"Passed on the first try! I loved that the questions are updated as new exams are released, in order to keep up the most recent content being covered in the test. The date at the top of each page shows how current the material was, which was nice to see. "
"At first glance I thought this site is just like the other 99% websites in this industry, but boy I was wrong...its funny that two weeks before the exam I knew nothing about SY0-401, but with this amazing site I managed to study very quickly and pass the exam easily without spending tons of money and time on preparing for the exam."
"As a professional in my field for over 8 years I could tell that not only were these questions real, but that an expert had been involved in designing and reviewing the questions for the CompTIA Security+ Certification SY0-401 exam. "
Are you looking for real exams dumps for the SY0-401 CompTIA Security+ Certification exam? ITExamLabs.com is dedicated to provide real and updated exam questions and answers, FREE of cost.
The best way to prepare for SY0-401 exam is not reading a text book, but taking SY0-401 vce exam and understanding the correct answers. Practice questions help prepare students for not only the concepts, but also the manner in which questions and answer options are presented during the real exam.
ITExamLabs.com provides not only actual CompTIA SY0-401 practice test, but also detailed answers, explanations and diagrams. Having authentic and current exam questions, will you pass your test on the first try!
P.S. High quality SY0-401 vce are available on Google Drive, GET MORE: https://drive.google.com/open?id=1CtCHpKjwDjtpc6kyJ3kqeuSfo4sAV0NUNew CompTIA SY0-401 Exam Dumps Collection (Question 8 - Question 17)Q8. Ann, a college professor, was recently reprimanded for posting disparaging remarks re- grading her coworkers on a web site. Ann stated that she was not aware that the public was able to view her remakes. Which of…
P.S. Top Quality SY0-401 braindump are available on Google Drive, GET MORE: https://drive.google.com/open?id=1N2JV2ly-9-PEd0mezD-TcYgNvU4Ui_AYNew CompTIA SY0-401 Exam Dumps Collection (Question 4 - Question 13)Question No: 4An incident occurred when an outside attacker was able to gain access to network resources. During the incident response, investigation security logs indicated multiple failed login attempts for a network administrator. Which of the following controls,…
P.S. Validated SY0-401 questions are available on Google Drive, GET MORE: https://drive.google.com/open?id=1siHiDBDsDihbfL-IfduKM7eRtxwHmXbWNew CompTIA SY0-401 Exam Dumps Collection (Question 10 - Question 19)New Questions 10During a company-wide initiative to harden network security, it is discovered that end users who have laptops cannot be removed from the local administrator group. Which of the following could be used to help mitigate the risk…
P.S. Simulation SY0-401 questions pool are available on Google Drive, GET MORE: https://drive.google.com/open?id=10Grd4joP_C3gaafXQ8810_4XmbA0uEwCNew CompTIA SY0-401 Exam Dumps Collection (Question 10 - Question 19)Q1. The security administrator notices a user logging into a corporate Unix server remotely as root. Which of the following actions should the administrator take?A. Create a firewall rule to block SSHB. Delete the root accountC. Disable remote…
Q1. Which of the following is a BEST practice when dealing with user accounts that will only need to be active for a limited time period? A. When creating the account, set the account to not remember password history. B. When creating the account, set an expiration date on the account. C. When creating the account, set a password expiration date on the…
Q1. A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application’s task. Which of the following…
Q1. Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system? A. Input validation B. Network intrusion detection system C. Anomaly-based HIDS D. Peer review View AnswerAnswer: A Explanation: Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application…
Q1. During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server? A. SPIM B. Backdoor C. Logic bomb D. Rootkit View AnswerAnswer: D Explanation: A rootkit…
Q1. To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation? A. Management B. Administrative C. Technical D. Operational View AnswerAnswer: C Explanation: controls such as preventing unauthorized access to PC’s and applying screensavers that lock the PC after five minutes of inactivity is…
Q1. Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server? A. SSLv2 B. SSHv1 C. RSA D. TLS View AnswerAnswer: D Explanation: HTTP Secure HTTP Secure (HTTPS) is the protocol used for “secure” web pages that users should see when they must enter personal information such as credit card numbers, passwords, and other identifiers.…
Q1. Encryption used by RADIUS is BEST described as: A. Quantum B. Elliptical curve C. Asymmetric D. Symmetric View AnswerAnswer: D Explanation: The RADIUS server uses a symmetric encryption method. Note: Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. Q2. The security officer is preparing a read-only USB stick with a…
Q1. A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing? A. Single sign-on B. Authorization C. Access control D. Authentication View AnswerAnswer:…
Q1. Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO). A. Acceptable use policy B. Risk acceptance policy C. Privacy policy D. Email policy E. Security policy View AnswerAnswer: A,C Explanation: Privacy policies define what controls are required to implement and maintain the…
Q1. An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network? A. Configure each port on the switches…
Q1. A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this? A. Command shell restrictions B. Restricted interface C. Warning banners D. Session output pipe to /dev/null View AnswerAnswer:…
Q1. A security administrator has been tasked with setting up a new internal wireless network that must use end to end TLS. Which of the following may be used to meet this objective? A. WPA B. HTTPS C. WEP D. WPA 2 View AnswerAnswer: D Explanation: Wi-Fi Protected Access 2 (WPA2) was intended to provide security that’s equivalent to that on a wired network, and it implements…
Q1. A security administrator wants to test the reliability of an application which accepts user provided parameters. The administrator is concerned with data integrity and availability. Which of the following should be implemented to accomplish this task? A. Secure coding B. Fuzzing C. Exception handling D. Input validation View AnswerAnswer: B Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to…
Q1. A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique? A. Disabling unnecessary accounts B. Rogue machine detection C. Encrypting sensitive files D. Implementing antivirus View AnswerAnswer: B Explanation: Rogue machine detection is the process of detecting devices on the network that should not be…
Q1. A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario? A. WPA2 B. WPA C. IPv6 D. IPv4 View AnswerAnswer: C Explanation: IPSec security is built into IPv6. Q2. To ensure proper evidence collection, which of the following steps…
Q1. An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default? A. RADIUS B. Kerberos C. TACACS+ D. LDAP View AnswerAnswer: D Explanation: LDAP makes use of port 389. Q2. A set of standardized system images with…
Q1. Which of the following malware types may require user interaction, does not hide itself, and is commonly identified by marketing pop-ups based on browsing habits? A. Botnet B. Rootkit C. Adware D. Virus View AnswerAnswer: C Explanation: Adware is free software that is supported by advertisements. Common adware programs are toolbars, games and utilities. They are free to use, but require you to watch advertisements as…
Q1. Joe, the systems administrator, is setting up a wireless network for his team’s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this? A. Disable default SSID broadcasting. B. Use WPA instead of WEP encryption. C. Lower the access point’s power settings. D. Implement MAC filtering on the access point. View AnswerAnswer: D Explanation: If MAC filtering…
Q1. A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network. Which of the following should the administrator implement? A. WPA2 over EAP-TTLS B. WPA-PSK C. WPA2 with WPS D. WEP over EAP-PEAP View AnswerAnswer: D Explanation: D: Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that…
Q1. Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash? A. Input validation B. Exception handling C. Application hardening D. Fuzzing View AnswerAnswer: D Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation,…
Q1. After Ann, a user, logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. Which of the following is being described? A. Trusted OS B. Mandatory access control C. Separation of duties D. Single sign-on View AnswerAnswer: D Explanation: Single sign-on means that once a user (or other subject) is authenticated into a realm, re-authentication is…
Q1. Establishing a published chart of roles, responsibilities, and chain of command to be used during a disaster is an example of which of the following? A. Fault tolerance B. Succession planning C. Business continuity testing D. Recovery point objectives View AnswerAnswer: B Explanation: Succession planning outlines those internal to the organization that has the ability to step into positions when they open. By identifying key roles…
Q1. Which of the following offerings typically allows the customer to apply operating system patches? A. Software as a service B. Public Clouds C. Cloud Based Storage D. Infrastructure as a service View AnswerAnswer: D Explanation: Cloud users install operating-system images and their application software on the cloud infrastructure to deploy their applications. In this model, the cloud user patches and maintains the operating systems and the…
Q1. Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability? A. Twofish B. Diffie-Hellman C. ECC D. RSA View AnswerAnswer: C Explanation: Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of…
Q1. Which of the following protocols is MOST likely to be leveraged by users who need additional information about another user? A. LDAP B. RADIUS C. Kerberos D. TACACS+ View AnswerAnswer: A Explanation: Q2. A security administrator is tackling issues related to authenticating users at a remote site. There have been a large number of security incidents that resulted from either tailgating or impersonation of authorized users…
Q1. A Windows-based computer is infected with malware and is running too slowly to boot and run a malware scanner. Which of the following is the BEST way to run the malware scanner? A. Kill all system processes B. Enable the firewall C. Boot from CD/USB D. Disable the network connection View AnswerAnswer: C Explanation: Q2. Data execution prevention is a feature in most operating systems intended…
Q1. Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk drives on all servers are fully encrypted. Communication between the application server and end-users is also encrypted. Network ACLs prevent any connections to the database server except from the application server. Which of the following can still result in…
