CompTIA Security+ (Sy0-201) Quiz 2 Of 4

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Tlamot01
T
Tlamot01
Community Contributor
Quizzes Created: 1 | Total Attempts: 429
| Attempts: 429
SettingsSettings
Please wait...
  • 1/93 Questions

    A user complains that the color laser printer continuously gives an access denied message while attempting to print a text document. The administrator logs onto the PC and prints successfully. Which of the following should the administrator check FIRST?

    • That the printer has the correct size of paper in each of the trays
    • That the toner should be changed in the printer
    • That the user has sufficient rights to print to the printer
    • That the user is attempting to print to the correct printer tray
Please wait...
Security Plus Quizzes & Trivia
About This Quiz

Patience folks, I'm still building this one. Should have it finished this afternoon.

CompTIA Security+ (SY0-201) Practice Exam #2
There will be four tests total (as the method of producing these tests seems to die after about 170 questions are loaded). Goal is four separate test with randomly selected questions so each attempt has a different set of 50 questions per See moreattempt.
There will be roughly 700 questions between all four practice exams. . .
Disclaimer: I have been told from those that have gone to take the actual test that these questions are dissimilar. However, the basic disciplines are covered and should help considerably to pick out key associations between questions and answers


Quiz Preview

  • 2. 

    A user is denied access to a file. The user had access to the file yesterday. Which of the following is the FIRST action for the technician to take?

    • Deny the users request and forward to the human resources department.

    • Reboot the system.

    • Verify that the users permissions are correct.

    • Grant access to the file.

    Correct Answer
    A. Verify that the users permissions are correct.
    Explanation
    The first action for the technician to take is to verify that the user's permissions are correct. This is because the user had access to the file yesterday, indicating that there might be an issue with their permissions. By checking and ensuring that the user has the necessary permissions to access the file, the technician can troubleshoot and resolve any permission-related issues that may have caused the denial of access.

    Rate this question:

  • 3. 

    Which of the following usually applies specifically to a web browser?

    • Antivirus

    • Pop-up blocker

    • Anti-spyware

    • Personal software firewall

    Correct Answer
    A. Pop-up blocker
    Explanation
    A pop-up blocker is a feature that is typically found in web browsers. It is designed to block or prevent pop-up windows from appearing while browsing the internet. These pop-up windows often contain advertisements or other unwanted content, and can be disruptive to the user's browsing experience. By having a pop-up blocker, web browsers can provide a more seamless and uninterrupted browsing experience by blocking these unwanted pop-up windows.

    Rate this question:

  • 4. 

    Which of the following allows a person to find public wireless access points?

    • Weak encryption

    • 8021x

    • SSID broadcast

    • Data emanation

    Correct Answer
    A. SSID broadcast
    Explanation
    SSID broadcast allows a person to find public wireless access points. When a wireless access point broadcasts its SSID (Service Set Identifier), it becomes visible to nearby devices. This allows users to easily identify and connect to the network. While disabling SSID broadcast can enhance security by making the network less visible, it can also make it more difficult for users to find and connect to the network. Therefore, enabling SSID broadcast is commonly used for public wireless access points to ensure easy accessibility for users.

    Rate this question:

  • 5. 

    Which of the following exploits is only triggered by a specific date or time key?

    • Trojan

    • Worm

    • Botnet

    • Logic bomb

    Correct Answer
    A. Logic bomb
    Explanation
    A logic bomb is a type of malicious code that is specifically designed to execute a harmful action when a certain date or time condition is met. It remains dormant until the trigger event occurs, at which point it can delete files, corrupt data, or cause other disruptive actions. Unlike trojans, worms, and botnets, which can be triggered by various events or actions, a logic bomb relies solely on a specific date or time key to activate its malicious payload.

    Rate this question:

  • 6. 

    Which of the following allows for notification when a hacking attempt is discovered?

    • NAT

    • NIDS

    • Netflow

    • Protocol analyzer

    Correct Answer
    A. NIDS
    Explanation
    NIDS (Network-Intrusion Detection System) Passive Response Options:
    Notification communicates intrusion event-related information to the appropriate personnel when an event has occurred. This includes relaying any relevant data about the event to help evaluate the situation. If the IDS is manned full-time, messages can be displayed on the manager's console to indicate that the situation is occurring. (Domain 2.4)

    Rate this question:

  • 7. 

