomb C. Virus D. Spam Answer: A
Answer: A
QUESTION NO: 418 Which of the following is a security reason to implement virtualization throughout the network infrastructure? A. To analyze the various network traffic with protocol analyzers B. To centralize the patch management of network servers C. To isolate the various network services and roles
Ac
A. Apply all security patches to workstations. B. Apply security templates enterprisewidE. C. Apply group policy management techniques. D. Monitor P2P program usage through content filters.
tua
lTe
sts
.co
121
CompTIA SY0-201: Practice Exam D. To implement additional network services at a lower cost Answer: C
QUESTION NO: 419 Which of the following is a reason to use a Faraday cage? A. To allow wireless usage B. To minimize weak encryption C. To mitigate data emanation D. To find rogue access points Answer: C
Weak encryption is a common problem with which of the following wireless protocols? A. WPA2-Enterprise B. WEP C. WPA2-Personal D. WPA Answer: B
Which of the following describes a tool used by organizations to verify whether or not a staff member has been involved in malicious activity? A. Mandatory vacations B. Implicit deny C. Implicit allow D. Time of day restrictions Answer: A
Ac
tua
lTe
sts
.co
122
CompTIA SY0-201: Practice Exam Which of the following is a cross-training technique where organizations minimize collusion amongst staff? A. Least privilege B. Job rotation C. Cross-site scripting D. Separation of duties Answer: B
QUESTION NO: 423 Which of the following will allow a technician to restrict a users access to the GUI? A. Access control lists B. Group policy implementation C. Use of logical tokens D. Password policy enforcement Answer: B
Which of the following is the MOST common logical access control method? A. Access control lists B. Usernames and password C. Multifactor authentication D. Security ID badges Answer: B
QUESTION NO: 425 Which of the following verifies control for granting access in a PKI environment? A. System administrator B. Certificate authority C. Recovery agent D. Certificate revocation list Answer: B "Pass Any Exam. Any Time." - www.actualtests.com 123
Ac
tua
lTe
sts
.co
QUESTION NO: 426 Which of the following explains the difference between a public key and a private key? A. The public key is only used by the client while the private key is available to all. Both keys are mathematically related. B. The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related. C. The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption. D. The private key is only used by the client and kept secret while the public key is available to all. Answer: D
Answer: A
Which of the following is the MOST important step to conduct during a risk assessment of computing systems? A. The identification of USB drives B. The identification of missing patches C. The identification of mantraps D. The identification of disgruntled staff members Answer: B
QUESTION NO: 429 "Pass Any Exam. Any Time." - www.actualtests.com 124
Ac
tua
lTe
A. Backup generator B. Redundant power supplies C. Uninterruptible power supplies (UPSs) D. Warm site
sts
Which of the following is a countermeasure when power must be delivered to critical systems no matter what?
.co
CompTIA SY0-201: Practice Exam Which of the following tools will allow a technician to detect security-related TCP connection anomalies? A. Logical token B. Performance monitor C. Public key infrastructure D. Trusted platform module Answer: B
QUESTION NO: 430 Which of the following monitoring methodologies will allow a technician to determine when there is a security related problem that results in an abnormal condition? A. Signature-based B. NIDS C. Anomaly-based D. NIPS Answer: C
QUESTION NO: 432 Which of the following is the MOST important thing to consider when implementing an IDS solution? A. The cost of the device B. Distinguishing between false negatives
Ac
tua
Which of the following systems is BEST to use when monitoring application activity and modification?
lTe
sts
.co
125
CompTIA SY0-201: Practice Exam C. Distinguishing between false positives D. The personnel to interpret results Answer: D
QUESTION NO: 433 Which of the following is the FIRST step in the implementation of an IDS? A. Decide on thetypE. B. Decide on the model. C. Purchase the equipment. D. Document the existing network.
Answer: D
Which of the following are the authentication header modes? A. Encrypt and Route B. Transport and Tunnel C. Tunnel and Encrypt D. Transport and Encrypt Answer: B
Ac
tua
lTe
sts
Which of the following encryption algorithms is used for encryption and decryption of data?
.co
Answer: D
126
CompTIA SY0-201: Practice Exam Which of the following would a technician use to check data integrity? A. Digital signature algorithm B. Encapsulating security protocol C. Rivest cipher 4 D. Message authentication code Answer: D
QUESTION NO: 437 Which of the following are the functions of asymmetric keys? A. Decrypt,decipher, encode and encrypt B. Sign,validate, encrypt and verify C. Decrypt,validate, encode and verify D. Encrypt, sign, decrypt and verify Answer: D
Which of the following is the purpose of the AH? A. Provides non-repudiation B. Provides integrity C. Provides authorization D. Provides confidentiality Answer: B
QUESTION NO: 439 Which of the following describes the insertion of additional bytes of data into a packet? A. Header injection B. TCP hijacking C. Encapsulating D. Padding Answer: D
Ac
tua
lTe
sts
.co
127
CompTIA SY0-201: Practice Exam QUESTION NO: 440 Which of the following is true regarding authentication headers (AH)? A. The authentication information is a keyed hash based on all of the bytes in the packet. B. The authentication information hash will increase by one if the bytes remain the same on transfer. C. The authentication information hash will remain the same if the bytes change on transfer. D. The authentication information may be the same on different packets if the integrity remains in place. Answer: A
QUESTION NO: 441 Which of the following will allow wireless access to network resources based on certain ports? A. 80211n B. 80211g C. 8021x D. 80211a Answer: C
The method of controlling how and when users can connect in from home is called which of the following? A. Remote access policy B. Terminal access control C. Virtual Private Networking (VPN) D. Remote authentication Answer: A
QUESTION NO: 443 Which of the following is the main limitation with biometric devices? A. The false rejection rate B. They are expensive and complex "Pass Any Exam. Any Time." - www.actualtests.com 128
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam C. They can be easily fooled or bypassed D. The error human factor Answer: B
QUESTION NO: 444 Who is ultimately responsible for the amount of residual risk? A. The senior management B. The security technician C. The organizations security officer D. The DRP coordinator
Answer: D
When designing a firewall policy, which of the following should be the default action? A. Least privilege B. Implicit allow C. DMZ D. Implicit deny Answer: D
Ac
tua
lTe
sts
Which of the following typically use IRC for command and control activities?
.co
Answer: A
129
CompTIA SY0-201: Practice Exam If hashing two different files creates the same result, which of the following just occurred? A. A duplication B. A collision C. A pseudo-random event D. Amirror Answer: B
QUESTION NO: 448 Which of the following type of protection is hashing used to provide? A. Integrity B. Cryptographic randomness C. Collision D. Confidentiality Answer: A
All of the following are part of the disaster recovery plan EXCEPT: A. obtaining management buy-in. B. identifying all assets. C. system backups. D. patch managementsoftwarE. Answer: D
QUESTION NO: 450 Which of the following is MOST likely to make a disaster recovery exercise valuable? A. Revising the disaster recovery plan during the exercise B. Conducting intricate, large-scale mock exercises C. Learning from the mistakes of the exercise D. Management participation Answer: C
Ac
tua
lTe
sts
.co
130
CompTIA SY0-201: Practice Exam QUESTION NO: 451 Which of the following allows directory permissions to filter down through the sub-directory hierarchy? A. Impedance B. Inheritance C. Mirroring D. Replication Answer: B
Answer: D
Which of the following would MOST likely prevent a PC application from accessing the network? A. Virtualization B. Host-based firewall C. Antivirus D. HIDS Answer: B
QUESTION NO: 454 A technician is investigating intermittent switch degradation. The issue only seems to occur when the buildings roof air conditioning system runs. Which of the following would reduce the connectivity issues? A. Adding a heat deflector B. Redundant HVAC systems "Pass Any Exam. Any Time." - www.actualtests.com 131
Ac
tua
lTe
sts
A. Discretionary Access Control (DAC) B. Mandatory Access Control (MAC) C. Rule-base access control (RBAC) D. Role-based access control (RBAC)
.co
Which of the following access control models BEST follows the concept of separation of duties?
QUESTION NO: 455 A technician tracks the integrity of certain files on the server. Which of the following algorithms provide this ability? A. SHA-1 B. 3DES C. XOR D. AES Answer: A
Which of the following describes the standard load for all systems? A. Configuration baseline B. Group policy C. Patch management D. Security template Answer: A
When testing a newly released patch, a technician should do all of the following EXCEPT: A. verify the integrity of the patch. B. deploy immediately using Patch Management. C. verify the patch is relevant to the system. D. test it in a non-production environment. Answer: B
Ac
tua
lTe
sts
.co
132
CompTIA SY0-201: Practice Exam A botnet zombie is using HTTP traffic to encapsulate IRC traffic. Which of the following would detect this encapsulated traffic? A. Vulnerability scanner B. Proxy server C. Anomaly-based IDS D. Rootkit Answer: C
QUESTION NO: 459 Documentation review, log review, rule-set review, system configuration review, network sniffing, and file integrity checking are examples of: A. active security testing techniques. B. invasive security testing techniques. C. black box testing techniques. D. passive security testing techniques. Answer: D
To determine whether a system is properly documented and to gain insight into the systems security aspects that are only available through documentation is the purpose of: A. hybrid security testing techniques. B. active security testing techniques. C. passive security testing techniques. D. invasive security testing techniques. Answer: C
QUESTION NO: 461 Which of the following BEST describes external security testing? A. Conducted from outside the perimeter switch but inside the firewall B. Conducted from outside the building that hosts the organizations servers
Ac
tua
lTe
sts
.co
133
CompTIA SY0-201: Practice Exam C. Conducted from outside the organizations security perimeter D. Conducted from outside the perimeter switch but inside the border router Answer: C
QUESTION NO: 462 Port scanners can identify all of the following EXCEPT: A. applications. B. operating systems. C. vulnerabilities. D. active hosts.
Answer: D
Which of the following can BEST aid in preventing a phishing attack? A. Implementing two-factor authentication B. Enabling complex password policies C. Conducting user awareness training D. Requiring the use of stronger encryption Answer: C
Ac
tua
lTe
A. it only uncovers vulnerabilities for active systems. B. it generates a high false-positive errorratE. C. it relies on a repository of signatures. D. it generates less network traffic than port scanning.
sts
.co
Answer: C
134
CompTIA SY0-201: Practice Exam A travel reservation company conducts the majority of its transactions through a public facing website. Any downtime to this website results in substantial financial damage for the company. One web server is connected to several distributed database servers. Which of the following describes this scenario? A. Warm site B. Proxy server C. RAID D. Single point of failure Answer: D
Which of the following is MOST commonly used to secure a web browsing session? A. SHTTP B. SSH C. HTTPS D. S/MIME Answer: C
QUESTION NO: 468 One of the security benefits to using virtualization technology is:
Ac
One of the reasons that DNS attacks are so universal is DNS services are required for a computer to access:
tua
lTe
sts
.co
135
CompTIA SY0-201: Practice Exam A. if an instance is compromised the damage can be compartmentalized. B. applying a patch to the server automatically patches all instances. C. if one instance is compromised no other instances can be compromised. D. virtual instances are not affected by conventional port scanning techniques. Answer: A
QUESTION NO: 469 A virtual server implementation attack that affects the: A. OS kernel will affect all virtual instances. B. disk partition will affect all virtual instances. C. system registry will affect all virtual instances. D. RAM will affect all virtual instances. Answer: D
Answer: C
QUESTION NO: 471 Which of the following is the BEST reason for an administrator to use port address translation (PAT) instead of NAT on a new corporate mail gateway? A. PAT provides the mail gateway with protection on port 24 B. PAT allows external users to access the mail gateway on random ports. C. PAT provides the mail gateway with protection on port 25 D. PAT allows external users to access the mail gateway on pre-selected ports. Answer: D
Ac
tua
A. Publishes the organizations internal network addressing scheme B. Publishes the organizations external network addressing scheme C. Hides the organizations internal network addressing scheme D. Hides the organizations external network addressing scheme
lTe
An administrator wants to set up a new web server with a static NAT. Which of the following is the BEST reason for implementing NAT?
sts
.co
136
QUESTION NO: 472 Which of the following describes a static NAT? A. A static NAT uses a one to many mapping. B. A static NAT uses a many to one mapping. C. A static NAT uses a many to many mapping. D. A static NAT uses a one to one mapping. Answer: D
QUESTION NO: 473 Which of the following if disabled will MOST likely reduce, but not eliminate the risk of VLAN jumping? A. LAN manager B. ARP caching C. DTP on all ports D. TACACS Answer: C
QUESTION NO: 475 Restricting access to files based on the identity of the user or group is an example of which of the following? "Pass Any Exam. Any Time." - www.actualtests.com 137
Ac
An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. Which of the following could BEST be used to confirm the administrators suspicions?
tua
lTe
sts
.co
QUESTION NO: 476 Restricting access to files based on the identity of the user or group and security classification of the information is an example of which of the following? A. RBAC B. DAC C. NTFS D. MAC Answer: D
Answer: A
QUESTION NO: 478 Which of the following would BEST describe a disaster recovery plan (DRP)? A. Addresses the recovery of an organizations business documentation B. Addresses the recovery of an organizations email C. Addresses the recovery of an organizations backup site D. Addresses the recovery of an organizations IT infrastructure "Pass Any Exam. Any Time." - www.actualtests.com 138
Ac
A. Role-Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Lightweight Directory Access Protocol (LDAP) D. Discretionary Access Control (DAC)
tua
A new Internet content filtering device installed in a large financial institution allows IT administrators to log in and manage the device, but not the content filtering policy. Only the IT security operation staff can modify policies on the Internet filtering device. Which of the following is this an example of?
lTe
sts
.co
QUESTION NO: 479 Which of the following is the primary objective of a business continuity plan (BCP)? A. Addresses the recovery of an organizations business operations B. Addresses the recovery of an organizations business payroll system C. Addresses the recovery of an organizations business facilities D. Addresses the recovery of an organizations backup site Answer: A
Which of the following BEST describes an application or string of code that cannot automatically spread from one system to another but is designed to spread from file to file? A. Adware B. Worm C. Botnet D. Virus Answer: D
Ac
tua
Answer: C
lTe
sts
.co
A software manufacturer discovered a design flaw in a new application. Rather than recall the software, management decided to continue manufacturing the product with the flaw. Which of the following risk management strategies was adopted by management?
139
CompTIA SY0-201: Practice Exam Which of the following is considered an independent program that can copy itself from one system to another and its main purpose is to damage data or affect system performance? A. Virus B. Worm C. Spam D. Spyware Answer: B
QUESTION NO: 483 All of the following are considered malware EXCEPT: A. spam. B. Trojan. C. virus. D. logical bombs. Answer: A
Which of the following NIDS configurations is solely based on specific network traffic? A. Host-based B. Behavior-based C. Anomaly-based D. Signature-based Answer: D
QUESTION NO: 485 Which of the following only looks at header information of network traffic? A. Internet content filter B. Packet filter C. Application firewall D. Hybrid firewall Answer: B "Pass Any Exam. Any Time." - www.actualtests.com 140
Ac
tua
lTe
sts
.co
QUESTION NO: 486 Which of the following access control methods could the administrator implement because of constant hiring of new personnel? A. Rule-based B. Role-based C. Discretionary D. Decentralized Answer: B
Answer: D
RADIUS uses all of the following authentication protocols EXCEPT: A. PAP. B. CHAP. C. EAP. D. L2TP. Answer: D
Ac
tua
lTe
sts
.co
When using a single sign-on method, which of the following could adversely impact the entire network?
141
CompTIA SY0-201: Practice Exam A. CPU performance B. NIC performance C. System files D. Temporary Internet files Answer: C
QUESTION NO: 490 Which of the following intrusion detection systems uses statistical analysis to detect intrusions? A. Signature B. Honeynet C. Anomaly D. Knowledge Answer: C
Answer: C
QUESTION NO: 492 Which of the following is a system that will automate the deployment of updates to workstations and servers? A. Service pack B. Remote access C. Patch management D. Installer package Answer: C
Ac
tua
lTe
Which of the following intrusion detection systems uses well defined models of how an attack occurs?
sts
.co
142
QUESTION NO: 493 A user is concerned with the security of their laptops BIOS. The user does not want anyone to be able to access control functions except themselves. Which of the following will make the BIOS more secure? A. Password B. Encrypt the hard drive C. Create an access-list D. Flash the BIOS Answer: A
Which of the following is a method to apply system security settings to all workstations at once? A. Policy analyzer B. Patch management C. Configuration baseline D. A security template Answer: D
Which of the following would be a method of securing the web browser settings on all network workstations? A. Internet content filter B. Group policy C. Control panel D. P2P software Answer: B
Ac
tua
lTe
sts
.co
143
CompTIA SY0-201: Practice Exam A. It does not capture MAC addresses. B. Someone must manually review the logs. C. It requires an open port on the firewall. D. They are difficult to install. Answer: B
QUESTION NO: 497 A technician has implemented a new network attached storage solution for a client. The technician has created many shares on the storage. Which of the following is the MOST secure way to assign permissions? A. Separation of duties B. Full control C. Authentication D. Least privilege Answer: D
Which of the following is an example of a trust model? A. SSL/TLS B. Internet key exchange C. Recovery agent D. Managing the CA relationships Answer: D
QUESTION NO: 499 Which of the following is the common mail format for digitally signed and encrypted messages? A. SMTP B. SSL C. MIME D. S/MIME Answer: D
Ac
tua
lTe
sts
.co
144
QUESTION NO: 500 Which of the following is the common way of implementing cryptography on network devices for encapsulating traffic between the device and the host managing them? A. S/MIME B. SNMP C. SSH D. SMTP Answer: C
QUESTION NO: 501 Which of the following describes penetration testing? A. Simulating an actual attack on a network B. Hacking into a network for malicious reasons C. Detecting active intrusions D. Establishing a security baseline Answer: A
QUESTION NO: 503 An application that gets downloaded onto a system by appearing to be a useful tool for cleaning out duplicate contacts in a users emails would be considered:
Ac
When an IDS is configured to match a specific traffic pattern, then which of the following is this referring to?
tua
lTe
sts
.co
145
QUESTION NO: 504 Installing an application on every desktop in a companys network that watches for possible intrusions would be an example of: A. a HIDS. B. a personal software firewall. C. hardening. D. a NIDS. Answer: A
Answer: A
QUESTION NO: 506 An administrator runs a tool checking SMTP, DNS, POP3, and ICMP packets on the network. This is an example of which of the following? A. A port scanner B. A protocol analyzer C. A vulnerability scan D. A penetration test
Ac
A. the performance baseline. B. yesterdays performance. C. the system monitor. D. themanufacturers website.
tua
lTe
An administrator suspects an issue retrieving files on the network and accesses the file servers performance monitor to check the results against:
sts
.co
146
QUESTION NO: 507 A company runs a backup after each shift and the main concern is how quickly the backups are completed between shifts. Recovery time should be kept to a minimum. The administrator decides that backing up all the data that has changed during the last shift is the best way to go. This would be considered a: A. differential backup. B. incremental backup. C. shadow copy. D. full backup.
Answer: B
QUESTION NO: 509 Both the client and the server authenticate before exchanging data. This is an example of: A. biometrics. B. multifactor authentication. C. mutual authentication. D. SSO. Answer: C
Ac
tua
lTe
Users should be able to access their email and several secure applications from any workstation on the network. Additionally, the administrator has implemented an authentication system requiring the use of a username, password, and a company issued smart card. Which of the following is this an example of?
sts
.co
Answer: A
147
CompTIA SY0-201: Practice Exam QUESTION NO: 510 Which of the following could be used to institute a tunneling protocol for security? A. IPX/SPX B. EAP C. IPSec D. FTP Answer: C
QUESTION NO: 511 Which of the following is an encryption program used to secure email and voice over the Internet? A. PGP B. S/MIME C. ECC D. Blowfish Answer: A
Which of the following is used for securing communication between a client and a server? A. NTLM B. SHA-1 C. MD5 D. SMTP Answer: A
QUESTION NO: 513 Which of the following processes are used to monitor and protect the DNS server? A. Ping the DNS server every minute to verify connectivity. B. Use personal firewalls to block port 53 C. Check DNS records regularly. D. Set PTR records to purge daily.
Ac
tua
lTe
sts
.co
148
QUESTION NO: 514 Which of the following is the MOST effective method for stopping a phishing attempt? A. Up-to-date antivirus definitions B. Paper shredders C. User education D. SPAM filters Answer: C
Answer: B
Which of the following would allow for a network to remain operational after a T1 failure? A. Uninterruptible Power Supply (UPS) B. Redundant ISP C. Redundant servers D. RAID 5 drive array Answer: B
QUESTION NO: 517 Which of the following asymmetric encryption algorithms was utilized FIRST?
Ac
tua
lTe
sts
.co
A corporation has a contractual obligation to provide a certain amount of system uptime to a client. Which of the following is this contract an example of?
