This site is 100% ad supported. Please add an exception to adblock for this site.

Security+ SYO-101B

Terms

undefined, object
copy deck
101. Which of the following is the greatest problem associated with Instant Messaging?

A. widely deployed and difficult to control.
B. created without security in mind.
C. easily spoofed.
D. created with file sharing enabled
B
102. An organization is implementing Kerberos as its primary authentication protocol. Which of the following must be deployed for Kerberos to function properly?

A. dynamic IP (Internet Protocol) routing protocols for routers and servers.
D
103. Searching through trash is used by an attacker to acquire data such as network diagrams, IP (Internet Protocol) address lists and:

A. boot sectors.
B. process lists.
C. old passwords.
D. virtual memory.
C
104. Discouraging employees from misusing company e-mail is best handled by:

A. enforcing ACL (Access Control List).
B. creating a network security policy.
C. implementing strong authentication.
D. encrypting company e-mail
B
105. The Diffie-Hellman algorithm allows:

A. access to digital certificate stores from s-certificate authority.
B. a secret key exchange over an insecure medium without any prior secrets.
C. authentication without the use of hashi
B
106. Which of the following type of attack CAN NOT be deterred solely through technical means?

A. dictionary.
B. man in the middle.
C. DoS (Denial of Service).
D. social engineering.
D
107. Which of the following is the best description of “separation of duties”?

A. assigning different parts of tasks to different employees.
B. employees are granted only the privileges necessary to perform their tasks.
C. eac
A
108. How must a firewall be configured to make sure that a company can communicate with other companies using SMTP (Simple Mail Transfer Protocol) e-mail?

A. Open TCP (transmission Control Protocol) port 110 to all inbound and outbound connec
D
109. An organization’s primary purpose in conducting risk analysis in dealing with computer security is:

A. to identify vulnerabilities to the computer systems within the organization.
B. to quantify the impact of potential threats in
B
110. A user wants to send an e-mail and ensure that the message is not tampered with while in transit. Which feature of modern cryptographic systems will facilitate this?

A. confidentiality.
B. authentication.
C. integrity.
C
111. WTLS (Wireless Transport Layer Security) provides security services between a mobile device and a:

A. WAP (Wireless Application Protocol) gateway.
B. web server.
C. wireless client.
D. wireless network interface card.
A
112. What are three measures which aid in the prevention of a social engineering attack?

A. education, limit available information and security policy.
B. education, firewalls and security policy.
C. security policy, firewalls and
A
113. A server placed into service for the purpose of attracting a potential intruder’s attention is known as a:

A. honey pot.
B. lame duck.
C. teaser.
D. pigeon.
A
114. Which of the following would be most effective in preventing network traffic sniffing?

A. deploy an IDS (Intrusion Detection System).
B. disable promiscuous mode.
C. use hubs instead of routers.
D. use switches instead
D
115. What ports does FTP (File Transfer Protocol) use?

A. 20 and 21.
B. 25 and 110.
C. 80 and 443.
D. 161 and 162.
A
116. A decoy system that is designed to devert an attacker from accessing critical systems while collecting information about the attacker’s activity, and encouraging the attacker to sts-y on the system long enough for administrators to respond is know
B
117. An e-mail relay server is mainly used to:

A. block all spam, which allows the e-mail system to function more efficiently without the additional load of spam.
B. prevent viruses from entering the network.
C. defend the primary
C
118. What network mapping tool uses ICMP (Internet Control Message Protocol)?

A. port scanner.
B. map scanner.
C. ping scanner.
D. share scanner.
C
119. Which two protocols are VPN (Virtual Private Network) tunneling protocols?

A. PPP (point-to-Point Protocol) and SliP (Serial Line Internet Protocol).
B. PPP (Point-Point-Protocol) and PPTP (Point-to-Point Tunneling Protocol).
C
120. File encryption using symmetric cryptography satisfies what security requirement?

A. confidentiality.
B. access control.
C. data integrity.
D. authentication.
A
121. An e-mail is received alerting the network administrator to the presence of a virus on the system if a specific executable file exists. What should be the first course of action?

A. Investigate the e-mail as a possible hoax with a reputa
A
122. Part of a fire protection plan for a computer room should include;

A. procedures for an emergency shutdown of equipment.
B. a sprinkler system that exceeds local code requirements.
C. the exclusive use of non-flammable materi
A
123. Which of the following is an HTTP (Hypertext Transfer Protocol) extension or mechanism used to retain connection data, user information, history of sites visited, and can be used by attackers for spoofing an on-line identity?

A. HTTPS (H
B
124. ActiveX controls__________ to prove where they originated.

A. are encrypted.
B. are stored on the web server.
C. use SSL (Secure Sockets Layer).
D. are digitally signed.
D
125. A virus that hides itself by intercepting disk access requests is:

A. multipartite.
B. stealth.
C. interceptor.
D. polymorphic.
B
126. When a potential hacker looks through trash, the most useful items or information that might be found include all except:

A. an IP (Internet Protocol) address.
B. system configuration or network map.
C. old passwords.
D
D
127. A user logs onto a workstation using a smart card containing a private key. The user is verified when the public key is successfully factored with the private key. What security service is being provided?

A. authentication.
B. conf
A
128. In cryptographic operations, digital signatures can be used for which of the following systems?

A. encryption.
B. asymmetric key.
C. symmetric and encryption.
D. public and decryption.
B
129. Which of the following programs is able to distribute itself without using a host file?

A. virus.
B. Trojan horse.
C. logic bomb.
D. worm.
D
130. Malicious code is installed on a server that will e-mail system keystrokes stored in a text file to the author and delete system logs every five days or whenever a backup is performed. What type of program is this?

A. virus.
B. bac
C
131. What is a common type of attack on web servers?

A. birthday.
B. buffer overflow.
C. spam.
D. brute force.
B
132. Digital signatures can be used for which of the following?

A. availability.
B. encryption.
C. decryption.
D. non-repudiation.
D
133. Malicious port scanning is a methed of attack to determine which of the following?

A. computer name
B. the fingerprint of the operating system
C. the physical cabling topology of a network
D. user IDs and passwords
B
134. What should be done to secure a DHCP (Dynamic Host Configuration Protocol) service?

A. block ports 67 and 68 at the firewall.
B. block port 53 at the firewall.
C. block ports 25 and 26 at the firewall.
D.block port 110
A
135. During the digital signature process, asymmetric cryptography satisfies what security requirement?

A. confidentiality.
B. access control.
C. data. integrity.
D. authentication.
D
136. Which security method is in place when the administrator of a network enables access lists on the routers to disable all ports that are not used?

A. MAC (Mandatory Access Control).
B. DAC (fliscretionary Access Control).
C. RB
A
137. What is the first step before a wireless solution is implemented?

A. ensure adhoc mode is enabled on the access points.
B. ensure that all users have strong passwords.
C. purchase only Wi-Fi (Wireless Fidelity) equipment.
D
138. A system administrator discovers suspicious activity that might indicate a computer crime. The administrator should flrst:

A. refer to incident response plan.
B. change ownership of any related files to prevent tampering.
C.
A
139. The information that governs and associates users and groups to certain rights to use, read, write, modify, or execute objects on the system is called a(n):

A. public key ring.
B. ACL (Access Control List).
C. digital signatu
B
140. Which of the following is expected network behavior?

A. traffic coming from or going to unexpected locations.
B. non-standard or malformed packets/protocol violations.
C. repeated, failed connection attempts.
D. changes
D
141. Security training should emphasize that the weakest links in the security of an organization are typically:

A. firewalls.
B. policies.
C. viruses.
D. people.
D
142. For system logging to be an effective security measure, an administrator must:

A. review the logs on a regular basis.
B. implement circular logging.
C. configure the system to shutdown when the logs are fill.
D. configu
A
143. A perimeter router is configured with a restrictive ACL (Access Control List). Which transport layer protocols and ports must be allowed in order to support L2TP (Layer Two Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol) connections
C
144. Which of the following keys is contained in a digital certificate?

A. public key.
B. private key.
C. hashing key.
D. session key.
A
145. Which of the following options describes a challenge-response session?

A. A workstation or system that generates a random challenge string that the user enters when prompted along with the proper PIN (Personal Identificatton Number).
A
146. Message authentication codes are used to provide which service?

A. integrity.
B. fault recovery.
C. key recovery.
D. acknowledgement.
A
147. Single servers are frequently the targets of attacks because they contain:

A. application launch scripts.
B. security policy settings.
C. credentials for many systems and users.
D. master encryption keys.
C
148. Sensitive data traffic can be confined to workstations on a specific subnet using privilege policy based tables in the:

A. router.
B. server.
C. modem.
D. VPN (Virtual Private Network).
A
149. Which one of the following would most likely lead to a CGI (Common Gateway Interface) security problem?

A. HTTP (Hypertext Transfer Protocol) protocol.
B. compiler or interpreter that DNS the CGI (Common Gateway Interface) script.
D
150. An attacker manipulates what field of an IP (Internet Protocol) packet in an IP (Internet Protocol) spoofing attack?

A. version field.
B. source address field.
C. source port field.
D. destination address field.
B
151. What is the best method of defense against IP (Internet Protocol) spoofing attacks?

A. deploying intrusion detection systems.
B. creating a DMZ (Demilitarized Zone).
C. applying ingress filtering to routers.
D. There is
C
152. What access control principle requires that every user or process is given the most restricted privileges?

A. control permissions.
B. least privilege.
C. hierarchical permissions.
D. access mode.
B
153. Incorrectly detecting authorized access as an intrusion or attack is called a false:

A. negative.
B. intrusion.
C. positive.
D. alarm.
C
154. A VPN (Virtual Private Network) using IPSec (Internet Protocol Security) in the tunnel mode will provide encryption for the:

A. one time pad used in handshaking.
B. payload and message header.
C. hashing algorithm and all e-ma
B
155. When implementing Kerberos authentication, which of the following factors must be accounted for?

A. Kerberos can be susceptible to man in the middle attacks to gain unauthorized access.
B. Kerberos tickets can be spoofed using repl
C
156. Which of the following protocols is most similar to SSLv3 (Secure Sockets Layer version 3)?

A. TLS (transport Layer Security).
B. MPLS (Multi-Protocol Label Switching).
C. SASL (Simple Authentication and Security Layer).
A
157. How should a primary DNS (D)omain Name Service) server be configured to-provide the best security against DoS (Denial of Service) and hackers?

A. disable the DNS (Domain Name Service) cache function.
B. disable application services
B
158. What type of security process will allow others to verify the originator of an e-mail message?

A. authentication.
B. integrity.
C. non-repudiation.
D. confidentiality.
C
159. Which of the following statements is true about Network based IDS (Intrusion Detection System)?

A. Network based (Intrusion Detection System) are never passive devices that listen on a network wire-without interfering with the normal ope
D
160. What physical access control most adequately protects against physical piggybacking?

A. man trap.
B. security guard.
C. CCTV (Closed-Circuit Television).
D. biometrics.
A
161. Management wants to track personnel who visit unauthorized web sites. What type of detection will this be?

A. abusive detection.
B. misuse detection.
C. anomaly detection.
D. site filtering.
B
162. An administrator of a web server notices many port scans to a server. To limit exposure and vulnerability exposed by these port scans
the administrator should:

A. disable the ability to remotely scan the registry.
B. leave a
D
163. Which protocol is typically used for encrypting traffic between a web browser and web server?

A. IPSec (Internet Protocol Security).
B. HTTP (IIypertext Transfer Protocol).
C. SSL (Secure Sockets Layer).
D. VPN (Virtual
C
164. Which of the following best describes TCP/IP (Transmission Control Protocol/Internet Protocol) session hijacking?

A. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimat
A
165. A malformed MIME (Multipurpose Internet Mail Extensions) header can:

A. create a back door that will allow an attacker free access to a company private network.
B. create a virus that infects a user’s computer.
C. cause an
D
166. When a change to user security policy is made, the policy maker should provide appropriate documentation to:

A. the security-administrator.
B. auditors.
C. users.
D. all staff.
D
167. What technical impact may occur due to the receipt of large quantifies of spam?
A. DoS (Denial of Service).
B. processor underutilization.
C. reduction in hard drive space requirements.
D. increased network throughput.
A
168. A public key ___________ is a pervasive system whose services are implemented and delivered using public key technologies that include CAs (Certificate Authority), digital certificates, non-repudiation, and key history management.

A. cry
D
169. Forging an IP (Internet Protocol) address to impersonate another machine is best defined as:

A. TCP/IP (Transmission Control Protocol/Intemet Protocol) hijacking.
B. IF (Internet Protocol) spoofing.
C. man in the middle.
B
170. When setting password rules, which of the following would LOWER the level of security of a network?

A. Passwords must be greater than six characters and consist at least one non-alpha.
B. All passwords are set to expire at regular
C
171. Which of the following can be used to track a user’s browsing habits on the Internet
and may contain usernames and passwords?

A. digital certificates.
B. cookies.
C. ActiveX controls.
D. web server cache.
B
172. Currently, the most costly method of authentication is the use of:

A. passwords.
B. tokens.
C. biometrics.
D. shared secrets.
C
173. One of the factors that influence the lifespan of a public key certificate and its associated keys is the:

A. value of the information it is used to protect
B. cost and management fees
C. length of the asymmetric hash
D
A
174. FTP (Fi1e Transfer Protocol) is accessed through what ports?
A. 80 and 443.
B. 20 and 21.
C. 21 and 23.
D. 20 and 80.
B
175. The best method to use for protecting a password stored on the server used for user authentication is to:

A. store the server password in clear text.
B. hash the server password.
C. encrypt the server password with asymmetric
B
176. In a typical file encryption process, the asymmetric algorithm is used to?

A. encrypt symmetric keys.
B. encrypt file contents.
C. encrypt certiflcates.
D. encrypt hash results.
A
177. Which of the following protocols is used by web servers to encrypt data?

A. TCP/IP (transmission Control Protocol/Internet Protocol)
B. ActiveX
C. IPSec (Internet Protocol Security)
D. SSL (Secure Sockets Layer)
D
178. A piece of code that appears to do something useful while performing a harmful and unexpected function like stealing passwords is a:

A. virus.
B. logic bomb.
C. worm.
D. Trojan horse.
D
179. The integrity of a cryptographic system is considered compromised if which of the following conditions exist?

A. a 40-bit algorithm is used for a large financial transaction
B. the public key is disclosed
C. the private key i
C
180. During the digital signature process, hashing provides a means to verify what security requirement?

A. non-pudiation.
B. access control.
C. data integrity.
D. authentication.
C
181. Which of the following often requires the most effort when securing a server due to lack of available documentation?

A. hardening the OS (Operating System)
B. configuring the network
C. creating a proper security policy
A
182. One of the most effective ways for an administrator to determine what security holes reside on a network is is to:

A. perform a vulnerability assessment.
B. run a port scan.
C. run a sniffer.
D. install and monitor an I
A
183. As it relates to digital certificates, SSLv3.0 (Secure Sockets Layer version 3.0) added which of the following key functionalities? The ability to:
A. act as a CA (Certificate Authority).
B. force client side authentication via digital c
B
184. In responding to incidents such as security breaches, one of the most important steps taken is:

A. encryption.
B. authentication.
C. containment.
D. intrusion.
C
185. Missing audit log entries rnost seriously affect an organization’s ability to;

A. recover destroyed data.
B. legally prosecute an attacker.
C. evaluate system vulnerabilities.
D. create reliable system backups.
B
186. SSL (Secure Sockets Layer) is used for secure communications with:

A. file and print servers.
B. RADIUS (Remote Authentication Dial-in User Service) servers.
C. AAA (Authentication, Authorization, and Administration) servers.
D
187. Non-repudiation is based on what type of key infrastructure?

A. symmetric.
B. distributed trust.
C. asymmetric.
D. user-centric.
C
188. The first step in effectively implementing a firewall is:

A. blocking unwanted incoming traffic.
B. blocking unwanted outgoing traffic.
C. developing a firewall policy.
D. protecting against DDoS (Distributed Denial of
C
189. Which of the following provides the strongest authentication?

A. token
B. username and password
C. biometrics
D. one time password
C
190. A security administrator tasked with confining sensitive data traffic to a specific subnet would do so by manipulating privilege policy based tables in the networks:

A. server
B. router
C. VPN (Virtual Private Network)
B
191. What is the best method to secure a web browser?

A. do not upgrade, as neW versions tend to have more security flaws.
B. disable any unused features of the web browser.
C. connect to the Internet using only a VPN (Virtual Priv
B
192. The most common form of authentication is the use of:

A. certificates.
B. tokens.
C. passwords.
D. biometrics.
C
193. What are the three main components of a Kerberos server?

A. authentication server, security database and a privilege server.
B. SAM (Sequential Access Method), security database and an authentication server.
C. application da
A
194. Which of the following methods may be used to exploit the clear text nature of an instant-Messaging session?

A. packet sniffing.
B. port scanning.
C. crypt analysis.
D. reverse engineering.
A
195. A user receives an e-mail from a colleague in another company. The e-mail message warns of a virus that may have been accidentally sent in the pasts, and warns the user to delete a specific file if it appears on the user’s computer. The user check
C
196. A need to know security policy Would grant access based on:

A. least privilege.
B. less privilege.
C. loss of privilege.
D. single privilege.
A
197. IDEA (International Data Encryption Algorithm), Blowfish, RC5 (Rivest Cipher 5)
and CAST-128 are encryption algorithms of which type?

A. symmetric.
B. asymmetric.
C. hashing.
D. elliptic curve.
A
198. A CRL (Certificate Revocation List) query that receives a response in near real time:

A. indicates that high availability equipment is used.
B. implies that a fault tolerant database is being used.
C. does not guarantee that
C
199. Which of the following is a VPN (Virtual Private Network) tunneling protocol?

A. AH (Authentication Header).
B. SSH (Secure Shell).
C. IPSec (Internet Protocol Security).
D. DES (Data Encryption Standard).
C
200. Appropriate documentation of a security incident is important for each of the following reasons EXCEPT:

A. The documentation serves as a lessons learned which may help avoid further exploitation of the same vulnerability.
B. The do
C

Deck Info

100

permalink