Security++ Test+ +sy0 201v3+31

Testinside
Exam : CompTIA SY0-201
Title : CompTIA Security+

(2008 Edition) Exam
Version : V3.31
Testinside - help you pass any IT exam!

Testinside
Important Note, Please Read Carefully

Other TestInside products
All TestInside IT Exam Products
Our products of Offline Testing Engine

Use the offline Testing engine product to practice the questions in an exam environment.
Build a foundation of knowledge which will be useful also after passing the exam.
TestInside Testing Engine
Latest Version
We are constantly reviewing our products. New material is added and old material is revised. Free
updates are available for 90 days after the purchase. You should check your member zone at TestInside
and update 3-4 days before the scheduled exam date.
Here is the procedure to get the latest version:
1.Go to http://www.TestInside.com
2. Log in the User Center
3.The latest versions of all purchased products are downloadable from here. Just click the links.
Feedback
If you spot a possible improvement then please let us know. We always interested in improving product
quality.
Feedback should be send to sales(at)TestInside.com. You should include the following: Exam number,
version, page number, question number, and your login Account.
Our experts will answer your mail promptly.
Explanations
This product does not include explanations at the moment. If you are interested in providing explanations
for this exam, please contact sales(at)TestInside.com.
TestInside Help You Pass Any IT Exam http://www.TestInside.com

Testinside
1. Which of the following type of attacks requires an attacker to sniff the network?
A. Man-in-the-Middle
B. DDoS attack
C. MAC flooding
D. DNS poisoning
Answer: A
2. Which of the following should a technician recommend to prevent physical access to individual office
areas? (Select TWO).
A. Video surveillance
B. Blockade
C. Key card readers
D. Mantrap
E. Perimeter fence
Answer: CD
3. An administrator in a small office environment has implemented an IDS on the network perimeter to
detect malicious traffic patterns. The administrator still has a concern about traffic inside the network
originating between client workstations. Which of the following could be implemented?
A. HIDS
B. A VLAN
C. A network router
D. An access list
Answer: A
4. Which of the following algorithms have the smallest key space?
A. IDEA
B. SHA-1
C. AES
D. DES

Testinside
Answer: D
5. A CEO is concerned about staff browsing inappropriate material on the Internet via HTTPS. It has been
suggested that the company purchase a product which could decrypt the SSL session, scan the content
and then repackage the SSL session without staff knowing. Which of the following type of attacks is similar
to this product?
A. Replay
B. Spoofing
C. TCP/IP hijacking
D. Man-in-the-middle
Answer: D
6. Which of the following could BEST assist in the recovery of a crashed hard drive?
A. Forensics software
B. Drive optimization
C. Drive sanitization
D. Damage and loss control
Answer: A
7. A CRL contains a list of which of the following type of keys?
A. Both public and private keys
B. Steganographic keys
C. Private keys
D. Public keys
Answer: A
8. Which of the following BEST describes the form used while transferring evidence?
A. Booking slip
B. Affidavit
C. Chain of custody

Testinside
D. Evidence log
Answer: C
9. Which of the following type of attacks is TCP/IP hijacking?
A. Birthday
B. ARP poisoning
C. MAC flooding
D. Man-in-the-middle
Answer: D
10. The marketing department wants to distribute pens with embedded USB drives to clients. In the past
this client has been victimized by social engineering attacks which led to a loss of sensitive data. The
security administrator advises the marketing department not to distribute the USB pens due to which of the
following?
A. The risks associated with the large capacity of USB drives and their concealable nature
B. The security costs associated with securing the USB drives over time
C. The cost associated with distributing a large volume of the USB pens
D. The security risks associated with combining USB drives and cell phones on a network
Answer: A
11. Which of the following are the functions of asymmetric keys?
A. Decrypt, decipher, encode and encrypt
B. Sign, validate, encrypt and verify
C. Decrypt, validate, encode and verify
D. Encrypt, sign, decrypt and verify
Answer: D
12. When deploying 50 new workstations on the network, which of following should be completed FIRST?
A. Install a word processor.
B. Run the latest spyware.

Testinside
C. Apply the baseline configuration.
D. Run OS updates.
Answer: C
13. A corporation has a contractual obligation to provide a certain amount of system uptime to a client.
Which of the following is this contract an example of?
A. PII
B. SLA
C. Due diligence
D. Redundancy
Answer: B
14. Snort, TCPDump and Wireshark are commonly used for which of the following?
A. Port scanning
B. Host monitoring
C. DDoS attacks
D. Network sniffing
Answer: D
15. Which of the following BEST describes using a third party to store the public and private keys?
A. Public key infrastructure
B. Recovery agent
C. Key escrow
D. Registration authority
Answer: C
16. All of the following can be found in the document retention policy EXCEPT:
A. type of storage media.
B. password complexity rules.
C. physical access controls.

Testinside
D. retention periods.
Answer: B
17. An instance where a biometric system identifies users that are authorized and allows them access is
called which of the following?
A. False negative
B. True negative
C. False positive
D. True positive
Answer: D
18. Which of the following can be used to encrypt FTP or telnet credentials over the wire?
A. SSH
B. HTTPS
C. SHTTP
D. S/MIME
Answer: A
19. Classification of information is critical to information security because it:
A. defines what information should have the highest protection.
B. demonstrates that the company is using discretionary access control (DAC).
C. allows a company to share top secret information.
D. is a requirement for service level agreements (SLA).
Answer: A
20. A company takes orders exclusively over the Internet. Customers submit orders via a web-based
application running on the external web server which is located on Network A. Warehouse employees use
an internal application, on its own server, to pick and ship orders, located on Network B. Any changes
made after the order is placed are handled by a customer service representative using the same internal
application. All information is stored in a database, which is also located on Network B.

Testinside
The company uses these four sets of user rights:
- NONE
- ADD (read existing data, write new data)
- CHANGE (read, write and change existing data)
- READ (read existing data)
The company has 2 different network zones:
- Network A, the DMZ, a public accessible network
- Network B, the internal LAN, accessible from company systems only
The company wants to restrict warehouse employee access. Which of the following permissions is the
MOST appropriate for the warehouse employees?
A. READ on Network B, NONE on Network A
B. ADD on Network A, NONE on Network B
C. CHANGE on Network A, ADD on Network B
D. READ on Network A and B
Answer: A
21. Which of the following is the difference between identification and authentication of a user?
A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a
system.
B. Identification tells who the user is and authentication proves it.
C. Identification proves who the user is and authentication is used to keep the users data secure.
D. Identification proves who the user is and authentication tells the user what they are allowed to do.
Answer: B
22. An administrator wishes to deploy an IPSec VPN connection between two routers across a WAN. The
administrator wants to ensure that the VPN is encrypted in the most secure fashion possible. Which of the
following BEST identifies the correct IPSec mode and the proper configuration?
A. IPSec in tunnel mode, using both the ESP and AH protocols
B. IPSec in tunnel mode, using the ESP protocol
C. IPSec in transport mode, using the AH protocol

Testinside
D. IPSec in transport mode, using both ESP and AH protocols
Answer: A
23. Performance baselines are used to:
A. record which users type their passwords incorrectly.
B. demonstrate a man-in-the-middle attack.
C. indicate anomaly-based network attacks.
D. indicate the current presence of malicious code.
Answer: D
24. Which of the following is a reason that NAT would be implemented?
A. Subnetting
B. Address hiding
C. VLAN management
D. Network access control
Answer: B
25. While reviewing the firewall logs an administrator notices a number of unauthorized attempted
connections from 10.x.x.x on an unused port. Which of the following is the correct procedure to follow when
mitigating this risk?
A. Block the domain range *.cn
B. Block the IP range 10.x.x.x/32
C. Block all traffic on that specific port
D. Block IP 10.x.x.x
Answer: C
26. Which of the following demonstrates the process of ensuring that both ends of the connection are in fact
who they say they are?
A. Integrity
B. Identification

Testinside
C. Authentication
D. Non-repudiation
Answer: D
27. Which of the following is commonly used in a distributed denial of service (DDoS) attack?
A. Phishing
B. Adware
C. Botnet
D. Trojan
Answer: C
28. Which of the following is a best practice for coding applications in a secure manner?
A. Input validation
B. Object oriented coding
C. Rapid Application Development (RAD)
D. Cross-site scripting
Answer: A
29. Which of the following logical access controls would be MOST appropriate to use when creating an
account for a temporary worker?
A. ACL
B. Account expiration
C. Time of day restrictions
D. Logical tokens
Answer: B
30. Which of the following may be an indication of a possible system compromise?
A. A port monitor utility shows that there are many connections to port 80 on the Internet facing web server.
B. A performance monitor indicates a recent and ongoing drop in speed, disk space or memory utilization
from the baseline.

Testinside
C. A protocol analyzer records a high number of UDP packets to a streaming media server on the Internet.
D. The certificate for one of the web servers has expired and transactions on that server begins to drop
rapidly.
Answer: B
31. Which of the following access control methods gives the owner control over providing permissions?
A. Role-Based Access Control (RBAC)
B. Rule-Based Access control (RBAC)
C. Mandatory Access Control (MAC)
D. Discretionary Access Control (DAC)
Answer: D
32. Which of the following access control methods includes switching work assignments at preset intervals?
A. Job rotation
B. Mandatory vacations
C. Least privilege
D. Separation of duties
Answer: A
33. Which of the following authentication methods would MOST likely prevent an attacker from being able
to successfully deploy a replay attack?
A. TACACS
B. RAS
C. RADIUS
D. Kerberos
Answer: D
34. Which of the following allows an attacker to embed a rootkit into a picture?
A. Trojan horse
B. Worm

Testinside
C. Steganography
D. Virus
Answer: C
35. Which of the following allows an attacker to manipulate files by using the least significant bit(s) to
secretly embed data?
A. Steganography
B. Worm
C. Trojan horse
D. Virus
Answer: A
36. An administrator wants to setup their network with only one public IP address. Which of the following
would allow for this?
A. DMZ
B. VLAN
C. NIDS
D. NAT
Answer: D
37. An administrator wants to proactively collect information on attackers and their attempted methods of
gaining access to the internal network. Which of the following would allow the administrator to do this?
A. NIPS
B. Honeypot
C. DMZ
D. NIDS
Answer: B
38. Which of the following allows a technician to correct a specific issue with a solution that has not been
fully tested?

Testinside
A. Patch
B. Hotfix
C. Security roll-up
D. Service pack
Answer: B
39. A technician wants to regulate and deny traffic to websites that contain information on hacking. Which
of the following would be the BEST solution to deploy?
A. Internet content filter
B. Proxy
C. Protocol analyzer
D. NIDS
Answer: A
40. Which of the following would be the MOST secure choice to implement for authenticating remote
connections?
A. LDAP
B. 802.1x
C. RAS
D. RADIUS
Answer: D
41. Which of the following is the BEST way to reduce the number of accounts a user must maintain?
A. Kerberos
B. CHAP
C. SSO
D. MD5
Answer: C
42. Which of the following can be used as a means for dual-factor authentication?

