Preguntas SEC+

SY0-201/301 Weasel super edit!
Number: SY0-301
Passing Score: 800
Time Limit : 120 min
File Version: 1.1
Version: 7.19
CompTIA SY0-201/301.... 450 Q&A Editied by \/\/3453L: Practice Exam
Exam A
QUESTION 1
Which of the following cryptography types provides the same level of security but uses smaller key sizes and
less computational resources than logarithms which are calculated against a finite field?
A.
B.
C.
D.
Elliptical curve
Diffie-Hellman
Quantum
El Gamal
Answer: A
Section: (none)
Explanation/Reference:
FINAL EDIT
QUESTION 2
Which of the following BEST describes the purpose of fuzzing?
A.
B.
C.
D.
To decrypt network sessions

To gain unauthorized access to a facility
To hide system or session activity
To discover buffer overflow vulnerabilities
Answer: D
Section: (none)
QUESTION 3
A security administrator is reviewing remote access and website logs. The administrator notices that users
have been logging in at odd hours from multiple continents on the same day. The security administrator
suspects the company is the victim of which of the following types of attack?
A.
B.
C.
D.
TCP/IP hijacking
Spoofing
Replay
Domain name kiting
Answer: C
Section: (none)
QUESTION 4
Which of the following is the default rule found in a corporate firewalls access control list?
A. Anti-spoofing
B. Permit all
C. Multicast list
D. Deny all
Answer: D
Section: (none)
QUESTION 5
Which of the following is the BEST choice of cryptographic algorithms or systems for providing whole disk
encryption?
A.
B.
C.
D.
One time pad

PGP
MD5
TKIP
Answer: C
Section: (none)
QUESTION 6
Which of the following allows a malicious insider to covertly remove information from an organization?
A.
B.
C.
D.
NAT traversal
Steganography
Non-repudiation
Protocol analyzer
Answer: B
Section: (none)
QUESTION 7
The server log shows 25 SSH login sessions per hour. However, it is a large company and the administrator
does not know if this is normal behavior or if the network is under attack. Where should the administrator look
to determine if this is normal behavior?
A.
B.
C.
D.
Change management
Code review
Baseline reporting
Security policy
Answer: C
Section: (none)
QUESTION 8
Which of the following is the BEST approach to perform risk mitigation of user access control rights?
A.
B.
C.
D.
Conduct surveys and rank the results.

Perform routine user permission reviews.
Implement periodic vulnerability scanning.
Disable user accounts that have not been used within the last two weeks.
Answer: B
Section: (none)
QUESTION 9
Which of the following software should a security administrator implement if several users are stating that they
are receiving unwanted email containing advertisements?
A.
B.
C.
D.
Host-based firewalls
Anti-spyware
Anti-spam
Anti-virus
Answer: C
Section: (none)
QUESTION 10
Adding a second firewall to the perimeter of a network would provide:
A.
B.
C.
D.
user VLANs.
failover capability.
additional bandwidth.
management of VLANs.
Answer: B
Section: (none)
QUESTION 11
The security administrator is tasked with authenticating users to access an encrypted database. Authentication
takes place using PKI and the encryption of the database uses a separate cryptographic process to decrease
latency. Which of the following would describe the use of encryption in this situation?
A.
B.
C.
D.
Private Key encryption to authenticate users and private keys to encrypt the database
Private Key encryption to authenticate users and public keys to encrypt the database
Public key encryption to authenticate users and public keys to encrypt the database
Public key encryption to authenticate users and private keys to encrypt the database
Answer: D
Section: (none)
QUESTION 12
A security device prevents certain users from accessing the network remotely with specific applications, but
allows VPN connections without any issues. Which of the following access control models is being used?
A.
B.
C.
D.
Mandatory
Rule-based
Discretionary
Role-based
Answer: B
Section: (none)
QUESTION 13
Which of the following would provide the MOST reliable proof that a datacenter was accessed at a certain
time of day?
A.
B.
C.
D.
Video surveillance
Security log
Entry log
Proximity readers
Answer: A
Section: (none)
QUESTION 14
Which of the following application attacks typically involves entering a string of characters and bypassing
input validation to display additional information?
A. Session hijacking
B. Zero day attack
C. SQL injection
D. Cross-site scripting
Answer: C
Section: (none)
QUESTION 15
Which of the following IDS/IPS systems is used to protect individual servers?
A.
B.
C.
D.
NIPS
NAC
GRE
HIPS
Answer: D
Section: (none)
QUESTION 16
Which of the following technologies directly addresses the need to restrict employees from browsing
inappropriate websites?
A.
B.
C.
D.
Bastion host
Firewall
Proxy server
Content filter
Answer: D
Section: (none)
QUESTION 17
A security administrator working for a health insurance company needs to protect customer data by installing
an HVAC system and a mantrap in the datacenter. Which of the following are being addressed? (Select
TWO).
A.
B.
C.
D.
E.
Integrity
Recovery
Clustering
Confidentiality
Availability
Answer: AE
Section: (none)
QUESTION 18
Which of the following camera types would allow a security guard to track movement from one spot
throughout a data center?
A.
B.
C.
D.
CCTV system
PTZ camera
Analog camera
Digital camera
Answer: B
Section: (none)
QUESTION 19
A user reports they are receiving odd emails. Upon investigation, the administrator finds that most of the users
email boxes appear to be full and bouncing inbound emails at an alarming rate. Which of the following is
MOST likely causing the problem?
A.
B.
C.
D.
There is a worm attacking the network.

the SMTP relay is not secured.
There is a virus attacking the email server.
The network is infected by adware.
Answer: D
Section: (none)
QUESTION 20
Which of the following describes when forensic hashing should occur on a drive?
A.
B.
C.
D.
After the imaging process and before the forensic image is captured
Before the imaging process and then after the forensic image is created
After the imaging process and after the forensic image is captured
Before and after the imaging process and then hash the forensic image
Answer: D
Section: (none)
QUESTION 21
A new file share has been created to store confidential exit interviews. Which of the following employees
should have access to the file share?
A.
B.
C.
D.
Human Resources Manager

Chief Financial Officer
Human Resources Recruiter
System Administrator
Answer: A
Section: (none)
QUESTION 22
Which of the following is a valid three factor authentication combination?
A.
B.
C.
D.
PIN, thumb print, proximity card

PIN, proximity card, key
Retina scan, thumb print, proximity card
PIN, thumb print, retina scan
Answer: A
Section: (none)
QUESTION 23
A security administrator reviews the NIDS logs and notices fourteen unsuccessful logins with a subsequent
successful login to a DMZ switch from a foreign IP address. Which of the following could have led to this
network device being accessed?
A.
B.
C.
D.
Default account
Privilege escalation
Denial of service
Strong password
Answer: B
Section: (none)
QUESTION 24
Which of the following has an embedded cryptographic token?
A. PKI certificate
B. TACACS
C. ID badge
D. Smartcard
Answer: D
Section: (none)
QUESTION 25
A company runs a site, which has a search option available to the general public. The administrator is
reviewing the site logs and notices an external IP address searching on the site at a rate of two hits per
second. This is an indication of which of the following?
A.
B.
C.
D.
Man-in-the-middle attack
Data mining
Cross-site scripting attack
Denial of Service (DoS)
Answer: B
Section: (none)
QUESTION 26
Which of the following allows an attacker to identify vulnerabilities within a closed source software
application?
A.
B.
C.
D.
Fuzzing
Compiling
Code reviews
Vulnerability scanning
Answer: A
Section: (none)
QUESTION 27
Using a combination of a fingerprint reader and retina scanner is considered how many factors of
authentication?
A.
B.
C.
D.
One
Two
Three
Four
Answer: A
Section: (none)
QUESTION 28
Instead of giving a security administrator full administrative rights on the network, the administrator is given
rights only to review logs and update security related network devices. Additional rights are handed out to
network administrators for the areas that fall within their job description. Which of the following describes this
form of access control?
A.
B.
C.
D.
Mandatory vacation
Least privilege
Discretionary
Job rotation
Answer: B
Section: (none)
QUESTION 29
Which of the following is a way to immediately push and force a group policy to a workstation?
A.
B.
C.
D.
gpedit.msc
gpresult.exe
gpupdate.exe
mmc.exe
Answer: A
Section: (none)
QUESTION 30
Which of the following authentication services can be used to provide router commands to enforce policies?
A.
B.
C.
D.
RADIUS
Kerberos
LDAP
TACACS+
Answer: A
Section: (none)
QUESTION 31
Which of the following is the BEST tool to deploy on the company network to monitor and log employee's web
surfing activity?
A.
B.
C.
D.
Firewall
Honeypot
Proxy server
Protocol analyzer
Answer: C
Section: (none)
QUESTION 32
A security administrator is implementing a solution that can integrate with an existing server and provide
encryption capabilities. Which of the following would meet this requirement?
A.
B.
C.
D.
Mobile device encryption

Full disk encryption
TPM
HSM
Answer: C
Section: (none)
QUESTION 33
When using USB devices to transfer data from one workstation to another, which of the following should be
performed?
A.
B.
C.
D.
Scan with antivirus software.

Disable USB ports on the workstation.
Format the device.
Use a new USB device to ensure security.
Answer: A
Section: (none)
QUESTION 34
A Human Resource manager is assigning access to users in their specific department performing the same
job function. This is an example of:
A. role-based access control.
B. rule-based access control.

C. centralized access control.
D. mandatory access control.
Answer: A
Section: (none)
QUESTION 35
Which of the following ensures that an authorized employees access rights are based on a need to know?
A.
B.
C.
D.
Least privilege
Job rotation
Implicit deny
Separation of duties
Answer: C
Section: (none)
QUESTION 36
Which of the following is a technical control?
A.
B.
C.
D.
System security categorization requirement

Baseline configuration development
Contingency planning
Least privilege implementation
Answer: D
Section: (none)
QUESTION 37
A programmer cannot change the production system directly and must have code changes reviewed and
approved by the production system manager. Which of the following describes this control type?
A.
B.
C.
D.
Discretionary access control

Security policy
Job rotation
Answer: B
Section: (none)
QUESTION 38
Which of the following malware types is MOST commonly installed through the use of thumb drives to
compromise systems and provide unauthorized access?
A.
B.
C.
D.
Trojans
Botnets
Adware
Logic bomb
Answer: A
Section: (none)
QUESTION 39
Which of the following BEST describes an attack involving the interception and later retransmission of the
same network traffic?
A.
B.
C.
D.
Man-in-the-middle
Domain name kiting
Spoofing
Replay
Answer: D
Section: (none)
QUESTION 40
Which of the following BEST describes COOP?
A. Determination of business impact based on an individual contingency and developing countermeasures to
that contingency
B. Planning disaster recovery functions and system movements for a 24-48 hour period after a disaster
C. Development of a BIA, BCP, DRP, ITCP and other relevant aspects of the continuity process
D. Restoring mission essential functions at an alternate site and performing those functions for up to 30 days
Answer: B
Section: (none)
QUESTION 41
The network administrator is concerned about password security. Which of the following protocols should be
used to remotely administer a router?
A.
B.
C.
D.
Telnet
rlogin
PGP
SSH
Answer: D
Section: (none)
QUESTION 42
A critical system in the datacenter is not connected to a UPS. The security administrator has coordinated an
authorized service interruption to resolve this issue. This is an example of which of the following?
A.
B.
C.
D.
Fault tolerance
Continuity of operations
Succession planning
Data handling error
Answer: C
Section: (none)
QUESTION 43
Which of the following is the BEST reason to choose a vulnerability assessment over a penetration test?
A.
B.
C.
D.
The cost of OVAL vulnerability assessment tools

The ability to banner grab from within the vulnerability assessment tool
The high level of training available to staff regarding vulnerability assessments
The low level of skill required to execute the vulnerability assessment
Answer: B
Section: (none)
QUESTION 44
Which of the following protocols would allow an attacker to gather the MOST information about an unsecured
network printer's configuration?
A. ICMP
B. SNMP
C. RBAC
D. RTMP
Answer: B
Section: (none)
QUESTION 45
The BEST way to protect the confidentiality of sensitive data entered in a database table is to use:
A.
B.
C.
D.
hashing.
stored procedures.
encryption.
transaction logs.
Answer: C
Section: (none)
QUESTION 46
A professor at a university is given two keys. One key unlocks a classroom door and the other locks it. The
key used to lock the door is available to all other faculty. The key used to unlock the door is only given to the
professor. Which of the following cryptography concepts is illustrated in the example above?
A.
B.
C.
D.
Key escrow exchange

Asymmetric key sharing
Exchange of digital signatures
Symmetric key sharing
Answer: B
Section: (none)
QUESTION 47
In an effort to increase security, the security administrator revokes each user's certificate after one year.
Which of the following would keep an attacker from using the certificate?
A.
B.
C.
D.
RA
CRL
PKI
CA
Answer: B
Section: (none)
QUESTION 48
WEP is seen as an unsecure protocol based on its improper use of which of the following?
A.
B.
C.
D.
RC6
RC4
3DES
AES
Answer: B
Section: (none)
QUESTION 49
Which of the following solutions would a security administrator MOST likely perform if they were trying to
access several websites from a single workstation that were potentially dangerous (e.g.contain malware)?
A.
B.
C.
D.
Update and enable the anti-spam software.

Update input validation schemes.
Setup a virtual machine on that workstation.
Secure rogue access points.
Answer: C
Section: (none)
QUESTION 50
A security engineer is troubleshooting a server in the DMZ, which cannot be reached from the Internet or the
internal network. All other servers on the DMZ are able to communicate with this server. Which of the
following is the MOST likely cause?
A.
B.
C.
D.
The server is configured to reject ICMP packets.

The server is on the external zone and it is configured for DNS only.
The server is missing the default gateway.
The server is on the internal zone and it is configured for DHCP only.
Answer: C
Section: (none)
QUESTION 51
Which of the following is true about hardware encryption? (Select TWO).

