JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 10

Which of the following tools will detect protocols that are in use? 


Options are :

  • Port scanner (Correct)
  • Proxy server
  • DMZ
  • Spoofing

Answer : Port scanner

Which of the following is true about the application of machine virtualization? 


Options are :

  • Some malware is able to detect that they are running in a virtual environment (Correct)
  • Machine vitalization is only possible in a 64-bit environment
  • The vitalization host OS must be within two revisions of the guest OS.
  • Virtualization hosting is only possible on one specific OS

Answer : Some malware is able to detect that they are running in a virtual environment

A user notices that in the morning the email system is slow. Which of the following tools would the technician use FIRST to identify the issue? 


Options are :

  • Spam filter
  • Protocol analyzer
  • Performance monitor (Correct)
  • VPN

Answer : Performance monitor

Which of the following security controls targets employee accounts that have left the company without going through the proper exit process?   


Options are :

  • Account expiration policy (Correct)
  • Password complexity policy
  • Access control lists
  • Account lockout policy

Answer : Account expiration policy

Which of the following algorithms provides the LOWEST level of encryption? 


Options are :

  • Blowfish
  • AES
  • SHA1
  • DES (Correct)

Answer : DES

At midnight on January 1st, an administrator receives an alert from the system monitoring the servers in the datacenter. All servers are unreachable. Which of the following is MOST likely to have caused the DOS? 


Options are :

  • Virus
  • Rootkit
  • Botnet
  • Logic bomb (Correct)

Answer : Logic bomb

Which of the following BEST describes a reason to implement virtualization technology? 


Options are :

  • Diminishing number of end users
  • Decreased administrative overhead
  • Smaller routing tables
  • Reduce data center footprint (Correct)

Answer : Reduce data center footprint

A secure company portal, accessible publicly but only to company employees, frequently fails to renew its certificates, resulting in expired certificate warnings for users. These failures: (Select TWO).

A. Increase resources used by the companyís web-servers.

B. Expose traffic sent between the server and the userís computer.

C. Breed complacency among users for all certificate warnings.

D. Permit man-in-the-middle attacks to steal usersí credentials.

E. Are irritating to the user but the traffic remains encrypted. 


Options are :

  • C,E (Correct)
  • C,D
  • A,B
  • A,D

Answer : C,E

A technician reports that an employee that retired five years ago still has access to the marketing  departmentís folders. Which of the following should have been conducted to avoid this security risk? 


Options are :

  • Job rotation review
  • Separation of duties review
  • Retention policy review
  • Regular user access review (Correct)

Answer : Regular user access review

Which of the following would be used for authentication in Active Directory?   


Options are :

  • PPTP
  • TACACS
  • RAS
  • Kerberos (Correct)

Answer : Kerberos

Which of the following combinations of items would constitute a valid three factor authentication system? 


Options are :

  • PIN, password, and a thumbprint
  • Password, retina scan, and a one-time token (Correct)
  • PKI smartcard, password and a one-time token
  • Fingerprint, retina scan, and a hardware PKI token

Answer : Password, retina scan, and a one-time token

An administrator is required to keep certain workstations free of malware at all times, but those workstations need to be able to access any Internet site. Which of the following solutions would be the BEST choice? 


Options are :

  • Updated anti-spam software
  • Updated antivirus software (Correct)
  • Personal firewall
  • Pop-up blockers

Answer : Updated antivirus software

A technician wants to make sure all users in the network are in compliance with company standards for login. Which of the following tools can the technician use? 


Options are :

  • Performance baselines (Correct)
  • Password crackers
  • Network mapping software
  • Digital signatures

Answer : Performance baselines

Which of the following uses multiple encryption keys to repeatedly encrypt its output?   


Options are :

  • AES256
  • AES128
  • 3DES (Correct)
  • DES

Answer : 3DES

The security administrator is investigating a breach of the companyís web server. One of the web developers had posted valid credentials to a web forum while troubleshooting an issue with a vendor. Logging which of the following would have created the BEST way to determine when the breach FIRST occurred? (Select TWO).

A. Unsuccessful login

B. Source OS

C. Destination IP

D. Number of hops from source

E. Source IP

F. Successful login 


Options are :

  • B,D
  • E,F (Correct)
  • A,B
  • C,D

Answer : E,F

After a disaster, a security administrator is helping to execute the company disaster recovery plan. Which of the following security services should be restored FIRST?   


Options are :

  • Auditing and logging of transactions. (Correct)
  • New user account creation services.
  • Help desk phones and staffing.
  • Authentication mechanisms for guests.

Answer : Auditing and logging of transactions.

An auditor would use credentials harvested from a SQL injection attack during which of the following? 


Options are :

  • Password strength audit
  • Penetration test
  • Forensic recover (Correct)
  • Vulnerability assessment

Answer : Forensic recover

In a standard PKI implementation, which of the following keys is used to sign outgoing messages? 


Options are :

  • Senderís private key (Correct)
  • Recipientís public key
  • Senderís public key
  • Recipientís private key

Answer : Senderís private key

Which of the following tools would BEST allow a security administrator to view the contents of unencrypted network traffic? 


Options are :

  • Web application firewall
  • Network access contro
  • Protocol analyzer (Correct)
  • Honeypot

Answer : Protocol analyzer

Which of the following security threats would MOST likely use IRC? 


Options are :

  • Botnets (Correct)
  • Logic bombs
  • Adware
  • Spam

Answer : Botnets

Which of the following BEST describes a tool used to encrypt emails in transit? 


Options are :

  • Whole disk encryption
  • S/MIME certificates (Correct)
  • Digital signatures
  • SSL over VPN

Answer : S/MIME certificates

Which of the following can be implemented to prevent malicious code from executing? 


Options are :

  • Personal software firewall
  • Anti-spam software
  • Hardware fire wall
  • Antivirus software (Correct)

Answer : Antivirus software

The last company administrator failed to renew the registration for the corporate web site (e.g. https://wrtw.comptia.org). When the new administrator tried to register the website it is discovered that the registration is being held by a series of small companies for very short periods of time. This is typical of which of the following? 


Options are :

  • Spoofing
  • Domain name kiting (Correct)
  • TCP/IP hijacking
  • DNS poisoning

Answer : Domain name kiting

Which of the following standards encodes in 64-bit sections, 56 of which are the encryption key? 


Options are :

  • AES
  • SHA
  • Blowfish
  • DES (Correct)

Answer : DES

Which of the following security controls would a company use to verify that their confidential and proprietary data is not being removed? 


Options are :

  • Vulnerability scanners
  • Chain of custody
  • Video surveillance (Correct)
  • Man traps

Answer : Video surveillance

Which of the following will help hide the IP address of a computer from servers outside the network?   


Options are :

  • PAT
  • ACL
  • NAC
  • NAT (Correct)

Answer : NAT

Which of the following increases availability during periods of electromagnetic interference? (Select TWO).

A. Fiber optic cable

B. Straight-through cable

C. STP cable

D. Crossover cable

E. UTP cable 


Options are :

  • B,E
  • A,C (Correct)
  • C,D
  • A,B

Answer : A,C

Which of the following should a web application programmer implement to avoid SQL injection attacks? 


Options are :

  • Session cookie handling
  • Authentication and authorization
  • Proper input validation (Correct)
  • Encryption and hashing

Answer : Proper input validation

Which of the following will allow a technician to restrict access to one folder within a shared folder? 


Options are :

  • IPSec
  • NTLMv2
  • NTLM
  • NTFS (Correct)

Answer : NTFS

Which of the following security concepts is supported by HVAC systems? 


Options are :

  • Availability (Correct)
  • Privacy
  • Integrity
  • Confidentiality

Answer : Availability

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions