CompTIA Security+ (Sy0-301) Practice Exam

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Averywright
A
Averywright
Community Contributor
Quizzes Created: 1 | Total Attempts: 5,549
Questions: 94 | Attempts: 5,549

SettingsSettingsSettings
CompTIA Security+ (Sy0-301) Practice Exam - Quiz

When you have a computer on which you use sensitive information like bank details and passwords, you’re probably content in the knowledge that it’s being protected so long as you have decent internet security installed. Have you ever stopped to think about what processes go into ensuring computers are kept safe from malware and hacking? Take this quiz to learn all about it! Good luck!


Questions and Answers
  • 1. 

    What feature of a network switch allows the network administrator to capture network traffic when monitoring or troubleshooting the network?

    • A.

      Port security

    • B.

      VLAN

    • C.

      Collision domain

    • D.

      Port Mirroring

    Correct Answer
    D. Port Mirroring
    Explanation
    The port mirroring feature of a network switch is designed to send a copy of any data destined for a group of ports to a monitored port. The network administrator connects their monitoring station to the monitored port in order to monitor the network traffic.

    Rate this question:

  • 2. 

    Your manager has been reading about hackers capturing network traffic in a switched network environment and is wondering how it is possible that hackers can do this.  How can this be accomplished?  (Select all that apply.)

    • A.

      ARP Poisioning

    • B.

      Port mirroring

    • C.

      Port security

    • D.

      MAC flooding

    • E.

      VLANs

    Correct Answer(s)
    A. ARP Poisioning
    D. MAC flooding
    Explanation
    Hackers can use a few different techniques to bypass the filtering feature of a switch. The hacker can use ARP poisoning, which poisons the ARP cache on all systems, forcing them to send data to the hacker’s system. Another technique is MAC flooding, which involves the hacker sending bogus MAC addresses to the switch, which causes the switch to not trust the MAC address table. As a result the switch starts flooding all frames (sends the frames to every port) where the hacker is connected and running sniffer software.

    Rate this question:

  • 3. 

    Your company has a web application that seems to be running slowly.  Your manager is wondering what can be done to improve the performance.  How do you respond?

    • A.

      Install a proxy server

    • B.

      Install a load balancer

    • C.

      Configure the web site in a VLAN

    • D.

      Configure port security

    Correct Answer
    B. Install a load balancer
    Explanation
    A load balancer can be used to split the workload between multiple systems, in this case multiple web servers. Load balancing is a common solution for optimizing performance on web sites or even mail servers.

    Rate this question:

  • 4. 

    Which of the following devices could be used to limit which web sites users on the network can visit?

    • A.

      Router

    • B.

      Load balancer

    • C.

      Proxy server

    • D.

      CAT 5e

    Correct Answer
    C. Proxy server
    Explanation
    Proxy servers are used to control outbound Internet access by filtering web sites users can surf and applications they can use.

    Rate this question:

  • 5. 

    Which TCP/IP protocol is used to convert the IP address to a MAC address?

    • A.

      ARP

    • B.

      TCP

    • C.

      ICMP

    • D.

      UDP

    Correct Answer
    A. ARP
    Explanation
    The ARP protocol is responsible for converting the IP address to a MAC address.

    Rate this question:

  • 6. 

    What ICMP type is used to identify echo request messages?

    • A.

      0

    • B.

      4

    • C.

      8

    • D.

      9

    Correct Answer
    C. 8
    Explanation
    The ICMP type for echo request messages is ICMP type 8.

    Rate this question:

  • 7. 

    Which of the following identifies the stages of the three-way handshake?

    • A.

      ACK/SYN, ACK, SYN

    • B.

      SYN, ACK/SYN, ACK

    • C.

      ACK, SYN, ACK/SYN

    • D.

      SYN, ACK, ACK/SYN

    Correct Answer
    B. SYN, ACK/SYN, ACK
    Explanation
    The order of the packets for a three-way handshake is SYN, ACK/SYN, and then ACK.

    Rate this question:

  • 8. 

