Sending a patch through a testing and approval process is an example of which of the following?

User education and awareness training

Which of the following is the MOST likely to generate static electricity?

Low humidity and high temperature

High humidity and low temperature

Low humidity and low temperature

High humidity and high temperature

Which of the following allows a file to have different security permissions for users that have the same roles or user groups?

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

Discretionary Access Control (DAC)

Rule-Based Access Control (RBAC)

A user complains that the color laser printer continuously gives an access denied message while attempting to print a text document. The administrator logs onto the PC and prints successfully. Which of the following should the administrator check FIRST?

That the user has sufficient rights to print to the printer

That the printer has the correct size of paper in each of the trays

That the toner should be changed in the printer

That the user has sufficient rights to print to the printer

That the user is attempting to print to the correct printer tray

A user is denied access to a file. The user had access to the file yesterday. Which of the following is the FIRST action for the technician to take?

Verify that the users permissions are correct.

Deny the users request and forward to the human resources department.

Verify that the users permissions are correct.

A user reports that a web based application is not working after a browser upgrade. Before theupgrade, a login box would appear on the screen and disappear after login. The login box doesnot appear after the upgrade. Which of the following BEST describes what to check FIRST?

That the pop-up blocker application trusts this site

That the software based firewall application trusts this site

That the pop-up blocker application trusts this site

That the anti-virus application trusts this site

That the anti-spam application trusts this site

A user needs to verify that a patch file downloaded from a third party has not been modified since the time that the original manufacturer released the patch. Which of the following is the BEST way to verify that the file has not been modified?

Compare the final MD5 hash with the original

Download the patch file over an AES encrypted VPN connection

Compare the final LANMAN hash with the original

Download the patch file through a SSL connection

CompTIA Security+ (Sy0-201) Quiz 2 Of 4

Approved & Edited by ProProfs Editorial Team

At ProProfs Quizzes, our dedicated in-house team of experts takes pride in their work. With a sharp eye for detail, they meticulously review each quiz. This ensures that every quiz, taken by over 100 million users, meets our standards of accuracy, clarity, and engagement.

Learn about Our Editorial Process

| Written by Tlamot01

Tlamot01

Community Contributor

Quizzes Created: 1 | Total Attempts: 428

Questions: 93 | Attempts: 428 | Updated: Mar 21, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Patience folks, I'm still building this one. Should have it finished this afternoon.

CompTIA Security+ (SY0-201) Practice Exam #2
There will be four tests total (as the method of producing these tests seems to die after about 170 questions are loaded). Goal is four separate test with randomly selected questions so each attempt has a different set of 50 questions per attempt.
There will be roughly 700 questions between all four practice exams. . .
Disclaimer: I have been told from those that have gone to take the actual test that these questions are dissimilar. However, the basic disciplines are Read morecovered and should help considerably to pick out key associations between questions and answers

Questions and Answers

1.

Which of the following allows for notification when a hacking attempt is discovered?
- A.
  
  NAT
- B.
  
  NIDS
- C.
  
  Netflow
- D.
  
  Protocol analyzer
Correct Answer
B. NIDS

Explanation
NIDS (Network-Intrusion Detection System) Passive Response Options:
Notification communicates intrusion event-related information to the appropriate personnel when an event has occurred. This includes relaying any relevant data about the event to help evaluate the situation. If the IDS is manned full-time, messages can be displayed on the manager's console to indicate that the situation is occurring. (Domain 2.4)

Rate this question:
2.

When dealing with a 10BASE5 network, which of the following is the MOST likely security risk?
- A.
  
  An incorrect VLAN
- B.
  
  SSID broadcasting
- C.
  
  A repeater
- D.
  
  A vampire tap
Correct Answer
D. A vampire tap

Explanation
10BASE5 network uses coaxial wire (similar to cable co. wire)as the infrastructure. Although this configuration is mostly phased out in networks, the primary security risk was the use of Vampire Taps. These taps are named based on their physical design, which resembles how a vampire would bite into a wire - using two teeth of different sizes. One taps the braided outer shielding while another longer prong taps the center conductor. Once in place, all data on the net can be stolen with no indication the device is in place. (Domain 2.6)

Rate this question:
3.

Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem?
- A.
  
  A vulnerability scanner
- B.
  
  Security baselines
- C.
  
  A port scanner
- D.
  
  Group policy
Correct Answer
A. A vulnerability scanner

Explanation
A TCP/IP network makes many of the ports available to outside users through the router. These ports respond in a predictable way. A port scanner can identify which ports are open and the data collected can be fed to a vulnerability scanner, whose job is to identify the known exploits attackers may use on that open port and re-mediate them with patches. (Domain 2.1)

Rate this question:
4.

Which of the following allows for proof that a certain person sent a particular email?
- A.
  
  Steganography
- B.
  
  Integrity
- C.
  
  Trusted Platform Module
- D.
  
  Non-repudiation
Correct Answer
D. Non-repudiation

Explanation
Non-repudiation prevents one party from denying actions they carried out. In cryptography, you need non-repudiation to verify that someone is who they report to be.
Third party organizations called CAs (Certificate Authorities) manage public keys and issue certificates verifying the validity of the sender's message. The verifying aspect serves as non-repudiation' a respected third party vouches for the individual. The goal of any effective cryptography system must include non-repudiation. (Domain 5.1)

Rate this question:
5.