Q1. After reviewing the firewall logs of her organization’s wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue? A. Reduce the power level…
Q1. Which of the following types of encryption will help in protecting files on a PED? A. Mobile device encryption B. Transport layer encryption C. Encrypted hidden container D. Database encryption View AnswerAnswer: A Explanation: Device encryption encrypts the data on a Personal Electronic Device (PED). This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. Q2.…
Q1. A company provides secure wireless Internet access for visitors and vendors working onsite. Some of the vendors using older technology report that they are unable to access the wireless network after entering the correct network information. Which of the following is the MOST likely reason for this issue? A. The SSID broadcast is disabled. B. The company is using the wrong…
Q1. Which of the following describes the purpose of an MOU? A. Define interoperability requirements B. Define data backup process C. Define onboard/offboard procedure D. Define responsibilities of each party View AnswerAnswer: D Explanation: MOU or Memorandum of Understanding is a document outlining which party is responsible for what portion of the work. Q2. Joe, a newly hired employee, has a corporate workstation that has been compromised due…
Q1. After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue? A. Host based firewall B. Initial baseline configurations C. Discretionary access control D. Patch management system View AnswerAnswer: D Explanation: A patch is an update to a system. Sometimes a patch adds new functionality; in other cases,…
Q1. Which of the following protocols allows for secure transfer of files? (Select TWO). A. ICMP B. SNMP C. SFTP D. SCP E. TFTP View AnswerAnswer: C,D Explanation: Standard FTP is a protocol often used to move files between one system and another either over the Internet or within private networks. SFTP is a secured alternative to standard FTP. Secure Copy Protocol (SCP) is a secure file-transfer facility…
Q1. A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered? A. Symmetric encryption B. Non-repudiation C. Steganography D. Hashing View AnswerAnswer: C Explanation: Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography…
Q1. Which of the following BEST describes the type of attack that is occurring? A. Smurf Attack B. Man in the middle C. Backdoor D. Replay E. Spear Phishing F. Xmas Attack G. Blue Jacking H. Ping of Death View AnswerAnswer: A Explanation: The exhibit shows that all the computers on the network are being ‘pinged’. This indicates that the ping request was sent to the network broadcast address. We can…
Q1. Ann has taken over as the new head of the IT department. One of her first assignments was to implement AAA in preparation for the company’s new telecommuting policy. When she takes inventory of the organizations existing network infrastructure, she makes note that it is a mix of several different vendors. Ann knows she needs a method of secure…
Q1. The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to: (Select TWO). A. Permit redirection to Internet-facing web URLs. B. Ensure all HTML tags are enclosed in angle brackets, e.g., ””. C. Validate and filter input on the server side and client side. D. Use a web proxy to pass…
Q1. A technician is investigating intermittent switch degradation. The issue only seems to occur when the building’s roof air conditioning system runs. Which of the following would reduce the connectivity issues? A. Adding a heat deflector B. Redundant HVAC systems C. Shielding D. Add a wireless network View AnswerAnswer: C Explanation: EMI can cause circuit overload, spikes, or even electrical component failure. In the question it is…
Q1. A security administrator discovers an image file that has several plain text documents hidden in the file. Which of the following security goals is met by camouflaging data inside of other files? A. Integrity B. Confidentiality C. Steganography D. Availability View AnswerAnswer: C Explanation: Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage…
Q1. Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL? PERMIT TCP ANY HOST 192.168.0.10 EQ 80 PERMIT TCP ANY HOST 192.168.0.10 EQ 443 A. It implements stateful packet filtering. B. It implements bottom-up processing. C. It failed closed. D. It implements an implicit deny. View…
Q1. A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO’s requirements? A. Username and password B. Retina scan and fingerprint scan C. USB token and PIN D. Proximity badge and token View AnswerAnswer: C Explanation: Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication…
Q1. Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation? A. Implement WPA B. Disable SSID C. Adjust antenna placement D. Implement WEP View AnswerAnswer: A Explanation: Of the options supplied, WiFi Protected Access (WPA) is the most secure and is the replacement for WEP. Q2. An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate *.comptia.com, and now…
Q1. During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts. Which of the following should be performed? A. Account recovery B. Account disablement C. Account lockouts D. Account expiration View AnswerAnswer: B Explanation: Account Disablement should be implemented when a user will be gone from a company whether they leave…