Testinside
A. RAS and username/password
B. RADIUS and L2TP
C. LDAP and WPA
D. Iris scan and proximity card
Answer: D
43. Which of the following redundancy solutions contains hardware systems similar to the affected
organization, but does not provide live data?
A. Hot site
B. Uninterruptible Power Supply (UPS)
C. Warm site
D. Cold site
Answer: C
44. During the implementation of LDAP, which of the following will typically be changed within the
organizations software programs?
A. IP addresses
B. Authentication credentials
C. Non-repudiation policy
D. Network protocol
Answer: B
45. Which of the following security policies is BEST to use when trying to mitigate the risks involved with
allowing a user to access company email via their cell phone?
A. The cell phone should require a password after a set period of inactivity.
B. The cell phone should only be used for company related emails.
C. The cell phone data should be encrypted according to NIST standards.
D. The cell phone should have data connection abilities disabled.
Answer: A

Testinside
46. Which of the following algorithms is the LEAST secure?
A. NTLM
B. MD5
C. LANMAN
D. SHA-1
Answer: C
47. A technician needs to detect staff members that are connecting to an unauthorized website. Which of
the following could be used?
A. Protocol analyzer
B. Bluesnarfing
C. Host routing table
D. HIDS
Answer: A
48. Which of the following is an example of security personnel that administer access control functions, but
do not administer audit functions?
A. Access enforcement
B. Separation of duties
C. Least privilege
D. Account management
Answer: B
49. How should a company test the integrity of its backup data?
A. By conducting another backup
B. By using software to recover deleted files
C. By restoring part of the backup
D. By reviewing the written procedures
Answer: C

Testinside
50. Which of the following principles should be applied when assigning permissions?
A. Most privilege
B. Least privilege
C. Rule based
D. Role based
Answer: B
51. User A is a member of the payroll security group. Each member of the group should have read/write
permissions to a share. User A was trying to update a file but when the user tried to access the file the user
was denied. Which of the following would explain why User A could not access the file?
A. Privilege escalation
B. Rights are not set correctly
C. Least privilege
D. Read only access
Answer: B
52. Which of the following threats is the MOST difficult to detect and hides itself from the operating system?
A. Rootkit
B. Adware
C. Spyware
D. Spam
Answer: A
53. Which of the following methods is used to perform denial of service (DoS) attacks?
A. Privilege escalation
B. Botnet
C. Adware
D. Spyware
Answer: B

Testinside
54. Which of the following is a security threat that hides itself within another piece of executable software?
A. Botnet
B. Logic Bomb
C. Trojan
D. Worm
Answer: C
55. Which of the following is a way to logically separate a network through a switch?
A. Spanning port
B. Subnetting
C. VLAN
D. NAT
Answer: C
56. Which of the following is an exploit against a device where only the hardware model and manufacturer
are known?
A. Replay attack
B. Denial of service (DoS)
C. Privilege escalation
D. Default passwords
Answer: D
57. A technician is implementing a new wireless network for an organization. The technician should be
concerned with all of the following wireless vulnerabilities EXCEPT:
A. rogue access points.
B. 802.11 mode.
C. weak encryption.
D. SSID broadcasts.
Answer: B

Testinside
58. Which of the following tools will allow the technician to find all open ports on the network?
A. Performance monitor
B. Protocol analyzer
C. Router ACL
D. Network scanner
Answer: D
59. An organization is installing new servers into their infrastructure. A technician is responsible for making
sure that all new servers meet security requirements for uptime. In which of the following is the availability
requirements identified?
A. Service level agreement
B. Performance baseline
C. Device manufacturer documentation
D. Security template
Answer: A
60. After issuance a technician becomes aware that some keys were issued to individuals who are not
authorized to use them. Which of the following should the technician use to correct this problem?
A. Recovery agent
B. Certificate revocation list
C. Key escrow
D. Public key recovery
Answer: B
61. Which of following can BEST be used to determine the topology of a network and discover unknown
devices?
A. Vulnerability scanner
B. NIPS
D. Network mapper

Testinside
Answer: D
62. A technician is reviewing the logical access control method an organization uses. One of the senior
managers requests that the technician prevent staff members from logging on during non-working days.
Which of the following should the technician implement to meet managements request?
A. Enforce Kerberos
B. Deploy smart cards
D. Access control lists
Answer: C
63. Which of the following BEST describes the term war driving?
A. Driving from point to point with a laptop and an antenna to find unsecured wireless access points.
B. Driving from point to point with a wireless scanner to read other users emails through the access point.
C. Driving from point to point with a wireless network card and hacking into unsecured wireless access
points.
D. Driving from point to point with a wireless scanner to use unsecured access points.
Answer: A
64. When is the BEST time to update antivirus definitions?
A. At least once a week as part of system maintenance
B. As the definitions become available from the vendor
C. When a new virus is discovered on the system
D. When an attack occurs on the network
Answer: B
65. Why would a technician use a password cracker?
A. To look for weak passwords on the network
B. To change a users passwords when they leave the company
C. To enforce password complexity requirements

Testinside
D. To change users passwords if they have forgotten them
Answer: A
66. When should a technician perform penetration testing?
A. When the technician suspects that weak passwords exist on the network
B. When the technician is trying to guess passwords on a network
C. When the technician has permission from the owner of the network
D. When the technician is war driving and trying to gain access
Answer: C
67. Which of the following is the MOST secure alternative for administrative access to a router?
A. SSH
B. Telnet
C. rlogin
D. HTTP
Answer: A
68. Which of the following creates a security buffer zone between two rooms?
A. Mantrap
B. DMZ
C. Turnstile
D. Anti-pass back
Answer: A
69. Kerberos uses which of the following trusted entities to issue tickets?
A. Ticket Granting System
B. Certificate Authority
C. Internet Key Exchange
D. Key Distribution Center
Answer: D

Testinside
70. Which of the following is a security trait of a virtual machine?
A. Provides additional resources for testing
B. Provides real-time access to all system processes
C. Provides a read-only area for executing code
D. Provides a restricted environment for executing code
Answer: D
71. An unauthorized user intercepted a users password and used this information to obtain the companys
administrator password. The unauthorized user can use the administrators password to access sensitive
information pertaining to client data. Which of the following is this an example of?
A. Session hijacking
B. Least privilege
D. Network address translation
Answer: C
72. Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is
concerned that sensitive files can be copied to the USB drives. Which of the following mitigation
techniques would address this concern? (Select TWO).
A. Disable the USB root hub within the OS.
B. Install anti-virus software on the USB drives.
C. Disable USB within the workstations BIOS.
D. Apply the concept of least privilege to USB devices.
E. Run spyware detection against all workstations.
Answer: AC
73. An administrator has developed an OS install that will implement the tightest security controls possible.
In order to quickly replicate these controls on all systems, which of the following should be established?

Testinside
A. Take screen shots of the configuration options.
B. Create an image from the OS install.
C. Create a boot disk for the operating system.
D. Implement OS hardening procedures.
Answer: B
74. A technician is testing the security of a new database application with a website front-end. The
technician notices that when certain characters are input into the application it will crash the server. Which
of the following does the technician need to do?
A. Utilize SSL on the website
B. Implement an ACL
C. Lock-down the database
D. Input validation
Answer: D
75. A user has decided that they do not want an internal LAN segment to use public IP addresses. The user
wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the
Internet. Which of the following does the user want to implement?
A. IPSec
B. NAT
C. SSH
D. SFTP
Answer: B
76. Which of the following is a CRL composed of?
A. Public Key Infrastructure (PKI)
B. Expired or revoked certificates
C. Certificate authorities
D. Expired user accounts
Answer: B

Testinside
77. Which of the following is the primary purpose of a CA?
A. LANMAN validation
B. Encrypt data
C. Kerberos authentication
D. Issue private/public keys
Answer: D
78. A user is attempting to receive digitally signed and encrypted email messages from a remote office.
Which of the following protocols does the system need to support?
A. SMTP
B. S/MIME
C. ISAKMP
D. IPSec
Answer: B
79. All of the following are symmetric key algorithms EXCEPT:
A. ECC.
B. Rijndael.
C. 3DES.
D. RC4.
Answer: A
80. Which of the following is a way to encrypt session keys using SSL?
A. Session keys are sent unencrypted.
B. Session keys are encrypted using an asymmetric algorithm.
C. Session keys are sent in clear text because they are private keys.
D. Session keys are encrypted using a symmetric algorithm.
Answer: B

Testinside
81. Which of the following is a common practice in forensic investigation?
A. Performing a Gutman sanitization of the drive
B. Performing a binary copy of the systems storage media
C. Performing a file level copy of the systems storage media
D. Performing a sanitization of the drive
Answer: B
82. Which of the following is done to ensure appropriate personnel have access to systems and networks?
(Select TWO).
A. Conduct periodic penetration testing assessments.
B. Conduct periodic personnel employment verifications.
C. Conduct rights review of users and groups.
D. Conduct virus scan.
E. Conduct vulnerability assessments.
Answer: BC
83. Antivirus software products detect malware by comparing the characteristics of known instances
against which of the following type of file sets?
A. Signature
B. Text
C. NIDS signature
D. Dynamic Library
Answer: A
84. When assigning permissions, which of the following concepts should be applied to enable a person to
perform their job task?
A. Rule based
B. Discretionary access control (DAC)
C. Least privilege
D. Role based

Testinside
Answer: C
85. A user was trying to update an open file but when they tried to access the file they were denied. Which
of the following would explain why the user could not access the file?
A. Audit only access
B. Execute only access
C. Rights are not set correctly
D. Write only access
Answer: C
86. A company uses a policy of assigning passwords to users, by default the passwords are based off of the
word $ervicexx, where xx is the last two numbers of the users cell phone number. The users are not
required to change this password. Which of the following is this an example of?
A. Default accounts
B. Known plain text
C. Back door
D. Weak passwords
Answer: D
87. Which of the following is a reason why a company should disable the SSID broadcast of the wireless
access points?
A. Rogue access points
B. War driving
C. Weak encryption
D. Session hijacking
Answer: B
88. An administrator notices that former temporary employees accounts are still active on a domain.
Which of the following can be implemented to increase security and prevent this from happening?
A. Run a last logon script to look for inactive accounts.

Testinside
B. Implement an account expiration date for temporary employees.
C. Implement a password expiration policy.
D. Implement time of day restrictions for all temporary employees.
Answer: B
89. Which of the following is the BEST place where the disaster recovery plan should be kept?
A. Printed out and kept in the desk of the CIO
B. At multiple offsite locations
C. Multiple copies printed out and kept in the server room
D. On the network file server
Answer: B
90. Which of the following is a required privilege that an administrator must have in order to restore a
public/private key set on a certificate authority (CA)?
A. Recovery agent
B. Registration authority
C. Domain administrator
D. Group administrator
Answer: A
91. Which of the following is the MOST recent addition to cryptography?
A. AES
B. DES
C. 3DES
D. PGP
Answer: A
92. Which of the following requires a common pre-shared key before communication can begin?
A. Public key infrastructure
B. Symmetric key cryptography

Testinside
C. Secure hashing algorithm
D. Asymmetric key cryptography
Answer: B
93. Which of the following allows devices attached to the same switch to have separate broadcast
domains?
A. NAT
B. DMZ
C. NAC
D. VLAN
Answer: D
94. Which of the following allows for notification when a hacking attempt is discovered?
A. NAT
B. NIDS
C. Netflow
D. Protocol analyzer
Answer: B
95. When dealing with a 10BASE5 network, which of the following is the MOST likely security risk?
A. An incorrect VLAN
B. SSID broadcasting
C. A repeater
D. A vampire tap
Answer: D
96. Which of the following allows a technician to scan for missing patches on a device without actually
attempting to exploit the security problem?
A. A vulnerability scanner
B. Security baselines

Testinside
C. A port scanner
D. Group policy
Answer: A
97. Which of the following uses a key ring?
A. AES
B. DES
C. PGP
D. RSA
Answer: C
98. Sending continuous TCP requests to a device and ignoring the return information until the device
ceases to accept new connections is an example of which of the following?
A. TCP/IP hijacking
B. DNS poisoning
C. Kiting
D. DoS
Answer: D
99. Which of the following would use a group of bots to stop a web server from accepting new requests?
A. DoS
B. DDoS
C. MAC
D. ARP
Answer: B
100. Using an asymmetric key cryptography system, where can a technician generate the key pairs?
A. A certificate authority
B. IETF
C. A key escrow service

Testinside
D. A recovery agent
Answer: A
101. Which of the following allows a person to find public wireless access points?
A. Weak encryption
B. 802.1x
C. SSID broadcast
D. Data emanation
Answer: C
102. Which of the following allows a file to have different security permissions for users that have the same
roles or user groups?
A. Mandatory Access Control (MAC)
B. Role-Based Access Control (RBAC)
C. Discretionary Access Control (DAC)
D. Rule-Based Access Control (RBAC)
Answer: C
103. Which of the following would be BEST to use to apply corporate security settings to a device?
A. A security patch
B. A security hotfix
C. An OS service pack
D. A security template
Answer: D
104. A user reports that a web based application is not working after a browser upgrade. Before the
upgrade, a login box would appear on the screen and disappear after login. The login box does not
appear after the upgrade. Which of the following BEST describes what to check FIRST?
A. That the software based firewall application trusts this site
B. That the pop-up blocker application trusts this site

Testinside
C. That the antivirus application trusts this site
D. That the anti-spam application trusts this site
Answer: B
105. A technician suspects that one of the network cards on the internal LAN is causing a broadcast storm.
Which of the following would BEST diagnose which NIC is causing this problem?
A. The NIDS log file
B. A protocol analyzer
C. The local security log file
D. The local firewall log file
Answer: B
106. A company needs to have multiple servers running low CPU utilization applications. Which of the
following is the MOST cost efficient method for accomplishing this?
A. Install multiple high end servers, sharing a clustered network operating system.
B. Install a single low end server, running multiple virtual servers.
C. Install a single high end server, running multiple virtual servers.
D. Install multiple low end servers, each running a network operating system.
Answer: C
107. After a system risk assessment was performed it was found that the cost to mitigate the risk was
higher than the expected loss if the risk was actualized. In this instance, which of the following is the BEST
course of action?
A. Accept the risk
B. Mitigate the risk
C. Reject the risk
D. Run a new risk assessment
Answer: A
108. A small call center business decided to install an email system to facilitate communications in the office.

