Security+
Test preparation for Security+. This practice is for SYO-201. (ATest/7s)
- 1.
7An administrator has implemented a new SMTP service on a server. A public IP addresstranslates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the servers public IP address is now reported in a spam real-time blocklist.Which of the following is wrong with the server?
- A.
SMTP open relaying is enabled.
- B.
It does not have a spam filter.
- C.
The amount of sessions needs to be limited.
- D.
The public IP address is incorrect.
Correct Answer
A. SMTP open relaying is enabled. -
- 2.
17On which of the following is a security technician MOST likely to find usernames?
- A.
DNS logs
- B.
Application logs
- C.
Firewall logs
- D.
DHCP logs
Correct Answer
B. Application logs -
- 3.
27A programmer has decided to alter the server variable in the coding of an authentication functionfor a proprietary sales application. Before implementing the new routine on the productionapplication server, which of the following processes should be followed?
- A.
Change management
- B.
Secure disposal
- C.
Password complexity
- D.
Chain of custody
Correct Answer
A. Change management -
- 4.
37Which of the following network tools would provide the information on what an attacker is doing tocompromise a system?
- A.
Proxy server
- B.
Honeypot
- C.
Internet content filters
- D.
Firewall
Correct Answer
B. Honeypot -
- 5.
47Which of the following ensures a user cannot deny having sent a message?
- A.
Availability
- B.
Integrity
- C.
Non-repudiation
- D.
Confidentiality
Correct Answer
C. Non-repudiation -
- 6.
57A technician wants to regulate and deny traffic to websites that contain information onhacking.Which of the following would be the BEST solution to deploy?
- A.
Internet content filter
- B.
Proxy
- C.
NIDS
- D.
Protocol analyzer
Correct Answer
A. Internet content filter -
- 7.
67Which of the following attacks can be caused by a user being unaware of their physicalsurroundings?
- A.
ARP poisoning
- B.
Phishing
- C.
Shoulder surfing
- D.
Man-in-the-middle
Correct Answer
C. Shoulder surfing -
- 8.
77A technician needs to detect staff members that are connecting to an unauthorized website. Whichof the following could be used?
- A.
Protocol analyzer
- B.
Bluesnarfing
- C.
Host routing table
- D.
HIDS
Correct Answer
A. Protocol analyzer -
- 9.
87Which of the following methods is used to perform denial of service (DoS) attacks?
- A.
Privilege escalation
- B.
Botnet
- C.
Adware
- D.
Spyware
Correct Answer
B. Botnet -
- 10.
97Password crackers are generally used by malicious attackers to:
- A.
Verify system access.
- B.
Facilitate penetration testing.
- C.
Gain system access.
- D.
Sniff network passwords.
Correct Answer
C. Gain system access. -
- 11.
107Which of the following statements BEST describes the implicit deny concept?
- A.
Blocks everything and only allows privileges based on job description
- B.
Blocks everything and only allows explicitly granted permissions
- C.
Blocks everything and only allows the minimal required privileges
- D.
Blocks everything and allows the maximum level of permissions
Correct Answer
B. Blocks everything and only allows explicitly granted permissions -
- 12.
117Which of the following tools would be used to review network traffic for clear text passwords?
- A.
Port scanner
- B.
Protocol analyzer
- C.
Firewall
- D.
Password cracker
Correct Answer
B. Protocol analyzer -
- 13.
127An administrator has developed an OS install that will implement the tightest security controlspossible.In order to quickly replicate these controls on all systems, which of the following should beestablished?
- A.
Take screen shots of the configuration options.
- B.
Create an image from the OS install.
- C.
Create a boot disk for the operating system.
- D.
Implement OS hardening procedures
Correct Answer
B. Create an image from the OS install. -
- 14.
137Which of the following is a CRL composed of?
- A.
Public Key Infrastructure (PKI)
- B.
Expired or revoked certificates
- C.
Certificate authorities
- D.
Expired user accounts
Correct Answer
B. Expired or revoked certificates -
- 15.
147Which of the following can reduce the risk associated with password guessing attacks? (Select TWO).
- A.
Implement single sign-on.
- B.
Implement shared passwords.
- C.
Implement account-lockout thresholds.
- D.
Implement shadow passwords.
- E.
Implement stronger password complexity policies.
Correct Answer
C. Implement account-lockout thresholds. -
- 16.
157Accessing a system or application using permissions from another users account is a form of which of the following?
- A.
Phishing
- B.
Domain kiting
- C.
ARP spoofing
- D.
Privilege escalation
Correct Answer
D. Privilege escalation -
- 17.
167Which of the following would allow an administrator to find weak passwords on the network?
- A.
A network mapper
- B.
A hash function
- C.
A password generator
- D.
A rainbow table
Correct Answer
D. A rainbow table -
- 18.
177When dealing with a 10BASE5 network, which of the following is the MOST likely security risk?
- A.
An incorrect VLAN
- B.
SSID broadcasting
- C.
Repeater
- D.
A vampire tap
Correct Answer
D. A vampire tap -
- 19.
187Which of the following media is the LEAST likely to be successfully tapped into?
- A.
Unshielded twisted pair cable
- B.
Coaxial cable
- C.
Fiber optic cable
- D.
Shielded twisted pair cable
Correct Answer
C. Fiber optic cable -
- 20.
197A user reports that a web based application is not working after a browser upgradE. Before the upgrade, a login box would appear on the screen and disappear after login. The login box does not appear after the upgradE. Which of the following BEST describes what to check FIRST?
- A.
That the software based firewall application trusts this site
- B.
That the pop-up blocker application trusts this site
- C.
That the antivirus application trusts this site
- D.
That the anti-spam application trusts this site
Correct Answer
B. That the pop-up blocker application trusts this site -
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Jan 16, 2013Quiz Edited by
ProProfs Editorial Team -
Aug 04, 2010Quiz Created by
Jasondantzler
Back to top