Q1. A database administrator would like to start encrypting database exports stored on the SAN, but the storage administrator warns that this may drastically increase the amount of disk space used by the exports. Which of the following explains the reason for the increase in disk space usage? A. Deduplication is not compatible with encryption B. The exports are being stored on…
Q1. Which of the following would be used as a secure substitute for Telnet? A. SSH B. SFTP C. SSL D. HTTPS View AnswerAnswer: A Explanation: Secure Shell (SSH) is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems. SSH also provides alternative, security-equivalent programs for such Unix standards as Telnet, FTP, and many other communications-oriented applications.…
Q1. A security administrator wants to deploy a physical security control to limit an individual’s access into a sensitive area. Which of the following should be implemented? A. Guards B. CCTV C. Bollards D. Spike strip View AnswerAnswer: A Explanation: A guard can be intimidating and respond to a situation and in a case where you want to limit an individual’s access to a sensitive area a…
Q1. Ann, the system administrator, is installing an extremely critical system that can support ZERO downtime. Which of the following BEST describes the type of system Ann is installing? A. High availability B. Clustered C. RAID D. Load balanced View AnswerAnswer: A Explanation: Q2. Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented? A. Least privilege B.…
Q1. RC4 is a strong encryption protocol that is generally used with which of the following? A. WPA2 CCMP B. PEAP C. WEP D. EAP-TLS View AnswerAnswer: C Explanation: Q2. Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites? A. Spam filter B. URL filter C. Content inspection D. Malware inspection View AnswerAnswer: B Explanation: The question asks…
Q1. A database administrator receives a call on an outside telephone line from a person who states that they work for a well-known database vendor. The caller states there have been problems applying the newly released vulnerability patch for their database system, and asks what version is being used so that they can assist. Which of the following is the…
Q1. A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access. Which of the following is the BEST approach to implement this process? A. Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site. B. Require the customer to physically…
Q1. An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*)) Which of the following types of attacks was attempted? A. SQL injection B. Cross-site scripting C. Command injection D. LDAP injection View AnswerAnswer: D Explanation: LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to…
Q1. Which of the following functions provides an output which cannot be reversed and converts data into a string of characters? A. Hashing B. Stream ciphers C. Steganography D. Block ciphers View AnswerAnswer: A Explanation: Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables one of its characteristics is that it must be one-way – it is…
Q1. Which of the following would allow the organization to divide a Class C IP address range into several ranges? A. DMZ B. Virtual LANs C. NAT D. Subnetting View AnswerAnswer: D Explanation: Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections. Q2. A user commuting to work via public transport received an offensive image on their smart phone from…
Q1. A company uses PGP to ensure that sensitive email is protected. Which of the following types of cryptography is being used here for the key exchange? A. Symmetric B. Session-based C. Hashing D. Asymmetric View AnswerAnswer: A Explanation: PGP combines symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once…
Q1. A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique? A. Disabling unnecessary accounts B. Rogue machine detection C. Encrypting sensitive files D. Implementing antivirus View AnswerAnswer: B Explanation: Rogue machine detection is the process of detecting devices on the network that should not be…
Q1. The practice of marking open wireless access points is called which of the following? A. War dialing B. War chalking C. War driving D. Evil twin View AnswerAnswer: B Explanation: War chalking is the act of making chalk marks on outdoor surfaces (walls, sidewalks, buildings, sign posts, trees) to indicate the existence of an open wireless network connection, usually offering an Internet connection so that others…
Q1. An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST for this situation? A. Dipole B. Yagi C. Sector D. Omni View AnswerAnswer: B Explanation: A Yagi-Uda antenna, commonly known simply as a Yagi antenna, is a directional antenna…
Q1. A computer supply company is located in a building with three wireless networks. The system security team implemented a quarterly security scan and saw the following. SSIDStateChannelLevel Computer AreUs1connected170dbm Computer AreUs2connected580dbm Computer AreUs3connected375dbm Computer AreUs4connected695dbm Which of the following is this an example of? A. Rogue access point B. Near field communication C. Jamming D. Packet sniffing View AnswerAnswer: A Explanation: The question states that the building has three wireless networks. However,…
Q1. Which of the following tools will allow a technician to detect security-related TCP connection anomalies? A. Logical token B. Performance monitor C. Public key infrastructure D. Trusted platform module View AnswerAnswer: B Explanation: Performance Monitor in a Windows system can monitor many different ‘counters’. For TCP network connections, you can monitor specific TCP related counters including the following: Connection Failures Connections Active Connections Established Connections Passive…
