CompTIA Security+ (SY0-301) Practice Exam

1. You are planning your training and awareness seminars. What should you tell employees to do with sensitive documents that are no longer needed?

Store all sensitive documents in a pile on the right side of the desk.

Place them in the laptop bag when no longer needed.

Shred all documents.

Place them in the recycle bin for recycling.

All sensitive documents need to be sent through a shredder before the paper is disposed of. All the other answers are incorrect because they do not protect the sensitive information from falling into other people’s hands.

Explanation

All sensitive documents need to be sent through a shredder before the paper is disposed of. All the other answers are incorrect because they do not protect the sensitive information from falling into other people’s hands.

2. What is the term used for when someone slips through an open door behind you after you have unlocked the door?

Horseback riding

Worming

Tailgating

Gliding

Tailgating or piggybacking is the term we use in the security field for someone who enters a locked door behind you after it is opened by an authorized person. Be sure to educate employees on tailgating!

Explanation

Tailgating or piggybacking is the term we use in the security field for someone who enters a locked door behind you after it is opened by an authorized person. Be sure to educate employees on tailgating!

3. You are planning a security assessment strategy for all systems and mobile devices used within the organization. When assessing mobile devices such as phones what should you look for?

Ensure the phone is password protected.

Ensure no texting software is installed.

Ensure the phone is not running a mobile OS.

Ensure the phone is not configured for e-mail.

When working with mobile devices, ensure that employees password protect the device so that if it is lost or stolen, the data on the device is not easily accessible. You will need to run a mobile OS on the phone, and features like texting and e-mail are popular features that will most likely be used by the employee, so they cannot be disabled.

Explanation

When working with mobile devices, ensure that employees password protect the device so that if it is lost or stolen, the data on the device is not easily accessible. You will need to run a mobile OS on the phone, and features like texting and e-mail are popular features that will most likely be used by the employee, so they cannot be disabled.

4. While performing a security assessment you notice that one of the systems has a small device connected between the keyboard and the computer. What is this device?

Trojan virus

Rootkit

Keylogger

Logic bomb

A keylogger in this case is a hardware device connected between the keyboard and the computer which is designed to capture the keystrokes of a user. Keyloggers can also be software based. A Trojan virus is a virus that disguises itself as a legitimate program and then when installed opens the system up to the hacker—normally by opening a port on the system. A rootkit is a back door planted on the system, which gives the hacker administrative access to the system. A logic bomb is malicious software that is triggered by an event such as a specific date.

Explanation

A keylogger in this case is a hardware device connected between the keyboard and the computer which is designed to capture the keystrokes of a user. Keyloggers can also be software based. A Trojan virus is a virus that disguises itself as a legitimate program and then when installed opens the system up to the hacker—normally by opening a port on the system. A rootkit is a back door planted on the system, which gives the hacker administrative access to the system. A logic bomb is malicious software that is triggered by an event such as a specific date.

5. Your sales manager has recently misplaced her mobile device that may contain sensitive information. What should she do first?

Request a new one.

Remotely wipe the device.

Call the phone and ask for it back.

Disable Bluetooth on the device.

When dealing with mobile device security it is important to educate employees on how to remotely wipe a device or to report the lost device at once so that the network administrator can remotely wipe the device.

Explanation

When dealing with mobile device security it is important to educate employees on how to remotely wipe a device or to report the lost device at once so that the network administrator can remotely wipe the device.

6. Your company has a strict policy when it comes to USB thumb drive usage in the office. An employee asks you why they are not allowed to use a thumb drive to carry files from the home computer to their office computer. Which of the following is the best answer?

Thumb drives do not have the capacity to store the data needed.

The data on a thumb drive cannot be encrypted.

Thumb drives are too big to carry from location to location.

The drive could carry a virus from home to the office.

One of the major concerns with thumb drive usage is the fact that a worm virus can replicate to the thumb drive, and then the drive could be connected to a corporate system. Thumb drives do have large capacities—enough to store the typical user’s data—and are not too large to carry around. Data on a thumb drive can—and should—be encrypted.

Explanation

One of the major concerns with thumb drive usage is the fact that a worm virus can replicate to the thumb drive, and then the drive could be connected to a corporate system. Thumb drives do have large capacities—enough to store the typical user’s data—and are not too large to carry around. Data on a thumb drive can—and should—be encrypted.

7. What type of attack results in the victim's system not being able to perform its job function?

Man-in-the-middle

Spoofing

Denial of service

Port scanning

A denial of service attack involves the hacker causing a system to not perform its job role by overburdening the system with traffic. The DoS attack could cause the system to crash or slow the system down.

Explanation

A denial of service attack involves the hacker causing a system to not perform its job role by overburdening the system with traffic. The DoS attack could cause the system to crash or slow the system down.

8. Which of the following are considered biometrics? (Select all that apply)

Username and password

Smartcard

PIN number

Fingerprint

Retina scan

Biometrics is using a characteristic of yourself to authenticate to a system. Popular examples of biometrics are fingerprint reading, retina scanning, and voice recognition.

Explanation

Biometrics is using a characteristic of yourself to authenticate to a system. Popular examples of biometrics are fingerprint reading, retina scanning, and voice recognition.

Submit

9. Management has come to you to let you know that John, a longtime employee of the company, has been stealing money from the company. Management and HR are headed into a meeting with John to let him know he is no longer needed. What should you do while they are in the meeting?

Review logs

See if anyone wants his office space

Disable the employee’s user accounts and access cards

Format the drive on his workstation

You will want to verify with management before they head into the meeting what your responsibilities are, and they will typically inform you of what corporate policy is surrounding the termination of employment, but typically you want to disable the account while notice is given to the employee so that when the employee comes out of the meeting, they cannot access company assets and do any damage.

Explanation

You will want to verify with management before they head into the meeting what your responsibilities are, and they will typically inform you of what corporate policy is surrounding the termination of employment, but typically you want to disable the account while notice is given to the employee so that when the employee comes out of the meeting, they cannot access company assets and do any damage.

10. Sue comes to you asking if it is okay if she downloads movies to her company laptop with a P2P program so that she can watch the movies while she is away on business. Which of the following is the best response?

Educate Sue on the fact that those programs are popular ways to spread viruses, so no, thecompany does not allow P2P software on its systems.

Tell her no.

Tell her yes as long as she does not watch the movies during work hours.

Tell her yes as long as she places the downloaded movies on the server so that you can virusscan them.

The key point here is to educate the user on company policy regarding the use of P2P software with company assets. Explain to the user the risks associated with downloading content from untrusted sources, and explain that P2P software is where a lot of viruses come from.

Explanation

The key point here is to educate the user on company policy regarding the use of P2P software with company assets. Explain to the user the risks associated with downloading content from untrusted sources, and explain that P2P software is where a lot of viruses come from.

11. The network administrator is configuring the network and wants to put restrictions on user passwords such as the length of the password, password complexity, and password history. Where can the administrator find out what the values of those settings should be set to?

VPN policy

Password policy

AUP

Secure disposal of computers

The password policy contains the password requirements that need to be enforced on the network servers. The VPN policy contains details on the approved VPN solution and what the requirements are for employees to be able to VPN into the network from a remote location. The acceptable use policy (AUP) contains the rules for proper computer, Internet e-mail, and device usage within the company. The secure disposal of computers policy contains the rules governing how to get rid of old computers and equipment and requires that all confidential data is securely removed from the device or computer.

