CompTIA Security+ (SY0-201)

1. Which of the following might an attacker resort to in order to recover discarded company
documents?

Phishing

Insider theft

Dumpster diving

Shoulder surfing

2. Which of the following attacks can be caused by a user being unaware of their physical
surroundings?

ARP poisoning

Phishing

Shoulder surfing

Man-in-the-middle

3. Which of the following is commonly used in a distributed denial of service (DDOS) attack?

Phishing

Adware

Botnet

Trojan

4. Which of the following type of strategies can be applied to allow a user to enter their user name and password once in order to authenticate to multiple systems and applications?

Two-factor authentication

Single sign-on

Smart card

Biometrics

5. Which of the following is an attack that is triggered by a specific event or by a date?

Logic bomb

Spam

Rootkit

Privilege escalation

6. Which of the following is a true statement with regards to a NIDS?

A NIDS monitors and analyzes network traffic for possible intrusions.

A NIDS is installed on the proxy server.

A NIDS prevents certain types of traffic from entering a network.

A NIDS is normally installed on the email server.

7. After registering an email address on a website, a user starts receiving messages from unknown sources. The email account is new, and therefore the user is concerned. This type of message traffic is referred to as:

Instant message traffic

SPIM.

S/MIME

Spam.

8. Which of the following is the primary purpose of a honeypot?

Translate addresses at the perimeter

To provide a decoy target on the network

Provide cryptography for the network

Work as a network proxy

9. While conducting a review of the system logs, a user had attempted to log onto the network over 250 times. Which of the following type of attacks is MOST likely occurring?

Brute force

Phishing

Spamming

DNS spoofing

10. The RAS logs on a server show 100 errors in a two minute time period from an attempt to access an account. The error log shows unknown username or password. Which of the following is this an example of?

The local firewall is blocking GRE packets.

An unauthorized attempt to access the server.

The end users ISP is having issues with packet loss

One of the users forgot their password and kept trying to login.

This is an example of a brute-force attack. An automated bot or possible bot-net is attempting random user-name and password combination multiple times per second - a rate much too high for a human to initiate. (Domain 2.5)

Explanation

This is an example of a brute-force attack. An automated bot or possible bot-net is attempting random user-name and password combination multiple times per second - a rate much too high for a human to initiate. (Domain 2.5)

11. Which of the following is a publication of inactivated user certificates?

Certificate revocation list

Certificate suspension

Recovery agent

Certificate authority

12. Password crackers are generally used by malicious attackers to:

Verify system access

Facilitate penetration testing

Gain system access

Sniff network passwords

13. Which of the following is a collection of patches?

A security template

A service pack

A security hotfix

A security baseline

14. End users are complaining about receiving a lot of email from online vendors and pharmacies.Which of the following is this an example of?

Trojan

Spam

Phishing

DNS Poisoning

15. Which of the following access control methods grants permissions based on the users position in the company?

Mandatory Access Control (MAC)

Rule-Based Access control (RBAC)

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

16. Which of the following is a method of encrypting email?

S/MIME

SMTP

L2TP

VPN

17. If a user attempts to go to a website and notices the URL has changed, which of the following
attacks is MOST likely the cause?

DLL injection

DDoS attack

DNS poisoning

ARP poisoning

18. Which of the following methods is used to perform denial of service (DoS) attacks?

Privilege escalation

Botnet

Adware

Spyware

19. A technician is reviewing the logical access control method an organization uses. One of the
senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request?

Enforce Kerberos

Deploy smart cards

Time of day restrictions

Access control lists

20. A technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which of the following will help determine the amount of CPU cycles that are being consumed?

Install HIDS to determine the CPU usage

Run performance monitor to evaluate the CPU usage.

Install malware scanning software.

Use a protocol analyzer to find the cause of the traffic.

21. A user has decided that they do not want an internal LAN segment to use public IP addresses. The user wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the Internet. Which of the following does the user want to implement?

IPSec

NAT

SSH

SFTP

22. An administrator wants to ensure that that no equipment is damaged when there is a fire or false alarm in the server room. Which of the following type of fire suppression systems should be used?

Carbon Dioxide

Hydrogen Peroxide

Wet pipe sprinkler

Deluge sprinkler

23. Which of the following is a best practice to prevent users from being vulnerable to social
engineering?

Have a solid acceptable use policy in place with a click through banner.

Provide thorough and frequent user awareness training

Have a user sign both the acceptable use policy and security based HR policy

Provide a service level agreement that addresses social engineering issues

You should have a high level of confidence that the correct preventative procedures are in place, and the best way to obtain that confidence is to periodically check them against your users. This can be impromptu or via structured training courses. (Domain 6.6)

Explanation

You should have a high level of confidence that the correct preventative procedures are in place, and the best way to obtain that confidence is to periodically check them against your users. This can be impromptu or via structured training courses. (Domain 6.6)

24. How should a company test the integrity of its backup data?

By conducting another backup

By using software to recover deleted files

By restoring part of the backup

By reviewing the written procedures

25. Which of the following logical access controls would be MOST appropriate to use when creating an account for a temporary worker?

ACL

Account expiration

Time of day restrictions

Logical tokens

26. Which of the following is the MOST secure alternative for administrative access to a router?

SSH

Telnet

Rlogin

HTTP

27. An administrator is implementing a public website and they want all client connections to the
server to be encrypted via their web browser. Which of the following should be implemented?

SSL

SHA-1

Blowfish

3DES

28. Which of the following is the main objective of steganography?

Message digest

Encrypt information

Hide information

Data integrity

29. Which of the following access control methods includes switching work assignments at preset
intervals?

Job rotation

Mandatory vacations

Least privilege

Separation of duties

30. Which of the following threats is the MOST difficult to detect and hides itself from the operating
system?

Rootkit

Adware

Spyware

Spam

31. When is the BEST time to update anti-virus definitions?

At least once a week as part of system maintenance

As the definitions become available from the vendor

When a new virus is discovered on the system

When an attack occurs on the network

32. A technician is testing the security of a new database application with a website front-end. The technician notices that when certain characters are input into the application it will crash the server. Which of the following does the technician need to do?

Utilize SSL on the website

Implement an ACL

Lock-down the database

Input validation

33. Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment?