Testinside
As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The
IT manager read there was a 90% chance each year that workstations would be compromised if not
adequately protected. If workstations are compromised it will take three hours to restore services for the 30
staff. Staff members in the call center are paid $90 per hour. If determining the risk, which of the following
is the annual loss expectancy (ALE)?
A. $2,700
B. $4,500
C. $5,000
D. $7,290Pb
Answer: D
109. A small call center business decided to install an email system to facilitate communications in the office.
As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The
IT manager read there was a 90% chance each year that workstations would be compromised if not
adequately protected. If workstations are compromised it will take three hours to restore services for the 30
staff. Staff members in the call center are paid $90 per hour. If the anti-malware software is purchased,
which of the following is the expected net savings?
A. $900
B. $2,290
C. $2,700
D. $5,000Pb
Answer: B
110. A technician is deciding between implementing a HIDS on the database server or implementing a
NIDS. Which of the following are reasons why a NIDS may be better to implement? (Select TWO).
A. Many HIDS require frequent patches and updates.
B. Many HIDS are not able to detect network attacks.
C. Many HIDS have a negative impact on system performance.
D. Many HIDS only offer a low level of detection granularity.
E. Many HIDS are not good at detecting attacks on database servers.

Testinside
Answer: BC
111. Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a
laptop?
A. Remote access user connecting via SSL VPN
B. Office laptop connected to the enterprise LAN
C. Remote access user connecting via corporate dial-in server
D. Office laptop connected to a home users network
Answer: D
112. A flat or simple role-based access control (RBAC) embodies which of the following principles?
A. Users assigned to roles, permissions are assigned to groups, controls applied to groups and permissions
acquired by controls
B. Users assigned permissions, roles assigned to groups and users acquire additional permissions by
being a member of a group
C. Roles applied to groups, users assigned to groups and users acquire permissions by being a member of
the group
D. Users assigned to roles, permissions are assigned to roles and users acquire permissions by being a
member of the role
Answer: D
113. Which of the following is a security threat that hides its processes and files from being easily detected?
A. Trojan
B. Adware
C. Worm
D. Rootkit
Answer: D
114. Frequent signature updates are required by which of the following security applications? (Select
TWO).

Testinside
A. Antivirus
B. PGP
C. Firewall
D. PKI
E. IDS
Answer: AE
115. Social engineering, password cracking and vulnerability exploitation are examples of which of the
following?
A. Vulnerability assessment
B. Fingerprinting
C. Penetration testing
D. Fuzzing
Answer: C
116. Configuration baselines should be taken at which of the following stages in the deployment of a new
system?
A. Before initial configuration
B. Before loading the OS
C. After a user logs in
D. After initial configuration
Answer: D
117. Which of the following describes the difference between a secure cipher and a secure hash?
A. A hash produces a variable output for any input size, a cipher does not.
B. A cipher produces the same size output for any input size, a hash does not.
C. A cipher can be reversed, a hash cannot.
D. A hash can be reversed, a cipher cannot.
Answer: C

Testinside
118. Which of the following BEST describes the differences between RADIUS and TACACS?
A. TACACS separates authentication, authorization and auditing capabilities.
B. TACACS is a remote access authentication service.
C. RADIUS is a remote access authentication service.
D. RADIUS separates authentication, authorization and auditing capabilities.
Answer: A
119. Which of the following BEST describes the differences between RADIUS and TACACS?
A. RADIUS encrypts client-server negotiation dialog.
B. RADIUS is a remote access authentication service.
C. TACACS encrypts client-server negotiation dialog.
D. TACACS is a remote access authentication service.
Answer: C
120. To evaluate the security compliance of a group of servers against best practices, which of the following
BEST applies?
A. Get a patch management report.
B. Conduct a penetration test.
C. Run a vulnerability assessment tool.
D. Install a protocol analyzer.
Answer: C
121. Which of the following is a problem MOST often associated with UTP cable?
A. Fuzzing
B. Vampire tap
C. Crosstalk
D. Refraction
Answer: C
122. Which of the following is setup within a router?

Testinside
A. ARP
B. DMZ
C. OVAL
D. DDoS
Answer: B
123. Which of the following would allow for secure key exchange over an unsecured network without a
pre-shared key?
A. 3DES
B. AES
C. DH-ECC
D. MD5
Answer: C
124. Which of the following allows for a secure connection to be made through a web browser?
A. L2TP
B. SSH
C. SSL
D. HTTP
Answer: C
125. Which of the following would require a pre-sharing of information before a home user could attach to a
neighbors wireless adapter?
A. Anonymous connections enabled
B. SSID broadcasting disabled
C. SSID broadcasting enabled
D. Encryption disabled
Answer: B
126. Which of the following would BEST allow an administrator to quickly find a rogue server on the

Testinside
network?
A. Review security access logs
B. A network mapper
C. A protocol analyzer
D. Review DNS logs
Answer: B
127. Which of the following is the MOST intrusive on a network?
A. Penetration testing
B. Protocol analyzers
C. Port scanners
D. Vulnerability testing
Answer: A
128. A single sign-on requires which of the following?
A. Multifactor authentication
B. One-factor authentication
C. A trust model between workstations
D. A unified trust model
Answer: D
129. All of the following are where backup tapes should be kept EXCEPT:
A. near a fiber optic cable entrance.
B. near a shared LCD screen.
C. near a power line.
D. near a high end server.
Answer: C
130. All of the following require periodic updates to stay accurate EXCEPT:
A. signature based HIDS.

Testinside
B. pop-up blocker applications.
C. antivirus applications.
D. rootkit detection applications.
Answer: B
131. Which of the following is the quickest method to create a secure test server for a programmer?
A. Install a network operating system on new equipment.
B. Create a virtual server on existing equipment.
C. Install a network operating system on existing equipment.
D. Create a virtual server on new equipment.
Answer: B
132. Which of the following is a collection of fixes for an application or operating system that has been
tested by the vendor?
A. A security template
B. A service pack
C. A patch
D. A hotfix
Answer: B
133. Which of the following is a risk associated with a virtual server?
A. If the physical server crashes, all of the local virtual servers go offline immediately.
B. If the physical server crashes, all of the physical servers nearby go offline immediately.
C. If a virtual server crashes, all of the virtual servers go offline immediately.
D. If a virtual server crashes, all of the physical servers go offline immediately.
Answer: A
134. Which of the following improves security in a wireless system?
A. IP spoofing
B. MAC filtering

Testinside
C. SSID spoofing
D. Closed network
Answer: B
135. An antivirus server keeps flagging an approved application that the marketing department has installed
on their local computers as a threat. This is an example of:
A. false negative.
B. false positive.
C. true negative.
D. true positive.
Answer: B
136. An administrator is running a network monitoring application that looks for behaviors on the network
outside the standard baseline that has been established. This is typical of a(n):
A. signature-based tool.
B. protocol analyzer.
C. honeynet.
D. anomaly-based tool.
Answer: D
137. Some examples of hardening techniques include all of the following EXCEPT:
A. applying security templates.
B. running weekly spyware applications.
C. network-based patch management.
D. disabling all non-required services.
Answer: B
138. An administrator wants to block users from accessing a few inappropriate websites as soon as
possible. The existing firewall allows blocking by IP address. To achieve this goal the administrator will need
to:

Testinside
A. upgrade to a DNS based filter to achieve the desired result.
B. use the company AUP to achieve the desired result.
C. upgrade to a URL based filter to achieve the desired result.
D. upgrade to a text based filter to achieve the desired result.
Answer: C
139. An administrator wants to ensure that when an employee leaves the company permanently, that the
company will have access to their private keys. Which of the following will accomplish this?
A. Store the keys in escrow.
B. Immediately delete the account.
C. Store them in a CRL.
D. Obtain the employees hardware token.
Answer: A
140. Which of the following organizational documentation describes how tasks or job functions should be
conducted?
A. Standards
B. Guideline
C. Policy
D. Procedures
Answer: D
141. Which of the following BEST describes risk analysis?
A. Monitoring and acceptance
B. Evaluation and assessment
C. Assessment and eradication
D. Mitigation and repudiation
Answer: B
142. Which of the following hashing techniques is commonly disabled to make password cracking more

Testinside
difficult?
A. NTLM
B. AES
C. OVAL
D. Kerberos
Answer: A
143. Which of the following describes software that is often written solely for a specific customers
application?
A. Rootkit
B. Hotfix
C. Service pack
D. Patch
Answer: B
144. A security manager believes that too many services are running on a mission critical database server.
Which of the following tools might a security analyst use to determine services that are running on the
server, without logging into the machine?
A. OVAL
B. Port scanner
D. NIDS
Answer: B
145. Which of the following encryption methods is often used along with L2TP?
A. S/MIME
B. SSH
C. 3DES
D. IPSec
Answer: D

Testinside
146. An administrator is assigned to monitor servers in a data center. A web server connected to the
Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely
cause?
A. Spyware
B. Trojan
D. DoS
Answer: D
147. Ensuring administrators have both a regular user account and a privileged user account is an example
of applying which security principle?
A. Need-to-know
B. Mandatory Access Control (MAC)
C. Least privilege
D. Discretionary Access Control (DAC)
Answer: C
148. Which of the following is an example of two-factor authentication for an information system?
A. ATM card and PIN
B. Username and password
C. Retina and fingerprint scanner
D. Photo ID and PIN
Answer: A
149. A technician is performing an assessment on a router and discovers packet filtering is employed.
Which of the following describes a security concern with stateless packet filtering?
A. Packet payload is not checked.
B. State connections are retained by the router.
C. Router performance is reduced.

Testinside
D. Loose routing cannot determine the exact path a packet must follow.
Answer: A
150. Which of the following is LEAST likely to help reduce single points of failure?
A. Mandatory vacations
B. Cross training
C. Clustered servers
D. Disaster recovery exercises
Answer: A
151. Which of the following is LEAST effective when hardening an operating system?
A. Configuration baselines
B. Limiting administrative privileges
C. Installing HIDS
D. Install a software firewall
Answer: C
152. Which of the following provides the MOST control when deploying patches?
A. Hotfix
B. Remote desktop
C. Patch management
D. Service packs
Answer: C
153. All of the following are components of IPSec EXCEPT:
A. encapsulating security payload.
B. Internet key exchange.
C. temporal key interchange protocol.
D. authentication header (AH).
Answer: C

Testinside
154. Which of the following should be included in a forensic toolkit?
A. Compressed air
B. Tape recorder
C. Fingerprint cards
D. Digital camera
Answer: D
155. How many keys are utilized with asymmetric cryptography?
A. One
B. Two
C. Five
D. Seven
Answer: B
156. Which of the following terms is BEST associated with public key infrastructure (PKI)?
A. MD5 hashing
B. Symmetric key
C. Symmetric algorithm
D. Digital signatures
Answer: D
157. Which of the following is the LAST step to granting access to specific domain resources?
A. Validate the user
B. Authorize the user
C. Verify the user
D. Authenticate the user
Answer: B
158. The staff must be cross-trained in different functional areas so that fraud can be detected. Which of the

Testinside
following is this an example of?
A. Separation of duties
B. Implicit deny
C. Least privilege
D. Job rotation
Answer: D
159. Human Resources has requested that staff members be moved to different parts of the country into
new positions. Which of the following is this an example of?
A. Implicit deny
C. Least privilege
D. Job rotation
Answer: D
160. An administrator is worried about an attacker using a compromised user account to gain administrator
access to a system. Which of the following is this an example of?
A. Man-in-the-middle attack
B. Protocol analysis
D. Cross-site scripting
Answer: C
161. In regards to physical security, which of the following BEST describes an access control system which
implements a non-trusted but secure zone immediately outside of the secure zone?
A. Smart card
B. Defense-in-depth
C. Mantrap
D. DMZ
Answer: C

Testinside
162. A technician notices delays in mail delivery on the mail server. Which of the following tools could be
used to determine the cause of the service degradation?
A. Port scanner
B. Performance monitor
C. ipconfig /all
D. TFTP
Answer: B
163. During a risk assessment it is discovered that only one system administrator is assigned several tasks
critical to continuity of operations. It is recommended to cross train other system administrators to perform
these tasks and mitigate which of the following risks?
A. DDoS
B. Privilege escalation
C. Disclosure of PII
D. Single point of failure
Answer: D
164. Penetration testing should only be used once which of the following items is in place?
A. Acceptable use policy
B. Data retention and disclosure policy
C. Service level agreement
D. Written permission
Answer: D
165. An administrator recommends that management establish a trusted third party central repository to
maintain all employees private keys. Which of the following BEST describes the administrators
recommendation?
A. Registration
B. Certificate authority

Testinside
C. Recovery agent
D. Key escrow
Answer: D
166. To combat transaction fraud, a bank has implemented a requirement that all bank customers enter a
different, unique code to confirm every transaction. Which of the following is the MOST effective method
to accomplish this?
A. ATM PIN code
B. Elliptic curve
C. One-time password
D. Digital certificate
Answer: C
167. An administrator is responsible for a server which has been attacked repeatedly in the past. The only
recourse has been to reload the server from scratch. Which of the following techniques could be used to
decrease the recovery time following an incident?
A. Implement the server as a honeypot.
B. Implement the server as a virtual server instance.
C. Load balance between two identical servers.
D. Install the server on a separate VLAN segment.
Answer: B
168. According to company policy an administrator must logically keep the Human Resources department
separated from the Accounting department. Which of the following would be the simplest way to
accomplish this?
A. NIDS
B. DMZ
C. NAT
D. VLAN
Answer: D

Testinside
169. Which of the following authentication models uses a KDC?
A. CHAP
B. PKI
C. PGP
D. Kerberos
Answer: D
170. Which of the following attacks commonly result in a buffer overflow?
A. ARP Poisoning
B. DNS Poisoning
C. Replay
D. DoS
Answer: D
171. Which of the following ports does SNMP run on?
A. 25
B. 110
C. 161
D. 443
Answer: C
172. Which of the following is responsible for establishing trust models?
A. The firewall
B. The information security officer
C. The certificate authority
D. The key escrow agent
Answer: C
173. Which of the following allows attackers to gain control over the web camera of a system?