149
QUESTION NO: 518 A ticket granting server is an important concept in which of the following authentication models? A. PAP B. RADIUS C. Kerberos D. CHAP Answer: C
Which of the following is an example of two-factor authentication? A. User ID and password B. Smart card and PIN C. Fingerprint reader and iris scanner D. Smart card and ID badge Answer: B
Which of the following could physically damage a device if a long term failure occurred? A. OVAL B. HVAC C. Battery backup system D. Shielding Answer: B
Ac
tua
lTe
sts
.co
150
CompTIA SY0-201: Practice Exam QUESTION NO: 521 Which of the following is the easiest way to disable a 10Base2 network? A. Introduce crosstalk. B. Install azombiE. C. Remove a terminator. D. Remove a vampire tap. Answer: C
QUESTION NO: 522 Which of the following is the BEST method for securing the data on a coaxial network? A. Weld all terminators to the cable ends. B. Run all cables through a conduit. C. Make sure all terminators aregroundeD. D. Run all new cables parallel to existing alternating current (AC) cabling. Answer: B
Which of the following is the weakest password? A. Indu5tr1als B. F%r3Walke3r C. C0mpt!a2**8 D. P^s5W0rd Answer: A
QUESTION NO: 524 Which of the following is the GREATEST security risk regarding removable storage? A. Integrity of data B. Not enough space available C. Availability of data D. Confidentiality of data
Ac
tua
lTe
sts
.co
151
QUESTION NO: 525 Which of the following mimics a legitimate program in order to steal sensitive data? A. Botnet B. Worm C. Spam D. Trojan Answer: D
Answer: A
A manager needs to control employee overtime. Which of the following would BEST allow for the manager to control when the employees are on the network? A. Access control list B. User account expiration C. Time of day restriction D. Domain password policy Answer: C
Ac
tua
lTe
sts
.co
Which of the following allows for a user to have only the minimum level of access required for their job duties?
152
CompTIA SY0-201: Practice Exam A. Encrypting the data payload and computing a unique mathematic identifier in order to detect change during transport. B. Computing a unique mathematic identifier in order to prevent change during transport. C. Encrypting the data payload and computing a unique mathematic identifier in order to prevent change during transport. D. Computing a unique mathematic identifier in order to detect change during transport. Answer: D
QUESTION NO: 529 Which of the following is MOST likely to crash a workstation? A. Vulnerability assessment B. Protocol analyzer C. Penetration test D. Networkmapper Answer: C
Which of the following is the critical piece of an encrypted communication that must be kept secret? A. The key exchange algorithm B. The initial salt value C. The encryption algorithm D. The final CRC of the key packet Answer: B
QUESTION NO: 531 A PC is rejecting push updates from the server; all other PCs on the network are accepting the updates successfully. Which of the following should the administrator check FIRST? A. Pop-up blocker B. Local firewall C. Password expiration D. Anti-spyware "Pass Any Exam. Any Time." - www.actualtests.com 153
Ac
tua
lTe
sts
.co
QUESTION NO: 532 Which of the following describes an encrypted connection across public communication lines? A. TACACS B. VPN C. EAP D. CHAP Answer: B
Answer: C
A. The antivirus settings on the local PC B. The antivirus settings on the remote PC C. The HIPS on the remote PC D. The HIPS on the local PC Answer: C
QUESTION NO: 535 All of the following are considered key exchange protocols EXCEPT:
Ac
All PCs in a network share a single administrator ID and password. When the administrator attempts to remotely control a users PC the attempt fails. Which of the following should the administrator check FIRST?
tua
lTe
sts
A. A review of NTLM hashes on the domain servers B. A review of group policies C. A review of user access and rights D. A review of storage and retention policies
.co
After a period of high employee turnover, which of the following should be implemented?
154
QUESTION NO: 536 Which of the following keys is generally applied FIRST to a message digest to provide nonrepudiation using asymmetric cryptography? A. Privatekey of the receiver B. Privatekey of the sender C. Public key of the sender D. Public key of the receiver Answer: B
Answer: A
QUESTION NO: 538 All of the following are organizational policies that reduce the impact of fraud EXCEPT: A. separation of duties. B. password complexity rules. C. job rotation. D. escorting procedures. Answer: B
Ac
tua
lTe
sts
.co
155
CompTIA SY0-201: Practice Exam QUESTION NO: 539 A technician is conducting a forensics analysis on a computer system. Which of the following should be done FIRST? A. Look for hidden files. B. Analyze temporary files. C. Get a binary copy of the system. D. Search for Trojans. Answer: C
Which of the following IDS generally follows a learning process? A. Anomaly-based IDS B. Signature-based IDS C. Event-based IDS D. Rule-based IDS Answer: A
QUESTION NO: 542 Which of the following algorithms is faster when encrypting data? A. Symmetric key algorithms B. Public key algorithms C. Whole disk encryption algorithms "Pass Any Exam. Any Time." - www.actualtests.com 156
Ac
tua
lTe
Answer: D
sts
A. Contain the attack. B. Respond to the attacker. C. Disconnect the system from the network. D. Follow the incident management procedure inplacE.
.co
A technician noticed a remote attack taking place on a system. Which of the following should be done FIRST?
QUESTION NO: 543 Which of the following is a reason why DNS logs should be archived? A. For complying with payment card industry (PCI) requirements B. For complying with PII requirements C. For use in disaster recovery of the DNS server D. For use in an investigation in the future Answer: D
Answer: A
Which of the following logs shows when the workstation was last shutdown? A. DHCP B. Security C. Access D. System Answer: D
QUESTION NO: 546 Which of the following is a best practice auditing procedure?
Ac
tua
lTe
A. Copy or save the logs to a remote log server. B. Log all failed and successful login attempts. C. Deny administrators all access to log files to prevent write failures. D. Change security settings to avoid corruption.
sts
.co
157
CompTIA SY0-201: Practice Exam A. Mitigate vulnerabilities B. Review user access and rights C. Set strong password requirements D. Draft an email retention policy Answer: B
QUESTION NO: 547 Which of the following tools is commonly used to detect security anomalies on a host? A. A file system integrity checker B. A TACACS+ implementation C. A remote protocol analyzer D. A networkmapper Answer: A
Snort, TCPDump and Wireshark are commonly used for which of the following? A. Port scanning B. Host monitoring C. DDOS attacks D. Network sniffing Answer: D
Which of the following would typically require the use of a network protocol analyzer? A. Determining who logged on to a machine last night atmidnight B. Determining how many users are logged onto the domain controller C. Determining why authentication between two machines failed D. Determining what the speed is on the external interface of a firewall Answer: C
Ac
tua
lTe
sts
.co
158
CompTIA SY0-201: Practice Exam QUESTION NO: 550 Which of the following security related anomalies are MOST likely to be detected by a protocol analyzer? A. Many malformed or fragmented packets B. Decryption of encrypted network traffic C. Disabled network interface on a server D. Passive sniffing of local network traffic Answer: A
Malware that uses virtualization techniques can be difficult to detect because of which of the following? A. A portion of the malware may have been removed by the IDS. B. The malware may be using a Trojan to infect the system. C. The malware may be implementing a proxy server for command and control. D. The malware may be running at a more privileged level than the antivirussoftwarE. Answer: D
QUESTION NO: 553 Which of the following is a reason why virtualization techniques are often used to implement a honeynet? A. To reduce the number of physical devices needed "Pass Any Exam. Any Time." - www.actualtests.com 159
Ac
tua
lTe
Answer: B
sts
.co
Users and computers are generally grouped into domains for security purposes. Which of the following is a common attribute used to determine which domain a user or computer belongs to?
CompTIA SY0-201: Practice Exam B. To hide the encryption being used in thehoneynet C. To slow the intruders network connection speed D. To reduce the number of connections allowed Answer: A
QUESTION NO: 554 Which of the following is an industry standard for remote logging? A. ipfilter B. RDP C. rlogin D. syslog Answer: D
QUESTION NO: 555 Audit trails are used for which of the following? A. Availability B. Accountability C. Authorization D. Continuity Answer: B
Which of the following can be used to centrally manage security settings? A. Cross-site scripting B. Group policy C. Service pack D. NIDS Answer: B
Ac
tua
lTe
sts
.co
160
CompTIA SY0-201: Practice Exam Which of the following is a best practice disaster recovery strategy? A. Use a reciprocal agreement. B. Spend at least 5% of the IT budget. C. Hire an independent consultant. D. Test the recovery plan. Answer: D
QUESTION NO: 558 Which of the following activities is MOST closely associated with DLL injection? A. Penetration testing B. Network mapping C. Vulnerability assessment D. SQL servers Answer: A
Which of the following is true about penetration testing or vulnerability assessments? A. Vulnerability assessment verifies incidence response B. Penetration testing removes malware if found during a scan C. Vulnerability assessment exploits a weakness in a system D. Penetration testing exploitsa vulnerability Answer: D
QUESTION NO: 560 Which of the following is a security risk of not password protecting the BIOS? A. The system may be changed to boot from alternativemediA. B. The antivirus software will not run because it needs a BIOSpassworD. C. A virus may corrupt the SCSI settings and the system will not boot. D. The authentication system may besubverteD. Answer: A
Ac
tua
lTe
sts
.co
161
CompTIA SY0-201: Practice Exam QUESTION NO: 561 Executing proper logging procedures would be the proper course of action in which of the following scenarios? (Select TWO). A. Need to prevent access to a file or folder B. Need to know which files have been accessed C. Need to know who is logging on to the system D. Need to prevent users from logging on to the system E. Need to capture monitor network traffic in real time Answer: B,C
QUESTION NO: 562 Executing proper logging procedures would facilitate which of the following requirements? A. Ignore suspicious queries to the DNS server. B. Investigate suspicious queries to the DNS server. C. Block suspicious queries to the DNS server. D. Monitor suspicious queries to the DNS server in realtimE.
Which of the following is a concern when setting logging to a debug level? A. The log may fill up with extraneous information. B. The device or application will only operate in testmodE. C. Some important events will not getloggeD. D. The events may not contain enough details. Answer: A
QUESTION NO: 564 Which of the following should be considered when executing proper logging procedures? (Select TWO). A. The information that is needed to reconstruct events B. The number of disasters that may occur in one year "Pass Any Exam. Any Time." - www.actualtests.com 162
Ac
tua
lTe
Answer: B
sts
.co
CompTIA SY0-201: Practice Exam C. The password requirements for user accounts D. The virtual memory allocated on the log server E. The amount of disk space required Answer: A,E
QUESTION NO: 565 Which of the following malicious activities might leave traces in a DNS log file? A. Hijacking B. Poisoning C. Caching D. Phishing Answer: B
Which of the following NAC scanning types is the LEAST intrusive to the client? A. Open ID B. Agent based C. Agentless D. ActiveX Answer: C
Common settings configured on an Internet content filtering device are database update settings, log settings and which of the following? A. False positive threshold B. Content rules C. Anomaly settings D. Performance settings Answer: B
Ac
tua
lTe
sts
.co
163
CompTIA SY0-201: Practice Exam QUESTION NO: 568 Which of the following activities commonly involves feedback from departmental managers or human resources? A. Clearing cookies from the browser B. Resetting an employee password C. User access and rights review D. Setting system performance baseline Answer: C
Answer: D
Which of the following is the BEST option for securing an email infrastructure? A. Set up an email proxy on the Internet and an email server in the internal network. B. Set up an email proxy on the Internet and an email server in the DMZ. C. Set up the email server in a DMZ. D. Set up an email proxy in the DMZ and the email server in the internal network. Answer: D
QUESTION NO: 571 Which of the following provides the BEST mechanism for non-repudiation? A. Encryption B. Message digests C. Digital signatures D. Message authentication codes "Pass Any Exam. Any Time." - www.actualtests.com 164
Ac
tua
lTe
sts
A. Accounts with weak passwords B. Passwords with dictionary words C. Passwordsthat are blank D. Accounts that need to be removed
.co
While auditing a list of active user accounts, which of the following may be revealed?
QUESTION NO: 572 Which of the following is the BEST logical access control method for controlling system access on teams working in shifts? A. Separation of duties B. Job rotation C. Time of day restrictions D. Least privilege Answer: C
QUESTION NO: 573 Which of the following key types does Kerberos use? A. Ticket Grating Service B. Symmetric keys C. Asymmetric keys D. Key Distribution Center Answer: C
Which of the following are recommended security measures when implementing system logging procedures? (Select TWO). A. Perform a binary copy of the system. B. Apply retention policies on the log files. C. Collect system temporary files. D. Perform hashing of the log files. E. Perform CRC checks. Answer: D,E
Ac
tua
lTe
sts
.co
165
CompTIA SY0-201: Practice Exam Which of the following should be considered when implementing logging controls on multiple systems? (Select TWO). A. VLAN segment of the systems B. Systems clock synchronization C. Systems capacity and performance D. External network traffic E. Network security zone of the systems Answer: B,C
Answer: A,C
All of the following are attributes of an x.509 certificate EXCEPT: A. the symmetric key of the owner. B. the public key of the owner. C. the version of the certificate. D. the issuer. Answer: A
Ac
tua
lTe
A. User account reports are periodically extracted from systems and employment verification isperformeD. B. User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes. C. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization. D. User accounts reports are periodically extracted from systems and end users are informed. E. User accounts reports are periodically extracted from systems and user access dates are verified
sts
.co
Which of the following BEST describes actions pertaining to user account reviews? (Select TWO).
166
CompTIA SY0-201: Practice Exam A user complains that pop-up windows continuously appear on their screen with a message stating that they have a virus and offering to see a program that will remove it. The technician is skeptical because the antivirus definitions on the machine are up-to-date. Which of the following BEST describes what the user is seeing? A. SQL injection B. Spyware C. Adware D. SMTP open relay Answer: C
Answer: B
Which of the following is the main difference between a substitution cipher and a transposition cipher when used to encode messages? A. One rearranges and replaces blocks while the other rearranges only. B. One replaces blocks with other blocks while the other rearranges only. C. One replaces blocks while the other rearranges and replaces only. D. One is a symmetric block cipher and the other isasymmetriC. Answer: B
QUESTION NO: 581 All of the following can be found in the document retention policy EXCEPT: A. type of storagemediA. B. password complexity rules.
Ac
tua
lTe
sts
.co
The GREATEST security concern in regards to data leakage with USB devices is:
167
CompTIA SY0-201: Practice Exam C. physical access controls. D. retention periods. Answer: B
QUESTION NO: 582 Which of the following reduces effectiveness when deploying and managing NIPS? A. Encrypting all network traffic B. Continued tuning C. Network placement D. Reviewing the logs
Answer: C
To prevent disk integrity errors due to small line-power fluctuations, a system administrator should install which of the following? A. Voltage regulator B. Line conditioner C. Battery backup D. Redundant power supplies Answer: B
Ac
tua
lTe
sts
Which of the following authentication methods prevents a replay attack from occurring?
.co
Answer: A
168
CompTIA SY0-201: Practice Exam Which of the following is the BEST way to mass deploy security configurations to numerous workstations? A. Securityhotfix B. Configuration baseline C. Patch management D. Security templates Answer: D
QUESTION NO: 586 Virtual machines are MOST often used by security researchers for which of the following purposes? A. To provide a secure virtual environment to conduct online deployments B. To provide a virtual collaboration environment to discuss security research C. To provide an environment where new network applications can be tested D. To provide an environment where malware can be executed with minimal risk to equipment and software Answer: D
Which of the following is a password cracker? A. CORE Impact B. Cain & Abel C. WireShark D. NMAP Answer: B
QUESTION NO: 588 Which of the following characteristics of RAID increases availability? A. Striping without parity B. Mirroring C. Kiting
Ac
tua
lTe
sts
.co
169
QUESTION NO: 589 A document shredder will BEST prevent which of the following? A. Dumpster diving B. Phishing C. Shoulder surfing D. Viruses Answer: A
Which of the following would BEST prevent the spread of a hoax? A. Chain of custody B. User education C. Up-to-date antivirus definitions D. Up-to-date anti-spyware definitions Answer: B
Which of the following is a term referring to the situation when a programmer leaves an unauthorized entry point into a program or system? A. Back door B. Default account C. Poisoning D. Privilege escalation Answer: A
Ac
tua
lTe
sts
.co
170
CompTIA SY0-201: Practice Exam Which of the following refers to a system that is unable to accept new TCP connections due to a SYN flood attack? A. Airsnort B. Smurf C. Teardrop D. DoS Answer: D
QUESTION NO: 593 Which of the following would refer to a key fob with a periodically changing number that is used as part of the authentication process? A. Installation key B. Biometric device C. Hardware lock D. Physical token Answer: D
Answer: D
QUESTION NO: 595 An attorney demands to know exactly who had possession of a piece of evidence at a certain time after seizure. Which of the following documents would provide this? A. Due diligence B. Chain of custody C. Due process
Ac
A. Smart card and a PIN B. Physical token and a password C. Fingerprint reader D. User ID and password
tua
lTe
sts
.co
171
QUESTION NO: 596 Which of the following prevents damage to evidence during forensic analysis? A. Write-only drive connectors B. Drive sanitization tools C. Read-only drive connectors D. Drive recovery tools Answer: C
Which of the following is a drawback of using PAP authentication? A. PAP only authenticates between same vendor servers. B. PAP requires that both workstations mutuallyauthenticatE. C. PAP changes its initialization vector with each packet. D. PAP sends all passwords across the network as clear text. Answer: D
Which of the following BEST describes using a third party to store the public and private keys? A. Public key infrastructure B. Recovery agent C. Key escrow D. Registration authority Answer: C
QUESTION NO: 599 Which of the following requires the server to periodically request authentication from the client?
Ac
tua
lTe
sts
.co
172
QUESTION NO: 600 A biometric fingerprint scanner is an example of which of the following? A. Two-factor authentication B. SSO C. Three-factor authentication D. Single-factor authentication Answer: D
Answer: B
QUESTION NO: 602 Which of the following would be disabled to prevent SPIM? A. P2P B. ActiveX controls C. Instant messaging D. Internet mail Answer: C
Ac
tua
lTe
A user ID, PIN, and a palm scan are all required to authenticate a system. Which of the following is this an example of?
sts
.co
173
CompTIA SY0-201: Practice Exam QUESTION NO: 603 A user sees an MD5 hash number beside a file that they wish to download. Which of the following BEST describes a hash? A. A hash is a unique number that is generated based upon the TCP/IP transmission header and should be verified beforedownloaD. B. A hash is a unique number that is generated based upon the files contents and used as the SSL key duringdownloaD. C. A hash is a unique number that is generated after the file has been encrypted and used as the SSL key duringdownloaD. D. A hash is a unique number that is generated based upon the files contents and should be verified after download. Answer: D
Answer: B
Which of the following would give a technician the MOST information regarding an external attack on the network? A. Internet content filter B. Proxy server C. NIDS D. Firewall Answer: C
QUESTION NO: 606 "Pass Any Exam. Any Time." - www.actualtests.com 174
Ac
tua
lTe
A. The PKI CA is relocateD. B. The backup generator activates. C. The single point of failure isremedieD. D. Full electrical service isrestoreD.
sts
According to a good disaster recovery plan, which of the following must happen during a power outage before an uninterruptible power supply (UPS) drains its battery?
.co
CompTIA SY0-201: Practice Exam Which of the following would BEST prevent night shift workers from logging in with IDs and passwords stolen from the day shift workers? A. Account expiration B. Time of day restriction C. Account lockout D. Domain password policy Answer: B
QUESTION NO: 607 Which of the following would BEST ensure that users have complex passwords? A. ACL B. Domain password policy C. Logical tokens D. Time of day restrictions Answer: B
Answer: A
QUESTION NO: 609 Which of the following would BEST allow an administrator to find the IP address of an external attacker? A. Antivirus logs B. DNS logs C. Firewall logs
Ac
tua
A technician finds that a malicious user has introduced an unidentified virus to a single file on the network. Which of the following would BEST allow for the user to be identified?
lTe
sts
.co
175
QUESTION NO: 610 After performing a vulnerability analysis and applying a security patch, which of the following nonintrusive actions should an administrator take to verify that the vulnerability was truly removed? A. Apply a security patch from the vendor. B. Perform a penetration test. C. Repeat the vulnerability scan. D. Update the antivirus definition file.
Answer: C
Which of the following BEST allows for a high level of encryption? A. AES with ECC B. DES with SHA-1 C. PGP with SHA-1 D. 3DES with MD5 Answer: A
Ac
tua
lTe
sts
Which of the following could be used by a technician needing to send data while ensuring that any data tampering is easily detectible?
.co
Answer: C
176
CompTIA SY0-201: Practice Exam Which of the following is the primary security risk associated with removable storage? A. Availability B. Confidentiality C. Injection D. Integrity Answer: B
QUESTION NO: 614 After reading about the vulnerability issues with open SMTP relays, a technician runs an application to see if port 25 is open. This would be considered a: A. networkmapper. B. protocol analyzer. C. vulnerabilityscan. D. port scan. Answer: D
QUESTION NO: 616 Which of the following backup techniques resets the archive bit and allows for the fastest recovery?
Ac
A companys accounting application requires users to be administrators for the software to function correctly. Because of the security implications of this, a network administrator builds a user profile which allows the user to still use the application but no longer requires them to have administrator permissions. Which of the following is this an example of?
tua
lTe
sts
.co
177
CompTIA SY0-201: Practice Exam A. Full backup B. Shadow copies C. Differential backup D. Incremental backup Answer: A
QUESTION NO: 617 The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p.m. The file server crashes on Wednesday afternoon; how many tapes will the technician need to restore the data on the file server for Thursday morning? A. One B. Two C. Three D. Four Answer: C
Answer: C
QUESTION NO: 619 Which of the following would define document destruction requirements? A. ACL B. User access and rights review policies C. Group policy D. Storage and retention policies "Pass Any Exam. Any Time." - www.actualtests.com 178
Ac
A. Full backups every day B. Daily differential backups C. Full backups weekly with differential backups daily D. Weekly differential with incremental backups daily
tua
A company is addressing backup and recovery issues. The company is looking for a compromise between speed of backup and speed of recovery. Which of the following is the BEST recommendation?
lTe
sts
.co
QUESTION NO: 620 Part of a standard policy for hardening workstations and servers should include applying the company security template and: A. installing the NIDS. B. closing unnecessary network ports. C. applying all updates, patches andhotfixes immediately. D. disabling SSID broadcast. Answer: B
Setting a baseline is required in which of the following? (Select TWO). A. Anomaly-based monitoring B. NIDS C. Signature-based monitoring D. NIPS E. Behavior-based monitoring Answer: A,D
Which of the following hidden programs gathers information with or without the users knowledge with the primary purpose of advertising? A. Worm B. Trojan C. Spyware D. Virus Answer: C
Ac
tua
lTe
sts
.co
179
CompTIA SY0-201: Practice Exam Which of the following provides best practice with a wireless network? A. WPA B. WPA with RADIUS C. 3DES with RADIUS D. WEP 128-bit Answer: B
QUESTION NO: 624 Which of the following sites has the means (E. g. equipment, software, and communications) to facilitate a full recovery within minutes? A. Warm site B. Hot site C. Reciprocal site D. Cold site Answer: B
A. HVAC B. Card access system C. Off-site data storage D. Logical access E. Utilities F. Fire detection Answer: A,E,F
QUESTION NO: 626 Which of the following security steps must a user complete before access is given to the network? A. Authentication and password B. Identification and authentication
Ac
tua
When conducting an environmental security assessment, which of the following items should be included in the assessment? (Select THREE).
lTe
sts
.co
180
CompTIA SY0-201: Practice Exam C. Identification and authorization D. Authentication and authorization Answer: B
QUESTION NO: 627 When placing a NIDS onto the network, the NIC has to be placed in which of the following modes to monitor all network traffic? A. Promiscuous B. Full-duplex C. Auto D. Half-duplex Answer: A
An administrator wants to obtain a view of the type of attacks that are being targeted against the network perimeter. The recommended placement of a NIDS would be: A. inside the proxy. B. inside the DMZ. C. outside the proxy. D. outside the firewall. E. inside the firewall. Answer: D
QUESTION NO: 629 Once a system has been compromised, often the attacker will upload various tools that can be used at a later date. The attacker could use which of the following to hide these tools? A. Logic bomb B. Rootkit C. Virus D. Trojan Answer: B
Ac
tua
lTe
sts
.co
181
QUESTION NO: 630 Which of the following is the perfect encryption scheme and is considered unbreakable when properly used? A. Running key cipher B. Concealment cipher C. One-time pad D. Steganography Answer: C
Answer: D
Which of the following is the MOST basic form of IDS? A. Signature B. Behavioral C. Statistical D. Anomaly Answer: A
QUESTION NO: 633 Which of the following BEST applies to steganography? A. Algorithms are not used to encryptdatA.
Ac
tua
lTe
sts
A. Receivers private key B. Receivers public key C. Senders public key D. Senders private key
.co
When using a digital signature, the message digest is encrypted with which of the following keys?
182
CompTIA SY0-201: Practice Exam B. Algorithms are used to encryptdatA. C. Keys are used to encryptdatA. D. Keys are concealed in thedatA. Answer: A
QUESTION NO: 634 Which of the following can steganography be used for? A. Watermark graphics for copyright. B. Decrypt data in graphics. C. Encrypt a message in WAV files. D. Encrypt data in graphics. Answer: A
Answer: D
Which of the following BEST describes how steganography can be accomplished in graphic files? A. Replacing the most significant byte of each bit B. Replacing the least significant byte of each bit C. Replacing the most significant bit of each byte D. Replacing the least significant bit of each byte Answer: D
Ac
tua
A. encrypt and conceal messages in microdots. B. decrypt data stored in unused disk spacE. C. encrypt and decrypt messages in graphics. D. hide and conceal messages in WAV files.
lTe
sts
.co
183
CompTIA SY0-201: Practice Exam An application developer is looking for an encryption algorithm which is fast and hard to break if a large key size is used. Which of the following BEST meets these requirements? A. Transposition B. Substitution C. Symmetric D. Asymmetric Answer: C
QUESTION NO: 638 Which of the following if used incorrectly would be susceptible to frequency analysis? A. Asymmetric algorithms B. Transposition ciphers C. Symmetric algorithms D. Stream ciphers Answer: B
A. log details and level of verbose logging. B. time stamping and integrity of the logs. C. performance baseline and audit trails. D. log storage and backup requirements. Answer: C
QUESTION NO: 640 Which of the following BEST describes when a hashing algorithm generates the same hash for two different messages? A. A hashing chain occurred.
Ac
tua
An administrator in an organization with 33,000 users would like to store six months of Internet proxy logs on a dedicated logging server for analysis and content reporting. The reports are not time critical, but are required by upper management for legal obligations. All of the following apply when determining the requirements for the logging server EXCEPT:
lTe
sts
.co
184
CompTIA SY0-201: Practice Exam B. A deviation occurred. C. A collision occurred. D. A one-way hash occurred. Answer: C
QUESTION NO: 641 Which of the following is BEST known for self-replication in networks? A. Spyware B. Worm C. Spam D. Adware Answer: B
Which of the following security threats affects PCs and can have its software updated remotely by a command and control center? A. Zombie B. Worm C. Virus D. Adware Answer: A
Multiple web servers are fed from a load balancer. Which of the following is this an example of? A. RAID B. Backup generator C. Hot site D. Redundant servers Answer: D
Ac
tua
lTe
sts
.co
185
CompTIA SY0-201: Practice Exam QUESTION NO: 644 An outside auditor has been contracted to determine if weak passwords are being used on the network. To do this, the auditor is running a password cracker against the master password file. Which of the following is this an example of? A. Vulnerability assessment B. Fingerprinting C. Malware scan D. Baselining Answer: A
A. logic bombs cannot be sent through email. B. logic bombs cannot spread from computer to computer. C. logic bombs always contain a Trojan component. D. logic bombs always have a date or time component. Answer: D
QUESTION NO: 647 A firewall differs from a NIDS in which of the following ways? A. A firewall attempts to detect patterns and a NIDS operates on a rule list. B. A firewall operates on a rule list and a NIDS attempts to detect patterns. C. A firewall prevents inside attacks and a NIDS prevents outside attacks. "Pass Any Exam. Any Time." - www.actualtests.com 186
Ac
tua
lTe
Answer: D
sts
A. are sometimes able to crack both passwords and physical tokens. B. cannot exploit weaknesses in encryption algorithms. C. cannot be run remotely. D. are sometimes able to crack both Windows and UNIX passwords.
.co
CompTIA SY0-201: Practice Exam D. A firewall prevents outside attacks and a NIDS prevents inside attacks. Answer: B
QUESTION NO: 648 A vulnerability has recently been identified for a servers OS. Which of the following describes the BEST course of action? A. Shutdown all affected servers until management can benotifieD. B. Visit a search engine and search for a possible patch. C. Wait for an automatic update to be pushed out to the server from the manufacturer. D. Visit the operating systemmanufacturers website for a possible patch.
Answer: A
An accountant has logged onto the company's external banking website. An administrator using a TCP/IP monitoring tool discovers that the accountant was actually using a spoofed banking website. Which of the following could have caused this attack? (Select TWO). A. Altered hosts file B. Networkmapper C. Packet sniffing D. DNS poisoning E. Bluesnarfing Answer: A,D
Ac
tua
lTe
sts
.co
Answer: D
187
CompTIA SY0-201: Practice Exam QUESTION NO: 651 Which of the following tools would be BEST for monitoring changes to the approved system baseline? A. Enterprise resource planning software B. Enterprise performance monitoring software C. Enterprise antivirus software D. Enterprise key management software Answer: B
Answer: B
A periodic security audit of group policy can: A. show that data is being correctly backed up. B. show that PII data is being properly protected. C. show that virus definitions are up to date on all workstations. D. show that unnecessary services are blocked on workstations. Answer: D
QUESTION NO: 654 Which of the following is the primary purpose of an audit trail? A. To detect when a user changes security permissions B. To prevent a user from changing security permissions C. To prevent a user from changing security settings D. To detect the encryption algorithm used for files "Pass Any Exam. Any Time." - www.actualtests.com 188
Ac
tua
lTe
sts
.co
All of the following security applications can proactively detect workstation anomalies EXCEPT:
QUESTION NO: 655 Which of the following describes a characteristic of the session key in an SSL connection? A. It issymmetriC. B. It is a hashvaluE. C. It isasymmetriC. D. It is an ellipticalcurvE. Answer: A
Answer: B
Which of the following describes how TLS protects against man-in-the-middle attacks? A. The client compares the actual DNS name of the server to the DNS name on thecertificatE. B. The client relies on the MD5 value sent by the server. C. The client compares the server certificate with the certificate listed on the CRL. D. The client relies on the MAC value sent by the server. Answer: A
QUESTION NO: 658 Which of the following is the primary purpose of removing audit logs from a server?
Ac
tua
lTe
sts
.co
Which of the following describes the cryptographic algorithm employed by TLS to establish a session key?
189
CompTIA SY0-201: Practice Exam A. To protect against the log file being changed B. To demonstrate least privilege to management C. To reduce network latency D. To improve the server performance Answer: A
QUESTION NO: 659 Which of the following describes a common problem encountered when conducting audit log reviews? A. The timestamp for the servers are not synchronized. B. The servers are not synchronized with the clients. C. The audit logs cannot be imported into a spreadsheet. D. The audit logs are pulled from servers on different days. Answer: A
Answer: D
QUESTION NO: 661 A technician is conducting a password audit using a password cracking tool. Which of the following describes a BEST business practice when conducting a password audit? A. Use password masking. B. Use hybridmodE. C. Reveal thepassworD. D. Single out the accounts to crack. "Pass Any Exam. Any Time." - www.actualtests.com 190
Ac
A. SSLv2 reduces serverperformancE. B. SSLv2 is susceptible to network sniffing. C. SSLv2 only uses message authentication code values. D. SSLv2 is susceptible to man-in-the-middle attacks.
tua
lTe
A technician is conducting a web server audit and discovers that SSLv2 is implementeD. The technician wants to recommend that the organization consider using TLS. Which of the following reasons could the technician use to support the recommendation?
sts
.co
QUESTION NO: 662 Which of the following is a security risk when using peer-to-peer software? A. Cookies B. Multiple streams C. Data leakage D. Licensing Answer: C
Answer: A
Heaps and stacks are susceptible to which of the following? A. Cross-site scripting B. Rootkits C. Buffer overflows D. SQL injection Answer: C
QUESTION NO: 665 All of the following are inline devices EXCEPT: A. NIPS.
Ac
tua
lTe
sts
.co
Which of the following overwrites the return address within a program to execute malicious code?
191
QUESTION NO: 666 Which of the following would a technician use to validate whether specific network traffic is indeed an attack? A. NIDS B. Firewall C. Honeypot D. Protocol analyzer Answer: D
Answer: B
QUESTION NO: 668 A technician wants better insight into the websites that employees are visiting.Which of the following is BEST suited to accomplish this? A. Proxy server B. DHCP server C. DNS server D. Firewall Answer: A
Ac
tua
lTe
Which of the following creates an emulated or virtual environment to detect and monitor malicious activity?
sts
.co
192
QUESTION NO: 669 Bluetooth discover mode is similar to which of the following? A. SSID broadcast B. Data emanation C. RF analysis D. Fuzzing Answer: A
QUESTION NO: 670 All of the following are Bluetooth threats EXCEPT: A. bluesnarfing. B. discoverymodE. C. blue jacking. D. asmurf attack. Answer: D
Which of the following is the BEST approach when reducing firewall logs? A. Review chronologically. B. Discard known traffic first. C. Search for encrypted protocolusagE. D. Review each protocol one at atimE. Answer: B
QUESTION NO: 672 In which of the following logs would notation of a quarantined file appear? A. Antivirus B. Firewall
Ac
tua
lTe
sts
.co
193
QUESTION NO: 673 Which of the following provides the MOST mathematically secure encryption for a file? A. 3DES B. One-time pad C. AES256 D. Elliptic curve
Answer: C
All of the following provide a host active protection EXCEPT: A. host-based firewall. B. antivirus. C. HIPS. D. HIDS. Answer: D
Ac
tua
lTe
sts
Which of the following encryption algorithms relies on the inability to factor large prime numbers?
.co
Answer: C
194
CompTIA SY0-201: Practice Exam Which of the following simplifies user and computer security administration? A. Encrypted file system (EFS) B. Printing policies C. Data retention D. Directory services Answer: D
QUESTION NO: 677 Which of the following is MOST likely to cause pop-ups? A. Botnets B. Adware C. Spam D. Rootkit Answer: B
Which of the following is MOST likely to open a backdoor on a system? A. Botnet B. Trojan C. Logic bomb D. Worm Answer: B
QUESTION NO: 679 If a company has a distributed IT staff, each being responsible for separate facilities, which of the following would be the BEST way to structure a directory information tree? A. By department B. By location C. By role D. By name Answer: B "Pass Any Exam. Any Time." - www.actualtests.com 195
Ac
tua
lTe
sts
.co
QUESTION NO: 680 A technician wants to be able to add new users to a few key groups by default, which of the following would allow this? A. Auto-population B. Template C. Default ACL D. Inheritance Answer: B
Answer: B
All of the following are logical access control methods EXCEPT: A. biometrics. B. ACL. C. software token. D. group policy. Answer: A
QUESTION NO: 683 Using the same initial computer image for all systems is similar to which of the following? A. Group policy
Ac
tua
lTe
sts
.co
196
CompTIA SY0-201: Practice Exam B. Virtual machine C. Configuration baseline D. Patch management Answer: C
QUESTION NO: 684 Which of the following has the LEAST amount of issues when inspecting encrypted traffic? A. Antivirus B. Firewall C. NIDS D. NIPS Answer: A
A technician has come across content on a server that is illegal. Which of the following should the technician do? A. Stop and immediately make a backup of the account and contact the owner of the data. B. Stop and immediatelyfollow company approved incident response procedures. C. Stop and immediately copy the system files and contact the ISP. D. Stop and immediately perform a full system backup and contact the owner of the data. Answer: B
Which of the following is a true statement in regards to incident response? A. The first thing a technician should perform is a file system backup. B. The first thing a technician should do is call in law enforcement. C. If a technician finds illegal content, they should follow company incident response procedures. D. If a technician finds illegal content, the first thing a technician should do is unplug the machine and back it up. Answer: C
Ac
tua
lTe
sts
.co
197
CompTIA SY0-201: Practice Exam QUESTION NO: 687 If a technician is unable to get to a website by its address but the technician can get there by the IP address, which of the following is MOST likely the issue? A. DHCP server B. DNS server C. Firewall D. Proxy server Answer: B
In a NIDS, which of the following provides a user interface? A. Filter B. Screen C. Console D. Appliance Answer: C
QUESTION NO: 690 An instance where an IDS identifies legitimate traffic as malicious activity is called which of the following? A. False positive B. True negative "Pass Any Exam. Any Time." - www.actualtests.com 198
Ac
tua
lTe
Answer: B
sts
.co
Which of the following is placed in promiscuous mode, in line with the data flow, to allow a NIDS to monitor the traffic?
QUESTION NO: 691 An instance where a biometric system identifies legitimate users as being unauthorized is called which of the following? A. False positive B. False negative C. False rejection D. False acceptance Answer: C
An instance where a biometric system identifies users that are authorized and allows them access is called which of the following? A. False negative B. True negative C. False positive D. True positive Answer: D
An instance where an IDS identifies malicious activity as being legitimate activity is called which of the following? A. False acceptance B. False positive C. False negative D. False rejection Answer: C
Ac
tua
lTe
sts
.co
199
CompTIA SY0-201: Practice Exam QUESTION NO: 694 An instance where a biometric system identifies unauthorized users and allows them access is called: A. false rejection. B. false negative. C. false acceptance. D. false positive. Answer: C
Answer: D
When choosing a disaster recovery site, which of the following is the MOST important consideration? A. The amount of data that will be stored B. The cost to rebuild the existing facility C. The amount of emergency rescue personnel D. The distance and size of the facility Answer: D
QUESTION NO: 697 Who should be notified FIRST before testing the disaster recovery plan? A. Senior management B. The physical security department C. All employees and key staff "Pass Any Exam. Any Time." - www.actualtests.com 200
Ac
tua
lTe
sts
A. financial obligations to stockholders. B. legal and financial responsibilities. C. data backups and recovery tapes. D. safety and welfare of personnel.
.co
When executing a disaster recovery plan the MOST important thing to consider is:
QUESTION NO: 698 Which of the following BEST describes the disaster recovery plan? A. A detailed process of recovering information or IT systems after a catastrophic event B. An emergency plan that will allow the company to recover financially C. A plan that is put in place to recover the company assets in an emergency D. A plan that is mandated by law to ensure liability issues are addressed in a catastrophiceventWBerlin Sans Answer: A
Which of the following is the MOST important consideration when developing a disaster recovery plan? A. Management buy-in B. The cost of the project C. The amount of personnel D. The planning team Answer: A
In order to provide management with a prioritized list of time critical business processes, an administrator would assist in conducting a: A. risk management matrix. B. business impact assessment. C. continuity of operations plan. D. disaster recovery plan. Answer: B
Ac
tua
lTe
sts
.co
201
CompTIA SY0-201: Practice Exam QUESTION NO: 701 Which of the following BEST allows a technician to mitigate the chances of a successful attack against the wireless network? A. Implement an identification system and WPA2 B. Implement a biometric system and WEP. C. Implement an authentication system and WPA. D. Implement an authentication system and WEP. Answer: C
Which of the following is the MOST likely reason that an attacker would use a DoS attack? A. The attacker is attempting to distract the company from the real underlining attack. B. The attacker wants to prevent authorized users from using a certain service. C. The attacker is working with outside entities to test thecompanys coding practices. D. The attacker is working with inside entities to test thecompanys firewall. Answer: B
QUESTION NO: 704 Which of the following is a way to gather reconnaissance information from a printer resource? A. HTTP B. SMTP C. RADIUS "Pass Any Exam. Any Time." - www.actualtests.com 202
Ac
tua
lTe
Answer: C
sts
A. An ACL is a way to secure traffic from one network to another. B. An implicitdeny statement denies all traffic from one network to another. C. Items which are not specifically given access are denied by default. D. Each item is denied by default because of the implicit deny.
.co
A technician is reviewing the system logs for a firewall and is told that there is an implicit deny within the ACL. Which of the following is an example of an implicit deny?
QUESTION NO: 705 A technician gets informed that there is a worm loose on the network. Which of the following should the technician review to discover the internal source of the worm? A. Maintenance logs B. Antivirus logs C. Performance logs D. Access logs
Answer: B
Which of the following would a Faraday cage prevent usage of? A. Cell phone B. USB key C. Uninterruptible Power Supply (UPS) D. Storage drive Answer: A
Ac
tua
lTe
sts
Which of the following BEST allows for the encryption of an entire hard drive?
.co
Answer: B
203
CompTIA SY0-201: Practice Exam Which of the following will allow a technician to block certain HTTP traffic from company staff members? A. VLAN B. Content filter C. DMZ D. NIDS Answer: B
QUESTION NO: 709 Which of the following is a security threat to a workstation that requires interaction from a staff member? A. Worm B. Logic bomb C. Virus D. Botnet Answer: C
A. BIOS password settings B. BIOS power on settings C. USB key settings D. BIOS boot options Answer: A
QUESTION NO: 711 Which of the following ports need to be open to allow a user to login remotely onto a workstation? A. 53 B. 636 C. 3389
Ac
tua
Which of the following will prevent a person from booting into removal storage media if the correct boot sequence is already set?
lTe
sts
.co
204
QUESTION NO: 712 Which of the following, if intercepted, could allow an attacker to access a users email information? A. Browser cookies B. Cross-site scripting C. Cell traffic D. SMTP traffic Answer: A
Answer: B
Which of the following is the MOST effective application to implement to identify malicious traffic on a server? A. Personal software firewall B. Enterprise software firewall C. Antivirus software D. HIDS software Answer: D
Ac
tua
lTe
sts
Which of the following would allow a technician to minimize the risk associated with staff running port scanners on the network?
