Security+ (cont.) Section B
Terms
undefined, object
copy deck
-
1
What is the main advantage SSL (Secure Sockets Layer) has over HTTPS
(Hypertext Transfer Protocol over Secure Sockets Layer)?
A. SSL (Secure Sockets Layer) offers full application security for HTITP (Hypertext
Transfer Protocol) whi - B
-
2
Which type of password generator is based on challenge-response mechanisms?
A. asynchronous
B. synchronous
C. cryptographic keys
D. smart cards - A
-
3
How must a firewall be configured to only allow employees within the company to
download files from a FTP (File Transfer Protocol) server?
A. open port 119 to all inbound connections.
B. open port 119 to all outbound connections.
- D
-
4
Administrators currently use telnet to remotely manage several servers. Security
policy dictates that passwords and administrative activities must not be
communicated in clear text. Which of the following is the best alternative to using - C
-
5
How many characters should the minimum length of a password be to deter
dictionary password cracks?
A. 6.
B. 8.
C. 10.
D. 12. - B
-
6
An acceptable use policy signed by an employee can be interpreted as an employee’s
written for allowing an employer to search an employee’s workstation.
A. refusal.
B. policy.
C. guideline.
D. consent. - D
-
7
What protocol can be used to create a VPN (Virtual Private Network)?
A. PPP (Point-to-Point Protocol).
B. PPTP (Point-to-Point Tunneling Protocol).
C. SLIP (Serial Line Internet Protocol).
D. ESLIP (Encrypted Serial Line Intern - B
-
8
An attack whereby two different messages using the same hash function produce a
common message digest is also known as a:
A. man in the middle attack.
B. ciphertext only attack.
C. birthday attack.
D. brute force attack. - C
-
9
A password management system designed to provide availability for a large number
of users includes which of the following?
A. self service password resets
B. locally saved passwords
C. multiple access methods
D. synchroniz - A
-
10
An administrator is setting permissions on a file object in a network operating
system which uses DAC (Discretionary Access Control). The ACL (Access Control
List) of the file follows:
SY0 - 001
Leading the way in IT testing a - A
-
12
The use of embedded root certificates within web browsers is an example of which
of the following trust models?
A. bridge.
B. mesh.
C. hierarchy.
D. trust list. - D
-
13
A security consideration that is introduced by a VPN (Virtual Private Network) is:
A. an intruder can intercept VPN (Virtual Private Network) traffic and create a man
in the middle attack.
B. captured data is easily decrypted becau - D
-
14
The public key infrastructure model where certificates are issued and revoked via a
CA (Certificate Authority) is what type of model?
A. managed
B. distributed
C. centralized
D. standard - C
-
15
Which of the following is required to use S/MIME (Secure Multipurpose Internet
Mail Extensions)?
A. digital certificate.
B. server side certificate.
C. SSL (Secure Sockets Layer) certificate.
D. public certificate. - A
-
16
Non-repudiation is generally used to:
A. protect the system from transmitting various viruses, worms and Trojan horses to
other computers on the same network.
B. protect the system from DoS (Denial of Service) attacks.
C. prev - C
-
18
Why are unique user IDs critical in the review of audit trails?
A. They CAN NOT be easily altered.
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 123 -
B. They establish individual acc - B
-
19
A police department has three types of employees: booking officers, investigators,
and judges. Each group of employees is allowed different rights to files based on
their need. The judges do not need access to the fingerprint database, - B
-
20
Which of the following access control models introduces user security clearance and
data classification?
A. RBAC (Role Based Access Control).
B. NDAC (Non-Discretionary Access Control).
C. MAC (Mandatory Access Control).
- C
-
21
A wireless network with three access points, two of which are used as repeaters,
exists at a company. What step should be taken to secure the wireless network?