    Which of the following represents ports used by secure TCP applications? (Select all that apply.)

    • A.

      23

    • B.

      22

    • C.

      80

    • D.

      143

    • E.

      443

    Correct Answer(s)
    B. 22
    E. 443
    Explanation
    SSH, which is a secure protocol to replace Telnet, uses port 22, while HTTPS is a secure replacement for HTTP traffic and uses port 443.

    Rate this question:

  • 9. 

    You are the network administrator for a small company, and you wish to follow security best practices that relate to the switch.  Which of the following should you do? (Select all that apply.)

    • A.

      Disable unused ports

    • B.

      Enable all unused ports

    • C.

      Configure port security

    • D.

      Disable port security

    • E.

      Enable console password

    • F.

      Disable console password

    Correct Answer(s)
    A. Disable unused ports
    C. Configure port security
    E. Enable console password
    Explanation
    When securing devices such as a switch, ensure the administration port, such as a console port, has a password configured. Also disable any unused port and configure port security on the ports.

    Rate this question:

  • 10. 

    What popular feature of a switch allows you to create communication boundaries between systems connected to the switch?

    • A.

      ARP poisoning

    • B.

      Port mirroring

    • C.

      Port security

    • D.

      MAC flooding

    • E.

      VLANs

    Correct Answer
    E. VLANs
    Explanation
    When you place systems in a VLAN, by default they cannot communicate with systems outside the VLAN. You can have a router route the information from one VLAN to another.

    Rate this question:

  • 11. 

    As requested by your manager you purchase two servers to participate in a server cluster so that if one server fails, the other server will take over the workload.  Which of the following goals of security has been met?

    • A.

      Confidentiality

    • B.

      Accountability

    • C.

      Integrity

    • D.

      Availability

    Correct Answer
    D. Availability
    Explanation
    Availability is ensuring that the company asset, such as a server and its data, is available at all times. You can help offer availability by using RAID, server clusters, or performing regular backups.

    Rate this question:

  • 12. 

    You have protected the contents of a highly sensitive file by encrypting the data using Windows EFS. Which of the following goals of security has been satisfied?

    • A.

      Confidentiality

    • B.

      Accountability

    • C.

      Integrity

    • D.

      Availability

    Correct Answer
    A. Confidentiality
    Explanation
    Confidentiality involves ensuring untrusted parties cannot view sensitive information. You typically implement confidentiality by encrypting data and communications or by setting permissions on the resource.

    Rate this question:

  • 13. 

    You have managed the file permissions on a file so that unauthorized persons cannot make modifications to the file. What goal of security has been met?

    • A.

      Confidentiality

    • B.

      Accountability

    • C.

      Integrity

    • D.

      Availability

    Correct Answer
    C. Integrity
    Explanation
    Integrity deals with ensuring that the data has not been altered after being sent to the recipient or stored on the server. In this example, you have modified the permissions so that unauthorized changes to the file cannot be made, which is ensuring the integrity of the file.

    Rate this question:

  • 14. 

    You have configured your network so that each person on the network must provide a username and password to gain access. Presenting a username is an example of what?

    • A.

      Authentication

    • B.

      Identification

    • C.

      Authorization

    • D.

      Confidentiality

    Correct Answer
    B. Identification
    Explanation
    Presenting a username to the system is an example of how the user identifies themselves to the system.

    Rate this question:

  • 15. 

    You have configured the permissions on the accounting folder so that the Accounting group can create, modify, and delete content in the folder; the Managers group can read the contents of the folder; and all other users have been denied access. This is an example of which of the following?

    • A.

      Authentication

    • B.

      Identification

    • C.

      Authorization

    • D.

      Confidentiality

    Correct Answer
    C. Authorization
    Explanation
    Authorization typically involves configuring an access control list such as a permission list and specifying what level of access to a resource a user may have.

    Rate this question:

  • 16. 

    Which of the following are considered biometrics? (Select all that apply)

    • A.

      Username and password

    • B.

      Smartcard

    • C.