    A DMZ has a fake network that a hacker is attacking. Which of the following is this an example of?

    • Firewall

    • Man-in-the-middle

    • Proxy server

    • Honeypot

    Correct Answer
    A. Honeypot
    Explanation
    A honeypot is a security mechanism that sets up a fake network or system to attract hackers and gather information about their techniques and intentions. In this scenario, the DMZ (Demilitarized Zone) is acting as a honeypot by creating a decoy network that the hacker is attacking. By luring the hacker to the honeypot, security professionals can study the hacker's methods, identify vulnerabilities, and enhance their overall security posture.

    Rate this question:

  • 8. 

    Which of the following would a password cracker help an administrator to find?

    • Weak passwords

    • Expired passwords

    • Locked passwords

    • Backdoor passwords

    Correct Answer
    A. Weak passwords
    Explanation
    A password cracker is a tool used by administrators to test the strength and security of passwords. It helps identify weak passwords that can be easily guessed or cracked by attackers. By using various techniques such as brute-force attacks or dictionary attacks, a password cracker can systematically attempt different combinations of characters and uncover passwords that are vulnerable to unauthorized access.

    Rate this question:

  • 9. 

    Which of the following security threats is MOST commonly associated with a targeted distributed denial of service (DDoS)?

    • Viruses

    • Worms

    • Botnets

    • Trojans

    Correct Answer
    A. Botnets
    Explanation
    A targeted distributed denial of service (DDoS) attack involves overwhelming a target's network or website with a massive amount of traffic, rendering it inaccessible. Botnets, which are networks of compromised computers controlled by a single entity, are commonly associated with DDoS attacks. The attacker can use the botnet to send a flood of traffic to the target, amplifying the impact of the attack. This makes botnets the most commonly associated security threat with targeted DDoS attacks.

    Rate this question:

  • 10. 

    Which of the following BEST applies in the secure disposal of computers?

    • Computers must be configured for automated patch management.

    • Computer media must be sanitized

    • Default passwords must be changed once.

    • Computers must be tested against known TCP/IP vulnerabilities

    Correct Answer
    A. Computer media must be sanitized
    Explanation
    In the secure disposal of computers, it is important to ensure that computer media is sanitized. This means that all data on the media, such as hard drives or flash drives, must be completely erased or destroyed to prevent any sensitive information from being accessed by unauthorized individuals. Sanitizing the media helps to protect against data breaches and identity theft.

    Rate this question:

  • 11. 

    A developer added code to a financial system designed to transfer money to a foreign bankaccount on a specific time and date. The code would activate only if human resources processed the developers termination papers. The developer implemented which of the following security threats?

    • Logic bomb

    • Rootkit

    • Botnet

    • Privilege escalation

    Correct Answer
    A. Logic bomb
    Explanation
    The developer implemented a logic bomb in the financial system. A logic bomb is a malicious code that is inserted into a software system and is triggered by a specific event or condition, in this case, the processing of the developer's termination papers by human resources. Once triggered, the logic bomb would activate and initiate the unauthorized transfer of money to a foreign bank account. This represents a security threat as it could result in financial loss and unauthorized access to sensitive information.

    Rate this question:

  • 12. 

    Which of the following media is the LEAST likely to be successfully tapped into?

    • Unshielded twisted pair cable

    • Coaxial cable

    • Fiber optic cable

    • Shielded twisted pair cable

    Correct Answer
    A. Fiber optic cable
    Explanation
    Fiber, as a media, is relatively secure because it can't be tapped easily. Most known methods of tapping fiber are easily detectable by an IDS. (Domain 2.6)

    Rate this question:

  • 13. 

    The service provided by message authentication code (MAC) hash is:

    • Fault tolerance

    • Key recovery

    • Data recovery

    • Integrity.

    Correct Answer
    A. Integrity.
    Explanation
    The service provided by message authentication code (MAC) hash is integrity. A MAC hash is used to verify the integrity of a message by generating a unique tag or code that is appended to the message. This tag is calculated using a secret key and the message itself, and it ensures that the message has not been tampered with during transmission. By comparing the calculated tag with the received tag, the recipient can verify the integrity of the message and ensure that it has not been modified or corrupted.