A. Ensure that employees use complex passwords.
B. Ensure that employee - C
-
22
Digital certificates can contain which of the following items:
A. the CA’s (Certificate Authority) private key.
B. the certificate holder’s private key.
C. the certificate’s revocation information.
D. the certificate’s - D
-
23
Which encryption key is used to verify a digital signature?
A. the signer’s public key.
B. the signer’s private key.
C. the recipient's public key.
D. the recipient's private key. - A
-
24
NetBus and Back Orifice are each considered an example of a(n):
A. virus.
B. illicit server.
C. spoofing tool.
D. allowable server. - B
-
25
The theft of network passwords without the use of software tools is an example of:
A. Trojan programs.
B. social engineering.
C. sniffing.
D. hacking. - B
-
27
LDAP (Lightweight Directory Access Protocol) directories are arranged as:
A. linked lists.
B. trees.
C. stacks.
D. queues. - B
-
28
Which of the following is the greatest problem associated with Instant Messaging?
A. widely deployed and difficult to control.
B. created without security in mind.
C. easily spoofed.
D. created with file sharing enabled. - B
-
29
Searching through trash is used by an attacker to acquire data such as network
diagrams, IP (Internet Protocol) address lists and:
A. boot sectors.
B. process lists.
C. old passwords.
D. virtual memory. - C
-
30
Discouraging employees from misusing company e-mail is best handled by:
A. enforcing ACLs (Access Control List).
B. creating a network security policy.
C. implementing strong authentication.
D. encrypting company e-mail messag - B
-
31
The Diffie-Hellman algorithm allows:
A. access to digital certificate stores from s-certificate authority.
B. a secret key exchange over an insecure medium without any prior secrets.
C. authentication without the use of hashing alg - B
-
32
Which of the following type of attack CAN NOT be deterred solely through
technical means?
A. dictionary.
B. man in the middle.
C. DoS (Denial of Service).
D. social engineering. - D
-
33
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 127 -
How must a firewall be configured to make sure that a company can communicate
with other companies using SMTP (Simple Mail Transfer Prot - D
-
34
An organization’s primary purpose in conducting risk analysis in dealing with
computer security is:
A. to identify vulnerabilities to the computer systems within the organization.
B. to quantify the impact of potential threats in - B
-
35
A user wants to send e-mail and ensure that the message is not tampered with while
in transit Which feature of modern cryptographic systems will facilitate this?
A. confidentiality.
B. authentication.
C. integrity.
D. non - C
-
36
Which of the following is the best IDS (Intrusion Detection System) to monitor4heentire
network?
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 128 -
A. a network based IDS (Intrusion - A
-
38
The main purpose of digital certificates is to bind a
A. public key to the identity of the signer and recipient
B. private key to the identity of the signer and recipient
C. public key to the entity that holds the corresponding pri - C
-
39
What ports does FFP (File Transfer Protocol) use?
A. 20 and 21.
B. 25 and 110.
C. 80 and 443.
D. 161 and 162. - A
-
40
A decoy system that is designed to divert an attacker from accessing critical systems
while collecting information about the attacker’s activity, and encouraging the
attacker to stay on the system long enough for administrators to res -
Answers B
Explanation:
A honey pot is a computer that has been designed as a target for computer attacks. The
benefit of a honey pot system is that it will draw attackers away from a higher value
system or it will allow administrators to gain intelligence about an attack strategy. -
41
What is the major reason that social engineering attacks succeed?
A. strong passwords are not required
B. lack of security awareness
C. multiple logins are allowed
D. audit logs are not monitored frequently - B
-
42
When User A applies to the CA (Certificate Authority) requesting a certificate to
allow the start of communication with User B, User A must supply the CA
(Certificate Authority) with
A. User A’s public key only
B. User B’s - A
-
43
Of the following, what is the primary attribute associated with e-mail hoaxes?
A. E-mail hoaxes create unnecessary e-mail traffic and panic in non-technical users.
B. E-mail hoaxes take up large amounts of server disk space.
C. E-m - A
-
44
An e-mail is received alerting the network administrator to the presence of a virus
on the system if a specific executable file exists. What should be the first course of
action?