Water

Carbon Dioxide

Halon

Foam

34. Which of the following allows devices attached to the same switch to have separate broadcast
domains?

NAT

DMZ

NAC

VLAN

VLAN (Virtual Local Area Network) allows you to create groups of users and systems and segment them on the network. This segmentation lets you hide segments of the network from other segments and thereby control access.
Think of a VLAN as a network of hosts that act as if they're connected by a physical wire even though there is no such wire between them. (Domain 2.2)

Explanation

VLAN (Virtual Local Area Network) allows you to create groups of users and systems and segment them on the network. This segmentation lets you hide segments of the network from other segments and thereby control access.
Think of a VLAN as a network of hosts that act as if they're connected by a physical wire even though there is no such wire between them. (Domain 2.2)

35. Which of the following allows for proof that a certain person sent a particular email?

Steganography

Integrity

Trusted Platform Module€

Non-repudiation

36. Which of the following risks would be reduced by implementing screen filters?

Replay attacks

Phishing

Man-in-the-middle attacks

Shoulder surfing

37. A malware incident has just been detected within a company. Which of the following should be the administrators FIRST response?

Removal

Containment

Recovery

Monitor

38. A user is redirected to a different website when the user requests the DNS record
www.xyz.comptia.com. Which of the following is this an example of?

DNS poisoning

DoS

DNS caching

Smurf attack

39. Which of the following is a CRL composed of?

Public Key Infrastructure (PKI)

Expired or revoked certificates

Certificate authorities

Expired user accounts

40. An administrator wants to replace telnet with a more secure protocol to manage a network device. Which of the following should be implemented on the network?

SMTP

SNMP

SFTP

SSH

41. Which of the following is a software bundle containing multiple security fixes?

Patch management

A hotfix

Service pack

A patch

42. Which of the following is the BEST place where the disaster recovery plan should be kept?

Printed out and kept in the desk of the CIO

At multiple off-site locations

Multiple copies printed out and kept in the server room

On the network file server

Although all of the local storage sites are acceptable locations, it is important to avoid keeping all you eggs in one basket, which is the primary reason for offsite recovery facilities whether in the form of a cold, warm, or hot standby configuration. The DRP should be accessible at all locations that house the equipment necessary for recovery. (Domain 6.2)

Explanation

Although all of the local storage sites are acceptable locations, it is important to avoid keeping all you eggs in one basket, which is the primary reason for offsite recovery facilities whether in the form of a cold, warm, or hot standby configuration. The DRP should be accessible at all locations that house the equipment necessary for recovery. (Domain 6.2)

43. How many keys are utilized with asymmetric cryptography?

One

Two

Five

Seven

44. Which of the following is a single server that is setup in the DMZ or outer perimeter in order to distract attackers?

Honeynet

DMZ

Honeypot

VLAN

45. Which of the following ensures a user cannot deny having sent a message?

Availability

Integrity

Non-repudiation

Confidentiality

46. An administrator has developed an OS install that will implement the tightest security controls
possible. In order to quickly replicate these controls on all systems, which of the following should be established?

Take screen shots of the configuration options.

Create an image from the OS install.

Create a boot disk for the operating system.

Implement OS hardening procedures.

47. Which of the following is an installable package that includes several patches from the same
vendor for various applications?

Hotfix

Patch template

Service pack

Patch rollup

48. Which of the following provides the MOST comprehensive redundancy for an entire site with the least downtime?

A warm site

A cold site

A mobile site

A hot site

An alternative site can be a hot site, a warm site, or a cold site.
Hot Site - a location that can provide operations within hours of a failure. All equipment and software is pre-configured to be instantly available to the network. Databases are synced in real time and operational data is backed up on a regular basis, ensuring the least amount of down-time and data dissimilarities. Hot sites can also double as off-site storage facilities, providing immediate access to archives and backup media. Very expensive to implement and maintain because all hardware and software costs are typically doubled.

Explanation

An alternative site can be a hot site, a warm site, or a cold site.
Hot Site - a location that can provide operations within hours of a failure. All equipment and software is pre-configured to be instantly available to the network. Databases are synced in real time and operational data is backed up on a regular basis, ensuring the least amount of down-time and data dissimilarities. Hot sites can also double as off-site storage facilities, providing immediate access to archives and backup media. Very expensive to implement and maintain because all hardware and software costs are typically doubled.

49. Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem?

A vulnerability scanner

Security baselines

A port scanner

Group policy

A vulnerability scanner is a tool used to scan a target system for known holes, weaknesses, or vulnerabilities. These automated tools have a database of attacks, probes, and scripts that are run against systems in a controlled manner. (Domain 4.2)

Explanation

A vulnerability scanner is a tool used to scan a target system for known holes, weaknesses, or vulnerabilities. These automated tools have a database of attacks, probes, and scripts that are run against systems in a controlled manner. (Domain 4.2)

50. An administrator has implemented a new SMTP service on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the servers public IP address is now reported in a spam real-time block list.Which of the following is wrong with the server?

SMTP open relaying is enabled

It does not have a spam filter

The amount of sessions needs to be limited

The public IP address is incorrect

51. A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production application server, which of the following processes should be followed?

Change management

Secure disposal

Password complexity

Chain of custody

52. Which of the following describes the process of securely removing information from media (e. g. hard drive) for future use?

Reformatting

Destruction

Sanitization

Deleting

53. Which of the following specifies a set of consistent requirements for a workstation or server?

Vulnerability assessment

Imaging software

Patch management

Configuration baseline

54. Users do not want to enter credentials to each server or application to conduct their normal work. Which of the following type of strategies will resolve this issue?

Smart card

Two-factor authentication

Biometrics

SSO

SSO (Single Sign-On)- Passes previously established two-factor authentication credentials on to all applications and systems that the user requires access to in a given authenticated session (Domain 3.6)

Explanation

SSO (Single Sign-On)- Passes previously established two-factor authentication credentials on to all applications and systems that the user requires access to in a given authenticated session (Domain 3.6)

55. Which of the following allows for notification when a hacking attempt is discovered?

NAT

NIDS

Netflow

Protocol analyzer

NIDS (Network-based Intrusion Detection System) - a system attached to the network that monitors and captures events to determine if an intrusion is occurring. (Domain 2.3)

Explanation

NIDS (Network-based Intrusion Detection System) - a system attached to the network that monitors and captures events to determine if an intrusion is occurring. (Domain 2.3)

56. Which of the following is a reason why a company should disable the SSID broadcast of the wireless access points?

Rogue access points

War driving

Weak encryption

Session hijacking

57. During a risk assessment it is discovered that only one system administrator is assigned several tasks critical to continuity of operations. It is recommended to cross train other system administrators to perform these tasks and mitigate which of the following risks?