Explanation

The password policy contains the password requirements that need to be enforced on the network servers. The VPN policy contains details on the approved VPN solution and what the requirements are for employees to be able to VPN into the network from a remote location. The acceptable use policy (AUP) contains the rules for proper computer, Internet e-mail, and device usage within the company. The secure disposal of computers policy contains the rules governing how to get rid of old computers and equipment and requires that all confidential data is securely removed from the device or computer.

12. Your manager is worried about employee laptops being stolen in the middle of the day when an employee leaves their desk to get coffee or go to the washroom. What can you do to reduce the likelihood that a passerby will take a laptop left on a desk?

Use a lockdown cable.

Encrypt the drive.

Disable booting from CD/DVD.

Log off the workstation.

To protect small computer equipment such as LCD displays, projectors, and laptops from being easily stolen, use a lockdown cable to secure the equipment to a desk. In this example you are looking for a physical security control such as a lockdown cable. Although drive encryption and disabling booting from a CD/DVD are great steps to improve security, they will not stop someone from stealing the device. Such choices may protect the data on the device, but won’t prevent the device from being stolen. Logging off a station will not protect the system at all without physical security.

Explanation

To protect small computer equipment such as LCD displays, projectors, and laptops from being easily stolen, use a lockdown cable to secure the equipment to a desk. In this example you are looking for a physical security control such as a lockdown cable. Although drive encryption and disabling booting from a CD/DVD are great steps to improve security, they will not stop someone from stealing the device. Such choices may protect the data on the device, but won’t prevent the device from being stolen. Logging off a station will not protect the system at all without physical security.

13. Within most organizations the person who writes the check is not the person who signs the check. This is an example of which of the following?

Rotation of duties

Separation of duties

Least privilege

Due care

Having the person that writes the check being different than the person who signs the
check is an example of separation of duties.

Explanation

Having the person that writes the check being different than the person who signs the
check is an example of separation of duties.

14. You have installed antivirus software on all systems across the network. What else should you do with regard to maintaining the antivirus software?

Install personal firewall.

Disable automatic updates.

Disable real-time protection.

Update virus definitions.

It is critical after installing antivirus software that you ensure the virus definitions are up-to-date. Most virus protection software can schedule the updating of virus definitions. Personal firewalls have nothing to do with maintaining the antivirus software, and you should not disable the automatic updates of virus definitions; you should enable them. You also should not disable real-time protection because it scans files as they are accessed.

Explanation

It is critical after installing antivirus software that you ensure the virus definitions are up-to-date. Most virus protection software can schedule the updating of virus definitions. Personal firewalls have nothing to do with maintaining the antivirus software, and you should not disable the automatic updates of virus definitions; you should enable them. You also should not disable real-time protection because it scans files as they are accessed.

15. Your manager has called you into the office and has expressed concerns about a number of news reports on social engineering attacks. Your manager would like to know what can be done to protect the company against social engineering attacks. What would you recommend to your manager?

Use a firewall.

User awareness and training.

Install antivirus software.

Implement physical security.

User awareness and training is the only way to protect against social engineering attacks. Technology solutions such as firewalls, antivirus software, and physical security will always help a little, but to truly protect against social engineering attacks, you need to educate the users so they are aware of security best practices.

Explanation

User awareness and training is the only way to protect against social engineering attacks. Technology solutions such as firewalls, antivirus software, and physical security will always help a little, but to truly protect against social engineering attacks, you need to educate the users so they are aware of security best practices.

16. You are talking with management about ways to limit security threats such as tailgating within the company. Management has said there is no money to spend on controls such as mantraps—what can you do to reduce the risk of tailgating?

Purchase an additional lock.

Training and awareness.

Purchase a revolving door.

Purchase a mantrap.

One of the ways to control tailgating in highly secure environments is to use a mantrap—an area between two locked doors where one door does not open until the first door is closed. Solutions such as mantraps or revolving doors are great solutions but they cost money. A cheap solution in low secure environments is to educate the employees on tailgating and to not open the door if someone is hanging around the entrance.

Explanation

One of the ways to control tailgating in highly secure environments is to use a mantrap—an area between two locked doors where one door does not open until the first door is closed. Solutions such as mantraps or revolving doors are great solutions but they cost money. A cheap solution in low secure environments is to educate the employees on tailgating and to not open the door if someone is hanging around the entrance.

17. John has been studying hacking techniques used by hackers and decides to send a packet to your system, but ensures that he alters the source IP address of the packet so it looks like it came from someone else. What type of attack is this?

Phishing

Pharming

Spim

Spoofing

Spoofing is when someone alters the source address of a message. IP spoofing is the altering of the source IP address, MAC spoofing is when the hacker alters the source MAC address, and e-mail spoofing is when the hacker alters the source e-mail address of a message.

Explanation

Spoofing is when someone alters the source address of a message. IP spoofing is the altering of the source IP address, MAC spoofing is when the hacker alters the source MAC address, and e-mail spoofing is when the hacker alters the source e-mail address of a message.

18. Your manager is worried about the security of the applications created by the in-house developers. From a security point of view, what recommendation would you make to the manager as the No. 1 rule for developers to follow?

Create user-friendly applications.

Validate all data inputted.

Ensure the focus is on usability.

Create nice input screens.

Developers must validate all data inputted into the application. The rest of the answers are incorrect because they all deal with ensuring the application is easy to use but have nothing to do with creating a secure application.

Explanation

Developers must validate all data inputted into the application. The rest of the answers are incorrect because they all deal with ensuring the application is easy to use but have nothing to do with creating a secure application.

19. Which of the following represents the reasoning for implementing rotation of duties in your environment?

To limit fraudulent activities within the organization

To keep data private to the appropriate individuals

To make information available

To ensure the secrecy of the information

Rotation of duties is designed to hold people responsible for their actions by having
someone else take over the position at a later time. Someone holding this position will not be
likely to perform fraudulent activities knowing that someone else will detect that activity once
placed in the position.

Explanation

Rotation of duties is designed to hold people responsible for their actions by having
someone else take over the position at a later time. Someone holding this position will not be
likely to perform fraudulent activities knowing that someone else will detect that activity once
placed in the position.

20. What is the term for a collection of systems that a hacker compromises and then uses to perform additional attacks?

CompNet

HackNet

Botnet

SurfNet

A botnet is a number of systems that the hacker has control of and uses in attacks such as spamming or denial of service attacks.

Explanation

A botnet is a number of systems that the hacker has control of and uses in attacks such as spamming or denial of service attacks.

21. As requested by your manager you purchase two servers to participate in a server cluster so that if one server fails, the other server will take over the workload. Which of the following goals of security has been met?

Confidentiality

Accountability

Integrity

Availability

Availability is ensuring that the company asset, such as a server and its data, is available at all times. You can help offer availability by using RAID, server clusters, or performing regular backups.

Explanation

Availability is ensuring that the company asset, such as a server and its data, is available at all times. You can help offer availability by using RAID, server clusters, or performing regular backups.

22. Which of the following best describes a Trojan virus?

Malicious software that is triggered by an event such as a specific date

A virus that disguises itself as a legitimate program but actually opens a port on the system

Malicious software that monitors your Internet activity

A virus that self-replicates

A Trojan virus is a virus that disguises itself as a legitimate program and then when installed opens the system up to the hacker—normally by opening a port on the system. A logic bomb is malicious software that is triggered by an event such as a specific date. Spyware is malicious software that monitors your Internet activity, and a worm virus self-replicates.

Explanation

A Trojan virus is a virus that disguises itself as a legitimate program and then when installed opens the system up to the hacker—normally by opening a port on the system. A logic bomb is malicious software that is triggered by an event such as a specific date. Spyware is malicious software that monitors your Internet activity, and a worm virus self-replicates.

23. Doug is the network administrator for a law firm and has just purchased 20 new systems for the employees. Doug has collected all of the old computers from the employees and has searched through the hard drives and deleted any DOC and XLS files before handing the computers over to the local school. What policy may Doug be in violation of?

AUP

Password policy

Virus protection policy

Secure disposal of computers

The secure disposal of computers policy contains the rules surrounding what to do with equipment that is no longer needed in the company. The policy should state that all hard drives have to be physically destroyed before passing the computers on, so that you can ensure that no confidential data can be retrieved from the system.

Explanation

The secure disposal of computers policy contains the rules surrounding what to do with equipment that is no longer needed in the company. The policy should state that all hard drives have to be physically destroyed before passing the computers on, so that you can ensure that no confidential data can be retrieved from the system.

24. Which of the following controls will help protect against tailgating?

Locked doors

Electronic keypads

Swipe cards

Mantrap

A mantrap is an area between two locked doors. The second door cannot be opened until the first door is locked, which helps employees entering the facility notice anyone who may try to enter along with them.

Explanation

A mantrap is an area between two locked doors. The second door cannot be opened until the first door is locked, which helps employees entering the facility notice anyone who may try to enter along with them.

25. Data classification labels are applied to ______, while clearance levels are applied to ______.

Employees, information

Management, employees

Information, employees

Employees, management

Information within the company is assigned a data classification label, while the employees are then given a clearance level. For example, a document may be assigned the top secret classification label so that for an employee to gain access to the information, they must have the top secret clearance level.

Explanation

Information within the company is assigned a data classification label, while the employees are then given a clearance level. For example, a document may be assigned the top secret classification label so that for an employee to gain access to the information, they must have the top secret clearance level.

26. A user logs on with a regular user account and then exploits a vulnerability in the operating system to gain administrative access to the system. What type of attack is this?

Dictionary

Brute-force

Buffer overflow

Privilege escalation

Privilege escalation is when someone raises their permissions or rights from user level to administrative level. This is normally done by exploiting the operating system or software running on the operating system. Dictionary and brute-force are types of password attacks and do not involve raising someone’s level of access to a system. A buffer overflow is a type of attack against software that aids in privilege escalation.

Explanation

Privilege escalation is when someone raises their permissions or rights from user level to administrative level. This is normally done by exploiting the operating system or software running on the operating system. Dictionary and brute-force are types of password attacks and do not involve raising someone’s level of access to a system. A buffer overflow is a type of attack against software that aids in privilege escalation.

27. What is the term used for a phishing attack that is targeted toward a specific person such as the executive of a company?

Whaling

Phishing

Pharming

Spim

Whaling is the term for targeting the phishing attack to “the big fish” in the company. With a whaling attack the e-mail message is typically personalized by using the name of that individual. Phishing is sending a generic e-mail to a mass group of people in hopes that someone clicks the link that goes to the fake web site. Pharming is modifying DNS or the hosts file to lead people to the wrong site. Spim is spamming (sending unsolicited e-mails) through instant messenger applications.

Explanation

Whaling is the term for targeting the phishing attack to “the big fish” in the company. With a whaling attack the e-mail message is typically personalized by using the name of that individual. Phishing is sending a generic e-mail to a mass group of people in hopes that someone clicks the link that goes to the fake web site. Pharming is modifying DNS or the hosts file to lead people to the wrong site. Spim is spamming (sending unsolicited e-mails) through instant messenger applications.

28. What type of attack involves the hacker sending too much data to an application that typically results in the hacker gaining remote access to the system with administrative permissions?

Buffer overflow

SQL injection

Folder traversal

Cross-site scripting

A buffer overflow attack is when the hacker sends too much data to an application, causing the data to get stored beyond the buffer area. If the hacker can access the area beyond the buffer, they can run whatever code they want, which typically results in them gaining administrative access to the system.

Explanation

A buffer overflow attack is when the hacker sends too much data to an application, causing the data to get stored beyond the buffer area. If the hacker can access the area beyond the buffer, they can run whatever code they want, which typically results in them gaining administrative access to the system.

29. Which of the following should be done to help secure mobile devices used by users on the network? (Select all that apply.)

Disable the password.

Lock the screen based on short inactivity periods.

Enable Bluetooth.

Encrypt the data.

Disable emergency calling.

You should ensure that you are locking the screen and encrypting data on the mobile device to protect it from unauthorized access. You should have a password enabled instead of disabled, and never disable emergency calling, so that if the phone is locked, you can still call 911. Bluetooth should be disabled if not used, but most people use Bluetooth for wireless headsets.

Explanation

You should ensure that you are locking the screen and encrypting data on the mobile device to protect it from unauthorized access. You should have a password enabled instead of disabled, and never disable emergency calling, so that if the phone is locked, you can still call 911. Bluetooth should be disabled if not used, but most people use Bluetooth for wireless headsets.

Submit

30. Your manager approaches you and says that she has been reading about the concept of live CDs and how hackers are using them to bypass system security. What would you do to help protect your systems from this type of threat?

Disable booting from CD/DVD.

Remove the CD-ROM/DVD-ROM.

Set a strong administrative password.

Implement an account lockout policy.

To maintain a high level of security on your systems, disable booting from CD/DVD or even change the boot order so that the hard drive always boots before the CD/DVD. Removing the CD/DVD is not a great answer as it means that the user will not have a CD-ROM/DVD-ROM device. Implementing a strong password on the administrative account and having an account lockout policy are not good choices either because they will be bypassed when a live CD is used.

Explanation

To maintain a high level of security on your systems, disable booting from CD/DVD or even change the boot order so that the hard drive always boots before the CD/DVD. Removing the CD/DVD is not a great answer as it means that the user will not have a CD-ROM/DVD-ROM device. Implementing a strong password on the administrative account and having an account lockout policy are not good choices either because they will be bypassed when a live CD is used.

31. Which of the following actions are performed during system hardening?

MAC filtering

Disabling unnecessary services

Port security

802.1x authentication

System hardening involves disabling unnecessary services and uninstalling unnecessary software from the system. System hardening also involves disabling unused accounts and patching the system. The rest of the answers are incorrect because they are all network hardening techniques and not system hardening techniques. MAC filtering controls which systems can send data to other
systems, port security controls which systems can connect to a port by MAC address, and 802.1x controls who has access to a wired or wireless network by using a central authentication server.

Explanation

System hardening involves disabling unnecessary services and uninstalling unnecessary software from the system. System hardening also involves disabling unused accounts and patching the system. The rest of the answers are incorrect because they are all network hardening techniques and not system hardening techniques. MAC filtering controls which systems can send data to other
systems, port security controls which systems can connect to a port by MAC address, and 802.1x controls who has access to a wired or wireless network by using a central authentication server.

32. All accountants need to be able to modify the accounting data except for Bob. Due to Bob's job requirements, you have ensured that Bob receives only the read permission to the accounting data. This is an example of which of the following?

Rotation of duties

Separation of duties

Least privilege

Due care

A very important principle of security is the concept of least privilege. Least privilege is
the principle that you should always give only the minimum level of permissions or rights to an
individual.

Explanation

A very important principle of security is the concept of least privilege. Least privilege is
the principle that you should always give only the minimum level of permissions or rights to an
individual.

33. Bob installed an application on ten computers in the office over six months ago, and the application worked as expected. On February 12 of this year the application deleted a number of critical files off the system. What type of virus is this?