Which of the following uses a key ring?
- A.
  
  AES
- B.
  
  DES
- C.
  
  PGP
- D.
  
  RSA
Correct Answer
C. PGP

Explanation
PGP (Pretty Good Privacy)is the freeware e-mail security encryption system that uses both symmetrical and asymmetrical systems in a key-ring configuration.(Domain 5.3)

SIDE STUDY
AES (Advanced Encryption Standard)

Rate this question:
6.

Which of the following allows for the highest level of security at time of login?
- A.
  
  Single sign-on
- B.
  
  Two-factor authentication
- C.
  
  One-factor authentication
- D.
  
  NTLMv2
Correct Answer
B. Two-factor authentication

Explanation
Two-factor authentication involves an additional step beyond the normal password (one-factor) entry. Your CAC +PIN is a good example of two-factor method. (Domain 3.7)

SIDE STUDY
Single sign-on - passes authentication information to trusted systems after the initial logon by the user.
One factor-authentication - normally a username and password are all that is required for access.
NTLMv2 - NTLM (NT LAN Manager) is a suite of Microsoft security protocols that offers authentication, integrity, and confidentiality to users. NTLM is the successor to Microsoft LAN Manager (LANMAN).

Rate this question:
7.

Sending a patch through a testing and approval process is an example of which of the following?
- A.
  
  Disaster planning
- B.
  
  Change management
- C.
  
  Acceptable use policies
- D.
  
  User education and awareness training
Correct Answer
B. Change management

Explanation
Change Management - the structured approach that is followed to secure the company's assets. Details here should include the controls that are in place to prevent unauthorized access to, and changes of, all IT assets. (Domain 6.4)

Rate this question:
8.

Sending continuous TCP requests to a device and ignoring the return information until the device ceases to accept new connections is an example of which of the following?
- A.
  
  TCP/IP hijacking
- B.
  
  DNS poisoning
- C.
  
  Kiting
- D.
  
  DoS
Correct Answer
D. DoS

Explanation
DoS (Denial of Service) - a type of attack that prevents any users - even legitimate ones - from using a system. (Domain 2.1)

Rate this question:
9.

Which of the following would use a group of bots to stop a web server from accepting new requests?
- A.
  
  DoS
- B.
  
  DDoS
- C.
  
  MAC
- D.
  
  ARP
Correct Answer
B. DDoS

Explanation
DDoS (Distributed Denial of Service) - a derivative of a DoS attack in which multiple hosts in multiple locations all focus on one target to reduce its availability to the public. (Domain 2.1)

SIDE STUDY:
DoS (Denial of Service) - a type of attack that prevents any users - even legitimate ones - from using a system.
MAC (Media Access Control) - A sublayer of the Data Link layer of the OSI (Open Systems Interconnection) model that controls the way multiple devices use the same media channel. This is a communication protocol, not an attack.
ARP (Address Resolution Protocol) used to map known IP addresses to unknown physical addresses. This is a communication protocol commonly used by routers.

Rate this question:
10.

Which of the following is the MOST likely to generate static electricity?
- A.
  
  Low humidity and high temperature
- B.
  
  High humidity and low temperature
- C.
  
  Low humidity and low temperature
- D.
  
  High humidity and high temperature
Correct Answer
A. Low humidity and high temperature

Explanation
Static electricity thrives in hot, dry air. Humidity

Rate this question:
11.

Using an asymmetric key cryptography system, where can a technician generate the key pairs?
- A.
  
  A certificate authority
- B.
  
  IETF
- C.
  
  A key escrow service
- D.
  
  A recovery agent
Correct Answer
A. A certificate authority

Explanation
CAs are responsible for maintaining certificates in the PKI (Public Key Infrastructure) environment. (Domain 3.7)

SIDE STUDY:
IETF (Internet Engineering Task Force) establishes standards and protocols for the Internet.

Rate this question:
12.

Which of the following media is the LEAST likely to be successfully tapped into?
- A.
  
  Unshielded twisted pair cable
- B.
  
  Coaxial cable
- C.
  
  Fiber optic cable
- D.
  
  Shielded twisted pair cable
Correct Answer
C. Fiber optic cable

Explanation
Fiber, as a media, is relatively secure because it can't be tapped easily. Most known methods of tapping fiber are easily detectable by an IDS. (Domain 2.6)

Rate this question:
13.

Which of the following allows a person to find public wireless access points?
- A.
  
  Weak encryption
- B.
  
  8021x
- C.
  
  SSID broadcast
- D.
  
  Data emanation
Correct Answer
C. SSID broadcast

Explanation
SSID broadcast allows a person to find public wireless access points. When a wireless access point broadcasts its SSID (Service Set Identifier), it becomes visible to nearby devices. This allows users to easily identify and connect to the network. While disabling SSID broadcast can enhance security by making the network less visible, it can also make it more difficult for users to find and connect to the network. Therefore, enabling SSID broadcast is commonly used for public wireless access points to ensure easy accessibility for users.

Rate this question:
14.

Which of the following allows a file to have different security permissions for users that have the same roles or user groups?
- A.
  
  Mandatory Access Control (MAC)
- B.
  