      PIN number

    • D.

      Fingerprint

    • E.

      Retina scan

    Correct Answer(s)
    D. Fingerprint
    E. Retina scan
    Explanation
    Biometrics is using a characteristic of yourself to authenticate to a system. Popular examples of biometrics are fingerprint reading, retina scanning, and voice recognition.

    Rate this question:

  • 17. 

    Before an individual is authorized to access resources on the network, they are first ________ with the network.

    • A.

      Authenticated

    • B.

      Identified

    • C.

      Authorized

    • D.

      Encrypted

    Correct Answer
    A. Authenticated
    Explanation
    Before authorization can occur each individual must first be authenticated to the system or network. Authentication is the proving of your identity by typically using a password (authentication) to go with the username (identification).

    Rate this question:

  • 18. 

    You have taken the time to create and implement security policies within your organization.  This is an example of which of the following?

    • A.

      Due diligence

    • B.

      Separation of duties

    • C.

      Least privilege

    • D.

      Due care

    Correct Answer
    D. Due care
    Explanation
    Due care is the act of doing the right thing. In this example, the action is the creation of
    the security policy that should exist in all organizations.

    Rate this question:

  • 19. 

    All accountants need to be able to modify the accounting data except for Bob. Due to Bob’s job requirements, you have ensured that Bob receives only the read permission to the accounting data. This is an example of which of the following?

    • A.

      Rotation of duties

    • B.

      Separation of duties

    • C.

      Least privilege

    • D.

      Due care

    Correct Answer
    C. Least privilege
    Explanation
    A very important principle of security is the concept of least privilege. Least privilege is
    the principle that you should always give only the minimum level of permissions or rights to an
    individual.

    Rate this question:

  • 20. 

    Which of the following represents the reasoning for implementing rotation of duties in your environment?

    • A.

      To limit fraudulent activities within the organization

    • B.

      To keep data private to the appropriate individuals

    • C.

      To make information available

    • D.

      To ensure the secrecy of the information

    Correct Answer
    A. To limit fraudulent activities within the organization
    Explanation
    Rotation of duties is designed to hold people responsible for their actions by having
    someone else take over the position at a later time. Someone holding this position will not be
    likely to perform fraudulent activities knowing that someone else will detect that activity once
    placed in the position.

    Rate this question:

  • 21. 

    Within most organizations the person who writes the check is not the person who signs the check. This is an example of which of the following?

    • A.

      Rotation of duties

    • B.

      Separation of duties

    • C.

      Least privilege

    • D.

      Due care

    Correct Answer
    B. Separation of duties
    Explanation
    Having the person that writes the check being different than the person who signs the
    check is an example of separation of duties.

    Rate this question:

  • 22. 

    After creating and implementing the company security policy, you verify that policies are being followed on a regular basis by performing regular audits. This is an example of which of the following?

    • A.

      Due diligence

    • B.

      Separation of duties

    • C.

      Least privilege

    • D.

      Due care

    Correct Answer
    A. Due diligence
    Explanation
    Due diligence is the assessing and verifying of actions and the assessing of risks to a
    company. In this example, you are verifying that the policy is being followed.

    Rate this question:

  • 23. 

    What type of hacker learns hacking techniques so that they can better defend against a malicious hacker?

    • A.

      Black-hat

    • B.

      Gray-hat

    • C.

      White-hat

    • D.

      Yellow-hat

    Correct Answer
    C. White-hat
    Explanation
    A white-hat hacker learns hacking techniques to learn how to defend against a
    malicious hacker.
    The other options are incorrect for the following reasons:
    A black-hat hacker is someone who hacks for financial gain
    or malicious reasons. A gray-hat hacker is someone who learns of a vulnerability and then
    publishes it to the world. There is no such thing as a yellow-hat hacker.

    Rate this question:

  • 24. 

    The entity that is responsible for deciding the level of protection that is placed on data and that is ultimately responsible for the security of that data is which of the following?

    • A.

      Custodian

    • B.

      Owner

    • C.

