Security+ 2

Start Studying!

Terms

undefined, object

copy deck

The best protection against the abuse of remote maintenance of PBX (Private Branch Exchange) system is to: A. Keep maintenance features turned off until needed B. Insists on strong authentication before allowing remote maintenance C.: Answer: B
Explanation:
Checking with various outside opinions, answer A would be the best,
A high profile company has been receiving a high volume of attacks on their web site. The network administrator wants to be able to collect information on the attacker(s) so legal action can be taken. What should be implemented? A. A: Answer: B
Explanation:
A deception active response fools the attacker into thinking the attack is succeeding while
monitoring the activity and potentially redirecting the attacker to a system that is
designed to be broken. This allows the operator or administrator to gather data about how
the attack is unfolding and what techniques are being used in the attack. This process is
referred to as sending them to the honey pot.
The protection of data against unauthorized access or disclosure is an example of what? A. Confidentiality B. Integrity C. Signing D. Hashing: Answer: A
Explanation:
The goal of confidentiality is to prevent or minimize unauthorized access and disclosure
of data and information.
You are running cabling for a network through a boiler room where the furnace and some other heavy machinery reside. You are concerned about interference from these sources. Which of the following types of cabling provides the best protect: Answer: D
Explanation:
Fiber, as a media, is relatively secure because it cannot be easily tapped. It is the
strongest to defeat against EMI and RFI in my opinion.
In order for a user to obtain a certificate from a trusted CA (Certificate Authority), the user must present proof of identity and a: A. Private key B. Public key C. Password D. Kerberos key: Answer: B
Explanation:
A certificate is really nothing more than a mechanism that associates the public key with
an individual.
If a private key becomes compromised before its certificateâ€™s normal expiration, X.509 defines a method requiring each CA (Certificate Authority) to periodically issue a signed data structure called a certificate: A. Enrollment list: Explanation:
Certification revocation is the process of revoking a certification before it expires. A
certificate may need to be revoked because it was stolen, an employee moved on to a new
company, or someone has had their access revoked.
An application that appears to perform a useful function but instead contains some sort of malicious code is called a _____. A. Worm B. SYN flood C. Virus D. Trojan Horse E. Logic Bomb: Explanation:
A Trojan horse attaches itself to another file, such as a word processing document. Trojan
horses may also arrive as part of an e-mail for free game, software, or other file. When
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 6 -
the Trojan horse activates and performs its task, it infects all of the word processing or
template files. Consequently, every new file will carry the Trojan horse. The Trojan horse
may not be visible because it masks itself inside of a legitimate program.
How many bits are employed when using has encryption? A. 32 B. 64 C. 128 D. 256: Answer: C
Explanation:
What transport protocol and port number does SSH (Secure Shell) use? A. TCP (Transmission Control Protocol) port 22 B. UDP (User Datagram Protocol) port 69 C. TCP (Transmission Control Protocol) port 179 D. UDP (User Datagram Protocol: Answer: A
Explanation:
SSH uses port 22 and TCP for connections.
While performing a routing site audit of your wireless network, you discover an unauthorized Access Point placed on your network under the desk of Accounting department security. When questioned, she denies any knowledge of it, but informs: Answer: F
Explanation:
Social engineering is a process where an attacker attempts to acquire information about
your network and system by talking to people in the organization. A social engineering
attack may occur over the phone, be e-mail, or by a visit.
window is broken. Because it is not your office you tell the resident of the office to contact the maintenance person and have it fixed. After leaving, you fail to follow up on whether the windows was actually repaired. What affect will th: Explanation:
This is the only answer that can be true.
A. Is false, because why would a repair of the door increase the threat.
B. Is false, because a repair, there is no vulnerability.
C. If the window is not repaired, then the threat will increase not decrease.
Providing false information about the source of an attack is known as: A. Aliasing B. Spoofing C. Flooding D. Redirecting: Answer: B
Explanation:
A spoofing attack is simple an attempt by someone or something to masquerade as
someone else. This type of attack is usually considered an access attack.
The start of the LDAP (Lightweight Directory Access Protocol) directory is called the: A. Head B. Root C. Top D. Tree: Answer: B
Explanation:
LDAP directories are arranged as trees. Below the topmost 'root' node, country
information appears, followed by entries for companies, states or national organizations.
Next come entries for organizational units, such as branch offices and departments.
Finally we locate individuals, which in X.500 and LDAP include people, shared
resources such as printers, and documents. An LDAP directory server thus makes it
possible for a corporate user to find the information resources she needs anywhere on the
enterprise network.
Reference: http://www.intranetjournal.com/foundation/ldap.shtml
A company consists of a main building with two smaller branch offices at opposite ends of the city. The main building and branch offices are connected with fast links so that all employees have good connectivity to the network. Each of the: Answer: A
Explanation:
Keep in mind that cost and best level of security is asked for. To keep all the servers in
one room along with the vital components with a security measure added to the room will
provide what is asked for.
You are explaining SSL to a junior administrator and come up to the topic of handshaking. How many steps are employed between the client and server in the SSL handshake process? A. Five B. Six C. Seven D. Eight: Explanation:
Graphical explanation of 6 steps to Digital Handshake for SSL
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 10 -
Note: The handshake begins when a browser connects to an SSL-enabled server, and
asks the server to send back its identification, a digital certificate that usually contains the
server name, the trusted certifying authority, and the server public encryption key. The
browser can contact the server of the trusted certifying authority and confirm that the
certificate is authentic before proceeding.
The browser then presents a list of encryption algorithms and hashing functions (used to
generate a number from another); the server picks the strongest encryption that it also
supports and notifies the client of the decision.
In order to generate the session keys used for the secure connection, the browser uses the
server public key from the certificate to encrypt a random number and send it to the
server. The client can encrypt this data, but only the server can decrypt it: this is the one
fact that makes the keys hidden from third parties, since only the server and the client
have access to this data.
The server replies with more random data (which doesnâ€™t have to be encrypted), and then
both parities use the selected hash functions on the random data to generate the session
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 11 -
keys. This concludes the handshake and begins the secured connection, which is
encrypted and decrypted with the session keys.
The SSL handshake allows the establishment of a secured connection over an insecure
channel. Even if a third party were to listen to the conversation, it would not be able to
obtain the session keys. The process of creating good random numbers and applying hash
functions can be quite slow, but usually the session keys are cached, so the handshake
occurs only on the first connection between the parties.
This process works on top of HTTP, so its portable to any platform that supports it, and is
in principle applicable to other protocols as well (Welling 2001, p.334). The process
described is part of SSL version 2.0, but version 3.0 is supposed to replace it soon.
Another standard, Transport Layer Security (TSL) is still in draft and is supposed to
replace SSL in the future.
An administrator notices that an e-mail server is currently relaying e-mail (including spam) for any e-mail server requesting relaying. Upon further investigation the administrator notices the existence of /etc/mail/relay domains. What mod: Answer: C
Access control decisions are based on responsibilities that an individual user or process has in an organization. This best describes: A. MAC (Mandatory Access Control) B. RBAC (Role Based Access Control) C. DAC (Discretionary Ac: Answer: B
Explanation:
The RBAC model allows a user to act in a certain predetermined manner based on the
role the user holds in the organization. Users can be assigned certain roles system wide.
A honey pot is _____. A. A false system or network to attract attacks away from your real network. B. A place to store passwords. C. A sage haven for your backup media. D. Something that exist only in theory.: Answer: A
Explanation:
A honey pot is a computer that has been designed as a target for computer attacks. The
benefit of a honey pot system is that it will draw attackers away from a higher value
system or it will allow administrators to gain intelligence about an attack strategy.
A problem with air conditioning is causing fluctuations in temperature in the server room. The temperature is rising to 90 degrees when the air conditioner stops working, and then drops to 60 degrees when it starts working again. The probl: Answer: C
Explanation: The expansion and contraction that occurs during the normal heating and
cooling cycles of your system can cause chips and cards, over time, to inch loose from
sockets or slots.
You have been alerted to the possibility of someone using an application to capture and manipulate packets as they are passing through your network. What type of threat does this represent? A. DDos B. Back Door C. Spoofing D: Answer: D
Explanation:
The method used in these attacks place a piece of software between a server and the user.
The software intercepts and then sends the information to the server. The server responds
back to the software, thinking it is the legitimate client. The attacking software then sends
this information on to the server, etc. The man in the middle software may be recording
this information, altering it, or in some other way compromising the security of your
system.
Which of the following media types is most immune to RF (Radio Frequency) eavesdropping? A. Coaxial cable B. Fiber optic cable C. Twisted pair wire D. Unbounded: Answer: B
Explanation:
Fiber, as a media, is relatively secure because it cannot be easily tapped. It is the
strongest to defeat against EMI and RFI in my opinion.
What statement is most true about viruses and hoaxes? SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 14 - A. Hoaxes can create as much damage as a real virus. B. Hoaxes are harmless pranks and: Answer: A
Explanation: Hoaxes do have the possibility of causing as much damage as viruses.
Many hoaxes instruct the recipient to forward the message to everyone that they know
and thus causes network congestion and heavy e-mail activity. Hoaxes also often instruct
the user to delete files on their computer that may cause their computer or a program to
quit functioning.
While connected from home to an ISP (Internet Service Provider), a network administrator performs a port scan against a corporate server and encounters four open TCP (Transmission Control Protocol) ports: 25, 110, 143 and 389. Corporate us: Answer: B
Explanation:
Internet message Access Protocol v4 uses port 143 and TCP for connections. POP3 uses
port 110 and TCP for connections and therefore can be filtered out to decrease
unnecessary exposure.
A piece of malicious code that can replicate itself has no productive purpose and exist only to damage computer systems or create further vulnerabilities is called a? SY0 - 001 Leading the way in IT testing and certification tools, www.tes: Answer: E
Explanation:
A virus is a piece of software designed to infect a computer system. The virus may do
nothing more than reside on the computer. A virus may also damage the data on your
hard disk, destroy your operating system, and possibly spread to other systems.
When evidence is acquired, a log is started that records who had possession of the evidence for a specific amount of time. This is to avoid allegations that the evidence may have been tampered with when it was unaccounted for, and to keep track: Answer: B
Explanation:
The chain of custody is a log of the history of evidence that has been collected. This log
should catalog every event from the time the evidence is collected.
Data integrity is best achieved using a(n) A. Asymmetric cipher B. Digital certificate C. Message digest D. Symmetric cipher: Answer: C
Explanation:
The Message Digest Algorithm is another algorithm that creates a hash value. MDA uses
a one-way hash. The hash value is used to help maintain integrity.