  Role-Based Access Control (RBAC)
- C.
  
  Discretionary Access Control (DAC)
- D.
  
  Rule-Based Access Control (RBAC)
Correct Answer
C. Discretionary Access Control (DAC)

Explanation
Discretionary Access Control (DAC) allows a file to have different security permissions for users that have the same roles or user groups. In DAC, the owner of a file has the discretion to determine who can access the file and what level of access they have. This means that even if multiple users have the same roles or belong to the same user group, the file owner can assign different permissions to each individual user based on their specific needs or trust levels.

Rate this question:
15.

A DMZ has a fake network that a hacker is attacking. Which of the following is this an example of?
- A.
  
  Firewall
- B.
  
  Man-in-the-middle
- C.
  
  Proxy server
- D.
  
  Honeypot
Correct Answer
D. Honeypot

Explanation
A honeypot is a security mechanism that sets up a fake network or system to attract hackers and gather information about their techniques and intentions. In this scenario, the DMZ (Demilitarized Zone) is acting as a honeypot by creating a decoy network that the hacker is attacking. By luring the hacker to the honeypot, security professionals can study the hacker's methods, identify vulnerabilities, and enhance their overall security posture.

Rate this question:
16.

A company decides that the purchasing agent and the accounts receivable agent should exchange positions in order to allow for more oversight of past transactions. Which of the following is this an example of?
- A.
  
  Least privilege
- B.
  
  Implicit deny
- C.
  
  Separation of duties
- D.
  
  Job rotation
Correct Answer
D. Job rotation

Explanation
Job rotation is the correct answer because it involves employees switching roles or positions within a company. In this scenario, the purchasing agent and accounts receivable agent are exchanging positions, which allows for a fresh perspective and increased oversight of past transactions. Job rotation can help prevent fraud, increase employee skills and knowledge, and promote a more well-rounded workforce.

Rate this question:
17.

A user complains that the color laser printer continuously gives an access denied message while attempting to print a text document. The administrator logs onto the PC and prints successfully. Which of the following should the administrator check FIRST?
- A.
  
  That the printer has the correct size of paper in each of the trays
- B.
  
  That the toner should be changed in the printer
- C.
  
  That the user has sufficient rights to print to the printer
- D.
  
  That the user is attempting to print to the correct printer tray
Correct Answer
C. That the user has sufficient rights to print to the printer

Explanation
The administrator should first check if the user has sufficient rights to print to the printer. This is because the access denied message suggests that the user may not have the necessary permissions to use the printer. By verifying the user's rights, the administrator can ensure that the issue is not related to permissions before investigating other possible causes such as paper size, toner, or printer tray.

Rate this question:
18.

Which of the following uses a sandbox to manage a programs ability to access system resources?
- A.
  
  Java
- B.
  
  ActiveX
- C.
  
  JavaScript
- D.
  
  Cold Fusion
Correct Answer
A. Java

Explanation
Java uses a sandbox to manage a program's ability to access system resources. The sandbox is a security mechanism that restricts the actions of a program, preventing it from accessing certain system resources or performing potentially harmful operations. This helps to ensure the safety and security of the system by limiting the program's capabilities and preventing it from causing any damage or unauthorized access.

Rate this question:
19.

Which of the following allows a technician to view the security permissions of a file?
- A.
  
  The access control list
- B.
  
  The security baseline
- C.
  
  The data emanation
- D.
  
  The local security template
Correct Answer
A. The access control list

Explanation
The access control list allows a technician to view the security permissions of a file. The access control list is a list of permissions attached to an object, such as a file or folder, that specifies which users or groups are granted or denied access to that object. By viewing the access control list, a technician can see the specific permissions assigned to the file and determine who has access to it.

Rate this question:
20.

A user is denied access to a file. The user had access to the file yesterday. Which of the following is the FIRST action for the technician to take?
- A.
  
  Deny the users request and forward to the human resources department.
- B.
  
  Reboot the system.
- C.
  
  Verify that the users permissions are correct.
- D.
  
  Grant access to the file.
Correct Answer
C. Verify that the users permissions are correct.

Explanation
The first action for the technician to take is to verify that the user's permissions are correct. This is because the user had access to the file yesterday, indicating that there might be an issue with their permissions. By checking and ensuring that the user has the necessary permissions to access the file, the technician can troubleshoot and resolve any permission-related issues that may have caused the denial of access.

Rate this question:
21.

A user is convinced that someone is attempting to use their user account at night. Which of the following should an administrator check FIRST in order to prove or disprove this claim?
- A.
  
  The IDS logs
- B.
  
  The security application logs
- C.
  
  The local security logs
- D.
  
  The firewall logs
Correct Answer
C. The local security logs

Explanation
To prove or disprove the claim that someone is attempting to use the user account at night, the administrator should check the local security logs first. The local security logs contain information about login attempts, failed login attempts, and other security-related events on the user's system. By examining these logs, the administrator can identify any suspicious activity during the night and determine if someone is indeed trying to access the user account. The IDS logs, security application logs, and firewall logs may also provide valuable information, but the local security logs are the most direct and relevant source of evidence in this scenario.

Rate this question:
22.

A user reports that a web based application is not working after a browser upgrade. Before theupgrade, a login box would appear on the screen and disappear after login. The login box doesnot appear after the upgrade. Which of the following BEST describes what to check FIRST?
- A.
  
  That the software based firewall application trusts this site
- B.
  
  That the pop-up blocker application trusts this site
- C.
  
  That the anti-virus application trusts this site
- D.
  
  That the anti-spam application trusts this site
Correct Answer
B. That the pop-up blocker application trusts this site

Explanation
The most likely reason for the login box not appearing after a browser upgrade is that the pop-up blocker application is blocking it. Pop-up blockers are designed to prevent unwanted pop-up windows from appearing, but sometimes they can mistakenly block legitimate ones. Therefore, the first thing to check would be if the pop-up blocker application is configured to allow pop-ups from the specific website.

Rate this question:
23.

An intrusion has been detected on a company's network from the Internet. Which of the following should be checked FIRST?
- A.
  
  The firewall logs
- B.
  
  The DNS logs
- C.
  
  The access logs
- D.
  
  The performance logs
Correct Answer
A. The firewall logs

Explanation
The firewall logs should be checked first because they provide information about all incoming and outgoing network traffic. By analyzing the firewall logs, the company can identify any suspicious or unauthorized activity that may have occurred during the intrusion. This can help in understanding the nature of the attack and taking appropriate measures to mitigate it. DNS logs, access logs, and performance logs may also be useful in investigating the intrusion, but checking the firewall logs is the most crucial initial step.

Rate this question:
24.

A user needs to verify that a patch file downloaded from a third party has not been modified since the time that the original manufacturer released the patch. Which of the following is the BEST way to verify that the file has not been modified?
- A.
  
  Compare the final MD5 hash with the original
- B.
  
  Download the patch file over an AES encrypted VPN connection
- C.
  
  Compare the final LANMAN hash with the original
- D.
  
  Download the patch file through a SSL connection
Correct Answer
A. Compare the final MD5 hash with the original

Explanation
Comparing the final MD5 hash with the original is the best way to verify that the patch file has not been modified. MD5 is a widely used cryptographic hash function that generates a unique hash value for a given file. By comparing the final MD5 hash of the downloaded patch file with the original MD5 hash provided by the manufacturer, any changes or modifications to the file can be detected. If the hashes match, it ensures the integrity and authenticity of the file, indicating that it has not been tampered with since the manufacturer released it.

Rate this question:
25.

A technician suspects that one of the network cards on the internal LAN is causing a broadcast storm. Which of the following would BEST diagnose which NIC is causing this problem?
- A.
  
  The NIDS log file
- B.
  
  A protocol analyzer
- C.
  
  The local security log file
- D.
  
  The local firewall log file
Correct Answer
B. A protocol analyzer

Explanation
A protocol analyzer would be the best tool to diagnose which NIC is causing a broadcast storm. A protocol analyzer captures and analyzes network traffic, allowing the technician to identify the source of excessive broadcast traffic. By examining the packets and analyzing their source and destination addresses, the technician can pinpoint the network card that is generating the excessive broadcasts. The NIDS log file, local security log file, and local firewall log file may provide some information about network activity, but they would not provide the detailed packet-level analysis needed to identify the specific NIC causing the broadcast storm.

Rate this question:
26.

A user does not understand why the domain password policy is so stringent. Which of thefollowing BEST demonstrates the security basis for the password policy?
- A.
  
  Explain how easy it is for a hacker to crack weak passwords
- B.
  
  Show the user a domain overview, including a list of weak passwords.
- C.
  
  Refer the user to a strong password demonstrator
- D.
  
  Ask the user to review the corporate policies and procedures manual
Correct Answer
A. Explain how easy it is for a hacker to crack weak passwords

Explanation
Explaining how easy it is for a hacker to crack weak passwords would demonstrate the security basis for the password policy. By highlighting the vulnerabilities and risks associated with weak passwords, the user can better understand the need for a stringent password policy to protect against unauthorized access and potential data breaches. This explanation helps the user comprehend the importance of strong passwords and the potential consequences of using weak ones.

Rate this question:
27.

A company needs to have multiple servers running low CPU utilization applications. Which of the following is the MOST cost efficient method for accomplishing this?
- A.
  
  Install multiple high end servers, sharing a clustered network operating system
- B.
  
  Install a single low end server, running multiple virtual servers
- C.
  
  Install a single high end server, running multiple virtual servers
- D.
  
  Install multiple low end servers, each running a network operating system
Correct Answer
C. Install a single high end server, running multiple virtual servers

Explanation
Installing a single high-end server and running multiple virtual servers is the most cost-efficient method for the company. This approach allows for the consolidation of resources, reducing the need for multiple physical servers. By utilizing virtualization technology, the company can maximize the utilization of the high-end server's resources, effectively running multiple applications on a single machine. This not only saves on hardware costs but also reduces power consumption, cooling requirements, and maintenance efforts.

Rate this question:
28.

A programmer creates an application to accept data from a website. A user places moreinformation than the program expects in the input field resulting in the back end database placing the extra information into the database. Which of the following is this an example of?
- A.
  
  Java input error
- B.
  
  Cross-site scripting
- C.
  
  Buffer overflow
- D.
  