Q1. Which device monitors network traffic in a passive manner? A. Sniffer B. IDS C. Firewall D. Web browser View AnswerAnswer: A Explanation: A sniffer is another name for a protocol analyzer. A protocol analyzer performs its function in a passive manner. In other words, computers on the network do not know that their data packets have been captured. A Protocol Analyzer is a hardware device or more commonly a…
Q1. Which of the following would a security administrator implement in order to identify a problem between two systems that are not communicating properly? A. Protocol analyzer B. Baseline report C. Risk assessment D. Vulnerability scan View AnswerAnswer: A Explanation: A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing and analyzing…
Q1. Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)? A. Hashing B. Transport encryption C. Digital signatures D. Steganography View AnswerAnswer: D Explanation: Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography alone is that the intended secret message does…
Q1. Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties? A. LDAP B. SAML C. TACACS+ D. Kerberos View AnswerAnswer: B Explanation: Security Assertion Markup Language (SAML) is an open-standard data format centred on XML. It is used for supporting the exchange of authentication and authorization details between systems, services, and devices. Q2. After a…
Q1. In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization? A. Supervisor B. Administrator C. Root D. Director View AnswerAnswer: B Explanation: The administrator is the person responsible for setting the security policy for an organization and is responsible for making decisions about the deployment and configuration of the IDS. Q2. A financial company requires a new private network link…
Q1. Which of the following MUST Matt, a security administrator, implement to verify both the integrity and authenticity of a message while requiring a shared secret? A. RIPEMD B. MD5 C. SHA D. HMAC View AnswerAnswer: D Explanation: HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a symmetric key. The hashing function provides data integrity, while the symmetric key provides authenticity. Q2. A security administrator…
Q1. A security administrator wants to deploy security controls to mitigate the threat of company employees’ personal information being captured online. Which of the following would BEST serve this purpose? A. Anti-spyware B. Antivirus C. Host-based firewall D. Web content filter View AnswerAnswer: A Explanation: Spyware monitors a user’s activity and uses network protocols to reports it to a third party without the user’s knowledge. This is…
Q1. A security technician wishes to gather and analyze all Web traffic during a particular time period. Which of the following represents the BEST approach to gathering the required data? A. Configure a VPN concentrator to log all traffic destined for ports 80 and 443. B. Configure a proxy server to log all traffic destined for ports 80 and 443. C. Configure a switch…
Q1. Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE). A. RC4 B. 3DES C. AES D. MD5 E. PGP F. Blowfish View AnswerAnswer: B,C,F Explanation: B: Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. C: Advanced Encryption…
Q1. A security architect wishes to implement a wireless network with connectivity to the company’s internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation? A. Disabling…
Q1. Which of the following can be used by a security administrator to successfully recover a user’s forgotten password on a password protected file? A. Cognitive password B. Password sniffing C. Brute force D. Social engineering View AnswerAnswer: C Explanation: One way to recover a user’s forgotten password on a password protected file is to guess it. A brute force attack is an automated attempt to open…
Q1. Which of the following is a programming interface that allows a remote computer to run programs on a local machine? A. RPC B. RSH C. SSH D. SSL View AnswerAnswer: A Explanation: Remote Procedure Call (RPC) is a programming interface that allows a remote computer to run programs on a local machine. Q2. A network engineer is setting up a network for a company. There is a…
Q1. The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection. Which of the following has happened on the workstation? A. Zero-day attack B. Known malware infection C. Session hijacking D. Cookie stealing View AnswerAnswer:…
Q1. Pete, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide? A. No competition with the company’s official social presence B. Protection against malware introduced by banner ads C. Increased user productivity based upon fewer distractions D. Elimination of risks caused by unauthorized P2P…
Q1. Which of the following is an example of a false positive? A. Anti-virus identifies a benign application as malware. B. A biometric iris scanner rejects an authorized user wearing a new contact lens. C. A user account is locked out after the user mistypes the password too many times. D. The IDS does not identify a buffer overflow. View AnswerAnswer: A Explanation: A false positive is…
Q1. An organization processes credit card transactions and is concerned that an employee may intentionally email credit card numbers to external email addresses. This company should consider which of the following technologies? A. IDS B. Firewalls C. DLP D. IPS View AnswerAnswer: C Explanation: Q2. Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may…