A recent audit shows that a user logged into a server with their user account and executed a program. The user then performed activities only available to an administrator. This is an example of an attack? A. Trojan horse B. Priv: Answer: B
Explanation:
A user obtaining access to a resource they would not normally be able to access. This is
done inadvertently by running a program with SUID (Set User ID) or SGID (Set Group
ID) permissions â€“ or by temporarily becoming another user.
When a user clicks to browse a secure page, the SSL (Secure Sockets Layer) enabled server will first: A. Use its digital certificate to establish its identity to the browser. B. Validate the user by checking the CRL (Certificate Revocation: Answer: A
Explanation:
The Secure Socket Layer is used to establish a secure communication connection
between two TCP-based machines. This protocol uses the handshake method. When a
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 17 -
connection request is made to the server, the server sends a message back to the client
indicating a secure connection is needed. The client then sends the server a certificate
indicating the capabilities of the client. The server then evaluates the certificate and
responds with a session key and an encrypted private key. The session is secure after this
process.
You are assessing risks and determining which asset protection policies to create first. Another member of the IT staff has provided you with a list of assets which have importance weighted on a scale of 1 to 10. Internet connectivity has an: Answer: D
Explanation:
1. 9 Data policy
2. 8 Internet connection
3. 7 personnel
4. 5 software
Controlling access to information systems and associated networks is necessary for the preservation of their: A. Authenticity, confidentiality, integrity and availability. B. Integrity and availability. C. Confidentiality, integrity a: Answer: C
Explanation:
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 18 -
The design goals of a security topology must deal with issues of confidentiality, integrity,
availability and accountability. You will often see the confidentiality, integrity and
availability referred to as the CIA of network security. The accountability is equally
important.
What design feature of Instant Messaging makes it extremely insecure compared to other messaging systems? A. It is a peer-to-peer network that offers most organizations virtually no control over it. B. Most IM clients are actually Tro: Answer: A
Explanation:
Answer A seems to be the most correct of these answer.
B. is incorrect because IM client are not Trojan Horses, but they can be compromised by
Trojan Horses.
C. is incorrect because the answer would make IM secure.
D. All IM messaging system that transverse the Internet uses it as a medium.
Access controls that are created and administered by the data owner are considered: A. MACs (Mandatory Access Control) B. RBACs (Role Based Access Control) C. LBACs (List Based Access Control) D. DACs (Discretionary Access Contro: Answer: D
Explanation:
The DAC model allows the owner of a resource to establish privileges to the information
they own. The DAC model would allow a user to share a file or use a file that someone
else has shared. The DAC model establishes an ACL that identifies the users who have
authorized to that information. This allows the owner to grant or revoke access to
individuals or group of individuals based on the situation. This model is dynamic in
nature and allows information to be shared easily between users.
A well defined business continuity plan must consist of risk and analysis, business impact analysis, strategic planning and mitigation, training and awareness, maintenance and audit and: A. Security labeling and classification. B. Bud: Answer: D
Explanation:
Business Continuity Planning is the process of implementing policies, controls, and
procedures to counteract the effects of losses, outages, or failures of critical business
processes.
John wants to encrypt a sensitive message before sending it to one of his managers. Which type of encryption is often used for e-mail? A. S/MINE B. BIND C. DES D. SSL: Answer: A
Explanation:
Secure MIME (S/MIME) is a standard used for encrypting e-mail. S/MIME can also
contain signature data. S/MIME provides encryption, integrity, and authentication when
used in conjunction with PKI.
What is the greatest benefit to be gained through the use of S/MINE /Secure Multipurpose Internet Mail Extension) The ability to: A. Encrypted and digitally sign e-mail messages. B. Send anonymous e-mails. C. Send e-mails with a retur: Answer: A
Secure MIME (S/MIME) is a standard used for encrypting e-mail. S/MIME can also
contain signature data. S/MIME provides encryption, integrity, and authentication when
used in conjunction with PKI.
A _____ occurs when a string of data is sent to a buffer that is larger than the buffer was designed to handle. A. Brute Force attack B. Buffer overflow C. Man in the middle attack D. Blue Screen of Death E. SYN flood F: Answer: B
Explanation:
Buffer overflow occur when an application receives more data that it is programmed to
accept. This situation can cause an application to terminate. The termination may leave
the system sending the data with temporary access to privileged levels in the attacked
system.
Packet sniffing can be used to obtain username and password information in clear text from which one of the following? A. SSH (Secure Shell) B. SSL (Secure Sockets Layer) SY0 - 001 Leading the way in IT testing and certification: Answer: C
Explanation:
FTP has a major flaw. The user ID and password are not encrypted and are subject to
packet capture.
A company uses WEP (Wired Equivalent Privacy) for wireless security. Who may authenticate to the companyâ€™s access point? A. Only the administrator. B. Anyone can authenticate. C. Only users within the company. D. Only users wit: Answer: D
Explanation:
The 802.11 standard describes the communication that occurs in wireless local area
networks (LANs). The Wired Equivalent Privacy (WEP) algorithm is used to protect
wireless communication from eavesdropping. A secondary function of WEP is to prevent
unauthorized access to a wireless network; this function is not an explicit goal in the
802.11 standard, but it is frequently considered to be a feature of WEP.
WEP relies on a secret key that is shared between a mobile station (eg. a laptop with a
wireless ethernet card) and an access point (ie. a base station). The secret key is used to
encrypt packets before they are transmitted, and an integrity check is used to ensure that
packets are not modified in transit. The standard does not discuss how the shared key is
established. In practice, most installations use a single key that is shared between all
mobile stations and access points. More sophisticated key management techniques can be
used to help defend from the attacks we describe; however, no commercial system we are
aware of has mechanisms to support such techniques.
As the Security Analyst for your companies network, you become aware that your systems may be under attack. This kind of attack is a DOS attack and the exploit send more traffic to a node than anticipated. What kind of attack is this?: Answer: B
Explanation:
Buffer overflow occur when an application receives more data that it is programmed to
accept. This situation can cause an application to terminate. The termination may leave
the system sending the data with temporary access to privileged levels in the attacked
system.
Following a disaster, while returning to the original site from an alternate site, the first process to resume at the original site would be the: A. Least critical process B. Most critical process. C. Process most expensive to maintai: Answer: A
In order to establish a secure connection between headquarters and a branch office over a public network, the router at each location should be configured to use IPSec (Internet Protocol Security) in ______ mode. A. Secure B. Tunnel: Answer: B
Explanation:
IPSec provides secure authentication and encryption of data and headers. IPSec can work
in Tunneling mode or Transport mode. In Tunneling mode, the data or payload and
message headers are encrypted. Transport modes encrypts only the payload.
The primary purpose of NAT (Network Address Translation) is to: A. Translate IP (Internet Protocol) addresses into user friendly names. B. Hide internal hosts from the public network. C. Use on public IP (Internet Protocol) address on the: Answer: B
Explanation:
NAT effectively hides your network from the world. This makes it much harder to
determine what systems exist on the other side of the router.
Users of Instant Messaging clients are especially prone to what? A. Theft of root user credentials. B. Disconnection from the file server. C. Hostile code delivered by file transfer. D. Slow Internet connections. E. Loss of email: Answer: C
Explanation:
IM clients can also be compromised by malicious code, Trojan Horse programs, and
traditional DoS attacks.
Which two of the following are symmetric-key algorithms used for encryption? A. Stream-cipher B. Block C. Public D. Secret: Answer: A, B
Computer forensics experts collect and analyze data using which of the following guidelines so as to minimize data loss? A. Evidence B. Chain of custody C. Chain of command D. Incident response: Answer: B
Explanation:
The chain of custody is a log of the history of evidence that has been collected. This log
should catalog every event from the time the evidence is collected.
A DMZ (Demilitarized Zone) typically contains: SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 25 - A. A customer account database B. Staff workstations C. A FTP (File Transfer Protocol) s: Answer: C
Explanation:
A DMZ is an area where you can place a public server for access by people you might
not trust otherwise. By isolating a server in a DMZ, you can hide or remove access to
other areas of your network.
A FTP server is can be used my people from outside of your network and should be
placed in the DMZ.
What kind of attack is a type of security breach to a computer system that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system? A. CRL B. DOS C. ACL D. MD2: Answer: B
Explanation:
DOS attacks prevent access to resources by users authorized to use those resources. An
attacker may attempt to bring down an e-commerce website to prevent or deny usage by
legitimate customers.
User A needs to send a private e-mail to User B. User A does not want anyone to have the ability to read the e-mail except for User B, thus retaining privacy. Which tenet of information security is User A concerned about? A. Authentication: Answer: C
Explanation:
The goal of confidentiality is to prevent or minimize unauthorized access and disclosure
of data and information.
You are researching the ARO and need to find specific data that can be used for risk assessment. Which of the following will you use to find information? A. Insurance companies B. Stockbrokers C. Manuals included with software an: Answer: A
Giving each user or group of users only the access they need to do their job is an example of which security principal. A. Least privilege B. Defense in depth C. Separation of duties D. Access control: Answer: A
Explanation:
This means that a process has no more privileges that necessary to be able to fulfill its
functions.
Documenting change levels and revision information is most useful for: A. Theft tracking B. Security audits C. Disaster recovery D. License enforcement: Answer: C
Explanation:
Disaster recovery is the ability to recover system operations after a disater. One of the
key aspects of disaster recovery planning is designing a comprehensive backup plan. This
includes backup storage, procedures and maintenance.
One way to limit hostile sniffing on a LAN (Local Area Network is by installing: A. An ethernet switch. B. An ethernet hub. C. A CSU/DSU (Channel Service Unit/Data Service Unit). D. A firewall.: Answer: A
Explanation:
Sniffers can be mitigated using a Switch. The switch is intelligent and sends the data only
to the destination address. Sniffers usually work in a LAN using a hub.
Notable security organizations often recommend only essential services be provided by a particular host, and any unnecessary services be disabled. Which of the following does NOT represent a reason supporting this recommendation? A. E: Answer: B
Explanation:
B is wrong because the hardware and software are used usually used in a wide array of
different vendors.
Which of the following backup methods copies only modified files since the last full backup? A. Full B. Differential C. Incremental D. Archive: Explanation:
A differential backup is similar in function to an incremental backup, but it backs up any
files that have been altered since the last full backup.
You are compiling estimates on how much money the company could lose if a risk occurred one time in the future. Which of the following would these amounts represent? A. ARO B. SLE C. ALE D. Asset identification: Answer: B
Explanation:
Single Loss Expectancy is the cost of a single loss when it occurs.
The term â€œdue careâ€ best relates to: A. Policies and procedures intended to reduce the likelihood of damage or injury. B. Scheduled activity in a comprehensive preventative maintenance program. C. Techniques and methods for secure ship: Answer: A
Explanation:
Due Care policies identify what level of care is used to maintain the confidentiality of
private information. These policies specify how information is to be handled. The
objectives of Due Car policies are to protect and safeguard customer and/or client
records.
Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies. What type of encryption is it from the list below? A. WTLS B. Symmetric C. Multifactor: Answer: B
Explanation:
Here are some of the common standard that use symmetric algorithm.
⬢ DES
⬢ AES has replaced DES as the current standard, and it uses the Rijindael
algorithm.
⬢ 3DES
⬢ CAST
⬢ RC
⬢ Blowfish
⬢ IDEA
You are the first person to respond to the scene of an incident involving a computer being hacked. After determining the scope of the crime scene and securing it, you attempt to preserve evidence at the scene. Which of the following tasks: Answer: A, B
Explanation:
Preservation of evidence requires limited access. Answer A and B are the best choice.
Answer C is wrong, because many incidents that occur in a computer system, especially
Internet attacks, will only show up in system RAM while the system is running. Answer
D is wrong, because you should not touch anything until the authorities arrive.
At what stage of an assessment would an auditor test systems for weaknesses and attempt to defeat existing encryption, passwords and access lists? A. Penetration B. Control C. Audit planning D. Discovery: Answer: A
Explanation:
Penetration testing is the act of gaining access
When examining the serverâ€™s list of protocols that are bound and active on each network interface card, the network administrator notices a relatively large number of protocols. Which actions should be taken to ensure network security?: Answer: C
Explanation:
Leaving additional network services enabled may cause difficulties and can create
vulnerabilities in your network. As much as possible, configure your network devices as
restrictively as you can.
Which of the following describes the concept of data integrity? A. A means of determining what resources a user can use and view. B. A method of security that ensures all data is sequenced, and numbered. C. A means of minimizing vulnerabil: Answer: B
Explanation:
The goal of integrity is the make sure that the data being working with is actually correct
data.
In a decentralized privilege management environment, user accounts and passwords are stored on: A. One central authentication server. B. Each individual server. C. No more than two servers. D. One server configured for decentrali: Answer: B
Explanation:
The key word is decentralized, so the best answer would be B.
In context of wireless networks, WEP (Wired Equivalent Privacy) was designed to: A. Provide the same level of security as a wired LAN (Local Area Network). B. Provide a collision preventive method of media access. C. Provide a wider access: Answer: A
Explanation:
Wired Equivalent Privacy is a wireless protocol designed to provide privacy equivalent to
that of a wired network.
What two functions does IPSec perform? (Choose two) SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 33 - A. Provides the Secure Shell (SSH) for data confidentiality. B. Provides the Password Au: Answer: C, F
Explanation:
IPSec is a security protocol that provides authentication and encryption across the
Internet. IPSec can use AH or ESP.
A primary drawback to using shared storage clustering for high availability and disaster recover is: A. The creation of a single point of vulnerability. B. The increased network latency between the host computers and the RAID (Redunda: Answer: A
What are two common methods when using a public key infrastructure for maintaining access to servers in a network? A. ACL and PGP. B. PIM and CRL. C. CRL and OCSP. D. RSA and MD2: Answer: C
Explanation:
The process of revoking a certificate begins when the CA is notified that a particular
certificate needs to be revoked. The CA marks the certificate as revoked. This
information is published in the CRL and becomes available using OCSP.
After installing a new operating system, what configuration changes should be implemented? A. Create application user accounts. B. Rename the guest account. C. Rename the administrator account, disable the guest accounts. D. Crea: Answer: C
Explanation:
Renaming the administrator account name and disabling the guest account will reduce the
risk of a computer being attacked.
Users who configure their passwords using simple and meaningful things such as pet names or birthdays are subject to having their account used by an intruder after what type of attack? A. Dictionary attack B. Brute Force attack C: Answer: A
Explanation:
A dictionary attack is an attack which uses a dictionary of common words to
attempt to find the password of a user.
By definition, how many keys are needed to lock and unlock data using symmetrickey encryption? A. 3+ B. 2 C. 1 D. 0: Explanation:
Symmetrical Keys present a difficult challenge to both a key management and a security
perspective. The loss or compromise of a symmetrical key compromises the entire
system. Single key systems are entirely dependant on the privacy of the key. This key
requires special handling and security. Make sure that symmetrical keys are never
divulged. Symmetrical keys should be transmitted using secure out-of-band methods.
By definition, how many keys are needed to lock and unlock data using symmetrickey encryption? A. 3+ B. 2 C. 1 D. 0: Answer: C
Explanation:
Symmetrical Keys present a difficult challenge to both a key management and a security
perspective. The loss or compromise of a symmetrical key compromises the entire
system. Single key systems are entirely dependant on the privacy of the key. This key
requires special handling and security. Make sure that symmetrical keys are never
divulged. Symmetrical keys should be transmitted using secure out-of-band methods.
What kind of attack are hashed password vulnerable to? A. Man in the middle. B. Dictionary or brute force. C. Reverse engineering. D. DoS (Denial of Service): Answer: A
Explanation:
I disagree with the original answer C. The man in the middle attack can steal the hashed
password, and then it can be decrypted at their own leisure.
What is one advantage if the NTFS file system over the FAT16 and FAT32 file systems? A. Integral support for streaming audio files. B. Integral support for UNIX compatibility. C. Integral support for dual-booting with Red Hat Linu: Answer: D
Explanation:
The NTFS was introduced with Windows NT to address security problems. With NTFS
files, directories, and volumes can each have their own security.
You have identified a number of risks to which your companyâ€™s assets are exposed, and want to implement policies, procedures, and various security measures. In doing so, what will be your objective? A. Eliminate every threat that may: Answer: B
Explanation:
Answer B would best benefit the policy for your company to adjust to certain needs for or
less depending on the risk.
Answer A is wrong because not every threat can be fixed.
Answer C is wrong because it may cost more money to address every risk than what the
company makes.
Answer D is obviously wrong.
Which of the following results in a domain name server resolving the domain name to a different and thus misdirecting Internet traffic? A. DoS (Denial of Service) B. Spoofing C. Brute force attack D. Reverse DNS (Domain Name: Answer: B
Explanation:

A spoofing attack is simply an attempt y someone or something to masquerade as
someone else.
Active detection IDS systems may perform which of the following when a unauthorized connection attempt is discovered? (Choose all that apply) A. Inform the attacker that he is connecting to a protected network. B. Shut down the server o: Answer: B, D
Explanation:
Active response involves taking an action based upon an attack or threat. The goal of an
active response would be to take the quickest action possible to reduce the potential
impact of an event. Terminating connections, processes, or sessions are responses that
may occur in the event of a unauthorized connection.
A and C are wrong for obvious reasons.
Honey pots are useful in preventing attackers from gaining access to critical system. True or false? A. True B. False C. It depends on the style of attack used.: Answer: A
Explanation:
A honey pot is a computer that has been designed as a target for computer attacks.
A autonomous agent that copies itself into one or more host programs, then propagates when the host is run, is best described as a: A. Trojan horse B. Back door C. Logic bomb D. Virus: Answer: D
Explanation:
A virus is a piece of software designed to infect a computer system. I can go into this
further, but the answer is obvious.
What technology was originally designed to decrease broadcast traffic but is also beneficial in reducing the likelihood of having information compromised by sniffers? A. VPN (Virtual Private Network) B. DMZ (Demilitarized Zone): Answer: C
Explanation:
A VLAN allows you to create groups of users and systems and segment them on the
network. This segmentation allows you to hide segments of the network from other
segments and control access. You can think of a VLAN as a good way to contain network
traffic. VLANS are created by using a switch and switched networks mitigate against
sniffers.
Of the following services, which one determines what a user can change or view? A. Data integrity B. Data confidentiality C. Data authentication D. Access control: Answer: D

Explanation:
Access control defines how users and systems communicate and in what manner. Three
basic models are used to explain access control.
80 What is access decisions based on in a MAC (Mandatory Access Control) environment? A. Access control lists B. Ownership C. Group membership D. Sensitivity labels: Answer: D
81 As the Security Analyst for your companies network, you want to implement AES ? A. Rijndael B. Nagle C. Spanning Tree D. PKI: Answer: A
Explanation:.SY0-101
AES has replaced DES as the current standard, and it uses the Rijindael
82 When securing a FTP (File Transfer Protocol) server, what can be done to ensure that only authorized users can access the server? A. Allow blind authentication. B. Disable anonymous authentication. C. Redirect FTP (File Transfer Pr: Answer: B
Explanation:
Early FTP servers did not offer security. Security was based on the honor system. Most logons to an FTP site
used the anonymous logon. By convention, the logon ID was the user's email address, and the password was
anonymous.
84 You are promoting user awareness in forensics, so users will know what to do when incidents occur with their computers. Which of the following tasks should you instruct users to perform when an incident occurs? (Choose all that apply) A: Answer: B, C
Explanation:
The best choices would be B and C. When an incident occurs, the best thing to do is document what is going on
and call the incident response team. By logging off the network, you can damage evidence. If the system is
being attacked over the internet, then shutting the system down will corrupt the data and evidence.
85 When a session is initiated between the Transport Control Program (TCP) client and server in a network, a very small buffer space exist to handle the usually rapid "hand-shaking" exchange of messages that sets up the session. What: Answer: B
86 A program that can infect other programs by modifying them to include a version of itself is a: A. Replicator B. Virus C. Trojan horse D. Logic bomb: Answer: B
Explanation:
A virus can do many things and including itself in a program is one of them. A virus is a program intended to
damage a computer system.
87 A collection of information that includes login, file access, other various activities, and actual or attempted legitimate and unauthorized violations is a(n): A. Audit B. ACL (Access Control List) C. Audit trail D. Syslo: Answer: C
Explanation:
A record showing who has accessed a computer system and what operations he or she has performed during a
given period of time. Audit trails are useful both for maintaining security and for recovering lost transactions.
Most accounting systems and database management systems include an audit trail component. In addition, there
are separate audit trail software products that enable network administrators to monitor use of network
resources.
88 Forensic procedures must be followed exactly to ensure the integrity of data obtained in an investigation. When making copies of data from a machine that is being examined, which of the following tasks should be done to ensure it is an exact: Answer: A.
89 DAC (Discretionary Access Control) system operates which following statement: A. Files that don't have an owner CANT NOT be modified. B. The administrator of the system is an owner of each object. C. The operating system is an owner of: Answer: D
Explanation:
The DAC model allows the owner of a resource to establish privileges to the information they own. The DAC
model would allow a user to share a file or use a file that someone else has shared. The DAC model establishes
an ACL that identifies the users who have authorized to that information. This allows the owner to grant or
revoke access to individuals or group of individuals based on the situation. This model is dynamic in nature and
allows information to be shared easily between users.
90You have decided to implement biometrics as part of your security system. Before purchasing a locking system that uses biometrics to control access to secure areas, you need to decide what will be used to authenticate users. Which of the foll: Answer: C
Explanation:
Biometric systems are those that use some kind of unique biological identifier to identify a person. Some of
these unique identifiers include fingerprints, patterns on the retina, and handprints, and DNA scanners, and they
can be used as part of the access control mechanisms. Usernames, passwords and PINs are not apart of
biometrics.
91 As the Security Analyst for your company's network, you want to implement Single Sign-on technology. What benefit can you expect to get when implementing Single Sign-on? A. You will need to log on twice at all times. B. You can allow fo: Answer: D
Explanation:
The purpose of a single sign-on is so that a user can gain access to all of the applications and systems they need
when they log on.
92 A. Viruses B. Signatures C. Hackers D. Malware: Answer: B
Explanation:
IDS can detect two types of traffic patterns. Misuse-Detection IDS is primarily focused on evaluating attacks
based on attack signatures and audit trails. Anomaly-Detection IDS focuses on abnormal traffic patterns.
93 What type of authentication may be needed when a stored key and memorized password are not strong enough and additional layers of security is needed? A. Mutual B. Multi-factor C. Biometric D. Certificate: Answer: B
Explanation:
Multi-Factor When two or more of these access methods are included as a part of the authentication process,
you are implementing a multi-factor system.
94 You are the first to arrive at a crime scene in which a hacker is accessing unauthorized data on a file server from across the network. To secure the scene, which of the followings actions should you perform? A. Prevent members of the organi: Answer: A, D
Explanation:
Answer A is correct to stop anyone from corrupting the evidence.
Answer B is incorrect, because you would want the incident response team there.
Answer C is incorrect, because that would corrupt any evidence that is stored in RAM.
Answer D is correct to stop all activity to the hacker.
95You are the first person to arrive at a crime scene. An investigator and crime scene technician arrive afterwards to take over the investigation. Which of the following tasks will the crime scene technician be responsible for performing?: Answer: D
Explanation:
You want evidence usable of it is needed for a trial. It is a good idea to seal evidence into a bag and identify the
date, time, and person who collected it. This bag-and-tag process makes tampering with the evidence more
difficult.
96 The defacto IT (Information Technology) security evaluation criteria for the international community is called? A. Common Criteria B. Global Criteria C. TCSEC (Trusted Computer System Evaluation Criteria) D. ITSEC (Information: ??
97 Which of the following is a technical solution that supports high availability? A. UDP (User Datagram Protocol) B. Anti-virus solution C. RAID (Redundant Array of Independent Disks) D. Firewall: Answer: C
Explanation: RAID is a technology that uses multiple disks to provide fault tolerance.
98 Which of the following is an example of an asymmetric algorithm? A. CAST (Carlisle Adams Stafford Tavares) B. RC5 (Rivest Cipher 5) C. RSA (Rivest Shamir Adelman) D. SHA-1 (Secure Hashing Algorithm 1): Answer: C
Explanation:
Four popular asymmetric systems are in use today:
. ⬢ RSA
. ⬢ Diffie-hellman
. ⬢ ECC
. ⬢ El Gamal
99 Dave is increasing the security of his Web site by adding SSL (Secure Sockets Layer).Which type of encryption does SSL use?.SY0-101 A. Asymmetric B. Symmetric C. Public Key D. Secret: Answer: B
Explanation:
The Secure Sockets Layer (SSL) protocol uses both asymmetric and symmetric key exchange. Use asymmetric
keys for the SSL handshake. During the handshake, the master key, encrypted with the receiver public passes
from the client to the server. The client and server make their own session keys using the master key. The
session keys encrypt and decrypt data for the remainder of the session. Symmetric key exchange occurs during
the exchange of the cipher specification, or encryption level.
100 What would NOT improve the physical security of workstations? A. Lockable cases, keyboards, and removable media drives. B. Key or password protected configuration and setup. C. Password required to boot. D. Strong passwords.: Answer: A
Explanation:
This is a tough question. The best choice is A, because physical security starts with the entrance and works its
way towards the rooms where computers are stored. If by the chance a intruder gets to a workstation, they can
still access it even though it is locked.
101 What are the four major components of ISAKMP (Internet Security Association and Key Management Protocol)? A. Authentication of peers, threat management, communication management, and cryptographic key establishment. B. Authenticat: Answer: C
Explanation:
The four major functional components of ISAKMP are: Æ’ Authentication of communications peers. Æ’ Threat
mitigation. Æ’ Security association creation and management. Æ’ Cryptographic key establishment and
management.
102 Security training should emphasize that the weakest links in the security of an organization are typically: A. Firewalls.SY0-101 B. Polices C. Viruses D. People: Answer: D
Explanation:
People would be the weakest link out of these 4 answers, because they may not follow the policies or configure
the firewall correctly. Viruses are not in a security organization.
103 IEEE (Institute of Electrical and Electronics Engineers) 802.11b is capable of providing data rates of to: A. 10 Mbps (Megabits per second) B. 10.5 Mbps (Megabits per second) C. 11 Mbps (Megabits per second) D. 12 Mbps (Megab: Answer: C
Explanation:
802.11b The 802.11b standard provides for bandwidth of up to 11Mbps in the 2.4GHz frequency spectrum.
104 The standard encryption algorithm based on Rijndael is known as: A. AES (Advanced Encryption Standard) B. 3DES (Triple Data Encryption Standard) C. DES (Data Encryption Standard) D. Skipjack: Answer: A
Explanation:
Rijndael is a symmetric-key block cipher. After a competition Rijndael was selected as the successor to DES
and became the Advanced Encryption Standard, or AES.
105 Security controls may become vulnerabilities in a system unless they are: A. Designed and implemented by the system vendor. B. Adequately tested. C. Implemented at the application layer in the system. D. Designed to use multiple f: Answer: B
Explanation:
If you have any security controls(firewalls) that you think is working and is not, then can be a vulnerability.
106 Which of the following is considered the best technical solution for reducing the threat of a man in the middle attack? A. Virtual LAN (Local Area Network) B. GRE (Generic Route Encapsulation) tunnel IPIP (Internet Protocol-within: Answer: C
Explanation:
PKI is a two-key system. Messages are encrypted with a public key. Messages are decrypted with a private key.
If you want to send an encrypted message to someone, you would request their public key. You would encrypt
the message using their public key and send it to them. They would then use their private key to decrypt the
message.
107 Access controls based on security labels associated with each data item and each user are known as: A. MACs (Mandatory Access Control) B. RBACs (Role Based Access Control) C. LBACs (List Based Access Control) D. DACs (Discret: Answer: A
Explanation:
The MAC model is a static model that uses a predefined set of access privileges to files on the system. The
system administrator establishes these parameters and associate them with an account, files or resources. The
MAC model can be very restrictive.
108 An extranet would be best defined as an area or zone: A. Set aside for business to store extra servers for internal use. B. Accessible to the general public for accessing the business' web site. C. That allows a business to securely tr: Answer: C
Explanation: An extranet is a private network that uses the Internet protocol and the public telecommunication
system to securely share part of a business's information or operations with suppliers, vendors, partners,
customers, or other businesses. An extranet can be viewed as part of a company's intranet that is extended to
users outside the company.
110 An administrator is concerned with viruses in e-mail attachments being distributed and inadvertently installed on user's workstations. If the administrator sets up and attachment filter, what types of attachments should be filtered from e-m: Answer: D
Explanation:
Many newer viruses spread using email. The infected system includes an attachment to any e-mail that you send
to another user. The recipient opens this file thinking it is something you legitimately sent them. When they
open the file, the virus infects the target system. Many times the virus is in an executable attachment.
111 When an ActiveX control is executed, it executes with the privileges of the: A. Current user account B. Administrator account C. Guest account D. System account: ??
112 IDEA (International Data Encryption Algorithm), Blowfish, RC5 (Rivest Cipher 5) and CAST-128 are encryption algorithms of which type? A. Symmetric B. Asymmetric C. Hashing D. Elliptic curve: Answer: A
Explanation:
A few well-known examples of symmetric encryption algorithms are: DES, Triple-DES (3DES), IDEA, CAST-128,
BLOWFISH, RC5, and TWOFISH.
Note: When using symmetric algorithms, both parties share the same key for en- and decryption. To provide
privacy, this key needs to be kept secret. Once somebody else gets to know the key, it is not safe any more.
113 An example of a physical access barrier would be: A. Video surveillance B. Personnel traffic pattern management C. Security guard D. Motion detector: Answer: C
Explanation:
The objective of a physical barrier is to prevent access to computers and networks. The
other answers refer to detection and not prevention.
114 SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 54 - Which of the following is likely to be found after enabling anonymous FTP (File Transfer Protocol) read/write access? A. An upload: Answer: C
Explanation:
Anonymous FTP is based on good faith. But if it used to take advantage of the nonsecurity
logon, then answer C would seem to be the best answer.
115 A network attack method that uses ICMP (Internet Control Message Protocol) and improperly formatted MTUs (Maximum Transmission Unit) to crash a target computer is known as a: A. Man in the middle attack B. Smurf attack C: Answer: C
Explanation: The Ping of Death attack involved sending IP packets of a size greater than
65,535 bytes to the target computer. IP packets of this size are illegal, but applications
can be built that are capable of creating them. Carefully programmed operating systems
could detect and safely handle illegal IP packets, but some failed to do this.
Note: Packets that are bigger than the maximum size the underlying layer can handle (the
MTU) are fragmented into smaller packets, which are then reassembled by the receiver.
For ethernet style devices, the MTU is typically 1500.
Incorrect Answers
A: A man in the middle attack allows a third party to intercept and replace components
of the data stream.
B: The "smurf" attack, named after its exploit program, is one of the most recent in the
category of network-level attacks against hosts. A perpetrator sends a large amount
of ICMP echo (ping) traffic at IP broadcast addresses, all of it having a spoofed
source address of a victim.
D: In a TCP SYN attack a sender transmits a volume of connections that cannot be
completed. This causes the connection queues to fill up, thereby denying service to
legitimate TCP users.
116 What is NOT an acceptable use for smart card technology? A. Mobile telephones B. Satellite television access cards C. A PKI (Public Key Infrastructure) token card shared by multiple users D. Credit cards: Answer: C
Explanation:
A Smart card is a type of badge or card that can allow access to multiple resources
including buildings, parking lots, and computers. The card itself usually contains a small
amount of memory that can be used to store permissions and access information.
Answer C is least likely to be a smart card.