.co
205
CompTIA SY0-201: Practice Exam Which of the following is the MOST appropriate type of software to apply on a workstation that needs to be protected from other locally accessible workstations? A. Antivirus software B. Personal software firewall C. Pop-up blocker software D. HIDS Answer: B
QUESTION NO: 716 Which of the following is a way for a technician to identify security changes on a workstation? A. Group policy management B. Service pack application C. Security templates D. Configuration baseline Answer: D
Which of the following is a way to correct a single security issue on a workstation? A. A patch B. A service pack C. Patch management D. Configuration baseline Answer: A
QUESTION NO: 718 Which of the following protects a home user from the Internet? A. HIDS B. Personal firewall C. Anti-malware software D. Antivirus application Answer: B "Pass Any Exam. Any Time." - www.actualtests.com 206
Ac
tua
lTe
sts
.co
QUESTION NO: 719 Computer equipment has been stolen from a companys office. To prevent future thefts from occurring and to safeguard the companys trade secrets which of the following should be implemented? A. Video surveillance and access logs B. ID badges and passwords C. Multifactor authentication D. Hardware locks and door access systems Answer: D
Which of the following is the primary purpose for a physical access log in a data center? A. Maintain a list of personnel who exit the facility. B. Allow authorized personnel access to the data center. C. Prevent unauthorized personnel access to the data center. D. Maintain a list of personnel who enter the facility. Answer: D
Which of the following biometric authentication devices also carries significant privacy implications due to personal health information that can be discovered during the authentication process? A. Iris scanner B. Fingerprint scanner C. Retina scanner D. Facial recognition Answer: C
QUESTION NO: 722 An administrator has already implemented two-factor authentication and now wishes to install a third authentication factor. If the existing authentication system uses strong passwords and PKI "Pass Any Exam. Any Time." - www.actualtests.com 207
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam tokens which of the following would provide a third factor? A. Pass phrases B. Elliptic curve C. Fingerprint scanner D. Six digit PINs Answer: C
QUESTION NO: 723 A biometric authentication system consists of all of the following components EXCEPT: A. reader. B. credentialstorE. C. hardware token. D. supplicant. Answer: C
Which of the following is an example of remote authentication? A. A user on a campus area network (CAN) connects to a server in another building and enters a username and password pair. B. A user in one building logs on to the network by entering a username and password into a host in the same building. C. A user on a metropolitan area network (MAN) accesses a host by entering a username and password pair while not connected to the LAN. D. A user in one city logs onto a network by connecting to a domain server in another city. Answer: D
QUESTION NO: 725 Which of the following is a three-factor authentication system? A. Username, password, token and iris scanner B. Password, passphrase, PIN and iris scanner C. PIN, palm recognition scanner and passphrase
Ac
tua
lTe
sts
.co
208
CompTIA SY0-201: Practice Exam D. Username, PIN and fingerprint reader Answer: A
QUESTION NO: 726 Which of the following is an acceptable group in which to place end users? A. Administrators B. Backup operators C. Domain users D. Root Answer: C
Answer: D
According to industry best practices, administrators should institute a mandatory rotation of duties policy due to which of the following? A. To detect outside attackers B. To detect malware C. To detect viruses D. To detect an inside threat Answer: D
Ac
tua
lTe
A. Continuity of operations in the event of a spam outbreak B. Continuity of operations in the event of a virus outbreak C. Continuity of operations in the event of future growth of the network D. Continuity of operations in the event of absence or accident
sts
According to industry best practices, administrators should institute a mandatory rotation of duties policy due to which of the following?
.co
209
CompTIA SY0-201: Practice Exam Which of the following is considered the strongest encryption by use of mathematical evaluation techniques? A. ROT13 B. DES C. AES D. 3DES Answer: C
QUESTION NO: 730 Which of the following should be implemented when protecting personally identifiable information (PII) and sensitive information on IT equipment that can be easily stolen (E. g. USB drive, laptops)? A. Sensitive file encryption B. Confidentiality C. Whole disk encryption D. Dual-sided certificates Answer: C
Which of the following is the BEST wireless security practice that could be implemented to prevent unauthorized access? A. WPA2 with a strong pass-phrase B. Disabling of the SSID broadcast C. WPA2 with TKIP D. WPA with MAC filtering Answer: C
QUESTION NO: 732 Which of the following can prevent malicious software applications from being introduced while browsing the Internet? A. Pop-up blockers
Ac
tua
lTe
sts
.co
210
CompTIA SY0-201: Practice Exam B. Anti-spyware scanners C. Input validation D. Strong authentication Answer: A
QUESTION NO: 733 Which of the following are reasons to implement virtualization technology? (Select TWO). A. To reduce recovery time in the event of application failure B. To decrease false positives on the NIDS C. To eliminate virtual redundancy D. To decrease access to security resources E. To provide a secure virtual environment for testing Answer: A,E
Answer: B
QUESTION NO: 735 After completing a risk assessment and penetration test against a network, a security administrator recommends the network owner take actions to prevent future security incidents. Which of the following describes this type of action? A. Risk acceptance B. Risk avoidance C. Risk mitigation D. Risk transference
Ac
tua
lTe
Network security administrators should implement which of the following to ensure system abuse by administrators does not go undetected in the logs?
sts
.co
211
QUESTION NO: 736 Public key infrastructure uses which of the following combinations of cryptographic items? A. One time keys, WEP and symmetric cryptography B. Private keys, public keys and asymmetric cryptography C. Private keys, public keys and ECC-based keys D. Public keys, symmetric keys and ECC-based keys Answer: B
Answer: C
In PKI, the CA is responsible for which of the following? A. Maintaining the CRL B. Maintaining the cipher block chain C. Maintaining all private keys D. Maintaining the browsers PKI store Answer: A
QUESTION NO: 739 In PKI, which of the following entities is responsible for publishing the CRL?
Ac
tua
lTe
sts
.co
An administrator wants to implement a procedure to control inbound and outbound traffic on a network segment. Which of the following would achieve this goal?
212
QUESTION NO: 740 Which of the following is a security risk associated with USB drives? A. Easy to conceal and detect B. Large storage capacity and high visibility C. Small storage capacity and low visibility D. Easy to conceal and large storage capacity Answer: D
Answer: A
QUESTION NO: 742 The availability of portable external storage such as USB hard drives has increased which of the following threats to networks? A. Introduction of material on to the network B. Introduction of rogue wireless access points C. Removal of sensitive and PII data D. Increased loss business data Answer: C
Ac
tua
A. New vector to introduce viruses and malware to the network B. War-dialingDoS attacks against the network C. War-drivingDDoS attacks against the network D. New vector to introduce VoIP to the network
lTe
Which of the following is a security risk associated with introducing cellular telephones with mobile OS installed on a closed network?
sts
.co
213
QUESTION NO: 743 An administrator finds a device attached between the USB port on a host and the attached USB keyboarD. The administrator has also noticed large documents being transmitted from the host to a host on an external network. The device is MOST likely which of the following? A. External USB drive B. In-line keystroke logger C. In-line network analyzer D. USB external hub Answer: B
A user is receiving an error which they have not seen before when opening an application. Which of the following is MOST likely the cause of the problem? A. A patch was pushed out. B. A signature update was completed on the NIPS. C. The NIDS baseline has been updateD. D. The HIDS baseline has been updateD.
Which of the following is used to encrypt email and create digital signatures? A. LDAP B. HTTPS C. S/MIME D. RSA Answer: C
QUESTION NO: 746 Which of the following can be used to encrypt FTP or telnet credentials over the wire?
Ac
tua
Answer: A
lTe
sts
.co
214
QUESTION NO: 747 Which of the following is a vulnerability assessment tool? A. John the Ripper B. Cain & Abel C. AirSnort D. Nessus Answer: D
Which of the following is a vulnerability scanner? A. John the Ripper B. Cain & Abel C. Microsoft Baseline Security Analyzer D. AirSnort Answer: C
Which of the following is a password cracking tool? A. Nessus B. AirSnort C. John the Ripper D. Wireshark Answer: C
Ac
tua
lTe
sts
.co
215
CompTIA SY0-201: Practice Exam QUESTION NO: 750 Which of the following is a protocol analyzer? A. John the Ripper B. WireShark C. Cain & Abel D. Nessus Answer: B
QUESTION NO: 751 Which of the following is a system setup to distract potential attackers? A. VLAN B. Firewall C. Honeypot D. DMZ Answer: C
Answer: D
QUESTION NO: 753 Which of the following should be checked if an email server is forwarding emails for another domain? A. DNS zone transfers B. SMTP open relay C. Cookies "Pass Any Exam. Any Time." - www.actualtests.com 216
Ac
tua
Changing roles every couple of months as a security mitigation technique is an example of which of the following?
lTe
sts
.co
QUESTION NO: 754 Which of the following will allow the running of a system integrity verifier on only a single host? A. HIDS B. NIDS C. VLAN D. NIPS Answer: A
Which of the following has the ability to find a rootkit? A. Adware scanner B. Malware scanner C. Email scanner D. Anti-spam scanner Answer: B
Which of the following will be prevented by setting a BIOS password? A. Amachine becoming infected with a virus B. Changing the system boot order C. Replacing a video card on a machine D. Amachine becoming infected with a botnet Answer: B
QUESTION NO: 757 Which of the following is a security limitation of virtualization technology?
Ac
tua
lTe
sts
.co
217
CompTIA SY0-201: Practice Exam A. It increases false positives on the NIDS. B. Patch management becomes more time consuming. C. A compromise of one instance will immediately compromise all instances. D. If an attack occurs, it could potentially disrupt multiple servers. Answer: D
QUESTION NO: 758 Which of the following must be used to setup a DMZ? A. Proxy B. NIDS C. Honeypot D. Router Answer: D
Which of the following would be used to push out additional security hotfixes? A. Patch management B. Configuration baseline C. Cookies D. Local security policy Answer: A
Which of the following would be used to allow a server to shut itself down normally upon a loss of power? A. Backup generator B. Redundant ISP C. Redundant power supply D. Uninterruptible Power Supply (UPS) Answer: D
Ac
tua
lTe
sts
.co
218
CompTIA SY0-201: Practice Exam QUESTION NO: 761 Which of the following is the BEST security measure to use when implementing access control? A. Password complexity requirements B. Time of day restrictions C. Changing default passwords D. Disabling SSID broadcast Answer: A
QUESTION NO: 762 Applying a service pack could affect the baseline of which of the following? A. Honeynet B. Heuristic-based NIDS C. Signature-based NIDS D. Signature-based NIPS Answer: B
Which of the following is the strongest encryption form that can be used in all countries? A. WPA2 B. TKIP C. WEP D. WPA Answer: C
QUESTION NO: 764 When would it be appropriate to use time of day restrictions on an account? A. In order to ensure false positives are not received during baseline testing B. To ensure the DMZ is not overloaded during server maintenance C. To eliminate attack attempts of the network during peak hours D. As an added security measure if employees work set schedules
Ac
tua
lTe
sts
.co
219
QUESTION NO: 765 Which of the following could be used to restore a private key in the event of a CA server crashing? A. Trust model verification B. Key escrow C. CRL D. Recovery agent Answer: D
Answer: D
Which of the following is MOST effective in preventing adware? A. Firewall B. HIDS C. Antivirus D. Pop-up blocker Answer: D
QUESTION NO: 768 Which of the following is the MOST important when implementing heuristic-based NIPS? A. Perform comprehensive heuristic-based analysis on the system.
Ac
tua
lTe
sts
.co
Which of the following is a possible security risk associated with USB devices?
220
CompTIA SY0-201: Practice Exam B. Enable automatic updates to the heuristicdatabasE. C. Ensure the network is secure when baseline isestablisheD. D. The brand of NIPS that is beinguseD. Answer: C
QUESTION NO: 769 Which of the following attacks enabling logging for DNS aids? A. Virus infections B. SQL injection C. Local hosts file corruption D. Botnet attacks Answer: D
Which of the following access control models uses roles to determine access permissions? A. MAC B. DAC C. RBAC D. None of the above. Answer: C
Most current encryption schemes are based on: A. digital rights management B. time stamps C. randomizing D. algorithms Answer: D
Ac
tua
lTe
sts
.co
221
CompTIA SY0-201: Practice Exam Which of the following types of cryptography is typically used to provide an integrity check? A. Public key B. Asymmetric C. Symmetric D. Hash Answer: C
QUESTION NO: 773 How is access control permissions established in the RBAC access control model? A. The system administrator. B. The owner of the resource. C. The role or responsibilities users have in the organization. D. None of the above. Answer: C
What does the DAC access control model use to identify the users who have permissions to a resource? A. Predefined access privileges. B. The role or responsibilities users have in the organization C. Access Control Lists D. None of the above. Answer: C
QUESTION NO: 775 Which of the following refers to the ability to be reasonably certain that data is not disclosed to unintended persons? A. Non-repudiation B. Integrity C. Authentication D. Confidentiality
Ac
tua
lTe
sts
.co
222
QUESTION NO: 776 Which of the following describes a type of algorithm that cannot be reversed in order to decode the data? A. Symmetric B. One Way Function C. Asymmetric D. Pseudorandom Number Generator (PRNG) Answer: B
QUESTION NO: 777 Secret Key encryption is also known as: A. symmetrical B. replay C. one way function. D. asymmetrical Answer: A
What does the MAC access control model use to identify the users who have permissions to a resource? A. Predefined access privileges. B. The role or responsibilities users have in the organization C. Access Control Lists D. None of the above Answer: A
QUESTION NO: 779 Which of the following statements regarding the MAC access control models is TRUE?
Ac
tua
lTe
sts
.co
223
CompTIA SY0-201: Practice Exam A. The Mandatory Access Control (MAC) model is a dynamic model. B. In the Mandatory Access Control (MAC) the owner of a resource establishes access privileges to that resource. C. In the Mandatory Access Control (MAC) users cannot share resources dynamically. D. The Mandatory Access Control (MAC) model is not restrictive. Answer: C
QUESTION NO: 780 Which of the following are types of certificate-based authentication? (Select TWO) A. Many-to-one mapping B. One-to-one mapping C. One-to-many mapping D. Many-to-many mapping Answer: A,B
Answer: A
QUESTION NO: 782 Documentation describing a group expected minimum behavior is known as: Documentation describing a group? expected minimum behavior is known as: A. the need to know B. acceptable usage C. the separation of duties D. a code of ethics
Ac
A. Disaster recovery plan B. Alternate sites C. Offsite storage D. Fault tolerant systems
tua
lTe
Which of the following would be MOST important to have to ensure that a company will be able to recover in case of severe environmental trouble or destruction?
sts
.co
224
QUESTION NO: 783 The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option that describes this flaw. A. The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. This creates a security loophole for Trojan horse attacks. B. The DAC (Discretionary Access Control) model uses certificates to control access to resources. This creates an opportunity for attackers to use your certificates. C. The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources. This allows anyone to use an account to access resources. D. The DAC (Discretionary Access Control) model does not have any known security flaws. Answer: A
A. Create mailbox, and file and printer roles. B. Create Finance, Sales, Research and Development, and Production roles. C. Create user and workstation roles. D. Create allow access and deny access roles. Answer: B
QUESTION NO: 785 Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item. A. MACs (Mandatory Access Control) method "Pass Any Exam. Any Time." - www.actualtests.com 225
Ac
tua
You work as the network administrator at Acme.com. The Acme.com network uses the RBAC (Role Based Access Control) model. You must plan the security strategy for users to access resources on the Acme.com network. The types of resources you must control access to are mailboxes, and files and printers. Acme.com is divided into distinct departments and functions named Finance, Sales, Research and Development, and Production respectively. Each user has its own workstation, and accesses resources based on the department wherein he/she works. You must determine which roles to create to support the RBAC (Role Based Access Control) model. Which of the following roles should you create?
lTe
sts
.co
CompTIA SY0-201: Practice Exam B. RBACs (Role Based Access Control) method C. LBACs (List Based Access Control) method D. DACs (Discretionary Access Control) method Answer: A
QUESTION NO: 786 A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems. Which of the following BEST describes this document? A. Privacy Act of 1974 B. Authorized Access Policy C. Due diligence form D. Acceptable Use Policy Answer: D
Answer: C
QUESTION NO: 788 Choose the terminology or concept which best describes a (Mandatory Access Control) model. A. Lattice B. Bell La-Padula C. BIBA D. Clark and Wilson Answer: A
Ac
tua
A. An email from the vendor B. A newsgroup or forum C. The manufacturer's website D. A CD-ROM
lTe
Which of the following is the BEST place to obtain a hotfix or patch for an application or system?
sts
.co
226
CompTIA SY0-201: Practice Exam QUESTION NO: 789 Which authentication method does the following sequence: Logon request, encrypts value response, server, challenge, compare encrypts results, authorize or fail referred to? A. Certificates B. Security Tokens C. CHAP D. Kerberos Answer: C
Answer: A
QUESTION NO: 791 To aid in preventing the execution of malicious code in email clients, which of the following should be done by the email administrator? A. Spam and anti-virus filters should be used B. Regular updates should be performed C. Preview screens should be disabled "Pass Any Exam. Any Time." - www.actualtests.com 227
Ac
A. If your token does not grant you access to certain information, that information will either not be displayed or your access will be denied. The authentication system creates a token every time a user or a session begins. At the completion of a session, the token is destroyed. B. A certificate being handed from the server to the client once authentication has been established. If you have a pass, you can wander throughout the network. BUT limited access is allowed. C. The authentication process uses a Key Distribution Center (KDC) to orchestrate the entire process. The KDC authenticates the network. Principles can be users, programs, or systems. The KDC provides a ticket to the network. Once this ticket is issued, it can be used to authenticate against other principles. This occurs automatically when a request or service is performed by another network. D. The initiator sends a logon request from the client to the server. The server sends a challenge back to the client. The challenge is encrypted and then sent back to the server. The server compares the value from the client and if the information matches, the server grants authorization. If the response fails, the session fails and the request phase starts over
tua
lTe
sts
.co
Which of the following statements is TRUE regarding the Security Token system?
CompTIA SY0-201: Practice Exam D. Email client features should be disabled Answer: A
QUESTION NO: 792 Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data? A. FTP B. Email C. Web D. DNS
Answer: D,E
Which of the following would be an easy way to determine whether a secure web page has a valid certificate? A. Right click on the lock at the bottom of the browser and check the certificate information B. ContactThawte or Verisign and ask about the web page C. Contact the web page's web master D. Ensure that the web URL starts with 'https:\\'. Answer: A
Ac
tua
lTe
sts
In addition to bribery and forgery, which of the following are the MOST common techniques that attackers use to socially engineer people? (Select TWO)
.co
Answer: A
228
CompTIA SY0-201: Practice Exam QUESTION NO: 795 A software or hardware device that allows only authorized network traffic in or out of a computer or network is called a: A. firewall B. packet sniffer C. honeypot D. anti-virus program Answer: A
QUESTION NO: 796 Which of the following types of attacks is BEST described as an attacker capturing part of a communication and later sending that communication segment to the server while pretending to be the client? A. TCP/IP hijacking B. Replay C. Back door D. Man in the middle Answer: B
QUESTION NO: 798 Which of the following network authentication protocols uses symmetric key cryptography, stores a shared key for each network resource and uses a Key Distribution "Pass Any Exam. Any Time." - www.actualtests.com 229
Ac
Malicious code that enters a target system, lays dormant until a user opens the certain program then deletes the contents of attached network drives and removable storage devices is known as a:
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam Center (KDC)? A. RADIUS B. TACACS+ C. Kerberos D. PKI Answer: C
QUESTION NO: 799 The risks of social engineering can be decreased by implementing: (Select TWO) A. security awareness training B. risk assessment policies C. operating system patching instructions D. vulnerability testing techniques E. identity verification methods Answer: A,E
Which of the following access control models uses subject and object labels? A. Mandatory Access Control (MAC) B. Role Based Access Control (RBAC) C. Rule Based Access Control (RBAC) D. Discretionary Access Control (DAC) Answer: A
QUESTION NO: 801 Which of the following access decisions are based on a Mandatory Access Control (MAC) environment? A. Access control lists B. Ownership C. Group membership D. Sensitivity labels
Ac
tua
lTe
sts
.co
230
QUESTION NO: 802 Audit log information can BEST be protected by: (Select TWO). A. using a VPN B. an IDS C. access controls that restrict usage D. an intrusion prevention system (IPS) E. recording to write-once media. F. a firewall that creates an enclave Answer: C,E
QUESTION NO: 804 A user downloads and installs a new screen saver and the program starts to rename and delete random files. Which of the following would be the BEST description of this program? A. Worm B. Virus C. Trojan horse D. Logic bomb Answer: C
Ac
Answer: E,F
tua
A. consume less bandwidth B. are not visible to an IDS C. provide root level access D. decrease the surface area for the attack E. are not typically configured correctly or secured F. sustain attacks that go unnoticed
lTe
sts
Non-essential services are often appealing to attackers because non-essential services: (Select TWO)
.co
231
CompTIA SY0-201: Practice Exam QUESTION NO: 805 Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software? A. Virus B. Worm C. Trojan horse D. Logic bomb Answer: B
Answer: D
Which of the following types of authentication BEST describes providing a username, password and undergoing a thumb print scan to access a workstation? A. Multifactor B. Mutual C. Biometric D. Kerberos Answer: A
QUESTION NO: 808 Which of the following steps is MOST often overlooked during the auditing process? A. Reviewing event logs regularly B. Enabling auditing on the system C. Auditing every system event "Pass Any Exam. Any Time." - www.actualtests.com 232
Ac
tua
lTe
sts
A. Log off the user B. Overwrite the oldest audit records C. Stop generating audit records D. Send an alert to the appropriate personnel
.co
Which of the following should be done if an audit recording fails in an information system?
QUESTION NO: 809 Kerberos uses which of the following ports by default? A. 23 B. 88 C. 139 D. 443 Answer: B
Answer: A
Spam is considered a problem even when deleted before being opened because spam: A. verifies the validity of an email address B. corrupts the mail file C. wastes company bandwidth D. installs Trojan horse viruses Answer: C
Ac
tua
lTe
A. Piggybacking B. Looking over a co-workersshould'er to retrieve information C. Looking through a co-worker's trash to retrieve information D. Impersonation
sts
Turnstiles, double entry doors and security guards are all prevention measures for which of the following types of social engineering?