Q1. An auditor is given access to a conference room to conduct an analysis. When they connect their laptop’s Ethernet cable into the wall jack, they are not able to get a connection to the Internet but have a link light. Which of the following is MOST likely causing this issue? A. Ethernet cable is damaged B. The host firewall is set…
Q1. Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties? A. LDAP B. SAML C. TACACS+ D. Kerberos View AnswerAnswer: B Explanation: Security Assertion Markup Language (SAML) is an open-standard data format centred on XML. It is used for supporting the exchange of authentication and authorization details between systems, services, and devices. Q2. Which of…
Q1. TION NO: 74 Which of the following can be used as an equipment theft deterrent? A. Screen locks B. GPS tracking C. Cable locks D. Whole disk encryption View AnswerAnswer: C Explanation: Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal. Q2. Which of the following are examples of detective controls? A.…
Q1. A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers. This is an example of which of the following types of testing? A. Black box B. Penetration C. Gray box D. White box View AnswerAnswer: D Explanation: White box testing is the process of testing an application when you have…
Q1. Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise? A. Vulnerability scanning B. Port scanning C. Penetration testing D. Black box View AnswerAnswer: A Explanation: A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and…
Q1. An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used? A. WEP B. LEAP C. EAP-TLS D. TKIP View AnswerAnswer: C Explanation: The majority of the EAP-TLS implementations require client-side X.509 certificates without giving the option to disable the requirement. Q2. Which of the following would be MOST appropriate to secure an existing SCADA…
Q1. Protecting the confidentiality of a message is accomplished by encrypting the message with which of the following? A. Sender's private key B. Recipient's public key C. Sender's public key D. Recipient's private key View AnswerAnswer: B Explanation: Q2. A security administrator at a company which implements key escrow and symmetric encryption only, needs to decrypt an employee's file. The employee refuses to provide the decryption key…
Q1. Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts? A. badlog B. faillog C. wronglog D. killlog View AnswerAnswer: B Explanation: var/log/faillog - This Linux log fi le contains failed user logins. You’ll find this log useful when tracking attempts to crack into your system. /var/log/apport.log This log records application crashes. Sometimes these can reveal attempts to compromise the…
Q1. An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this? A. User rights reviews B. Least privilege and job rotation C. Change management D. Change Control View AnswerAnswer: A Explanation: A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the…
Q1. After a user performed a war driving attack, the network administrator noticed several similar markings where WiFi was available throughout the enterprise. Which of the following is the term used to describe these markings? A. IV attack B. War dialing C. Rogue access points D. War chalking View AnswerAnswer: D Explanation: War chalking is the act of making chalk marks on outdoor surfaces (walls, sidewalks, buildings,…
Q1. Timestamps and sequence numbers act as countermeasures against which of the following types of attacks? A. Smurf B. DoS C. Vishing D. Replay View AnswerAnswer: D Explanation: A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary…
Q1. Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency? A. Business continuity planning B. Continuity of operations C. Business impact analysis D. Succession planning View AnswerAnswer: D Explanation: Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be…
Q1. Ann is the data owner of financial records for a company. She has requested that she have the ability to assign read and write privileges to her folders. The network administrator is tasked with setting up the initial access control system and handing Ann's administrative capabilities. Which of the following systems should be deployed? A. Role-based B. Mandatory C. Discretionary D. Rule-based View AnswerAnswer:…
Q1. The system administrator is tasked with changing the administrator password across all 2000 computers in the organization. Which of the following should the system administrator implement to accomplish this task? A. A security group B. A group policy C. Key escrow D. Certificate revocation View AnswerAnswer: B Explanation: Group policy is used to manage Windows systems in a Windows network domain environment by means of a…
Q1. Which of the following should be enabled in a laptop’s BIOS prior to full disk encryption? A. USB B. HSM C. RAID D. TPM View AnswerAnswer: D Explanation: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates. Q2. A security…
Q1. A security architect wishes to implement a wireless network with connectivity to the company’s internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation? A. Disabling…
Q1. Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server? A. $500 B. $5,000 C. $25,000 D. $50,000 View…
Q1. A security engineer is reviewing log data and sees the output below: POST: /payload.php HTTP/1.1 HOST: localhost Accept: */* Referrer: http://localhost/ ******* HTTP/1.1 403 Forbidden Connection: close Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log? A. Host-based Intrusion Detection System B. Web application firewall C. Network-based Intrusion Detection System D.…