117 An effective method of preventing computer viruses from spreading is to: A. Require root/administrator access to run programs. B. Enable scanning of e-mail attachments. C. Prevent the execution of .vbs files. D. Install a hos: Answer: B
Explanation:
Viruses get into your computer in one of three ways. They may enter your computer on a
contaminated floppy or CD-ROM, through e-mail, or as a part of another program.
118 A PKI (Public Key Infrastructure) document that serves as the vehicle on which to base common interoperability standards and common assurance criteria on an industry wide basis is a certificate: A. Policy B. Practice C.: Answer: A
Explanation:
Any document that servers as the vehicle on which it is used a guideline is a policy.
119 Currently, the most costly method of an authentication is the use of: A. Passwords B. Tokens C. Biometrics D. Shared secrets: Answer: C
Explanation:
Biometrics
These technologies are becoming more reliable, and they will become widely used over
the next few years. Many companies use smart cards as their primary method of access
control. Implementations have been limited in many applications because of the high cost
associated with these technologies.
120 Which systems should be included in a disaster recover plan? A. All systems. B. Those identified by the board of directors, president or owner. C. Financial systems and human resources systems. D. Systems identified in a form: Answer: D
Explanation: A preliminary risk analysis is performed to identify business critical
applications and functions. Once those functions have been identified and documented,
we prepared a structured approach to disaster recovery for the organization.
121 SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 57 - What is the best defence against man in the middle attacks? A. A firewall B. Strong encryption C. Strong authentication D: Answer: C
Explanation: A man in the middle (MITM) attack, means that someone places himself in
the communication channel between the two parties already at the time of certificate
exchange. When a party sends its public key to the other, the MITM takes this key and
replaces it by his own. The other party thinks the key just received came from the
expected sender, but in fact it comes from the MITM. That's the reasons why public keys
should be signed by a trusted authority (a.k.a. "trust center" or "certificate authority").
122 One of the most effective ways for an administrator to determine what security holes reside on a network is to: A. Perform a vulnerability assessment. B. Run a port scan. C. Run a sniffer. D. Install and monitor and IDS: Answer: A
Explanation:
Performs a vulnerability assessment is one of the most effective way to find holes in the
network. The other answers limit your assessment.
123 Analyzing log files after an attack has started as an example of: A. Active detection B. Overt detection C. Covert detection D. Passive detection: Answer: D
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 58 -
Explanation: Passive intrusion detection systems involve the manual review of event
logs and application logs. The inspection involves analysis and detection of attack
patterns in event log data.
124 A malformed MIME (Multipurpose Internet Mail Extensions) header can: A. Create a back door that will allow an attacker free access to a companyâ€™s private network. B. Create a virus that infects a userâ€™s computer. C. Cause: D
125 An attacker can determine what network services are enabled on a target system by: A. Installing a rootkit on the target system. B. Checking the services file. C. Enabling logging on the target system. D. Running a port: Explanation:
A TCP/IP network makes many of the ports available to outside users through the router.
These ports will respond in a predictable manner when queried. An attacker can
systematically query our network to determine which services and ports are open. This
process is called port scanning, and it can reveal a great deal about your network. Port
scans can be performed both internally and externally. Many routers, unless configured
appropriately, will let all of the protocols pass through them.
126 SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 59 - What type of attack CANNOT be detected by an IDS (Intrusion Detection System)? A. DoS (Denial of Service) B. Exploits of bugs or hi: Answer: C
Explanation:
Spoofed e-mails will not be detected by the IDS.
127 Regarding security, biometrics are used for. A. Accountability B. Certification C. Authorization D. Authentication: Answer: D
Explanation:
Biometrics devices use physical characteristics to identify the user.
128 What is the most effective social engineering defence strategy? A. Marking of documents B. Escorting of guests C. Badge security system D. Training and awareness: Answer: D
Explanation:
The only preventative measure in dealing with social engineering attacks is to educate
your users and staff to never give out passwords and user Ids over the phone, via e-mail,
or to anyone who is not positively verified as being who they say they are.
129 A security administrator tasked with confining sensitive data traffic to a specific subnet would do so by manipulating privilege policy based tables in the networks: A. Server B. Router C. VPN (Virtual Private Network) D: Explanation:
You can use a switch to segment a specific network or subnet by using VLANs.
130 For system logging to be an effective security measure, an administrator must: A. Review the logs on a regular basis. B. Implement circular logging. C. Configure the system to shutdown when the logs are full. D. Configure SNM: Answer: A
Explanation:
Keeping track of system events and asset inventories is an important aspect of security.
System logs tell us what is happening with the systems in the network. These logs should
be periodically reviews and cleared. Logs tend to fill up and become hard to work with. It
is a good practice to review system logs on a weekly basis to look for unusual errors,
activities, or events.
131 With regards to the use of Instant Messaging, which of the following type of attack strategies is effectively combated with user awareness training? A. Social engineering B. Stealth SY0 - 001 Leading the way in IT testin: Answer: A
Explanation:
The only preventative measure in dealing with social engineering attacks is to educate
your users and staff to never give out passwords and user Ids over the phone, via e-mail,
or to anyone who is not positively verified as being who they say they are.
132 The process by which remote users can make a secure connection to internal resources after establishing an Internet connection could correctly be referred to as: A. Channeling B. Tunneling C. Throughput D. Forwarding: Answer: B
Explanation:
Tunneling refers to the ability to create a virtual dedicated connection between two
systems or network. The tunnel is created between the two ends by encapsulating the data
in a mutually agreed upon protocol for transmission.
133 Appropriate documentation of a security incident is important for each of the following reasons EXCEPT: A. The documentation serves as a lessons learned which may help avoid further exploitation of the same vulnerability. B.: Answer: C
Explanation:
There is no documentation on who should be fired for an incident.
134 Assuring the recipient that a message has not been altered in transit is an example of which of the following: A. Integrity B. Static assurance C. Dynamic assurance D. Cyclical check sequence: Answer: A
Explanation:
The goal of integrity is the make sure that the data being worked with is actually correct
data.
135 Which of the following is expected network behaviour? A. Traffic coming from or going to unexpected locations. B. Non-standard or malformed packets/protocol violations. C. Repeated, failed connection attempts. D. Changes in n: Answer: D
Explanation:
There will always be variations of traffic load. The other three answers are suspicious
traffic.
136 Which of the following steps in the SSL (Secure Socket Layer) protocol allows for client and server authentication, MAC (Mandatory Access Control) and encryption algorithm negotiation, and selection of cryptographic keys? A. SSL (: Answer: D
SSL Handshake Protocol
ô€‚ƒ run before any application data is transmitted
ô€‚ƒ provides mutual authentication
ô€‚ƒ establishes secret encryption keys
ô€‚ƒ establishes secret MAC keys
137 Which of the following correctly identifies some of the contents of an userâ€™s X.509 certificate? A. Userâ€™s public key, object identifiers, and the location of the userâ€™s electronic identity. B. Userâ€™s public key, the: Answer: B
Explanation: The X.509 standard defines what information can go into a certificate, and
describes how to write it down (the data format). All X.509 certificates have the
following data, in addition to the signature:
Version
Serial Number The entity that created the certificate, the CA, is responsible for
assigning it a serial number to distinguish it from other certificates it issues.
Signature Algorithm Identifier
Issuer Name The X.500 name of the entity that signed the certificate. This is normally a
CA. Using this certificate implies trusting the entity that signed this certificate.
Validity Period
Subject Name
Subject Public Key Information This is the public key of the entity being named,
together with an algorithm identifier which specifies which public key crypto system this
key belongs to and any associated key parameters.
138 An organization is implementing Kerberos as its primary authentication protocol. Which of the following must be deployed for Kerberos to function properly? A. Dynamic IP (Internet Protocol) routing protocols for routers and servers.: Answer: D
Time synchronization is crucial because Kerberos uses server and workstation time as
part of the authentication process.
139 The WAP (Wireless Application Protocol) programming model is based on the following three elements: A. Client, original server, WEP (Wired Equivalent Privacy) B. Code design, code review, documentation C. Client, original ser: Answer: D
140 Technical security measures and countermeasures are primary intended to prevent: A. Unauthorized access, unauthorized modification, and denial of authorized access. SY0 - 001 Leading the way in IT testing and certification tools,: Answer: A
Explanation:
Security measures and countermeasures are used for Confidentiality, integrity,
availability and accountability.
141 Poor programming techniques and lack of code review can lead to which of the following type of attack? A. CGI (Common Gateway Interface) script B. Birthday C. Buffer overflow D. Dictionary: Answer: C
Explanation:
Buffer overflows occur when an application receives more data than it is programmed to
accept. This situation can cause an application to terminate. The termination may leave
the system sending the data with temporary access to privileged levels in the attacked
system. This exploitation is usually a result of a programming error in the development of
the software.
142 Which of the following is NOT a characteristic of DEN (Directory Enabled Networking)? A. It is mapped into the directory defined as part of the LDAP (Lightweight Directory Access Protocol). B. It is inferior to SNMP (Simple N: Answer: B
143 Privileged accounts are most vulnerable immediately after a: A. Successful remote login. B. Privileged user is terminated. C. Default installation is performed. D. Full system backup is performed.: Answer: B (possibly C)
Explanation: A fired domain admin could easily RAS or VPN in and wreck havoc if
his/her privileged account is not disabled.
144 What is the advantage of a multi-homed firewall? A. It is relatively inexpensive to implement. B. The firewall rules are easier to manage. C. If the firewall is compromised, only the systems in the DMZ (Demilitarized Zone) ar: Answer: C
Explanation:
The DMZ is used to place servers that are usually accessible from the internet and the
internal network.
145 SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 67 - A password security policy can help a system administrator to decrease the probability that a password can be guessed by reducing the pa: Answer: B
Explanation:
By reducing the lifetime of a password, the user must change the password and thus
making the attacker start over on guessing the password.
146 An inherent flaw of DAC (Discretionary Access Control) relating to security is: A. DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse. B. DAC (Discretionary Acces: Answer: A
Explanation:
In a DAC model, network users have some flexibility regarding how information is
accessed. This model allows users to dynamically share information with other users. The
process allows a more flexible environment, but it increases the risk of unauthorized
disclosure of information. Administrators will have more difficult tme ensuring that
information access is controlled and that only appropriate access is given.
147 What is the most common method used by attackers to identify the presence of an 801.11b network? A. War driving SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 68 - B. Direct inwa: Answer: A
Explanation: War driving is the practice of literally driving around looking for free
connectivity from Wi-Fi networks.
Incorrect Answers
B: Does not apply.
C: In war dialing combinations of numbers are tested to find network back doors via
modem.
D: Does not apply.
148 The best method to use for protecting a password stored on the server used for user authentication is to: A. Store the server password in clear text. B. Hash the server password. C. Encrypt the server password with asymmetric: Answer: B
Explanation:
This seems to be the best choice out of the four answers. By hashing the passwords, they
will be encrypted.
149 During the digital signature process, asymmetric cryptography satisfied what security requirement? A. Confidentiality B. Access control C. Data integrity D. Authentication: Answer: D
Explanation:
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 69 -
A digital signature validates the integrity of the message and the sender. The message is
encrypted using the encryption system, and a second piece of information, the digital
signature, is added to the message.
150 The most effective way an administrator can protect users from social engineering is: A. Education B. Implement personal firewalls. C. Enable logging on at userâ€™s desktops. D. Monitor the network with an IDS (Intrusion: Answer: A
Social engineering: An outside hacker's use of psychological tricks on legitimate users
of a computer system, in order to gain the information (usernames and passwords) he
needs to gain access to the system.
151 The action of determining witch operating system is installed on a system simply by analyzing its response to certain network traffic is called: A. OS (Operating System) scanning. B. Reverse engineering. C. Fingerprinting: Answer: C
Explanation:
Fingerprinting is the act of inspecting the information of a workstation.
152 One of the factors that influence the lifespan of a public key certificate and its associated keys is the: A. Value of the information it is used to protect. B. Cost and management fees. SY0 - 001 Leading the way in IT t: Answer: C
153 A DRP (Disaster Recovery Plan) typically includes which of the following: A. Penetration testing. B. Risk assessment. C. DoS (Denial of Service) attack. D. ACLs (Access Control List).: Answer: B
Explanation:
This is a tough question as well. Answer B seems to be the best answer out of the four.
Penetration testing will not occur without risk assessment. And the other two answers are
not really good choices.
154 Which of the following is the best description of â€œseparation of dutiesâ€? A. Assigning different parts of tasks to different employees. B. Employees are granted only the privileges necessary to perform their tasks. C. Each emp: Answer: A
Explanation:
Separation of Duties policies are designed to reduce the risk of fraud and prevent other
losses in an organization. A good policy will require more than one person to accomplish
key processes.
155 Which of the following is a popular VPN (Virtual Private Network) protocol operating at OSI (Open Systems Interconnect) model Layer 3? A. PPP (Point-to-Point Protocol) B. SSL (Secure Sockets Layer) C. L2TP (Layer Two Tunnelin: Answer: D
Explanation:
IPSec works at the network layer of the OSI layer model and is a key factor in VPNs.
156 The system administrator has just used a program that highlighted the susceptibility of several servers on the network to various exploits. The program also suggested fixes. What type of program was used? A. Intrusion detecti: Answer: C
Explanation:
The vulnerability scanners are tools that were designed to remotely assess your network
by finding the vulnerabilities on your systems before the bad guys do.
Vulnerability scanning looks for vulnerabilities in your network before anyone has a
chance to exploit them. The vulnerabilities might exist in your network as a whole (open
TCP ports or unneeded services), on your servers, or on workstations.
A vulnerability scanner will examine your system and compare it to a database of known
vulnerabilities, then report the vulnerabilities it finds on each system. The report will also
tell you how to fix the vulnerabilities, such as altering configuration files or downloading
security patches from a vendor.
157 SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 72 - Which protocol is typically used for encrypting traffic between a web browser and web server? A. IPSec (Internet Protocol Security): Answer: C
Explanation:
The Secure Sockets Layer (SSL) is used to establish a secure communication connection
between two TCP-based machines.
158 What fingerprinting technique relies on the fact that operating systems differ in the amount of information that is quoted when ICMP (Internet Control Message Protocol) errors are encountered? A. TCP (Transmission Control Protocol: Answer: D
ICMP Message quoting: The ICMP quotes back part of the original message with every
ICMP error message. Each operating system will quote definite amount of message to the
ICMP error messages. The peculiarity in the error messages received from various types
of operating systems helps us in identifying the remote hostâ€™s OS.
159 Incorrectly detecting authorized access as an intrusion or attack is called a false: A. Negative B. Intrusion C. Positive D. Alarm: Answer: C
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 73 -
Explanation:
A false positive is when legitimate traffic is picked up as an intruder.
160 When hardening a machine against external attacks, what process should be followed when disabling services? A. Disable services such as DHCP (Dynamic Host Configuration Protocol) client and print servers from servers that do not u: Answer: C
Explanation:
Platform hardening procedures can be categorized into three basic areas:
⬢ The first area to address is removing unused software and processes from the
workstations. The services and processes may create opportunities for
exploitation.
⬢ The second are involves ensuring that all services and applications are up-to-date
and configured in the most secure manner allowed. This may include assigning
passwords, limiting access, and restricting capabilities.
⬢ The third area to address involves the minimization of information dissemination
about the operating system, services, and capabilities of the system.
161 Message authentication codes are used to provide which service? A. Integrity B. Fault recovery C. Key recovery D. Acknowledgement: Answer: A
Explanation:
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 74 -
A common method of verifying integrity involves adding a Message Authentication Code
to the message. The MAC is derived from the message and a key. This process ensures
the integrity of the message.
162 When a change to user security policy is made, the policy maker should provide appropriate documentation to: A. The security administrator. B. Auditors C. Users D. All staff.: Answer: D
Explanation:
There are many policies for companies these days. Considering the question refers to a
user security policy, the users and staff need to know the policy. This is a tricky question
with many close answers. I would say D would be the best choice, but maje your best
decision.
163 A major difference between a worm and a Trojan horse program is: A. Worms are spread via e-mail while Trojan horses are not. B. Worms are self replicating while Trojan horses are not. C. Worms are a form of malicious code while Tr: Answer: B
Explanation:
A worm is different from a virus. Worms reproduce themselves, are self-contained and
do not need a host application to be transported. The Trojan Horse program may be
installed as part of an installation process. They do not reproduce or self replicate.
164 SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 75 - A common algorithm used to verify the integrity of data from a remote user through a the creation of a 128-bit hash from a data input is: Answer: D
Explanation:
MD5 is the newest version of the algorithm. MD5 produces a 128-bit hash, but the
algorithm is more complex than its predecessors and it offers greater security.
165 What is the best method of reducing vulnerability from dumpster diving? A. Hiring additional security staff. B. Destroying paper and other media. C. Installing surveillance equipment. D. Emptying the trash can frequently.: Answer: B
Explanation:
Dumpster diving is a very common physical access method. Companies generate a huge
amount of paper in the normal course of events. Most of the information eventually
winds up in dumpsters or recycle bins. These dumpsters may contain information that is
highly sensitive in nature. In high security government environments, sensitive papers are
either shredded or burned. Most businesses do not do this.
166 What is the best method of defence against IP (Internet Protocol) spoofing attacks? A. Deploying intrusion detection systems. B. Creating a DMZ (Demilitarized Zone). C. Applying ingress filtering to routers. D. Thee is not a: Answer: C
Explanation: IP Spoofing attacks that take advantage of the ability to forge (or "spoof")
IP address can be prevented by implementing Ingress and Egress filtering on the network
perimeter.
167 A need to know security policy would grant access based on: A. Least privilege B. Less privilege C. Loss of privilege D. Singe privilege: Answer: A
Explanation:
The Need to Know policies allow people in an organization to withhold the release of
classisfied or sensitive information from others in the company. The more people have
access to sensitive information, the more likely it is that this information will be disclosed
to unauthorized personnel. A Need to Know policy is not intended to prohibit people
from accessing information they need; it is meant to minimize unauthorized access.
I could not find the word â€œ least privilegeâ€ in this book, but the term in used in the CISSP
book. Answer A is correct and is the correct term that is used, the others are not.
168 When a user digitally signs a document an asymmetric algorithm is used to encrypt: A. Secret passkeys B. File contents C. Certificates D. Hash results: Answer: D
Explanation:
A digital signature validates the integrity of the message and the sender. The message is
encrypted using the encryption system, and a second piece of information, the digital
signature, is added to the message.
169 The best way to harden an application that is developed in house is to: A. Use an industry recommended hardening tool. B. Ensure that security is given due considerations throughout the entire development process. C. Try atta: Answer: B
Explanation:
The Sybex book discusses Application hardening and refers this to the Web Servers and
FTP, E-mail servers. The question refers to programming new applications. Although I
could not find any information in the book about programming hardening, I would say
that answer B is the best choice out of the four answers.
170 Security requirements for servers DO NOT typically include: A. The absence of vulnerabilities used by known forms of attack against server hosts. B. The ability to allow administrative activities to all users. C. The ability to de: Answer: B
Explanation:
The obvious choice to this question is C. I do not know of any network that allows
everyone administrative controls.
171 How can an e-mail administrator prevent malicious users from sending e-mails from non-existent domains? A. Enable DNS (Domain Name Service) reverse lookup on the e-mail server. SY0 - 001 Leading the way in IT testing and cert: Answer: A
172 A network attack that misuses TCPâ€™s (Transmission Control Protocol) three way handshake to overload servers and deny access to legitimate users is called a: A. Man in the middle. B. Smurf C. Teardrop D. SYN (Synchroniz: Answer: D
Explanation:
SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets. The
receiving station tries to respond to each SYN request for a connection, thereby tying up
all the resources. All incoming connections are rejected until all current connections can
be established.
173 Which of the following options describes a challenge-response session? A. A workstation or system that generates a random challenge string that the user enters when prompted along with the proper PIN (Personal Identification Numbe: Answer: A
174 A server placed into service for the purpose of attracting a potential intruderâ€™s attention is known as a: A. Honey pot B. Lame duck C. Teaser D. Pigeon: Answer: A
Explanation:
A honey pot is a computer that has been designed as a target for computer attacks. The
benefit of a honey pot system is that it will draw attackers away from a higher value
system or it will allow administrators to gain intelligence about an attack strategy.
175 A network administrator wants to restrict internal access to other parts of the network. The network restrictions must be implemented with the least amount of administrative overhead and must be hardware based. What is the best so: Answer: A
Explanation:
A firewall can be hardware based and after initial configuration, there is no
administrative overhead.
176 Which one of the following would most likely lead to a CGI (Common Gateway Interface) security problem? A. HTTP (Hypertext Transfer Protocol) protocol. B. Compiler or interpreter that runs the CGI (Common Gateway Interface) script: Answer: D
Explanation:
Common Gateway Interface is an older form of scripting that was used extensively in
early web systems. CGI scripts could be used to capture data from a user using simple
forms. The CGI script ran on the web server, and it interacted with the client browser.
CGI is frowned upon in new applications because of its security issues, but it still widely
used in older systems.
Although the answer is not given in the paragraph from the book, the answer would be D.
177 SSL (Secure Sockets Layer) session keys are available in what two lengths? A. 40-bit and 64-bit. B. 40-bit and 128-bit. C. 64-bit and 128-bit. D. 128-bit and 1,024-bit.: Answer: B
Explanation:
SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the "session
key" generated by every encrypted transaction. The longer the key, the more difficult it is
to break the encryption code.
178 SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 81 - Which access control method provides the most granular access to protected objects? A. Capabilities B. Access control lists: Answer: B
Explanation:
Access control lists enable devices in your network to ignore requests from specified
users or systems, or grant certain network capabilities to them. ACLs allow a stronger set
of access controls to be established in your network. The basic process of ACL control
allows the administrator to design and adapt the network to deal with specific security
threats.
179 The primary DISADVANTAGE of symmetric cryptography is: A. Speed B. Key distribution C. Weak algorithms D. Memory management: Answer: B
In symmetric encryption the message can be encrypted and decrypted using the same key.
180 Missing audit log entries most seriously affect an organizationâ€™s ability to: A. Recover destroyed data. B. Legally prosecute an attacker. C. Evaluate system vulnerabilities. D. Create reliable system backups.: Answer: C
The audit trail lets you detect suspicious activity from both outsiders and insiders and
provides you with important evidence to use against intruders.
181 File encryption using symmetric cryptography satisfies what security requirement? A. Confidentiality B. Access control C. Data integrity D. Authentication: Answer: D
Explanation:
Symmetric algorithms require both ends of an encrypted message to have the same key
and processing algorithms. Symmetric algorithms generate a secret key that must be
protected. A private key is simply a key that is not disclosed to people who are not
authorized to use the encryption system. The disclosure of a private key breaches the
security of the encryption system.
By having the secret key, that would mean you will be authenticated to received the file
or data that.
182 Which of the following provides privacy, data integrity and authentication for handles devices in a wireless network environment? A. WEP (Wired Equivalent Privacy) B. WAP (Wireless Application Protocol) C. WSET (Wireless Secu: Answer: D
Explanation: Short for Wireless Transport Layer Security. WTLS is the security layer of
the WAP, providing privacy, data integrity and authentication for WAP services.
Not A: WEP is one of the most popular features available for a Wireless LAN. It is used
to encrypt and decrypt data signals transmitted between Wireless LAN devices. In
essence, WEP makes a wireless LAN link as secure as a wired link.
183 SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 83 - The integrity of a cryptographic system is considered compromised if which of the following conditions exist? A. A 40-bit algorithm: Answer: C
184 The system administrator concerned about security has designated a special area in which to place the web server away from other servers on the network. This area is commonly known as the? A. Honey pot B. Hybrid subnet C: Answer: C
A Demilitarized Zone is used by a company that wants to host its own Internet services
without sacrificing unauthorized access to its private network.
185 An administrator of a web server notices many port scans to a server. To limit exposure and vulnerability exposed by these port scans the administrator should: A. Disable the ability to remotely scan the registry. B. Leave all pro: Answer: D
186 Which encryption scheme relies on both the sender and receiver to use different keys to encrypt and decrypt messages? A. Symmetric B. Blowfish C. Skipjack D. Asymmetric: Answer: D
Explanation: Asymmetric Encryption is a form of Encryption where keys come in pairs.
What one key encrypts, only the other can decrypt.
Incorrect Answers
A: In symmetric encryption the message can be encrypted and decrypted using the same
key.
B: Blowfish is a symmetric block cipher that can be used as a drop-in replacement for
DES or IDEA.
C: Skipjack is the encryption algorithm contained in the Clipper chip, and it was
designed by the NSA.
187 Which tunneling protocol only works on IP networks? A. IPX B. L2TP C. PPTP D. SSH: Answer: B
188 What functionality should be disallowed between a DNS (Domain Name) server and untrusted node? A. name resolutions B. reverse ARP (Address Resolution Protocol) requests C. system name resolutions D. zone transfers: Answer: D
Users who can start zone transfers from your server can list all of the records in your
zones.
189 A document written by the CEO that outlines PKI use, management and deployment is a... A. PKI policy B. PKI procedure C. PKI practice D. best practices guideline: Answer: A
Definition of Policy - course of action, guiding principle, or procedure considered
expedient, prudent, or advantageous.
190 Which one does not use Smart Card Technology? A. CD Player B. Cell Phone C. Satellite Cards D. Handheld Computer: Answer: A
Explanation:
Why would a CD player use a Smart card? This is a pretty easy answer.
191 What port does SNMP use? A. 21 B. 161 C. 53 D. 49: Answer: B
SNMP uses UDP port 161
192 What port does TACACS use? A. 21 B. 161 C. 53 D. 49: Answer: D
TACACS uses both TCP and UDP port 49.
193 What has 160-Bit encryption? A. MD-5 B. MD-4 C. SHA-1 D. Blowfish: Answer: C
HMAC-SHA-1 uses a 160-bit secret key.
194 During the digital signature process, hashing provides a means to verify what security requirement? A. non-repudiation. SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 87 - B. acc: Answer: C
Explanation:
A digital signature validates the integrity of the message and the sender. The message is
encrypted using the encryption system, and a second piece of information, the digital
signature, is added to the message.
195 Which of the following would be most effective in preventing network traffic sniffing? A. deploy an IDS (Intrusion Detection System). B. disable promiscuous mode. C. use hubs instead of routers. D. use switches instead o: Answer: D
196 What network mapping tool uses ICMP (Internet Control Message Protocol)? A. port scanner. B. map scanner. C. ping scanner. D. share scanner.: Answer: C
197 Which of the following needs to be included in a SLA (Service Level Agreement) to ensure the availability of server based resources rather than guaranteed server performance levels? A. network B. hosting C. application: Answer: B
198 What are the three entities of the SQL (Structured Query Language) security model? A. actions, objects and tables B. actions, objects and users C. tables, objects and users D. users, actions and tables: B
199 What type of security mechanism can be applied to modems to better authenticate remote users? A. firewalls SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 89 - B. encryption: D
200 What is the most common goal of operating system logging? A. to determine the amount of time employees spend using various applications. B. to keep a record of system usage. C. to provide details of what systems have been compromi: Answer: B
201 What are TCP (Transmission Control Protocol) wrappers used for? A. preventing IP (Internet Protocol) spoofing B. controlling access to selected services C. encrypting TCP (Transmission Control Protocol) traffic D. sniffing TC: Answer B
202 DDoS (Distributed Denial of Service) is most commonly accomplished by: A. internal host computers simultaneously failing. B. overwhelming and shutting down multiple services on a server. C. multiple servers or routers monopolizing: Answer: C
203 An attacker manipulates what field of an IP (Internet Protocol) packet in an IP (Internet Protocol) spoofing attack? A. version field. B. source address field. C. source port field. D. destination address field.: Answer: B
Explanation:
IP Spoofing
A hacker trying to gain access to a network by pretending his or her machine has the
same network address as the internal network.
204 Which of the following is a VPN (Virtual Private Network) tunneling protocol? A. AH (Authentication Header). B. SSH (Secure Shell). C. IPSec (Internet Protocol Security). D. DES (Data Encryption Standard).: Answer: C
Explanation:
IPSec provides secure authentication and encryption of data and headers. IPSec can work
in Tunneling mode or Transport mode. In Tunneling mode, the data or payload and
message headers are encrypted. Transport modes encrypts only the payload.
205 Companies without an acceptable use policy may give their employees an expectation of A. intrusions B. audits C. privacy D. prosecution: Answer: C
Explanation:
Acceptable Use policies deal primarily with computers and information provided by the
company. Your policy should clearly stipulate what activities are allowed and what
activities are not allowed. Having a acceptable use policy in place eliminates any
uncertainty regarding is and what isnâ€™t allowed in your organization.
206 A perimeter router is configured with a restrictive ACL (Access Control List). Which transport layer protocols and ports must be allowed in order to support L2TP (Layer Two Tunneling Protocol) and PPTP (Point-to-Point Tunneling Pr: Answer: C
207 A virus that hides itself by intercepting disk access requests is: A. multipartite. B. stealth. C. interceptor. D. polymorphic.: Answer: B
Explanation:
A stealth virus will attempt to avoid detection by masking itself from applications. It may
attach itself to the boot sector of the hard drive. When a system utility or program runs,
the stealth virus redirects commands around itself in order to avoid detection. An infected
file may report a file size different from what is actually present in order to avoid
detection.
208 S/MIME (Secure Multipurpose Internet Mail Extensions) is used to: A. encrypt user names and profiles to ensure privacy B. encrypt messages and files C. encrypt network sessions acting as a VPN (Virtual Private Network) client: Answers B
Explanation:
Secure MIME (S/MIME) is a standard used for encrypting e-mail. S/MIME can also
contain signature data. S/MIME provides encryption, integrity, and authentication when
used in conjunction with PKI.
209 WTLS (Wireless Transport Layer Security) provides security services between a mobile device and a: A. WAP (Wireless Application Protocol) gateway. B. web server. C. wireless client. D. wireless network interface card.: Answer: A
210 A network administrator wants to connect a network to the Internet but does not want to compromise internal network IP (Internet Protocol) addresses. What should the network administrator implement? A. a honey pot B. a NAT (N: Answer: B
211 Non-repudiation is based on what type of key infrastructure? A. symmetric. B. distributed trust. C. asymmetric. D. user-centric.: Answer: C
212 Intrusion detection systems typically consist of two parts, a console and as A. sensor B. router C. processor D. firewall: Answer: A
213 Which of the following hash functions generates a 160-bit output? A. MD4 (Message Digest 4). B. MD5 (Message Digest 5). C. UDES (Data Encryption Standard). D. SHA-1 (Secure Hashing Algorithm 1).: Answer: D
Explanation:
The SHA algorithm produces a 160-bit hash value. SHA has been updated; the new
standard is SHA-1.
214 Which is of greatest importance when considering physical security? A. reduce overall opportunity for an intrusion to occur B. make alarm identification easy for security professionals SY0 - 001 Leading the way in IT testing: Answer: A
Explanation:
The best answer is A. By reducing the overall opportunity for an intrusion to occur is
pretty general but equally important.
215 An attacker attempting to penetrate a companyâ€™s network through its remote access system would most likely gain access through what method? A. war dialer. B. Trojan horse. C. DoS (Denial of Service). D. worm.: Answer: A
Explanation:
A ware dialer picks up modems that is connected to a phone jack in a network. By using
a war dialer, you can find a connected modem and call into it, to gain remote access to a
computer. This is very 1980s, but it still works. For remote access purposes, a ware dialer
would be the best choice here.
216 The flow of packets traveling through routers can be controlled by implementing what type of security mechanism? A. ACL (Access Control List) B. fault tolerance tables C. OSPF (Open Shortest Path First) policy D. packet: Answer: A
Explanation:
Access control lists enable devices in your network to ignore requests from specified
users or systems, or grant certain network capabilities to them. ACLs allow a stronger set
of access controls to be established in your network. The basic process of ACL control
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 96 -
allows the administrator to design and adapt the network to deal with specific security
threats.
217 In a RBAC (Role Based Access Control) contexts, which statement best describes the relation between users, roles and operations? A. multiple users, single role and single operation. B. multiple users, single role and multiple oper: Answer: D
218 Servers or workstations running programs and utilities for recording probes and attacks against them are referred to as: A. firewalls. B. host based IDS (Intrusion Detection System). C. proxies D. active targets.: Answer: B
219 Most certificates used for authentication are based on what standard? SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 97 - A. 1S019278 B. X.500 C. RFC 1205 D. X.509 v3: Answer: D
220 The goal of TCP (transmission Control Protocol) hijacking is: A. taking over a legitimate TCP (transmission Control Protocol) connection B. predicting the TCP (transmission Control Protocol) sequence number C. identifying the TCP: Answer: A
221 A public key is a pervasive system whose services are implemented and delivered using public key technologies that include CAs (Certificate Authority), digital certificates, non-repudiation, and key history management. A. cryptogr: Answer: D
222 Using distinct key pairs to separate confidentiality services from integrity services to support non-repudiation describes which one of the following models? A. discrete key pair. B. dual key pair. C. key escrow. D. fore: Answer: B
223 Implementation of access control devices and technologies must fully reflect an organizationâ€™s security position as contained in its: A. ACLs (Access Control List) B. access control matrixes C. information security policies: Answer: C
224 Which of the following would NOT be considered a method for managing the administration of accessibility? A. DAC (Discretionary Access Control) list. B. SAC (Subjective Access Control) list. C. MAC (Mandatory Access Control): B
225 Which of the following often requires the most effort when securing a server due to lack of available documentation? A. hardening the OS (Operating System) B. configuring the network C. creating a proper security policy: A
226 How are honey pots used to collect information? Honey pots collect: A. IP (Internet Protocol) addresses and identity of internal users B. data on the identity, access, and compromise methods used by the intruder. C. data regarding: Answer: B
Explanation:
A honey pot is a computer that has been designed as a target for computer attacks. The
benefit of a honey pot system is that it will draw attackers away from a higher value
system or it will allow administrators to gain intelligence about an attack strategy.
227 SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 100 - A fundamental risk management assumption is, computers can NEVER be completely. A. secure until all vendor patches are installed.<: Answer: C
Explanation:
Answer C is correct because there is no way to bullet proof a computerâ€™s security. There
is too many variables to consider.
228 Which of the following is most commonly used by an intruder to gain unauthorizedaccess to a system? A. brute force attack. B. key logging. C. Trojan horse. D. social engineering.: Answer: D
Explanation:
Social engineering is a process where an attacker attempts to acquire information about
your network and system by talking to people in the organization. A social engineering
attack may occur over the phone, by e-mail, or by a visit.
The answer is not written in the book, but the easiest way to gain information would be
social engineering.
229 Which two protocols are VPN (Virtual Private Network) tunneling protocols? A. PPP (point-to-Point Protocol) and SLIP (Serial Line Internet Protocol). B. PPP (Point-to-Point Protocol) and PPTP (Point-to-Point Tunneling Protocol). C: Answer: C
230 The most common form of authentication is the use of: A. certificates. B. tokens. C. passwords. D. biometrics.: C
231 Company intranets, newsletters, posters, login banners and e-mails would be good tools to utilize in a security: A. investigation B. awareness program C. policy review D. control test: B
232 The most common method of social engineering is: SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 102 - A. looking through usersâ€™ trash for information B. calling users and asking for: Answer: B
Explanation:
Social engineering is a process where an attacker attempts to acquire information about
your network and system by talking to people in the organization. A social engineering
attack may occur over the phone, by e-mail, or by a visit.
233 One of the primary concerns of a centralized key management system is that A. keys must be stored and distributed securely B. certificates must be made readily available C. the key repository must be publicly accessible D. th: A
234 What must be done to maximize the effectiveness of system logging? A. encrypt log files B. rotate log files C. print and copy log files D. review and monitor log files: Answer: D
Explanation:
Keeping track of system events and asset inventories is an important aspect of security.
System logs tell us what is happening with the systems in the network. These logs should
be periodically reviews and cleared. Logs tend to fill up and become hard to work with. It
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 103 -
is a good practice to review system logs on a weekly basis to look for unusual errors,
activities, or events.
235 Which of the following protocols is used by web servers to encrypt data? A. TCP/IP (Transmission Control Protocol/Internet Protocol) B. ActiveX C. IPSec (Internet Protocol Security) D. SSL (Secure Sockets Layer): Answer: D
Explanation:
The Secure Socket Layer is used to establish a secure communication connection
between two TCP-based machines. This protocol uses the handshake method. When a
connection request is made to the server, the server sends a message back to the client
indicating a secure connection is needed. The client then sends the server a certificate
indicating the capabilities of the client. The server then evaluates the certificate and
responds with a session key and an encrypted private key. The session is secure after this
process.
236 What are three characteristics of a computer virus? A. find mechanism, initiation mechanism and propagate B. learning mechanism, contamination mechanism and exploit C. search mechanism, connection mechanism and integrate D. r: Answer: D
237 An e-mail relay server is mainly used to: A. block all spam, which allows the e-mail system to function more efficiently without the additional load of spam. B. prevent viruses from entering the network. C. defend the primary: C
238 A network administrator is having difficulty establishing aL2TP (Layer Two Tunneling Protocol) VPN (Virtual Private Network) tunnel with IPSec (Internet Protocol Security) between a remote dial-up client and the firewall, through a: C
239 A companyâ€™s web server is configured for the following services: HTFP (Hypertext Transfer Protocol), SSL (Secure Sockets Layer), FTP (Pile Transfer Protocol), SMTP (Simple Mail Transfer Protocol). The web server is placed into a DMZ<: Answer: C
240 What are three measures which aid in the prevention of a social engineering attack? A. education, limit available information and security policy. B. education, firewalls and security policy. C. security policy, firewalls and inci: Answer: A
Explanation:
A seems to be the best answer. The other answers involve objects and social engineering
is a verbal attack.
241 SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 106 - A user who has accessed an information system with a valid user ID and password combination is considered a(n): A. manager B.: Answer: C
Explanation:
In order to have access to information to files or systems, you need to be authenticated.
242 The first step in effectively implementing a firewall is: A. blocking unwanted incoming traffic. B. blocking unwanted outgoing traffic. C. developing a firewall policy. D. protecting against DDoS (Distributed Denial of Servic: Answer: C
Explanation:
What good is a firewall without any kind of policy or configuration policy to be
implemented.
243 What is a common DISADVANTAGE of employing an IDS (Intrusion Detection System)? A. false positives. B. throughput decreases. C. compatibility. D. administration.: Answer: A
Explanation:
A false positive is when legitimate traffic is picked up as an intruder. If this happens to
much then the IDS is not working properly.
244 What port scanning technique is used to see what ports are in a listening state and then performs a two way handshake? A. TCP (transmission Control Protocol) SYN (Synchronize) scan B. TCP (transmission Control Protocol) connect sc: A
245 When hosting a web server with CGI (Common Gateway Interface) scripts, the directories for public view should have: A. execute permissions B. read and write permissions C. read, write, and execute permissions D. full con: Answer: A
Explanation:
Common Gateway Interface is an older form of scripting that was used extensively in
early web systems. CGI scripts could be used to capture data from a user using simple
forms. The CGI script ran on the web server, and it interacted with the client browser.
CGI is frowned upon in new applications because of its security issues, but it still widely
used in older systems.
246 What should be done to secure a DHCP (Dynamic Host Configuration Protocol) service? SY0 - 001 Leading the way in IT testing and certification tools, www.testking.com - 108 - A. block ports 67 and 68 at the firewall.: A
247 An alternate site configured with necessary system hardware, supporting infrastructure and an on site staff able to respond to an activation of a contingency plan 24 hours a day, 7 days a week is a: A. cold site. B. warm site: Answer: D
Explanation:
A hot sites is a location that can provide operations within hours of a failure. This type of
site would have servers, networks and telecommunications in place to reestablish service
in a very short amount of time.
248 What protocol should be used to prevent intruders from using access points on a wireless network? A. ESP (Encapsulating Security Payload) B. WEP (Wired Equivalent Privacy) C. TLS (Transport Layer Security) D. SSL (Secure: Answer: B
Explanation:
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 109 -
The 802.11 standard describes the communication that occurs in wireless local area
networks (LANs). The Wired Equivalent Privacy (WEP) algorithm is used to protect
wireless communication from eavesdropping. A secondary function of WEP is to prevent
unauthorized access to a wireless network; this function is not an explicit goal in the
802.11 standard, but it is frequently considered to be a feature of WEP.
WEP relies on a secret key that is shared between a mobile station (eg. a laptop with a
wireless ethernet card) and an access point (ie. a base station). The secret key is used to
encrypt packets before they are transmitted, and an integrity check is used to ensure that
packets are not modified in transit. The standard does not discuss how the shared key is
established. In practice, most installations use a single key that is shared between all
mobile stations and access points. More sophisticated key management techniques can be
used to help defend from the attacks we describe; however, no commercial system we are
aware of has mechanisms to support such techniques.
249 How are clocks used in a Kerberos authentication system? A. The clocks are synchronized to ensure proper connections. B. The clocks are synchronized to ensure tickets expire correctly. C. The clocks are used to generate the seed v: B
250 Which of the following is used to authenticate and encrypt IP (Internet Protocol) traffic? A. ESP (Encapsulating Security Payload) B. S/MIME (Secure Multipurpose Internet Mail Extensions) C. IPSec (Internet Protocol Security): Answer: C
IPSec provides secure authentication and encryption of data and headers. IPSec can work
in Tunneling mode or Transport mode. In Tunneling mode, the data or payload and
message headers are encrypted. Transport modes encrypts only the payload.
251 Which of the following IP (Internet Protocol) address schemes will require NAT (Network Address Translation) to connect to the Internet? A. 204.180.0.0/24 B. 172.16.0.0/24 C. 192.172.0.0/24 D. 172.48.0.0/24: Answer: B
Explanation:
172.16.0.0 is a private IP address that can be NAT to a IP address.

Start Studying!

Deck Info

Number of cards 249