A.
B.
C.
D.
E.
It must use elliptical curve encryption.

It requires a HSM file system.
It only works when data is not highly fragmented.
It is faster than software encryption.
It is available on computers using TPM.
Answer: DE
Section: (none)
QUESTION 52
A security administrator would MOST likely put a network interface card into promiscuous mode to use which
of the following utilities? (Select TWO).
A.
B.
C.
D.
E.
Wireshark
Nessus
Tcpdump
Nmap
L0phtcrack
Answer: AC
Section: (none)
QUESTION 53
Which of the following would an administrator apply to mobile devices to BEST ensure the confidentiality of
data?
A.
B.
C.
D.
Screen locks
Device encryption
Remote sanitization
Antivirus software
Answer: A
Section: (none)
QUESTION 54
Which of the following should be performed on a computer to protect the operating system from malicious
software? (Select TWO).
A. Disable unused services
B.
C.
D.
E.
Update NIDS signatures

Update HIPS signatures
Disable DEP settings
Install a perimeter firewall
Answer: AC
Section: (none)
QUESTION 55
A security administrator is assigned to develop an IP address scheme for the corporate network that allows
internal users to have an IP address that cannot be routed to the Internet. Which of the following IP addresses
would meet this requirement?
A.
B.
C.
D.
10.127.0.5
63.75.131.27
172.40.75.95
192.186.202.48
Answer: A
Section: (none)
QUESTION 56
Assigning access on a need-to-know basis is a best practice in which of the following controls?
A.
B.
C.
D.
Risk assessment
Account management
Patch management
Vulnerability assessment
Answer: B
Section: (none)
QUESTION 57
In order to access the network, an employee must swipe their finger on a device. Which of the following
describes this form of authentication?
A.
B.
C.
D.
Single sign-on
Multifactor
Biometrics
Tokens
Answer: C
Section: (none)
QUESTION 58
Which of the following will prevent inbound ICMP traffic between systems?
A.
B.
C.
D.
HIDS
VPN
Antivirus
Personal firewall
Answer: D
Section: (none)
QUESTION 59
Which of the following is BEST used to prevent ARP poisoning attacks across a network?
A.
B.
C.
D.
VLAN segregation
IPSec
IP filters
Log analysis
Answer: C
Section: (none)
QUESTION 60
Which of the following BEST describes a malicious application that attaches itself to other files?
A.
B.
C.
D.
Rootkits
Adware
Backdoors
Virus
Answer: D
Section: (none)
QUESTION 61
A physical server goes offline. It takes down six virtual web servers that it was hosting. This is an example of
which of the following vulnerabilities?
A.
B.
C.
D.
Man in the middle

SQL injection
Cross-site scripting
Single point of failure
Answer: D
Section: (none)
QUESTION 62
A security administrator wants to determine what data is allowed to be collected from users of the corporate
Internet-facing web application. Which of the following should be referenced?
A.
B.
C.
D.
Privacy policy
Human Resources policy
Appropriate use policy
Security policy
Answer: A
Section: (none)
QUESTION 63
A CA normally sends PKI data to which of the following servers?
A.
B.
C.
D.
Root Authority
LDAP
DHCP
RAS
Answer: A
Section: (none)
QUESTION 64
A security administrator with full administrative rights on the network is forced to temporarily take time off of
their duties. Which of the following describes this form of access control?
A. Separation of duties
B. Discretionary
C. Mandatory vacation
D. Least privilege
Answer: C
Section: (none)
QUESTION 65
Which of the following are the BEST reasons to use an HSM? (Select TWO).
A.
B.
C.
D.
E.
Encrypt the CPU L2 cache

Recover keys
Generate keys
Transfer keys to the CPU
Store keys
Answer: CE
Section: (none)
QUESTION 66
Which of the following will provide the HIGHEST level of wireless network security?
A.
B.
C.
D.
WPA2
SSH
SSID
WEP
Answer: A
Section: (none)
QUESTION 67
Which of the following would an administrator do to ensure that an application is secure and all unnecessary
services are disabled?
A.
B.
C.
D.
Baselining
Application hardening
Secure application coding
Patch management
Answer: B
Section: (none)
QUESTION 68
Several existing, poorly documented networks have been integrated. Which of the following would define
expected traffic with the LOWEST impact on existing processes?
A.
B.
C.
D.
Configure the firewall to log all traffic and begin researching.

Update all network services to use secure protocols.
Configure the firewall to block all non-standard ports and review logs for blocked traffic.
Update signatures on the intrusion detection devices and review alerts.
Answer: C
Section: (none)
QUESTION 69
The CRL allows:
A.
B.
C.
D.
new certificates to be generated.

a centralized database of authenticated users.
a recovery agent to decide which certificates to authenticate.
immediate certificate revocation.
Answer: C
Section: (none)
QUESTION 70
A company hires a security firm to assess the security of the company's network. The company does not
provide the firm with any internal knowledge or documentation of the network. Which of the following should
the security firm perform?
A.
B.
C.
D.
Black hat
Black box
Gray hat
Gray box
Answer: B
Section: (none)
QUESTION 71
An employee's workstation is connected to the corporate LAN. Due to content filtering restrictions, the
employee attaches a 3G Internet dongle to get to websites that are blocked by the corporate gateway. Which
of the following BEST describes a security implication of this practice?

A.
B.
C.
D.
A corporate LAN connection and a 3G Internet connection are acceptable if a host firewall is installed.
The security policy should be updated to state that corporate computer equipment should be dual-homed.
Content filtering should be disabled because it may prevent access to legitimate sites.
Network bridging must be avoided otherwise it may join two networks of different classifications.
Answer: B
Section: (none)
QUESTION 72
The head of security wants to implement an IDS that relies on a baseline to send alerts when suspicious traffic
crosses the network. Which of the following BEST describes this type of IDS configuration?
A.
B.
C.
D.
Network-based IDS
Host-based IDS
Anomaly-based IDS
Signature-based IDS
Answer: A
Section: (none)
QUESTION 73
Which of the following risks may result from improper use of social networking and P2P software?
A.
B.
C.
D.
Shoulder surfing
Denial of service
Information disclosure
Data loss prevention
Answer: C
Section: (none)
QUESTION 74
An administrator needs to setup devices on a network that will make it possible for the company to separate
resources within the internal network. Which of the following BEST describes the needed network design?
A.
B.
C.
D.
DMZ
VLAN
NAT
NAC
Answer: B
Section: (none)
QUESTION 75
Data can potentially be stolen from a disk encrypted, screen-lock protected, smart phone by which of the
following?
A.
B.
C.
D.
Bluesnarfing
IV attack
Honeynet
SIM cloning
Answer: A
Section: (none)
QUESTION 76
As a computer forensic analyst, which of the following is MOST critical when working with multiple machines?
A.
B.
C.
D.
Power off the machines as quickly as possible.

Document all actions performed.
Verify all data has been recently backed up.
Check for the presence of RAID arrays.
Answer: C
Section: (none)
QUESTION 77
The administrator wishes to monitor incoming traffic, but does not want to risk accidentally blocking legitimate
traffic. Which of the following should the administrator implement?
A.
B.
C.
D.
A client-based firewall
A DMZ
A NIDS
A HIPS
Answer: C
Section: (none)
QUESTION 78
A user reports that their home page is being redirected to an obscure website. An antivirus scan shows no
abnormalities. Which of the following is the MOST probable cause?
A.
B.
C.
D.
Worm
Botnet
Spam
Rootkit
Answer: A
Section: (none)
QUESTION 79
A company wants to sell some old cell phones on an online auction to recover some of the cost of the newer
phones. Which of the following should be done to ensure the confidentiality of the information that is stored on
the phones (e.g. client phone numbers and email communications)?
A.
B.
C.
D.
Degauss the phones for 30 minutes.

Contact the vendor.
Manually delete the phone book entries and all email in the phone.
Perform a master reset.
Answer: D
Section: (none)
QUESTION 80
Which of the following BEST describes S/MIME certificates?
A.
B.
C.
D.
They use public and private keys.

They provide non-repudiation.
They make all emails a fixed size.
They automatically append legal disclaimers to emails.
Answer: B
Section: (none)
QUESTION 81
An employee is processing classified information on a secured laptop and leaves the laptop unlocked in a
public place. This negligence may BEST be attributed to:
A. a weak intrusion detection system.
B. password complexity issues.

C. absence of due diligence.
D. lack of security education and awareness training.
Answer: D
Section: (none)
QUESTION 82
Which of the following is the primary concern when using a Halon fire suppression system to cover an entire
data center?
A.
B.
C.
D.
Ample time to remove backup tapes

Ample space to install servers near the system
Adequate volume to cover all equipment
Adequate evacuation time for personnel
Answer: C
Section: (none)
QUESTION 83
A certificate that has been compromised should be published to which of the following?
A.
B.
C.
D.
AES
CA
CRL
PKI
Answer: C
Section: (none)
QUESTION 84
When a user first moves into their residence, the user receives a key that unlocks and locks their front door.
This key is only given to them but may be shared with others they trust. Which of the following cryptography
concepts is illustrated in the example above?
A.
B.
C.
D.
Asymmetric key sharing

Exchange of digital signatures
Key escrow exchange
Symmetric key sharing
Answer: D
Section: (none)
QUESTION 85
Which of the following wireless security controls can be easily and quickly circumvented using only a network
sniffer? (Select TWO).
A.
B.
C.
D.
E.
MAC filtering
Disabled SSID broadcast
WPA2-Enterprise
EAP-TLS
WEP with 802.1x
Answer: AE
Section: (none)
QUESTION 86
Which of the following is a best practice to identify fraud from an employee in a sensitive position?
A.
B.
C.
D.
Acceptable usage policy

False positives
Mandatory vacations
Answer: B
Section: (none)
QUESTION 87
A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure
will not affect an individual server. Which of the following configurations will allow for high availability? (Select
TWO).
A.
B.
C.
D.
E.
Hardware RAID 5
Load sharing
Server clustering
Software RAID 1
Load balancing
Answer: AC
Section: (none)
QUESTION 88
Which of the following is performed during a security assessment?
A.
B.
C.
D.
Remediate the machines with incorrectly configured controls.

Quarantine the machines that have no controls in place.
Determine which controls are operating as intended.
Calculate the cost of bringing the controls back into compliance.
Answer: D
Section: (none)
QUESTION 89
In the context of authentication models the concept of identification is BEST described as which of the
following?
A.
B.
C.
D.
Providing identity documents to a new user based on approved paperwork.

Verifying that a user is authorized to access a computer system.
The last step in a three-factor authentication process.
Verifying that a user's identity matches a set of provided credentials.
Answer: D
Section: (none)
QUESTION 90
Which of the following provides the STRONGEST hashing?
A.
B.
C.
D.
AES512
SHA256
AES256
MD5
Answer: A
Section: (none)
QUESTION 91
Which of the following is the correct formula for calculating mean time to restore (MTTR)?
A.
B.
C.
D.
MTTR = (time of fail) / (time of restore)

MTTR = (time of fail) - (time of restore)
MTTR = (time of restore) - (time of fail)
MTTR = (time of restore) x (time of fail)
Answer: A
Section: (none)
QUESTION 92
Which of the following represents the complexity of a password policy which enforces lower case password
using letters from a through z where n is the password length?
A.
B.
C.
D.
n26
2n * 26
26n
n2 * 26
Answer: C
Section: (none)
QUESTION 93
MAC filtering is a form of which of the following?
A.
B.
C.
D.
Virtualization
Network Access Control
Virtual Private Networking
Network Address Translation
Answer: B
Section: (none)
QUESTION 94
Which of the following would BEST prevent the theft of laptops located in the corporate office?
A.
B.
C.
D.
Install security cameras inside the building.

Configure all laptops with passwords.
Require all employees to use company supplied device locks to secure the laptops.
Install locator software that sends its location back to the corporate office.
Answer: C
Section: (none)
QUESTION 95
Which of the following do environmental controls influence?
A.
B.
C.
D.
Wire shielding
Room lighting
Fire suppression
System availability
Answer: D
Section: (none)
QUESTION 96
Which of the following protocols would be the MOST secure method to transfer files from a host machine?
A.
B.
C.
D.
SFTP
WEP
TFTP
FTP
Answer: A
Section: (none)
QUESTION 97
Which of the following would be a reason the IT department would disallow the use of USB flash storage
devices?
A.
B.
C.
D.
The stored data might be out of date with networked-stored equivalents.

Users can inadvertently spread viruses.
Data stored on the device may be copyrighted.
Users might be using incompatible USB 1.0 technology.
Answer: B
Section: (none)
QUESTION 98
Which of the following is a vulnerability introduced into a hardware or software product by the developer?
A.
B.
C.
D.
Null session
Default account
Weak password
Back door
Answer: D
Section: (none)
QUESTION 99
A network device blocking incoming traffic which does not match an internal request for traffic is considered to
have:
A.
B.
C.
D.
stateful packet inspection.

behavior based heuristics.
an implicit allow rule.
URL filtering.
Answer: A
Section: (none)
QUESTION 100
Which of the following is the GREATEST security risk posed by removable media?
A.
B.
C.
D.
Disclosure of cryptographic algorithms

Loss of data integrity
Disclosure of public keys
Loss of confidential data
Answer: D
Section: (none)
QUESTION 101
Which of the following operating system characteristics allows malware propagation via USB storage devices?
(Select TWO).
A. Small size
B.
C.
D.
E.
Autorun
Large memory space
Mobility
Plug 'n play
Answer: BE
Section: (none)
QUESTION 102
ARP poison routing attacks are an example of which of the following?
A.
B.
C.
D.
Distributed Denial of Service

Smurf Attack
Man-in-the-middle
Vishing
Answer: C
Section: (none)
QUESTION 103
Which of the following logical access control methods would a security administrator need to modify in order
to control network traffic passing through a router to a different network?
A.
B.
C.
D.
Configuring VLAN 1
ACL
Logical tokens
Role-based access control changes
Answer: B
Section: (none)
QUESTION 104
Which of the following tools limits external access to the network?
A.
B.
C.
D.
IDS
VLAN
Firewall
DMZ
Answer: C
Section: (none)
QUESTION 105
Which of the following tools was created for the primary purpose of reporting the services that are open for
connection on a networked workstation?
A.
B.
C.
D.
Protocol analyzer
Port scanner
Password crackers
Vulnerability scanner
Answer: B
Section: (none)
QUESTION 106
Which of the following is MOST likely to be an issue when turning on all auditing functions within a system?
A.
B.
C.
D.
Flooding the network with all of the log information

Lack of support for standardized log review tools
Too much information to review
Too many available log aggregation tools
Answer: C
Section: (none)
QUESTION 107
Upon opening the browser, a guest user is redirected to the company portal and asked to agree to the
acceptable use policy. Which of the following is MOST likely causing this to appear?
A.
B.
C.
D.
NAT
NAC
VLAN
DMZ
Answer: B
Section: (none)
QUESTION 108
USB devices with a virus delivery mechanism are an example of which of the following security threats?
A.
B.
C.
D.
Adware
Trojan
Botnets
Logic bombs
Answer: B
Section: (none)
QUESTION 109
Cell phones with network access and the ability to store data files are susceptible to which of the following
risks?
A.
B.
C.
D.
Input validation errors

SMTP open relays
Viruses
Logic bombs
Answer: C
Section: (none)
QUESTION 110
When establishing a connection between two IP based routers, which of the following protocols is the MOST
secure?
A.
B.
C.
D.
TFTP
HTTPS
FTP
SSH
Answer: D
Section: (none)
QUESTION 111
Which of the following algorithms provides better protection against brute force attacks by using a 160-bit
message digest?
A.
B.
C.
D.
MD5
SHA-1
LANMAN
NTLM
Answer: B
Section: (none)
QUESTION 112
Which of the following access control technologies provides a rolling password for one-time use?
A.
B.
C.
D.
RSA tokens
ACL
Multifactor authentication
PIV card
Answer: A
Section: (none)
QUESTION 113
Which of the following technologies is used to verify that a file was not altered?
A.
B.
C.
D.
RC5
AES
DES
MD5
Answer: D
Section: (none)
QUESTION 114
Which of the following uses an RC4 key that can be discovered by eavesdropping on plain text initialization
vectors?
A.
B.
C.
D.
WEP
TKIP
SSH
WPA
Answer: A
Section: (none)
QUESTION 115
An administrator wants to crack passwords on a server with an account lockout policy. Which of the following
would allow this without locking accounts?
A.
B.
C.
D.
Try guessing passwords slow enough to reset the bad count interval.
Try guessing passwords with brute force.
Copy the password file offline and perform the attack on it.
Try only real dictionary words.
Answer: C
Section: (none)
QUESTION 116
A user reports that each time they attempt to go to a legitimate website, they are sent to an inappropriate
website. The security administrator suspects the user may have malware on the computer, which manipulated
some of the user's files. Which of the following files on the user's system would need to be checked for
unauthorized changes?
A.
B.
C.
D.
SAM
LMhosts
Services
Hosts
Answer: D
Section: (none)
QUESTION 117
An administrator needs to limit and monitor the access users have to the Internet and protect the internal
network. Which of the following would MOST likely be implemented?
A.
B.
C.
D.
A heuristic firewall
DNS caching on the client machines
A pushed update modifying users' local host file
A content-filtering proxy server
Answer: D
Section: (none)
QUESTION 118
Which of the following is a malicious program used to capture information from an infected computer?
A. Trojan
B. Botnet
C. Worm
D. Virus
Answer: A
Section: (none)
QUESTION 119
The security administrator needs to make a change in the network to accommodate a new remote location.
The new location will be connected by a serial interface, off the main router, through a commercial circuit.
This remote site will also have traffic completely separated from all other traffic. Which of the following design
elements will need to be implemented to accommodate the new location?
A.
B.
C.
D.
VLANs need to be added on the switch but not the router.

The NAT needs to be re-configured to allow the remote location.
The current IP scheme needs to be subnetted.
The switch needs to be virtualized and a new DMZ needs to be created
Answer: C
Section: (none)
QUESTION 120
Which of the following is the MOST secure authentication method?
A.
B.
C.
D.
Smartcard
Iris
Password
Fingerprints
Answer: B
Section: (none)
QUESTION 121
Mitigating security risks by updating and applying hot fixes is part of:
A.
B.
C.
D.
patch management.
vulnerability scanning.
baseline reporting.
penetration testing.
Answer: A
Section: (none)
QUESTION 122
When reviewing IDS logs, the security administrator notices many events pertaining to a "NOOP sled". Which
of the following attacks is occurring?
A.
B.
C.
D.
Man-in-the-middle
SQL injection
Buffer overflow
Session hijacking
Answer: C
Section: (none)
QUESTION 123
Which of the following is the MAIN difference between a hotfix and a patch?
A.
B.
C.
D.
Hotfixes follow a predetermined release schedule while patches do not.

Hotfixes are smaller than patches.
Hotfixes may be released at anytime and will later be included in a patch.
Patches can only be applied after obtaining proper approval, while hotfixes do not need management
approval
Answer: C
Section: (none)
QUESTION 124
A vulnerability assessment was conducted against a network. One of the findings indicated an out- dated
version of software. This is an example of weak:
A.
B.
C.
D.
security policies.
patch management.
acceptable use policies.
configuration baselines.
Answer: B
Section: (none)
QUESTION 125
Which of the following tools can execute a ping sweep?
A.
B.
C.
D.
Protocol analyzer
Anti-virus scanner
Network mapper
Password cracker
Answer: C
Section: (none)
QUESTION 126
Which of the following is a newer version of SSL?
A.
B.
C.
D.
SSH
IPSec
TLS
L2TP
Answer: C
Section: (none)
QUESTION 127
A technician visits a customer site which prohibits portable data storage devices. Which of the following items
would be prohibited? (Select TWO).
A.
B.
C.
D.
E.
USB Memory key

Bluetooth-enabled cellular phones
Wireless network detectors
Key card
Items containing RFID chips
Answer: AB
Section: (none)
QUESTION 128
Which of the following is used when performing a qualitative risk analysis?
A. Exploit probability
B. Judgment
C. Threat frequency
D. Asset value
Answer: A
Section: (none)
QUESTION 129
A certificate has been revoked, and the administrator has issued new keys. Which of the following must now
be performed to exchange encrypted email?
A.
B.
C.
D.
Exchange private keys with each other

Recover old private keys
Recover old public keys
Exchange public keys with each other
Answer: D
Section: (none)
QUESTION 130
Exploitation of security vulnerabilities is used during assessments when which of the following is true?
A.
B.
C.
D.
Security testers have clear and written authorization to conduct vulnerability scans.
Security testers are trying to document vulnerabilities without impacting network operations.
Network users have permissions allowing access to network devices with security weaknesses.
Security testers have clear and written authorization to conduct penetration testing.
Answer: D
Section: (none)
QUESTION 131
Which of the following should a technician deploy to detect malicious changes to the system and
configuration?
A.
B.
C.
D.
Pop-up blocker
File integrity checker
Anti-spyware
Firewall
Answer: B
Section: (none)
QUESTION 132
In order to prevent data loss in case of a disk error which of the following options would an administrator
MOST likely deploy?
A.
B.
C.
D.
Redundant connections
RAID
Disk striping
Redundant power supplies
Answer: B
Section: (none)
QUESTION 133
A technician has installed security software; shortly thereafter the response time slows considerably. Which of
the following can be used to determine the effect of the new software?
A.
B.
C.
D.
Event logs
System monitor
Performance monitor
Protocol analyzer
Answer: C
Section: (none)
QUESTION 134
After installing database software the administrator must manually change the default administrative
password, remove a default database, and adjust permissions on specific files.
These actions are BEST described as:
A.
B.
C.
D.
vulnerability assessment.
mandatory access control.
application hardening.
least privilege
Answer: C
Section: (none)
QUESTION 135
Which of the following is the BEST mitigation method to implement when protecting against a discovered OS
exploit?
A.
B.
C.
D.
NIDS
Patch
Antivirus update
HIDS
Answer: B
Section: (none)
QUESTION 136
Which of the following is the primary concern of governments in terms of data security?
A.
B.
C.
D.
Integrity
Availability
Cost
Confidentiality
Answer: D
Section: (none)
QUESTION 137
Which of the following is BEST used to change common settings for a large number of deployed computers?
A.
B.
C.
D.
Group policies
Hotfixes
Configuration baselines
Security templates
Answer: A
Section: (none)
QUESTION 138
Which of the following solutions would a company be MOST likely to choose if they wanted to conserve rack
space in the data center and also be able to manage various resources on the servers?
A.
B.
C.
D.
Install a manageable, centralized power and cooling system

Server virtualization
Different virtual machines on a local workstation
Centralize all blade servers and chassis within one or two racks
Answer: B
Section: (none)
QUESTION 139
A rogue wireless network is showing up in the IT department. The network appears to be coming from a
printer that was installed. Which of the following should have taken place, prior to this printer being installed,
to prevent this issue?
A.
B.
C.
D.
Installation of Internet content filters to implement domain name kiting.

Penetration test of the network to determine any further rogue wireless networks in the area.
Conduct a security review of the new hardware to determine any possible security risks.
Implement a RADIUS server to authenticate all users to the wireless network.
Answer: C
Section: (none)
QUESTION 140
Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?
A.
B.
C.
D.
Eavesdropping
Process hiding
Self-replication
Popup displays
Answer: C
Section: (none)
QUESTION 141
Which of the following is used to generate keys in PKI?
A.
B.
C.
D.
AES
RSA
DES
3DES
Answer: B
Section: (none)
QUESTION 142
Which of the following methods is a best practice for granting access to resources?
A.
B.
C.
D.
Add ACLs to computers; add computers to groups.

Add ACLs to users; add users to groups.
Add users to ACLs; add computers to groups.
Add groups to ACLs; add users and computers to groups.
Answer: D
Section: (none)
QUESTION 143
Which of the following may cause a user, connected to a NAC-enabled network, to not be prompted for
credentials?
A.
B.
C.
D.
The user's PC is missing the authentication agent.

The user's PC is not fully patched.
The user's PC is not at the latest service pack.
The user's PC has out-of-date antivirus software.
Answer: A
Section: (none)
QUESTION 144
When used to encrypt transmissions, which of the following is the MOST resistant to brute force attacks?
A.
B.
C.
D.
SHA
MD5
3DES
AES256
Answer: D
Section: (none)
QUESTION 145
Which of the following BEST describes how the private key is handled when connecting to a secure web
server?
A.
B.
C.
D.
The key is not shared and remains on the server

Anyone who connects receives the key
Only users from configured IP addresses received the key
All authenticated users receive the key
Answer: A
Section: (none)
QUESTION 146
A user visits their normal banking website. The URL is correct and the website is displayed in the browser, but
the user gets an SSL warning that the SSL certificate is invalid as it is signed by an unknown authority. Which
of the following has occurred?
A.
B.
C.
D.
Domain name kiting

Replay attack
Man-in-the-middle attack
Answer: D
Section: (none)
QUESTION 147
A technician reviews the system log entries for an internal DNS server. Which of the following entries MOST
warrants further investigation?
A.
B.
C.
D.
DNS query from a source outside the organization

DNS query from a source inside the organization
Zone transfer to a source inside the organization
Zone transfer to a source outside the organization
Answer: D
Section: (none)
QUESTION 148
Monitoring a computer's logs and critical files is part of the functionality of a
A.
B.
C.
D.
NIPS.
HIDS.
firewall.
honeypot.
Answer: B
Section: (none)
QUESTION 149
Which of the following can be implemented as an OS hardening practice to mitigate risk?
A.
B.
C.
D.
Domain name kiting

Removable storage
Input validation
Security templates
Answer: D
Section: (none)
QUESTION 150
Continuously documenting state and location of hardware from collection to disposition during a forensic
investigation is known as:
A.
B.
C.
D.
risk mitigation.
data handling.
chain of custody.
incident response.
Answer: C
Section: (none)
QUESTION 151
Which of the following is an example of two factor authentication?
A.
B.
C.
D.
PIN and password

Smartcard and token
Smartcard and PIN
Fingerprint and retina scan
Answer: C
Section: (none)
QUESTION 152
Which of the following uses a three-way-handshake for authentication and is commonly used in PPP
connections?
A. MD5
B. CHAP
C. Kerberos
D. SLIP
Answer: B
Section: (none)
QUESTION 153
A security analyst has been notified that one of the web servers has stopped responding to web traffic. The
network engineer also reports very high bandwidth utilization to and from the Internet. Which of the following
logs is MOST likely to be helpful in finding the cause and source of the problem?
A.
B.
C.
D.
Access log
Event log
System log
Firewall log
Answer: D
Section: (none)
QUESTION 154
Which of the following ports would need to be open to allow TFTP by default?
A.
B.
C.
D.
69
110
137
339
Answer: A
Section: (none)
QUESTION 155
Which of the following transmission types would an attacker most likely use to try to capture data packets?
A.
B.
C.
D.
Shielded twisted pair

Fiberoptic
Bluesnarfing
Wireless
Answer: D
Section: (none)
QUESTION 156
Which of the following describes a port that is left open in order to facilitate access at a later date?
A.
B.
C.
D.
Honeypot
Proxy server
Open relay
Backdoor
Answer: D
Section: (none)
QUESTION 157
Which of the following is often bundled with freely downloaded software?
A.
B.
C.
D.
Cookies
Logic bomb
Adware
Spam
Answer: C
Section: (none)
QUESTION 158
Which of the following security types would require the use of certificates to verify a user's identity?
A.
B.
C.
D.
Forensics
CRL
PKI
Kerberos
Answer: C
Section: (none)
QUESTION 159
Which of the following can increase risk? (Select TWO]
A.
B.
C.
D.
E.
Vulnerability
Mantrap
Configuration baselines
Threat source
Mandatory vacations
Answer: AD
Section: (none)
QUESTION 160
An administrator believes a user is secretly transferring company information over the Internet. The network
logs do not show any non-standard traffic going through the firewall. Which of the following tools would allow
the administrator to better evaluate the contents of the network traffic?
A.
B.
C.
D.
Network anomaly detection
Protocol analyzer
Proxy server
Answer: C
Section: (none)
QUESTION 161
Which of the following monitoring technology types is MOST dependent on receiving regular updates?
A.
B.
C.
D.
Signature-based
Kerberos-based
Behavior-based
Anomaly-based
Answer: A
Section: (none)
QUESTION 162
A company has just recovered from a major disaster. Which of the following should signify the completion of a
disaster recovery?
A. Verify all servers are back online and working properly.
B. Update the disaster recovery plan based on lessons learned.
C. Conduct post disaster recovery testing.

D. Verify all network nodes are back online and working properly.
Answer: B
Section: (none)
QUESTION 163
Which of the following is a public key cryptosystem?
A.
B.
C.
D.
RSA
SHA-1
3DES
MD5
Answer: A
Section: (none)
QUESTION 164
A user tries to plug their laptop into the company's network and receives a warning that their patches and virus
definitions are out-of-date. This is an example of which of the following mitigation techniques?
A.
B.
C.
D.
NAT
Honeypot
NAC
Subnetting
Answer: C
Section: (none)
QUESTION 165
A file has been compromised with corrupt data and might have additional information embedded within it.
Which of the following actions should a security administrator follow in order to ensure data integrity of the file
on that host?
A.
B.
C.
D.
Disable the wireless network and copy the data to the next available USB drive to protect the data
Perform proper forensics on the file with documentation along the way.
Begin chain of custody for the document and disallow access.
Run vulnerability scanners and print all reports of all diagnostic results.
Answer: B
Section: (none)
QUESTION 166
Every company workstation contains the same software prior to being assigned to workers. Which of the
following software options would give remote users the needed protection from outside attackers when they
are outside of the company's internal network?
A.
B.
C.
D.
HIDS
Personal firewall
NIPS
Answer: C
Section: (none)
QUESTION 167
To ensure users are logging into their systems using a least privilege method, which of the following should be
done?
A.
B.
C.
D.
Create a user account without administrator privileges.

Employ a BIOS password that differs from the domain password.
Enforce a group policy with the least amount of account restrictions.
Allow users to determine their needs and access to resources.
Answer: A
Section: (none)
QUESTION 168
A recent security audit shows an organization has been infiltrated with a former administrator's credentials.
Which of the following would be the BEST way to mitigate the risk of this vulnerability?
A.
B.
C.
D.
Conduct periodic audits of disaster recovery policies.

Conduct periodic audits of password policies.
Conduct periodic audits of user access and rights.
Conduct periodic audits of storage and retention policies.
Answer: C
Section: (none)
QUESTION 169
A security administrator is analyzing the packet capture from an IDS triggered filter. The packet capture shows
the following string:<scrip>source=http://www.evilsite.jp/evil.js</script>
Which of the following attacks is occurring?
A.
B.
C.
D.
SQL injection
Redirection attack
XLM injection
Answer: C
Section: (none)
QUESTION 170
A user wants to edit a file that they currently have read-only rights to; however, they are unable to provide a
business justification, so the request is denied. This is the principle of:
A.
B.
C.
D.
separation of duties.
job-based access control
least privilege.
remote access policy.
Answer: C
Section: (none)
QUESTION 171
Which of the following concepts addresses the threat of data being modified without authorization?
A.
B.
C.
D.
Integrity
Key management
Availability
Non-repudiation
Answer: A
Section: (none)
QUESTION 172
An attacker sends packets to a host in hopes of altering the host's MAC table. Which of the following is the
attacker attempting to do?
A. Port scan
B. Privilege escalation
C. DNS spoofing
D. ARP poisoning
Answer: D
Section: (none)
QUESTION 173
Which of the following is a best practice for organizing users when implementing a least privilege model?
A.
B.
C.
D.
By function
By department
By geographic location
By management level
Answer: A
Section: (none)
QUESTION 174
Which of the following describes how long email messages are available in case of a subpoena?
A.
B.
C.
D.
Backup procedures
Retention policy
Backup policy
Email server configuration
Answer: B
Section: (none)
QUESTION 175
Management would like to know if anyone is attempting to access files on the company file server. Which of
the following could be deployed to BEST provide this information?
A.
B.
C.
D.
Software firewall
Hardware firewall
HIDS
NIDS
Answer: C
Section: (none)
QUESTION 176
Which of the following is the correct risk assessment equation?
A.
B.
C.
D.
Risk = exploit x number of systems x cost of asset

Risk = infections x number of days infected x cost of asset
Risk = threat x vulnerability x cost of asset
Risk = vulnerability x days unpatched x cost of asset
Answer: C
Section: (none)
QUESTION 177
Which of the following is of the GREATEST concern in regard to a rogue access point?
A. Rogue access points are hard to find and remove from the network.
B. Rogue access points can scan the company's wireless networks and find other unencrypted and rouge
access points.
C. The radio signal of the rogue access point interferes with company approved access points.
D. Rogue access points can allow unauthorized users access the company's internal networks.
Answer: D
Section: (none)
QUESTION 178
The process of validating a user's claimed identity is called
A.
B.
C.
D.
identification.
authorization.
validation.
repudiation.
Answer: A
Section: (none)
QUESTION 179
Which of the following is a benefit of utilizing virtualization technology?
A. Lowered cost of the host machine
B. Less overhead cost of software licensing

C. Streamline systems to a single OS
D. Fewer systems to monitor physical access
Answer: D
Section: (none)
QUESTION 180
The security administrator wants to increase the cipher strength of the company's internal root certificate.
Which of the following would the security administer use to sign a stronger root certificate?
A.
B.
C.
D.
Certificate authority
Registration authority
Key escrow
Trusted platform module
Answer: A
Section: (none)
QUESTION 181
Which of the following describes a semi-operational site that in the event of a disaster, IT operations can be
migrated?
A.
B.
C.
D.
Hot site
Warm site
Mobile site
Cold site
Answer: B
Section: (none)
QUESTION 182
Which of the following devices hooks into a LAN and captures traffic?
A.
B.
C.
D.
Protocol analyzer
Protocol filter
Penetration testing tool
Vulnerability assessment tool
Answer: A
Section: (none)
QUESTION 183
When assessing a network containing resources that require near 100% availability, which of the following
techniques should be employed to assess overall security?
A.
B.
C.
D.
Penetration testing
Vulnerability scanning
User interviews
Documentation reviews
Answer: B
Section: (none)
QUESTION 184
Which of the following would MOST likely contain a <SCRIPT> tag?
A.
B.
C.
D.
Cookies
XSS
DOS
Buffer overflow
Answer: B
Section: (none)
QUESTION 185
Which of the following is a reason why wireless access points should not be placed near a building's
perimeter?
A.
B.
C.
D.
Rouge access points

Vampire taps
Port scanning
War driving
Answer: D
Section: (none)
QUESTION 186
A new enterprise solution is currently being evaluated due to its potential to increase the company's profit
margins. The security administrator has been asked to review its security implications. While evaluating the
product, various vulnerability scans were performed. It was determined that the product is not a threat but has
the potential to introduce additional vulnerabilities. Which of the following assessment types should the
security administrator also take into consideration while evaluating this product?
A.
B.
C.
D.
Threat assessment
Code assessment
Risk assessment
Answer: D
Section: (none)
QUESTION 187
Which of the following tools BEST identifies the method an attacker used after they have entered into a
network?
A.
B.
C.
D.
Input validation
NIDS
Port scanner
HIDS
Answer: B
Section: (none)
QUESTION 188
Which of the following is a major risk associated with cloud computing?
A.
B.
C.
D.
Loss of physical control over data

Increased complexity of qualitative risk assessments
Smaller attack surface
Data labeling challenges
Answer: A
Section: (none)
QUESTION 189
Which of the following is MOST likely the reason why a security administrator would run a Nessus report on
an important server?
A.
B.
C.
D.
To analyze packets and frames

To report on the performance of the system
To scan for vulnerabilities
To enumerate and crack weak system passwords
Answer: C
Section: (none)
QUESTION 190
Which of the following BEST describes how the mandatory access control (MAC) method works?
A.
B.
C.
D.
It is an access policy based on a set of rules.

It is an access policy based on the role that the user has in an organization.
It is an access policy based on biometric technologies.
It is an access policy that restricts access to objects based on security clearance.
Answer: D
Section: (none)
QUESTION 191
Using a smartcard and a physical token is considered how many factors of authentication?
A.
B.
C.
D.
One
Two
Three
Four
Answer: A
Section: (none)
QUESTION 192
Which of the following protocols is considered more secure than SSL?
A.
B.
C.
D.
TLS
WEP
HTTP
Telnet
Answer: A
Section: (none)
QUESTION 193
A NIDS monitoring traffic on the public-side of a firewall provides which of the following?
A.
B.
C.
D.
Faster alerting to internal compromises

Intelligence about external threats
Protection of the external firewall interface
Prevention of malicious traffic
Answer: B
Section: (none)
QUESTION 194
Which of the following is an important part of disaster recovery training?
A.
B.
C.
D.
Schemes
Storage locations
Chain of custody
Table top exercises
Answer: D
Section: (none)
QUESTION 195
Which of the following would a network administrator implement to control traffic being routed between
networks or network segments in an effort to preserve data confidentiality?
A.
B.
C.
D.
NAT
Group policies
Password policies
ACLs
Answer: D
Section: (none)
QUESTION 196
The security administrator wants each user to individually decrypt a message but allow anybody to encrypt it.
Which of the following MUST be implemented to allow this type of authorization?

A.
B.
C.
D.
Use of digital certificates

Use of public keys only
Use of private keys only
Use of public and private keys
Answer: D
Section: (none)
QUESTION 197
A security administrator is analyzing the packet capture from an IDS triggered filter. The packet capture shows
the following string: a or1 ==1-Which of the following attacks is occurring?
A.
B.
C.
D.
XML injection
Buffer overflow
SQL injection
Answer: D
Section: (none)
QUESTION 198
Which of the following has been implemented if several unsuccessful login attempts were made in a short
period of time denying access to the user account, and after two hours the account becomes active?
A.
B.
C.
D.
Account lockout
Password expiration
Password disablement
Screen lock
Answer: A
Section: (none)
QUESTION 199
Which of the following BEST describes an intrusion prevention system?
A. A system that stops an attack in progress.
B. A system that allows an attack to be identified.
C. A system that logs the attack for later analysis.

D. A system that serves as a honeypot.
Answer: A
Section: (none)
QUESTION 200
In the event of a disaster, in which the main datacenter is immediately shutdown, which of the following would
a company MOST likely use with a minimum Recovery Time Objective?
A.
B.
C.
D.
Fault tolerance
Hot site
Cold site
Tape backup restoration
Answer: B
Section: (none)
QUESTION 201
Which of the following methods involves placing plain text data within a picture or document?
A.
B.
C.
D.
Steganography
Digital signature
Transport encryption
Stream cipher
Answer: A
Section: (none)
QUESTION 202
Which of the following is a detective security control?
A.
B.
C.
D.
CCTV
Firewall
Design reviews
Bollards
Answer: A
Section: (none)
QUESTION 203
Which of the following can cause hardware based drive encryption to see slower deployment?
A.
B.
C.
D.
A lack of management software

USB removable drive encryption
Role/rule-based access control
Multifactor authentication with smart cards
Answer: B
Section: (none)
QUESTION 204
Which of the following is a reason to implement Kerberos over local system authentication?
A.
B.
C.
D.
Authentication to multiple devices

Centralized file integrity protection
Non-repudiation
Greater password complexity
Answer: A
Section: (none)
QUESTION 205
Which of the following should a security administrator implement to ensure there are no security holes in the
OS?
A.
B.
C.
D.
Encryption protocols
Firewall definitions
Patch management
Virus definitions
Answer: C
Section: (none)
QUESTION 206
Which of the following cipher types is used by AES?
A.
B.
C.
D.
Block
Fourier
Stream
Turing
Answer: A
Section: (none)
QUESTION 207
Which of the following control systems is used to maintain proper environmental conditions in a datacenter?
A.
B.
C.
D.
HVAC
Bollards
CCTV
Mantrap
Answer: A
Section: (none)
QUESTION 208
A penetration test shows that almost all database servers were able to be compromised through a default
database user account with the default password. Which of the following is MOST likely missing from the
operational procedures?
A.
B.
C.
D.
Application hardening
OS hardening
Application patch management
SQL injection
Answer: B
Section: (none)
QUESTION 209
A user reports that their 802.11n capable interface connects and disconnects frequently to an access point
that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their
wireless network breached last month. Which of the following is MOST likely causing the disconnections?
A. An attacker inside the company is performing a bluejacking attack on the user's laptop.
B. Another user's Bluetooth device is causing interference with the Bluetooth on the laptop.
C. The new access point was mis-configured and is interfering with another nearby access point.
D. The attacker that breached the nearby company is in the parking lot implementing a war driving attack.
Answer: C
Section: (none)
QUESTION 210
Which of the following facilitates computing for heavily utilized systems and networks?
A.
B.
C.
D.
Remote access
Provider cloud
VPN concentrator
Telephony
Answer: C
Section: (none)
QUESTION 211
A security administrator finished taking a forensic image of a computer's memory. Which of the following
should the administrator do to ensure image integrity?
A.
B.
C.
D.
Run the image through AES128.

Run the image through a symmetric encryption algorithm.
Compress the image to a password protected archive.
Run the image through SHA256.
Answer: D
Section: (none)
QUESTION 212
Which of the following is a reason to use TACACS+ over RADIUS?
A.
B.
C.
D.
Combines authentication and authorization

Encryption of all data between client and server
TACACS+ uses the UDP protocol
TACACS+ has less attribute-value pairs
Answer: B
Section: (none)
QUESTION 213
A customer has called a company to report that all of their computers are displaying a rival company's website
when the user types the correct URL into the browser. All of the other websites the user visits work correctly
and other customers are not having this issue. Which of the following has MOST likely occurred?
A.
B.
C.
D.
The website company has a misconfigured firewall.

The customer has a virus outbreak.
The customer's DNS has been poisoned.
The company's website has been attacked by the rival company
Answer: C
Section: (none)
QUESTION 214
A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which of the
following?
A.
B.
C.
D.
Whaling
Bluesnarfing
Vishing
Dumpster diving
Answer: A
Section: (none)
QUESTION 215
Which of the following describes an attack technique by which an intruder gains physical access by following
an authorized user into a facility before the door is closed?
A.
B.
C.
D.
Shoulder surfing
Tailgating
Escalation
Impersonation
Answer: B
Section: (none)
QUESTION 216
Which of the following should be reviewed periodically to ensure a server maintains the correct security
configuration?
A.
B.
C.
D.
NIDS configuration
Firewall logs
User rights
Incident management
Answer: B
Section: (none)
QUESTION 217
Which of the following is true when a user browsing to an HTTPS site receives the message: a Site name
mismatch'?
A.
B.
C.
D.
The certificate CN is different from the site DNS A record.

The CA DNS name is different from the root certificate CN.
The certificate was issued by the intermediate CA and not by the root CA.
The certificate file name is different from the certificate CN.
Answer: A
Section: (none)
QUESTION 218
Which of the following will contain a list of unassigned public IP addresses?
A.
B.
C.
D.
TCP port
802.1x
Loop protector
Firewall rule
Answer: D
Section: (none)
QUESTION 219
DRPs should contain which of the following?
A. Hierarchical list of non-critical personnel
B. Hierarchical list of critical systems
C. Hierarchical access control lists

D. Identification of single points of failure
Answer: B
Section: (none)
QUESTION 220
Which of the following access control methods provides the BEST protection against attackers logging on as
authorized users?
A.
B.
C.
D.
Require a PIV card

Utilize time of day restrictions
Implement implicit deny
Utilize separation of duties
Answer: D
Section: (none)
QUESTION 221
Several PCs are running extremely slow all of a sudden. Users of the PCs report that they do a lot of web
browsing and explain that a disgruntled employee from their department was recently fired. The security
administrator observes that all of the PCs are attempting to open a large number of connections to the same
destination. Which of the following is MOST likely the issue?
A.
B.
C.
D.
A logic bomb has been installed by the former employee

A man-in-the-middle attack is taking place.
The PCs have downloaded adware.
The PCs are being used in a botnet
Answer: D
Section: (none)
QUESTION 222
Which of the following is the BEST way to secure data for the purpose of retention?
A.
B.
C.
D.
Off-site backup
RAID 5 on-site backup
On-site clustering
Virtualization
Answer: A
Section: (none)
QUESTION 223
In the event of a disaster resulting in the loss of their data center, a company had determined that they will
need to be able to be back online within an hour or two, with all systems being fully up to date. Which of the
following would BEST meet their needs?
A.
B.
C.
D.
Off-site storage of backup tapes

A hot backup site
A cold backup site
A warm backup site
Answer: B
Section: (none)
QUESTION 224
Which of the following has a programmer MOST likely failed to consider if a user entering improper input is
able to compromise the integrity of data?
A.
B.
C.
D.
SDLM
Error handling
Data formatting
Input validation
Answer: D
Section: (none)
QUESTION 225
Which of the following provides EMI protection?
A.
B.
C.
D.
STP
UTP
Grounding
Anti-static wrist straps
Answer: A
Section: (none)
QUESTION 226
A user reports that a web browser stopped working after it was updated. Which of the following BEST
describes a probable cause of failure?
A.
B.
C.
D.
The browser was previously compromised and corrupted during the update.
Anti-spyware is preventing the browser from accessing the network.
A faulty antivirus signature has identified the browser as malware.
A network based firewall is blocking the browser as it has been modified.
Answer: D
Section: (none)
QUESTION 227
Which of the following devices is MOST likely to be installed to prevent malicious attacks?
A.
B.
C.
D.
VPN concentrator
Firewall
NIDS
Protocol analyzer
Answer: B
Section: (none)
QUESTION 228
Which of the following would allow traffic to be redirected through a malicious machine by sending false
hardware address updates to a switch?
A.
B.
C.
D.
ARP poisoning
MAC spoofing
pWWN spoofing
DNS poisoning
Answer: B
Section: (none)
QUESTION 229
Which of the following protocols uses UDP port 69 by default?
A. Kerberos
B. TFTP
C. SSH
D. DNS
Answer: B
Section: (none)
QUESTION 230
Which of the following would a security administrator use to diagnose network issues?
A.
B.
C.
D.
Proxy
Host-based firewall
Protocol analyzer
Gateway
Answer: C
Section: (none)
QUESTION 231
Which of the following should be implemented on a mobile phone to help prevent a conversation from being
captured?
A.
B.
C.
D.
Device encryption
Voice encryption
GPS tracking
Sniffer
Answer: B
Section: (none)
QUESTION 232
A user wishes to encrypt only certain files and folders within a partition. Which of the following methods should
a technician recommend?
A.
B.
C.
D.
EFS
Partition encryption
Full disk
BitLocker
Answer: A
Section: (none)
QUESTION 233
Centrally authenticating multiple systems and applications against a federated user database is an example
of:
A.
B.
C.
D.
smart card.
common access card.
single sign-on.
access control list.
Answer: C
Section: (none)
QUESTION 234
Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?
A.
B.
C.
D.
Eavesdropping
Process hiding
Self-replication
Popup displays
Answer: C
Section: (none)
QUESTION 235
A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remote
branch. Which of the following protocols should be used for the tunnel?
A.
B.
C.
D.
RTP
SNMP
IPSec
802.1X
Answer: C
Section: (none)
QUESTION 236
Which of the following uses tickets to identify users to the network?
A.
B.
C.
D.
RADIUS
LDAP
TACACS+
Kerberos
Answer: D
Section: (none)
QUESTION 237
Which of the following forensic artifacts is MOST volatile?
A.
B.
C.
D.
CD-ROM
Filesystem
Random access memory
Network topology
Answer: C
Section: (none)
QUESTION 238
A security administrator notices an unauthorized vehicle roaming the area on company grounds. The security
administrator verifies that all network connectivity is up and running and that no unauthorized wireless devices
are being used to authenticate other devices; however, the administrator does notice an unusual spike in
bandwidth usage. This is an example of which of the following attacks?
A.
B.
C.
D.
Rogue access point

Bluesnarfing
Evil twin
War driving
Answer: D
Section: (none)
QUESTION 239
Which of the following is a best practice when securing a switch from physical access?
A.
B.
C.
D.
Disable unnecessary accounts

Print baseline configuration
Enable access lists
Disable unused ports
Answer: D
Section: (none)
QUESTION 240
Risk can be managed in the following ways EXCEPT:
A.
B.
C.
D.
mitigation.
acceptance.
elimination.
transference.
Answer: D
Section: (none)
QUESTION 241
A security administrator needs to implement a wireless system that will only be available within a building.
Which of the following configurations can the administrator modify to achieve this? (Select TWO).
A.
B.
C.
D.
E.
Proper AP placement
Disable SSID broadcasting
Use CCMP
Enable MAC filtering
Reduce the power levels
Answer: AD
Section: (none)
QUESTION 242
Which of the following environmental variables reduces the potential for static discharges?
A.
B.
C.
D.
EMI
Temperature
UPS
Humidity
Answer: D
Section: (none)
QUESTION 243
Which of the following is an example of implementing security using the least privilege principle?
A.
B.
C.
D.
Confidentiality
Availability
Integrity
Non-repudiation
Answer: B
Section: (none)
QUESTION 244
A user reports that the spreadsheet they use for the department will not open. The spreadsheet is located on a
server that was recently patched. Which of the following logs would the technician review FIRST?
A.
B.
C.
D.
Access
Firewall
Antivirus
DNS
Answer: A
Section: (none)
QUESTION 245
Which of the following helps prevent a system from being fingerprinted?
A.
B.
C.
D.
Personal firewall
Complex passwords
Anti-spam software
OS patching
Answer: A
Section: (none)
QUESTION 246
An attacker captures valid wireless traffic in hopes of transmitting it repeatedly to generate enough traffic to
discover the encryption key. Which of the following is the attacker MOST likely using?
A. War driving
B. Replay attack
C. Bluejacking
D. DNS poisoning
Answer: B
Section: (none)
QUESTION 247
Which of the following is an authentication method that uses symmetric key encryption and a key distribution
center?
A.
B.
C.
D.
MS-CHAP
Kerberos
802.1x
EAP
Answer: B
Section: (none)
QUESTION 248
Which of the following is a preventative physical security measure?
A.
B.
C.
D.
Video surveillance
External lighting
Physical access log
Access control system
Answer: D
Section: (none)
QUESTION 249
An employee keeps getting pop-ups from a program on their computer stating it blocked an attacking IP
address. Which of the following security applications BEST explains this behavior?
A.
B.
C.
D.
Antivirus
Anti-spam
Personal firewall
Pop-up blocker
Answer: C
Section: (none)
QUESTION 250
A Maintenance Manager requests that a new group be created for a new development project, concerning
power distribution, in order to email and setup conference meetings to the whole project team. Which of the
following group types would need to be created?
A.
B.
C.
D.
Default power users

Restricted group
Distribution
Security
Answer: C
Section: (none)
QUESTION 251
Which of the following is an example of data obfuscation within a data stream?
A.
B.
C.
D.
Cryptography
Steganography
Hashing
Fuzzing
Answer: A
Section: (none)
QUESTION 252
Which of the following is a malicious program that infects a host computer and has the ability to replicate
itself?
A.
B.
C.
D.
Spyware
Virus
Rootkit
Spam
Answer: B
Section: (none)
QUESTION 253
Which of the following concepts is applied FIRST when a user logs into a domain?
A.
B.
C.
D.
Virealization
Non-repudiation
Authorization
Identification
Answer: D
Section: (none)
QUESTION 254
Which of the following tools will allow a technician to detect devices and associated IP addresses on the
network?
A.
B.
C.
D.
Network intrusion detection software

Network mapping software
Port scanner
Protocol analyzers
Answer: B
Section: (none)
QUESTION 255
An application programmer at a company conducts security assessments and reports findings to senior
management. Which of the following principles does this scenario violate?
A.
B.
C.
D.
Job rotation
Least privilege
Answer: A
Section: (none)
QUESTION 256
Which of the following attacks involves sending unsolicited contact information to Bluetooth devices
configured in discover mode?
A.
B.
C.
D.
Impersonation
Bluejacking
War driving
Bluesnarfing
Answer: B
Section: (none)
QUESTION 257
Which of the following has the capability to perform onboard cryptographic functions?
A.
B.
C.
D.
Smartcard
ACL
RFID badge
Proximity badge
Answer: A
Section: (none)
QUESTION 258
Shielded communications media is MOST often used to prevent electrical emanations from being detected
and crosstalk between which of the following?
A.
B.
C.
D.
Networks
Cables
VLANs
VPNs
Answer: B
Section: (none)
QUESTION 259
Which of the following measures ensures unauthorized users cannot access a WAP in a user's home?
A.
B.
C.
D.
Proper WAP placement

Turn off the computers when not in use
Set the SSID to hidden
Change the administrator password on the computer
Answer: C
Section: (none)
QUESTION 260
Which of the following BEST describes where L2TP is used?
A.
B.
C.
D.
VPN encryption
Authenticate users using CHAP
Default gateway encryption
Border gateway protocol encryption
Answer: A
Section: (none)
QUESTION 261
The president of the company is trying to get to their bank's website, and the browser is displaying that the
webpage is being blocked by the system administrator. Which of the following logs would the technician
review?
A.
B.
C.
D.
DNS
Performance
System
Content filter
Answer: D
Section: (none)
QUESTION 262
Which of the following should a technician run to find user accounts that can be easily compromised?
A.
B.
C.
D.
NMAP
SNORT
John the Ripper
Nessus
Answer: C
Section: (none)
QUESTION 263
Which of the following defines the role of a root certificate authority (CA) in PKI?
A. The root CA is the recovery agent used to encrypt data when a user's certificate is lost.
B. The CA stores the user's hash value for safekeeping.
C. The CA is the trusted root that issues certificates.
D. The root CA is used to encrypt email messages to prevent unintended disclosure of data
Answer: C
Section: (none)
QUESTION 264
Which of the following malicious programs compromises system security by exploiting system access through
a virtual backdoor?
A.
B.
C.
D.
Virus
Trojan
Spam
Adware
Answer: B
Section: (none)
QUESTION 265
Which of the following BEST represents why a system administrator should download security patches from
the manufacturer's website directly?
A.
B.
C.
D.
Maintain configuration baseline

Implement OS hardening
Ensure integrity of the patch
Ensure patches are up-to-date
Answer: C
Section: (none)
QUESTION 266
While responding to a confirmed breach of the organization's web server, the security administrator
determines the source of the attack was from a rival organization's IP address range. Which of the following
should the security administer do with this information?
A.
B.
C.
D.
Notify the Help Desk

Notify ICANN
Notify management
Notify the rival organization's IT department
Answer: C
Section: (none)
QUESTION 267
The BEST location for a spam filter is
A.
B.
C.
D.
on the local LAN.

on a proxy server.
behind the firewall.
in front of the mail relay server.
Answer: D
Section: (none)
QUESTION 268
Biometrics is an example of which of the following type of user authentication?
A.
B.
C.
D.
Something the user is

Something the user has
Something the user does
Something the user knows
Answer: A
Section: (none)
QUESTION 269
Which of the following contains a database of users and passwords used for authentication?
A.
B.
C.
D.
CHAP
SAM
TPM
DNS
Answer: B
Section: (none)
QUESTION 270
Mandatory Access Control (MAC) allows:
A. access rights indicated by the role of the individual
B. access associated with the classification of data.

C. a system administrator to centralize policy.
D. rights to be assigned by the data owner.
Answer: B
Section: (none)
QUESTION 271
The accounting group, clinical group and operations group only have access to their own applications. The
company often needs auditors to have access to all three groups' applications with little notice. Which of the
following would simplify the process of granting auditors permissions to all the applications?
A. Create an auditors group and merge the members of the accounting, clinical and operations groups.
B. Create an auditors group and add each user to the accounting, clinical and operations groups individually.
C. Create an auditors group and add each of the accounting, clinical and operations groups to the auditors
group
D. Create an auditors group and add the group to each of the accounting, clinical and operations groups.
Answer: D
Section: (none)
QUESTION 272
Which of the following solutions would an administrator MOST likely perform in order to keep up- to-date with
various fixes on different applications?
A.
B.
C.
D.
Service pack installation

Patch management
Different security templates
Browser hotfixes
Answer: B
Section: (none)
QUESTION 273
Attackers may be able to remotely destroy critical equipment in the datacenter by gaining control over which
of the following systems?
A. Physical access control
B. Video surveillance
C. HVAC
D. Packet sniffer
Answer: C
Section: (none)
QUESTION 274
Which of the following situations applies to disaster recovery exercises?
A.
B.
C.
D.
Vulnerability scans should be performed after each exercise.

Separation of duties should be implemented after each exercise.
Passwords should be changed after each exercise.
Procedures should be updated after each exercise.
Answer: D
Section: (none)
QUESTION 275
The administrator needs to require all users to use complex passwords. Which of the following would be the
BEST way to do this?
A.
B.
C.
D.
Set a local password policy on each workstation and server

Set a domain password policy
Set a group policy to force password changes
Post a memo detailing the requirement of the new password complexity requirements
Answer: B
Section: (none)
QUESTION 276
Purchasing insurance on critical equipment is an example of which of the following types of risk mitigation
techniques?
A.
B.
C.
D.
Risk avoidance
Risk transfer
Risk retention
Risk reduction
Answer: B
Section: (none)
QUESTION 277
Which of the following would be used to eliminate the need for an administrator to manually configure
passwords on each network device in a large LAN?
A.
B.
C.
D.
RADIUS
OVAL
RAS
IPSec VPN
Answer: A
Section: (none)
QUESTION 278
A security administrator responds to a report of a web server that has been compromised. The security
administrator observes the background has been changed to an image of an attacker group. Which of the
following would be the FIRST step in the incident response process?
A.
B.
C.
D.
Run an antivirus scan

Disable the network connection
Power down the server
Print a copy of the background
Answer: B
Section: (none)
QUESTION 279
After completing a forensic image of a hard drive, which of the following can be used to confirm data
integrity?
A.
B.
C.
D.
Chain of custody
Image compression
AES256 encryption
SHA512 hash
Answer: D
Section: (none)
QUESTION 280
A security administrator wants to prevent corporate users from being infected with viruses from flash based
advertisements while using web browsers at work. Which of the following could be used to mitigate this
threat?
A.
B.
C.
D.
Content filter
Firewall
IDS
Protocol analyzer
Answer: A
Section: (none)
QUESTION 281
Which of the following tools provides the MOST comprehensive view of the network's security?
A.
B.
C.
D.
Network anomaly detection
Penetration test
Network mapping program
Answer: C
Section: (none)
QUESTION 282
Which of the following practices improves forensic analysis of logs?
A.
B.
C.
D.
Ensuring encryption is deployed to critical systems.

Ensuring SNMP is enabled on all systems.
Ensuring switches have a strong management password.
Ensuring the proper time is set on all systems.
Answer: D
Section: (none)
QUESTION 283
A user is concerned about threats regarding social engineering and has asked the IT department for advice.
One suggestion offered might be to:
A.
B.
C.
D.
install a removable data backup device for portability ease.

verify the integrity of all data that is accessed across the network.
ensure that passwords are not named after relatives.
disallow all port 80 inbound connection attempts.
Answer: C
Section: (none)
QUESTION 284
When disposing of old or damaged computer systems, which of the following is the primary security concern?
A.
B.
C.
D.
Integrity of company HR information

Compliance with industry best practices
Confidentiality of proprietary information
Adherence to local legal regulations
Answer: C
Section: (none)
QUESTION 285
Which of the following is performed during a security assessment?
A.
B.
C.
D.
Remediate the machines with incorrectly configured controls.