      User

    • D.

      Administrator

    Correct Answer
    B. Owner
    Explanation
    The owner decides on the value of the asset and what level of protection is needed. The
    owner is management within the organization, and they are ultimately responsible for securing
    the environment.

    Rate this question:

  • 25. 

    The entity that is responsible for implementing the appropriate security controls to protect an asset is which of the following?

    • A.

      Custodian

    • B.

      Owner

    • C.

      User

    • D.

      Administrator

    Correct Answer
    A. Custodian
    Explanation
    The custodian is responsible for implementing the controls to protect the asset and is
    your IT staff.

    Rate this question:

  • 26. 

    Which type of policy is not optional and must be adhered to?

    • A.

      Procedure

    • B.

      Standard

    • C.

      Guideline

    • D.

      Least privilege

    Correct Answer
    B. Standard
    Explanation
    A standard is the type of policy that must be followed.
    The other answers are incorrect for the following reasons:
    A procedure is a step-by-step document that demonstrates how
    to accomplish specific tasks. A guideline is a policy that makes a recommendation that does not
    need to be followed. Least privilege is incorrect because it is not a type of policy but a principle
    of security that involves ensuring that you always give the lowest privileges or permissions
    needed to accomplish a goal.

    Rate this question:

  • 27. 

    Which of the following are considered PII-related information that must be secured at all times?  (Choose all that apply)

    • A.

      Postal code

    • B.

      Driver’s license

    • C.

      City name

    • D.

      Social Security number

    • E.

      Street name

    Correct Answer(s)
    B. Driver’s license
    D. Social Security number
    Explanation
    Personal Identifiable Information (PII) is unique information about a person that
    should be protected at all times and kept confidential.

    Rate this question:

  • 28. 

    What is the first step in creating a security policy?

    • A.

      Obtain management approval and support.

    • B.

      Create the AUP.

    • C.

      Download sample templates.

    • D.

      Review job roles.

    Correct Answer
    A. Obtain management approval and support.
    Explanation
    The first step to creating a security policy is to get approval and support from upper-level
    management. Although downloading sample templates may be a great idea to
    help you create the policies, it is not the first thing that needs to be done. Creating the AUP
    and reviewing job roles are also not correct answers because you always need to obtain support
    from management first when dealing with policies.

    Rate this question:

  • 29. 

    One of the network administrators in the office has been monitoring the proxy server logs and notices that Bob has visited some inappropriate web sites. What policy is this in violation of?

    • A.

      Firewall policy

    • B.

      Proxy server policy

    • C.

      AUP

    • D.

      Hiring policy

    Correct Answer
    C. AUP
    Explanation
    The acceptable use policy (AUP) contains the rules for proper computer, Internet,
    e-mail, and device usage within the company. The firewall policy contains rules for what type of traffic is allowed to
    pass through firewalls, and the proxy server policy is similar to the firewall policy and is
    designed to control what traffic is allowed to go inside and outside the network. The hiring
    policy contains rules surrounding the process for HR to follow when hiring a new employee.

    Rate this question:

  • 30. 

    The technical team is putting together the firewall solution and needs to know what type of traffic is to pass through the firewall. What policy can the technical team use to find out what traffic is to pass through the firewall?

    • A.

      AUP

    • B.

      Hiring policy

    • C.

      VPN policy

    • D.

      Firewall policy

    Correct Answer
    D. Firewall policy
    Explanation
    The firewall policy contains the detailed information needed to know what the company’s approved firewall configuration is. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company. The hiring policy contains rules surrounding the process for HR to follow when hiring a new employee. The VPN policy
    contains details on the approved VPN solution and what the requirements are for employees to
    be able to VPN into the network from a remote location.

    Rate this question:

  • 31. 

    The network administrator is configuring the network and wants to put restrictions on user passwords such as the length of the password, password complexity, and password history.  Where can the administrator find out what the values of those settings should be set to?

    • A.

      VPN policy

    • B.

      Password policy

    • C.

      AUP

    • D.

      Secure disposal of computers

    Correct Answer
    B. Password policy
    Explanation
    The password policy contains the password requirements that need to be enforced on the network servers. The VPN policy contains details on the approved VPN solution and what the requirements are for employees to be able to VPN into the network from a remote location. The acceptable use policy (AUP) contains the rules for proper computer, Internet e-mail, and device usage within the company. The secure disposal of computers policy contains the rules governing how to get rid of old computers and equipment and requires that all confidential data is securely removed from the device or computer.

    Rate this question:

  • 32. 

    Doug is the network administrator for a law firm and has just purchased 20 new systems for the employees.  Doug has collected all of the old computers from the employees and has searched through the hard drives and deleted any DOC and XLS files before handing the computers over to the local school. What policy may Doug be in violation of?

    • A.

      AUP

    • B.

      Password policy

    • C.

      Virus protection policy

    • D.

      Secure disposal of computers

    Correct Answer
    D. Secure disposal of computers
    Explanation
    The secure disposal of computers policy contains the rules surrounding what to do with equipment that is no longer needed in the company. The policy should state that all hard drives have to be physically destroyed before passing the computers on, so that you can ensure that no confidential data can be retrieved from the system.

    Rate this question:

  • 33. 

    Data classification labels are applied to ______, while clearance levels are applied to ______.

    • A.

      Employees, information

    • B.

      Management, employees

    • C.

      Information, employees

    • D.

      Employees, management

    Correct Answer
    C. Information, employees
    Explanation
    Information within the company is assigned a data classification label, while the employees are then given a clearance level. For example, a document may be assigned the top secret classification label so that for an employee to gain access to the information, they must have the top secret clearance level.

    Rate this question:

  • 34. 

    Bob requires the capabilities to change the system time on the computers, but instead of adding Bob to the Administrators group (who can change the time on the computer), you grant Bob the Change System Time right. This is an example of following which security principle?

    • A.

      Least privilege

    • B.

      Job rotation

    • C.

      Separation of duties

    • D.

      AUP

    Correct Answer
    A. Least privilege
    Explanation
    The concept of least privilege is to ensure you give only the minimal permissions or rights needed to perform a task. Job rotation is a security principle that requires employees to rotate through job positions on a regular basis in order to detect any improper activities. Separation of duties is a security principle that involves dividing a job into multiple tasks with each task being performed by a different employee. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company.

    Rate this question:

  • 35. 

    Which of the following is a good reason to ensure all employees take vacation time each year?

    • A.

      To keep the employee refreshed and energized

    • B.

      To hold employees accountable for any suspicious activity

    • C.

      To keep the employee happy

    • D.

      To raise company morale

    Correct Answer
    B. To hold employees accountable for any suspicious activity
    Explanation
    The security reason to implement mandatory vacation is so that while they are on vacation, you can hopefully detect improper activity performed by an employee. If the employee is always around, they will continue to avoid detection of their activity.

    Rate this question:

  • 36. 

    Management is concerned that an employee may be able to hide fraudulent activity for long durations while working for the company. What would you recommend to help detect an improper activity performed by employees?

    • A.

      Least privilege

    • B.

      AUP

    • C.

      Disabling the employee’s user accounts and access cards

    • D.

      Job rotation

    Correct Answer
    D. Job rotation
    Explanation
    Implementing the security principle known as job rotation is a great way to detect fraudulent activities performed by employees. The concept of least privilege is to ensure you give only the minimal permissions or rights needed to perform a task. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company. Disabling the user account and access cards will not help you detect fraudulent activity—you need someone to take over the job role for a while in hopes they will discover improper activity by the previous employee.

    Rate this question:

  • 37. 

    Management has come to you to let you know that John, a longtime employee of the company, has been stealing money from the company.  Management and HR are headed into a meeting with John to let him know he is no longer needed. What should you do while they are in the meeting?

    • A.

      Review logs

    • B.

      See if anyone wants his office space

    • C.

      Disable the employee’s user accounts and access cards

    • D.

