SY0-401 CompTIA Security+ Certification Practice Exam Set 9

A security engineer is reviewing log data and sees the output below:
POST: /payload.php HTTP/1.1
HOST: localhost
Accept: */*
Referrer: http://localhost/
*******
HTTP/1.1 403 Forbidden
Connection: close
Log: Access denied with 403. Pattern matches form bypass.
Which of the following technologies was MOST likely being used to generate this log?


Options are :

  • Stateful Inspection Firewall
  • URL Content Filter
  • Network-based Intrusion Detection System
  • Host-based Intrusion Detection System
  • Web application firewall (Correct)

Answer : Web application firewall

A company has several conference rooms with wired network jacks that are used by both
employees and guests. Employees need access to internal resources and guests only need
access to the Internet.
Which of the following combinations is BEST to meet the requirements?


Options are :

  • Switches and a firewall
  • VPN and IPSec
  • 802.1x and VLANs (Correct)
  • NAT and DMZ

Answer : 802.1x and VLANs

Which of the following network design elements allows for many internal devices to share one
public IP address?


Options are :

  • DNS
  • DMZ
  • PAT (Correct)
  • DNAT

Answer : PAT

The network security engineer just deployed an IDS on the network, but the Chief Technical
Officer (CTO) has concerns that the device is only able to detect known anomalies.
Which of the following types of IDS has been deployed?


Options are :

  • Anomaly Based IDS
  • Heuristic IDS
  • Signature Based IDS (Correct)
  • Behavior Based IDS

Answer : Signature Based IDS

Joe, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the
corporate network. He has tasked the security engineers to implement a technology that is
capable of alerting the team when unusual traffic is on the network.
Which of the following types of technologies will BEST address this scenario?


Options are :

  • Anomaly Based IDS (Correct)
  • Application Firewall
  • Signature IDS
  • Proxy Firewall

Answer : Anomaly Based IDS

Which of the following firewall rules only denies DNS zone transfers?


Options are :

  • deny tcp any any port 53 (Correct)
  • deny all dns packets
  • deny ip any any
  • deny udp any any port 53

Answer : deny tcp any any port 53

A security administrator suspects that an increase in the amount of TFTP traffic on the network is
due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic.
Which of the following would accomplish this task?


Options are :

  • Deny UDP port 69 (Correct)
  • Deny TCP port 69
  • Deny TCP port 68
  • Deny UDP port 68

Answer : Deny UDP port 69

An administrator would like to review the effectiveness of existing security in the enterprise.
Which of the following would be the BEST place to start?


Options are :

  • Review past security incidents and their resolution
  • Implement an intrusion prevention system (Correct)
  • Install honey pot systems
  • Rewrite the existing security policy

Answer : Implement an intrusion prevention system

A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet
interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks.
Which of the following is MOST likely the reason for the sub-interfaces?


Options are :

  • The network uses the subnet of 255.255.255.128.
  • The sub-interfaces each implement quality of service.
  • The sub-interfaces are configured for VoIP traffic.
  • The switch has several VLANs configured on it. (Correct)

Answer : The switch has several VLANs configured on it.

Users are unable to connect to the web server at IP 192.168.0.20.
Which of the following can be inferred of a firewall that is configured ONLY with the following ACL?
PERMIT TCP ANY HOST 192.168.0.10 EQ 80
PERMIT TCP ANY HOST 192.168.0.10 EQ 443


Options are :

  • It implements stateful packet filtering.
  • It implements bottom-up processing.
  • It implements an implicit deny. (Correct)
  • It failed closed.

Answer : It implements an implicit deny.

Joe, a newly hired employee, has a corporate workstation that has been compromised due to
several visits to P2P sites. Joe insisted that he was not aware of any company policy that prohibits
the use of such websites.
Which of the following is the BEST method to deter employees from the improper use of the
company’s information systems?


Options are :

  • Security Policy
  • Acceptable Use Policy (Correct)
  • Human Resource Policy
  • Privacy Policy

Answer : Acceptable Use Policy

Which of the following describes the purpose of an MOU?


Options are :

  • Define onboard/offboard procedure
  • Define interoperability requirements
  • Define data backup process
  • Define responsibilities of each party (Correct)

Answer : Define responsibilities of each party

Separation of duties is often implemented between developers and administrators in order to
separate the following:


Options are :

  • The network access layer from the application access layer
  • More experienced employees from less experienced employees
  • Upper level management users from standard development employees
  • Changes to program code and the ability to deploy to production (Correct)

Answer : Changes to program code and the ability to deploy to production

Pete, a security analyst, has been informed that the development team has plans to develop an
application which does not meet the company’s password policy.
Which of the following should Pete do NEXT?


Options are :

  • Contact the Chief Information Officer and ask them to change the company password policy so that the application is made compliant.
  • Inform the Chief Information Officer of non-adherence to the security policy so that the developers can be reprimanded.
  • Tell the application development manager to code the application to adhere to the company’s password policy. (Correct)
  • Ask the application development manager to submit a risk acceptance memo so that the issue can be documented.