    Rate this question:

  • 14. 

    Which of the following is a collection of fixes for an application or operating system that has been tested by the vendor?

    • A security template

    • A service pack

    • A patch

    • A hotfix

    Correct Answer
    A. A service pack
    Explanation
    A service pack is a collection of fixes for an application or operating system that has been tested by the vendor. It typically includes updates, enhancements, and patches to address known issues and vulnerabilities. Service packs are released periodically to provide users with a consolidated and reliable set of updates that can be applied to their systems. They ensure that the software remains up-to-date, secure, and stable, while also improving its performance and functionality.

    Rate this question:

  • 15. 

    Which of the following is a risk associated with a virtual server?

    • If the physical server crashes, all of the local virtual servers go offline immediately

    • If the physical server crashes, all of the physical servers nearby go offline immediately

    • If a virtual server crashes, all of the virtual servers go offline immediately

    • If a virtual server crashes, all of the physical servers go offline immediately

    Correct Answer
    A. If the physical server crashes, all of the local virtual servers go offline immediately
    Explanation
    If the physical server crashes, all of the local virtual servers go offline immediately. This is a risk associated with a virtual server because virtual servers rely on a physical server to host them. If the physical server fails, all of the virtual servers running on it will also fail and become unavailable. This can result in downtime and disruption of services for the virtual servers' users.

    Rate this question:

  • 16. 

    A company decides that the purchasing agent and the accounts receivable agent should exchange positions in order to allow for more oversight of past transactions. Which of the following is this an example of?

    • Least privilege

    • Implicit deny

    • Separation of duties

    • Job rotation

    Correct Answer
    A. Job rotation
    Explanation
    Job rotation is the correct answer because it involves employees switching roles or positions within a company. In this scenario, the purchasing agent and accounts receivable agent are exchanging positions, which allows for a fresh perspective and increased oversight of past transactions. Job rotation can help prevent fraud, increase employee skills and knowledge, and promote a more well-rounded workforce.

    Rate this question:

  • 17. 

    Which of the following is a mechanism that prevents electromagnetic emanations from beingcaptured?

    • Install a repeater

    • Uninterruptible power supply (UPS)

    • Faraday cage

    • Disable SSID broadcast

    Correct Answer
    A. Faraday cage
    Explanation
    A Faraday cage is a mechanism that prevents electromagnetic emanations from being captured. It is a sealed enclosure made of conductive material, such as metal, that blocks external electromagnetic fields. The conductive material absorbs and redistributes the electromagnetic energy, preventing it from escaping or entering the cage. This helps to protect sensitive electronic devices from electromagnetic interference and prevents unauthorized access to electromagnetic signals.

    Rate this question:

  • 18. 

    An anti virus server keeps flagging an approved application that the marketing department hasinstalled on their local computers as a threat. This is an example of:

    • False negative

    • False positive

    • True negative

    • True positive

    Correct Answer
    A. False positive
    Explanation
    This scenario is an example of a false positive. A false positive occurs when a system or software incorrectly identifies something as a threat or error when it is actually safe or valid. In this case, the anti-virus server is flagging an approved application as a threat, which is a false positive because the application is not actually harmful.

    Rate this question:

  • 19. 

    Which of the following allows for the highest level of security at time of login?

    • Single sign-on

    • Two-factor authentication

    • One-factor authentication

    • NTLMv2

    Correct Answer
    A. Two-factor authentication
    Explanation
    Two-factor authentication involves an additional step beyond the normal password (one-factor) entry. Your CAC +PIN is a good example of two-factor method. (Domain 3.7)

    SIDE STUDY
    Single sign-on - passes authentication information to trusted systems after the initial logon by the user.
    One factor-authentication - normally a username and password are all that is required for access.
    NTLMv2 - NTLM (NT LAN Manager) is a suite of Microsoft security protocols that offers authentication, integrity, and confidentiality to users. NTLM is the successor to Microsoft LAN Manager (LANMAN).

