(CompTIA Certification Dumps) CompTIA Security+ SY0 401 Test Set 1
CompTIA Security+ SY0 401 Test Set 1
After a power outage, which of the following documents contains detailed information on the order in which the system should be restored?
A) Succession planning
B) Relief Planning
C) Information Security Plan
D) Disaster recovery Plan
Your organization has a web server that must be accessible by external users. Which of the following options is the best location for the server?
A) Inside of a VLAN
B) Inside of a DMZ
C) Inside of a VPN
D) Behind the internal firewall
You are a network administrator for a large business. Recently, you've noticed a large amount of unusual traffic and you suspect they are SYN attacks. What choice will help you defend against these attacks?
A) Flood guards
B) Implicit Deny
D) Spanning Tree Protocol
What device will work best for servers that need to store private keys?
A) Hardware Security Module
B) Network firewall
C) SSD hard drive
D) Host firewall
Which of the following is an example of a physical security measure?
Which of the following is the default port and protocol for HTTPS?
A) TCP 443
B) UDP 443
C) TCP 80
D) UDP 25
E) TCP 25
Your supervisor asked you to open the necessary ports for a 'secure telnet' What ports should you open?
A) UDP 23
B) TCP 22
C) TCP 21
D) TCP 69
Which of the following options correctly describes SSO?
A) A protocol that safely encrypts plain text protocols
B) Will protect credit card information while surfing the web
C) Allows a user to sign in to a subsystem, which grants access to multiple systems without logging in again
D) Requires a user to login to every system seperately
Your supervisor asks you to implement a new KDC. Which of the following protocols is your supervisor planning to implement?
A malicious program that disguises itself as a legitimate program is known as a?
C) Trojan Horse
What sort of attack uses information gained from social media to obtain access to a users login?
A) Cognitive Password Attack
B) Birthday Attack
C) Brute Force Attack
D) MD5 Hash Attack
You're the admin of a large corporation's production computer system, with many users. How often should you review and audit your users rights?
A) After an employee is terminiated
B) 5 years
Which of the following options describes a zero-day attack?
A) A type of social attack, in which the attacker targets high level executives.
B) An attack that exploits an new or unknown vulnerability
C) A commonly known attack, which is still unpatched
D) A known attack, which has been patched and is no longer a threat
As a security administrator, you decide to force expiration of all user passwords. Which of the following best supports this reasoning?
A) Recently several passwords were cracked
B) Regular security measure to ensure a secure network
C) Ensures everyone meets password complexity requirements
D) Identify which users are actively logging into the network
A software test that does not examine the software's code is known as what?
A) White Hat
B) White Box
C) Black Box
D) Grey Box
Which answer properly describes the purpose of the CA role in Public Key Infrastructure?
A) To issue a certificate
B) To sign key escrow lists to CRLs
C) To issue and signs all root certs
D) To verify keys for authenticity
What will best help you if you need to prevent cross-site scripting on your companies intranet webpage?
B) Anomaly HIDS
C) Input Validation
Which of the following ACL rules will deny DHCP traffic?
A) DENY TCP ANY SERVER LOG
B) ALLOW ALL BUT TCP 67
C) DENY ANY SERVER LOG
D) DENY UDP ANY SERVER EQ 67
Select the answer that properly describes IPSec in tunnel mode:
A) Packet contents are encrypted, headers are not
B) Entire packet is encrypted and wrapped with new IP headers
C) IPSec encrypts packets using SSL, similar to SSH
D) IPSec is incompatible with OSPF WAN encryptions
Which of the following protocols is used to encrypt emails?
Which of the following choices properly defines the term war chalking?
A) Driving in a vehicle and scanning for open WiFi access points
B) Marking open WiFi access points
C) Port Scanning a wifi network
D) Cracking a WEP2 WiFi encryption
A server on your network needs to be accessed by external users. The content of the server should be publicly available and does not contain any confidential information. Where should you place it?
B) Behind the firewall and NAT service
D) Behind an IPsec tunneling firewall
True or False: It is good practice to disable unused or publicly accessible network ports?
When converted into binary, how many bits are present in an IPv4 Address?
SHA and MD5 are examples of which of the following?
B) Encryption algorithms
C) Hashing algorithms
D) Tunneling protocols
What is the default port of Kerberos?
A list of permissions on a router that determines who can access specific areas of a network, is known as what?
Which of the following is a protocol that prevents loops in layer 2 switching devices?
Which authentication protocol periodically verifies a client with a 3-way handshake?
Which of the following is an access control method, which is based of a persons job?
Which option will provide short-term system availability in case of loss or failure?
A) RAID 0
B) RAID 5
C) Cold Site
D) Full disk encryption
Which of the following STOPS attacks on a host system?
What port is used for HTTPS?
Which of the following is a computer hardware component that can process and store cryptographic keys?
Which of the following describes the most secure firewall configuration?
A) Deny all, with exceptions for required applications and ports
B) Allow all, deny malicious applications and ports
C) Deny all UPD, allow all TCP
D) Deny all protocols, allow TCP/IP
Which of the following is an example of multi-factor authentication?
A) Pin number and smart card
B) Password and pin
C) Fingerprint and iris scan
D) Smart card and ID badge
Which of the following is a Denial of Service attack using a succession of TCP Handshake requests?
B) Xmas Attack
C) Smurf Attack
D) SYN Flood
Which port is used by telnet?
Which of the following is a common synonym for a Protocol Analyzer?