Answer : Tell the application development manager to code the application to adhere to the company’s password policy.

The system administrator notices that their application is no longer able to keep up with the large
amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the
server is taken offline.
Which of the following would be a possible solution to look into to ensure their application remains
secure and available?


Options are :

  • HSM
  • Full disk encryption
  • Cloud computing (Correct)
  • Data Loss Prevention

Answer : Cloud computing

Which of the following provides the BEST explanation regarding why an organization needs to
implement IT security policies?


Options are :

  • To require acceptable usage of IT systems
  • To ensure that false positives are identified
  • To reduce the organizational risk (Correct)
  • To ensure that staff conform to the policy

Answer : To reduce the organizational risk

Which of the following is a management control?


Options are :

  • Logon banners
  • Written security policy (Correct)
  • Access Control List (ACL)
  • SYN attack prevention

Answer : Written security policy

Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years.
Each breach has cost the company $3,000. A third party vendor has offered to repair the security
hole in the system for $25,000. The breached system is scheduled to be replaced in five years.
Which of the following should Sara do to address the risk?


Options are :

  • Transfer the risk saving $5,000. (Correct)
  • Mitigate the risk saving $10,000.
  • Ignore the risk saving $5,000.
  • Accept the risk saving $10,000.

Answer : Transfer the risk saving $5,000.

Elastic cloud computing environments often reuse the same physical hardware for multiple
customers over time as virtual machines are instantiated and deleted.
This has important implications for which of the following data security concerns?


Options are :

  • Availability of servers
  • Integrity of data
  • Hardware integrity
  • Data confidentiality (Correct)

Answer : Data confidentiality

To help prevent unauthorized access to PCs, a security administrator implements screen savers
that lock the PC after five minutes of inactivity.
Which of the following controls is being described in this situation?


Options are :

  • Operational
  • Administrative
  • Technical (Correct)
  • Management

Answer : Technical

Everyone in the accounting department has the ability to print and sign checks. Internal audit has
asked that only one group of employees may print checks while only two other employees may
sign the checks.
Which of the following concepts would enforce this process?


Options are :

  • Job Rotation
  • Discretionary Access Control
  • Mandatory Vacations
  • Separation of Duties (Correct)

Answer : Separation of Duties

In order to prevent and detect fraud, which of the following should be implemented?


Options are :

  • Risk analysis
  • Job rotation (Correct)
  • Incident management
  • Employee evaluations

Answer : Job rotation

Which of the following concepts are included on the three sides of the "security triangle"? (Choose
three.)
A.
Confidentiality
B.
Availability
C.

Integrity
D.
Authorization
E.
Authentication
F.
Continuity



Options are :

  • A,B,E
  • A,B,F
  • A,B,C (Correct)
  • A,B,D

Answer : A,B,C

Mandatory vacations are a security control which can be used to uncover the following:


Options are :

  • Fraud committed by a system administrator (Correct)
  • The need for additional security staff
  • Software vulnerabilities in vendor code
  • Poor password security among users

Answer : Fraud committed by a system administrator

A software developer is responsible for writing the code on an accounting application. Another
software developer is responsible for developing code on a system in human resources. Once a
year they have to switch roles for several weeks.
Which of the following practices is being implemented?


Options are :

  • Job rotation (Correct)
  • Mandatory vacations
  • Least privilege
  • Separation of duties

Answer : Job rotation

What are three of the primary security control types that can be implemented?


Options are :

  • Operational, technical, and management. (Correct)
  • Personal, procedural, and legal.
  • Supervisory, subordinate, and peer.
  • Mandatory, discretionary, and permanent.

Answer : Operational, technical, and management.

The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a
database administrator performing several other job functions within the company.
Which of the following is the BEST method to prevent such activities in the future?


Options are :

  • Mandatory Vacations
  • Job rotation
  • Least Privilege
  • Separation of duties (Correct)

Answer : Separation of duties

Joe, a security analyst, asks each employee of an organization to sign a statement saying that
they understand how their activities may be monitored.
Which of the following BEST describes this statement? (Choose two.)
A.
Acceptable use policy
B.
Risk acceptance policy
C.
Privacy policy
D.
Email policy

E.
Security policy


Options are :

  • A,E
  • A,B
  • A,C (Correct)
  • A,D

Answer : A,C

A company is looking to reduce the likelihood of employees in the finance department being
involved with money laundering.
Which of the following controls would BEST mitigate this risk?


Options are :

  • Enforce mandatory vacations (Correct)
  • Implement a security policy
  • Enforce time of day restrictions
  • Implement privacy policies

Answer : Enforce mandatory vacations

Which of the following should Joe, a security manager, implement to reduce the risk of employees
working in collusion to embezzle funds from his company?


Options are :

  • Least Privilege
  • Mandatory Vacations (Correct)
  • Acceptable Use
  • Privacy Policy

Answer : Mandatory Vacations

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions