SEC+ Study Guide C

100 Questions | Total Attempts: 71

SettingsSettingsSettings
Please wait...
Study Guide Quizzes & Trivia

201-300


Questions and Answers
  • 1. 
    QUESTION NO: 201 A user does not understand why the domain password policy is so stringent. Which of the following BEST demonstrates the security basis for the password policy?
    • A. 

      Explain how easy it is for a hacker to crack weak passwords.

    • B. 

      Show the user a domain overview, including a list of weak passwords

    • C. 

      Refer the user to a strong password demonstrator.

    • D. 

      Ask the user to review the corporate policies and procedures manual.

  • 2. 
    QUESTION NO: 202 A company needs to have multiple servers running low CPU utilization applications. Which of the following is the MOST cost efficient method for accomplishing this?
    • A. 

      Install multiple high end servers, sharing a clustered network operating system.

    • B. 

      Install a single low end server, running multiple virtual servers

    • C. 

      Install a single high end server, running multiple virtual servers.

    • D. 

      Install multiple low end servers, each running a network operating system.

  • 3. 
    QUESTION NO: 203 A programmer creates an application to accept data from a websitE. A user places more information than the program expects in the input field resulting in the back end database placing the extra information into the databasE. Which of the following is this an example of?
    • A. 

      Java input error

    • B. 

      Cross-site scripting

    • C. 

      Buffer overflow

    • D. 

      SQL injection

  • 4. 
    QUESTION NO: 204 Which of the following security threats is MOST commonly associated with a targeted distributed denial of service (DDoS)?
    • A. 

      Viruses

    • B. 

      Worms

    • C. 

      Botnets

    • D. 

      Trojans

  • 5. 
    QUESTION NO: 205 A developer added code to a financial system designed to transfer money to a foreign bank account on a specific time and date. The code would activate only if human resources processed the developers termination papers. The developer implemented which of the following security threats?
    • A. 

      Logic bomb

    • B. 

      Rootkit

    • C. 

      Botnet

    • D. 

      Privilege escalation

  • 6. 
    QUESTION NO: 206   A CEO is concerned about staff browsing inappropriate material on the Internet via HTTPS. It has been suggested that the company purchase a product which could decrypt the SSL session, scan the content and then repackage the SSL session without staff knowing. Which of the following type of attacks is similar to this product?
    • A. 

      Replay

    • B. 

      Spoofing

    • C. 

      TCP/IP hijacking

    • D. 

      Man-in-the-middle

  • 7. 
    QUESTION NO: 207 After a system risk assessment was performed it was found that the cost to mitigate the risk was higher than the expected loss if the risk was actualized. In this instance, which of the following is the BEST course of action?
    • A. 

      Accept the risk

    • B. 

      Mitigate the risk

    • C. 

      Reject the risk

    • D. 

      Run a new risk assessment

  • 8. 
    QUESTION NO: 208 A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protecteD. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If determining the risk, which of the following is the annual loss expectancy (ALE)?
    • A. 

      $2,700

    • B. 

      $4,500

    • C. 

      $5,000

    • D. 

      $7,290

  • 9. 
    QUESTION NO: 209 A technician is deciding between implementing a HIDS on the database server or implementing a NIDS. Which of the following are reasons why a NIDS may be better to implement? (Select TWO).
    • A. 

      Many HIDS require frequent patches and updates.

    • B. 

      Many HIDS are not able to detect network attacks.

    • C. 

      Many HIDS have a negative impact on systemperformance

    • D. 

      Many HIDS only offer a low level of detection granularity.

    • E. 

      Many HIDS are not good at detecting attacks on database servers.

  • 10. 
    QUESTION NO: 210 Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a laptop?
    • A. 

      Remote access user connecting via SSL VPN

    • B. 

      Office laptop connected to the enterprise LAN

    • C. 

      Remote access user connecting via corporate dial-in server

    • D. 

      Office laptop connected to a homeusers network

  • 11. 
    QUESTION NO: 211 Virtualized applications, such as virtualized browsers, are capable of protecting the underlying operating system from which of the following?
    • A. 

      Malware installation from suspects Internet sites

    • B. 

      Man-in-the-middle attacks

    • C. 

      Phishing and spam attacks

    • D. 

      DDoS attacks against the underlying OS

  • 12. 
    QUESTION NO: 212 A flat or simple role-based access control (RBAC) embodies which of the following principles?
    • A. 

      Users assigned to roles, permissions are assigned to groups, controls applied to groups and permissions acquired by controls

    • B. 

      Users assigned permissions, roles assigned to groups and users acquire additional permissions by being a member of a group

    • C. 

      Roles applied to groups, users assigned to groups and users acquire permissions by being a member of the group

    • D. 

      Users assigned to roles, permissions are assigned to roles and users acquire permissions by being a member of the role

  • 13. 
    QUESTION NO: 213 A number of unauthorized staff has been entering the data center by piggybacking authorized staff. The CIO has mandated that this behavior stops. Which of the following is the BEST technology to install at the data center to prevent piggybacking?
    • A. 

      Mantrap

    • B. 

      Security badges

    • C. 

      Hardware locks

    • D. 

      Token access

  • 14. 
    QUESTION NO: 214 Which of the following is a security threat that hides its processes and files from being easily detected?
    • A. 

      Trojan

    • B. 

      Adware

    • C. 

      Worm

    • D. 

      Rootkit

  • 15. 
    QUESTION NO: 215 Security templates are used for which of the following purposes? (Select TWO)
    • A. 

      To ensure that email is encrypted by users of PGP

    • B. 

      To ensure that PKI will work properly within thecompanys trust model

    • C. 

      To ensure that performance is standardized across all servers

    • D. 

      To ensure that all servers start from a common security configuration

    • E. 

      To ensure that servers are in compliance with the corporate security policy

  • 16. 
    QUESTION NO: 216 Frequent signature updates are required by which of the following security applications? (Select TWO).
    • A. 

      Antivirus

    • B. 

      PGP

    • C. 

      Firewall

    • D. 

      PKI

    • E. 

      IDS

  • 17. 
    QUESTION NO: 217 When choosing an antivirus product, which of the following are the MOST important security considerations? (Select TWO).
    • A. 

      The frequency of signature updates

    • B. 

      The ability to scan encrypted files

    • C. 

      The availability of application programming interface

    • D. 

      The number of emails that can be scanned

    • E. 

      The number of viruses the software can detect

  • 18. 
    QUESTION NO: 218 Three generally accepted activities of patch management are: determining which patches are needed, applying the patches and which of the following?
    • A. 

      Updating the firewall configuration to include the patches

    • B. 

      Running a NIDS report to list the remaining vulnerabilities

    • C. 

      Auditing for the successful application of the patches

    • D. 

      Backing up the patch file executables to a network share

  • 19. 
    QUESTION NO: 219 In which of the following situations would it be appropriate to install a hotfix?
    • A. 

      A patch in a service pack fixes the issue, but too many extra patches are included.

    • B. 

      A patch is not available and workarounds do not correct the problem

    • C. 

      A patch is available, but has not yet been tested in a production environment.

    • D. 

      A patch is too large to be distributed via a remote deployment tool.

  • 20. 
    QUESTION NO: 220 Social engineering, password cracking and vulnerability exploitation are examples of which of the following?
    • A. 

      Vulnerability assessment

    • B. 

      Fingerprinting

    • C. 

      Penetration testing

    • D. 

      Fuzzing

  • 21. 
    QUESTION NO: 221 If an administrator does not have a NIDS examining network traffic, which of the following could be used to identify an active attack?
    • A. 

      Protocol analyzer

    • B. 

      Penetration testing tool

    • C. 

      Networkmapper

    • D. 

      Vulnerability scanner

  • 22. 
    QUESTION NO: 222 Configuration baselines should be taken at which of the following stages in the deployment of a new system?
    • A. 

      Before initial configuration

    • B. 

      Before loading the OS

    • C. 

      After a user logs in

    • D. 

      After initial configuration

  • 23. 
    QUESTION NO: 223 Which of the following practices should be implemented to harden workstations and servers?
    • A. 

      Log on only as the administrator

    • B. 

      Install only needed software

    • C. 

      Check the logs regularly.

    • D. 

      Report all security incidents.

  • 24. 
    QUESTION NO: 224 Which of the following is a mechanism that prevents electromagnetic emanations from being captured?
    • A. 

      Install a repeater

    • B. 

      Uninterruptible power supply (UPS)

    • C. 

      Faraday cage

    • D. 

      Faraday cage

  • 25. 
    QUESTION NO: 225 Which of the following describes the difference between a secure cipher and a secure hash?
    • A. 

      A hash produces a variable output for any input size, a cipher does not.

    • B. 

      A cipher produces the same size output for any input size, a hash does not.

    • C. 

      A cipher can be reversed, a hash cannot.

    • D. 

      A hash can be reversed, a cipher cannot.

Back to Top Back to top