Testinside
A. ActiveX component
B. SQL injection
C. Cross-site scripting
D. XML
Answer: A
174. Which of the following type of attacks sends out numerous MAC resolution requests to create a buffer
overflow attack?
A. Smurf
B. ARP poisoning
C. DDoS
D. DNS poisoning
Answer: B
175. Which of the following would a former employee MOST likely plant on a server that is not traceable?
A. Worm
B. Logic bomb
C. Trojan
D. Virus
Answer: B
176. Which of the following consists of markings outside a building that indicate the connection speed of a
nearby unsecured wireless network?
A. War driving
B. War chalking
C. Blue jacking
D. Bluesnarfing
Answer: B
177. Which of the following could be used to capture website GET requests?

Testinside
A. Port scanner
C. Network mapper
D. Vulnerability scanner
Answer: B
178. Which of the following does the process of least privilege fall under?
A. Integrity
B. Non-repudiation
C. Confidentiality
D. Availability
Answer: C
179. Which of the following hashing algorithms is the LEAST secure?
A. SHA-1
B. LANMAN
C. NTLM
D. MD5
Answer: B
180. Which of the following encryption algorithms is decrypted in the LEAST amount of time?
A. RSA
B. AES
C. 3DES
D. L2TP
Answer: B
181. Identification is a critical component of the authentication process because it is:
A. used to confirm the privileges of a user.
B. when the user is verified.

Testinside
C. when the user is authorized.
D. used to prevent authorized access.
Answer: B
182. Identity proofing occurs during which phase of identification and authentication?
A. Testing
B. Verification
C. Authentication
D. Identification
Answer: D
183. Which of the following BEST describes the practice of dumpster diving?
A. Sorting through the garbage of an organization to obtain information used for configuration management.
B. Sorting through the garbage of an organization to obtain information used for a subsequent attack.
C. Sorting through the trash of an organization to obtain information found on their intranet.
D. Sorting through the trash of an organization to recover an old user ID badge previously used for an
attack.
Answer: B
184. Implementation of proper environmental controls should be considered by administrators when
recommending facility security controls because of which of the following?
A. Proper environmental controls provide redundancy to the facility.
B. Proper environmental controls help ensure availability of IT systems.
C. Proper environmental controls make authentication simpler.
D. Proper environmental controls provide integrity to IT systems.
Answer: B
185. To prevent the use of stolen PKI certificates on web servers, which of the following should an
administrator ensure is available to their web servers?
A. Registration

Testinside
B. CA
C. CRL
D. Key escrow
Answer: C
186. Which of the following describes an implementation of PKI where a copy of a users private key is
stored to provide third party access and to facilitate recovery operations?
A. Registration
B. Recovery agent
C. Key escrow
D. Asymmetric
Answer: C
187. All of the following are methods used to conduct risk assessments EXCEPT:
A. penetration tests.
B. security audits.
C. vulnerability scans.
D. disaster exercises.
Answer: D
188. Which of the following is a prerequisite for privilege escalation to occur?
A. The attacker has to create their own zero day attack for privilege escalation.
B. The attacker must already have physical access to the system.
C. The attacker must use a rootkit in conjunction with privilege escalation.
D. The attacker must have already gained entry into the system.
Answer: D
189. Management has asked a technician to prevent data theft through the use of portable drives. Which of
the following should the technician implement?
A. Install a CCTV system.

Testinside
B. Use security templates.
C. Implement a biometric system.
D. Disable USB drives.
Answer: D
190. A technician has been informed that many of the workstations on the network are flooding servers.
Which of the following is the MOST likely cause of this?
A. Worm
B. Logic bomb
C. Virus
D. Spam
Answer: A
191. Which of the following is a way to manage operating system updates?
A. Service pack management
B. Patch application
C. Hotfix management
D. Change management
Answer: D
192. Which of the following BEST describes a way to prevent buffer overflows?
A. Apply all security patches to workstations.
B. Apply security templates enterprise wide.
C. Apply group policy management techniques.
D. Monitor P2P program usage through content filters.
Answer: A
193. Which of the following describes a tool used by organizations to verify whether or not a staff member
has been involved in malicious activity?
A. Mandatory vacations

Testinside
B. Implicit deny
C. Implicit allow
D. Time of day restrictions
Answer: A
194. Which of the following is the MOST common logical access control method?
A. Access control lists
B. Usernames and password
C. Multifactor authentication
D. Security ID badges
Answer: B
195. Which of the following explains the difference between a public key and a private key?
A. The public key is only used by the client while the private key is available to all. Both keys are
mathematically related.
B. The private key only decrypts the data while the public key only encrypts the data. Both keys are
mathematically related.
C. The private key is commonly used in symmetric key decryption while the public key is used in
asymmetric key decryption.
D. The private key is only used by the client and kept secret while the public key is available to all.
Answer: D
196. Which of the following is a countermeasure when power must be delivered to critical systems no
matter what?
A. Backup generator
B. Redundant power supplies
C. Uninterruptible power supplies (UPSs)
D. Warm site
Answer: A

Testinside
197. Which of the following is the MOST important step to conduct during a risk assessment of computing
systems?
A. The identification of USB drives
B. The identification of missing patches
C. The identification of mantraps
D. The identification of disgruntled staff members
Answer: B
198. Which of the following tools will allow a technician to detect security-related TCP connection
anomalies?
A. Logical token
B. Performance monitor
C. Public key infrastructure
D. Trusted platform module
Answer: B
199. Which of the following monitoring methodologies will allow a technician to determine when there is a
security related problem that results in an abnormal condition?
A. Signature-based
B. NIDS
C. Anomaly-based
D. NIPS
Answer: C
200. Which of the following is the MOST important thing to consider when implementing an IDS solution?
A. The cost of the device
B. Distinguishing between false negatives
C. Distinguishing between false positives
D. The personnel to interpret results
Answer: D

Testinside
201. Which of the following is a list of discrete entries that are known to be benign?
A. Whitelist
B. Signature
C. Blacklist
D. ACL
Answer: A
202. Which of the following encryption algorithms is used for encryption and decryption of data?
A. MD5
B. SHA-1
C. NTLM
D. RC5
Answer: D
203. Who is ultimately responsible for the amount of residual risk?
A. The senior management
B. The security technician
C. The organizations security officer
D. The DRP coordinator
Answer: A
204. Which of the following type of protection is hashing used to provide?
A. Integrity
B. Cryptographic randomness
C. Collision
D. Confidentiality
Answer: A
205. All of the following are part of the disaster recovery plan EXCEPT:

Testinside
A. obtaining management buy-in.
B. identifying all assets.
C. system backups.
D. patch management software.
Answer: D
206. Which of the following is MOST likely to make a disaster recovery exercise valuable?
A. Revising the disaster recovery plan during the exercise
B. Conducting intricate, large-scale mock exercises
C. Learning from the mistakes of the exercise
D. Management participation
Answer: C
207. Which of the following would MOST likely prevent a PC application from accessing the network?
A. Virtualization
B. Host-based firewall
C. Antivirus
D. HIDS
Answer: B
208. A technician is investigating intermittent switch degradation. The issue only seems to occur when the
buildings roof air conditioning system runs. Which of the following would reduce the connectivity issues?
A. Adding a heat deflector
B. Redundant HVAC systems
C. Shielding
D. Add a wireless network
Answer: C
209. A botnet zombie is using HTTP traffic to encapsulate IRC traffic. Which of the following would detect
this encapsulated traffic?

Testinside
A. Vulnerability scanner
B. Proxy server
C. Anomaly-based IDS
D. Rootkit
Answer: C
210. To determine whether a system is properly documented and to gain insight into the systems security
aspects that are only available through documentation is the purpose of:
A. hybrid security testing techniques.
B. active security testing techniques.
C. passive security testing techniques.
D. invasive security testing techniques.
Answer: C
211. Which of the following BEST describes external security testing?
A. Conducted from outside the perimeter switch but inside the firewall
B. Conducted from outside the building that hosts the organizations servers
C. Conducted from outside the organizations security perimeter
D. Conducted from outside the perimeter switch but inside the border router
Answer: C
212. Port scanners can identify all of the following EXCEPT:
A. applications.
B. operating systems.
C. vulnerabilities.
D. active hosts.
Answer: C
213. All of the following are limitations of a vulnerability scanner EXCEPT:
A. it only uncovers vulnerabilities for active systems.

Testinside
B. it generates a high false-positive error rate.
C. it relies on a repository of signatures.
D. it generates less network traffic than port scanning.
Answer: D
214. One of the security benefits to using virtualization technology is:
A. if an instance is compromised the damage can be compartmentalized.
B. applying a patch to the server automatically patches all instances.
C. if one instance is compromised no other instances can be compromised.
D. virtual instances are not affected by conventional port scanning techniques.
Answer: A
215. Which of the following if disabled will MOST likely reduce, but not eliminate the risk of VLAN jumping?
A. LAN manager
B. ARP caching
C. DTP on all ports
D. TACACS
Answer: C
216. Which of the following would BEST describe a disaster recovery plan (DRP)?
A. Addresses the recovery of an organizations business documentation
B. Addresses the recovery of an organizations email
C. Addresses the recovery of an organizations backup site
D. Addresses the recovery of an organizations IT infrastructure
Answer: D
217. Which of the following is the primary objective of a business continuity plan (BCP)?
A. Addresses the recovery of an organizations business operations
B. Addresses the recovery of an organizations business payroll system
C. Addresses the recovery of an organizations business facilities

Testinside
D. Addresses the recovery of an organizations backup site
Answer: A
218. A software manufacturer discovered a design flaw in a new application. Rather than recall the software,
management decided to continue manufacturing the product with the flaw. Which of the following risk
management strategies was adopted by management?
A. Risk mitigation
B. Risk avoidance
C. Risk acceptance
D. Risk transfer
Answer: C
219. Which of the following is considered an independent program that can copy itself from one system to
another and its main purpose is to damage data or affect system performance?
A. Virus
B. Worm
C. Spam
D. Spyware
Answer: B
220. Which of the following access control methods could the administrator implement because of constant
hiring of new personnel?
A. Rule-based
B. Role-based
C. Discretionary
D. Decentralized
Answer: B
221. When using a single sign-on method, which of the following could adversely impact the entire
network?

Testinside
A. Workstation
B. Biometrics
C. Web server
D. Authentication server
Answer: D
222. A HIDS is installed to monitor which of following?
A. CPU performance
B. NIC performance
C. System files
D. Temporary Internet files
Answer: C
223. Which of the following intrusion detection systems uses statistical analysis to detect intrusions?
A. Signature
B. Honeynet
C. Anomaly
D. Knowledge
Answer: C
224. Which of the following is a system that will automate the deployment of updates to workstations and
servers?
A. Service pack
B. Remote access
C. Patch management
D. Installer package
Answer: C
225. Which of the following is a method to apply system security settings to all workstations at once?
A. Policy analyzer

Testinside
B. Patch management
C. Configuration baseline
D. A security template
Answer: D
226. Which of the following would be a method of securing the web browser settings on all network
workstations?
A. Internet content filter
B. Group policy
C. Control panel
D. P2P software
Answer: B
227. Which of the following should be implemented to have all workstations and servers isolated in their
own broadcast domains?
A. VLANs
B. NAT
C. Access lists
D. Intranet
Answer: A
228. Which of the following is the common mail format for digitally signed and encrypted messages?
A. SMTP
B. SSL
C. MIME
D. S/MIME
Answer: D
229. Which of the following is the common way of implementing cryptography on network devices for
encapsulating traffic between the device and the host managing them?