Trojan virus

Worm virus

Rootkit

Logic bomb

A logic bomb is malicious software that is triggered by an event such as a specific date. A Trojan virus is a virus that disguises itself as a legitimate program and then when installed opens the system up to the hacker—normally by opening a port on the system. A worm virus is a self-replicating virus, and a rootkit is a back door planted on the system, which gives the hacker administrative access to the system.

Explanation

A logic bomb is malicious software that is triggered by an event such as a specific date. A Trojan virus is a virus that disguises itself as a legitimate program and then when installed opens the system up to the hacker—normally by opening a port on the system. A worm virus is a self-replicating virus, and a rootkit is a back door planted on the system, which gives the hacker administrative access to the system.

34. What type of hacker learns hacking techniques so that they can better defend against a malicious hacker?

Black-hat

Gray-hat

White-hat

Yellow-hat

A white-hat hacker learns hacking techniques to learn how to defend against a
malicious hacker.
The other options are incorrect for the following reasons:
A black-hat hacker is someone who hacks for financial gain
or malicious reasons. A gray-hat hacker is someone who learns of a vulnerability and then
publishes it to the world. There is no such thing as a yellow-hat hacker.

Explanation

A white-hat hacker learns hacking techniques to learn how to defend against a
malicious hacker.
The other options are incorrect for the following reasons:
A black-hat hacker is someone who hacks for financial gain
or malicious reasons. A gray-hat hacker is someone who learns of a vulnerability and then
publishes it to the world. There is no such thing as a yellow-hat hacker.

35. Bob requires the capabilities to change the system time on the computers, but instead of adding Bob to the Administrators group (who can change the time on the computer), you grant Bob the Change System Time right. This is an example of following which security principle?

Least privilege

Job rotation

Separation of duties

AUP

The concept of least privilege is to ensure you give only the minimal permissions or rights needed to perform a task. Job rotation is a security principle that requires employees to rotate through job positions on a regular basis in order to detect any improper activities. Separation of duties is a security principle that involves dividing a job into multiple tasks with each task being performed by a different employee. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company.

Explanation

The concept of least privilege is to ensure you give only the minimal permissions or rights needed to perform a task. Job rotation is a security principle that requires employees to rotate through job positions on a regular basis in order to detect any improper activities. Separation of duties is a security principle that involves dividing a job into multiple tasks with each task being performed by a different employee. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company.

36. What type of application attack involves the hacker inputting data into a web site that contains script code that will execute when the page is viewed by another visitor?

ActiveX

Java applets

Macros virus

Cross-site scripting

Cross-site scripting involves the hacker inputting data into a web site that contains script code that will execute when the page is viewed by another visitor. ActiveX and Java applets are programming components that are used by applications such as a web site, and a macros virus is a virus written with a macros language that comes with software.

Explanation

Cross-site scripting involves the hacker inputting data into a web site that contains script code that will execute when the page is viewed by another visitor. ActiveX and Java applets are programming components that are used by applications such as a web site, and a macros virus is a virus written with a macros language that comes with software.

37. Which of the following devices could be used to limit which web sites users on the network can visit?

Router

Load balancer

Proxy server

CAT 5e

Proxy servers are used to control outbound Internet access by filtering web sites users can surf and applications they can use.

Explanation

Proxy servers are used to control outbound Internet access by filtering web sites users can surf and applications they can use.

38. Which of the following identifies one of the security benefits of using virtualization technology?

You need to patch only the host operating system.

You need virus protection only on the host system.

You have less hardware to secure.

No drive encryption is needed.

One of the benefits of virtualization is that you need to implement physical security controls on fewer systems because less hardware is used as a result of virtualization. You will need to patch and virus protect the host operating system and each of the virtual machines. Encryption may still be needed based on any drives you would like to maintain confidentiality on.

Explanation

One of the benefits of virtualization is that you need to implement physical security controls on fewer systems because less hardware is used as a result of virtualization. You will need to patch and virus protect the host operating system and each of the virtual machines. Encryption may still be needed based on any drives you would like to maintain confidentiality on.

39. Your manager has read about the need to uninstall unnecessary software and disable unnecessary services from a system. What is the purpose of performing these hardening techniques?

Close ports on the system

Assess vulnerability

Fuzzing

Reduce the attack surface

When you harden the system by uninstalling unneeded software and disable unnecessary services, you are reducing the attack surface of the system.

Explanation

When you harden the system by uninstalling unneeded software and disable unnecessary services, you are reducing the attack surface of the system.

40. Which of the following is considered a valid security issue with Network Attached Storage (NAS) devices?

The NAS device runs the SMB protocol.(NAS) devices?

If the NAS is not configured properly, a security compromise could compromise all the dataon the device.

The NAS device runs the NFS protocol.

The NAS device has a web interface for configuration.

If the NAS device is hit with a virus or is hacked into, then the security incident may apply to all files in the company if all data is stored on the NAS device. Great care should be taken with the configuration of the NAS device. Most NAS devices run SMB and NFS protocols in order for clients to connect to the data and are not considered security concerns. The NAS device also has a web interface device to use to make the configuration changes to the device.

Explanation

If the NAS device is hit with a virus or is hacked into, then the security incident may apply to all files in the company if all data is stored on the NAS device. Great care should be taken with the configuration of the NAS device. Most NAS devices run SMB and NFS protocols in order for clients to connect to the data and are not considered security concerns. The NAS device also has a web interface device to use to make the configuration changes to the device.

41. Management is concerned that an employee may be able to hide fraudulent activity for long durations while working for the company. What would you recommend to help detect an improper activity performed by employees?

Least privilege

AUP

Disabling the employee’s user accounts and access cards

Job rotation

Implementing the security principle known as job rotation is a great way to detect fraudulent activities performed by employees. The concept of least privilege is to ensure you give only the minimal permissions or rights needed to perform a task. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company. Disabling the user account and access cards will not help you detect fraudulent activity—you need someone to take over the job role for a while in hopes they will discover improper activity by the previous employee.

Explanation

Implementing the security principle known as job rotation is a great way to detect fraudulent activities performed by employees. The concept of least privilege is to ensure you give only the minimal permissions or rights needed to perform a task. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company. Disabling the user account and access cards will not help you detect fraudulent activity—you need someone to take over the job role for a while in hopes they will discover improper activity by the previous employee.

42. Your company has a web application that seems to be running slowly. Your manager is wondering what can be done to improve the performance. How do you respond?

Install a proxy server

Install a load balancer

Configure the web site in a VLAN

Configure port security

A load balancer can be used to split the workload between multiple systems, in this case multiple web servers. Load balancing is a common solution for optimizing performance on web sites or even mail servers.

Explanation

A load balancer can be used to split the workload between multiple systems, in this case multiple web servers. Load balancing is a common solution for optimizing performance on web sites or even mail servers.

43. What type of rootkit replaces an operating system driver file in hopes of hiding itself?

Library-level

Kernel-level

Application-level

Virtualized

A kernel-level rootkit replaces core operating system files such as a driver file in hopes of hiding itself. A library-level rootkit is a DLL that is replaced on the system, while an application-level rootkit comes in the form of an EXE file and is planted on the system. A virtualized rootkit loads as soon as a computer boots up and then loads the real operating system.

Explanation

A kernel-level rootkit replaces core operating system files such as a driver file in hopes of hiding itself. A library-level rootkit is a DLL that is replaced on the system, while an application-level rootkit comes in the form of an EXE file and is planted on the system. A virtualized rootkit loads as soon as a computer boots up and then loads the real operating system.

44. Which of the following are considered PII-related information that must be secured at all times? (Choose all that apply)

Postal code

Driver’s license

City name

Social Security number

Street name

Personal Identifiable Information (PII) is unique information about a person that
should be protected at all times and kept confidential.

Explanation

Personal Identifiable Information (PII) is unique information about a person that
should be protected at all times and kept confidential.

Submit

45. Before an individual is authorized to access resources on the network, they are first ________ with the network.

Authenticated

Identified

Authorized

Encrypted

Before authorization can occur each individual must first be authenticated to the system or network. Authentication is the proving of your identity by typically using a password (authentication) to go with the username (identification).

Explanation

Before authorization can occur each individual must first be authenticated to the system or network. Authentication is the proving of your identity by typically using a password (authentication) to go with the username (identification).

46. The technical team is putting together the firewall solution and needs to know what type of traffic is to pass through the firewall. What policy can the technical team use to find out what traffic is to pass through the firewall?

AUP

Hiring policy

VPN policy

Firewall policy

The firewall policy contains the detailed information needed to know what the company’s approved firewall configuration is. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company. The hiring policy contains rules surrounding the process for HR to follow when hiring a new employee. The VPN policy
contains details on the approved VPN solution and what the requirements are for employees to
be able to VPN into the network from a remote location.

Explanation

The firewall policy contains the detailed information needed to know what the company’s approved firewall configuration is. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company. The hiring policy contains rules surrounding the process for HR to follow when hiring a new employee. The VPN policy
contains details on the approved VPN solution and what the requirements are for employees to
be able to VPN into the network from a remote location.

47. Jim is part of the sales team within your organization and spends a lot of time in hotels while on the road. What would you recommend to the administrator with regard to the security of Jim's laptop?

Virtualization

Cloud computing

TCP wrappers

Personal firewall

A personal firewall should be used anytime a system is going to be connected to an untrusted network. The other answers are incorrect because they do not represent recommendations to implement regarding the security of Jim’s laptop.

Explanation

A personal firewall should be used anytime a system is going to be connected to an untrusted network. The other answers are incorrect because they do not represent recommendations to implement regarding the security of Jim’s laptop.

48. A software vendor has found out about a critical vulnerability within their software product that causes a severe security risk to the system. The software vendor will ship which type of patch that should be applied to systems immediately?

Patch

Service pack

Hot-fix

Update

Hot-fix is the term used for an update to a piece of software that should be applied immediately. A patch is a fix to a software error that does not necessarily need to be applied immediately. A service pack contains all the patches and hot-fixes since the previous service pack or release of the software. An update is a general term for applying patches to a system.

Explanation

Hot-fix is the term used for an update to a piece of software that should be applied immediately. A patch is a fix to a software error that does not necessarily need to be applied immediately. A service pack contains all the patches and hot-fixes since the previous service pack or release of the software. An update is a general term for applying patches to a system.

49. Which of the following is a good reason to ensure all employees take vacation time each year?

To keep the employee refreshed and energized

To hold employees accountable for any suspicious activity

To keep the employee happy

To raise company morale

The security reason to implement mandatory vacation is so that while they are on vacation, you can hopefully detect improper activity performed by an employee. If the employee is always around, they will continue to avoid detection of their activity.

Explanation

The security reason to implement mandatory vacation is so that while they are on vacation, you can hopefully detect improper activity performed by an employee. If the employee is always around, they will continue to avoid detection of their activity.

50. You have protected the contents of a highly sensitive file by encrypting the data using Windows EFS. Which of the following goals of security has been satisfied?

Confidentiality

Accountability

Integrity

Availability

Confidentiality involves ensuring untrusted parties cannot view sensitive information. You typically implement confidentiality by encrypting data and communications or by setting permissions on the resource.

Explanation

Confidentiality involves ensuring untrusted parties cannot view sensitive information. You typically implement confidentiality by encrypting data and communications or by setting permissions on the resource.

51. When you enable a personal firewall what is typically the default rule applied?

Allow all traffic.

Deny all traffic.

Forward all traffic.

NAT all traffic.

Most firewalls have a default rule of deny all traffic once the firewall has been enabled. The other answers are incorrect because they do not represent the default rule. Most firewalls allow you to modify the default rule from deny all to allow all.

Explanation

Most firewalls have a default rule of deny all traffic once the firewall has been enabled. The other answers are incorrect because they do not represent the default rule. Most firewalls allow you to modify the default rule from deny all to allow all.

52. What popular feature of a switch allows you to create communication boundaries between systems connected to the switch?

ARP poisoning

Port mirroring

Port security

MAC flooding

VLANs

When you place systems in a VLAN, by default they cannot communicate with systems outside the VLAN. You can have a router route the information from one VLAN to another.

Explanation

When you place systems in a VLAN, by default they cannot communicate with systems outside the VLAN. You can have a router route the information from one VLAN to another.

53. Which TCP/IP protocol is used to convert the IP address to a MAC address?

ARP

TCP

ICMP

UDP

The ARP protocol is responsible for converting the IP address to a MAC address.

Explanation

The ARP protocol is responsible for converting the IP address to a MAC address.

54. You have configured the permissions on the accounting folder so that the Accounting group can create, modify, and delete content in the folder; the Managers group can read the contents of the folder; and all other users have been denied access. This is an example of which of the following?

Authentication

Identification

Authorization

Confidentiality

Authorization typically involves configuring an access control list such as a permission list and specifying what level of access to a resource a user may have.

Explanation

Authorization typically involves configuring an access control list such as a permission list and specifying what level of access to a resource a user may have.

55. You are the network administrator for a small company, and you wish to follow security best practices that relate to the switch. Which of the following should you do? (Select all that apply.)

Disable unused ports

Enable all unused ports

Configure port security

Disable port security

Enable console password

Disable console password

When securing devices such as a switch, ensure the administration port, such as a console port, has a password configured. Also disable any unused port and configure port security on the ports.

Explanation

When securing devices such as a switch, ensure the administration port, such as a console port, has a password configured. Also disable any unused port and configure port security on the ports.

Submit

56. One of the network administrators in the office has been monitoring the proxy server logs and notices that Bob has visited some inappropriate web sites. What policy is this in violation of?

Firewall policy

Proxy server policy

AUP

Hiring policy

The acceptable use policy (AUP) contains the rules for proper computer, Internet,
e-mail, and device usage within the company. The firewall policy contains rules for what type of traffic is allowed to
pass through firewalls, and the proxy server policy is similar to the firewall policy and is
designed to control what traffic is allowed to go inside and outside the network. The hiring
policy contains rules surrounding the process for HR to follow when hiring a new employee.

Explanation

The acceptable use policy (AUP) contains the rules for proper computer, Internet,
e-mail, and device usage within the company. The firewall policy contains rules for what type of traffic is allowed to
pass through firewalls, and the proxy server policy is similar to the firewall policy and is
designed to control what traffic is allowed to go inside and outside the network. The hiring
policy contains rules surrounding the process for HR to follow when hiring a new employee.

57. After creating and implementing the company security policy, you verify that policies are being followed on a regular basis by performing regular audits. This is an example of which of the following?

Due diligence

Separation of duties

Least privilege

Due care

Due diligence is the assessing and verifying of actions and the assessing of risks to a
company. In this example, you are verifying that the policy is being followed.

Explanation

Due diligence is the assessing and verifying of actions and the assessing of risks to a
company. In this example, you are verifying that the policy is being followed.

58. The hacker has managed to poison everyone's ARP cache so that all traffic to the Internet is being sent to the hacker's system before they route it out to the Internet. What type of attack is this?

DDoS

DoS

Phishing

MiTM

When the hacker positions himself between two systems and is receiving a copy of all traffic before passing it on to the real destination, this is a man-in-the-middle (MiTM) attack.

Explanation

When the hacker positions himself between two systems and is receiving a copy of all traffic before passing it on to the real destination, this is a man-in-the-middle (MiTM) attack.

59. Which of the following security technologies involves controlling access to a wired or wireless network using a central authentication server such as RADIUS?

Port security

802.1x

MAC filtering

Firewall

The 802.1x standard controls access to a wired or wireless network by using a central authentication server such as RADIUS. Port security controls which systems can connect to a port by MAC address. MAC filtering controls which systems can send data to other systems, and a firewall controls what traffic is allowed to enter or leave the network.

Explanation

The 802.1x standard controls access to a wired or wireless network by using a central authentication server such as RADIUS. Port security controls which systems can connect to a port by MAC address. MAC filtering controls which systems can send data to other systems, and a firewall controls what traffic is allowed to enter or leave the network.

60. A new network administrator in the office has been reading about the company requirement that all systems have the initial security baseline applied. They are looking at a listing of 50 different policy settings that need to be applied and are wondering if there is an easy way to deploy the settings. What should they do?

Configure the settings in the local security policies.

Import a registry file.

Use a security template.

Build a macro.

Security templates are a great way to help create a security baseline for systems because you can configure a number of “policy” settings in the security template file and then import the template into a system.

Explanation

Security templates are a great way to help create a security baseline for systems because you can configure a number of “policy” settings in the security template file and then import the template into a system.

61. What file can the hacker modify after compromising your system that could lead you to the wrong web site?

Sam

Hosts

Lmhosts

Services

The hosts file on a system is used to resolve domain names to IP addresses and can be used by the hacker to lead you to the wrong web site if the hacker gains access to this file.

Explanation

The hosts file on a system is used to resolve domain names to IP addresses and can be used by the hacker to lead you to the wrong web site if the hacker gains access to this file.

62. Your manager wishes to ensure that a lot of time is not wasted manually patching each system on the network. What would you recommend?

Virus protection

WSUS

Windows Update

Personal firewall

WSUS is a service that allows you to download, review, approve, and deploy patches to groups of systems on the network. Virus protection and personal firewalls do not deal with patching a system. Using Windows Update on every system is an administrative nightmare, so WSUS should be used.

Explanation

WSUS is a service that allows you to download, review, approve, and deploy patches to groups of systems on the network. Virus protection and personal firewalls do not deal with patching a system. Using Windows Update on every system is an administrative nightmare, so WSUS should be used.

63. What is the first step in creating a security policy?

Obtain management approval and support.

Create the AUP.

Download sample templates.

Review job roles.

The first step to creating a security policy is to get approval and support from upper-level
management. Although downloading sample templates may be a great idea to
help you create the policies, it is not the first thing that needs to be done. Creating the AUP
and reviewing job roles are also not correct answers because you always need to obtain support
from management first when dealing with policies.

Explanation

The first step to creating a security policy is to get approval and support from upper-level
management. Although downloading sample templates may be a great idea to
help you create the policies, it is not the first thing that needs to be done. Creating the AUP
and reviewing job roles are also not correct answers because you always need to obtain support
from management first when dealing with policies.

64. You have managed the file permissions on a file so that unauthorized persons cannot make modifications to the file. What goal of security has been met?

Confidentiality

Accountability

Integrity

Availability

Integrity deals with ensuring that the data has not been altered after being sent to the recipient or stored on the server. In this example, you have modified the permissions so that unauthorized changes to the file cannot be made, which is ensuring the integrity of the file.

Explanation

Integrity deals with ensuring that the data has not been altered after being sent to the recipient or stored on the server. In this example, you have modified the permissions so that unauthorized changes to the file cannot be made, which is ensuring the integrity of the file.

65. You have configured your network so that each person on the network must provide a username and password to gain access. Presenting a username is an example of what?

Authentication

Identification

Authorization

Confidentiality

Presenting a username to the system is an example of how the user identifies themselves to the system.

Explanation

Presenting a username to the system is an example of how the user identifies themselves to the system.

66. Which of the following identifies the stages of the three-way handshake?

ACK/SYN, ACK, SYN

SYN, ACK/SYN, ACK

ACK, SYN, ACK/SYN

SYN, ACK, ACK/SYN

The order of the packets for a three-way handshake is SYN, ACK/SYN, and then ACK.

Explanation

The order of the packets for a three-way handshake is SYN, ACK/SYN, and then ACK.

67. Which of the following methods is a popular method to protect against dictionary attacks?

Password complexity

Account lockout

Network firewall

Intrusion detection system

Implementing password complexity is a way to countermeasure dictionary attacks on the network. Implementing an account lockout policy is a potential way to protect against a dictionary attack, but for certification exams we associate account lockout as a method of protecting against brute-force attacks. A network firewall will not protect you from internal password attacks, and an intrusion detection system may notify you of the suspicious traffic, but will not protect against the password attack.

Explanation

Implementing password complexity is a way to countermeasure dictionary attacks on the network. Implementing an account lockout policy is a potential way to protect against a dictionary attack, but for certification exams we associate account lockout as a method of protecting against brute-force attacks. A network firewall will not protect you from internal password attacks, and an intrusion detection system may notify you of the suspicious traffic, but will not protect against the password attack.

68. With a dictionary attack how does the password-cracking software attempt to figure out the passwords of the different user accounts?

Calculates all possible passwords

Uses the passwords stored in the SAM database

Uses the entries in the /etc/passwd file

Reads the passwords from a word list file

With a dictionary attack the passwords are read from a dictionary word list file, which contains all the words in a particular language. A brute-force password attack would calculate all possible passwords. Password attack tools do not try to use the passwords of the SAM database because those passwords are unreadable and would have to be cracked themselves. The /etc/passwd file is the user account database on a Linux system.

Explanation

With a dictionary attack the passwords are read from a dictionary word list file, which contains all the words in a particular language. A brute-force password attack would calculate all possible passwords. Password attack tools do not try to use the passwords of the SAM database because those passwords are unreadable and would have to be cracked themselves. The /etc/passwd file is the user account database on a Linux system.

69. Your boss is thinking about using cloud computing to host e-mail servers for your organization. What is one of the security issues surrounding this scenario?

Integrity

Privacy

Availability

Resources

Because cloud computing is hosting your services such as e-mail and database services at a provider’s location across the Internet, privacy is always a concern. The other answers are incorrect because they are not concerns with cloud computing.

Explanation

Because cloud computing is hosting your services such as e-mail and database services at a provider’s location across the Internet, privacy is always a concern. The other answers are incorrect because they are not concerns with cloud computing.

70. What feature of a network switch allows the network administrator to capture network traffic when monitoring or troubleshooting the network?

Port security

VLAN

Collision domain

Port Mirroring

The port mirroring feature of a network switch is designed to send a copy of any data destined for a group of ports to a monitored port. The network administrator connects their monitoring station to the monitored port in order to monitor the network traffic.

Explanation

The port mirroring feature of a network switch is designed to send a copy of any data destined for a group of ports to a monitored port. The network administrator connects their monitoring station to the monitored port in order to monitor the network traffic.

71. A hacker tries to compromise your system by submitting script into a field in a web application that is then stored as data in the web site database. The hacker is anticipating when you navigate to the site that your browser will parse the script and execute it. What type of attack is this?

Buffer overflow

SQL injection

Folder traversal

Cross-site scripting

Cross-site scripting is when the hacker finds a way to send client-side script to the server so that it is processed by a client, such as submitting script into a field in a web site which is then stored as data in the web site database. When a user visiting the site displays the data, the code executes on the client system.

Explanation

Cross-site scripting is when the hacker finds a way to send client-side script to the server so that it is processed by a client, such as submitting script into a field in a web site which is then stored as data in the web site database. When a user visiting the site displays the data, the code executes on the client system.

72. You are monitoring network traffic and you notice a packet with pass' or 1=1-- in the content of the packet. What type of attack has occurred?

Buffer overflow

SQL injection

Folder traversal

Cross-site scripting

When you see a packet with pass’ or 1=1-- you are most likely being attacked with an SQL injection attack. An SQL injection attack is when the hacker inserts SQL commands into an application to control the flow of the application.

Explanation

When you see a packet with pass’ or 1=1-- you are most likely being attacked with an SQL injection attack. An SQL injection attack is when the hacker inserts SQL commands into an application to control the flow of the application.

73. Your company has a primary DNS server at its head office and a secondary DNS server at two other offices around the world. What should you do to secure the DNS data?

Allow zone transfers only to the head office DNS server.

Limit zone transfers to the IP addresses of the secondary servers.

Block TCP port 53 on the firewall in the head office.

Block UDP port 53 on the firewall in the head office.

To help secure your DNS server, you will ensure that zone transfers are limited to delivering the DNS zone data only to the secondary DNS servers. The head office server is the primary DNS server, so it does not receive zone transfers. You cannot block TCP 53 at the firewall in this case because that is the port that zone transfers run over, and you need that port open so the secondary servers can do
the zone transfers. Blocking UDP 53 is not an option because it is used by DNS queries and not zone transfers.

Explanation

To help secure your DNS server, you will ensure that zone transfers are limited to delivering the DNS zone data only to the secondary DNS servers. The head office server is the primary DNS server, so it does not receive zone transfers. You cannot block TCP 53 at the firewall in this case because that is the port that zone transfers run over, and you need that port open so the secondary servers can do
the zone transfers. Blocking UDP 53 is not an option because it is used by DNS queries and not zone transfers.

74. How are developers of programming languages such as .NET and Java to deal with runtime errors occurring in an application?

Validate input.

Ignore them.

Use exception handling.

Verify the syntax.

Exception handling is a popular method of trapping runtime errors (exceptions) and showing a user-friendly error message instead of having the application crash. Input validation is an important requirement of developers where they check every piece of data inputted into the application before processing it. Ignoring runtime errors is not an option because they cause the application to crash. Because there is no problem with the syntax of the application, verifying the syntax will not help you here.

Explanation

Exception handling is a popular method of trapping runtime errors (exceptions) and showing a user-friendly error message instead of having the application crash. Input validation is an important requirement of developers where they check every piece of data inputted into the application before processing it. Ignoring runtime errors is not an option because they cause the application to crash. Because there is no problem with the syntax of the application, verifying the syntax will not help you here.

75. Your manager has downloaded some trial software from a vendor by supplying her e-mail address to the vendor's web site. What might the risk of such an action be?

Spyware

Virus

Spam

Phishing

Having an e-mail address available on the Internet, whether on a web page or submitted through someone’s web site, always runs the risk that the e-mail address could be used to send unsolicited messages. The other answers are incorrect because spyware, viruses, and phishing are not concerns associated with supplying an e-mail address.

Explanation

Having an e-mail address available on the Internet, whether on a web page or submitted through someone’s web site, always runs the risk that the e-mail address could be used to send unsolicited messages. The other answers are incorrect because spyware, viruses, and phishing are not concerns associated with supplying an e-mail address.

76. Which type of policy is not optional and must be adhered to?

Procedure

Standard

Guideline

Least privilege

A standard is the type of policy that must be followed.
The other answers are incorrect for the following reasons:
A procedure is a step-by-step document that demonstrates how
to accomplish specific tasks. A guideline is a policy that makes a recommendation that does not
need to be followed. Least privilege is incorrect because it is not a type of policy but a principle
of security that involves ensuring that you always give the lowest privileges or permissions
needed to accomplish a goal.

Explanation

A standard is the type of policy that must be followed.
The other answers are incorrect for the following reasons:
A procedure is a step-by-step document that demonstrates how
to accomplish specific tasks. A guideline is a policy that makes a recommendation that does not
need to be followed. Least privilege is incorrect because it is not a type of policy but a principle
of security that involves ensuring that you always give the lowest privileges or permissions
needed to accomplish a goal.

77. What feature in Linux allows you to configure a list of clients that can access a specific service?

Virtualization

Cloud computing

TCP wrappers

Personal firewall

The TCP wrappers feature in Linux allows you to control what clients can connect to which services. Virtualization is the hosting of multiple operating systems in virtual machines on one physical machine. Cloud computing is having a provider host your servers for you while you remote connect to them across the Internet for administration of the systems. A personal firewall controls communication to the system.

Explanation

The TCP wrappers feature in Linux allows you to control what clients can connect to which services. Virtualization is the hosting of multiple operating systems in virtual machines on one physical machine. Cloud computing is having a provider host your servers for you while you remote connect to them across the Internet for administration of the systems. A personal firewall controls communication to the system.

78. Your manager has been reading a lot about popular password attacks such as dictionary attacks and brute-force attacks. Your manager is worried that your company is susceptible to such attacks. Which of the following controls will help protect against a brute-force attack?

Password complexity

Account lockout

Network firewall

Intrusion detection system

To protect against a brute-force attack, you need to take the time away from the hacker. Implementing an account lockout policy takes time away from the hacker so that they can try logging only a few times before the account is locked and unusable.

Explanation

To protect against a brute-force attack, you need to take the time away from the hacker. Implementing an account lockout policy takes time away from the hacker so that they can try logging only a few times before the account is locked and unusable.

79. Your manager would like to implement additional security measures on the DHCP server. What two actions would you recommend? (Select all that apply.)

Disable zone transfers.

Modify the scope to include only one address for each host on the network.

Deactivate the scope.

Configure an address reservation for each of the addresses in the DHCP scope.

Disable DHCP.

You can secure your DHCP environment by limiting the number of addresses assigned by your DHCP server and reserving each of the addresses. Zone transfers are a security issue related to DNS. You cannot deactivate the scope or disable DHCP because those solutions will make the DHCP unable to
give out addresses.

Explanation

You can secure your DHCP environment by limiting the number of addresses assigned by your DHCP server and reserving each of the addresses. Zone transfers are a security issue related to DNS. You cannot deactivate the scope or disable DHCP because those solutions will make the DHCP unable to
give out addresses.

Submit

80. The software testing team is responsible for testing the applications by inputting invalid data into the fields of the applications. What is this called?

Fuzzing

Input validation

Exception handling

Error handling

Fuzzing is the testing of application security by inputting invalid data into the fields of the application to see how the application responds. Input validation is an important requirement of developers where they check every piece of data inputted into the application before processing it. This will help prevent buffer overflow and injection attacks into the application. Exception handling and error handling are logic added to the application to help prevent runtime errors (crashes) from occurring.

Explanation

Fuzzing is the testing of application security by inputting invalid data into the fields of the application to see how the application responds. Input validation is an important requirement of developers where they check every piece of data inputted into the application before processing it. This will help prevent buffer overflow and injection attacks into the application. Exception handling and error handling are logic added to the application to help prevent runtime errors (crashes) from occurring.

81. When looking at the web server log files, you notice that a lot of the requests that have hit the web site are navigating to the /scripts/..%c0%af../winnt/system32 folder. What type of attack is occurring?

Buffer overflow

SQL injection

Folder traversal

Cross-site scripting

This is an example of folder traversal. Folder traversal is when the hacker places ../.. in the URL to try to navigate out of the web site folder and to access information on the web server. The hacker will typically try to access operating system files and also try to run cmd.exe from the URL.

Explanation

This is an example of folder traversal. Folder traversal is when the hacker places ../.. in the URL to try to navigate out of the web site folder and to access information on the web server. The hacker will typically try to access operating system files and also try to run cmd.exe from the URL.

82. The entity that is responsible for deciding the level of protection that is placed on data and that is ultimately responsible for the security of that data is which of the following?

Custodian

Owner

User

Administrator

The owner decides on the value of the asset and what level of protection is needed. The
owner is management within the organization, and they are ultimately responsible for securing
the environment.

Explanation

The owner decides on the value of the asset and what level of protection is needed. The
owner is management within the organization, and they are ultimately responsible for securing
the environment.

83. What type of reporting mechanism should a system or application use to notify the administrator of an event that requires immediate attention?

Alert

Trend

Log

Alarm

An alarm is a reporting method that notifies the administrator of a security event and expects immediate action. An alert is a notification that may not require corrective action from the administrator. A trend is what you look for when analyzing system or network activity, and a log may be viewed to see activity on a system or application.

Explanation

An alarm is a reporting method that notifies the administrator of a security event and expects immediate action. An alert is a notification that may not require corrective action from the administrator. A trend is what you look for when analyzing system or network activity, and a log may be viewed to see activity on a system or application.

84. What ICMP type is used to identify echo request messages?

0

4

8

9

The ICMP type for echo request messages is ICMP type 8.

Explanation

The ICMP type for echo request messages is ICMP type 8.

85. What type of attack is a smurf attack?

DDoS

DoS

DNS poison

MiTM

A smurf attack is an example of a DDoS attack. It involves the hacker spoofing the IP address so that ping messages appear to come from the victim. When all of the systems that were pinged reply to the ping message, they overburden the victim’s system.

Explanation

A smurf attack is an example of a DDoS attack. It involves the hacker spoofing the IP address so that ping messages appear to come from the victim. When all of the systems that were pinged reply to the ping message, they overburden the victim’s system.

86. You are the network administrator and have configured shared folder permissions and NTFS permissions on the accounting folder. You have given the accountants the NTFS permissions of Read, but the share permission of Change. What is the effective permission when the accountants connect to the share from across the network?

Full Control

Read

Change

Read+Change

When the share permission conflicts with the NTFS permission the most restrictive is applied—in this case that is Read. The other answers are incorrect because they are not the most restrictive permissions in the scenario.

Explanation

When the share permission conflicts with the NTFS permission the most restrictive is applied—in this case that is Read. The other answers are incorrect because they are not the most restrictive permissions in the scenario.

87. How does the HIDS determine that potentially suspicious activity has occurred?

Log files

Network traffic

Packet analysis

TCP wrappers

A host-based IDS analyzes log files, file attributes, and dynamic data such as connections and memory on the system to identify suspicious activity. Network traffic and packet analysis are performed by network-based intrusion detection software. TCP wrappers does not look for suspicious traffic; it simply controls access to services.

Explanation

A host-based IDS analyzes log files, file attributes, and dynamic data such as connections and memory on the system to identify suspicious activity. Network traffic and packet analysis are performed by network-based intrusion detection software. TCP wrappers does not look for suspicious traffic; it simply controls access to services.

88. You have taken the time to create and implement security policies within your organization. This is an example of which of the following?

Due diligence

Separation of duties

Least privilege

Due care

Due care is the act of doing the right thing. In this example, the action is the creation of
the security policy that should exist in all organizations.

Explanation

Due care is the act of doing the right thing. In this example, the action is the creation of
the security policy that should exist in all organizations.

89. Which of the following identifies a security concern with SMTP servers?

Relaying of messages

Zone transfers

E-mail spoofing

Invalid address assignment

Ensure that SMTP servers are not relaying SMTP messages because hackers could then send spam messages to your server to relay them to the destination. Zone transfers are a security issue related to DNS and not SMTP. E-mail spoofing is the modifying of the source address of a message, and invalid address assignment would be a DHCP issue.

Explanation

Ensure that SMTP servers are not relaying SMTP messages because hackers could then send spam messages to your server to relay them to the destination. Zone transfers are a security issue related to DNS and not SMTP. E-mail spoofing is the modifying of the source address of a message, and invalid address assignment would be a DHCP issue.

90. Which of the following represents ports used by secure TCP applications? (Select all that apply.)

23

22

80

143

443

SSH, which is a secure protocol to replace Telnet, uses port 22, while HTTPS is a secure replacement for HTTP traffic and uses port 443.

Explanation

SSH, which is a secure protocol to replace Telnet, uses port 22, while HTTPS is a secure replacement for HTTP traffic and uses port 443.

Submit

91. What feature of a network switch allows you to control which system can be physically connected to a specific network port by its MAC address?

802.1x

MAC filtering

Firewall

Port security

Port security controls which systems can connect to a port on a switch by configuring the port for a specific MAC address.

Explanation

Port security controls which systems can connect to a port on a switch by configuring the port for a specific MAC address.

92. Your manager has been reading about hackers capturing network traffic in a switched network environment and is wondering how it is possible that hackers can do this. How can this be accomplished? (Select all that apply.)

ARP Poisioning

Port mirroring

Port security

MAC flooding

VLANs

Hackers can use a few different techniques to bypass the filtering feature of a switch. The hacker can use ARP poisoning, which poisons the ARP cache on all systems, forcing them to send data to the hacker’s system. Another technique is MAC flooding, which involves the hacker sending bogus MAC addresses to the switch, which causes the switch to not trust the MAC address table. As a result the switch starts flooding all frames (sends the frames to every port) where the hacker is connected and running sniffer software.

Explanation

Hackers can use a few different techniques to bypass the filtering feature of a switch. The hacker can use ARP poisoning, which poisons the ARP cache on all systems, forcing them to send data to the hacker’s system. Another technique is MAC flooding, which involves the hacker sending bogus MAC addresses to the switch, which causes the switch to not trust the MAC address table. As a result the switch starts flooding all frames (sends the frames to every port) where the hacker is connected and running sniffer software.

Submit

93. The entity that is responsible for implementing the appropriate security controls to protect an asset is which of the following?

Custodian

Owner

User

Administrator

The custodian is responsible for implementing the controls to protect the asset and is
your IT staff.

Explanation

The custodian is responsible for implementing the controls to protect the asset and is
your IT staff.

94. Your manager has read that it is possible on older Bluetooth-enabled phones for a hacker to retrieve all the data off the phone. What type of attack is this?

Bluejacking

Bruteforcing

Buffersnarfing

Bluesnarfing is the exploiting of Bluetooth devices and retrieving data from the device. Bluejacking is another popular exploit against Bluetooth devices and is the sending of unsolicited messages to Bluetooth devices. The other choices are not actual security terms.

Explanation

Bluesnarfing is the exploiting of Bluetooth devices and retrieving data from the device. Bluejacking is another popular exploit against Bluetooth devices and is the sending of unsolicited messages to Bluetooth devices. The other choices are not actual security terms.

CompTIA Security+ (Sy0-301) Practice Exam