DDoS

Privilege escalation

Disclosure of PII

Single point of failure

58. An administrator is trying to secure a network from threats originating outside the network. Which of the following devices provides protection for the DMZ from attacks launched from the Internet?

Antivirus

Content filter

Firewall

Proxy server

59. Which of the following should be implemented to have all workstations and servers isolated in their own broadcast domains?

VLANs

NAT

Access lists

Intranet

60. An administrator wants to setup their network with only one public IP address. Which of the
following would allow for this?

DMZ

VLAN

NIDS

NAT

61. Why would a technician use a password cracker?

To look for weak passwords on the network

To change a users passwords when they leave the company

To enforce password complexity requirements

To change users passwords if they have forgotten them

62. Which of the following is the primary purpose of a CA?

LANMAN validation

Encrypt data

Kerberos authentication

Issue private/public keys

63. How should a company test the integrity of its backup data?

By conducting another backup

By using software to recover deleted files

By restoring part of the backup

By reviewing the written procedures

64. Which of the following will propagate itself without any user interaction?

Worm

Rootkit

Trojan

Virus

65. Which of the following principles should be applied when assigning permissions?

Most privilege

Least privilege

Rule based

Role based

66. Which of the following is a security threat when a new network device is configured for first-time installation?

Attacker privilege escalation

Installation of a back door

Denial of Service (DoS)

Use of default passwords

67. Which of the following allows for the highest level of security at time of login?

Single sign-on

Two-factor authentication

One-factor authentication

NTLMv2

68. Which of the following allows an attacker to manipulate files by using the least significant bit(s) to secretly embed data?

Steganography

Worm

Trojan horse

Virus

69. Which of the following would be BEST to use to apply corporate security settings to a device?

A security patch

A security hotfix

An OS service pack

A security template

70. Which of the following practices is MOST relevant to protecting against operating system security flaws?

Network intrusion detection

Patch management

Firewall configuration

Antivirus selection

71. Which of the following would be MOST useful to determine why packets from a computer outside the network are being dropped on the way to a computer inside the network?

HIDS log

Security log

Firewall log

System log

72. After issuance a technician becomes aware that some keys were issued to individuals who are not authorized to use them. Which of the following should the technician use to correct this problem?

Recovery agent

Certificate revocation list

Key escrow

Public key recovery

73. Which of the following is the BEST tool for allowing users to go to approved business-related
websites only?

Internet content filter

Firewall

ACL

Caching server

74. Accessing a system or application using permissions from another users account is a form of
which of the following?

Phishing

Domain kiting

ARP spoofing

Privilege escalation

75. Which of the following network tools would provide the information on what an attacker is doing to compromise a system?

Proxy serverl

Honeypot

Internet content filters

Firewall

76. An administrator suspects that files are being copied to a remote location during off hours. The file server does not have logging enableD. Which of the following logs would be the BEST place to look for information?

Intrusion detection logs

Firewall logs

Antivirus logs

DNS logs

77. Which of the following access control methods gives the owner control over providing
permissions?

Role-Based Access Control (RBAC)

Rule-Based Access control (RBAC)

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

78. Which of the following allows an attacker to hide the presence of malicious code by altering the systems process and registry entries?

Logic bomb

Worm

Trojan

Rootkit

79. Which of the following should a technician review when a user is moved from one department to another?

User access and rights

Data storage and retention policies

Users group policy

Acceptable usage policy

80. A company's website allows customers to search for a product and display the current price and quantity available of each product from the production database. Which of the following would invalidate an SQL injection attack launched from the look-up field at the web server level?

Security template

Buffer overflow protection

NIPS

Input validation

81. A company wants to host public servers on a new network. These servers will include a website and mail server.Which of the following should be implemented on the network to isolate these public hosts from the rest of the network?

IPv6

IPSec

DMZ

VLAN

82. Which of the following can reduce the risk associated with password guessing attacks? (Select TWO).

Implement single sign-on.

Implement shared passwords

Implement account-lockout thresholds.

Implement shadow passwords.

Implement stronger password complexity policies.

Submit

83. Antivirus software products detect malware by comparing the characteristics of known instances against which of the following type of file sets?

Signature

Text

NIDS signature

Dynamic Library

84. When deploying 50 new workstations on the network, which of following should be completed FIRST?

Install a word processor

Run the latest spyware

Apply the baseline configuration

Run OS updates

85. Which of the following technologies can be used as a means to isolate a host OS from some types of security threats?

Intrusion detection

Virtualization

Kiting

Cloning

86. An unauthorized user intercepted a users password and used this information to obtain the
company's administrator password. The unauthorized user can use the administrators password to access sensitive information pertaining to client data. Which of the following is this an example of?

Session hijacking

Least privilege

Privilege escalation

Network address translation

87. An administrator notices that former temporary employees accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?

Run a last logon script to look for inactive accounts

Implement an account expiration date for temporary employees

Implement a password expiration policy

Implement time of day restrictions for all temporary employees

Every account should be configured to expire. As the account continues to be used, the expiration should be deferred, but any account not being used should be allowed to expire. (Domain 3.5)

Explanation

Every account should be configured to expire. As the account continues to be used, the expiration should be deferred, but any account not being used should be allowed to expire. (Domain 3.5)

88. When dealing with a 10BASE5 network, which of the following is the MOST likely security risk?

An incorrect VLAN

SSID broadcasting

A repeater

A vampire tap

10Base5 is a Coaxial medium based network. A vampire tap is a vulnerability of the coax medium that uses a type of connection device that hooks directly into the coax wire by piercing the outer sheath and attaching a small wire to the center conductor or core. Its naming comes from the device resembling vampire fangs. (Domain 2.6)

Explanation

10Base5 is a Coaxial medium based network. A vampire tap is a vulnerability of the coax medium that uses a type of connection device that hooks directly into the coax wire by piercing the outer sheath and attaching a small wire to the center conductor or core. Its naming comes from the device resembling vampire fangs. (Domain 2.6)

89. Which of following can BEST be used to determine the topology of a network and discover unknown devices?

Vulnerability scanner

NIPS

Protocol analyzer

Network mapper

90. When should a technician perform penetration testing?

When the technician suspects that weak passwords exist on the network

When the technician is trying to guess passwords on a network

When the technician has permission from the owner of the network

When the technician is war driving and trying to gain access

91. Which of the following improves security in a wireless system?

IP spoofing

MAC filtering

SSID spoofing

Closed network

92. Which of the following allows a technician to correct a specific issue with a solution that has not been fully tested?

Patch

Hotfix

Security roll-up

Service pack

93. Which of the following can be used as a means for dual-factor authentication?

RAS and username/password

RADIUS and L2TP

LDAP and WPA

Iris scan and proximity card

94. Sending a patch through a testing and approval process is an example of which of the following?

Disaster planning

Change management

Acceptable use policies

User education and awareness training

95. Which of the following would an attacker use to footprint a system?

RADIUS

Password cracker

Port scanner

Man-in-the-middle attack

96. A technician wants to regulate and deny traffic to websites that contain information on hacking.Which of the following would be the BEST solution to deploy?

Internet content filter

Proxy

Protocol analyzer

NIDS

97. Which of the following BEST describes the term war driving?

Driving from point to point with a laptop and an antenna to find unsecured wireless access points.

Driving from point to point with a wireless scanner to read other users emails through the access point.

Driving from point to point with a wireless network card and hacking into unsecured wireless access points.

Driving from point to point with a wireless scanner to use unsecured access points.

98. Which of the following tools would be used to review network traffic for clear text passwords?

Port scanner

Protocol analyzer

Firewall

Password cracker

99. Sending continuous TCP requests to a device and ignoring the return information until the device ceases to accept new connections is an example of which of the following?

TCP/IP hijacking

DNS poisoninging

Kiting

DoS

100. An administrator wants to proactively collect information on attackers and their attempted methods of gaining access to the internal network. Which of the following would allow the administrator to do this?

NIPS

Honeypot

DMZ

NIDS

101. If a certificate has been compromised, which of the following should be done?

Run the recovery agent

Put the certificate on the CRL.

Put the certificate in key escrow.

Suspend the certificate for further investigation.

102. Which of the following is the BEST way to reduce the number of accounts a user must maintain?

Kerberos

CHAP

SSO

MD5

103. A technician is implementing a new wireless network for an organization. The technician should be concerned with all of the following wireless vulnerabilities EXCEPT:

Rogue access points

802.11 mode.

Weak encryption

SSID broadcasts

104. Which of the following creates a security buffer zone between two rooms?

Mantrap

DMZ

Turnstile

Anti-pass back

105. Which of the following is a list of discrete entries that are known to be benign?

Whitelist

Signature

Blacklist

ACL

106. Which of the following allows an attacker to embed a rootkit into a picture?

Trojan horse

Worm

Steganography

Virus

107. Which of the following is a way to logically separate a network through a switch?

Spanning port

Subnetting

VLAN

NAT

108. Which of the following is a reason to implement security logging on a DNS server?

To monitor unauthorized zone transfers

To measure the DNS server performance

To perform penetration testing on the DNS server

To control unauthorized DNS DoS

109. Which of the following is considered the weakest encryption?

AES

DES

SHA

RSA

110. Which of the following statements BEST describes the implicit deny concept?

Blocks everything and only allows privileges based on job description

Blocks everything and only allows explicitly granted permissions

Blocks everything and only allows the minimal required privileges

Blocks everything and allows the maximum level of permissions

111. All of the following provide confidentiality protection as part of the underlying protocol EXCEPT:

SSL

SSH

L2TP

IPSec

112. Which of the following BEST describes a private key in regards to asymmetric encryption?

The key owner has exclusive access to the private key

Everyone has access to the private key on the CA

Only the CA has access to the private key

The key owner and a recipient of an encrypted email have exclusive access to the private key

113. Which of the following is the LEAST intrusive way of checking the environment for known software flaws?

Protocol analyzer

Vulnerability scanner

Port scanner

Penetration test

114. During the implementation of LDAP, which of the following will typically be changed within the
organizations software programs?

IP addresses

Authentication credentials

Non-repudiation policy

Network protocol

115. How would a technician implement a security patch in an enterprise environment?

Download the patch from the vendors secure website and install it on the most vulnerable workstation.

Download the patch from the vendors secure website, test the patch and install it on all workstations.

Download the patch from the vendors secure website and install it as needed.

Download the patch from the Internet, test the patch and install it on all of the production servers.

116. Users on a network report that they are receiving unsolicited emails from an email address that
does not change. Which of the following steps should be taken to stop this from occurring?

Configure a rule in each users router and restart the router.

Configure rules on the users host and restart the host.

Install an anti-spam filter on the domain mail servers and filter the email address.

Install an ACL on the firewall to block traffic from the sender and filter the IP address.

117. Which of the following is a common practice in forensic investigation?

Performing a Gutman sanitization of the drive

Performing a binary copy of the systems storage media

Performing a file level copy of the systems storage media

Performing a sanitization of the drive

A binary copy ensures that every bit of data is copied from the drive, while a file level copy might not capture hidden or system files. You do not want to sanitize a drive under forensic investigation because this would delete all trace of data when your objective is to retrieve and analyze data.
(Domain 6.3)

Explanation

A binary copy ensures that every bit of data is copied from the drive, while a file level copy might not capture hidden or system files. You do not want to sanitize a drive under forensic investigation because this would delete all trace of data when your objective is to retrieve and analyze data.
(Domain 6.3)

118. Which of the following type of attacks would allow an attacker to capture HTTP requests and send back a spoofed page?

Teardrop

TCP/IP hijacking

Phishing

Replay

119. Which of the following may be an indication of a possible system compromise?

A port monitor utility shows that there are many connections to port 80 on the Internet facing web server.

A performance monitor indicates a recent and ongoing drop in speed, disk space or memory utilization from the baseline.

A protocol analyzer records a high number of UDP packets to a streaming media server on the Internet.

The certificate for one of the web servers has expired and transactions on that server begins to drop rapidly.

120. Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives.Which of the following mitigation techniques would address this concern? (Select TWO).

Disable the USB root hub within the OS.

Install anti-virus software on the USB drives.

Disable USB within the workstations BIOS.

Apply the concept of least privilege to USB devices.

Run spyware detection against all workstations.

Submit

121. Which of the following is done to ensure appropriate personnel have access to systems and
networks? (Select TWO).

Conduct periodic penetration testing assessments.

Conduct periodic personnel employment verifications.

Conduct rights review of users and groups.

Conduct virus scan.

Conduct vulnerability assessments.