A. Investigate the e-mail as a possible hoax with a - A
-
45
Part of a fire protection plan for a computer room should include;
A. procedures for an emergency shutdown of equipment.
B. a sprinkler system that exceeds local code requirements.
C. the exclusive use of non-flammable materials wi - A
-
46
Which of the following is an HTI’P (Hypertext Transfer Protocol) extension or
mechanism used to retain connection data, user information, history of sites visited,
and can be used by attackers for spoofing an on-line identity?
A. - B
-
47
ActiveX controls to prove where they originated.
A. are encrypted.
B. are stored on the web server.
C. use SSL (Secure Sockets Layer).
D. are digitally signed. - D
-
48
Loki, NetCaZ, Masters Paradise and NetBus are all considered what type of attack?
A. brute force
B. spoofing
C. back door
D. man in the middle - C
-
49
When a potential hacker looks through trash, the most useful items or information
that might be found include all except:
A. an IP (Internet Protocol) address.
B. system configuration or network map.
C. old passwords.
D. - D
-
50
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 132 -
A user logs onto a workstation using a smart card containing a private key. The
user is verified when the public key is successfully fac - A
-
51
In cryptographic operations, digital signatures can be used for which of the
following systems?
A. encryption.
B. asymmetric key.
C. symmetric and encryption.
D. public and decryption. - B
-
52
Which of the following programs is able to distribute itself without using a host file?
A. virus.
B. Trojan horse.
C. logic bomb.
D. worm. - D
-
53
Malicious code is installed on a server that will e-mail system keystrokes stored in a
text file to the author and delete system logs every five days or whenever a backup is
performed. What type of program is this?
A. virus.
S - C
-
54
A network administrator has just replaced a hub with a switch. When using
software to sniff packets from the networks, the administrator notices conversations
the administrator’s computer is having with servers on the network, but can - A
-
55
Digital signatures can be used for which of the following?
A. availability.
B. encryption.
C. decryption.
D. non-repudiation. - D
-
56
Malicious port scanning is a method of attack to determine which of the following?
A. computer name
B. the fingerprint of the operating system
C. the physical cabling topology of a network
D. user ID and passwords - B
-
57
E-mail servers have a configuration choice which allows the relaying of messages
from one e-mail server to another. An e-mail server should be configured to prevent
e-mail relay because:
A. untraceable, unwanted e-mail can be sent< - A
-
58
Which security method is in place when the administrator of a network enables
access lists on the routers to disable all ports that are not used?
A. MAC (Mandatory Access Control).
B. DAC (Discretionary Access Control).
C. RBA - A
-
59
What is the first step before a wireless solution is implemented?
A. ensure ad hoc mode is enabled on the access points.
B. ensure that all users have strong passwords.
C. purchase only Wi-Fi (Wireless Fidelity) equipment.
D. - D
-
60
A system administrator discovers suspicious activity that might indicate a computer
crime. The administrator should first:
A. refer to incident response plan.
B. change ownership of any related files to prevent tampering.
C. m - A
-
61
The information that governs and associates users and groups to certain rights to
use, read, write, modify, or execute objects on the system is called a(n):
A. public key ring.
B. ACL (Access Control List).
C. digital signatur - B
-
62
Performing a security vulnerability assessment on systems that a company relies on
demonstrates:
A. that the site CAN NOT be hacked
B. a commitment to protecting data and customers
C. insecurity on the part of the organization - B
-
63
Which of the following keys is contained in a digital certificate?