Testinside
A. S/MIME
B. SNMP
C. SSH
D. SMTP
Answer: C
230. An application that gets downloaded onto a system by appearing to be a useful tool for cleaning out
duplicate contacts in a users emails would be considered:
A. spyware.
B. spam.
C. a worm.
D. a Trojan.
Answer: D
231. Installing an application on every desktop in a companys network that watches for possible intrusions
would be an example of:
A. a HIDS.
B. a personal software firewall.
C. hardening.
D. a NIDS.
Answer: A
232. Users should be able to access their email and several secure applications from any workstation on
the network. Additionally, the administrator has implemented an authentication system requiring the use of
a username, password, and a company issued smart card. Which of the following is this an example of?
A. Three factor authentication
B. SSO
C. ACL
D. Least privilege
Answer: B

Testinside
233. Which of the following processes are used to monitor and protect the DNS server?
A. Ping the DNS server every minute to verify connectivity.
B. Use personal firewalls to block port 53.
C. Check DNS records regularly.
D. Set PTR records to purge daily.
Answer: C
234. Which of the following is the MOST effective method for stopping a phishing attempt?
A. Up-to-date antivirus definitions
B. Paper shredders
C. User education
D. SPAM filters
Answer: C
235. Which of the following asymmetric encryption algorithms was utilized FIRST?
A. AES
B. Serpent
C. Whirlpool
D. DES
Answer: D
236. Which of the following is an example of two-factor authentication?
A. User ID and password
B. Smart card and PIN
C. Fingerprint reader and iris scanner
D. Smart card and ID badge
Answer: B
237. Which of the following could physically damage a device if a long term failure occurred?

Testinside
A. OVAL
B. HVAC
C. Battery backup system
D. Shielding
Answer: B
238. Which of the following is the easiest way to disable a 10Base2 network?
A. Introduce crosstalk.
B. Install a zombie.
C. Remove a terminator.
D. Remove a vampire tap.
Answer: C
239. Which of the following is the BEST method for securing the data on a coaxial network?
A. Weld all terminators to the cable ends.
B. Run all cables through a conduit.
C. Make sure all terminators are grounded.
D. Run all new cables parallel to existing alternating current (AC) cabling.
Answer: B
240. Which of the following is the weakest password?
A. Indu5tr1als
B. F%r3Walke3r
C. C0mpt!a2**8
D. P^s5W0rd
Answer: A
241. Which of the following mimics a legitimate program in order to steal sensitive data?
A. Botnet
B. Worm

Testinside
C. Spam
D. Trojan
Answer: D
242. Which of the following BEST describes hashing?
A. Encrypting the data payload and computing a unique mathematic identifier in order to detect change
during transport.
B. Computing a unique mathematic identifier in order to prevent change during transport.
C. Encrypting the data payload and computing a unique mathematic identifier in order to prevent change
during transport.
D. Computing a unique mathematic identifier in order to detect change during transport.
Answer: D
243. Which of the following is MOST likely to crash a workstation?
A. Vulnerability assessment
C. Penetration test
D. Network mapper
Answer: C
244. After a period of high employee turnover, which of the following should be implemented?
A. A review of NTLM hashes on the domain servers
B. A review of group policies
C. A review of user access and rights
D. A review of storage and retention policies
Answer: C
245. All PCs in a network share a single administrator ID and password. When the administrator attempts
to remotely control a users PC the attempt fails. Which of the following should the administrator check
FIRST?

Testinside
A. The antivirus settings on the local PC
B. The antivirus settings on the remote PC
C. The HIPS on the remote PC
D. The HIPS on the local PC
Answer: C
246. All of the following are organizational policies that reduce the impact of fraud EXCEPT:
A. separation of duties.
B. password complexity rules.
C. job rotation.
D. escorting procedures.
Answer: B
247. Which of the following algorithms is faster when encrypting data?
A. Symmetric key algorithms
B. Public key algorithms
C. Whole disk encryption algorithms
D. Asymmetric key algorithms
Answer: A
248. Which of the following is a best practice for securing log files?
A. Copy or save the logs to a remote log server.
B. Log all failed and successful login attempts.
C. Deny administrators all access to log files to prevent write failures.
D. Change security settings to avoid corruption.
Answer: A
249. Which of the following logs might reveal the IP address and MAC address of a rogue device within the
local network?
A. Security logs

Testinside
B. DHCP logs
C. DNS logs
D. Antivirus logs
Answer: B
250. Which of the following is a best practice auditing procedure?
A. Mitigate vulnerabilities
B. Review user access and rights
C. Set strong password requirements
D. Draft an email retention policy
Answer: B
251. Users and computers are generally grouped into domains for security purposes. Which of the following
is a common attribute used to determine which domain a user or computer belongs to?
A. MAC address
B. Location
C. Password
D. OS
Answer: B
252. Which of the following is an industry standard for remote logging?
A. ipfilter
B. RDP
C. rlogin
D. syslog
Answer: D
253. Audit trails are used for which of the following?
A. Availability
B. Accountability

Testinside
C. Authorization
D. Continuity
Answer: B
254. Which of the following is true about penetration testing or vulnerability assessments?
A. Vulnerability assessment verifies incidence response
B. Penetration testing removes malware if found during a scan
C. Vulnerability assessment exploits a weakness in a system
D. Penetration testing exploits a vulnerability
Answer: D
255. Executing proper logging procedures would be the proper course of action in which of the following
scenarios? (Select TWO).
A. Need to prevent access to a file or folder
B. Need to know which files have been accessed
C. Need to know who is logging on to the system
D. Need to prevent users from logging on to the system
E. Need to capture monitor network traffic in real time
Answer: BC
256. Executing proper logging procedures would facilitate which of the following requirements?
A. Ignore suspicious queries to the DNS server.
B. Investigate suspicious queries to the DNS server.
C. Block suspicious queries to the DNS server.
D. Monitor suspicious queries to the DNS server in real time.
Answer: B
257. Which of the following is a concern when setting logging to a debug level?
A. The log may fill up with extraneous information.
B. The device or application will only operate in test mode.

Testinside
C. Some important events will not get logged.
D. The events may not contain enough details.
Answer: A
258. Which of the following malicious activities might leave traces in a DNS log file?
A. Hijacking
B. Poisoning
C. Caching
D. Phishing
Answer: B
259. Which of the following NAC scanning types is the LEAST intrusive to the client?
A. Open ID
B. Agent based
C. Agentless
D. ActiveX
Answer: C
260. While auditing a list of active user accounts, which of the following may be revealed?
A. Accounts with weak passwords
B. Passwords with dictionary words
C. Passwords that are blank
D. Accounts that need to be removed
Answer: D
261. Which of the following is the BEST logical access control method for controlling system access on
teams working in shifts?
A. Separation of duties
B. Job rotation

Testinside
D. Least privilege
Answer: C
262. Which of the following should be considered when implementing logging controls on multiple systems?
(Select TWO).
A. VLAN segment of the systems
B. Systems clock synchronization
C. Systems capacity and performance
D. External network traffic
E. Network security zone of the systems
Answer: BC
263. Which of the following characteristics of RAID increases availability?
A. Striping without parity
B. Mirroring
C. Kiting
D. Low cost
Answer: B
264. All of the following are attributes of an x.509 certificate EXCEPT:
A. the symmetric key of the owner.
B. the public key of the owner.
C. the version of the certificate.
D. the issuer.
Answer: A
265. Which of the following is the MOST common method of one-factor authentication?
A. Smart card and a PIN
B. Physical token and a password
C. Fingerprint reader

Testinside
D. User ID and password
Answer: D
266. Which of the following prevents damage to evidence during forensic analysis?
A. Write-only drive connectors
B. Drive sanitization tools
C. Read-only drive connectors
D. Drive recovery tools
Answer: C
267. Which of the following requires the server to periodically request authentication from the client?
A. EAP
B. CHAP
C. WPA2
D. RAS
Answer: B
268. Which of the following would be disabled to prevent SPIM?
A. P2P
B. ActiveX controls
C. Instant messaging
D. Internet mail
Answer: C
269. A user reports that pop-up windows continuously appear on their screen with a message stating that
they have a virus and offering to see a program that will remove it. The technician is skeptical because the
antivirus definitions on the machine are up-to-date. Which of the following BEST describes what the user
is seeing?
A. SQL injection
B. Spyware

Testinside
C. Adware
D. SMTP open relay
Answer: C
270. Which of the following BEST allows for a high level of encryption?
A. AES with ECC
B. DES with SHA-1
C. PGP with SHA-1
D. 3DES with MD5
Answer: A
271. Which of the following is the primary security risk associated with removable storage?
A. Availability
B. Confidentiality
C. Injection
D. Integrity
Answer: B
272. A company is addressing backup and recovery issues. The company is looking for a compromise
between speed of backup and speed of recovery. Which of the following is the BEST recommendation?
A. Full backups every day
B. Daily differential backups
C. Full backups weekly with differential backups daily
D. Weekly differential with incremental backups daily
Answer: C
273. The GREATEST security concern in regards to data leakage with USB devices is:
A. speed.
B. physical size.
C. OS compatibility.

Testinside
D. storage capacity.
Answer: B
274. Once a system has been compromised, often the attacker will upload various tools that can be used at
a later date. The attacker could use which of the following to hide these tools?
A. Logic bomb
B. Rootkit
C. Virus
D. Trojan
Answer: B
275. Which of the following is the perfect encryption scheme and is considered unbreakable when properly
used?
A. Running key cipher
B. Concealment cipher
C. One-time pad
D. Steganography
Answer: C
276. Which of the following is the main difference between a substitution cipher and a transposition cipher
when used to encode messages?
A. One rearranges and replaces blocks while the other rearranges only.
B. One replaces blocks with other blocks while the other rearranges only.
C. One replaces blocks while the other rearranges and replaces only.
D. One is a symmetric block cipher and the other is asymmetric.
Answer: B
277. An application developer is looking for an encryption algorithm which is fast and hard to break if a large
key size is used. Which of the following BEST meets these requirements?
A. Transposition

Testinside
B. Substitution
C. Symmetric
D. Asymmetric
Answer: C
278. Multiple web servers are fed from a load balancer. Which of the following is this an example of?
A. RAID
B. Backup generator
C. Hot site
D. Redundant servers
Answer: D
279. Password crackers:
A. are sometimes able to crack both passwords and physical tokens.
B. cannot exploit weaknesses in encryption algorithms.
C. cannot be run remotely.
D. are sometimes able to crack both Windows and UNIX passwords.
Answer: D
280. A firewall differs from a NIDS in which of the following ways?
A. A firewall attempts to detect patterns and a NIDS operates on a rule list.
B. A firewall operates on a rule list and a NIDS attempts to detect patterns.
C. A firewall prevents inside attacks and a NIDS prevents outside attacks.
D. A firewall prevents outside attacks and a NIDS prevents inside attacks.
Answer: B
281. Personal software firewalls can be updated automatically using:
A. group policy.
B. cookies.
C. cross-site scripting.

Testinside
D. corporate hardware firewalls.
Answer: A
282. Which of the following tools would be BEST for monitoring changes to the approved system baseline?
A. Enterprise resource planning software
B. Enterprise performance monitoring software
C. Enterprise antivirus software
D. Enterprise key management software
Answer: B
283. A periodic security audit of group policy can:
A. show that data is being correctly backed up.
B. show that PII data is being properly protected.
C. show that virus definitions are up to date on all workstations.
D. show that unnecessary services are blocked on workstations.
Answer: D
284. Which of the following is a security risk when using peer-to-peer software?
A. Cookies
B. Multiple streams
C. Data leakage
D. Licensing
Answer: C
285. Which of the following overwrites the return address within a program to execute malicious code?
A. Buffer overflow
B. Rootkit
C. Logic bomb
D. Privilege escalation
Answer: A

Testinside
286. All of the following are inline devices EXCEPT:
A. NIPS.
B. firewalls.
C. HIDS.
D. routers.
Answer: C
287. Which of the following would a technician use to validate whether specific network traffic is indeed an
attack?
A. NIDS
B. Firewall
C. Honeypot
Answer: D
288. Which of the following creates an emulated or virtual environment to detect and monitor malicious
activity?
A. Firewall
B. Honeypot
C. NIDS
D. NAC
Answer: B
289. A technician wants better insight into the websites that employees are visiting. Which of the following
is BEST suited to accomplish this?
A. Proxy server
B. DHCP server
C. DNS server
D. Firewall

Testinside
Answer: A
290. Which of the following reduces effectiveness when deploying and managing NIPS?
A. Encrypting all network traffic
B. Continued tuning
C. Network placement
D. Reviewing the logs
Answer: A
291. All of the following are Bluetooth threats EXCEPT:
A. bluesnarfing.
B. discovery mode.
C. blue jacking.
D. a smurf attack.
Answer: D
292. All of the following provide a host active protection EXCEPT:
A. host-based firewall.
B. antivirus.
C. HIPS.
D. HIDS.
Answer: D
293. Which of the following is MOST likely to open a backdoor on a system?
A. Botnet
B. Trojan
C. Logic bomb
D. Worm
Answer: B