      Format the drive on his workstation

    Correct Answer
    C. Disable the employee’s user accounts and access cards
    Explanation
    You will want to verify with management before they head into the meeting what your responsibilities are, and they will typically inform you of what corporate policy is surrounding the termination of employment, but typically you want to disable the account while notice is given to the employee so that when the employee comes out of the meeting, they cannot access company assets and do any damage.

    Rate this question:

  • 38. 

    Sue comes to you asking if it is okay if she downloads movies to her company laptop with a P2P program so that she can watch the movies while she is away on business. Which of the following is the best response?

    • A.

      Educate Sue on the fact that those programs are popular ways to spread viruses, so no, the company does not allow P2P software on its systems.

    • B.

      Tell her no.

    • C.

      Tell her yes as long as she does not watch the movies during work hours.

    • D.

      Tell her yes as long as she places the downloaded movies on the server so that you can virus scan them.

    Correct Answer
    A. Educate Sue on the fact that those programs are popular ways to spread viruses, so no, the company does not allow P2P software on its systems.
    Explanation
    The key point here is to educate the user on company policy regarding the use of P2P software with company assets. Explain to the user the risks associated with downloading content from untrusted sources, and explain that P2P software is where a lot of viruses come from.

    Rate this question:

  • 39. 

    What is the term used for when someone slips through an open door behind you after you have unlocked the door?

    • A.

      Horseback riding

    • B.

      Worming

    • C.

      Tailgating

    • D.

      Gliding

    Correct Answer
    C. Tailgating
    Explanation
    Tailgating or piggybacking is the term we use in the security field for someone who enters a locked door behind you after it is opened by an authorized person. Be sure to educate employees on tailgating!

    Rate this question:

  • 40. 

    You are talking with management about ways to limit security threats such as tailgating within the company. Management has said there is no money to spend on controls such as mantraps—what can you do to reduce the risk of tailgating?

    • A.

      Purchase an additional lock.

    • B.

      Training and awareness.

    • C.

      Purchase a revolving door.

    • D.

      Purchase a mantrap.

    Correct Answer
    B. Training and awareness.
    Explanation
    One of the ways to control tailgating in highly secure environments is to use a mantrap—an area between two locked doors where one door does not open until the first door is closed. Solutions such as mantraps or revolving doors are great solutions but they cost money. A cheap solution in low secure environments is to educate the employees on tailgating and to not open the door if someone is hanging around the entrance.

    Rate this question:

  • 41. 

    Your manager has called you into the office and has expressed concerns about a number of news reports on social engineering attacks. Your manager would like to know what can be done to protect the company against social engineering attacks.  What would you recommend to your manager?

    • A.

      Use a firewall.

    • B.

      User awareness and training.

    • C.

      Install antivirus software.

    • D.

      Implement physical security.

    Correct Answer
    B. User awareness and training.
    Explanation
    User awareness and training is the only way to protect against social engineering attacks. Technology solutions such as firewalls, antivirus software, and physical security will always help a little, but to truly protect against social engineering attacks, you need to educate the users so they are aware of security best practices.

    Rate this question:

  • 42. 

    Which of the following controls will help protect against tailgating?

    • A.

      Locked doors

    • B.

      Electronic keypads

    • C.

      Swipe cards

    • D.

      Mantrap

    Correct Answer
    D. Mantrap
    Explanation
    A mantrap is an area between two locked doors. The second door cannot be opened until the first door is locked, which helps employees entering the facility notice anyone who may try to enter along with them.

    Rate this question:

  • 43. 

    What is the term used for a phishing attack that is targeted toward a specific person such as the executive of a company?

    • A.

      Whaling

    • B.

      Phishing

    • C.

      Pharming

    • D.

      Spim

    Correct Answer
    A. Whaling
    Explanation
    Whaling is the term for targeting the phishing attack to “the big fish” in the company. With a whaling attack the e-mail message is typically personalized by using the name of that individual. Phishing is sending a generic e-mail to a mass group of people in hopes that someone clicks the link that goes to the fake web site. Pharming is modifying DNS or the hosts file to lead people to the wrong site. Spim is spamming (sending unsolicited e-mails) through instant messenger applications.