    Rate this question:

  • 20. 

    Which of the following would use a group of bots to stop a web server from accepting new requests?

    • DoS

    • DDoS

    • MAC

    • ARP

    Correct Answer
    A. DDoS
    Explanation
    DDoS (Distributed Denial of Service) - a derivative of a DoS attack in which multiple hosts in multiple locations all focus on one target to reduce its availability to the public. (Domain 2.1)

    SIDE STUDY:
    DoS (Denial of Service) - a type of attack that prevents any users - even legitimate ones - from using a system.
    MAC (Media Access Control) - A sublayer of the Data Link layer of the OSI (Open Systems Interconnection) model that controls the way multiple devices use the same media channel. This is a communication protocol, not an attack.
    ARP (Address Resolution Protocol) used to map known IP addresses to unknown physical addresses. This is a communication protocol commonly used by routers.

    Rate this question:

  • 21. 

    Which of the following physical threats is prevented with mantraps?

    • Piggybacking

    • Social engineering

    • Dumpster diving

    • Shoulder surfing

    Correct Answer
    A. Piggybacking
    Explanation
    Mantraps are physical security devices designed to prevent unauthorized access to a secure area. They consist of a small enclosed space with two doors, where the first door must close and lock before the second door can open. This prevents multiple people from entering the secure area by piggybacking, which is when an unauthorized person follows closely behind an authorized person to gain access. Therefore, mantraps are specifically used to prevent piggybacking.

    Rate this question:

  • 22. 

    Which of the following allows for a secure connection to be made through a web browser?

    • L2TP

    • SSH

    • SSL

    • HTTP

    Correct Answer
    A. SSL
    Explanation
    SSL (Secure Sockets Layer) allows for a secure connection to be made through a web browser. It provides encryption and authentication, ensuring that the data transmitted between the web browser and the server is protected from unauthorized access or tampering. SSL is commonly used for secure online transactions, such as e-commerce websites, online banking, and secure login pages. It establishes a secure connection by encrypting the data and verifying the identity of the server, providing a secure and trustworthy communication channel.

    Rate this question:

  • 23. 

    Which of the following is the quickest method to create a secure test server for a programmer?

    • Install a network operating system on new equipment

    • Create a virtual server on existing equipment

    • Install a network operating system on existing equipment

    • Create a virtual server on new equipment

    Correct Answer
    A. Create a virtual server on existing equipment
    Explanation
    Creating a virtual server on existing equipment is the quickest method to create a secure test server for a programmer. This option utilizes the existing equipment, which saves time and resources compared to installing a network operating system on new equipment or existing equipment. Additionally, a virtual server provides a secure environment for testing without affecting the main server or network.

    Rate this question:

  • 24. 

    Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem?

    • A vulnerability scanner

    • Security baselines

    • A port scanner

    • Group policy

    Correct Answer
    A. A vulnerability scanner
    Explanation
    A TCP/IP network makes many of the ports available to outside users through the router. These ports respond in a predictable way. A port scanner can identify which ports are open and the data collected can be fed to a vulnerability scanner, whose job is to identify the known exploits attackers may use on that open port and re-mediate them with patches. (Domain 2.1)

    Rate this question:

  • 25. 

    A user needs to verify that a patch file downloaded from a third party has not been modified since the time that the original manufacturer released the patch. Which of the following is the BEST way to verify that the file has not been modified?

    • Compare the final MD5 hash with the original

    • Download the patch file over an AES encrypted VPN connection

    • Compare the final LANMAN hash with the original

    • Download the patch file through a SSL connection

    Correct Answer
    A. Compare the final MD5 hash with the original
    Explanation
    Comparing the final MD5 hash with the original is the best way to verify that the patch file has not been modified. MD5 is a widely used cryptographic hash function that generates a unique hash value for a given file. By comparing the final MD5 hash of the downloaded patch file with the original MD5 hash provided by the manufacturer, any changes or modifications to the file can be detected. If the hashes match, it ensures the integrity and authenticity of the file, indicating that it has not been tampered with since the manufacturer released it.

    Rate this question:

  • 26. 

    A number of unauthorized staff has been entering the data center by piggybacking authorizedstaff. The CIO has mandated that this behavior stops. Which of the following is the BESTtechnology to install at the data center to prevent piggybacking?

    • Mantrap

    • Security badges

    • Hardware locks

    • Token access

    Correct Answer
    A. Mantrap
    Explanation
    A mantrap is a security device that consists of two interlocking doors or gates. It allows only one person to pass through at a time, preventing unauthorized individuals from piggybacking or following authorized staff into the data center. By installing a mantrap at the data center, the CIO can ensure that only one person is allowed entry at a time, effectively stopping the unauthorized access. This technology provides a physical barrier and enhances the overall security of the data center.

    Rate this question:

  • 27. 

    Sending continuous TCP requests to a device and ignoring the return information until the device ceases to accept new connections is an example of which of the following?

    • TCP/IP hijacking

    • DNS poisoning

    • Kiting

    • DoS

    Correct Answer
    A. DoS
    Explanation
    DoS (Denial of Service) - a type of attack that prevents any users - even legitimate ones - from using a system. (Domain 2.1)

    Rate this question:

  • 28. 

    Which of the following practices should be implemented to harden workstations and servers?

    • Log on only as the administrator

    • Install only needed software

    • Check the logs regularly

    • Report all security incidents

    Correct Answer
    A. Install only needed software
    Explanation
    Installing only needed software is a recommended practice to harden workstations and servers. By installing only necessary software, the attack surface is reduced, minimizing the potential vulnerabilities that can be exploited by malicious actors. Unnecessary software increases the risk of security breaches as it may contain vulnerabilities or provide additional avenues for attackers to gain unauthorized access. Therefore, installing only needed software helps to enhance the security posture of workstations and servers.

    Rate this question:

  • 29. 

    An administrator notices that a PC is sending an unusual amount of email at odd times of the day. Which of the following should the administrator check for FIRST?

    • A S/MIME buffer overflow

    • A POP3 protocol exception

    • DNS poisoning

    • A SMTP open relay

    Correct Answer
    A. A SMTP open relay
    Explanation
    The administrator should check for a SMTP open relay first. An open relay is a misconfigured mail server that allows anyone to use it to send emails, which can be exploited by spammers. If the PC is sending an unusual amount of email at odd times, it could be an indication that it is using an open relay to send spam emails. Checking for an open relay would help identify and resolve this issue.

    Rate this question:

  • 30. 

    When is the correct time to discuss the appropriate use of electronic devices with a newemployee?

    • At time of hire

    • At time of first correspondence

    • At time of departure

    • At time of first system login

    Correct Answer
    A. At time of hire
    Explanation
    The correct time to discuss the appropriate use of electronic devices with a new employee is at the time of hire. This is because it is important to set expectations and guidelines regarding the use of electronic devices from the very beginning of the employment relationship. By discussing this topic at the time of hire, the employer can ensure that the new employee understands the company's policies and expectations regarding the appropriate use of electronic devices in the workplace. This can help to prevent any potential issues or misunderstandings in the future.

    Rate this question:

  • 31. 

    All of the following are where backup tapes should be kept EXCEPT:

    • Near a fiber optic cable entrance.

    • Near a shared LCD screen.

    • Near a power line.

    • Near a high end server

    Correct Answer
    A. Near a power line.
    Explanation
    Backup tapes should not be kept near a power line because it poses a risk of electrical interference or damage to the tapes. Power lines can generate electromagnetic fields that can corrupt or erase the data stored on the tapes. Therefore, it is important to keep backup tapes away from any potential sources of electromagnetic interference to ensure the integrity and reliability of the backup data.

    Rate this question:

  • 32. 

    Which of the following allows for proof that a certain person sent a particular email?

    • Steganography

    • Integrity

    • Trusted Platform Module

    • Non-repudiation

    Correct Answer
    A. Non-repudiation
    Explanation
    Non-repudiation prevents one party from denying actions they carried out. In cryptography, you need non-repudiation to verify that someone is who they report to be.
    Third party organizations called CAs (Certificate Authorities) manage public keys and issue certificates verifying the validity of the sender's message. The verifying aspect serves as non-repudiation' a respected third party vouches for the individual. The goal of any effective cryptography system must include non-repudiation. (Domain 5.1)

    Rate this question:

  • 33. 

    Sending a patch through a testing and approval process is an example of which of the following?

    • Disaster planning

    • Change management

    • Acceptable use policies

    • User education and awareness training

    Correct Answer
    A. Change management
    Explanation
    Change Management - the structured approach that is followed to secure the company's assets. Details here should include the controls that are in place to prevent unauthorized access to, and changes of, all IT assets. (Domain 6.4)

    Rate this question:

  • 34. 

    A technician is working on an end users desktop which has been having performance issues. The technician notices there seems to be a lot of activity on the NIC. A good tool to quickly check the current network connections of the desktop would be:

    • Netops.

    • Lanman.

    • Netstat.

    • Ipconfig /all.

    Correct Answer
    A. Netstat.
    Explanation
    Netstat is a command-line tool that displays active network connections and listening ports on a computer. It provides information about the current network connections, including the protocol, local and remote IP addresses, and the state of the connection. By using netstat, the technician can quickly identify any suspicious or excessive network activity on the desktop, which could be causing the performance issues. This tool allows the technician to diagnose and troubleshoot network-related problems efficiently.

    Rate this question:

  • 35. 

    When dealing with a 10BASE5 network, which of the following is the MOST likely security risk?

    • An incorrect VLAN

    • SSID broadcasting

    • A repeater

    • A vampire tap

    Correct Answer
    A. A vampire tap
    Explanation
    10BASE5 network uses coaxial wire (similar to cable co. wire)as the infrastructure. Although this configuration is mostly phased out in networks, the primary security risk was the use of Vampire Taps. These taps are named based on their physical design, which resembles how a vampire would bite into a wire - using two teeth of different sizes. One taps the braided outer shielding while another longer prong taps the center conductor. Once in place, all data on the net can be stolen with no indication the device is in place. (Domain 2.6)

    Rate this question:

  • 36. 

    Using an asymmetric key cryptography system, where can a technician generate the key pairs?

    • A certificate authority

    • IETF

    • A key escrow service

    • A recovery agent

    Correct Answer
    A. A certificate authority
    Explanation
    CAs are responsible for maintaining certificates in the PKI (Public Key Infrastructure) environment. (Domain 3.7)

    SIDE STUDY:
    IETF (Internet Engineering Task Force) establishes standards and protocols for the Internet.

    Rate this question:

  • 37. 

    After a system risk assessment was performed it was found that the cost to mitigate the risk was higher than the expected loss if the risk was actualized. In this instance, which of the following is the BEST course of action?

    • Accept the risk

    • Mitigate the risk

    • Reject the risk

    • Run a new risk assessment

    Correct Answer
    A. Accept the risk
    Explanation
    In this scenario, accepting the risk is the best course of action because the cost to mitigate the risk is higher than the expected loss if the risk occurs. This means that attempting to mitigate the risk would be more expensive than the potential harm caused by the risk itself. By accepting the risk, the organization acknowledges the potential consequences but decides not to take any further action to prevent or reduce it. This decision is based on a cost-benefit analysis, where it is more cost-effective to accept the risk rather than investing resources in mitigation measures.

    Rate this question:

  • 38. 

    Three generally accepted activities of patch management are: determining which patches areneeded, applying the patches and which of the following?

    • Updating the firewall configuration to include the patches

    • Running a NIDS report to list the remaining vulnerabilities

    • Auditing for the successful application of the patches

    • Backing up the patch file executable to a network share

    Correct Answer
    A. Auditing for the successful application of the patches
    Explanation
    After determining which patches are needed and applying them, the next step in patch management is to audit for the successful application of the patches. This involves verifying that the patches were installed correctly and have effectively resolved the vulnerabilities they were intended to address. This auditing process ensures that the system is secure and protected against potential threats.

    Rate this question:

  • 39. 

    If an administrator does not have a NIDS examining network traffic, which of the following could be used to identify an active attack?

    • Protocol analyzer

    • Penetration testing tool

    • Network mapper

    • Vulnerability scanner

    Correct Answer
    A. Protocol analyzer
    Explanation
    A protocol analyzer can be used to identify an active attack if an administrator does not have a NIDS examining network traffic. A protocol analyzer is a tool that captures and analyzes network traffic, allowing the administrator to inspect packets and detect any suspicious or malicious activity. By analyzing the network traffic, the administrator can identify any unusual patterns or behaviors that may indicate an active attack. Therefore, a protocol analyzer can be a useful tool in detecting and investigating potential security breaches in the absence of a NIDS.

    Rate this question:

  • 40. 

    An administrator is backing up all server data nightly to a local NAS device. Which of the following additional steps should the administrator take for protection from disaster in the case the primary site is permanently lost?

    • Backup all data at a preset interval to tape and store those tapes at a sister site across the street.

    • Backup all data at a preset interval to tape and store those tapes at a sister site in another city

    • Backup all data at a preset interval to removable disk and store the disk in a safety deposit box at the administrators home.

    • Backup all data at a preset interval to removable disk and store the disk in a fireproof safe in the buildings basement

    Correct Answer
    A. Backup all data at a preset interval to tape and store those tapes at a sister site in another city
    Explanation
    Storing the backup tapes at a sister site in another city provides protection from disaster in the case the primary site is permanently lost. This ensures that even if the primary site is completely destroyed, the backup data is safely stored in a different location, minimizing the risk of data loss. Storing the tapes in another city also reduces the chances of both sites being affected by the same disaster event, such as a natural disaster or fire.

    Rate this question:

  • 41. 

    An intrusion has been detected on a company's network from the Internet. Which of the following should be checked FIRST?

    • The firewall logs

    • The DNS logs

    • The access logs

    • The performance logs

    Correct Answer
    A. The firewall logs
    Explanation
    The firewall logs should be checked first because they provide information about all incoming and outgoing network traffic. By analyzing the firewall logs, the company can identify any suspicious or unauthorized activity that may have occurred during the intrusion. This can help in understanding the nature of the attack and taking appropriate measures to mitigate it. DNS logs, access logs, and performance logs may also be useful in investigating the intrusion, but checking the firewall logs is the most crucial initial step.

    Rate this question:

  • 42. 

    An administrator notices on the monthly firewall log that many of the internal PCs are sendingpackets on a routine basis to a single external PC. Which of the following BEST describes what is occurring?

    • The remote PC has a spam slave application running and the local PCs have a spam master application running.

    • The remote PC has a zombie master application running and the local PCs have a zombie slave application running.

    • The remote PC has a spam master application running and the local PCs have a spam slave application running.

    • The remote PC has a zombie slave application running and the local PCs have a zombie master application running.

    Correct Answer
    A. The remote PC has a zombie master application running and the local PCs have a zombie slave application running.
    Explanation
    The correct answer is that the remote PC has a zombie master application running and the local PCs have a zombie slave application running. This means that the remote PC is controlling the local PCs and using them to send packets to a single external PC. This is a common tactic used in botnets, where a network of compromised computers is controlled by a central command server. The local PCs have been infected with a zombie slave application, which allows the remote PC to control their actions without the user's knowledge.

    Rate this question:

  • 43. 

    A user reports that a web based application is not working after a browser upgrade. Before theupgrade, a login box would appear on the screen and disappear after login. The login box doesnot appear after the upgrade. Which of the following BEST describes what to check FIRST?

    • That the software based firewall application trusts this site

    • That the pop-up blocker application trusts this site

    • That the anti-virus application trusts this site

    • That the anti-spam application trusts this site

    Correct Answer
    A. That the pop-up blocker application trusts this site
    Explanation
    The most likely reason for the login box not appearing after a browser upgrade is that the pop-up blocker application is blocking it. Pop-up blockers are designed to prevent unwanted pop-up windows from appearing, but sometimes they can mistakenly block legitimate ones. Therefore, the first thing to check would be if the pop-up blocker application is configured to allow pop-ups from the specific website.

    Rate this question:

  • 44. 

    Which of the following describes the difference between a secure cipher and a secure hash?

    • A hash produces a variable output for any input size, a cipher does not.

    • A cipher produces the same size output for any input size, a hash does not.

    • A cipher can be reversed, a hash cannot.

    • A hash can be reversed, a cipher cannot.

    Correct Answer
    A. A cipher can be reversed, a hash cannot.
    Explanation
    A secure cipher is a cryptographic algorithm that can be reversed or decrypted to obtain the original plaintext from the ciphertext. In contrast, a secure hash function is a one-way function that generates a fixed-size output (hash value) for any input size. The hash function cannot be reversed or decrypted to obtain the original input from the hash value. Therefore, the difference between a secure cipher and a secure hash is that a cipher can be reversed, while a hash cannot.

    Rate this question:

  • 45. 

    All of the following require periodic updates to stay accurate EXCEPT:

    • Signature based HIDS

    • Pop-up blocker applications

    • Anti virus applications

    • Rootkit detection applications

    Correct Answer
    A. Pop-up blocker applications
    Explanation
    Pop-up blocker applications do not require periodic updates to stay accurate. Once installed, they can effectively block pop-up ads without the need for regular updates. On the other hand, signature-based HIDS, antivirus applications, and rootkit detection applications need to be updated regularly to stay effective against new threats and vulnerabilities. These updates ensure that the software has the latest virus definitions, signatures, and detection techniques to identify and protect against emerging threats.

    Rate this question:

  • 46. 

    Configuration baselines should be taken at which of the following stages in the deployment of anew system?

    • Before initial configuration

    • Before loading the OS

    • After a user logs in

    • After initial configuration

    Correct Answer
    A. After initial configuration
    Explanation
    Configuration baselines should be taken after the initial configuration of a new system. This is because the initial configuration involves setting up the system with the necessary hardware, software, and settings. Once this initial configuration is complete, taking a configuration baseline helps establish a reference point for the system's configuration. It allows for future comparisons to identify any changes or deviations from the established baseline. Taking the baseline after the initial configuration ensures that the system is in a stable and functional state before capturing its configuration.

    Rate this question:

  • 47. 

    Which of the following is the MOST intrusive on a network?

    • Penetration testing

    • Protocol analyzers

    • Port scanners

    • Vulnerability testing

    Correct Answer
    A. Penetration testing
    Explanation
    Penetration testing is the most intrusive on a network compared to the other options. Penetration testing involves actively attempting to exploit vulnerabilities in a network or system to identify potential security weaknesses. This testing simulates real-world attacks and can involve various techniques like exploiting software vulnerabilities, brute-force attacks, or social engineering. In contrast, protocol analyzers, port scanners, and vulnerability testing are less intrusive methods used to analyze network traffic, identify open ports, and assess system vulnerabilities respectively, without actively attempting to exploit them.

    Rate this question:

  • 48. 

    Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a laptop?

    • Remote access user connecting via SSL VPN

    • Office laptop connected to the enterprise LAN

    • Remote access user connecting via corporate dial-in server

    • Office laptop connected to a home users network

    Correct Answer
    A. Office laptop connected to a home users network
    Explanation
    Using a personal software firewall on an office laptop connected to a home user's network is most likely to benefit because home networks typically have less security measures in place compared to enterprise LANs. The personal software firewall can provide an additional layer of protection by monitoring and controlling incoming and outgoing network traffic, preventing unauthorized access and potential attacks from the home network.

    Rate this question:

  • 49. 

    To evaluate the security compliance of a group of servers against best practices, which of thefollowing BEST applies?

    • Get a patch management report.

    • Conduct a penetration test.

    • Run a vulnerability assessment tool.

    • Install a protocol analyzer

    Correct Answer
    A. Run a vulnerability assessment tool.
    Explanation
    To evaluate the security compliance of a group of servers against best practices, the best approach would be to run a vulnerability assessment tool. This tool will scan the servers and identify any vulnerabilities or weaknesses in their security measures. By running a vulnerability assessment, organizations can proactively identify and address potential security risks before they are exploited by attackers. This helps in ensuring that the servers are in line with the best security practices and helps in maintaining a secure environment. Conducting a penetration test would also be beneficial, but it is more focused on actively exploiting vulnerabilities to assess the effectiveness of the security measures.

    Rate this question:

Quiz Review Timeline (Updated): Mar 21, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Oct 06, 2010
    Quiz Created by
    Tlamot01
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.