A. public key.
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 136 -
B. private key.
C. hashing key.
D. sess - A
-
64
Single servers are frequently the targets of attacks because they contain:
A. application launch scripts.
B. security policy settings.
C. credentials for many systems and users.
D. master encryption keys. - C
-
65
Sensitive data traffic can be confined to workstations on a specific subnet using
privilege policy based tables in as:
A. router.
B. server.
C. modem.
D. VPN (Virtual Private Network). - A
-
66
The best reason to perform a business impact analysis as part of the business
continuity planning process is to:
A. test the veracity of data obtained from risk analysis
B. obtain formal agreement on maximum tolerable downtime
- B
-
67
A VPN (Virtual Private Network) using IPSec (Internet Protocol Security) in the
tunnel mode will provide encryption for the:
A. one time pad used in handshaking.
B. payload and message header.
C. hashing algorithm and all e-ma - B
-
68
When implementing Kerberos authentication, which of the following factors must
be accounted for?
A. Kerberos can be susceptible to man in the middle attacks to gain unauthorized
access.
B. Kerberos tickets can be spoofed using - C
-
69
Which of the following protocols is most similar to SSLv3 (Secure Sockets Layer
version 3)?
A. TLS (transport Layer Security).
B. MPLS (Multi-Protocol Label Switching).
C. SASL (Simple Authentication and Security Layer).
- A
-
70
How should a primary DNS (Domain Name Service) server be configured toprovide
the best security against DoS (Denial of Service) and hackers?
A. disable the DNS (Domain Name Service) cache function.
B. disable application services o - B
-
71
What type of security process will allow others to verify the originator of an e-mail
message?
A. authentication.
B. integrity.
C. non-repudiation.
D. confidentiality. - C
-
72
Which of the following statements is true about network based lDSs (Intrusion
Detection System)?
A. Network based lDSs (Intrusion Detection System) are never passive devices that
listen on a network wire-without interfering with th - D
-
73
What physical access control most adequately protects against physical
piggybacking?
A. man trap.
B. security guard.
C. CCTV (Closed-Circuit Television).
D. biometrics. - A
-
74
Management wants to track personnel who visit unauthorized web sites. What type
of detection will this be?
A. abusive detection.
B. misuse detection.
C. anomaly detection.
D. site filtering. - B
-
75
Which of the following best describes TCP/IP (Transmission Control
Protocol/Internet Protocol) session hijacking?
A. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is
altered in a way that intercepts leg - A
-
76
What technical impact may occur due to the receipt of large quantifies of spam?
A. DoS (Denial of Service).
B. processor underutilization.
C. reduction in hard drive space requirements.
D. increased network throughput. - A
-
78
Forging an IP (Internet Protocol) address to impersonate another machine is best
defined as:
A. TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking.
B. IF (Internet Protocol) spoofing.
C. man in the middle.
- B
-
79
When setting password rules, which of the following would LOWER the level of
security of a network?
A. Passwords must be greater than six characters and consist at least one non-alpha.
B. All passwords are set to expire at regular - C
-
80
FTP (Fi1e Transfer Protocol) is accessed through what ports?
A. 80 and 443.
B. 20 and 21.
C. 21 and 23.
D. 20 and 80. - B
-
81
In a typical file encryption process, the asymmetric algorithm is used to?
A. encrypt symmetric keys.
B. encrypt file contents.
C. encrypt certificates.
D. encrypt hash results. - A
-
82
Turnstiles, double entry doors and security guards are all prevention measures for
which type of social engineering?
A. piggybacking
B. looking over a co-worker’s shoulder to retrieve information
C. looking through a co-work - A
-
84
Intruders are detected accessing an internal network The source IP (Internet
Protocol) addresses originate from trusted networks. The most common type of
attack in this scenario in
SY0 - 001
Leading the way in IT testing and c - D
-
85
As it relates to digital certificates, SSLv3.0 (Secure Sockets Layer version 3.0) added
which of the following key functionalities? The ability to;
A. act as a CA (Certificate Authority).
B. force client side authentication via dig - B
-
86
In responding to incidents such as security breaches, one of the most important
steps taken is:
A. encryption.
B. authentication.
C. containment.
D. intrusion. - C
-
87
SSL (Secure Sockets Layer) is used for secure communications with:
A. file and print servers.
B. RADIUS (Remote Authentication Dial-in User Service) servers.
C. AAA (Authentication, Authorization, and Administration) servers.
- D
-
88
TCP/IP (transmission Control Protocol/Internet Protocol) hijacking resulted from
exploitation of the fact that TCP/IP (transmission Control Protocol/Internet
Protocol):
A. has no authentication mechanism, thus allowing a clear text - D
-
90
Which of the following provides the strongest authentication?