  SQL injection
Correct Answer
D. SQL injection

Explanation
This is an example of SQL injection. SQL injection occurs when a user input is not properly validated or sanitized, allowing an attacker to insert malicious SQL code into a query. In this case, the user input with extra information is being directly inserted into the database, which can lead to unauthorized access, data manipulation, or other malicious activities.

Rate this question:
29.

Which of the following security threats is MOST commonly associated with a targeted distributed denial of service (DDoS)?
- A.
  
  Viruses
- B.
  
  Worms
- C.
  
  Botnets
- D.
  
  Trojans
Correct Answer
C. Botnets

Explanation
A targeted distributed denial of service (DDoS) attack involves overwhelming a target's network or website with a massive amount of traffic, rendering it inaccessible. Botnets, which are networks of compromised computers controlled by a single entity, are commonly associated with DDoS attacks. The attacker can use the botnet to send a flood of traffic to the target, amplifying the impact of the attack. This makes botnets the most commonly associated security threat with targeted DDoS attacks.

Rate this question:
30.

A developer added code to a financial system designed to transfer money to a foreign bankaccount on a specific time and date. The code would activate only if human resources processed the developers termination papers. The developer implemented which of the following security threats?
- A.
  
  Logic bomb
- B.
  
  Rootkit
- C.
  
  Botnet
- D.
  
  Privilege escalation
Correct Answer
A. Logic bomb

Explanation
The developer implemented a logic bomb in the financial system. A logic bomb is a malicious code that is inserted into a software system and is triggered by a specific event or condition, in this case, the processing of the developer's termination papers by human resources. Once triggered, the logic bomb would activate and initiate the unauthorized transfer of money to a foreign bank account. This represents a security threat as it could result in financial loss and unauthorized access to sensitive information.

Rate this question:
31.

A CEO is concerned about staff browsing inappropriate material on the Internet via HTTPS. It has been suggested that the company purchase a product which could decrypt the SSL session, scan the content and then repackage the SSL session without staff knowing.Which of the following type of attacks is similar to this product?
- A.
  
  Replay
- B.
  
  Spoofing
- C.
  
  TCP/IP hijacking
- D.
  
  Man-in-the-middle
Correct Answer
D. Man-in-the-middle

Explanation
The correct answer is "Man-in-the-middle." This is because a man-in-the-middle attack involves an attacker intercepting communication between two parties without their knowledge and then relaying the information between them. In this scenario, the product suggested by the CEO would act as a man-in-the-middle by intercepting the SSL session, decrypting it, scanning the content for inappropriate material, and then repackaging the session without the staff knowing.

Rate this question:
32.

After a system risk assessment was performed it was found that the cost to mitigate the risk was higher than the expected loss if the risk was actualized. In this instance, which of the following is the BEST course of action?
- A.
  
  Accept the risk
- B.
  
  Mitigate the risk
- C.
  
  Reject the risk
- D.
  
  Run a new risk assessment
Correct Answer
A. Accept the risk

Explanation
In this scenario, accepting the risk is the best course of action because the cost to mitigate the risk is higher than the expected loss if the risk occurs. This means that attempting to mitigate the risk would be more expensive than the potential harm caused by the risk itself. By accepting the risk, the organization acknowledges the potential consequences but decides not to take any further action to prevent or reduce it. This decision is based on a cost-benefit analysis, where it is more cost-effective to accept the risk rather than investing resources in mitigation measures.

Rate this question:
33.

A small call center business decided to install an email system to facilitate communications in the office.As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protected . If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If determining the risk, which of the following is the annual loss expectancy (ALE)?
- A.
  
  $2,700
- B.
  
  $4,500
- C.
  
  $5,000
- D.
  
  $7,290
Correct Answer
D. $7,290

Explanation
ALE (Annual Loss Expectancy) only calculates the loss associated with the risk. It does not factor in the cost associated with remediation.
FORMULA:
$90 per hour * 3 hours labor per incident = $270
$270 * 30 staff = $8100
$8100 * 0.9 (90%) = $7,290

Rate this question:
34.

A technician is deciding between implementing a HIDS on the database server or implementing a NIDS. Which of the following are reasons why a NIDS may be better to implement? (Select TWO)
- A.
  
  Many HIDS require frequent patches and updates.
- B.
  
  Many HIDS are not able to detect network attacks
- C.
  
  Many HIDS have a negative impact on system performance.
- D.
  
  Many HIDS only offer a low level of detection granularity.
- E.
  
  Many HIDS are not good at detecting attacks on database servers.
Correct Answer(s)
B. Many HIDS are not able to detect network attacks
C. Many HIDS have a negative impact on system performance.

Explanation
HIDS (Host Intrusion Detection System)
NIDS (Network Intrusion Detection System)

Rate this question:
35.

Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a laptop?
- A.
  
  Remote access user connecting via SSL VPN
- B.
  
  Office laptop connected to the enterprise LAN
- C.
  
  Remote access user connecting via corporate dial-in server
- D.
  
  Office laptop connected to a home users network
Correct Answer
D. Office laptop connected to a home users network

Explanation
Using a personal software firewall on an office laptop connected to a home user's network is most likely to benefit because home networks typically have less security measures in place compared to enterprise LANs. The personal software firewall can provide an additional layer of protection by monitoring and controlling incoming and outgoing network traffic, preventing unauthorized access and potential attacks from the home network.