Testinside
294. If a company has a distributed IT staff, each being responsible for separate facilities, which of the
following would be the BEST way to structure a directory information tree?
A. By department
B. By location
C. By role
D. By name
Answer: B
295. A technician wants to be able to add new users to a few key groups by default, which of the following
would allow this?
A. Auto-population
B. Template
C. Default ACL
D. Inheritance
Answer: B
296. All of the following are logical access control methods EXCEPT:
A. biometrics.
B. ACL.
C. software token.
D. group policy.
Answer: A
297. Which of the following is placed in promiscuous mode, in line with the data flow, to allow a NIDS to
monitor the traffic?
A. Console
B. Sensor
C. Filter
D. Appliance
Answer: B

Testinside
298. An instance where an IDS identifies legitimate traffic as malicious activity is called which of the
following?
A. False positive
B. True negative
C. False negative
D. True positive
Answer: A
299. An instance where an IDS identifies malicious activity as being legitimate activity is called which of the
following?
A. False acceptance
B. False positive
C. False negative
D. False rejection
Answer: C
300. An instance where a biometric system identifies unauthorized users and allows them access is called:
A. false rejection.
B. false negative.
C. false acceptance.
D. false positive.
Answer: C
301. When executing a disaster recovery plan the MOST important thing to consider is:
A. financial obligations to stockholders.
B. legal and financial responsibilities.
C. data backups and recovery tapes.
D. safety and welfare of personnel.
Answer: D

Testinside
302. To prevent disk integrity errors due to small line-power fluctuations, a system administrator should
install which of the following?
A. Voltage regulator
B. Line conditioner
C. Battery backup
D. Redundant power supplies
Answer: B
303. Which of the following is the MOST likely reason that an attacker would use a DoS attack?
A. The attacker is attempting to distract the company from the real underlining attack.
B. The attacker wants to prevent authorized users from using a certain service.
C. The attacker is working with outside entities to test the companys coding practices.
D. The attacker is working with inside entities to test the companys firewall.
Answer: B
304. Which of the following is a way to gather reconnaissance information from a printer resource?
A. HTTP
B. SMTP
C. RADIUS
D. SNMP
Answer: D
305. Which of the following will allow a technician to block certain HTTP traffic from company staff
members?
A. VLAN
B. Content filter
C. DMZ
D. NIDS
Answer: B

Testinside
306. Which of the following will prevent a person from booting into removal storage media if the correct boot
sequence is already set?
A. BIOS password settings
B. BIOS power on settings
C. USB key settings
D. BIOS boot options
Answer: A
307. Which of the following is the MOST effective application to implement to identify malicious traffic on a
server?
A. Personal software firewall
B. Enterprise software firewall
C. Antivirus software
D. HIDS software
Answer: D
308. Which of the following is the BEST way to mass deploy security configurations to numerous
workstations?
A. Security hotfix
B. Configuration baseline
C. Patch management
D. Security templates
Answer: D
309. Computer equipment has been stolen from a companys office. To prevent future thefts from occurring
and to safeguard the companys trade secrets which of the following should be implemented?
A. Video surveillance and access logs
B. ID badges and passwords
C. Multifactor authentication

Testinside
D. Hardware locks and door access systems
Answer: D
310. Which of the following is the primary purpose for a physical access log in a data center?
A. Maintain a list of personnel who exit the facility.
B. Allow authorized personnel access to the data center.
C. Prevent unauthorized personnel access to the data center.
D. Maintain a list of personnel who enter the facility.
Answer: D
311. Virtual machines are MOST often used by security researchers for which of the following purposes?
A. To provide a secure virtual environment to conduct online deployments
B. To provide a virtual collaboration environment to discuss security research
C. To provide an environment where new network applications can be tested
D. To provide an environment where malware can be executed with minimal risk to equipment and software
Answer: D
312. Which of the following are reasons to implement virtualization technology? (Select TWO).
A. To reduce recovery time in the event of application failure
B. To decrease false positives on the NIDS
C. To eliminate virtual redundancy
D. To decrease access to security resources
E. To provide a secure virtual environment for testing
Answer: AE
313. In PKI, the CA is responsible for which of the following?
A. Maintaining the CRL
B. Maintaining the cipher block chain
C. Maintaining all private keys
D. Maintaining the browsers PKI store

Testinside
Answer: A
314. Which of the following is used to encrypt email and create digital signatures?
A. LDAP
B. HTTPS
C. S/MIME
D. RSA
Answer: C
315. Which of the following is a vulnerability scanner?
A. John the Ripper
B. Cain & Abel
C. Microsoft Baseline Security Analyzer
D. AirSnort
Answer: C
316. Which of the following is a password cracking tool?
A. Nessus
B. AirSnort
C. John the Ripper
D. Wireshark
Answer: C
317. Which of the following would be used to push out additional security hotfixes?
A. Patch management
B. Configuration baseline
C. Cookies
D. Local security policy
Answer: A

Testinside
318. Which of the following is the BEST security measure to use when implementing access control?
A. Password complexity requirements
B. Time of day restrictions
C. Changing default passwords
D. Disabling SSID broadcast
Answer: A
319. Which of the following is a possible security risk associated with USB devices?
A. Domain kiting
B. Cross-site scripting
C. Input validation
D. Bluesnarfing
Answer: D
320. Which of the following is MOST effective in preventing adware?
A. Firewall
B. HIDS
C. Antivirus
D. Pop-up blocker
Answer: D
321. Which of the following is a digital signature used for?
A. Non-repudiation
B. Authorization
C. Authentication
D. Integrity
Answer: A
322. Encryption is used to provide which of the following?
A. Access

Testinside
B. Confidentiality
C. Availability
D. Authorization
Answer: B
323. Which of the following protocols are used to secure e-commerce transactions? (Select TWO).
A. TLS
B. IPSec
C. SSH
D. SSL
E. RTP
Answer: AD
324. Which of the following encryption methods does SSH use during key exchange when securing a
connection between the host machine and the remote machine?
A. Shared key
B. Asymmetric key
C. Symmetric key
D. Private key
Answer: B
325. Which of the following can be used to create a VPN? (Select TWO).
A. HTTPS
B. S/MIME
C. TLS
D. PPTP
E. IPSec
Answer: DE
326. Which of the following tools performs comprehensive tests against hosts to expose a range of known

Testinside
security threats?
A. Password crackers
B. Packet analyzer
C. Vulnerability scanners
D. Port scanners
Answer: C
327. There is a document on the shared network folder. User1 accesses the document to obtain data for
their own reports. User2 updates the document as data changes. User3 is a high-level executive who
needs to be able to alter the documents security settings and contents. Which of the following privileges
should each user have for the shared network folder, using the policy of least privileges?
A. User1: Read-Only, User2: Read, User3: Full-Control
B. User1: Read-Only, User2: Read and Write, User3: Read and Write
C. User1: Read-Only, User2: Read and Write, User3: Full-Control
D. User1: Read and Write, User2: Read and Write, User3: Full-Control
Answer: C
328. Why is bluesnarfing more of a security concern than blue jacking?
A. Data is completely erased as soon as contact has been established from another device.
B. The target device has its data accessed or stolen from another Bluetooth device.
C. The device will be rendered inoperable.
D. The target device is remotely accessed and unsolicited messages are sent.
Answer: B
329. Which of the following is the MOST effective way to minimize restoration time and conserve storage
space while adhering to industry best practices?
A. Perform full backups weekly and differential backups nightly, with the tapes stored in a secure, off-site
location.
B. Perform full backups weekly and differential backups nightly, with the tapes stored in the server room for
quick access.

Testinside
C. Perform full backups weekly and incremental backups nightly, with the tapes stored in the server room
for quick access.
D. Perform full backups weekly and incremental backups nightly, with the tapes stored in a secure, off-site
location.
Answer: A
330. Which of the following is the MOST secure method to store log files?
A. On the administrators machine
B. On the machine that generated the logs
C. On an removable USB drive
D. On another host with strong access control lists
Answer: D
331. Why are software configuration baselines important to information security?
A. They do not allow SMTP open relays.
B. They encrypt all data.
C. They define what devices can be used on the network.
D. They define how systems should be securely configured.
Answer: D
332. When reviewing IP implementations, which of the following would a network mapper examine?
A. Time-to-live (TTL) values
B. Format string overflows
C. False MAC addresses
D. Unsuccessful zone transfers
Answer: A
333. Which of the following terms describes malicious code that is normally used to gather personal
information of a host computer or to capture browsing habits?
A. Spyware

Testinside
B. Trojan
C. Virus
D. Logic Bomb
Answer: A
334. Which of the following is an unwanted program that infects a host computer and normally reports the
contents of the hard drive or the users browsing habits to a remote source?
A. Spyware
B. Virus
C. Rootkit
D. Adware
Answer: A
335. Which of the following describes the process of using mathematical calculations to change cipher text
into clear text?
A. Encryption
B. Decryption
C. Cryptography
D. Steganography
Answer: B
336. Which of the following uses the same key to encrypt and decrypt?
A. Public key
B. Asymmetrical key
C. Symmetrical key
D. Authentication key
Answer: C
337. Which of the following describes the process of using mathematical calculations to change clear text
into cipher text?

Testinside
A. Encryption
B. Decryption
C. Steganography
D. Cryptography
Answer: A
338. Which of the following protocols authenticates in clear text?
A. HTTPS
B. L2TP
C. FTP
D. IPSec
Answer: C
339. Which of the following is a way of limiting the effective range of a wireless network?
A. Shielding
B. Disabling SSID
C. Port filtering
D. MAC filtering
Answer: A
340. Which of the following is the practice of plotting access points with use of a wireless antenna and a
GPS program?
A. Blue jacking
B. Bluesnarfing
C. War driving
D. Data emanation
Answer: C
341. Which of the following terms BEST describes the process of stealing data from a Bluetooth enabled
phone?

Testinside
A. Data emanation
B. Smurfing
C. Bluesnarfing
D. Blue jacking
Answer: C
342. A library provides automated pay per print copiers and printers. It is discovered that an employee has
been embezzling money from the coin boxes for many years. Which of the following might have helped
the library detect this earlier?
A. Improve employee auditing procedures
B. User education
C. Mandatory vacations
D. Acceptable use policy
Answer: A
343. Data center fire suppression systems are MOST useful for which of the following situations?
A. Limiting fire damage in the data center
B. Preventing fires in the data center
C. Limiting humidity to the electrical systems in the data center
D. Protecting employees in the data center
Answer: A
an internal application, on its own server, to pick and ship orders this is located on Network B. Any
changes made after the order is placed are handled by a customer service representative using the same
internal application. All information is stored in a database, which is also located on Network B.
The company uses these three sets of user rights:
- NONE

Testinside
The company wants to restrict customer access as much as possible without impeding their ability to place
orders. Which of the following permissions is the MOST appropriate for the customers?
A. ADD on Network A, NONE on Network B
B. CHANGE on Network A, NONE on Network B
C. CHANGE on Network A and B
D. CHANGE on Network A, ADD on Network B
Answer: A
an internal application, on its own server, to pick and ship orders, located on network B. Any changes
application. All information is stored in a database, which is also located on network B.
- NONE
The company decides to add a separate database for the accounting department. The accounting staff
also needs access to the internal application and its database. Which of the following options is the MOST
cost-effective and provides the best protection for the accounting database as well as the internal
application?
A. Place the accounting database on Network B and the accounting employees on Network A.

Testinside
B. Place the accounting database and accounting employees on Network B.
C. Place the accounting database and employees on Network A.
D. Create a third network with the same access as Network B for the accounting database and employees.
Answer: B
application running on the external web server which is located on network A. Warehouse employees use
an internal application, on its own server, to pick and ship orders, located on Network B. Any changes
application. All information is stored in a database, which is also located on Network B.
- NONE
The company wants to restrict customer service representative access as much as possible without
impeding their ability to place orders. Which of the following permissions is the MOST appropriate for the
customer service representatives?
A. CHANGE on Network A and B
B. CHANGE on Network B, NONE on Network A
C. CHANGE on Network A, ADD on Network B
D. ADD on Network A, NONE on Network B
Answer: B
347. The MOST reliable method to maintain integrity with digital media is to:
A. calculate and document the MD5 hash of each item.
B. remove all viruses and Trojans.
C. verify that the TPM module has not been altered.

Testinside
D. ensure that all forensic analysis is performed on the original media.
Answer: A
348. Which of the following should a technician do when preparing to clear data from SATA disks?
A. Follow the organizations media disposal policy.
B. Use a drive wiping utility that ensures seven passes of all zeros.
C. Use a drive wiping utility that ensures three passes of all zeros.
D. Check previous security logs on the system log server.
Answer: A
349. To protect the confidentiality of data, the FINAL step in secure disposal of magnetic media is:
A. verification.
B. secure erasure of personal identifiable information (PII).
C. burning, pulverizing or smelting.
D. data categorization.
Answer: A
350. Which of the following monitoring methodologies would identify known viruses?
A. Behavior-based
B. Virus-based
C. Signature-based
D. Anomaly-based
Answer: C
351. A new employee on a business trip was reviewing several key documents while sitting in the lobby of
the airport. On return to the office, the administrator notified the employee that valuable company
information had been compromised. Which of the following concepts of social engineering occurred?
A. Dumpster diving
B. Shoulder surfing
C. Email hoax

Testinside
D. Phishing
Answer: B
352. Which of the following is a password cracking method?
A. Smurf attack
B. Birthday attack
C. Man-in-the-middle attack
D. Hybrid attack
Answer: D
353. Which of the following attacks would user education and awareness training help prevent? (Select
THREE).
A. Social Engineering
B. ARP Poisoning
C. Dumpster Diving
D. Denial of Service (DoS)
E. Phishing
F. DNS Poisoning
Answer: ACE
354. The Nmap utility can be used to complete which of the following tasks? (Select THREE).
A. Crack passwords as they are transmitted from one network location to another.
B. Guess the type of OS in use by devices on a network.
C. Document open ports within a specified network range.
D. Spoof the IP address from which a scan is originating.
E. Determine what type of encryption is being used within a specified network range.
F. Determine what vulnerabilities are present on a specified network device.
Answer: BCD
355. A user has requested access to a protected drive containing sensitive financial data. This user needs

Testinside
access to view files in the accounting folder of this drive. Based on the rule of least privilege, which of the
following rights should the user get and to which locations?
A. Read and list rights to the accounting folder
B. Read rights to the accounting folder
C. Read and list rights to the protected drive
D. Read rights to the protected drive
Answer: B
356. Which of the following ways can a rootkit be removed from an infected system?
A. Boot into safe mode and run software which can identify and clean the infected file(s).
B. Run a scan on the infected system using software which can identify and clean the infected file(s).
C. Delete all temporary files residing on the system and update all antivirus definitions.
D. Boot the system with an USB drive that contains software which can identify and clean the infected
file(s).
Answer: D
357. Which of the following is the main security risk pertaining to mobile devices (e.g. cell phones or
laptops)?
A. Virus transmission to the network
B. Lack of encryption
C. Rogue devices attached to the network
D. Loss or theft of data
Answer: D
358. Which of the following network protocols facilitates hiding internal addresses from the Internet?
A. DMZ
B. NAT
C. NAC
D. ARP
Answer: B

Testinside
359. All of the following show up in a security log EXCEPT:
A. true positive.
B. false negative.
C. known anomalies.
D. false positive.
Answer: B
360. Antivirus software predominantly uses which of the following intrusion detection methodology?
A. Signature-based
B. Identity-based
C. Anomaly-based
D. Behavior-based
Answer: A
361. Which of the following BEST describes the process for preserving the integrity of forensic evidence?
A. Validation
B. Chain of custody
C. Access control lists
D. Authentication
Answer: B
362. Which of the following statements accurately describes the security advantage of VLANs?
A. VLANs provide firewall capabilities between two network segments.
B. Broadcasts within one VLAN do not appear in another VLAN.
C. VLANs isolate traffic on a network.
D. VLANs preserve broadcast storms.
Answer: C
363. Which of the following methodologies is being used if a monitoring tool is able to detect unusual

Testinside
characteristics by comparing current results to previous results?
A. Definition-based
B. Signature-based
C. Performance-based
D. Anomaly-based
Answer: D
364. Which of the following is used to grant users appropriate rights to perform their duties?
A. Remote authentication
C. Least privilege
D. Complex passwords
Answer: C
365. Which of the following security measures will prevent a user from changing the boot order on a
system?
A. Implementing the principle of dual-control
B. Setting a BIOS password
C. Applying all security hotfixes
D. Setting appropriate ACLs on root folders
Answer: B
366. Which of the following antivirus options scans a file as it is opened?
A. Scheduled scan
B. On-access scan
C. Boot scan
D. Entire drive scan
Answer: B
367. Which of the following tools should be used to determine what services may be running on a

Testinside
computer?
A. NIDS
C. HIDS
D. Port scanner
Answer: D
368. Which of the following asymmetric keys is used to encrypt and decrypt a message?
A. Senders public key is used to encrypt. Senders public key is used to decrypt.
B. Recipients private key is used to encrypt. Senders private key is used to decrypt.
C. Senders public key is used to encrypt. Senders private key is used to decrypt.
D. Recipients public key is used to encrypt. Recipients private key is used to decrypt.
Answer: D
369. An organization needs data folders for all departments. No department personnel should have
permissions to view another departments folder. How should permissions be set up?
A. Create a role-based group for all departments. Create a folder for each department. Assign the group
permissions to each folder.
B. Create a role-based group for all departments. Create a folder for each department. Assign the group
permissions to all folders.
C. Create a role-based group for each department. Create a folder for each department. Assign the group
permissions to each groups own folder. Add users to the appropriate group.
D. Create a user for each department. Create a folder for each department. Assign the user permissions to
each folder.
Answer: C
370. A virus scanner that must have its virus definitions updated as new viruses are found is an example of
which of the following types of virus scanners?
A. Keywords-based
B. Anomaly-based

Testinside
C. String-based
D. Signature-based
Answer: D
371. Which of the following items can weaken a strong password?
A. Reusing a password
B. Not using dictionary words
C. Eight character minimum
D. Adding control characters
Answer: A
372. Which of the following tools would a technician use to analyze and observe network conditions, traffic
patterns, and identify bottlenecks?
A. SMTP
B. NIPS
C. Internet content filters
Answer: D
373. Which of the following uses tickets to provide both authentication and encryption services?
A. RAS
B. Biometrics
C. Kerberos
D. SSH
Answer: C
374. An administrator finds that several employees have multiple forms of malware infection on their
computers. The administrator has found all of the infections came from visiting specific websites. Which of
the following is the BEST action to prevent infections from occurring through the same vector?
A. Change the security settings to prevent the execution of unverified software.

Testinside
B. Ensure that the latest software is installed.
C. Protect all computers from outside attacks using NAT.
D. Change the security settings so that cookies are disabled.
Answer: A
375. In order to clean and protect a computer system from malware, the BEST choice to clean and protect a
system would be to:
A. only run one single application that combats all of the software threats.
B. run the operating system within virtualization software without any additional security software.
C. run at least two high quality antivirus programs on the computer.
D. run antivirus software along with anti-spyware software.
Answer: D
376. Which of the following methods uses DNS lookup to block email messages sent from a server known
to have sent spam email?
A. Reverse DNS validation
B. Intelligent message filters
C. Validation of SPF records
D. Real-time black hole lists
Answer: D
377. When reviewing logs for DNS kiting, which of the following would be the MOST important entries to
monitor?
A. Request for DNS lookup of A records
B. Request for DNS lookup of MX records
C. Request for DNS lookup of invalid domains
D. Request for DNS zone transfers
Answer: D
378. Which of the following represents security issues when using WEP encryption?

Testinside
A. WEP is vulnerable to replay attacks.
B. Long WEP keys are hard for users to remember.
C. Connections secured by WEP can easily be disrupted.
D. The WEP key can easily be accessed.
Answer: D
379. Which of the following is a difference between a vulnerability assessment and a penetration test?
A. A penetration test presents a higher risk in regards to disrupting the usage of networks or systems.
B. Vulnerability assessment will often find fewer threats than a penetration test.
C. Vulnerability assessments are commonly performed without any knowledge of the targeted systems.
D. A penetration test is more comprehensive than a vulnerability assessment.
Answer: A
380. To examine a potentially dangerous piece of software, a security administrator runs the application
inside a virtual machine. Which of the following is a benefit of such an action?
A. Networking functionality is disabled in a virtual machine.
B. Specialized software can only be run within a virtualized machine.
C. Malicious software, such as a virus, is incapable of replicating in a virtual machine.
D. The software can be examined with a lower risk of spreading threats.
Answer: D
381. Which of the following is a risk associated with server-side scripting? (Select TWO).
A. The script may be exploited to execute unwanted code.
B. Server-side scripts disable the antivirus software on the local machine.
C. The scripts are incompatible with ActiveX and JavaScript.
D. Permissions are not set correctly for the script.
E. Server-side scripts cannot read cookies on the local machine.
Answer: AD
382. Which of the following is the BEST use of a protocol analyzer?

Testinside
A. To implicitly deny all traffic on a specific subnet.
B. To test signature-based antivirus software programs.
C. To monitor and detect network security related anomalies.
D. To regulate the flow of traffic on a network.
Answer: C
383. Which of the following is an effective method to identify the source of unauthorized zone transfers?
A. Change the default port that the DNS server uses.
B. Enable and evaluate the DNS transaction logs.
C. Enable the DNS authentication for the entire organization.
D. Enable better physical access to the DNS server.
Answer: B
384. Which of the following is a cost-effective solution to test the effects of security policies in a large
organization with multiple computer configurations?
A. Ensuring all antivirus signatures are current
B. Utilizing virtualization technology
C. Utilizing parallel processing
D. Increasing the size of the NAS
Answer: B
385. Which of the following involves the attempt to bypass security features on a network?
A. Penetration testing
B. Vulnerability scanning
C. Performance monitoring
D. Cost benefit analysis
Answer: A
386. Which of the following social engineering techniques requires close physical proximity to a user?
A. Smurf attacks

Testinside
B. Phishing
C. Shoulder surfing
D. Dumpster diving
Answer: C
387. A technician needs to remove a worm from a users machine. Which of the following tools would MOST
likely be used to perform this task?
A. HIDS
B. Anti-spyware
C. Antivirus
D. Anti-spam
Answer: C
388. An administrator wants to block access to the Internet unless a special configuration is entered into the
devices network properties. Which of the following would provide this functionality?
A. NIDS
B. Firewall
C. NIPS
D. Proxy server
Answer: D
389. A user must pass through a set of doors that enclose them in a specific area until properly
authenticated. Which of the following terms BEST describes this scenario?
A. Hardware locks
B. Physical token system
C. Biometric access system
D. Mantrap
Answer: D
390. Which of the following logical access controls helps protect against password attacks?

Testinside
A. Using LAN manager hashes
B. Enabling reverse encryption
C. Requiring public keys
D. Implementing complexity rules
Answer: D
391. The audit team is conducting a review of user accounts. Which of the following logical controls would
the team examine?
A. USB token
B. Digital signatures
C. Account expiration
D. Private key
Answer: C
392. Which of the following BEST explains the importance of information security audit logs?
A. They demonstrate the chain of custody during an attack.
B. They are required by licensed forensic examiners.
C. They can be a record of suspicious activities on the network.
D. They can illustrate due diligence when creating new user accounts.
Answer: C
393. Which of the following pairs demonstrates a two-factor authentication?
A. Token and a smart card
B. Password and a token
C. Retina scan and a fingerprint
D. Smart card and one time pad
Answer: B
394. Which of the following protocols are used for remote access authentication?
A. SFTP

Testinside
B. RDP
C. RADIUS
D. ARP
Answer: C
395. Which of the following is an example of a social engineering attack?
A. Phishing
B. Smurf attack
C. Replay attack
D. ARP poisoning
Answer: A
396. The accounting department has a specialized check printer. Checks are printed by the accounting
staff after receiving a check request from a manager. Which of the following groups needs access to this
printer?
A. Accounting staff only
B. The CFO only
C. Managers only
D. Account staff and managers
Answer: A
397. Which of the following is the MOST effective way to ensure that contractors do not connect to the
system after the end of their contracts?
A. Account expiration
B. Password policy
D. Access Control Lists (ACLs)
Answer: A
398. A company wants to ensure that users only use their accounts between 8AM and 6PM Monday thru

Testinside
Friday. Which of the following access control methods would be MOST effective for this purpose?
A. Account expiration
B. Logical tokens
D. Group policies
Answer: C
399. The IT department has noticed that a user has been accessing their departments network share after
hours. While they have not seen any malicious behavior, this is against the security policy. The BEST way
to prevent this from happening would be to:
A. restrict access to the share so that it is only available during business hours.
B. implement the least privilege policy and deny the users access to the share.
C. create a separate logon for the share that is not based on the domain account.
D. create a new group policy that would lock the workstations at the end of the day.
Answer: A
400. Which of the following is a disadvantage of RADIUS?
A. No encryption
B. No password authentication
C. Weak authentication
D. Limited firewall connectivity
Answer: A
401. Which of the following is true about VPNs?
A. They provide antivirus protection.
B. Encapsulated packets are obfuscated.
C. They do not support symmetric encryption.
D. IP Packets are not encrypted.
Answer: B