A. token
B. username and password
C. biometrics
D. one time password - C
-
91
What is the best method to secure a web browser?
A. do not upgrade, as new versions tend to have more security flaws.
B. disable any unused features of the web browser.
C. connect to the Internet using only a VPN (Virtual Private N - B
-
92
Which of the following four critical functions of a VPN (Virtual Private Network)
restricts users from using resources in a corporate network?
A. access control
B. authentication
C. confidentiality
D. data integrity - A
-
93
What are the three main components of a Kerberos server?
A. authentication server, security database and privilege server.
B. SAM (Sequential Access Method), security database and authentication server.
C. application database, sec - A
-
94
Which of the following methods may be used to exploit the clear text nature of an
instant-Messaging session?
A. packet sniffing.
B. port scanning. .
C. cryptanalysis.
D. reverse engineering. - A
-
95
A user receives an e-mail from a colleague in another company. The e-mail message
warns of a virus that may have been accidentally sent in the past, and warns the
user to delete a specific file if it appears on the user’s computer. Th - C
-
96
A CRL (Certificate Revocation List) query that receives a response in near real
time:
A. indicates that high availability equipment is used.
B. implies that a fault tolerant database is being used.
C. does not guarantee that f - C
-
97
Which of the following are tunneling protocols?
A. IPSec (Internet Protocol Security), L2TP (Layer Two Tunneling Protocol), and
SSL (Secure Sockets Layer)
B. IPSec (Internet Protocol Security), L2TP (Layer Two Tunneling Protocol), - D
-
98
A DoS (Denial of Service) attack which takes advantage of TCP’s (Transmission
Control Protocol) three way handshake for new connections is known as:
A. SYN (Synchronize) flood.
B. ping of death attack.
SY0 - 001
Leading - A
-
99
The Bell La-Padula access control model consists of four elements. These elements
are
A. subjects, objects, access modes and security levels.
B. subjects, objects, roles and groups.
C. read only, read/write, write only and rea - A
-
100
As a security administrator, what are the three categories of active responses
relating to intrusion detection?
A. collect additional information, maintain the environment, and take action against
the intruder
B. collect addi - C
-
101
When does CHAP (Challenge Handshake Authentication Protocol) perform the
handshake process?
A. when establishing a connection and at anytime after the connection is established.
B. only when establishing a connection and disconnec - A
-
102
What should a firewall employ to ensure that each packet is part of an established
TCP (Transmission Control Protocol) session?
A. packet filter.
B. stateless inspection.
C. stateful like inspection.
D. circuit level gat - C
-
103
Which of the following most accurately describes a DMZ (Demilitarized Zone)?
A. an application program with a state that authenticates the user and allows the user
to be categorized based on privilege
B. a network between a protec - B
-
104
A minor configuration change which can help secure DNS (Domain Name Service)
information is:
A. block all unnecessary traffic by using port filtering.
B. prevent unauthorized zone transfers.
C. require password changes every - B
-
105
Sensitive material is currently displayed on a user’s monitor. What is the best
course of action for the user before leaving the area?
A. The user should leave the area. The monitor is at a personal desk so there is no
risk.
- D
-
106
LDAP (Lightweight Directory Access Protocol) requires what ports by default?
A. 389 and 636
B. 389and 139
C. 636 and 137
D. 137 and 139 - A
-
107
Which security method should be implemented to allow secure access to a web page,
regardless of the browser type or vendor?
A. certificates with SSL (Secure Sockets Layer).
B. integrated web with NOS (Network Operating System) sec - A
-
108
Which protocol is used to negotiate and provide authenticated keying material forsecurity
associations in a protected manner?
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 149 -
A. I - A
-
109
System administrators and hackers use what technique to review network traffic to
determine what services are running?
A. sniffer.
B. IDS (Intrusion Detection System).
C. firewall.
D. router. - A
-
110
SSL (Secure Sockets Layer) operates between which two layers of the OSI (Open
Systems Interconnection) model?
A. application and transport
B. transport and network
C. network and data link D. data link and physical - A
-
111
To reduce vulnerabilities on a web server, an administrator should adopt which
preventative measure?
A. use packet sniffing software on all inbound communications.
B. apply the most recent manufacturer updates and patches to the s - B
-
112
What is the greatest advantage to using RADIUS (Remote Authentication Dial-in
User Service) for a multi-site VPN (Virtual Private Network) supporting a large
population of remote users?
A. RADIUS (Remote Authentication Dial-in Use - A
-
113
Which of the following is the best protection against an intercepted password?
A. VPN (Virtual Private Network).
B. PPTP (Point-to-Point Tunneling Protocol).
C. one time password.
D. complex password requirement. - C
-
114
What is a network administrator protecting against by ingress/egress filtering
traffic as follows: Any packet coming into the network must not have a source
address of the internal network. Any packet coming into the network must have - B
-
115
What IETF (Internet Engineering Task Force) protocol uses All (Authentication
Header) and ESP (Encapsulating Security Payload) to provide security in a
networked environment?
A. SSL (Secure Sockets Layer).
B. IPSec (Internet - B
-
116
Which of the following is a characteristic of MACs (Mandatory Access Control):
A. use levels of security to classify users and data
B. allow owners of documents to determine who has access to specific documents
C. use access contr - A
-
117
A CPS (Certificate Practice Statement) is a legal document that describes a CA’s
(Certificate Authority):
A. class level issuing process.
B. copyright notice.
C. procedures.
D. asymmetric encryption schema. - C
-
118
A severed T1 line is most likely to be considered in planning.
A. data recovery.
B. off site storage.
C. media destruction.
D. incident response. - D
-
120
An IT (Information Technology) security audit is generally focused on reviewing
existing:
A. resources and goals
B. policies and procedures
C. mission statements
D. ethics codes - B
-
121
Instant Messaging is most vulnerable to:
A. DoS (Denial of Service).
B. fraud.
C. stability.
D. sniffing. - D
-
122
A security designer is planning the implementation of security mechanisms in a
RBAC (Role Based Access Control) compliant system. The designer has determined
SY0 - 001
Leading the way in IT testing and certification tools, www.tes - B
-
123
Despite regular system backups a significant risk still exists if:
A. recovery procedures are not tested
B. all users do not log off while the backup is made
C. backup media is moved to an off-site location
D. an administrato - A
-
124
Which authentication protocol could be employed to encrypt passwords?
A. PPTP (Point-to-Point Tunneling Protocol)
B. SMTP (Simple Mail Transfer Protocol)
C. Kerberos
D. CHAP (Challenge Handshake Authentication Protocol) - D
-
125
Impersonating a dissatisfied customer of a company and requesting a password
change on the customer’s account is a form of:
A. hostile code.
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com< - B
-
126
The basic strategy that should be used when configuring the rules fore secure
firewall is:
A. permit all.
B. deny all.
C. default permit.
D. default deny . - D
-
127
An employer gives an employee a laptop computer to use remotely. The user installs
personal applications on the laptop and overwrites some system files. How might
this have been prevented with minimal impact on corporate productivity?< - B
-
128
In order for User A to send User B an e-mail message that only User B can read,
User A must encrypt the e-mail with which of the following keys?