.co
233
CompTIA SY0-201: Practice Exam Which of the following programming techniques should be used to prevent buffer overflow attacks? A. Input validation B. Nested loops C. Signed applets D. Automatic updates Answer: A
QUESTION NO: 813 Which of the following authentication systems make use of the KDC Key Distribution Center? A. Certificates B. Security Tokens C. CHAP D. Kerberos Answer: D
Answer: A
QUESTION NO: 815 Which of the following statements regarding authentication protocols is FALSE? A. PAP is insecure because usernames and passwords are sent over the network in clear text. B. CHAP is more secure than PAP because it encrypts usernames and passwords before they are sent over the network. C. RADIUS is a client/server-based system that provides authentication, authorization, and accounting services for remote dial-up access. "Pass Any Exam. Any Time." - www.actualtests.com 234
Ac
tua
Which of the following authentication methods increases the security of the authentication process because it must be in your physical possession?
lTe
sts
.co
CompTIA SY0-201: Practice Exam D. MS-CHAP version 1 is capable of mutual authentication of both the client and the server. Answer: D
QUESTION NO: 816 Which password management system best provides for a system with a large number of users? A. Self service password reset management systems B. Locally saved passwords management systems C. multiple access methods management systems D. synchronized passwords management systems Answer: A
Which definition best defines what a challenge-response session is? A. A challenge-response session is a workstation or system that produces a random challenge string that the user provides, when prompted, in conjunction with the proper PIN (Personal Identification Number). B. A challenge-response session is a workstation or system that produces a random login ID that the user provides, when prompted, in conjunction with the proper PIN (Personal Identification Number). C. A challenge-response session is a special hardware device used to produce random text in a cryptography system. D. A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated. Answer: A
QUESTION NO: 818 For which reason are clocks used in Kerberos authentication? A. Clocks are used to ensure proper connections. B. Clocks are used to ensure that tickets expire correctly. C. Clocks are used to generate the seed value for the encryptions keys. D. Clocks are used to both benchmark and specify the optimal encryption algorithm.
Ac
tua
lTe
sts
.co
235
QUESTION NO: 819 To reduce vulnerabilities on a web server, an administrator should adopt which of the following preventative measures? A. Use packet sniffing software on all inbound communications B. Apply the most recent manufacturer updates and patches to the server. C. Enable auditing on the web server and periodically review the audit logs D. Block all Domain Name Service (DNS) requests coming into the server. Answer: B
Which of the following is a common type of attack on web servers? A. Birthday B. Buffer overflow C. Spam D. Brute force Answer: B
The employees at a company are using instant messaging on company networked computers. The MOST important security issue to address when using instant messaging is that instant messaging: A. communications are a drain on bandwidth B. communications are open and unprotected C. has no common protocol D. uses weak encryption Answer: B
Ac
tua
lTe
sts
.co
236
CompTIA SY0-201: Practice Exam A VPN typically provides a remote access link from one host to another over: A. an intranet B. a modem C. a network interface card D. the Internet Answer: D
QUESTION NO: 823 Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received? A. Anti-aliasing B. Data integrity C. Asymmetric cryptography D. Non-repudiation Answer: D
Answer: B
QUESTION NO: 825 Which of the following is MOST often used to allow a client or partner access to a network? A. Extranet B. Intranet C. VLAN D. Demilitarized zone (DMZ)
Ac
tua
Which of the following portions of a company's network is between the Internet and an internal network?
lTe
sts
.co
237
QUESTION NO: 826 Which of the following types of firewalls provides inspection at layer 7 of the OSI model? A. Application-proxy B. Network address translation (NAT) C. Packet filters D. Stateful inspection Answer: A
Answer: C
Giving each user or group of users only the access they need to do their job is an example of which of the following security principals? A. Least privilege B. Defense in depth C. Separation of duties D. Access control Answer: A
QUESTION NO: 829 "Pass Any Exam. Any Time." - www.actualtests.com 238
Ac
tua
lTe
A. Install software patches. B. Disable non-essential services. C. Enforce the security policy. D. Password management
sts
A newly hired security specialist is asked to evaluate a company's network security. The security specialist discovers that users have installed personal software; the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Which of the following would be the FIRST step to take?
.co
CompTIA SY0-201: Practice Exam A company implements an SMTP server on their firewall. This implementation would violate which of the following security principles? A. Keep the solution simple B. Use a device as intended C. Create an in-depth defense D. Address internal threats Answer: B
QUESTION NO: 830 A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. Which of the following network devices should be used? A. Router B. Hub C. Switch D. Firewall Answer: C
A system administrator reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take? A. Notify management. B. Determine the business impact. C. Contact law enforcement officials. D. Contain the problem. Answer: D
QUESTION NO: 832 A companys security' specialist is securing a web server that is reachable from the Internet. The web server is located in the core internal corporate network. The network cannot be redesigned and the server cannot be moved. Which of the following should the security specialist implement to secure the web server? (Select TWO). "Pass Any Exam. Any Time." - www.actualtests.com 239
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam A. Router with an IDS module B. Network-based IDS C. Router with firewall rule set D. Host-based IDS E. Network-based firewall F. Host-based firewall Answer: D,F
QUESTION NO: 833 The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer. A. At the stage when the connection is established and at whichever time after the connection has been established. B. At the stage when the connection is established and when the connection is disconnected. C. At the stage when the connection is established. D. At the stage when the connection is disconnected. Answer: A
Which of the following are nonessential protocols and services? A. Network News Transfer Protocol (NNTP) B. TFTP (Trivial File Transfer Protocol). C. Domain Name Service (DNS) D. Internet Control Message Protocol (ICMP) Answer: B
QUESTION NO: 835 Which of the following protocols are not recommended due to them supplying passwords and information over the network? A. Network News Transfer Protocol (NNTP) B. SNMP (Simple Network Management Protocol). "Pass Any Exam. Any Time." - www.actualtests.com 240
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam C. Domain Name Service (DNS) D. Internet Control Message Protocol (ICMP) Answer: B
QUESTION NO: 836 Most key fob based identification systems use which of the following types of authentication mechanisms?(Select TWO). A. Kerberos B. Biometrics C. Username/password D. Certificates E. Token Answer: C,E
Answer: C
QUESTION NO: 838 Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with? A. Authentication B. Integrity C. Non-repudiation D. Confidentiality Answer: B
Ac
tua
lTe
Which of the following describes a server or application that is accepting more input than the server or application is expecting?
sts
.co
241
QUESTION NO: 839 Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as: A. a phishing attack B. a Trojan horse C. a man-in-the-middle attack D. social engineering Answer: D
Answer: A
Which of the following identifies the layer of the OSI model where SSL provides encryption? A. Application B. Network C. Session D. Transport Answer: C
Ac
tua
lTe
A. Avoid executing the file and contact the source website administrator B. Ignore the MD5 hash values because the values can change during IP fragmentation. C. Re-run the anti-virus program to ensure that it contains no virus execute D. Install the executable program because there was probably a mistake with the MD5 value.
sts
A security specialist has downloaded a free security software tool from a trusted industry site. The source has published the MD5 hash values for the executable program. The specialist performs a successful virus scan on the download but the MD5 hash is different. Which of the following steps should the specialist take?
.co
242
CompTIA SY0-201: Practice Exam Which of the following would be the BEST reason to disable unnecessary services on a server? A. Not starting a service will save system memory and reduce startup time. B. If a service doesn't support the function of the server the service won't be missed. C. Attack surface and opportunity for compromise are reduced D. Services can be re-enabled if needed at a later time Answer: C
QUESTION NO: 843 A user is assigned access rights explicitly. This is a feature of which of the following access control models? A. Discretionary Access Control (DAC) B. Mandatory Access Control (MAC) C. Rule Based Access Control (RBAC) D. Role Based Access Control (RBAC) Answer: A
Answer: B
QUESTION NO: 845 A user has received an email from a mortgage company asking for personal information including bank account numbers. This would BEST be described as: A. spam B. phishing C. packet sniffing
Ac
tua
Which of the following describes an attacker encouraging a person to perform an action in order to be successful?
lTe
sts
.co
243
QUESTION NO: 846 Which of the following connectivity is required for a web server that is hosting an SSL based web site? A. Port 443 inbound B. Port 443 outbound C. Port 80 inbound D. Port 80 outbound
Answer: B
Which of the following is used to determine equipment status and modify the configuration or settings of network devices? A. SNMP B. DHCP C. SMTP D. CHAP Answer: A
Ac
tua
lTe
A. Computer name B. The fingerprint of the operating system C. The physical cabling topology of a network D. User IDs and passwords
sts
.co
Answer: A
244
CompTIA SY0-201: Practice Exam Which of the following is a major reason that social engineering attacks succeed? A. Strong passwords are not required B. Lack of security awareness C. Multiple logins are allowed D. Audit logs are not monitored frequently Answer: B
QUESTION NO: 850 Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media? A. Incremental B. Differential C. Full D. Delta Answer: B
Answer: D
QUESTION NO: 852 The purpose of the SSID in a wireless network is to: A. define the encryption protocols used. B. secure the WAP C. identify the network D. protect the client
Ac
A. Discretionary Access Control (DAC). B. need to know C. decentralized management D. single sign-on
tua
The authentication process where the user can access several resources without the need for multiple credentials is known as:
lTe
sts
.co
245
QUESTION NO: 853 Which of the following would be the MOST common method for attackers to spoof email? A. Web proxy B. Man in the middle attacks C. Trojan horse programs D. Open relays Answer: D
Answer: C
QUESTION NO: 856 Which of the following would be considered a detrimental effect of a virus hoax? (Select TWO).
Ac
Choose the figure which represents the number of ports in the TCP/IP (Transmission Control Protocol/Internet Protocol) which are vulnerable to being scanned, attacked, and exploited.
tua
lTe
sts
.co
Which of the following is often misused by spyware to collect and report a user's activities?
246
CompTIA SY0-201: Practice Exam A. The email server capacity is consumed by message traffic. B. Technical support resources are consumed by increased user calls. C. Users are tricked into changing the system configuration. D. Users are at risk for identity theft. Answer: B,C
QUESTION NO: 857 To keep an 802.11x network from being automatically discovered, a user should: A. turn off the SSID broadcast. B. leave the SSID default. C. change the SSID name. D. activate the SSID password Answer: A
Answer: B
QUESTION NO: 859 Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header? A. SOCKS B. NAT C. DNS D. Private addressing Answer: B
Ac
tua
lTe
Which of the following BEST describes the baseline process of securing devices on a network infrastructure?
sts
.co
247
QUESTION NO: 860 A company wants to connect the network to a manufacturer's network to be able to order parts. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? A. Scatternet B. Extranet C. VPN D. Intranet Answer: B
Fiber optic cable is considered safer than CAT5 because fiber optic cable: (Select TWO). A. is not susceptible to interference. B. is hard to tap in to. C. is made of glass rather than copper. D. can be run for a longer distance E. is more difficult to install Answer: A,B
Which of the following access attacks would involve looking through your files in the hopes of finding something interesting? A. Interception B. Snooping C. Eavesdropping D. None of the above Answer: B
Ac
tua
lTe
sts
.co
248
CompTIA SY0-201: Practice Exam A company wants to implement a VLAN. Senior management believes that a VLAN will be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocol (DTP) will facilitate network efficiency. Which of the following issues should be discussed with senior management before VLAN implementation? A. MAC addresses can be spoofed and DTP allows rogue network devices to configure ports B. MAC addresses can be spoofed and DTP allows only authenticated users. C. MAC addresses are a secure authentication mechanism and DTP allows rogue network devices to configure ports. D. MAC addresses are a secure authentication mechanism and DTP allows only authenticated users. Answer: A
Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. The model with no single trusted root is known as: A. peer-to-peer B. downlevel C. hierarchical D. hybrid Answer: A
Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? A. Reconfigure the key B. Revoke the key C. Delete the key D. Renew the key Answer: B
QUESTION NO: 866 Which of the following describes the validation of a message's origin? "Pass Any Exam. Any Time." - www.actualtests.com 249
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam A. Integrity B. Confidentiality C. Non-repudiation D. Asymmetric encryption Answer: C
QUESTION NO: 867 Using software on an individual computer to generate a key pair is an example of which of the following approaches to PKI architecture? A. Decentralized B. Centralized C. Hub and spoke D. Distributed key Answer: A
Answer: B
QUESTION NO: 869 When setting password rules, which of the following would lower the level of security of a network? A. Passwords must be greater than six characters and contain at least one non-alpha. B. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before. C. Complex passwords that users can not remotely change are randomly generated by the administrator and given to users D. After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account. "Pass Any Exam. Any Time." - www.actualtests.com 250
Ac
tua
lTe
Which of the following types of encryption would be BEST to use for a large amount of data?
sts
.co
QUESTION NO: 870 A person pretends to be a telecommunications repair technician, enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. The person connects a packet sniffer to the network switch in the wiring closet and hides the sniffer behind the switch against a wall. This is an example of: A. a vulnerability scan B. social engineering C. a man in the middle attack D. a penetration test
Answer: D
Nmap has been run against a server and more open ports than expected have been discovered. Which of the following would be the FIRST step to take? A. All ports should be closed and observed to see whether a process tries to reopen the port. B. Nmap should be run again and observed to see whether different results are obtained. C. All ports should be left open and traffic monitored for malicious activity D. The process using the ports should be examined. Answer: D
QUESTION NO: 873 "Pass Any Exam. Any Time." - www.actualtests.com 251
Ac
tua
lTe
A. Someone looking through your files B. Involve someone who routinely monitors network traffic C. Listening or overhearing parts of a conversation D. Placing a computer system between the sender and receiver to capture information.
sts
.co
Answer: B
CompTIA SY0-201: Practice Exam Which of the following would be MOST desirable when attacking encrypted data? A. Sniffed traffic B. Block cipher C. Weak key D. Algorithm used Answer: C
QUESTION NO: 874 Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network? A. Perform a vulnerability assessment B. Run a port scan C. Run a sniffer D. Install and monitoran IDS Answer: A
QUESTION NO: 876 A small manufacturing company wants to deploy secure wireless on their network. Which of the following wireless security protocols could be used? (Select TWO). A. WEP
Ac
tua
A company has instituted a VPN to allow remote users to connect to the office. As time progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user?
lTe
sts
.co
252
QUESTION NO: 877 Which of the following uses private key / public key technology to secure web sites? A. SSL B. TCP C. Media Access Control (MAC) D. Access Control List (ACL) Answer: A
Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication? A. Privatekeys can be compromised. B. A user must trust the public key that is received C. It is subject to a man-in-the-middle attack D. Weak encryption can be easily broken Answer: B
The MOST common exploits of Internet-exposed network services are due to: A. illicit servers B. Trojan horse programs C. active content (e.g. Java Applets) D. buffer overflows Answer: D
Ac
tua
lTe
sts
.co
253
CompTIA SY0-201: Practice Exam Which of the following would be an example of a hardware device where keys can be stored? (Select TWO). A. PCI card B. Smart card C. PCMCIA card D. Network interface card (NIC) Answer: B,C
QUESTION NO: 881 The Diffie-Hellman encryption algorithm relies on which of the following? A. Tunneling B. Digital signatures C. Key exchange D. Passwords Answer: C
Non-repudiation is enforced by which of the following? A. Secret keys B. Digital signatures C. PKI D. Cipher block chaining Answer: B
QUESTION NO: 883 Which of the following would be the MOST effective backup site for disaster recovery? A. Cold site B. Warm site C. Hot site D. Reciprocal agreement Answer: C "Pass Any Exam. Any Time." - www.actualtests.com 254
Ac
tua
lTe
sts
.co
QUESTION NO: 884 Which of the following describes backing up files and software that have changed since the last full or incremental backup? A. Full backup B. Differential backup C. Incremental backup D. Delta backup Answer: C
Answer: A
On the basis of certain ports, which of the following will allow wireless access to network resources? A. 802.11a B. 802.11n C. 802.1x D. 802.11g Answer: C
QUESTION NO: 887 An organization has a hierarchical-based concept of privilege management with administrators having full access, human resources personnel having slightly less access and managers having "Pass Any Exam. Any Time." - www.actualtests.com 255
Ac
tua
lTe
sts
.co
An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following?
CompTIA SY0-201: Practice Exam access to their own department files only. This is BEST described as: A. Discretionary Access Control (DAC). B. Rule Based Access Control (RBAC). C. Mandatory Access Control (MAC) D. Role Based Access Control (RBAC) Answer: D
QUESTION NO: 888 A representative from the human resources department informs a security specialist that an employee has been terminated. Which of the following would be the BEST action to take? A. Disable the employee's user accounts and keep the data for a specified period of time. B. Disable the employee's user accounts and delete all data. C. Contact the employee's supervisor regarding disposition of user accounts D. Change the employee's user password and keep the data for a specified period.
One of the below options are correct regarding the DDoS (Distributed Denial of Service) attack? A. Listening or overhearing parts of a conversation B. Placing a computer system between the sender and receiver to capture information C. Use of multiple computers to attack a single organization D. Prevention access to resources by users authorized to use those resources Answer: C
QUESTION NO: 890 An SMTP server is the source of email spam in an organization. Which of the following is MOST likely the cause? A. The administrator account was not secured. B. X.400 connectors have not been password protected. C. Remote access to the email application's install directory has not been removed. D. Anonymous relays have not been disabled.
Ac
tua
lTe
sts
Answer: A
.co
256
QUESTION NO: 891 The first step in creating a security baseline would be: A. identifying the use case. B. installing software patches. C. vulnerability testing D. creating a security policy Answer: D
Answer: C
QUESTION NO: 894 Which of the following types of programs autonomously replicates itself across networks?
Ac
An organization needs to monitor all network traffic as it traverses their network. Which item should be used by the technician?
tua
lTe
sts
A. if a threat becomes known. B. once each month C. when the hardware or software is turned on. D. when the vendor requires it
.co
257
CompTIA SY0-201: Practice Exam A. Trojan horse B. Worm C. Virus D. Spyware Answer: B
QUESTION NO: 895 Which of the following BEST describes an attempt to transfer DNS zone data? A. Evasion B. Fraggle C. Teardrop D. Reconnaissance Answer: D
An end-to-end traffic performance guarantee made by a service provider to a customer is a: A. DRP. B. BCP. C. SLA. D. VPN Answer: C
Which of the following statements are true regarding File Sharing? A. FTP is a protocol, a client, and a server. B. Security was based on the honor system. C. As discussed earlier, SSH is a program that allows connections to be secured by encrypting the session between the client and the server. D. When files are stored on a workstation, the connection is referred to as a peer-to-peer connection. Answer: D
Ac
tua
lTe
sts
.co
258
QUESTION NO: 898 A honeypot is used to: A. provide an unauthorized user with a place to safely work. B. give an unauthorized user time to complete an attack. C. trap attackers in a false network. D. allow administrators a chance to observe an attack. Answer: D
QUESTION NO: 899 Which of the following are components of host hardening? (Select TWO). A. Adding users to the administrator group. B. Disabling unnecessary services. C. Configuring the Start menu and Desktop D. Applying patches Answer: B,D
Which of the following common attacks would the attacker capture the user's login information and replay it again later? A. Back Door Attacks B. Replay Attack C. Spoofing D. ManIn The Middle Answer: B
QUESTION NO: 901 The difference between identification and authentication is that: A. authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials. "Pass Any Exam. Any Time." - www.actualtests.com 259
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam B. authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group. C. authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials. D. authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials. Answer: C
QUESTION NO: 902 Following a disaster, which of the following functions should be returned FIRST from the backup facility to the primary facility? A. Web services B. Systems functions C. Executive functions D. Least critical functions Answer: D
Which of the following is a reason to use a vulnerability scanner? A. To identify open ports on a system B. To assist with protocol analyzing C. To identify remote access policies D. To assist with PKI implementation Answer: A
QUESTION NO: 904 A computer system containing personal identification information is being implemented by a company's sales department. The sales department has requested that the system become operational before a security review can be completed. Which of the following can be used to explain the reasons a security review must be completed? A. Vulnerability assessment B. Risk assessment "Pass Any Exam. Any Time." - www.actualtests.com 260
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam C. Corporate security policy D. Need to know policy Answer: C
QUESTION NO: 905 Which of the following attacks are being referred to if the attack involves the attacker gaining access to a host in the network and logically disconnecting it? A. TCP/IP Hijacking B. UDP Attack C. ICMP Attacks D. Smurf Attacks Answer: A
Which of the following protocols is used to transmit data between a web browser and a web server? A. SSH B. HTTP C. SFTP D. IMAP4 Answer: B
Which of the following attacks are being referred to if packets are not connection-oriented and do not require the synchronization process? A. TCP/IP Hijacking B. UDP Attack C. ICMP Attacks D. Smurf Attacks Answer: B
Ac
tua
lTe
sts
.co
261
CompTIA SY0-201: Practice Exam QUESTION NO: 908 One of the questions below is a description for a password cracker, which one is it? A. A program that can locate and read a password file. B. A program that provides software registration passwords or keys. C. A program that performs comparative analysis. D. A program that obtains privileged access to the system. Answer: C
QUESTION NO: 909 Which of the below options would you consider as a program that constantly observes data traveling over a network? A. Smurfer B. Sniffer C. Fragmenter D. Spoofer Answer: B
From the listing of attacks, choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network? A. Buffer Overflow attack B. SYN attack C. Smurf attack D. Birthday attack Answer: B
QUESTION NO: 911 Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text? A. Protocol analyzer B. Port scanner "Pass Any Exam. Any Time." - www.actualtests.com 262
Ac
tua
lTe
sts
.co
QUESTION NO: 912 From the listing of attacks, which analyzes how the operating system (OS) responds to specific network traffic, in an attempt to determine the operating system running in your networking environment? A. Operating system scanning. B. Reverse engineering. C. Fingerprinting D. Host hijacking. Answer: C
Answer: D
QUESTION NO: 914 A technician is helping an organization to correct problems with staff members unknowingly downloading malicious code from Internet websites. Which of the following should the technician do to resolve the problem? A. Use Java virtual machines to reduce impact B. Disable unauthorized ActiveX controls C. Implement a policy to minimize the problem D. Install a NIDS "Pass Any Exam. Any Time." - www.actualtests.com 263
Ac
A. Man in the middle attack B. Smurf attack C. Teardrop attack D. SYN (Synchronize) attack
tua
lTe
From the listing of attacks, choose the attack which misuses the TCP (Transmission Control Protocol) three- way handshake process, in an attempt to overload network servers, so that authorized users are denied access to network resources?
sts
.co
QUESTION NO: 915 One type of network attack sends two different messages that use the same hash function to generate the same message digest. Which network attack does this? A. Man in the middle attack. B. Ciphertext only attack. C. Birthday attack. D. Brute force attack. Answer: C
Answer: C
To which of the following viruses does the characteristic when the virus may attempt to infect your boot sector, infect all of your executable files, and destroy your applications files form part of? A. Multipartite Virus B. Armored Virus C. Companion Virus D. Phage Virus Answer: A
QUESTION NO: 918 "Pass Any Exam. Any Time." - www.actualtests.com 264
Ac
tua
lTe
sts
To which of the following viruses does the characteristic when the virus will attempt to avoid detection by masking itself from applications. It may attach itself to the boot sector of the hard drive, form part of?
.co
CompTIA SY0-201: Practice Exam Choose the most effective method of preventing computer viruses from spreading throughout the network. A. You should require root/administrator access to run programs and applications. B. You should enable scanning of all e-mail attachments. C. You should prevent the execution of .vbs files. D. You should install a host based IDS (Intrusion Detection System) Answer: B
QUESTION NO: 919 Choose the statement that best details the difference between a worm and a Trojan horse? A. Worms are distributed through e-mail messages while Trojan horses do not. B. Worms self replicate while Trojan horses do not. C. Worms are a form of malicious code while Trojan horses are not. D. There is no difference between a worm and a Trojan horse.
Choose the statement which best defines the characteristics of a computer virus. A. A computer virus is a find mechanism, initiation mechanism and can propagate. B. A computer virus is a learning mechanism, contamination mechanism and can exploit. C. A computer virus is a search mechanism, connection mechanism and can integrate. D. A computer virus is a replication mechanism, activation mechanism and has an objective. Answer: D
QUESTION NO: 921 Choose the attack or malicious code that cannot be prevented or deterred solely through using technical measures. A. Dictionary attacks. B. Man in the middle attacks. C. DoS (Denial of Service) attacks. D. Social engineering.
Ac
tua
lTe
sts
Answer: B
.co
265
QUESTION NO: 922 An Auditing system is necessary to prevent attacks on what part of the system? A. The files. B. The operating system. C. The systems memory D. None of the above Answer: A
Answer: C
One type of port scan can determine which ports are in a listening state on the network, and can then perform a two way handshake. Which type of port scan can perform this set of actions? A. A TCP (transmission Control Protocol) SYN (Synchronize) scan B. A TCP (transmission Control Protocol) connect scan C. A TCP (transmission Control Protocol) fin scan D. A TCP (transmission Control Protocol) null scan Answer: A
QUESTION NO: 925 Which of the following has largely replaced SLIP?
Ac
tua
lTe
sts
.co
Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol).
266
CompTIA SY0-201: Practice Exam A. SLIP (Serial Line Internet Protocol) B. PPP (Point-to-Point Protocol) C. VPN D. RADIUS (Remote Authentication Dial-In User Service) Answer: B
QUESTION NO: 926 Which of the following definitions fit correctly to RADIUS? A. Is an older protocol that was used in early remote accessenvironments B. Has largely replaced SLIP and offers multiple protocol support including AppleTalk, IPX, and Decent C. are used to make connections between private networks across a public network, such as the Internet D. is a mechanism that allows authentication of dial-in and other network connections Answer: D
Which of the following definitions fit correctly to TACACS? A. Is an older protocol that was used in early remote accessenvironments B. Has largely replaced SLIP and offers multiple protocol support including AppleTalk, IPX, and Decent C. are used to make connections between private networks across a public network, such as the Internet D. It allows credentials to be accepted from multiple methods, including Kerberos. Answer: D
QUESTION NO: 928 Which of the following needs to be backed up on a domain controller to be able to recover Active Directory? A. System files B. User date C. System state "Pass Any Exam. Any Time." - www.actualtests.com 267
Ac
tua
lTe
sts
.co
QUESTION NO: 929 Which of the following definitions fit correctly to PPTP? A. It supports encapsulation in a single point-to-point environment B. It was created by Cisco as a method of creating tunnels primarily for dial-up connections C. It is primarily a point-to-point protocol D. It is a tunneling protocol originally designed for UNIX systems. Answer: A
Answer: C,E
You work as the security administrator at Acme.com. You must configure the firewall to support TACACS. Which port(s) should you open on the firewall? A. Port 21 B. Port 161 C. Port 53 D. Port 49 Answer: D
Ac
tua
A. PPP (Point-to-Point Protocol). B. SLIP (Serial Line Internet Protocol). C. L2TP (Layer Two Tunneling Protocol). D. SMTP (Simple Mail Transfer Protocol). E. PPTP (Point-to-Point Tunneling Protocol).
lTe
sts
From the list of protocols, which two are VPN (Virtual Private Network) tunneling protocols? Choose two protocols.
.co
268
CompTIA SY0-201: Practice Exam QUESTION NO: 932 Which of the following network attacks cannot occur in an e-mail attack? A. Dictionary attack B. Trojan Horse C. Phage Virus D. Polymorphic Virus Answer: A
QUESTION NO: 933 Which of the following attacks are being referred to if someone is accessing your e-mail server and sending inflammatory information to others? A. Trojan Horse. B. Phage Virus. C. Repudiation Attack. D. Polymorphic Virus. Answer: C
A technician is auditing the security posture of an organization. The audit shows that many of the users have the ability to access the company's accounting information. Which of the following should the technician recommend to address this problem? A. Changing file level audit settings B. Implementing a host based intrusion detection system C. Changing the user rights and security groups D. Implementing a host based intrusion prevention system Answer: C
QUESTION NO: 935 Job rotation is a cross-training technique where organizations minimize collusion amongst staff. A. True B. False "Pass Any Exam. Any Time." - www.actualtests.com 269
Ac
tua
lTe
sts
.co
QUESTION NO: 936 A security specialist is reviewing firewall logs and sees the information below. Which of the following BEST describes the attack that is occurring? s-192.168.0.21:53 --> d-192.168.0.1:0 s192.168.0.21:53 --> d-192.168.0.1:1 s-192.168.0.21:53 --> d-192.168.0.1:2 s192.168.0.21:53 --> d-192.168.0.1:3 s-192.168.0.21:53 --> d-192.168.0.1:4 s192.168.0.21:53 --> d-192.168.0.1:5 s-192.168.0.21:53 --> d-192.168.0.1:6 s192.168.0.21:53 --> d-192.168.0.1:7 s-192.168.0.21:53 --> d-192.168.0.1:8 A. ARP poisoning B. DNS spoofing C. Port scan D. PING sweep Answer: C
Answer: C
QUESTION NO: 938 By which means do most network bound viruses spread? A. E-mail B. Floppy C. CD-Rom D. Mass storage devices "Pass Any Exam. Any Time." - www.actualtests.com 270
Ac
A. The firewall's logs B. The attacking computer's audit logs C. The target computer's audit logs. D. The domain controller's logs.
tua
Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network?
lTe
sts
.co
QUESTION NO: 939 Which of the following definitions should BEST suit the functions of an e-mail server? A. Detect the viruses in the messages received from various sources and send warnings to the recipient to warn him/her of the risky mail. B. Notify you that a message carries a virus. C. Forms a platform on which messages are sent. D. Makes use of a port used specifically for messages to be sent through. Answer: A
Choose the primary disadvantage of using a third party mail relay. A. Spammers can utilize the third party mail relay. B. A third party mail relay limits access to specific users. C. A third party mail relay restricts the types of e-mail that maybe sent. D. A third party mail relay restricts spammers from gaining access. Answer: A
On the topic of comparing viruses and hoaxes, which statement is TRUE? Choose the best TRUE statement. A. Hoaxes can create as much damage as a real virus. B. Hoaxes are harmless pranks and should be ignored. C. Hoaxes can help educate users about a virus. D. Hoaxes carry a malicious payload and can be destructive. Answer: A
QUESTION NO: 942 Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data.
Ac
tua
lTe
sts
.co
271
CompTIA SY0-201: Practice Exam A. Asymmetric scheme B. Symmetric scheme C. Symmetric key distribution system D. Asymmetric key distribution system Answer: A
QUESTION NO: 943 Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept? A. Buffer Overflows. B. Cookies. C. CGI. D. SMTP Relay Answer: A
Answer: D
QUESTION NO: 945 Which of the following definitions BEST suit Java Applet? A. It is a programming language that allows access to system resources of the system running the script B. The client browser must have the ability to run Java applets in a virtual machine on the client C. It can also include a digital signature to verify authenticity D. It allows customized controls, icons, and other features to increase the usability of web enabled systems "Pass Any Exam. Any Time." - www.actualtests.com 272
Ac
tua
lTe
Which of the following web vulnerabilities is being referred to when it has a feature designed into many e-mail servers that allows them to forward e-mail to other e-mail servers?
sts
.co
QUESTION NO: 946 Which of the following definitions BEST suit Buffer Overflow? A. It receives more data than it is programmed to accept. B. It is used to provide a persistent, customized web experience for each visit. C. It's an older form of scripting that was used extensively in early web systems D. It has a feature designed into many e-mail servers that allows them to forward e-mail to other email servers Answer: A
Which of the following describes a host-based system that provides access control? A. Personal software firewalls B. Antivirus software C. HIDS D. Pop-up blockers Answer: A
All of the following show up in a security log EXCEPT: A. true positive. B. false negative. C. known anomalies. D. false positive. Answer: B
QUESTION NO: 949 An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns. Which of the following is an example of this threat?
Ac
tua
lTe
sts
.co
273
CompTIA SY0-201: Practice Exam A. An attacker using the phone remotely for spoofing other phone numbers B. Unauthorized intrusions into the phone to access data C. The Bluetooth enabled phone causing signal interference with the network D. An attacker using exploits that allow the phone to be disabled Answer: B
QUESTION NO: 950 An administrator wishes to deploy an IPSec VPN connection between two routers across a WAN. The administrator wants to ensure that the VPN is encrypted in the most secure fashion possible. Which of the following BEST identifies the correct IPSec mode and the proper configuration? A. IPSec in tunnel mode, using both the ESP and AH protocols B. IPSec in tunnel mode, using the ESP protocol C. IPSec in transport mode, using the AH protocol D. IPSec in transport mode, using both ESP and AH protocols Answer: A
Which of the following passwords would be the MOST difficult to crack? A. Passw0rd B. L0gin1 C. zAq12wsx! D. ABC123def Answer: C
QUESTION NO: 952 An administrator has just performed an audit on their network. The security administrator has not allowed the results to be shown to the IT departmental staff. Which of the following BEST describes the reasoning for this? A. Least privilege B. Job rotation C. Separation of duties D. Implicit deny "Pass Any Exam. Any Time." - www.actualtests.com 274
Ac
tua
lTe
sts
.co
QUESTION NO: 953 The Nmap utility can be used to complete which of the following tasks? (Select THREE) A. Crack passwords as they are transmitted from one network location to another. B. Guess the type of OS in use by devices on a network. C. Document open ports within a specified network range. D. Spoof the IP address from which a scan is originating. E. Determine what type of encryption is being used within a specified network range. F. Determine what vulnerabilities are present on a specified network device. Answer: B,C,D
Answer: C
A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protected. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If determining the risk, which of the following is the annual loss expectancy (ALE)? A. $2,700 B. $4,500 C. $5,000 D. $7,290
Ac
tua
lTe
sts
A technician needs to remove a worm from a user's machine. Which of the following tools would MOST likely be used to perform this task?
.co
275
QUESTION NO: 956 Which of the following tools are used for password cracking? (Select TWO). A. John the Ripper B. Cain C. Kismet D. Nmap E. Nessus Answer: A,B
Which of the following tools performs comprehensive tests against hosts to expose a range of known security threats? A. Password crackers B. Packet analyzer C. Vulnerability scanners D. Port scanners Answer: C
Which of the following is the state of a cold site prior to a disaster? A. The hardware is powered on. B. The site is online and being used to process test data. C. The hardware is powered off. D. The site has all systems loaded with data from the latest backups. Answer: C
QUESTION NO: 959 Which of the following is the MOST important reason to verify the integrity of acquired data in a forensic investigation? "Pass Any Exam. Any Time." - www.actualtests.com 276
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam A. To ensure that a virus cannot get copied to the target media B. To ensure that the MBR gets transferred successfully to the target media C. To ensure that source data will fit on the specified target media D. To ensure that the data has not been tampered with Answer: D
QUESTION NO: 960 Which of the following is an unwanted program that infects a host computer and normally reports the contents of the hard drive or the users browsing habits to a remote source? A. Spyware B. Virus C. Rootkit D. Adware Answer: A
Answer: C
QUESTION NO: 962 A company runs a site which has a search option available to the general public. The network administrator is reviewing the site logs one day and notices an IP address filling out a specific form on the site at a rate of two submissions per second. Which of the following is the BEST option to stop this type of abuse? A. Add a CAPTCHA feature. B. Block the IP address. C. Disable ActiveX. D. Slow down the server response times. "Pass Any Exam. Any Time." - www.actualtests.com 277
Ac
tua
A. On all servers B. Between two private networks C. Between the private and public networks D. On all network hosts
lTe
sts
.co
QUESTION NO: 963 A library provides automated pay per print copiers and printers. It is discovered that an employee has been embezzling money from the coin boxes for many years. Which of the following might have helped the library detect this earlier? A. Improve employee auditing procedures B. User education C. Mandatory vacations D. Acceptable use policy Answer: A
Answer: A
Which of the following methodologies is being used if a monitoring tool is able to detect unusual characteristics by comparing current results to previous results? A. Definition-based B. Signature-based C. Performance-based D. Anomaly-based Answer: D
Ac
tua
A. Accounting staff only B. The CFO only C. Managers only D. Account staff and managers
lTe
sts
The accounting department has a specialized check printer. Checks are printed by the accounting staff after receiving a check request from a manager. Which of the following groups needs access to this printer?
.co
278
CompTIA SY0-201: Practice Exam QUESTION NO: 966 A user must pass through a set of doors that enclose them in a specific area until properly authenticated. Which of the following terms BEST describes this scenario? A. Hardware locks B. Physical token system C. Biometric access system D. Mantrap Answer: D
Answer: B
Which of the following tools should be used to determine what services may be running on a computer? A. NIDS B. Protocol analyzer C. HIDS D. Port scanner Answer: D
QUESTION NO: 969 Which of the following encryption algorithms provides the LEAST amount of security? A. 3DES B. WEP C. DES "Pass Any Exam. Any Time." - www.actualtests.com 279
Ac
tua
lTe
sts
.co
QUESTION NO: 970 Which of the following physical security methods provide the BEST method of validating and tracking authorized user identities? (Select TWO). A. Hardware door locks B. Video surveillance C. Sign-in logs D. Photo ID E. Door access systems Answer: B,E
A user needs access to a drive to edit documents on a particular shared folder. According to the rule of least privilege, which rights should the user have? A. Read to the shared folder B. Read and write to the shared folder C. Read and write to the entire drive D. Read to the entire drive Answer: B
Which of the following trust models is an example of when a certificate becomes trusted by a group of trusted sources? A. Web of trust B. Trusted introducer C. Direct trust D. Hierarchical trust Answer: B
Ac
tua
lTe
sts
.co
280
CompTIA SY0-201: Practice Exam QUESTION NO: 973 Which of the following is the BEST way to read system logs? A. Sort the logs by size and date. B. Read all logs as they are entered sequentially to determine a trend. C. Filter logs using software and focus on only those of importance. D. Cross-reference the logs with all application logs. Answer: C
QUESTION NO: 974 An administrator wants to deploy a solution that will use a secret key to secure data transmissions. Which of the following would allow the administrator to do this? A. Asymmetric encryption B. Non-repudiation C. Symmetric encryption D. Whole disk encryption Answer: C
When a user knows the originator of the key, this is an example of which of the following models? A. Web of trust B. Trusted introducer C. Hierarchical trust D. Direct trust Answer: D
QUESTION NO: 976 Which of the following sends data packets to various IP ports on a host to determine the responsive ports? A. OVAL B. Network sniffer C. Protocol analyzer "Pass Any Exam. Any Time." - www.actualtests.com 281
Ac
tua
lTe
sts
.co
QUESTION NO: 977 Which of the following network protocols facilitates hiding internal addresses from the Internet? A. DMZ B. NAT C. NAC D. ARP Answer: B
Answer: D
Which of the following terms BEST describes the process of stealing data from a Bluetooth enabled phone? A. Data emanation B. Smurfing C. Bluesnarfing D. Blue jacking Answer: C
Ac
tua
lTe
sts
An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:
.co
282
CompTIA SY0-201: Practice Exam QUESTION NO: 980 Which of the following is the practice of plotting access points with use of a wireless antenna and a GPS program? A. Blue jacking B. Bluesnarfing C. War driving D. Data emanation Answer: C
Answer: A,B,C
Which of the following attacks would user education and awareness training help prevent? (Select THREE). A. Social Engineering B. ARP Poisoning C. Dumpster Diving D. Denial of Service (DoS) E. Phishing F. DNS Poisoning Answer: A,C,E
QUESTION NO: 983 "Pass Any Exam. Any Time." - www.actualtests.com 283
Ac
tua
lTe
A. A zone transfer made to an unknown external system B. A denied zone transfer request from one of the secondary DNS servers C. A denied zone transfer request from an unknown system D. A zone transfer made to one of the internal secondary DNS servers E. A DNS request from an internal host for thecompanys web server address F. A request from an external host for thecompanys web server address
sts
.co
Which of the following should cause the MOST concern when evaluating DNS logs? (Select THREE).
CompTIA SY0-201: Practice Exam To protect the confidentiality of data, the FINAL step in secure disposal of magnetic media is: A. verification. B. secure erasure of personal identifiable information (PII). C. burning, pulverizing or smelting. D. data categorization. Answer: A
QUESTION NO: 984 Which of the following is a potential danger when using a vulnerability scanner? A. A malicious user may replay packets during the scan to compromise a target. B. The scan may make attackers on a public network aware of the vulnerabilities. C. The scan may result in instability on the targeted systems. D. The scan may cause excess network congestion and interfere with normal network traffic. Answer: C
Which of the following is the difference between identification and authentication of a user? A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system. B. Identification tells who the user is and authentication proves it. C. Identification proves who the user is and authentication is used to keep the users data secure. D. Identification proves who the user is and authentication tells the user what they are allowed to do. Answer: B
QUESTION NO: 986 Which of the following BEST describes the process for preserving the integrity of forensic evidence? A. Validation B. Chain of custody C. Access control lists
Ac
tua
lTe
sts
.co
284
QUESTION NO: 987 Which of the following is the MOST effective way to suppress a fire at a data center? A. Use a classA based fire suppression system. B. Use a class B based fire suppression system. C. Use a class C based fire suppression system. D. Use a class D based fire suppression system. Answer: C
Which of the following is true about VPNs? A. They provide antivirus protection. B. Encapsulated packets are obfuscated. C. They do not support symmetric encryption. D. IP Packets are not encrypted. Answer: B
Which of the following should a technician recommend to prevent physical access to individual office areas? (Select TWO). A. Video surveillance B. Blockade C. Key card readers D. Mantrap E. Perimeter fence Answer: C,D
Ac
tua
lTe
sts
.co
285
CompTIA SY0-201: Practice Exam Which of the following is a reason that NAT would be implemented? A. Subnetting B. Address hiding C. VLAN management D. Network access control Answer: B
QUESTION NO: 991 While reviewing the firewall logs an administrator notices a number of unauthorized attempted connections from 10.x.x.x on an unused port. Which of the following is the correct procedure to follow when mitigating this risk? A. Block the domain range *.cn B. Block the IP range 10.x.x.x/32 C. Block all traffic on that specific port D. Block IP 10.x.x.x Answer: C
QUESTION NO: 993 Which of the following is a security threat that hides itself within another piece of executable software? A. Botnet B. Logic Bomb
Ac
tua
Which of the following demonstrates the process of ensuring that both ends of the connection are in fact who they say they are?
lTe
sts
.co
286
QUESTION NO: 994 OS compatibility. A. are sometimes able to crack both passwords and physical tokens. B. cannot exploit weaknesses in encryption algorithms. C. cannot be run remotely. D. are sometimes able to crack both Windows and UNIX passwords.
Answer: A,D
Which of the following encryption methods does SSH use during key exchange when securing a connection between the host machine and the remote machine? A. Shared key B. Asymmetric key C. Symmetric key D. Privatekey Answer: B
Ac
tua
lTe
sts
Which of the following protocols are used to secure e-commerce transactions? (Select TWO).
.co
Answer: D
287
CompTIA SY0-201: Practice Exam QUESTION NO: 997 Which of the following can be used to create a VPN? (Select TWO). A. HTTPS B. S/MIME C. TLS D. PPTP E. IPSec Answer: D,E
QUESTION NO: 998 There is a document on the shared network folder. User1 accesses the document to obtain data for their own reports. User2 updates the document as data changes. User3 is a high-level executive who needs to be able to alter the documents security settings and contents. Which of the following privileges should each user have for the shared network folder, using the policy of least privileges? A. User1: Read-Only, User2: Read, User3: Full-Control B. User1: Read-Only, User2: Read and Write, User3: Read and Write C. User1: Read-Only, User2: Read and Write, User3: Full-Control D. User1: Read and Write, User2: Read and Write, User3: Full-Control Answer: C
Why is bluesnarfing more of a security concern than blue jacking? A. Data is completely erased as soon as contact has been established from another device. B. The target device has its data accessed or stolen from another Bluetooth device. C. The device will be rendered inoperable. D. The target device is remotely accessed and unsolicited messages are sent. Answer: B
QUESTION NO: 1000 Which of the following is the MOST effective way to minimize restoration time and conserve storage space while adhering to industry best practices? "Pass Any Exam. Any Time." - www.actualtests.com 288
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam A. Perform full backups weekly and differential backups nightly, with the tapes stored in a secure, off-site location. B. Perform full backups weekly and differential backups nightly, with the tapes stored in the server room for quick access. C. Perform full backups weekly and incremental backups nightly, with the tapes stored in the server room for quick access. D. Perform full backups weekly and incremental backups nightly, with the tapes stored in a secure, off-site location. Answer: A
QUESTION NO: 1001 Which of the following is the MOST secure method to store log files? A. On theadministrators machine B. On the machine that generated the logs C. Onan removable USB drive D. On another host with strong access control lists Answer: D
Answer: D
QUESTION NO: 1003 When reviewing IP implementations, which of the following would a network mapper examine? A. Time-to-live (TTL) values B. Format string overflows C. False MAC addresses D. Unsuccessful zone transfers "Pass Any Exam. Any Time." - www.actualtests.com 289
Ac
A. They do not allow SMTP open relays. B. They encrypt all data. C. They define what devices can be used on the network. D. They define how systems should be securely configured.
tua
Which of the following is the MOST secure method to store log files?
lTe
sts
.co
QUESTION NO: 1004 Which of the following describes the process of using mathematical calculations to change cipher text into clear text? A. Encryption B. Decryption C. Cryptography D. Steganography Answer: B
Which of the following uses the same key to encrypt and decrypt? A. Public key B. Asymmetrical key C. Symmetrical key D. Symmetrical key Answer: C
Which of the following describes the process of using mathematical calculations to change clear text into cipher text? A. Encryption B. Decryption C. Steganography D. Cryptography Answer: A
QUESTION NO: 1007 Which of the following protocols authenticates in clear text?
Ac
tua
lTe
sts
.co
290
QUESTION NO: 1008 Which of the following is a way of limiting the effective range of a wireless network? A. Shielding B. Disabling SSID C. Port filtering D. MAC filtering Answer: A
Data center fire suppression systems are MOST useful for which of the following situations? A. Limiting fire damage in the data center B. Preventing fires in the data center C. Limiting humidity to the electrical systems in the data center D. Protecting employees in the data center Answer: A
A company takes orders exclusively over the Internet. Customers submit orders via a web-based application running on the external web server which is located on Network A. Warehouse employees use an internal application, on its own server, to pick and ship orders this is located on Network B. Any changes made after the order is placed are handled by a customer service representative using the same internal application. All information is stored in a database, which is also located on Network B. The company uses these three sets of user rights: - NONE - ADD (read existing data, write new data) - CHANGE (read, write and change existing data) "Pass Any Exam. Any Time." - www.actualtests.com 291
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam The company has 2 different network zones: - Network A, the DMZ, a public accessible network - Network B, the internal LAN, accessible from company systems only The company wants to restrict customer access as much as possible without impeding their ability to place orders. Which of the following permissions is the MOST appropriate for the customers? A. ADD on Network A, NONE on Network B B. CHANGE on Network A, NONE on Network B C. CHANGE on Network A and B D. CHANGE on Network A, ADD on Network B Answer: A
The company has 2 different network zones: - Network A, the DMZ, a public accessible network - Network B, the internal LAN, accessible from company systems only The company decides to add a separate database for the accounting department. The accounting staff also needs access to the internal application and its database. Which of the following options is the MOST cost-effective and provides the best protection for the accounting database as well as the internal application? A. Place the accounting database on Network B and the accounting employees on Network A. B. Place the accounting database and accounting employees on Network B. C. Place the accounting database and employees on Network A.
Ac
tua
- NONE - ADD (read existing data, write new data) - CHANGE (read, write and change existing data)
lTe
A company takes orders exclusively over the Internet. Customers submit orders via a web-based application running on the external web server which is located on Network A. Warehouse employees use an internal application, on its own server, to pick and ship orders, located on network B. Any changes made after the order is placed are handled by a customer service representative using the same internal application. All information is stored in a database, which is also located on network B. The company uses these three sets of user rights:
sts
.co
292
CompTIA SY0-201: Practice Exam D. Create a third network with the same access as Network B for the accounting database and employees. Answer: B
QUESTION NO: 1012 A company takes orders exclusively over the Internet. Customers submit orders via a web-based application running on the external web server which is located on network A. Warehouse employees use an internal application, on its own server, to pick and ship orders, located on Network B. Any changes made after the order is placed are handled by a customer service representative using the same internal application. All information is stored in a database, which is also located on Network B. The company uses these three sets of user rights: - NONE - ADD (read existing data, write new data) - CHANGE (read, write and change existing data) The company has 2 different network zones:
A. CHANGE on Network A and B B. CHANGE on Network B, NONE on Network A C. CHANGE on Network A, ADD on Network B D. ADD on Network A, NONE on Network B Answer: B
QUESTION NO: 1013 The MOST reliable method to maintain integrity with digital media is to: A. calculate and document the MD5 hash of each item. B. remove all viruses and Trojans. C. verify that the TPM module has not been altered.
Ac
tua
The company wants to restrict customer service representative access as much as possible without impeding their ability to place orders. Which of the following permissions is the MOST appropriate for the customer service representatives?
lTe
- Network A, the DMZ, a public accessible network - Network B, the internal LAN, accessible from company systems only
sts
.co
293
CompTIA SY0-201: Practice Exam D. ensure that all forensic analysis is performed on the original media. Answer: A
QUESTION NO: 1014 Which of the following should a technician do when preparing to clear data from SATA disks? A. Follow the organizations media disposal policy. B. Use a drive wiping utility that ensures seven passes of all zeros. C. Use a drive wiping utility that ensures three passes of all zeros. D. Check previous security logs on the system log server. Answer: A
Which of the following monitoring methodologies would identify known viruses? A. Behavior-based B. Virus-based C. Signature-based D. Anomaly-based Answer: C
A new employee on a business trip was reviewing several key documents while sitting in the lobby of the airport. On return to the office, the administrator notified the employee that valuable company information had been compromised. Which of the following concepts of social engineering occurred? A. Dumpster diving B. Shoulder surfing C. Email hoax D. Phishing Answer: B
Ac
tua
lTe
sts
.co
294
CompTIA SY0-201: Practice Exam QUESTION NO: 1017 Which of the following is a password cracking method? A. Smurf attack B. Birthday attack C. Man-in-the-middle attack D. Hybrid attack Answer: D
QUESTION NO: 1018 A user has requested access to a protected drive containing sensitive financial data. This user needs access to view files in the accounting folder of this drive. Based on the rule of least privilege, which of the following rights should the user get and to which locations? A. Read and list rights to the accounting folder B. Read rights to the accounting folder C. Read and list rights to the protected drive D. Read rights to the protected drive Answer: B
Which of the following ways can a rootkit be removed from an infected system? A. Boot into safe mode and run software which can identify and clean the infected file(s). B. Run a scan on the infected system using software which can identify and clean the infected file(s). C. Delete all temporary files residing on the system and update all antivirus definitions. D. Boot the system with an USB drive that contains software which can identify and clean the infected file(s). Answer: D
QUESTION NO: 1020 Which of the following is the main security risk pertaining to mobile devices (e.g. cell phones or laptops)?
Ac
tua
lTe
sts
.co
295
CompTIA SY0-201: Practice Exam A. Virus transmission to the network B. Lack of encryption C. Rogue devices attached to the network D. Loss or theft of data Answer: D
QUESTION NO: 1021 Antivirus software predominantly uses which of the following intrusion detection methodology? A. Signature-based B. Identity-based C. Anomaly-based D. Behavior-based Answer: A
Which of the following statements accurately describes the security advantage of VLANs? A. VLANs provide firewall capabilities between two network segments. B. Broadcasts within one VLAN do not appear in another VLAN. C. VLANs isolate traffic on a network. D. VLANs preserve broadcast storms. Answer: C
Which of the following is used to grant users appropriate rights to perform their duties? A. Remote authentication B. Separation of duties C. Least privilege D. Complex passwords Answer: C
Ac
tua
lTe
sts
.co
296
CompTIA SY0-201: Practice Exam QUESTION NO: 1024 Which of the following security measures will prevent a user from changing the boot order on a system? A. Implementing the principle of dual-control B. Setting a BIOS password C. Applying all securityhotfixes D. Setting appropriate ACLs on root folders Answer: B
Answer: B
Which of the following asymmetric keys is used to encrypt and decrypt a message? A. Senders public key is used to encrypt.Senders public key is used to decrypt. B. Recipients private key is used to encrypt.Senders private key is used to decrypt. C. Senders public key is used to encrypt.Senders private key is used to decrypt. D. Recipients public key is used to encrypt.Recipients private key is used to decrypt. Answer: D
QUESTION NO: 1027 An organization needs data folders for all departments. No department personnel should have permissions to view another departments folder. How should permissions be set up? A. Create a role-based group for all departments. Create a folder for each department. Assign the group permissions to each folder. B. Create a role-based group for all departments. Create a folder for each department. Assign the group permissions to all folders. "Pass Any Exam. Any Time." - www.actualtests.com 297
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam C. Create a role-based group for each department. Create a folder for each department. Assign the group permissions to each groups own folder. Add users to the appropriate group. D. Create a user for each department. Create a folder for each department. Assign the user permissions to each folder. Answer: C
QUESTION NO: 1028 A virus scanner that must have its virus definitions updated as new viruses are found is an example of which of the following types of virus scanners? A. Keywords-based B. Anomaly-based C. String-based D. Signature-based Answer: D
Answer: A
QUESTION NO: 1030 Which of the following tools would a technician use to analyze and observe network conditions, traffic patterns, and identify bottlenecks? A. SMTP B. NIPS C. Internet content filters D. Protocol analyzer Answer: A
Ac
tua
A. Reusing a password B. Not using dictionary words C. Eight character minimum D. Adding control characters
lTe
sts
.co
298
QUESTION NO: 1031 Which of the following uses tickets to provide both authentication and encryption services? A. RAS B. Biometrics C. Kerberos D. SSH Answer: C
QUESTION NO: 1032 An administrator finds that several employees have multiple forms of malware infection on their computers. The administrator has found all of the infections came from visiting specific websites. Which of the following is the BEST action to prevent infections from occurring through the same vector? A. Change the security settings to prevent the execution of unverified software. B. Ensure that the latest software is installed. C. Protect all computers from outside attacks using NAT. D. Change the security settings so that cookies are disabled.
In order to clean and protect a computer system from malware, the BEST choice to clean and protect a system would be to: A. onlyrun one single application that combats all of the software threats. B. run the operating system within virtualization software without any additional security software. C. run at least two high quality antivirus programs on the computer. D. run antivirus software along with anti-spyware software. Answer: D
Ac
tua
Answer: C
lTe
sts
.co
299
CompTIA SY0-201: Practice Exam Which of the following methods uses DNS lookup to block email messages sent from a server known to have sent spam email? A. Reverse DNS validation B. Intelligent message filters C. Validation of SPF records D. Real-time black hole lists Answer: A
QUESTION NO: 1035 When reviewing logs for DNS kiting, which of the following would be the MOST important entries to monitor? A. Request for DNS lookup ofA records B. Request for DNS lookup of MX records C. Request for DNS lookup of invalid domains D. Request for DNS zone transfers Answer: D
Answer: D
QUESTION NO: 1037 Which of the following is a difference between a vulnerability assessment and a penetration test? A. A penetration test presents a higher risk in regards to disrupting the usage of networks or systems. B. Vulnerability assessment will often find fewer threats than a penetration test. C. Vulnerability assessments are commonly performed without any knowledge of the targeted systems.. "Pass Any Exam. Any Time." - www.actualtests.com 300
Ac
A. WEP is vulnerable to replay attacks. B. Long WEP keys are hard for users to remember. C. Connections secured by WEP can easily be disrupted. D. The WEP key can easily be accessed.
tua
Which of the following represents security issues when using WEP encryption?
lTe
sts
.co
CompTIA SY0-201: Practice Exam D. A penetration test is more comprehensive than a vulnerability assessment. Answer: C
QUESTION NO: 1038 To examine a potentially dangerous piece of software, a security administrator runs the application inside a virtual machine. Which of the following is a benefit of such an action? A. Networking functionality is disabled in a virtual machine. B. Specialized software can only be run within a virtualized machine. C. Malicious software, such as a virus, is incapable of replicating in a virtual machine. D. The software can be examined with a lower risk of spreading threats.
Answer: A,D
Which of the following is the BEST use of a protocol analyzer? A. To implicitly deny all traffic on a specific subnet. B. To test signature-based antivirus software programs. C. To monitor and detect network security related anomalies. D. To regulate the flow of traffic on a network. Answer: C
Ac
tua
A. The script may be exploited to execute unwanted code. B. Server-side scripts disable the antivirus software on the local machine. C. The scripts are incompatible with ActiveX and JavaScript. D. Permissions are not set correctly for the script. E. Server-side scripts cannot read cookies on the local machine.
lTe
sts
Which of the following is a risk associated with server-side scripting? (Select TWO).
.co
Answer: D
301
CompTIA SY0-201: Practice Exam Which of the following is an effective method to identify the source of unauthorized zone transfers? A. Change the default port that the DNS server uses. B. Enable and evaluate the DNS transaction logs. C. Enable the DNS authentication for the entire organization. D. Enable better physical access to the DNS server. Answer: D
QUESTION NO: 1042 Which of the following is a cost-effective solution to test the effects of security policies in a large organization with multiple computer configurations? A. Ensuring all antivirus signatures are current B. Utilizing virtualization technology C. Utilizing parallel processing D. Increasing the size of the NAS Answer: B
Which of the following involves the attempt to bypass security features on a network? A. Penetration testing B. Vulnerability scanning C. Performance monitoring D. Cost benefit analysis Answer: A
QUESTION NO: 1044 Which of the following social engineering techniques requires close physical proximity to a user? A. Smurf attacks B. Phishing C. Shoulder surfing D. Dumpster diving Answer: C "Pass Any Exam. Any Time." - www.actualtests.com 302
Ac
tua
lTe
sts
.co
QUESTION NO: 1045 An administrator wants to block access to the Internet unless a special configuration is entered into the devices network properties. Which of the following would provide this functionality? A. NIDS B. Firewall C. NIPS D. Proxy server Answer: C
Answer: D
QUESTION NO: 1048 Which of the following BEST explains the importance of information security audit logs?
Ac
The audit team is conducting a review of user accounts. Which of the following logical controls would the team examine?
tua
lTe
sts
A. Using LAN manager hashes B. Enabling reverse encryption C. Requiring public keys D. Implementing complexity rules
.co
Which of the following logical access controls helps protect against password attacks?
303
CompTIA SY0-201: Practice Exam A. They demonstrate the chain of custody during an attack. B. They are required by licensed forensic examiners. C. They can be a record of suspicious activities on the network. D. They can illustrate due diligence when creating new user accounts. Answer: C
QUESTION NO: 1049 Which of the following pairs demonstrates a two-factor authentication? A. Token and a smart card B. Password and a token C. Retina scan and a fingerprint D. Smart card and one time pad Answer: B
Which of the following protocols are used for remote access authentication? A. SFTP B. RDP C. RADIUS D. ARP Answer: D
Which of the following is an example of a social engineering attack? A. Phishing B. Smurf attack C. Replay attack D. ARP poisoning Answer: A
Ac
tua
lTe
sts
.co
304
CompTIA SY0-201: Practice Exam QUESTION NO: 1052 Which of the following is the MOST effective way to ensure that contractors do not connect to the system after the end of their contracts? A. Account expiration B. Password policy C. Time of day restrictions D. Access Control Lists (ACLs) Answer: A
QUESTION NO: 1053 A company wants to ensure that users only use their accounts between 8AM and 6PM Monday thru Friday. Which of the following access control methods would be MOST effective for this purpose? A. Account expiration B. Logical tokens C. Time of day restrictions D. Group policies Answer: C
A. restrict access to the share so that it is only available during business hours. B. implement the least privilege policy and deny the users access to the share. C. create a separate logon for the share that is not based on the domain account. D. create a new group policy that would lock the workstations at the end of the day. Answer: C
Ac
The IT department has noticed that a user has been accessing their departments network share after hours. While they have not seen any malicious behavior, this is against the security policy. The BEST way to prevent this from happening would be to:
tua
lTe
sts
.co
305
CompTIA SY0-201: Practice Exam A. No encryption B. No password authentication C. Weak authentication D. Limited firewall connectivity Answer: A
QUESTION NO: 1056 An administrator implements a file integrity monitor on a critical server to reduce the chance of having a rootkit installed. This is an example of which kind of security application implementation? A. Host-based B. IPSec C. Anti-spam D. Pop-up blocker Answer: A
Answer: D
QUESTION NO: 1058 Which of the following is a method to determine if a back door has been created on a computer? A. A new service has started whenever an application is installed or run. B. A new port is opened up without any new applications having been installed to use this port. C. A new port is opened after initiating a new network service. D. A new service is started whenever attempts are made to connect to a wireless network. Answer: B
Ac
A. Port blocking B. Network connection regulation C. Notification of attempted telnet sessions D. Notification of suspicious process usage
tua
lTe
Which of the following can be accomplished by using a HIDS but cannot be accomplished with just a personal firewall?
sts
.co
306
QUESTION NO: 1059 Which of the following describes the role of a firewall? A. Serves as a form of access control B. Facilitates enumeration C. Serves as a DMZ D. Provides intrusion detection Answer: A
QUESTION NO: 1060 Which of the following roles describes an agent who is a trusted entity by all parties involved in the key exchange process? A. Registration administrator B. Certificate Authority (CA) C. Cryptoanalyst D. Recovery agent Answer: B
QUESTION NO: 1062 Which of the following would be used to identify the users who are entering a secured area?
Ac
Which of the following is the process of determining that the sender of a message is who they say they are?
tua
lTe
sts
.co
307
CompTIA SY0-201: Practice Exam A. Mantrap B. Physical access logs/lists C. Biometric system D. Hardware locks Answer: C
QUESTION NO: 1063 Which of the following is a standard that defines wireless communications? A. 802.3x B. CHAP C. 802.1x D. PAP Answer: C
Which of the following is a benefit of HIDS but not of NIDS? A. HIDS can analyze data faster than a NIDS. B. HIDS can analyze information that was sent through encrypted channels. C. HIDS can actively prevent attacks on the host machine. D. HIDS uses behavioral technology instead of signature-based technology. Answer: B
Which of the following algorithms may be used for both digital signatures and key exchanges? A. DES B. Diffie-Hellman C. RSA D. 3DES Answer: C
Ac
tua
lTe
sts
.co
308
CompTIA SY0-201: Practice Exam QUESTION NO: 1066 Which of the following data would be classified as sensitive information in a data classification policy? (Select THREE). A. Credit card number B. Passwords C. Username D. Employer E. Personal identification number F. Date of birth Answer: A,B,E
Answer: C
Which of the following is an example of a symmetric algorithm? A. AES B. Diffie-Hellman C. PKI D. RSA Answer: A
QUESTION NO: 1069 Which of the following is a security threat specific to virtual machines? A. Latency "Pass Any Exam. Any Time." - www.actualtests.com 309
Ac
tua
lTe
sts
.co
Which of the following is the minimum acceptable length for RSA to protect e-commerce transactions?
QUESTION NO: 1070 A user has to use a fingerprint scanner and enter a password to logon to their machine. This is an example of which type of authentication? A. Two-factor authentication B. Single sign-on C. Dual sign-on D. Three-factor authentication Answer: A
How often should security logs be reviewed at a minimum? A. Daily B. Bi-weekly C. Weekly D. Monthly Answer: A
An administrator has been tasked with the job of assessing network security in an organization. The administrator is advised that testing or analysis must have minimal impact on the network. Which of the following should be performed FIRST? A. Social engineering B. Vulnerability scanning C. Disaster recovery D. Buffer overflows Answer: A
Ac
tua
lTe
sts
.co
310
QUESTION NO: 1073 Which of the following makes it more difficult to identify internal address schemes? A. VLAN B. NAT C. IPSec D. DMZ Answer: B
QUESTION NO: 1074 An administrator wants to harden the network against brute force and dictionary attacks. Which of the following is the BEST solution? A. Deploy time of day restrictions B. Deploy password lockout policy C. Deploy account expiration D. Deploy access control lists Answer: B
QUESTION NO: 1076 When visiting a secure website, the browser reports an error with the websites certificate. Which of the following could be the cause of the reported error?
Ac
To prove whether or not an email server can be compromised by an external attacker, which of the following activities should be performed?
tua
lTe
sts
.co
311
CompTIA SY0-201: Practice Exam A. It is an S/MIME certificate. B. The sites certificate will be renewing within 30 days. C. The CA that issued the sites certificate is not trusted by the browser. D. There was an error when the site installed the certificate. Answer: C
QUESTION NO: 1077 Which of the following is an example of a physical access control? A. Shoulder surfing B. Backup generator C. Public key D. Smart card Answer: D
The function of the cryptographic recovery agent is to recover: A. expired certificates. B. corrupted CRL databases. C. user-forgotten keys. D. corrupted CRL databases. Answer: C
Which of the following disadvantages should an administrator keep in mind when implementing VoIP? A. The cost and operation scales to the size of the user base. B. Without redundancy, a single switch failure can sever communications. C. The user base needs to be trained in secure use of the technology. D. Equipment monitoring and maintaining can be difficult. Answer: B
Ac
tua
lTe
sts
.co
312
CompTIA SY0-201: Practice Exam QUESTION NO: 1080 An administrator suspects there is vulnerability on the network due to unexplained packet loss on one node. Which of the following can be used to investigate the packet loss? A. Review the O/S performance logs. B. Perform a ping-sweep across the network. C. Strengthen the Internet-facing firewall. D. Use a protocol analyzer to monitor traffic. Answer: D
Which of the following verifies users within PKI? A. CA B. Recovery agent C. Trust models D. CRL Answer: A
QUESTION NO: 1083 Which of the following tools is used to determine the source of a network problem and establish baselines? A. Networkmapper B. Port scanner "Pass Any Exam. Any Time." - www.actualtests.com 313
Ac
tua
lTe
Answer: D
sts
A. full access to the network, except user-created databases. B. unrestricted approved access, provided that every action is logged. C. a test user account, but the company performs the networkfootprinting. D. no information regarding their topology or technologies.