Quarantine the machines that have no controls in place.
Calculate the cost of bringing the controls back into compliance.
Determine the extent to which controls are implemented correctly
Answer: D
Section: (none)
QUESTION 286
The root certificate for the CA for a branch in a city was generated by the CA in a city in another country.
Which of the following BEST describes this trust model?
A.
B.
C.
D.
Chain of trust
Linear trust
Hierarchical trust
Web of trust
Answer: C
Section: (none)
QUESTION 287
The security administrator needs to determine whether common words and phrases are being used as
passwords on the company server. Which of the following attacks would MOST easily accomplish this task?
A.
B.
C.
D.
NTLM hashing
Dictionary
Brute force
Encyclopedia
Answer: B
Section: (none)
QUESTION 288
Conducting periodic user rights audits can help an administrator identity:
A.
B.
C.
D.
new user accounts that have been created.

users who are concurrently logged in under different accounts.
unauthorized network services.
users who can view confidential information.
Answer: D
Section: (none)
QUESTION 289
Which of the following has a 128-bit message digest?
A.
B.
C.
D.
NTLM
MD5
SHA
3DES
Answer: B
Section: (none)
QUESTION 290
Which of the following BEST describes a security benefit of a virtualization farm?
A.
B.
C.
D.
Increased anomaly detection

Stronger authentication
Stronger encryption
Increased availability
Answer: D
Section: (none)
QUESTION 291
The company president wants to replace usernames and passwords with USB security tokens for company
systems. Which of the following authentication models would be in use?
A.
B.
C.
D.
Two factor
Form factor
Physical factor
Single factor
Answer: D
Section: (none)
QUESTION 292
A security administrator wants to detect and prevent attacks at the network perimeter. Which of the following
security devices should be installed to address this concern?
A.
B.
C.
D.
NIPS
IDS
HIPS
NDS
Answer: A
Section: (none)
QUESTION 293
Which of the following presents the GREATEST security risk to confidentiality of proprietary corporate data
when attackers have physical access to the datacenter?
A.
B.
C.
D.
Solid state drives

Cell phone cameras
USB drives
NAS
Answer: C
Section: (none)
QUESTION 294
Which of the following allows a systems administrator to regain lost keys within a PKI?
A.
B.
C.
D.
Recovery agent
One time pad
CRL
Asymmetric keys
Answer: A
Section: (none)
QUESTION 295
A vulnerable service is required between two systems on a network. Which of the following should an
administrator use to prevent an attack on that service from outside the network?
A.
B.
C.
D.
Proxy server
NIDS
Firewall
HIDS
Answer: C
Section: (none)
QUESTION 296
A technician needs to validate that a sent file has not been modified in any way. A co-worker recommends
that a thumbprint be taken before the file is sent. Which of the following should be done?
A. Take an AES hash of the file and send the receiver both the hash and the original file in a signed and
encrypted email.
B. Take a MD5 hash of the file and send the receiver both the hash and the original file in a signed and
encrypted email.
C. Take a NTLM hash of the file and send the receiver both the hash and the original file in a signed and
encrypted email.
D. Take a LANMAN hash of the file and send the receiver both the hash and the original file in a signed and
encrypted email.
Answer: B
Section: (none)
QUESTION 297
A technician needs to setup a secure room to enable a private VTC system. Which of the following should be
installed to prevent devices from listening to the VTC?
A.
B.
C.
D.
Shielding
HIDS
HVAC
MD5 hashing
Answer: A
Section: (none)
QUESTION 298
Which of the following is a primary effect of allowing P2P connections on a network?
A.
B.
C.
D.
Increased amount of spam

Input validation on web applications
Possible storage of illegal materials
Tracking cookies on the website
Answer: C
Section: (none)
QUESTION 299
Which of the following services should be turned off on a printer to prevent malicious reconnaissance
attempts?
A.
B.
C.
D.
FTP
Spooler
SNMP
IP printing
Answer: C
Section: (none)
QUESTION 300
Which of the following software types BEST dissects IP frames for inspection or review by a security
administrator?
A. Protocol analyzer
B. Load balancer
C. Software firewall
D. Gateway
Answer: A
Section: (none)
QUESTION 301
Which of the following devices is used to optimize and distribute data workloads across multiple computers or
networks?
A.
B.
C.
D.
Load balancer
URL filter
VPN concentrator
Protocol analyzer
Answer: A
Section: (none)
QUESTION 302
Actively monitoring data streams in search of malicious code or behavior is an example of:
A.
B.
C.
D.
load balancing.
an Internet proxy.
URL filtering.
content inspection.
Answer: D
Section: (none)
QUESTION 303
Which of the following port numbers is used for SCP, by default?
A.
B.
C.
D.
22
69
80
443
Answer: A
Section: (none)
QUESTION 304
A technician needs to allow seven specific users connection to a new access point. Which of the following
should be performed to achieve this action?
A.
B.
C.
D.
Enable MAC filtering

Disable SSID broadcast
Adjust antenna placement
Decrease WAP power levels
Answer: A
Section: (none)
QUESTION 305
Which of the following systems implements a secure key distribution system that relies on hardcopy keys
intended for individual sessions?
A.
B.
C.
D.
Blowfish
PGP/GPG
One-time pads
PKI
Answer: C
Section: (none)
QUESTION 306
The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric
key cryptography uses:
A.
B.
C.
D.
multiple keys for non-repudiation of bulk data.

different keys on both ends of the transport medium.
bulk encryption for data transmission over fiber.
the same key on each end of the transmission medium.
Answer: D
Section: (none)
QUESTION 307
Which of the following devices is typically used at the enclave boundary to inspect, block, and re- route
network traffic for security purposes?
A.
B.
C.
D.
Load balancers
Protocol analyzers
Firewalls
Spam filter
Answer: C
Section: (none)
QUESTION 308
Which of the following BEST describes the proper method and reason to implement port security?
A. Apply a security control which ties specific ports to end-device MAC addresses and prevents additional
devices from being connected to the network.
B. Apply a security control which ties specific networks to end-device IP addresses and prevents new devices
from being connected to the network.
C. Apply a security control which ties specific ports to end-device MAC addresses and prevents all devices
D. Apply a security control which ties specific ports to end-device IP addresses and prevents mobile devices
Answer: A
Section: (none)
QUESTION 309
Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems?
A.
B.
C.
D.
SSH
SCP
SFTP
SNMP
Answer: A
Section: (none)
QUESTION 310
Which of the following BEST describes the process of key escrow?
A. Maintains a copy of a user's public key for the sole purpose of recovering messages if it is lost
B. Maintains a secured copy of a user's private key to recover the certificate revocation list
C. Maintains a secured copy of a user's private key for the sole purpose of recovering the key if it is lost
D. Maintains a secured copy of a user's public key in order to improve network performance
Answer: C
Section: (none)
QUESTION 311
Which of the following devices should be used to allow secure remote network access for mobile users?
A.
B.
C.
D.
NIDS
Protocol analyzer
SFTP
VPN concentrator
Answer: D
Section: (none)
QUESTION 312
Which of the following technologies is used to verify that a file was not altered?
A.
B.
C.
D.
RC5
AES
DES
MD5
Answer: D
Section: (none)
QUESTION 313
Webmail is classified under which of the following cloud-based technologies?
A.
B.
C.
D.
Demand Computing
Infrastructure as a Service (IaaS)
Software as a Service (SaaS)
Platform as a Service (PaaS)
Answer: C
Section: (none)
QUESTION 314
IPSec has been chosen for remote access VPN connections for telecommuters. Which of the following
combinations would BEST secure the connection?
A.
B.
C.
D.
Transport mode, ESP

Transport mode, AH
Tunnel mode, AH
Tunnel mode, ESP
Answer: D
Section: (none)
QUESTION 315
Which of the following ports are used for NetBIOS by default? (Select TWO).
A.
B.
C.
D.
E.
135
139
143
443
445
Answer: BE
Section: (none)
QUESTION 316
Recovery Point Objectives and Recovery Time Objectives directly relate to which of the following BCP
concepts?
A.
B.
C.
D.
Succession planning
Remove single points of failure
Risk management
Business impact analysis
Answer: D
Section: (none)
QUESTION 317
Which of the following security applications would an administrator use to help reduce the amount of
bandwidth used by web browsing?

A.
B.
C.
D.
HIDS
Proxy server
NIPS
Personal software firewall
Answer: B
Section: (none)
QUESTION 318
Which of the following is the MOST secure condition a firewall should revert to when it is overloaded with
network traffic?
A.
B.
C.
D.
Fail danger
Fail safe
Fail closed
Fail open
Answer: C
Section: (none)
QUESTION 319
Which of the following can restrict a computer from receiving network traffic?
A.
B.
C.
D.
HIDS
Software firewall
Antivirus
NIDS
Answer: B
Section: (none)
QUESTION 320
Which of the following is the primary location where global policies are implemented in an organization?
A.
B.
C.
D.
Physical memory
Domain
User documentation
Security group
Answer: B
Section: (none)
QUESTION 321
Which of the following sits inline with network traffic and helps prevent malicious behavior as it occurs by
either dropping packets or correcting TCP stream related issues?
A.
B.
C.
D.
HIPS
NIDS
NIPS
HIDS
Answer: C
Section: (none)
QUESTION 322
Which of the following network security devices is the BEST to use when increasing the security of an entire
network, or network segment, by preventing the transmission of malicious packets from known attacking
sources?
A.
B.
C.
D.
Honeypot
Firewall
HIDS
NIDS
Answer: B
Section: (none)
QUESTION 323
Which of the following would be used to gain access to a data center where the administrator would have to
use multiple authentication factors?
A.
B.
C.
D.
Fingerprint scan and password

Fingerprint and retina scan
Enter two different passwords
ID badge and smartcard
Answer: A
Section: (none)
QUESTION 324
The physical location of rogue access points can be discovered by using which of the following?
A.
B.
C.
D.
IPS
Remote monitoring
Creating honeypots
War driving
Answer: D
Section: (none)
QUESTION 325
Employee A sends employee B an encrypted message along with a digital signature. Employee B wants to
make sure that the message is truly from employee A. Which of the following will employee B do to verify the
source of the message?
A.
B.
C.
D.
Use employee Bs private key to unencrypted the message.

Use employee as private key to verify the digital signature.
Use employee Bs public key to unencrypted the message.
Use employee as public key to verify the digital signature.
Answer: D
Section: (none)
QUESTION 326
Which of the following BEST describes the purpose of risk mitigation?
A.
B.
C.
D.
Reducing the time from vulnerability discovery to patch deployment.

Reducing the cost to recover from a security incident.
Reducing the chances that a threat will exploit a vulnerability.
Reducing the work associated with patch management.
Answer: C
Section: (none)
QUESTION 327
Which of the following is the primary difference between role-based access control and rule-based access
control?
A.
B.
C.
D.
Both are based on local legal regulations but role based provides greater security.
One is based on identity and the other on authentication.
One is based on job function and the other on a set of approved instructions.
Both are based on job title but rule based provides greater user flexibility.
Answer: C
Section: (none)
QUESTION 328
Which of the following devices would be used to gain access to a secure network without affecting network
connectivity?
A.
B.
C.
D.
Router
Vampire tap
Firewall
Fiber-optic splicer
Answer: B
Section: (none)
QUESTION 329
Which of the following is the purpose of key escrow in a PKI system?
A.
B.
C.
D.
Ensures that all private keys are publicly accessible to PKI users
Provides a system for recovering encrypted data even if the users lose private keys
Provides a system for recovering encrypted data when public keys are corrupted
Ensures the security of public keys by storing the keys confidentially
Answer: B
Section: (none)
QUESTION 330
A security manager decides to assign the daily responsibility of firewall and NIDS administration to different
technicians. This is an example of which of the following?
A.
B.
C.
D.
Implicit deny
Least privilege
Job rotation
Answer: B
Section: (none)
QUESTION 331
The company's NIDS system is configured to pull updates from the vendor and match traffic patterns based
on these updates. Which of the following BEST describes this configuration?
A.
B.
C.
D.
Behavior-based
Anomaly-based
OVAL-based
Signature-based
Answer: D
Section: (none)
QUESTION 332
Which of the following security applications would be MOST useful to traveling employees? (Select THREE).
A.
B.
C.
D.
E.
F.
Anti-spam
Personal software firewall
NIDS
External corporate firewall
NIPS
Antivirus
Answer: ABF
Section: (none)
QUESTION 333
Which of the following is performed when conducting a penetration test?
A.
B.
C.
D.
Documentation of security vulnerabilities and policy gaps.

Demonstrations of network capabilities and resiliency.
Documentation of network security settings, policy gaps and user errors.
Demonstrations of security vulnerabilities and flaws in policy implementation.
Answer: D
Section: (none)
QUESTION 334
Employee A wants to send employee B an encrypted message that will identify employee A as the source of
the message. Which of the following will employee A do to accomplish this? (Select TWO).
A.
B.
C.
D.
E.
F.
Use employee as private key to sign the message.

Use the message application to mark the message as urgent.
Use only symmetric encryption to send the message.
Use employee Bs private key to encrypt the message.
Use employee Bs public key to encrypt the message.
Use employee as public key to sign the message.
Answer: AE
Section: (none)
QUESTION 335
IPSec provides which of the following?
A.
B.
C.
D.
New IP headers
Payload encryption
NAT traversal
Payload compression
Answer: B
Section: (none)
QUESTION 336
Which of the following relies on prime numbers to generate keys?
A.
B.
C.
D.
RSA
AES
IPSec
Elliptic curve
Answer: A
Section: (none)
QUESTION 337
A technician places a network jack in the parking garage for administrative use. Which of the following can be
used to mitigate threats from entering the network via this jack?
A.
B.
C.
D.
Disable ports when not in use

Install wireless access points
Replace CAT5 with CAT6 plenum
Install a firewall
Answer: A
Section: (none)
QUESTION 338
Which of the following provides an organization with the ability to hide an internal private network, while
simultaneously providing additional IP addresses?
A.
B.
C.
D.
VLAN
NAT
VPN
DMZ
Answer: B
Section: (none)
QUESTION 339
Which of the following keys is used to sign an email message?
A.
B.
C.
D.
Public
Private
Symmetric
CA key
Answer: B
Section: (none)
QUESTION 340
On which of the following algorithms is PGP based?
A.
B.
C.
D.
RSA
MD5
WPA
DES
Answer: A
Section: (none)
QUESTION 341
A security administrator works for a corporation located in a state with strict data breach disclosure laws.
Compliance with these local legal regulations requires the security administrator to report data losses due to
which of the following?
A.
B.
C.
D.
Cryptography
Backup corruption
Power failures
Hacking
Answer: D
Section: (none)
QUESTION 342
Command-and-Control is a key element of a:
A.
B.
C.
D.
logic bomb.
rootkit.
Trojan.
botnet.
Answer: D
Section: (none)
QUESTION 343
Which of the following would a technician implement to mitigate SQL injection security risks?
A.
B.
C.
D.
Use input validation.

Disable Java on Internet browsers.
Delete Internet history.
Use software firewalls.
Answer: A
Section: (none)
QUESTION 344
Which of the following encryption methods is being used when both parties share the same secret key?
A.
B.
C.
D.
Asymmetric
Certificate based
Symmetric
Kerberos
Answer: C
Section: (none)
QUESTION 345
After a recent viral intrusion, an administrator wishes to verify the server's functionality post-clean- up. The
administrator should:
A.
B.
C.
D.
analyze the NIDS logs for any errant connections that may have been recorded.
install any hotfixes that may have been overlooked.
compare the systems performance against the configuration baseline.
ensure that the antivirus applications definitions are up-to-date.
Answer: C
Section: (none)
QUESTION 346
A small company wants to hire a security assessment team for the server and network infrastructure. Which of
the following needs to be defined before penetration testing occurs?
A.
B.
C.
D.
Vulnerability scan
Bandwidth requirements
Protocols analysis
Rules of engagement
Answer: D
Section: (none)
QUESTION 347
Which operating system hardening procedure can be implemented to ensure all systems have the most up-todate version available?
A. Group policies
B. Patch management
C. Security templates
D. Configuration baselines
Answer: B
Section: (none)
QUESTION 348
In the event of a fire, the MOST appropriate setting for electronic cipher locks would be to:
A. allow personnel to exit the building only after security confirms the threat and electronically releases all
locks.
B. allow personnel to exit the building without any forms of authentication.
C. allow personnel to exit the building using only a photo ID badge.
D. allow personnel to exit the building only after using a valid swipe card and key.
Answer: B
Section: (none)
QUESTION 349
The company's administrative assistant acts as the main point of contact for outside sales vendors and
provides information over the phone. Which of the following is the GREATEST threat that the administrative
assistant should be educated about?
A.
B.
C.
D.
Non-redundant personnel role distribution

Providing employee personal contact information
Data information verification and up-to-date reporting structure
Providing the corporate mailing address to unidentified callers
Answer: B
Section: (none)
QUESTION 350
In the past several weeks, there have been an increased amount of failed remote desktop login attempts from
an external IP address. Which of the following ports should the administrator change from its default to control
this?
A.
B.
C.
D.
21
25
3389
4658
Answer: C
Section: (none)
QUESTION 351
Which of the following is a transmission encryption that is generally regarded as weak?
A.
B.
C.
D.
AES256
PGP
SSL
WEP
Answer: D
Section: (none)
QUESTION 352
Which of the following BEST describes when code that is initiated on a virtual machine directly affects the
host?
A.
B.
C.
D.
VM cluster
VM escape
VM hypervisor
VM hardware abstraction
Answer: B
Section: (none)
QUESTION 353
Which of the following tools is used to report a wide range of security and configuration problems on a
network?
A.
B.
C.
D.
Protocol analyzer
Port scanner
TACACS
Answer: B
Section: (none)
QUESTION 354
A user reports that their system is slow and reboots on its own. The technician is unable to remotely control
the computer and realizes that they no longer have administrative rights to that workstation. Which of the
following is MOST likely the cause?
A.
B.
C.
D.
Spam
DDoS
Adware
Rootkit
Answer: D
Section: (none)
QUESTION 355
A user creates an archive of files that are sensitive and wants to ensure that no one else can access them.
Which of the following could be used to assess the security of the archive?
A.
B.
C.
D.
Password cracker
Port scanner
Firewall
Protocol analyzer
Answer: A
Section: (none)
QUESTION 356
Which of the following is the BEST way for an attacker to conceal their identity?
A.
B.
C.
D.
Shoulder surfing
Deleting the cookies
Increase the max size of the log
Disable logging
Answer: D
Section: (none)
QUESTION 357
Which of following protocols can operate in tunnel mode?
A.
B.
C.
D.
IPSec
SHTTP
SSL
SFTP
Answer: A
Section: (none)
QUESTION 358
Which of the following is the FINAL phase of disaster recovery?
A.
B.
C.
D.
Notify all personnel that a disaster has taken place.

Hold a follow-up meeting to review lessons learned.
Perform a full recovery so all devices are back in working order.
Restore all network connectivity.
Answer: B
Section: (none)
QUESTION 359
Which of the following does an attacker with minimal rights need to accomplish to continue attacking a
compromised system?
A.
B.
C.
D.
Rootkit
Logic bomb
Answer: D
Section: (none)
QUESTION 360
Virtualization technology can be implemented to positively affect which of the following security concepts?
A.
B.
C.
D.
Non-repudiation
Confidentiality
Availability
Integrity
Answer: C
Section: (none)
QUESTION 361
Which of the following uses both private and public key algorithms for email encryption and decryption?
A.
B.
C.
D.
CA
DES
PGP
AES256
Answer: C
Section: (none)
QUESTION 362
A user reports random windows opening and closing after installing new software. Which of the following has
MOST likely infected the computer?
A.
B.
C.
D.
Worm
Spam
Rootkit
Adware
Answer: D
Section: (none)
QUESTION 363
Which of the following BEST describes NAC?
A.
B.
C.
D.
Provides access based on predetermined characteristics

Provides access based on ARP requests
Translates between DHCP requests and IP addresses
Translates between private addresses and public addresses
Answer: A
Section: (none)
QUESTION 364
Which of the following will allow a technician to restrict access to one folder within a shared folder?
A. NTLM
B. IPSec
C. NTLMv2
D. NTFS
Answer: D
Section: (none)
QUESTION 365
Which of the following can assess threats in non-encrypted traffic?
A.
B.
C.
D.
Internet content filter

Proxy server
NIDS
Firewall
Answer: C
Section: (none)
QUESTION 366
A network administrator was recently promoted from their former position as a server administrator and now
can no longer log on to servers they previously supported. This is an example of:
A.
B.
C.
D.
job rotation.
single sign on.
separation of duties.
implicit deny.
Answer: C
Section: (none)
QUESTION 367
Which of the following BEST describes the use of geographically distinct nodes to flood a site or sites with an
overwhelming volume of network traffic?
A.
B.
C.
D.
Spoofing
DoS
Replay
DDoS
Answer: D
Section: (none)
QUESTION 368
The security administrator wants to know if a new device has any known issues with its available applications.
Which of the following would be BEST suited to accomplish this task?
A.
B.
C.
D.
Port scanner
Network mapper
Protocol analyzer
Answer: A
Section: (none)
QUESTION 369
An administrator believes a user has more access to a financial application than they should. Which of the
following policies would this MOST likely violate?
A.
B.
C.
D.
Group policy
Server configuration policy
User rights assignment
Storage and retention
Answer: C
Section: (none)
QUESTION 370
Which of the following is the BEST course of action to ensure an email server is not an open relay?
A.
B.
C.
D.
Require authentication for all outbound SMTP traffic.

Require authentication for all inbound and outbound SMTP traffic.
Block all inbound traffic on SMTP port 25.
Require authentication for all inbound SMTP traffic.
Answer: A
Section: (none)
QUESTION 371
An administrator is having difficulty getting staff to adhere to group policy directives regarding streaming
audio. Bandwidth utilization increases around the time that a popular radio show is broadcast. Which of the
following is the BEST solution to implement?
A.
B.
C.
D.
Enforce group policy

Change the password policy
Deploy content filters
Implement time of day restrictions
Answer: C
Section: (none)
QUESTION 372
Which of the following is used to encrypt the data sent from the server to the browser in an SSL session?
A.
B.
C.
D.
Private Key
Public key
Asymmetric encryption
Symmetric encryption
Answer: D
Section: (none)
QUESTION 373
Which of the following is the MAIN difference between bluejacking and bluesnarfing?
A. Bluesnarfing can be done from a greater distance than bluejacking.
B. Bluejacking involves sending unsolicited messages to a phone while bluesnarfing involves accessing the
phone data.
C. Bluejacking involves some social engineering while bluesnarfing does not.
D. Bluesnarfing involves sending unsolicited messages to a phone while bluejacking involves accessing the
phone data.
Answer: B
Section: (none)
QUESTION 374
Which of the following centralizes authentication on a wireless network?
A. RADIUS
B. VPN
C. RDP
D. CHAP
Answer: A
Section: (none)
QUESTION 375
Which of the following ensures that an employee cannot continue carrying out fraudulent activities?
A.
B.
C.
D.
Biometric reader
Job rotation
Two-factor authentication
Role-based access control
Answer: B
Section: (none)
QUESTION 376
Which of the following concepts is applied when a user enters a password to gain authorized access to a
system?
A.
B.
C.
D.
Identification
Privatization
Authentication
Non-repudiation
Answer: C
Section: (none)
QUESTION 377
Which of the following BEST describes what users are required to provide in a two factor authentication
system?
A.
B.
C.
D.
Two distinct items from each of the authentication factor groups.

Two distinct items from one of the authentication factor groups.
Two distinct items from distinct categories of authentication factor groups.
Two distinct items they know from the same authentication factor group.
Answer: C
Section: (none)
QUESTION 378
Which of the following events are typically written to system logs?
A.
B.
C.
D.
DNS zone transfers

Web GET requests
Database usage
Service startup
Answer: D
Section: (none)
QUESTION 379
A user loses a USB device containing credit card numbers. Which of the following would BEST protect the
data?
A.
B.
C.
D.
Encryption of the device with the key stored elsewhere

Password protection which destroys data on the device after 12 incorrect attempts
Password protection which destroys data on the device after 10 incorrect attempts
Encryption of the laptop to which the device is connected
Answer: A
Section: (none)
QUESTION 380
During a data exfiltration penetration test, which of the following is the NEXT step after gaining access to a
system?
A.
B.
C.
D.
Attack weak passwords

DoS
Use default accounts
Answer: D
Section: (none)
QUESTION 381
Which of the following would an administrator MOST likely update after deploying a service pack?
A.
B.
C.
D.
Configuration baseline
Patch
Hotfix
Group policy
Answer: A
Section: (none)
QUESTION 382
A security administrator has received an SD memory card for the purpose of forensic analysis. The memory
card is left on the administrator's office desk at the end of the day. The next day the security guard returns the
SD card to the administrator because it was found by the night janitor. Which of the following incident
response procedures has been violated?
A.
B.
C.
D.
Chain of custody
Evidence gathering
Data retention
Securing the site
Answer: A
Section: (none)
QUESTION 383
Which of the following logs contains user logons and logoffs?
A.
B.
C.
D.
Security
DNS
Application
System
Answer: A
Section: (none)
QUESTION 384
A cipher lock system is which of the following security method types?
A.
B.
C.
D.
Biometrics
Proximity reader
Door access
Man-trap design
Answer: C
Section: (none)
QUESTION 385
Which of the following is able to detect that a local system has been compromised?
A.
B.
C.
D.
NIDS
HIDS
Anti-spam
Personal firewall
Answer: B
Section: (none)
QUESTION 386
Verifying the time and date certain users access a server is an example of which of the following audit types?
A.
B.
C.
D.
Retention policy
Account login
User rights
Account lockout
Answer: B
Section: (none)
QUESTION 387
Which of the following is required for an anomaly detection system to evaluate traffic properly?
A.
B.
C.
D.
Baseline
Signature
Protocol analyzer
Answer: A
Section: (none)
QUESTION 388
An administrator is concerned about the amount of time it would take to investigate email that may be subject
to inspection during legal proceedings. Which of the following could help limit the company's exposure and the
time spent on these types of proceedings?
A.
B.
C.
D.
Storage and retention policies

Decentralize email servers
Encrypting email transmissions
Adjust user access rights assignments
Answer: A
Section: (none)
QUESTION 389
Which of the following helps protect logs from compromise?
A.
B.
C.
D.
Centralize log management.

Turn on all logging options.
Log failed logon attempts.
View logs regularly.
Answer: A
Section: (none)
QUESTION 390
A user from the accounting department is in the Customer Service area and tries to connect to the file server
through their laptop, but is unable to access the network. The network administrator checks the network
connection and verifies that there is connectivity. Which of the following is the MOST likely cause of this
issue?
A.
B.
C.
D.
File server is not on the DMZ

IPS has blocked access
Wrong VLAN
NAT is not properly configured
Answer: C
Section: (none)
QUESTION 391
Which of the following RAID types would be implemented for disk mirroring?
A. RAID 0
B. RAID 1
C. RAID 3
D. RAID 5
Answer: B
Section: (none)
QUESTION 392
Which of the following is MOST likely to be used to transfer malicious code to a corporate network by
introducing viruses during manufacturing?
A.
B.
C.
D.
P2P software
BIOS chips
USB drives
Cell phones
Answer: C
Section: (none)
QUESTION 393
Which of the following defines the process and accounting structure for handling system upgrades and
modifications?
A.
B.
C.
D.
Service level agreement

Change management
Loss control
Key management
Answer: B
Section: (none)
QUESTION 394
Which of the following BEST describes why USB storage devices present a security risk to the confidentiality
of data?
A.
B.
C.
D.
Ability to remotely install keylogger software and bypass network routing.

High raw storage capacity combined with wireless transfer capability.
High volume and transfer speeds combined with ease of concealment.
Slow data transfer speeds combined with ease of concealment.
Answer: C
Section: (none)
QUESTION 395
Implementing a mandatory vacation policy for administrators is a security best practice because of which of
the following?
A.
B.
C.
D.
Increases administrator's skills by providing them with a vacation.

Detects malicious actions by an administrator responsible for reviewing logs.
Makes it easier to implement a job rotation policy and cross train administrators.
Detects malicious actions by users with remote access to network resources.
Answer: B
Section: (none)
QUESTION 396
A user is recording a file on disk. Which of the following will allow a user to verify that the file is the original?
A.
B.
C.
D.
3DES
NTFS
RSA
MD5
Answer: D
Section: (none)
QUESTION 397
Which of the following is associated with a command and control system?
A.
B.
C.
D.
Botnet
Rootkit
Virus
Logic bomb
Answer: A
Section: (none)
QUESTION 398
Which of the following is BEST suited to determine which services are running on a remote host?
A.
B.
C.
D.
Log analyzer
Antivirus
Protocol analyzer
Port scanner
Answer: D
Section: (none)
QUESTION 399
Which of the following is a best practice when creating groups of user and computer accounts in a directory
service?
A.
B.
C.
D.
Delegation of administration and policy deployment

Naming conventions and technical aptitude
Department and salary divisions
Seniority at the company and access level
Answer: A
Section: (none)
QUESTION 400
Which of the following allows two people to communicate securely without having to know each other prior to
communicating?
A.
B.
C.
D.
3DES
AES
Symmetric keys
PKI
Answer: D
Section: (none)
QUESTION 401
Which of the following should an HVAC system do when a fire is detected in a data center?
A.
B.
C.
D.
It should increase humidity.