A. User B’s public key
B. User B’s private key
C. User A’s public key
- A
-
129
The term cold site refers to:
A. a low temperature facility for long term storage of critical data
B. a location to begin operations during disaster recovery
C. a facility seldom used for high performance equipment
D. a locat - B
-
130
Which security architecture utilizes authentication header and/or encapsulating
security payload protocols?
A. IPSec (Internet Protocol Security).
B. SSL (Secure Sockets Layer).
C. TLS (Transport Layer Security).
D. PPTP - A
-
131
Tunneling is best described as the act of encapsulating:
A. encrypted/secure IF packets inside of ordinary/non-secure IF packets.
B. ordinary/non-secure IF packets inside of encrypted/secure IP packets.
C. encrypted/secure IP pack - B
-
132
What is a good practice in deploying a CA (Certificate Authority)?
A. enroll users for policy based certificates.
B. create a CPS (Certificate Practice Statement).
C. register the CA (Certificate Authority) with a subordinate CA ( - B
-
133
NAT (Network Address Translation) can be accomplished with which of the
following?
A. static and dynamic NAT (Network Address Translation) and PAT (Port Address
Translation)
B. static and hide NAT (Network Address Translation - C
-
134
When a patch is released for a server the administrator should:
A. immediately download and install the patch.
B. test the patch on a non-production server then install the patch to production.
C. not install the patch unless ther - B
-
135
The system administrator of the company has terminated employment
unexpectedly. When the administrator’s user ID is deleted, the system suddenly
begins deleting files. This is an example of what type of malicious code?
SY0 - 001 - A
-
136
An administrator wants to set up a system for an internal network that will examine
all packets for known attack signatures. What type of system will be set up?
A. vulnerability scanner
B. packet filter
C. host based lDS (Int - D
-
137
Which of the following will let a security administrator allow only if ITP (Hypertext
Transfer Protocol) traffic for outbound Internet connections and set permissions to
allow only certain users to browse the web?
A. packet filter - C
-
138
A mobile sales force requires remote connectivity in order to access shared files and
e-mail on the corporate network. All employees in the sales department have laptops
equipped with ethernet adapters. Some also have moderns. What is - D
-
139
What is the primary DISADVANTAGE of a third party relay?
A. Spammers can utilize the relay.
B. The relay limits access to specific users.
C. The relay restricts the types of e-mail that maybe sent.
D. The relay restricts spam - A
-
140
An administrator is configuring a server to make it less susceptible to an attacker
obtaining the user account passwords. The administrator decides to have the
encrypted passwords contained within a file that is readable only by root. - B
-
141
Which of the following is NOT a field of a X509 v.3 certificate?
A. private key
B. issuer
C. serial number
D. subject - A
-
142
What is the default transport layer protocol and port number that SSL (Secure
Sockets Layer) uses?
A. UDP (User Datagram Protocol) transport layer protocol and port 80
B. TCP (Transmission Control Protocol) transport layer protoco - C
-
143
The greater the keyspace and complexity of a password, the longer a attack may
take to crack the password.
A. dictionary
B. brute force
C. inference
D. frontal - B
-
144
When a cryptographic system’s keys are no longer needed, the keys should be:
A. destroyed or stored in a secure manner
B. deleted from the system’s storage mechanism
C. recycled
D. submitted to a key repository - A
-
145
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 160 -
Which of the following terms represents a MAC (Mandatory Access Control)
model?
A. Lattice
B. Bell La-Padula
C. BIBA
- A
-
146
In order for an SSL (Secure Sockets Layer) connection to be established between a
web client and server automatically, the web client and server should have a(n):
A. shared password
B. certificate signed by a trusted root CA (Cert - B
-
147
In the context of the Internet; what is tunneling? Tunneling is:
A. using the Internet as part of a private secure network
B. the ability to burrow through three levels of firewalls
C. the ability to pass information over the inte - A