Submit

122. A user was trying to update an open file but when they tried to access the file they were denied. Which of the following would explain why the user could not access the file?

Audit only access

Execute only access

Rights are not set correctly

Write only access

123. Which of the following is a best practice for coding applications in a secure manner?

Input validation

Object oriented coding

Rapid Application Development (RAD)

Cross-site scriptings

124. Which of the following is established immediately upon evidence seizure?

Start the incident respond plan

Damage and loss control

Chain of custody

Forensic analysis

Chain of Custody - the log of the history of evidence that has been collected.
An important concept to keep in mind when working with incidents is the chain of custody. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been. The evidence must always be within your custody, or you're open to dispute about whether it has been tampered with. (Domain 6.3)

Explanation

Chain of Custody - the log of the history of evidence that has been collected.
An important concept to keep in mind when working with incidents is the chain of custody. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been. The evidence must always be within your custody, or you're open to dispute about whether it has been tampered with. (Domain 6.3)

125. On which of the following is a security technician MOST likely to find usernames?

DNS logs

Application logs

Firewall logs

DHCP logs

126. After implementing file auditing, which of the following logs would show unauthorized usage
attempts?

Performance

System

Security

Application

127. Which of the following type of attacks requires an attacker to sniff the network?

Man-in-the-Middle

DDoS attack

MAC flooding

DNS poisoning

128. Which of the following actions should be performed upon discovering an unauthorized wireless
access point attached to a network?

Unplug the Ethernet cable from the wireless access point.

Enable MAC filtering on the wireless access point.

Change the SSID on the wireless access point.

Run a ping against the wireless access point.

129. An administrator in a small office environment has implemented an IDS on the network perimeter to detect malicious traffic patterns. The administrator still has a concern about traffic inside the network originating between client workstations. Which of the following could be implemented?

HIDS

A VLAN

A network router

An access list

130. A company uses a policy of assigning passwords to users, by default the passwords are based off of the word $ervicexx, where xx is the last two numbers of the users cell phone number. The users are not required to change this password. Which of the following is this an example of?

Default accounts

Known plain text

Back door

Weak passwords

Although the password seems to meet complexity requirements, it is based off a dictionary word. It is also unwise to assign all new user accounts a similar password or not require the user to change the password on initial log on.

Explanation

Although the password seems to meet complexity requirements, it is based off a dictionary word. It is also unwise to assign all new user accounts a similar password or not require the user to change the password on initial log on.

131. Which of the following authentication methods would MOST likely prevent an attacker from being able to successfully deploy a replay attack?

TACACS

RAS

RADIUS

Kerberos

132. Which of the following algorithms is the LEAST secure?

NTLM

MD5

LANMAN

SHA-1

133. Which of the following properly describes penetration testing?

Penetration tests are generally used to scan the network and identify open ports

Penetration tests are generally used to map the network and grab banners

Penetration tests are generally used to exploit a weakness without permission and show how an attacker might compromise a system

Penetration tests are generally used to demonstrate a weakness in a system and then provide documentation on the weakness

134. A technician is rebuilding the infrastructure for an organization. The technician has been tasked with making sure that the virtualization technology is implemented securely. Which of the following is a concern when implementing virtualization technology?

The technician should verify that the virtual servers are dual homed so that traffic is securely separated.

The technician should verify that the virtual servers and the host have the latest service packs and patches applied.

The technician should subnet the network so each virtual server is on a different network segment.

The technician should perform penetration testing on all the virtual servers to monitor performance.

135. Which of the following tools will allow the technician to find all open ports on the network?

Performance monitor

Protocol analyzer

Router ACL

Network scanner

136. Which of the following encryption schemes is the public key infrastructure based on?

Quantum

Elliptical curve

Asymmetric

Symmetric

137. An administrator has been studying stateful packet inspection and wants to implement this security technique on the network. Which of the following devices could the administrator use to BEST utilize stateful packet inspection?

Hub

IDS

Switch

Firewall

138. Which of the following is an important reason for password protecting the BIOS?

To maintain password complexity requirements

To prevent system start-up without knowing the password

To keep a user from changing the boot order of the system

To keep a virus from overwriting the BIOS

139. Which of the following network filtering devices will rely on signature updates to be effective?

Proxy server9

Firewall

NIDS

Honeynet

140. Which of the following is an exploit against a device where only the hardware model and
manufacturer are known?

Replay attack

Denial of service (DoS)

Privilege escalation

Default passwords

141. Which of the following is the BEST process of removing PII data from a disk drive before reuse?

Destruction

Sanitization

Reformatting

Degaussing

PII (Personally Identifiable Information) - any data that can be used to trace back to the person and should be protected internally. Reformatting a drive does not prevent retrieval through forensic methods. Using a degauss-er or destroying the drive will render it inoperable, which is not what the question asks.

Explanation

PII (Personally Identifiable Information) - any data that can be used to trace back to the person and should be protected internally. Reformatting a drive does not prevent retrieval through forensic methods. Using a degauss-er or destroying the drive will render it inoperable, which is not what the question asks.

142. Which of the following algorithms is MOST closely associated with the signing of email messages?

MD5

TKIP

PGP

SHA-1

143. User A is a member of the payroll security group. Each member of the group should have
read/write permissions to a share. User A was trying to update a file but when the user tried to
access the file the user was denied. Which of the following would explain why User A could not access the file?

Privilege escalation

Rights are not set correctly

Least privilege

Read only access

144. Which of the following is a security trait of a virtual machine?

Provides additional resources for testing

Provides real-time access to all system processes

Provides a read-only area for executing code

Provides a restricted environment for executing code

145. A user is attempting to receive digitally signed and encrypted email messages from a remote
office. Which of the following protocols does the system need to support?

SMTP

S/MIME

ISAKMP

IPSec

146. Which of the following is MOST likely provided by asymmetric key cryptography?

Performance

A pre-shared key

Kiting

Confidentiality

One of the major reasons to implement a cryptographic system is to ensure the confidentiality of the information being used. (Domain 5.1)

Explanation

One of the major reasons to implement a cryptographic system is to ensure the confidentiality of the information being used. (Domain 5.1)

147. Which of the following is an example of security personnel that administer access control
functions, but do not administer audit functions?

Access enforcement

Separation of duties

Least privilege

Account management

148. A smurf attack is an example of which of the following threats?

ARP Poisoning

DoS

TCP/IP Hijacking

Man-in-the-middle

149. Which of the following is the MOST recent addition to cryptography?

AES

DES

3DES

PGP

AES (Advanced Encryption Standard) has replaced DES as the current standard. AES is now the current product used by the U.S. governmental agencies. AES uses key lengths of 128 (default), 192, and 256-bits. (Domain 5.3)

Explanation

AES (Advanced Encryption Standard) has replaced DES as the current standard. AES is now the current product used by the U.S. governmental agencies. AES uses key lengths of 128 (default), 192, and 256-bits. (Domain 5.3)

150. A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protecteD. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If the anti-malware software is purchased, which of the following is the expected net savings?

$900

$2,290

$2,700

$5,000

151. An administrator has been asked to encrypt credit card data. Which of the following algorithms would be the MOST secure with the least CPU utilization?

3DES

AES

SHA-1

MD5

152. Which of the following would allow an administrator to find weak passwords on the network?

A network mapper

A hash function

A password generator

A rainbow table

Not all attacks are only brute-force or dictionary based. A number of hybrids also exist that will try combinations of these two methods. One of the more common techniques involves using rainbow tables-values of hashes-to identify the salt (random bits added to the password) used in creating the stored value.

Explanation

Not all attacks are only brute-force or dictionary based. A number of hybrids also exist that will try combinations of these two methods. One of the more common techniques involves using rainbow tables-values of hashes-to identify the salt (random bits added to the password) used in creating the stored value.

153. Which of the following is a required privilege that an administrator must have in order to restore a public/private key set on a certificate authority (CA)?

Recovery agent

Registration authority

Domain administrator

Group administrator

A RA (registration authority) offloads some of the work from a CA. An RA system operates as the middle-man in the process. It can distribute keys, accept registrations for the CA and validate identities. The RA doesn't issue certificates; that responsibility remains with the CA. (Domain 5.6)

Explanation

A RA (registration authority) offloads some of the work from a CA. An RA system operates as the middle-man in the process. It can distribute keys, accept registrations for the CA and validate identities. The RA doesn't issue certificates; that responsibility remains with the CA. (Domain 5.6)

154. Which of the following redundancy solutions contains hardware systems similar to the affected
organization, but does not provide live data?

Hot site

Uninterrupted Power Supply (UPS)

Warm site

Cold site

155. A technician needs to detect staff members that are connecting to an unauthorized website. Which of the following could be used?

Protocol analyzer

Bluesnarfing

Host routing table

HIDS

156. Taking into account personal safety, which of the following types of fire suppression substances would BEST prevent damage to electronic equipment?

Foam

CO2

Halon

Water

157. Which of the following is a way to encrypt session keys using SSL?

Session keys are sent unencrypted

Session keys are encrypted using an asymmetric algorithm.

Session keys are sent in clear text because they are private keys.

Session keys are encrypted using a symmetric algorithm.

SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption. (Domain 5.4)

Explanation

SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption. (Domain 5.4)

158. Which of the following would be the MOST secure choice to implement for authenticating remote connections?

LDAP

8021x

RAS

RADIUS

159. Which of the following algorithms have the smallest key space?

IDEA

SHA-1

AES

DES

DES (Data Encryption Standard) has since been replaced by AES. It's a strong and efficient algorithm based on a 56-bit key. AES uses key lengths of 128 (default), 192, and 256-bits. (Domain 5.3)

Explanation

DES (Data Encryption Standard) has since been replaced by AES. It's a strong and efficient algorithm based on a 56-bit key. AES uses key lengths of 128 (default), 192, and 256-bits. (Domain 5.3)

160. Which of the following BEST describes ARP?

Discovering the IP address of a device from the MAC address

Discovering the IP address of a device from the DNS name

Discovering the MAC address of a device from the IP address

Discovering the DNS name of a device from the IP address

161. An executive uses PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the body of the email, the executive wishes to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which of the following asymmetric keys should the executive use to encrypt the signature?

Public

Private

Shared

Hash

162. Which of the following is MOST efficient for encrypting large amounts of data?

Hashing algorithms

Symmetric key algorithms

Asymmetric key algorithms

ECC algorithms

163. An organization is installing new servers into their infrastructure. A technician is responsible for making sure that all new servers meet security requirements for up time. In which of the following is the availability requirements identified?

Service level agreement

Performance baseline

Device manufacturer documentation

Security template

164. Which of the following is the primary security risk with coaxial cable?

Diffusion of the core light source

Data emanation from the core

Crosstalk between the wire pairs

Refraction of the signal

Coaxial cable is a shielded copper core data transmission medium. It does not have a light source nor is capable of refraction. Coaxial is not bundled with multiple wires per sheathing like LAN (Cat 5/6) cables, therefore it does not suffer from crosstalk either. The only risk is a break in the outer shielding, usually consisting of a steel braid just beneath the outer jacket. The loss of the shield can allow data to radiate outward from the core and could be intercepted with the right equipment. (Domain 2.1)

Explanation

Coaxial cable is a shielded copper core data transmission medium. It does not have a light source nor is capable of refraction. Coaxial is not bundled with multiple wires per sheathing like LAN (Cat 5/6) cables, therefore it does not suffer from crosstalk either. The only risk is a break in the outer shielding, usually consisting of a steel braid just beneath the outer jacket. The loss of the shield can allow data to radiate outward from the core and could be intercepted with the right equipment. (Domain 2.1)

165. Which of the following uses a key ring?

AES

DES

PGP

RSA

166. Which of the following requires an update to the baseline after installing new software on a
machine?

Signature-based NIPS

Signature-based NIDS

Honeypot

Behavior-based HIDS

167. Which of the following virtual machine components monitors and manages the various virtual
instances?

VMOS

VCPU

Hypervisor

Virtual supervisor

168. Kerberos uses which of the following trusted entities to issue tickets?

Ticket Granting System

Certificate Authority

Internet Key Exchange

Key Distribution Center

169. When assigning permissions, which of the following concepts should be applied to enable a
person to perform their job task?

Rule based

Discretionary access control (DAC)

Least privilege

Role based

170. Which of the following is a way to manage operating system updates?

Service pack management

Patch application

Hotfix management

Change management

171. Which of the following can an attacker use to gather information on a system without having a user ID or password?

NAT

DNS poisoning

Null session

Spoofing

172. All of the following are symmetric key algorithms EXCEPT:

ECC.

Rijndael.

3DES.

RC4

ECC (Elliptic Curve Cryptography) - A type of public key cryptosystem that requires a shorter key length than many other cryptosystems (including the de facto industry standard, RSA). (Domain 5.1)

Explanation

ECC (Elliptic Curve Cryptography) - A type of public key cryptosystem that requires a shorter key length than many other cryptosystems (including the de facto industry standard, RSA). (Domain 5.1)

173. A user wants to implement secure LDAP on the network. Which of the following port numbers secure LDAP use by default?

53

389

443

636

174. An administrator suspects that multiple PCs are infected with a zombie. Which of the following
tools could be used to confirm this?

Antivirus

Recovery agent

Spyware

Port scan

175. Which of the following logs might reveal the IP address and MAC address of a rogue device within the local network?

Security logs

DHCP logs

DNS logs

Antivirus logs

176. Which of the following would allow for secure key exchange over an unsecured network without a pre-shared key?

3DES

AES

DH-ECC

MD5

177. An administrator does not want anyone to VPN from inside the network to a remote office or
network. Which of the following protocols should be blocked outbound on the network?

TPM

OVAL

SNMP

ISAKMP

ISAKMP (Internet Security Association and Key Management Protocol) - responsible for creation and exchange of secure key algorithms across IP networks. VPN connections require this protocol to establish a secure connection.
TPM (Trusted Platform Module) - Used to store passwords on a chip.
OVAL (Open Vulnerability and Assessment Language) - A standard method of testing, analyzing and reporting vulnerabilities.
SNMP (Simple Network Management Protocol) - Sends information regarding network to network health status to network management consoles such as HP Openview.

Explanation

ISAKMP (Internet Security Association and Key Management Protocol) - responsible for creation and exchange of secure key algorithms across IP networks. VPN connections require this protocol to establish a secure connection.
TPM (Trusted Platform Module) - Used to store passwords on a chip.
OVAL (Open Vulnerability and Assessment Language) - A standard method of testing, analyzing and reporting vulnerabilities.
SNMP (Simple Network Management Protocol) - Sends information regarding network to network health status to network management consoles such as HP Openview.

178. Which of the following increases the collision resistance of a hash?

Salt

Increase the input length

Rainbow Table

Larger key space

179. Which of the following requires a common pre-shared key before communication can begin?

Public key infrastructure

Symmetric key cryptography

Secure hashing algorithm

Asymmetric key cryptography

Always remember that symmetric encryption uses the same key to encrypt and decrypt data (a primary weakness being that you have to share the key with others). Asymmetric encryption uses two keys: one to encrypt and another to decrypt. (Domain 5.6)

Explanation

Always remember that symmetric encryption uses the same key to encrypt and decrypt data (a primary weakness being that you have to share the key with others). Asymmetric encryption uses two keys: one to encrypt and another to decrypt. (Domain 5.6)

180. Which of the following security policies is BEST to use when trying to mitigate the risks involved with allowing a user to access company email via their cell phone?

The cell phone should require a password after a set period of inactivity.

The cell phone should only be used for company related emails.

The cell phone data should be encrypted according to NIST standards.

The cell phone should have data connection abilities disabled.

181. Which of the following are characteristics of a hash function? (Select TWO).

One-way

Encrypts a connection

Ensures data can be easily decrypted

Fixed length output

Requires a key

Submit

182. Which of the following encryption algorithms is decrypted in the LEAST amount of time?

RSA

AES

3DES

L2TP

183. Which of the following is true about ECC algorithms?

It is the algorithm used in PGP.

It is implemented in portable devices.

It is a private key algorithm.

It is CPU intensive.

Since ECC is the least CPU intensive type of Asymmetrical Encryption Algorithms; smaller, less-intelligent devices such as cellphones and PDAs implement ECC. (Domain 5.1)

Explanation

Since ECC is the least CPU intensive type of Asymmetrical Encryption Algorithms; smaller, less-intelligent devices such as cellphones and PDAs implement ECC. (Domain 5.1)

184. Assigning proper security permissions to files and folders is the primary method of mitigating which of the following?

Hijacking

Policy subversion

Trojan

DoS

CompTIA Security+ (Sy0-201)

1. Which of the following might an attacker resort to in order to recover discarded companydocuments?

2.

What first name or nickname would you like us to use?

2. Which of the following attacks can be caused by a user being unaware of their physicalsurroundings?

3. Which of the following is commonly used in a distributed denial of service (DDOS) attack?

4. Which of the following type of strategies can be applied to allow a user to enter their user name and password once in order to authenticate to multiple systems and applications?

5. Which of the following is an attack that is triggered by a specific event or by a date?

6. Which of the following is a true statement with regards to a NIDS?

7. After registering an email address on a website, a user starts receiving messages from unknown sources. The email account is new, and therefore the user is concerned. This type of message traffic is referred to as:

8. Which of the following is the primary purpose of a honeypot?

9. While conducting a review of the system logs, a user had attempted to log onto the network over 250 times. Which of the following type of attacks is MOST likely occurring?

10. The RAS logs on a server show 100 errors in a two minute time period from an attempt to access an account. The error log shows unknown username or password. Which of the following is this an example of?

11. Which of the following is a publication of inactivated user certificates?

12. Password crackers are generally used by malicious attackers to:

13. Which of the following is a collection of patches?

14. End users are complaining about receiving a lot of email from online vendors and pharmacies.Which of the following is this an example of?

15. Which of the following access control methods grants permissions based on the users position in the company?

16. Which of the following is a method of encrypting email?

17. If a user attempts to go to a website and notices the URL has changed, which of the followingattacks is MOST likely the cause?

18. Which of the following methods is used to perform denial of service (DoS) attacks?

19. A technician is reviewing the logical access control method an organization uses. One of thesenior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request?

20. A technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which of the following will help determine the amount of CPU cycles that are being consumed?

21. A user has decided that they do not want an internal LAN segment to use public IP addresses. The user wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the Internet. Which of the following does the user want to implement?

22. An administrator wants to ensure that that no equipment is damaged when there is a fire or false alarm in the server room. Which of the following type of fire suppression systems should be used?

23. Which of the following is a best practice to prevent users from being vulnerable to socialengineering?

24. How should a company test the integrity of its backup data?

25. Which of the following logical access controls would be MOST appropriate to use when creating an account for a temporary worker?

26. Which of the following is the MOST secure alternative for administrative access to a router?

27. An administrator is implementing a public website and they want all client connections to theserver to be encrypted via their web browser. Which of the following should be implemented?

28. Which of the following is the main objective of steganography?

29. Which of the following access control methods includes switching work assignments at presetintervals?

30. Which of the following threats is the MOST difficult to detect and hides itself from the operatingsystem?

31. When is the BEST time to update anti-virus definitions?

32. A technician is testing the security of a new database application with a website front-end. The technician notices that when certain characters are input into the application it will crash the server. Which of the following does the technician need to do?

33. Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment?

34. Which of the following allows devices attached to the same switch to have separate broadcastdomains?

35. Which of the following allows for proof that a certain person sent a particular email?

36. Which of the following risks would be reduced by implementing screen filters?

37. A malware incident has just been detected within a company. Which of the following should be the administrators FIRST response?

38. A user is redirected to a different website when the user requests the DNS recordwww.xyz.comptia.com. Which of the following is this an example of?

39. Which of the following is a CRL composed of?

40. An administrator wants to replace telnet with a more secure protocol to manage a network device. Which of the following should be implemented on the network?

41. Which of the following is a software bundle containing multiple security fixes?

42. Which of the following is the BEST place where the disaster recovery plan should be kept?

43. How many keys are utilized with asymmetric cryptography?

44. Which of the following is a single server that is setup in the DMZ or outer perimeter in order to distract attackers?

45. Which of the following ensures a user cannot deny having sent a message?

46. An administrator has developed an OS install that will implement the tightest security controlspossible. In order to quickly replicate these controls on all systems, which of the following should be established?

47. Which of the following is an installable package that includes several patches from the samevendor for various applications?

48. Which of the following provides the MOST comprehensive redundancy for an entire site with the least downtime?

49. Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem?

51. A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production application server, which of the following processes should be followed?

52. Which of the following describes the process of securely removing information from media (e. g. hard drive) for future use?

53. Which of the following specifies a set of consistent requirements for a workstation or server?

54. Users do not want to enter credentials to each server or application to conduct their normal work. Which of the following type of strategies will resolve this issue?

55. Which of the following allows for notification when a hacking attempt is discovered?

56. Which of the following is a reason why a company should disable the SSID broadcast of the wireless access points?

57. During a risk assessment it is discovered that only one system administrator is assigned several tasks critical to continuity of operations. It is recommended to cross train other system administrators to perform these tasks and mitigate which of the following risks?

58. An administrator is trying to secure a network from threats originating outside the network. Which of the following devices provides protection for the DMZ from attacks launched from the Internet?

59. Which of the following should be implemented to have all workstations and servers isolated in their own broadcast domains?

60. An administrator wants to setup their network with only one public IP address. Which of thefollowing would allow for this?

61. Why would a technician use a password cracker?

62. Which of the following is the primary purpose of a CA?

63. How should a company test the integrity of its backup data?

64. Which of the following will propagate itself without any user interaction?

65. Which of the following principles should be applied when assigning permissions?

66. Which of the following is a security threat when a new network device is configured for first-time installation?

67. Which of the following allows for the highest level of security at time of login?

68. Which of the following allows an attacker to manipulate files by using the least significant bit(s) to secretly embed data?

69. Which of the following would be BEST to use to apply corporate security settings to a device?

70. Which of the following practices is MOST relevant to protecting against operating system security flaws?

71. Which of the following would be MOST useful to determine why packets from a computer outside the network are being dropped on the way to a computer inside the network?

72. After issuance a technician becomes aware that some keys were issued to individuals who are not authorized to use them. Which of the following should the technician use to correct this problem?

73. Which of the following is the BEST tool for allowing users to go to approved business-relatedwebsites only?

74. Accessing a system or application using permissions from another users account is a form ofwhich of the following?

75. Which of the following network tools would provide the information on what an attacker is doing to compromise a system?

76. An administrator suspects that files are being copied to a remote location during off hours. The file server does not have logging enableD. Which of the following logs would be the BEST place to look for information?

77. Which of the following access control methods gives the owner control over providingpermissions?

78. Which of the following allows an attacker to hide the presence of malicious code by altering the systems process and registry entries?

1. Which of the following might an attacker resort to in order to recover discarded company
documents?

2. Which of the following attacks can be caused by a user being unaware of their physical
surroundings?

17. If a user attempts to go to a website and notices the URL has changed, which of the following
attacks is MOST likely the cause?

19. A technician is reviewing the logical access control method an organization uses. One of the
senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request?

23. Which of the following is a best practice to prevent users from being vulnerable to social
engineering?

27. An administrator is implementing a public website and they want all client connections to the
server to be encrypted via their web browser. Which of the following should be implemented?

29. Which of the following access control methods includes switching work assignments at preset
intervals?

30. Which of the following threats is the MOST difficult to detect and hides itself from the operating
system?

34. Which of the following allows devices attached to the same switch to have separate broadcast
domains?

38. A user is redirected to a different website when the user requests the DNS record
www.xyz.comptia.com. Which of the following is this an example of?

46. An administrator has developed an OS install that will implement the tightest security controls
possible. In order to quickly replicate these controls on all systems, which of the following should be established?

47. Which of the following is an installable package that includes several patches from the same
vendor for various applications?

60. An administrator wants to setup their network with only one public IP address. Which of the
following would allow for this?

73. Which of the following is the BEST tool for allowing users to go to approved business-related
websites only?

74. Accessing a system or application using permissions from another users account is a form of
which of the following?

77. Which of the following access control methods gives the owner control over providing
permissions?

86. An unauthorized user intercepted a users password and used this information to obtain the
company's administrator password. The unauthorized user can use the administrators password to access sensitive information pertaining to client data. Which of the following is this an example of?

114. During the implementation of LDAP, which of the following will typically be changed within the
organizations software programs?

116. Users on a network report that they are receiving unsolicited emails from an email address that
does not change. Which of the following steps should be taken to stop this from occurring?

121. Which of the following is done to ensure appropriate personnel have access to systems and
networks? (Select TWO).

126. After implementing file auditing, which of the following logs would show unauthorized usage
attempts?

128. Which of the following actions should be performed upon discovering an unauthorized wireless
access point attached to a network?

140. Which of the following is an exploit against a device where only the hardware model and
manufacturer are known?

145. A user is attempting to receive digitally signed and encrypted email messages from a remote
office. Which of the following protocols does the system need to support?

147. Which of the following is an example of security personnel that administer access control
functions, but do not administer audit functions?