It should change to full cooling.
It should decrease humidity.
It should shut down.
Answer: D
Section: (none)
QUESTION 402
Multiple machines are detected connecting to a specific web server during non-business hours and receiving
instructions to execute a DNS attack. Which of the following would be responsible?
A.
B.
C.
D.
Virus
Adware
Logic Bomb
Botnet
Answer: D
Section: (none)
QUESTION 403
Which of the following is the BEST solution for an administrator to implement in order to learn more about the
zero-day exploit attacks on the internal network?
A.
B.
C.
D.
A Honeypot
A stateful firewall
A HIDS
An IDS
Answer: A
Section: (none)
QUESTION 404
System resource monitors and baselines on web servers should be used by security team members to detect:
A.
B.
C.
D.
The need for increased bandwidth availability.

Expired accounts in use.
New server policies.
Denial-of-service conditions.
Answer: D
Section: (none)
QUESTION 405
A technician wants to implement a change across the production domain. Which of the following techniques
should the technician perform?
A.
B.
C.
D.
Change the acceptable use policy.

Install service packs on the domain.
Deploy a group policy.
Edit the access control list.
Answer: C
Section: (none)
QUESTION 406
A user logs onto a laptop with an encrypted hard drive. There is one password for unlocking the encryption
and one password for logging onto the network. Both passwords are synchronized and used to login to the
machine. Which of the following authentication types is this?
A.
B.
C.
D.
Biometric
Single sign-on
Three factor
Two factor
Answer: B
Section: (none)
QUESTION 407
Limiting access to a file resource to only the creator by default, is an example of applying which of the
following security concepts?
A.
B.
C.
D.
Behavior-based security
Least privilege
Logical tokens
Answer: C
Section: (none)
QUESTION 408
Which of the following would protect an employee's network traffic on a non-company owned network?
A. Antivirus
B. 802.1x
C. VPN
D. RADIUS
Answer: C
Section: (none)
QUESTION 409
A security administrator is worried about attackers accessing a specific server within the company's network.
Which of the following would allow the security staff to identify unauthorized access to the server?
A.
B.
C.
D.
HIDS
Antivirus
Anti-spyware
Honeypotadministrator to perform internal research
Answer: A
Section: (none)
QUESTION 410
Which of the following can be used to prevent ongoing network based attacks?
A.
B.
C.
D.
NIDS
HIDS
NAT
NIPS
Answer: D
Section: (none)
QUESTION 411
Which of the following audit systems should be enabled in order to audit user access and be able to know who
is trying to access critical systems?
A.
B.
C.
D.
Group policy
Account expiration
Password policy
Failed logon attempts
Answer: D
Section: (none)
QUESTION 412
Which of the following vulnerability assessment tools would be used to identify weaknesses in a company's
router ACLs or firewall?
A.
B.
C.
D.
Rainbow tables
Intrusion prevention systems
Brute force attacks
Port scanner
Answer: D
Section: (none)
QUESTION 413
An administrator wants to make sure that all users of a large domain are restricted from installing software.
Which of the following should MOST likely be done?
A.
B.
C.
D.
A security policy template is implemented

A security IP audit is completed
Administrative rights are manually removed
All workstations are rebuilt
Answer: A
Section: (none)
QUESTION 414
Which of the following should be protected from disclosure?
A.
B.
C.
D.
Certificate revocation list

Users private key passphrase
Users public key
Public key infrastructure
Answer: B
Section: (none)
QUESTION 415
The firewall administrator sees an outbound connection on IP port 50 and UDP port 500. Which of the
following is the cause?
A.
B.
C.
D.
IPSec VPN connection

SSH tunneling
Certificate revocation list look-up
Incorrect DNS setup
Answer: A
Section: (none)
QUESTION 416
Which of the following methods allows the administrator to create different user templates to comply with the
principle of least privilege?
A.
B.
C.
D.
Rule-based access control

Mandatory access control
Physical access control
Answer: D
Section: (none)
QUESTION 417
Which of the following can be used to create a unique identifier for an executable file?
A.
B.
C.
D.
Blowfish
NTLM
DES
SHA
Answer: D
Section: (none)
QUESTION 418
In the event of a disaster resulting in the loss of their data center, a company had determined that they will
need to be able to be back online within the next day, with some systems. Which of the following would BEST
meet their needs?
A. A spare set of servers stored in the data center
B. A hot backup site

C. A cold backup site
D. A warm backup site
Answer: D
Section: (none)
QUESTION 419
A network administrator is alerted to an incident on a file server. The alerting application is a file
integrity checker. Which of the following is a possible source of this HIDS alert?
A.
B.
C.
D.
ARP poisoning
DDOS
Teardrop attack
Rootkit
Answer: D
Section: (none)
QUESTION 420
An on-going attack on a web server has just been discovered. This server is non-critical but holds data that
could be very damaging to the company if it is disclosed. Which of the following should the administrator
choose as their FIRST response?
A.
B.
C.
D.
Launch a counter attack on the other party.

Disconnect the server from the network.
Call over a manager and document the attack.
Monitor the attack until the attacker can be identified.
Answer: B
Section: (none)
QUESTION 421
Which of the following has a primary goal of hiding its processes to avoid detection?
A.
B.
C.
D.
Worm
Rootkit
Logic bomb
Virus
Answer: B
Section: (none)
QUESTION 422
Which of the following ports is susceptible to DNS poisoning?
A.
B.
C.
D.
23
53
80
8080
Answer: B
Section: (none)
QUESTION 423
A recipients public key can be used by a data sender to ensure which of the following?
A.
B.
C.
D.
Sender anonymity
Data confidentiality
Data availability
Sender authentication
Answer: B
Section: (none)
QUESTION 424
Which of the following system types would a security administrator need to implement in order to detect and
mitigate behavior-based activity on the network?
A.
B.
C.
D.
Antivirus server
NIPS
Signature-based security devices
NIDS
Answer: B
Section: (none)
QUESTION 425
The technical user group has read and write access to a network share. The executive user group has full
control of the same network share. A user is a member of both groups. Which of the following BEST describes
the users permissions on the share?
A.
B.
C.
D.
The user is able to modify, write, delete and read documents in network share.
The user is able to modify, write and delete documents in network share.
The user is able to write and read documents in the network share.
The user is able to modify and write documents in network share.
Answer: A
Section: (none)
QUESTION 426
An administrator is configuring a new system in a domain. Which of the following security events is MOST
important to monitor on the system?
A.
B.
C.
D.
Failed data moves

Logon attempts
Data file updates
Password changes
Answer: B
Section: (none)
QUESTION 427
Which of the following provides active protection to critical operating system files?
A.
B.
C.
D.
NIPS
Firewall
HIPS
HIDS
Answer: C
Section: (none)
QUESTION 428
A disaster recovery exercise should include which of the following action types?
A.
B.
C.
D.
Testing the performance of each workstations UPS

Creating a chain of custody
Enforcing change management
Testing server restoration
Answer: D
Section: (none)
QUESTION 429
Which of the following technologies address key management?
A.
B.
C.
D.
Digital signature algorithm

Advanced encryption standard
Blowfish
Diffie-Hellman
Answer: D
Section: (none)
QUESTION 430
Which of the following is a valid two-factor authentication model?
A.
B.
C.
D.
Retina scan and palm print

Smartcard and hardware token
Iris scan and user password
User password and user PIN
Answer: C
Section: (none)
QUESTION 431
Which of the following are reasons why a key may be revoked? (Select TWO).
A.
B.
C.
D.
E.
Key compromise
Lost password
CA compromise
Public key compromise
Lost trust
Answer: AC
Section: (none)
QUESTION 432
Which of the following redundancy planning concepts would MOST likely be used when trying to strike a
balance between cost and recovery time?
A.
B.
C.
D.
Hot site
Cold site
Warm site
Field site
Answer: C
Section: (none)
QUESTION 433
Which of the following should the network administrator use to remotely check if a workstation is running a
P2P application?
A.
B.
C.
D.
Ping sweeper
Port scanner
Network mapper
ARP scanner
Answer: B
Section: (none)
QUESTION 434
The security policy at a company clearly specifies that server administrators cannot have access to log
servers or permissions to review log files. These rights are granted only to security administrators. This policy
is an example of which of the following industry best practices?
A.
B.
C.
D.
Job rotation
Implicit deny
Answer: A
Section: (none)
QUESTION 435
Which of the following is the process by which encryption keys are distributed?
A.
B.
C.
D.
User access and rights review

Trusted Platform Module (TPM)
Key management
Key escrow
Answer: C
Section: (none)
QUESTION 436
Management wants a security assessment conducted on their network. The assessment must be conducted
during normal business hours without impacting users. Which of the following would BEST facilitate this?
A.
B.
C.
D.
A risk assessment
A honeynet
A penetration test
A vulnerability scan
Answer: D
Section: (none)
QUESTION 437
The manager has tasked an administrator to test the security of the network. The manager wants to know if
there are any issues that need to be addressed, but the manager is concerned about affecting normal
operations. Which of the following should be used to test the network?
A.
B.
C.
D.
Use a protocol analyzer.

Read the log files on each system on the network.
Use a vulnerability scanner.
Launch a DDoD attack in the network and see what occurs.
Answer: C
Section: (none)
QUESTION 438
The company's new administrative assistant wants to use their name as a password and asks if it is
appropriate. Which of the following is the BEST reason for not allowing this?
A.
B.
C.
D.
The proposed password does not meet complexity requirements.

It will require too much time to conduct due diligence.
The password risks disclosure of Personally Identifiable Information (PII).
Change management approval has not been granted.
Answer: A
Section: (none)
QUESTION 439
A user reports a problem with resetting a password on the company website. The help desk determined the
user was redirected to a fraudulent website. Which of the following BEST describes this attack type?
A.
B.
C.
D.
Spyware
XSS
Worm
Logic bomb
Answer: B
Section: (none)
QUESTION 440
Which of the following security protocols could be configured to use EAP when connecting to a wireless
access point?
A.
B.
C.
D.
WPA-personal/TKIP
RADIUS
IPSec
WPA2-enterprise
Answer: D
Section: (none)
QUESTION 441
An administrator needs to ensure that all machines deployed to the production environment follow strict
company guidelines. Which of the following are they MOST likely to use?
A.
B.
C.
D.
Mandatory Access Control (MAC)

Security templates
Horizontal scans
Vertical scans
Answer: B
Section: (none)
QUESTION 442
The network administrator has been tasked with creating a VPN connection to a vendors site. The vendor is
using older equipment that does not support AES. Which of the following would be the network administrators
BEST option for configuring this link?
A.
B.
C.
D.
3DES
DES
PGP
One time pad
Answer: A
Section: (none)
QUESTION 443
A new software application is designed to interact with the company's proprietary devices. Systems where the
software is installed can no longer connect to the devices. Which of the following should the administrator do
FIRST?
A.
B.
C.
D.
Ensure that the software is compliant to the systems host OS.

Consult the firewall logs for blocked process threads or port communication.
Verify that the devices are not rogue machines and blocked by network policy.
Check the antivirus definitions for false positives caused by the new software.
Answer: B
Section: (none)
QUESTION 444
Which of the following is mitigated by implementing proper data validation?
A.
B.
C.
D.
Rootkits
SMTP open relays
DNS poisoning
Answer: B
Section: (none)
QUESTION 445
Which of the following is the BEST way to restrict the GUI interface on a workstation?
A.
B.
C.
D.
Batch file
Registry edits
Group policy
Local policy
Answer: C
Section: (none)
QUESTION 446
Which of the following BEST controls traffic between networks?
A.
B.
C.
D.
HIPS
Access point
NIDS
Firewall
Answer: D
Section: (none)
QUESTION 447
Which of the following cryptographic methods provides the STRONGEST security when implemented
correctly?
A.
B.
C.
D.
WEP
Elliptic curve
MD5
NTLM
Answer: B
Section: (none)
QUESTION 448
After accessing several different Internet sites a user reports their computer is running slow. The technician
verifies that the antivirus definitions on that workstation are current. Which of the following security threats is
the MOST probable cause?
A. Trojan
B. Worm
C. Spyware
D. Spam
Answer: C
Section: (none)
QUESTION 449
Which of the following is the MOST common way to allow a security administrator to securely administer
remote *NIX based systems?
A.
B.
C.
D.
IPSec
PPTP
SSL/TLS
SSH
Answer: D
Section: (none)
QUESTION 450
Which of the following protocols requires the use of a CA based authentication process?
A.
B.
C.
D.
FTPS implicit
FTPS explicit
MD5
PEAP-TLS
Answer: D
Section: (none)

Preguntas SEC+

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Preguntas SEC+

Caricato da

Copyright:

Formati disponibili

SY0-201/301 Weasel super edit!

To decrypt network sessions

One time pad

Conduct surveys and rank the results.

There is a worm attacking the network.

Human Resources Manager

PIN, thumb print, proximity card

Mobile device encryption

Scan with antivirus software.

B. rule-based access control.

System security categorization requirement

Discretionary access control

The cost of OVAL vulnerability assessment tools

Key escrow exchange

Update and enable the anti-spam software.

The server is configured to reject ICMP packets.

Which of the following is true about hardware encryption? (Select TWO).

It must use elliptical curve encryption.

Update NIDS signatures

Man in the middle

Encrypt the CPU L2 cache

Configure the firewall to log all traffic and begin researching.

new certificates to be generated.

of the following BEST describes a security implication of this practice?

Power off the machines as quickly as possible.

Degauss the phones for 30 minutes.

They use public and private keys.

B. password complexity issues.

Ample time to remove backup tapes

Asymmetric key sharing

Acceptable usage policy

Remediate the machines with incorrectly configured controls.

Providing identity documents to a new user based on approved paperwork.

MTTR = (time of fail) / (time of restore)

Install security cameras inside the building.

The stored data might be out of date with networked-stored equivalents.

stateful packet inspection.

Disclosure of cryptographic algorithms

Distributed Denial of Service

Flooding the network with all of the log information

Input validation errors

VLANs need to be added on the switch but not the router.

Hotfixes follow a predetermined release schedule while patches do not.

USB Memory key

Exchange private keys with each other

Install a manageable, centralized power and cooling system

Installation of Internet content filters to implement domain name kiting.

Add ACLs to computers; add computers to groups.

The user's PC is missing the authentication agent.

The key is not shared and remains on the server

Domain name kiting

DNS query from a source outside the organization

Domain name kiting

PIN and password

Shielded twisted pair

C. Conduct post disaster recovery testing.

Create a user account without administrator privileges.

Conduct periodic audits of disaster recovery policies.

Risk = exploit x number of systems x cost of asset

B. Less overhead cost of software licensing

Rouge access points

Loss of physical control over data

To analyze packets and frames

It is an access policy based on a set of rules.