    Rate this question:

  • 44. 

    What type of attack results in the victim’s system not being able to perform its job function?

    • A.

      Man-in-the-middle

    • B.

      Spoofing

    • C.

      Denial of service

    • D.

      Port scanning

    Correct Answer
    C. Denial of service
    Explanation
    A denial of service attack involves the hacker causing a system to not perform its job role by overburdening the system with traffic. The DoS attack could cause the system to crash or slow the system down.

    Rate this question:

  • 45. 

    The hacker has managed to poison everyone’s ARP cache so that all traffic to the Internet is being sent to the hacker’s system before they route it out to the Internet. What type of attack is this?

    • A.

      DDoS

    • B.

      DoS

    • C.

      Phishing

    • D.

      MiTM

    Correct Answer
    D. MiTM
    Explanation
    When the hacker positions himself between two systems and is receiving a copy of all traffic before passing it on to the real destination, this is a man-in-the-middle (MiTM) attack.

    Rate this question:

  • 46. 

    What file can the hacker modify after compromising your system that could lead you to the wrong web site?

    • A.

      Sam

    • B.

      Hosts

    • C.

      Lmhosts

    • D.

      Services

    Correct Answer
    B. Hosts
    Explanation
    The hosts file on a system is used to resolve domain names to IP addresses and can be used by the hacker to lead you to the wrong web site if the hacker gains access to this file.

    Rate this question:

  • 47. 

    What type of attack is a smurf attack?

    • A.

      DDoS

    • B.

      DoS

    • C.

      DNS poison

    • D.

      MiTM

    Correct Answer
    A. DDoS
    Explanation
    A smurf attack is an example of a DDoS attack. It involves the hacker spoofing the IP address so that ping messages appear to come from the victim. When all of the systems that were pinged reply to the ping message, they overburden the victim’s system.

    Rate this question:

  • 48. 

    John has been studying hacking techniques used by hackers and decides to send a packet to your system, but ensures that he alters the source IP address of the packet so it looks like it came from someone else. What type of attack is this?

    • A.

      Phishing

    • B.

      Pharming

    • C.

      Spim

    • D.

      Spoofing

    Correct Answer
    D. Spoofing
    Explanation
    Spoofing is when someone alters the source address of a message. IP spoofing is the altering of the source IP address, MAC spoofing is when the hacker alters the source MAC address, and e-mail spoofing is when the hacker alters the source e-mail address of a message.

    Rate this question:

  • 49. 

    Your manager has been reading a lot about popular password attacks such as dictionary attacks and brute-force attacks. Your manager is worried that your company is susceptible to such attacks.  Which of the following controls will help protect against a brute-force attack?

    • A.

      Password complexity

    • B.

      Account lockout

    • C.

      Network firewall

    • D.

      Intrusion detection system

    Correct Answer
    B. Account lockout
    Explanation
    To protect against a brute-force attack, you need to take the time away from the hacker. Implementing an account lockout policy takes time away from the hacker so that they can try logging only a few times before the account is locked and unusable.

    Rate this question:

  • 50. 

    Which of the following methods is a popular method to protect against dictionary attacks?

    • A.

      Password complexity

    • B.

      Account lockout

    • C.

      Network firewall

    • D.

      Intrusion detection system

    Correct Answer
    A. Password complexity
    Explanation
    Implementing password complexity is a way to countermeasure dictionary attacks on the network. Implementing an account lockout policy is a potential way to protect against a dictionary attack, but for certification exams we associate account lockout as a method of protecting against brute-force attacks. A network firewall will not protect you from internal password attacks, and an intrusion detection system may notify you of the suspicious traffic, but will not protect against the password attack.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Jun 10, 2024
    Quiz Edited by
    ProProfs Editorial Team
  • Dec 10, 2012
    Quiz Created by
    Averywright
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.