.co
A corporation has employed a third-party company to perform black-box penetration on their network. The corporation will provide:
QUESTION NO: 1084 Which of the following mechanisms establishes procedures to secure a network? A. Security log files B. Security policy C. Application logging D. Configuration baseline
Answer: B
In order to access a company system, a user is required to provide a thumbprint scan as well as their passphrase. Which of the following authentication models does this describe? A. Two-factor authentication B. Three-factor authentication C. Single-factor authentication D. Single sign-on Answer: A
Ac
tua
A. Implementation of account expiration B. Implementation of a password policy C. Implementation of implicit deny D. Implementation of a group policy
lTe
sts
A small company has new rules regarding password strength. The technician sets all existing user passwords to expire to ensure that all users update their passwords. Which of the following BEST describes how this change was implemented?
.co
Answer: B
314
CompTIA SY0-201: Practice Exam QUESTION NO: 1087 A performance monitoring system that reports deviation from a baseline is BEST described as: A. a behavior-based system. B. an anomaly-based system. C. a signature-based system. D. a DAC based system. Answer: B
QUESTION NO: 1088 Which of the following BEST explains how a proxy server enhances network security? A. It prevents ping of death attacks. B. It protects the internal network through the use of ACLs. C. It logs all suspicious network events to a file. D. It establishes a single source of outgoing traffic. Answer: D
Which of the following is the FIRST step of penetration testing? A. Complete a port scan of all ports. B. Obtain signed consent from the organizations management. C. Obtain a complete list of all thecompanys IP addresses. D. Complete a ping sweep to verify which hosts are active on the network. Answer: B
QUESTION NO: 1090 Which of the following BEST describes the differences between penetration testing and vulnerability scanning? A. Penetration testing relies solely on a database of vulnerabilities from trusted sources. B. Penetration testing improves network security by creating automated reports. C. Penetration testing is signature based. D. Penetration testing involves identifying vulnerabilities and testing them further. "Pass Any Exam. Any Time." - www.actualtests.com 315
Ac
tua
lTe
sts
.co
QUESTION NO: 1091 Which of the following BEST describes the results of vulnerability scanning? A. A list of devices believed to have certain weaknesses B. A list of machines running antivirus software C. A list of rogue devices on the corporate network D. A list of false positives and false negatives on the network Answer: A
Answer: C
Which of the following would be a benefit of testing a program of an unknown source on a virtual machine? A. Virtual machines render it impossible for the code to escape. B. Virtual machines allow for faster performance, so the speed of benchmark testing is increased. C. Virtual machines come equipped with a firewall by default, thus preventing outside contamination. D. Virtual machines can easily be restored to an earlier point if the code is malicious or causes instability Answer: D
QUESTION NO: 1094 "Pass Any Exam. Any Time." - www.actualtests.com 316
Ac
tua
lTe
sts
.co
Which of the following BEST describes the security principle addressed through whole disk encryption?
CompTIA SY0-201: Practice Exam An administrator has configured server systems to keep detailed performance logs. When reviewing the performance logs, which of the following would MOST likely indicate a security breach? A. The performance logs indicate high CPU and disk usage during off peak hours. B. The performance logs indicate CPU usage of near 100% several times during the working day. C. A user consistently uses more disk space than other users. D. Disk usage increases 30% at the same time each work day. Answer: A
QUESTION NO: 1095 An administrator needs to ensure that a particular computer has access to port 80 so it can use the Internet but also needs to ensure that no other ports can be used. Which of the following would allow this with the LEAST amount of administrative effort? A. Disable all ports except port 80 on the computer. B. Configure the firewall to allow port 80 and block all other ports. C. Assign a static IP to the computer. D. Add two entries into the firewall ACL.
QUESTION NO: 1097 Which of the following models is an example of a root certificate based trust that validates other certificates within an organization?
Ac
Which of the following terms describes a case where the transmission between two or more nodes is intercepted during communication?
tua
lTe
Answer: D
sts
.co
317
CompTIA SY0-201: Practice Exam A. Web of trust B. Hierarchical trust C. Direct trust D. Trusted introducer Answer: B
QUESTION NO: 1098 An administrator wants to ensure a high level of security between two nodes when a transmission is taking place. Which of the following would provide the HIGHEST level of security? A. Using a symmetric key B. Using a public key C. Using a asymmetric key D. Using a single private key Answer: C
Answer: A
QUESTION NO: 1100 When implementing an HVAC system, a company needs to be aware of which of the following security concerns? A. The high-voltage tools that technicians may introduce to the environment B. That any technicians have proper clearance, or are supervised C. That the technicians need to be electrically grounded at all times D. That the system has a redundant power supply in place
Ac
A. Educate the users and perform awareness training. B. Harden the password policies in case of future breaches. C. Routinely audit all users browse history. D. Implement HR policies with consequences.
tua
lTe
A company has a problem with users inadvertently posting company information on the Internet. Which of the following is the BEST method for the company to address it?
sts
.co
318
QUESTION NO: 1101 An administrator is made aware of a possible malware infection on one of the servers. The company uses instant messaging software to keep all employees in contact with one another and the employees receive constant messages from users outside the company. Which of the following is the MOST likely cause of the problem? A. Rootkit B. SPIM C. Trojan D. Blue jacking
QUESTION NO: 1103 A user needs to send bank account information to the Human Resource department for payroll. This type of information is considered which of the following? A. Due care B. Personally identifiable information C. Due process D. Classification of information Answer: A
Ac
Answer: A,C,F
tua
A. Between the DMZ and Internal network B. Between two workstations C. Behind a wireless network and the internal network D. Behind the internet and DMZ E. Between a workstation and the internal network F. Behind a VLAN and the internal network
lTe
sts
.co
Answer: B
319
CompTIA SY0-201: Practice Exam QUESTION NO: 1104 Which of the following is used to verify if internal web servers are redirecting traffic to a malicious site? A. Access logs B. IDS C. Performance logs D. DNS record Answer: A
Which of the following video surveillance systems should be installed on an existing network? A. Microwave B. Analog C. CCTV D. IP Answer: D
QUESTION NO: 1107 Which of the following sends unsolicited messages to another user's cell phone via Bluetooth? A. Blue jacking B. Smurfing C. Data emanation "Pass Any Exam. Any Time." - www.actualtests.com 320
Ac
tua
lTe
Answer: C
sts
.co
A forensic examiner wants to provide evidence that the data acquired from a hard drive did not change during the imaging process. Which of the following provides that evidence?
QUESTION NO: 1108 Which of the following is the MAIN difference between a hotfix and a patch? A. Hotfixes follow a predetermined release schedule while patches do not. B. Hotfixes are smaller than patches. C. Hotfixes may be released at any time and will be later included in a patch. D. Patches can only be applied after obtained proper approval, whilehotfixes do not need management approval.
Answer: C
An administrator needs to implement a solution that will have a redundant site at all times and will be able to handle all network request and traffic in the event of the main site going offline. Which of them would provide this functionality? A. Hot site B. Mobile site C. Cold site D. Warm site Answer: A
Ac
tua
A. Close the laptop lid to put the computer in hibernate mode B. Secure the area C. Unplug the network cable D. Look at the computer screen and record any error message
lTe
sts
Which of the following is the FIRST step a technician should take when entering a room where a laptop computer has been compromised?
.co
Answer: B
321
CompTIA SY0-201: Practice Exam QUESTION NO: 1111 Which of the following is the BEST solution when trying to update a system to the most current release in as few updates as possible? A. Install allhotfixes then install any remaining services packs B. Install all services packs then install any remaining patches C. Install all patches then install any remaining packs D. Install all patches then install any remaininghotfixes Answer: B
A. Update the antivirus server and workstations, while ensuring each step is properly documented and logs are working correctly on the server. B. Update the antivirus server and workstations, while ensuring each step is properly documented and logs are working correctly on the server. C. Update the antivirus, ensure the logs are working correctly on the server, and wait to update the workstations until it has been approved via the change management process. D. Document the whole process and wait until next week to discuss with the change management group, in order to get that change approved. Answer: B
Ac
All changes made on the network need to be documented. A new virus definition and there is not another change management meeting schedule for several weeks. Which of the following is the BEST choice for a security administrator?
tua
lTe
Answer: D
sts
.co
Which of the following should be disabled to help prevent boot sector viruses from launching when a computer boots?
322
CompTIA SY0-201: Practice Exam QUESTION NO: 1114 Which of the following is a goal penetration testing? A. Passively assess web vulnerabilities B. To check compliance of the router configuration C. Provided a passive check of the network's security D. Actively assess deployed security controls Answer: D
QUESTION NO: 1115 While using a protocol analyzer on a packet captured from the weekend, the administrator sees that there was a lot of TCP traffic on ports 6881-68889 with many different destinations. Which of the following does this MOST likely indicate? A. Someone is running a web server B. Someone is using bit torrent C. Someone is using a L2TP VPN D. Someone hasa unsecure SMTP relay running Answer: B
Exploitation of security vulnerabilities is used during assessments when which of the following is true? A. Security testers have clear and written authorization to conduct vulnerability scans. B. Security testers are trying to document vulnerabilities without impacting network operations. C. Network users have permissions allowing access to network devices with security weaknesses. D. Security testers have clear and written authorization to penetration testing. Answer: A
QUESTION NO: 1117 Two users are unable to exchange encrypted e-mails, both users can exchange encrypted e-mails with other users. Which of the following is the MOST likely the cause? A. Private keys are not exchanged "Pass Any Exam. Any Time." - www.actualtests.com 323
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam B. The certificate authority is unresponsive C. One of the user's certificates is revoked D. Public keys are not exchanged Answer: A
QUESTION NO: 1118 Which of the following behavior-based security appliances are used to prevent suspicious activity from entering the network? A. Antivirus B. HDS C. IPS D. IDS Answer: D
Which of the following is true about the application of machine virtualization? A. Virtualization hosting possible on one specific OS B. Machine virtualization is only in a 64-bit environment C. Some malware is able to detect that they are running in a virtual environment D. The virtualization host OS must be within two revisions of the guest OS Answer: C
Which of the following is achieved and ensure by digitally signing an email? A. Availability B. Confidentiality C. Delivery D. Integrity Answer: B
Ac
tua
lTe
sts
.co
324
CompTIA SY0-201: Practice Exam QUESTION NO: 1121 An attacker is targeting specific using packet capture software. An administrator cannot shut down the server due to company policy. Which of the following would LEAST impact the applications hosted on the server? A. Disable the server on directory services B. Disconnect the server from the network, scan it for viruses and malware, and reboot C. Restart all services on the server D. Change the configuration on the NIC card so it is not promiscuous mode Answer: A
QUESTION NO: 1122 Which of the following would MOST likely determine which user inadvertently shut down the company's web server? A. Access logs B. Application logs C. DNS logs D. Performance logs Answer: A
QUESTION NO: 1124 Which of the following requirements would MOST likely cause a technician to use a protocol analyzer?
Ac
Which of the following describes what has occurred after a user has successfully gained access to a secure system?
tua
lTe
sts
.co
325
CompTIA SY0-201: Practice Exam A. Ensure a password meets password policy complexity requirements. B. Determine if a password was sent in clear text over the network. C. Analyze the security logs for a large amount of incorrect password attempts. D. Crack the administrator account password after it had been forgotten. Answer: B
QUESTION NO: 1125 An attacker use an account that allows read-only access to the firewall for checking logs and configuration files to gain access to an account that gives full control over firewall configuration. This type of attack is best known as: A. A man-in-the-middle attack B. Exploiting a back door C. Exploiting a week password D. Privilege escalation Answer: D
Which of the following should a technician deploy in order to minimize exposed from a NMAP scan? A. Antivirus B. Honeynet C. Host intrusion detection D. Personal firewall Answer: B
QUESTION NO: 1127 The security administrator at a small company is having trouble sending and receiving SMTP traffic from the network to the external gateway. Network utilization is very high with most traffic origination at one external IP address and ending at the SMTP server. Which of the following is MOST likely happening? A. DoS attack B. Open mail relays "Pass Any Exam. Any Time." - www.actualtests.com 326
Ac
tua
lTe
sts
.co
QUESTION NO: 1128 The administrator needs to set permissions for the new print server for a company comprised of 320 people in 18 departments. Each department has its own set of printers. Which of the following options is the BEST way to do this? A. Place all the people into departmental groups. Assign access to all printers for each group. B. Place all people into distribution groups. Assign access by access group. C. Place all the people into departmental groups. Assign printer access by matching group to department. D. Place all the people into departmental groups. Assign printer access by matching individuals to printer groups. Answer: C
NDS can be used to help secure a network from threats MOST effectively by watching network traffic in order to: A. Verify adequate bandwidth is being provided for existing traffic B. Inspect and analyze data being passed through SSH tunnels C. Ensure proper strength D. Observe if any systems are communicating using unauthorized protocols Answer: B
QUESTION NO: 1130 An administrator is concerned that users are not utilizing strong passwords. Which of the following can be done to enforce user compliance? A. Implement a strict domain level group policy B. Supply the users with suggested password guidelines C. Offer user training regarding proper policy D. Supply the users with a third-party application to hash their passwords "Pass Any Exam. Any Time." - www.actualtests.com 327
Ac
tua
lTe
sts
.co
QUESTION NO: 1131 Employees are unable to open internal company documents as they all appear to be encrypted. The company CO has received an email an email asking for $10,000 in exchange for the documents decryption key. Which of the following BEST describes this type of attack? A. Ransomware B. Adware C. Rootkit attack D. Trojan attack Answer: A
Answer: C
An administrator believes that a rootkit has been installed on a network server. Which of the following actions is MOST effective? A. Locate therootkit's executable files and deleted them B. Format the hard disk and re-install operating the original media C. Remove therootkit's startup entry from the operating system's list of startup processes D. Restore from the latest full backup Answer: C
QUESTION NO: 1134 "Pass Any Exam. Any Time." - www.actualtests.com 328
Ac
tua
lTe
sts
Cell phones with network access and the ability to store data files are susceptible to which of the following risks?
.co
CompTIA SY0-201: Practice Exam A user is concerned about threats regarding social engineering and has asked the IT department for advice. One suggestion offered might be to: A. Install a removable data backup device for portability ease B. Verify the integrity of all data that is accessed the network C. Ensure that passwords are not named after relatives D. Disallow all port 80 inbound connection attempts Answer: C
QUESTION NO: 1135 Which of the following policies defines how to handle certain types of data? A. Separation of duties B. Secure disposal of computers C. Change management policy D. Acceptable use policy Answer: D
Which of the following would be used to observe a runaway process? A. Performance monitor B. Performance baseline C. Protocol analyzer D. Application log Answer: A
QUESTION NO: 1137 Which of the following is of the GREATEST concern in regard to a rogue access point? A. Rogue access points are hard to find and remove from the network. B. Rogue access points can scan the company's wireless network and find other unencrypted and rogue access points C. The radio signal of the rouge access point interferes with company access points D. Rogue access points can allow unauthorized uses the company's internal networks
Ac
tua
lTe
sts
.co
329
QUESTION NO: 1138 Which of the following allows a user's private IP address to be displayed as the firewall IP address when browsing the Internet? A. Screened subnet B. Dual-hormed C. DHCP D. NAT Answer: D
Answer: B
In evaluating risk assessments, senior level managers would MOST likely accept a risk based on which of the following reasons? A. Complexity of fixing the vulnerability B. Physical security measures will take weeks to install C. Cost of mitigation outweighs the risk D. The potential impact of the risk is easily mitigated Answer: D
QUESTION NO: 1141 "Pass Any Exam. Any Time." - www.actualtests.com 330
Ac
tua
lTe
A. Remove the employee from the Human Resources security group B. Move the employee to the Accounting security group C. Add the employee's to the Accounting security group D. Disable the employee's access through group policies
sts
An employee in Human Resources transfer to accounting. The employee needs to the accounting system but no longer requires access to human resources. Which of the following would accomplish the needed changes?
.co
CompTIA SY0-201: Practice Exam Which of the following is an authentication method that uses symmetric key encryption and a key distribution center? A. MS-CHAP B. Kerberos C. 802.1x D. EAP Answer: B
QUESTION NO: 1142 Which of the following uses a trusted third party key distribution center authentication tokens? A. TACACS B. CHAP C. LDAP D. Kerberos Answer: A
Which of the following would be implemented to detect attacks on an individual system? A. Firewall B. Honeypot C. NPS D. HDS Answer: D
QUESTION NO: 1144 Which of the following encryption algorithms normally use a key that is the same length as the data to be encrypted? A. DES B. One time pad C. 3DES D. PGP
Ac
tua
lTe
sts
.co
331
QUESTION NO: 1145 The administrator reviews the server logs and discovers a large amount of port 25 traffic. Which of the following would be MOST likely cause of the increased traffic? A. Spyware B. Trojan C. Spambot D. Virus Answer: B
The primary purpose of a hot site is to ensure which of the following? A. Adequate HVAC to meet environmental initiatives B. Recovery of operations within 30 days after a disaster C. Transition of operations in a short time period in a disaster D. Seamless operations in the event of a disaster Answer: C
An administrator wants to be able to login to SSH using a certificate. Which of the following should the administrator place in the remote system's authorized_keys' file? A. Privatekey B. Shared key C. Server PKI certificate D. Public key Answer: D
QUESTION NO: 1148 A user reports that after opening an email from someone they knew, their computer is now displaying unwanted images. Which of the following software can the technician MOST likely "Pass Any Exam. Any Time." - www.actualtests.com 332
Ac
tua
lTe
sts
.co
CompTIA SY0-201: Practice Exam install on the computer to mitigate this threat? A. Anti-spam B. Antivirus C. HDS D. Firewall Answer: A
QUESTION NO: 1149 Which of the following determines if traffic is blocked or allowed? A. Access Control List (ACL) B. Network-based intrusion Detection System (NIDS) C. Username and passwords D. Logical keys Answer: A
A technician would MOST likely use a vulnerability scanner instead of a port scanner when which of the following is required? A. Only a list of open ports B. More information about the services C. A faster, less comprehensive scan D. A list of filtered ports Answer: A
QUESTION NO: 1151 Most mission impacting vulnerabilities in a formal risk assessment should be: A. Accepted B. Avoided C. Mitigated D. Ignored Answer: A "Pass Any Exam. Any Time." - www.actualtests.com 333
Ac
tua
lTe
sts
.co
QUESTION NO: 1152 Which of the following notifies a user that the credentials of the party they are communicating with are no longer valid? A. Recovery agent B. AES C. Key escrow D. CRL Answer: D
Which of the following actions is an employee able to take if they are given administrative access to a workstation? A. Installing applications, creating local user accounts, and modifying any accounts on the domain B. Upgrading the operating system, creating local user accounts, and modifying any accounts on the system C. Upgrading the operating system, creating local user accounts, and modifying accounts on the network D. Installing application on remote systems, creating local user accounts they created Answer: B
Ac
tua
Answer: A
lTe
A. External vulnerability scan B. External penetration test C. Internal vulnerability scan D. Internal penetration test
sts
.co
A security administrator has requested an assessment be conducted to determine the current risks from outside the network. The assessment should be the intrusive to ensure no system crash during the process. Which of the following could be conducted during normal business hours?
334
CompTIA SY0-201: Practice Exam QUESTION NO: 1155 Which of the following encryption algorithms can use the LARGEST key length? A. 3DES B. AES C. DES D. SHA-256 Answer: B
QUESTION NO: 1156 Which of the following describe and IPS? A. A passive system that is designed to log activity B. A proactive system that notifies laws enforcement of an attack C. A passive systems that provides data on an attack afterwards D. A proactive systems that helps block unwanted access Answer: C
Answer: B
QUESTION NO: 1158 An administrator wants to make sure that network machines stay up-to-date with current solutions, which of the following should be done on a regular basic to help facilitate this need? A. Group policy updates B. Patch management C. Driver updates "Pass Any Exam. Any Time." - www.actualtests.com 335
Ac
tua
Server administrators want to restrict requested sent to their based upon source, time of day, and type of request. Which of the following would be the BEST network-based solution?
lTe
sts
.co
QUESTION NO: 1159 Which of the following is considered the MOST secure replacement for telnet? A. SSH B. L2TP C. IPSec D. SSL Answer: A
Answer: A
L2tp Tunneling replies on which of the following for security? A. IPSec B. SHH C. SSL D. L2f Answer: A
Ac
tua
lTe
A. Full backup on Sunday and differential backups every other day B. Full backup Sunday and incremental backups every other day C. Full backup on Sunday and a full backup every day D. Full backup on Sunday and alternating differential and incremental every other day
sts
An administrator needs to implement a backup strategy that provides the fastest recovery in case of data corruption. Which of the following should the administrator implement?
.co
336