Rate this question:
36.

Virtualized applications, such as virtualized browsers, are capable of protecting the underlyingoperating system from which of the following?
- A.
  
  Malware installation from suspects Internet sites
- B.
  
  Man-in-the-middle attacks
- C.
  
  Phishing and spam attacks
- D.
  
  DDoS attacks against the underlying OS
Correct Answer
A. Malware installation from suspects Internet sites

Explanation
Virtualized applications, such as virtualized browsers, can protect the underlying operating system from malware installation from suspicious internet sites. By running the browser in a virtualized environment, any potential malware or malicious code that may be encountered while browsing is isolated from the underlying operating system. This prevents the malware from infecting or compromising the operating system, ensuring its security and integrity.

Rate this question:
37.

A flat or simple role-based access control (RBAC) embodies which of the following principles?
- A.
  
  Users assigned to roles, permissions are assigned to groups, controls applied to groups and permissions acquired by controls
- B.
  
  Users assigned permissions, roles assigned to groups and users acquire additional permissions by being a member of a group
- C.
  
  Roles applied to groups, users assigned to groups and users acquire permissions by being a member of the group
- D.
  
  Users assigned to roles, permissions are assigned to roles and users acquire permissions by being a member of the role
Correct Answer
D. Users assigned to roles, permissions are assigned to roles and users acquire permissions by being a member of the role

Explanation
In a flat or simple role-based access control (RBAC), users are assigned to roles. Permissions are then assigned to roles, and users acquire those permissions by being a member of the role. This means that instead of directly assigning permissions to users or groups, permissions are assigned to roles, and users gain those permissions by being assigned to the corresponding roles. This approach simplifies access control management by centralizing permissions at the role level and allowing for easier assignment and revocation of permissions based on user roles.

Rate this question:
38.

A number of unauthorized staff has been entering the data center by piggybacking authorizedstaff. The CIO has mandated that this behavior stops. Which of the following is the BESTtechnology to install at the data center to prevent piggybacking?
- A.
  
  Mantrap
- B.
  
  Security badges
- C.
  
  Hardware locks
- D.
  
  Token access
Correct Answer
A. Mantrap

Explanation
A mantrap is a security device that consists of two interlocking doors or gates. It allows only one person to pass through at a time, preventing unauthorized individuals from piggybacking or following authorized staff into the data center. By installing a mantrap at the data center, the CIO can ensure that only one person is allowed entry at a time, effectively stopping the unauthorized access. This technology provides a physical barrier and enhances the overall security of the data center.

Rate this question:
39.

Which of the following is a security threat that hides its processes and files from being easilydetected?
- A.
  
  Trojan
- B.
  
  Adware
- C.
  
  Worm
- D.
  
  Rootkit
Correct Answer
D. Rootkit

Explanation
A rootkit is a type of security threat that hides its processes and files from being easily detected. It is designed to gain unauthorized access to a computer system and remain undetected for a long period of time. By hiding its presence, a rootkit can enable malicious activities such as stealing sensitive information, modifying system settings, or installing additional malware. This makes it a serious threat to the security and integrity of a computer system.

Rate this question:
40.

Security templates are used for which of the following purposes? (Select TWO).
- A.
  
  To ensure that email is encrypted by users of PGP
- B.
  
  To ensure that PKI will work properly within the company's trust model
- C.
  
  To ensure that performance is standardized across all servers
- D.
  
  To ensure that all servers start from a common security configuration
- E.
  
  To ensure that servers are in compliance with the corporate security policy
Correct Answer(s)
D. To ensure that all servers start from a common security configuration
E. To ensure that servers are in compliance with the corporate security policy

Explanation
Security templates are used to ensure that all servers start from a common security configuration and to ensure that servers are in compliance with the corporate security policy. By applying a security template, organizations can enforce consistent security settings and configurations across all servers, reducing the risk of vulnerabilities and ensuring that all servers meet the required security standards.

Rate this question:
41.

Frequent signature updates are required by which of the following security applications? (Select TWO).
- A.
  
  Antivirus
- B.
  
  PGP
- C.
  
  Firewall
- D.
  
  PKI
- E.
  
  IDS
Correct Answer(s)
A. Antivirus
E. IDS

Explanation
Antivirus and IDS (Intrusion Detection System) are the security applications that require frequent signature updates. Antivirus software needs regular updates to stay up-to-date with the latest virus definitions and protect against new threats. IDS systems also rely on signature updates to detect and prevent new types of attacks by comparing network traffic against known attack patterns. PGP (Pretty Good Privacy), Firewall, and PKI (Public Key Infrastructure) do not typically require frequent signature updates for their functionality.

Rate this question:
42.

When choosing an anti-virus product, which of the following are the MOST important securityconsiderations? (Select TWO).
- A.
  
  The frequency of signature updates
- B.
  
  The ability to scan encrypted files
- C.
  
  The availability of application programming interface
- D.
  
  The number of emails that can be scanned
- E.
  
  The number of viruses the software can detect
Correct Answer(s)
A. The frequency of signature updates
E. The number of viruses the software can detect

Explanation
The frequency of signature updates is important because it determines how quickly the anti-virus software can recognize and protect against new and emerging threats. The more frequently the signatures are updated, the more effective the software will be in detecting and preventing infections.

The number of viruses the software can detect is also important as it indicates the software's ability to identify and remove a wide range of malware and viruses. A higher number of viruses detected means that the software has a larger database of known threats, increasing the chances of detecting and eliminating malicious software.

Rate this question:
43.

Three generally accepted activities of patch management are: determining which patches areneeded, applying the patches and which of the following?
- A.
  
  Updating the firewall configuration to include the patches
- B.
  
  Running a NIDS report to list the remaining vulnerabilities
- C.
  
  Auditing for the successful application of the patches
- D.
  
  Backing up the patch file executable to a network share
Correct Answer
C. Auditing for the successful application of the patches

Explanation
After determining which patches are needed and applying them, the next step in patch management is to audit for the successful application of the patches. This involves verifying that the patches were installed correctly and have effectively resolved the vulnerabilities they were intended to address. This auditing process ensures that the system is secure and protected against potential threats.

Rate this question:
44.

In which of the following situations would it be appropriate to install a hotfix?
- A.
  
  A patch in a service pack fixes the issue, but too many extra patches are included.
- B.
  
  A patch is not available and workarounds do not correct the problem.
- C.
  
  A patch is available, but has not yet been tested in a production environment
- D.
  
  A patch is too large to be distributed via a remote deployment tool
Correct Answer
B. A patch is not available and workarounds do not correct the problem.

Explanation
If a patch is not available and workarounds do not correct the problem, it would be appropriate to install a hotfix. A hotfix is a software update specifically designed to address a particular issue or bug that is causing problems. In this situation, since there is no patch available and the workarounds are not effective, installing a hotfix would be the best course of action to resolve the problem.

Rate this question:
45.

Social engineering, password cracking and vulnerability exploitation are examples of which of the following?
- A.
  
  Vulnerability assessment
- B.
  
  Fingerprinting
- C.
  
  Penetration testing
- D.
  
  Fuzzing
Correct Answer
C. Penetration testing

Explanation
Social engineering, password cracking, and vulnerability exploitation are all techniques used in penetration testing. Penetration testing involves simulating real-world attacks on a system or network to identify vulnerabilities and weaknesses. By using these techniques, a penetration tester can assess the security posture of the target and provide recommendations for improvement.

Rate this question:
46.

If an administrator does not have a NIDS examining network traffic, which of the following could be used to identify an active attack?
- A.
  
  Protocol analyzer
- B.
  
  Penetration testing tool
- C.
  
  Network mapper
- D.
  
  Vulnerability scanner
Correct Answer
A. Protocol analyzer

Explanation
A protocol analyzer can be used to identify an active attack if an administrator does not have a NIDS examining network traffic. A protocol analyzer is a tool that captures and analyzes network traffic, allowing the administrator to inspect packets and detect any suspicious or malicious activity. By analyzing the network traffic, the administrator can identify any unusual patterns or behaviors that may indicate an active attack. Therefore, a protocol analyzer can be a useful tool in detecting and investigating potential security breaches in the absence of a NIDS.

Rate this question:
47.

Configuration baselines should be taken at which of the following stages in the deployment of anew system?
- A.
  
  Before initial configuration
- B.
  
  Before loading the OS
- C.
  
  After a user logs in
- D.
  
  After initial configuration
Correct Answer
D. After initial configuration

Explanation
Configuration baselines should be taken after the initial configuration of a new system. This is because the initial configuration involves setting up the system with the necessary hardware, software, and settings. Once this initial configuration is complete, taking a configuration baseline helps establish a reference point for the system's configuration. It allows for future comparisons to identify any changes or deviations from the established baseline. Taking the baseline after the initial configuration ensures that the system is in a stable and functional state before capturing its configuration.

Rate this question:
48.

Which of the following practices should be implemented to harden workstations and servers?
- A.
  
  Log on only as the administrator
- B.
  
  Install only needed software
- C.
  
  Check the logs regularly
- D.
  
  Report all security incidents
Correct Answer
B. Install only needed software

Explanation
Installing only needed software is a recommended practice to harden workstations and servers. By installing only necessary software, the attack surface is reduced, minimizing the potential vulnerabilities that can be exploited by malicious actors. Unnecessary software increases the risk of security breaches as it may contain vulnerabilities or provide additional avenues for attackers to gain unauthorized access. Therefore, installing only needed software helps to enhance the security posture of workstations and servers.

Rate this question:
49.

Which of the following is a mechanism that prevents electromagnetic emanations from beingcaptured?
- A.
  
  Install a repeater
- B.
  
  Uninterruptible power supply (UPS)
- C.
  
  Faraday cage
- D.
  
  Disable SSID broadcast
Correct Answer
C. Faraday cage

Explanation
A Faraday cage is a mechanism that prevents electromagnetic emanations from being captured. It is a sealed enclosure made of conductive material, such as metal, that blocks external electromagnetic fields. The conductive material absorbs and redistributes the electromagnetic energy, preventing it from escaping or entering the cage. This helps to protect sensitive electronic devices from electromagnetic interference and prevents unauthorized access to electromagnetic signals.

Rate this question:
50.

Which of the following describes the difference between a secure cipher and a secure hash?
- A.
  
  A hash produces a variable output for any input size, a cipher does not.
- B.
  
  A cipher produces the same size output for any input size, a hash does not.
- C.
  
  A cipher can be reversed, a hash cannot.
- D.
  
  A hash can be reversed, a cipher cannot.
Correct Answer
C. A cipher can be reversed, a hash cannot.

Explanation
A secure cipher is a cryptographic algorithm that can be reversed or decrypted to obtain the original plaintext from the ciphertext. In contrast, a secure hash function is a one-way function that generates a fixed-size output (hash value) for any input size. The hash function cannot be reversed or decrypted to obtain the original input from the hash value. Therefore, the difference between a secure cipher and a secure hash is that a cipher can be reversed, while a hash cannot.

Rate this question:

CompTIA Security+ (Sy0-201) Quiz 2 Of 4

Which of the following allows for notification when a hacking attempt is discovered?

When dealing with a 10BASE5 network, which of the following is the MOST likely security risk?

Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem?

Which of the following allows for proof that a certain person sent a particular email?

Which of the following uses a key ring?

Which of the following allows for the highest level of security at time of login?

Sending a patch through a testing and approval process is an example of which of the following?

Sending continuous TCP requests to a device and ignoring the return information until the device ceases to accept new connections is an example of which of the following?

Which of the following would use a group of bots to stop a web server from accepting new requests?

Which of the following is the MOST likely to generate static electricity?

Using an asymmetric key cryptography system, where can a technician generate the key pairs?

Which of the following media is the LEAST likely to be successfully tapped into?

Which of the following allows a person to find public wireless access points?

Which of the following allows a file to have different security permissions for users that have the same roles or user groups?

A DMZ has a fake network that a hacker is attacking. Which of the following is this an example of?

A company decides that the purchasing agent and the accounts receivable agent should exchange positions in order to allow for more oversight of past transactions. Which of the following is this an example of?

A user complains that the color laser printer continuously gives an access denied message while attempting to print a text document. The administrator logs onto the PC and prints successfully. Which of the following should the administrator check FIRST?

Which of the following uses a sandbox to manage a programs ability to access system resources?

Which of the following allows a technician to view the security permissions of a file?

A user is denied access to a file. The user had access to the file yesterday. Which of the following is the FIRST action for the technician to take?

A user is convinced that someone is attempting to use their user account at night. Which of the following should an administrator check FIRST in order to prove or disprove this claim?

A user reports that a web based application is not working after a browser upgrade. Before theupgrade, a login box would appear on the screen and disappear after login. The login box doesnot appear after the upgrade. Which of the following BEST describes what to check FIRST?

An intrusion has been detected on a company's network from the Internet. Which of the following should be checked FIRST?

A user needs to verify that a patch file downloaded from a third party has not been modified since the time that the original manufacturer released the patch. Which of the following is the BEST way to verify that the file has not been modified?

A technician suspects that one of the network cards on the internal LAN is causing a broadcast storm. Which of the following would BEST diagnose which NIC is causing this problem?

A user does not understand why the domain password policy is so stringent. Which of thefollowing BEST demonstrates the security basis for the password policy?

A company needs to have multiple servers running low CPU utilization applications. Which of the following is the MOST cost efficient method for accomplishing this?

A programmer creates an application to accept data from a website. A user places moreinformation than the program expects in the input field resulting in the back end database placing the extra information into the database. Which of the following is this an example of?

Which of the following security threats is MOST commonly associated with a targeted distributed denial of service (DDoS)?

A developer added code to a financial system designed to transfer money to a foreign bankaccount on a specific time and date. The code would activate only if human resources processed the developers termination papers. The developer implemented which of the following security threats?

After a system risk assessment was performed it was found that the cost to mitigate the risk was higher than the expected loss if the risk was actualized. In this instance, which of the following is the BEST course of action?

A technician is deciding between implementing a HIDS on the database server or implementing a NIDS. Which of the following are reasons why a NIDS may be better to implement? (Select TWO)

Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a laptop?

Virtualized applications, such as virtualized browsers, are capable of protecting the underlyingoperating system from which of the following?

A flat or simple role-based access control (RBAC) embodies which of the following principles?

A number of unauthorized staff has been entering the data center by piggybacking authorizedstaff. The CIO has mandated that this behavior stops. Which of the following is the BESTtechnology to install at the data center to prevent piggybacking?

Which of the following is a security threat that hides its processes and files from being easilydetected?

Security templates are used for which of the following purposes? (Select TWO).

Frequent signature updates are required by which of the following security applications? (Select TWO).

When choosing an anti-virus product, which of the following are the MOST important securityconsiderations? (Select TWO).

Three generally accepted activities of patch management are: determining which patches areneeded, applying the patches and which of the following?

In which of the following situations would it be appropriate to install a hotfix?

Social engineering, password cracking and vulnerability exploitation are examples of which of the following?

If an administrator does not have a NIDS examining network traffic, which of the following could be used to identify an active attack?

Configuration baselines should be taken at which of the following stages in the deployment of anew system?

Which of the following practices should be implemented to harden workstations and servers?

Which of the following is a mechanism that prevents electromagnetic emanations from beingcaptured?

Which of the following describes the difference between a secure cipher and a secure hash?