(CompTIA Certification Dumps) CompTIA Security+ SY0 401 Test Set 2
CompTIA Security+ SY0 401 Test Set 2
Which of the following BEST explains the use of an HSM within the company servers?
A) Hardware encryption is faster than software encryption.
B) Data loss by removable media can be prevented with DLP.
C) Thumb drives present a significant threat which is mitigated by HSM.
D) Software encryption can perform multiple functions required by HSM.
Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?
A) Buffer overflow and XSS
B) Session hijacking and XML injection
C) Cookies and attachments
D) SQL injection
Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?
B) Social engineering
C) Password reuse
. It is also believed that user accounts belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely taken place?
A) Shoulder surfing
B) Whaling attack
C) Dumpster diving
D) Vishing attack
An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default?
A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?
A) Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively
B) Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources
C) Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced
D) Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned
George, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following could be used to accomplish this task?
A) Private hash
B) Recovery agent
C) Public key
Which of the following can allow Emily, a security analyst, to encrypt individual files on a system?
A) Single Sign-on
An administrator notices that former temporary employees' accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?
A) Implement a password expiration policy
B) Run a last logon script to look for inactive accounts
C) Implement time of day restrictions for all temporary employees
D) Implement an account expiration date for temporary employees
Company A sends a PGP encrypted file to company B. If company A used company B's public key to encrypt the file, which of the following should be used to decrypt data at company B?
A) Private key
B) Public key
D) Shared key
Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie?
A) Host based firewall
B) Anti-spam software
C) Network based firewall
D) Anti-spyware software
of your employer has mandated that the internal payroll software be replaced by a cloud based application. The new software is a web based industry standard and will be licensed for use by the company. Which of the following best describes this situation?
A) Platform as a Service
B) Software as a Service
C) Hosted virtualization service
D) Infrastructure as a Service
A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected?
A) Hashing algorithm
B) Zero cipher
C) Block cipher
A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?
A) The sub-interfaces each implement quality of service
B) The switch has several VLANs configured on it
C) The sub-interfaces are configured for VoIP traffic
D) The network uses the subnet of 255.255.255.128
Which of the following defines a business goal for system restoration and acceptable data loss?
B) Warm site
Which of the following presents the STRONGEST access control?
Separation of duties is often implemented between developers and administrators in order to separate which of the following?
A) Changes to program code and the ability to deploy to production
B) The network access layer from the application access layer
C) Upper level management users from standard development employees
D) More experienced employees from less experienced employees
Which of the following is true about asymmetric encryption?
A) A message encrypted with the private key can be decrypted by the same key
B) A message encrypted with a shared key, can be decrypted by the same key
C) A message encrypted with the public key can be decrypted with the private key
D) A message encrypted with the public key can be decrypted with a shared key
Keith, a network administrator, has been asked to passively monitor network traffic for potential malicious activities to the company's sales websites. Which of the following would be BEST suited for this task?
B) Spam filter
Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?
A) Code review
B) Design reviews
C) Vulnerability scan
D) Baseline reporting
Which of the following choices can be described as a type of social engineering?
B) Xmas Attack
C) MAC Spoofing
Which of the following terms would be used when configuring a firewall to allow certain traffic to pass unobstructed?
A) Creating an exception
B) Creating an AP
C) Allowing a session
D) Establishing a tunnel
Which of the following protocols is a tunnel encryption used as a secure alternative to telnet?
Which of the following terms involves the sending and receiving of unsolicited messages over Bluetooth?
You have been tasked with finding and installing an enterprise SNMP solution. Which of the following properly describes the purpose and use of SNMP?
A) To transfer emails from server to server, using TCP port 25.
B) Automates network configuration settings such as IP address, subnet masks, and default gateways
C) Used to assign ports to private IPs, allowing a network to all use one public IP
D) Remotely monitor network equipment, such as switches and routers.
A network or host designed to attract malicious users away from actual sensitive materials, is known as what?
C) Rogue access point
D) Black box
Using programming or scripting in an input field, in an attempt to find a vulnerability, is known as what?
Which of the following descriptions best defines the principle of implicit deny?
A) Allow all traffic
B) Deny all traffic
C) Deny all traffic unless explicitly granted access
D) None of the above
Several high level executives at a business have been targeted by phishing attacks. Which of the following terms describes this type of phishing?
PKI uses what type of encryption?
Which of the following is not an example of biometric authentication?
A) Finger print scanner
B) Voice authentication
C) Smart card
D) Retina Scanner
Which of the following standard protocols utilizes the 802.11i standard?
A DoS attack can be defined as what?
A) Causing loss of availability to a service, normally by overloading it with large amounts of data.
B) A type of program that infects an OS, and spreads itself across the network.
C) A malicious program that "explodes" or attacks when a specific event happens, such as visiting a certain website.
D) A website disguising itself as another website, in an attempt to steal a username/password combination.
Which of the following terms properly describes the term Wardriving?
B) Uses chalk or paint to mark unsecured WAPs
C) Port Scanning a wifi network
D) Scanning for unsecured WAPs while in a vehicle.
Which of the following options can be used to verify data integrity?
B) RAID 0
Which networking device makes it very easy for a malicious user to receive and save packets that were not intended for their workstation?
Why would your business conduct a penetration test on it's network?
A) As a final step in security on network, to prove it is safe
B) To attempt to break security measures, in an effort to fix them.
C) A business would not do this, it is strictly used for malicious purposes.
D) To passively test network security
Which of the following terms describes installing an Operating System inside of a host Operating System?
B) Cloud Computing
You are creating a new network for your company, you only want to purchase one public IP but have many hosts that will be on the network. What will ensure this is possible?
The employees at the company you work for are complaining about receiving a lot of emails advertising services and goods. What are they experiencing?
The CEO of the company you work for has been receiving emails that appear to be from the local IT department. The emails address her user account, and instruct her to click a link in order to verify her password. Which type of attack is this?