Testinside
402. An administrator implements a file integrity monitor on a critical server to reduce the chance of having
a rootkit installed. This is an example of which kind of security application implementation?
A. Host-based
B. IPSec
C. Anti-spam
D. Pop-up blocker
Answer: A
403. A user needs access to a drive to edit documents on a particular shared folder. According to the rule of
least privilege, which rights should the user have?
A. Read to the shared folder
B. Read and write to the shared folder
C. Read and write to the entire drive
D. Read to the entire drive
Answer: B
404. Which of the following is the state of a cold site prior to a disaster?
A. The hardware is powered on.
B. The site is online and being used to process test data.
C. The hardware is powered off.
D. The site has all systems loaded with data from the latest backups.
Answer: C
405. Which of the following can be accomplished by using a HIDS but cannot be accomplished with just a
personal firewall?
A. Port blocking
B. Network connection regulation
C. Notification of attempted telnet sessions
D. Notification of suspicious process usage
Answer: D

Testinside
406. Which of the following is a method to determine if a back door has been created on a computer?
A. A new service has started whenever an application is installed or run.
B. A new port is opened up without any new applications having been installed to use this port.
C. A new port is opened after initiating a new network service.
D. A new service is started whenever attempts are made to connect to a wireless network.
Answer: B
407. Which of the following is the BEST way to read system logs?
A. Sort the logs by size and date.
B. Read all logs as they are entered sequentially to determine a trend.
C. Filter logs using software and focus on only those of importance.
D. Cross-reference the logs with all application logs.
Answer: C
408. Which of the following describes the role of a firewall?
A. Serves as a form of access control
B. Facilitates enumeration
C. Serves as a DMZ
D. Provides intrusion detection
Answer: A
409. Which of the following roles describes an agent who is a trusted entity by all parties involved in the key
exchange process?
A. Registration administrator
B. Certificate Authority (CA)
C. Cryptoanalyst
D. Recovery agent
Answer: B

Testinside
410. Which of the following is the process of determining that the sender of a message is who they say they
are?
A. Enumeration
B. Non-repudiation
C. Authentication
D. Identification
Answer: B
411. Which of the following describes a host-based system that provides access control?
A. Personal software firewalls
B. Antivirus software
C. HIDS
D. Pop-up blockers
Answer: A
412. Which of the following would be used to identify the users who are entering a secured area?
A. Mantrap
B. Physical access logs/lists
C. Biometric system
D. Hardware locks
Answer: C
413. Which of the following is a standard that defines wireless communications?
A. 802.3x
B. CHAP
C. 802.1x
D. PAP
Answer: C
414. Which of the following encryption algorithms provides the LEAST amount of security?

Testinside
A. 3DES
B. WEP
C. DES
D. AES
Answer: C
415. Which of the following sends data packets to various IP ports on a host to determine the responsive
ports?
A. OVAL
B. Network sniffer
D. Network mappers
Answer: D
416. Which of the following is a benefit of HIDS but not of NIDS?
A. HIDS can analyze data faster than a NIDS.
B. HIDS can analyze information that was sent through encrypted channels.
C. HIDS can actively prevent attacks on the host machine.
D. HIDS uses behavioral technology instead of signature-based technology.
Answer: B
417. An administrator wishes to hide the network addresses of an internal network when connecting to the
Internet. The MOST effective way to mask the network address of the users would be by passing the
traffic through a:
A. stateful firewall.
B. packet-filtering firewall.
C. NIPS.
D. NAT.
Answer: D

Testinside
418. Which of the following algorithms may be used for both digital signatures and key exchanges?
A. DES
B. Diffie-Hellman
C. RSA
D. 3DES
Answer: C
419. Which of the following is a potential danger when using a vulnerability scanner?
A. A malicious user may replay packets during the scan to compromise a target.
B. The scan may make attackers on a public network aware of the vulnerabilities.
C. The scan may result in instability on the targeted systems.
D. The scan may cause excess network congestion and interfere with normal network traffic.
Answer: C
420. Which of the following data would be classified as sensitive information in a data classification policy?
(Select THREE).
A. Credit card number
B. Passwords
C. Username
D. Employer
E. Personal identification number
F. Date of birth
Answer: ABE
421. Which of the following is the MOST effective way to suppress a fire at a data center?
A. Use a class A based fire suppression system.
B. Use a class B based fire suppression system.
C. Use a class C based fire suppression system.
D. Use a class D based fire suppression system.
Answer: C

Testinside
422. Which of the following is the minimum acceptable length for RSA to protect e-commerce transactions?
A. 128
B. 512
C. 1024
D. 2048
Answer: C
423. Which of the following is an example of a symmetric algorithm?
A. AES
B. Diffie-Hellman
C. PKI
D. RSA
Answer: A
424. Which of the following is a security threat specific to virtual machines?
A. Latency
B. Escape
C. Viruses
D. Spyware
Answer: B
425. A user has to use a fingerprint scanner and enter a password to logon to their machine. This is an
example of which type of authentication?
A. Two-factor authentication
B. Single sign-on
C. Dual sign-on
D. Three-factor authentication
Answer: A

Testinside
426. How often should security logs be reviewed at a minimum?
A. Daily
B. Bi-weekly
C. Weekly
D. Monthly
Answer: A
427. Which of the following tools are used for password cracking? (Select TWO).
A. John the Ripper
B. Cain
C. Kismet
D. Nmap
E. Nessus
Answer: AB
428. A company runs a site which has a search option available to the general public. The network
administrator is reviewing the site logs one day and notices an IP address filling out a specific form on the
site at a rate of two submissions per second. Which of the following is the BEST option to stop this type of
abuse?
A. Add a CAPTCHA feature.
B. Block the IP address.
C. Disable ActiveX.
D. Slow down the server response times.
Answer: A
429. An administrator has been tasked with the job of assessing network security in an organization. The
administrator is advised that testing or analysis must have minimal impact on the network. Which of the
following should be performed FIRST?
A. Social engineering
B. Vulnerability scanning

Testinside
C. Disaster recovery
D. Buffer overflows
Answer: A
430. Which of the following makes it more difficult to identify internal address schemes?
A. VLAN
B. NAT
C. IPSec
D. DMZ
Answer: B
431. An administrator wants to harden the network against brute force and dictionary attacks. Which of the
following is the BEST solution?
A. Deploy time of day restrictions
B. Deploy password lockout policy
C. Deploy account expiration
D. Deploy access control lists
Answer: B
432. To prove whether or not an email server can be compromised by an external attacker, which of the
following activities should be performed?
A. Port scanner
B. Password cracker
C. Performance monitoring
D. Penetration testing
Answer: D
433. When visiting a secure website, the browser reports an error with the websites certificate. Which of
the following could be the cause of the reported error?
A. It is an S/MIME certificate.

Testinside
B. The sites certificate will be renewing within 30 days.
C. The CA that issued the sites certificate is not trusted by the browser.
D. There was an error when the site installed the certificate.
Answer: C
434. Which of the following is an example of a physical access control?
A. Shoulder surfing
B. Backup generator
C. Public key
D. Smart card
Answer: D
435. The function of the cryptographic recovery agent is to recover:
A. expired certificates.
B. corrupted CRL databases.
C. user-forgotten keys.
D. compromised data from intrusions.
Answer: C
436. Which of the following disadvantages should an administrator keep in mind when implementing VoIP?
A. The cost and operation scales to the size of the user base.
B. Without redundancy, a single switch failure can sever communications.
C. The user base needs to be trained in secure use of the technology.
D. Equipment monitoring and maintaining can be difficult.
Answer: B
437. Which of the following physical security methods provide the BEST method of validating and tracking
authorized user identities? (Select TWO).
A. Hardware door locks
B. Video surveillance

Testinside
C. Sign-in logs
D. Photo ID
E. Door access systems
Answer: BE
438. Which of the following passwords would be the MOST difficult to crack?
A. Passw0rd
B. L0gin1
C. zAq12wsx!
D. ABC123def
Answer: C
439. An administrator suspects there is vulnerability on the network due to unexplained packet loss on one
node. Which of the following can be used to investigate the packet loss?
A. Review the O/S performance logs.
B. Perform a ping-sweep across the network.
C. Strengthen the Internet-facing firewall.
D. Use a protocol analyzer to monitor traffic.
Answer: D
440. A corporation has employed a third-party company to perform black-box penetration on their network.
The corporation will provide:
A. full access to the network, except user-created databases.
B. unrestricted approved access, provided that every action is logged.
C. a test user account, but the company performs the network footprinting.
D. no information regarding their topology or technologies.
Answer: D
441. Which of the following is the BEST location for a proxy server?
A. On all servers

Testinside
B. Between two private networks
C. Between the private and public networks
D. On all network hosts
Answer: C
442. Which of the following verifies users within PKI?
A. CA
B. Recovery agent
C. Trust models
D. CRL
Answer: A
443. Which of the following tools is used to determine the source of a network problem and establish
baselines?
A. Network mapper
B. Port scanner
D. Vulnerability scanner
Answer: C
444. Which of the following mechanisms establishes procedures to secure a network?
A. Security log files
B. Security policy
C. Application logging
D. Configuration baseline
Answer: B
445. A small company has new rules regarding password strength. The technician sets all existing user
passwords to expire to ensure that all users update their passwords. Which of the following BEST
describes how this change was implemented?

Testinside
A. Implementation of account expiration
B. Implementation of a password policy
C. Implementation of implicit deny
D. Implementation of a group policy
Answer: B
446. In order to access a company system, a user is required to provide a thumbprint scan as well as their
passphrase. Which of the following authentication models does this describe?
A. Two-factor authentication
B. Three-factor authentication
C. Single-factor authentication
D. Single sign-on
Answer: A
447. A performance monitoring system that reports deviation from a baseline is BEST described as:
A. a behavior-based system.
B. an anomaly-based system.
C. a signature-based system.
D. a DAC based system.
Answer: B
448. Which of the following should cause the MOST concern when evaluating DNS logs? (Select THREE).
A. A zone transfer made to an unknown external system
B. A denied zone transfer request from one of the secondary DNS servers
C. A denied zone transfer request from an unknown system
D. A zone transfer made to one of the internal secondary DNS servers
E. A DNS request from an internal host for the companys web server address
F. A request from an external host for the companys web server address
Answer: ABC

Testinside
449. Which of the following BEST explains how a proxy server enhances network security?
A. It prevents ping of death attacks.
B. It protects the internal network through the use of ACLs.
C. It logs all suspicious network events to a file.
D. It establishes a single source of outgoing traffic.
Answer: D
450. Which of the following is the FIRST step of penetration testing?
A. Complete a port scan of all ports.
B. Obtain signed consent from the organizations management.
C. Obtain a complete list of all the companys IP addresses.
D. Complete a ping sweep to verify which hosts are active on the network.
Answer: B
451. Which of the following BEST describes the differences between penetration testing and vulnerability
scanning?
A. Penetration testing relies solely on a database of vulnerabilities from trusted sources.
B. Penetration testing improves network security by creating automated reports.
C. Penetration testing is signature based.
D. Penetration testing involves identifying vulnerabilities and testing them further.
Answer: D
452. Which of the following BEST describes the results of vulnerability scanning?
A. A list of devices believed to have certain weaknesses
B. A list of machines running antivirus software
C. A list of rogue devices on the corporate network
D. A list of false positives and false negatives on the network
Answer: A
453. Which of the following BEST describes the security principle addressed through whole disk

Testinside
encryption?
A. Accountability
B. Integrity
C. Confidentiality
D. Availability
Answer: C
454. Which of the following would be a benefit of testing a program of an unknown source on a virtual
machine?
A. Virtual machines render it impossible for the code to escape.
B. Virtual machines allow for faster performance, so the speed of benchmark testing is increased.
C. Virtual machines come equipped with a firewall by default, thus preventing outside contamination.
D. Virtual machines can easily be restored to an earlier point if the code is malicious or causes instability.
Answer: D
455. An administrator has configured server systems to keep detailed performance logs. When reviewing
the performance logs, which of the following would MOST likely indicate a security breach?
A. The performance logs indicate high CPU and disk usage during off peak hours.
B. The performance logs indicate CPU usage of near 100% several times during the working day.
C. A user consistently uses more disk space than other users.
D. Disk usage increases 30% at the same time each work day.
Answer: A
456. An administrator needs to ensure that a particular computer has access to port 80 so it can use the
Internet but also needs to ensure that no other ports can be used. Which of the following would allow this
with the LEAST amount of administrative effort?
A. Disable all ports except port 80 on the computer.
B. Configure the firewall to allow port 80 and block all other ports.
C. Assign a static IP to the computer.
D. Add two entries into the firewall ACL.

Testinside
Answer: D
457. Which of the following terms describes a case where the transmission between two or more nodes is
intercepted during communication?
A. Null session
B. TCP hijacking
C. Web spoofing
D. DOS
Answer: B
458. When a user knows the originator of the key, this is an example of which of the following models?
A. Web of trust
B. Trusted introducer
C. Hierarchical trust
D. Direct trust
Answer: D
459. Which of the following models is an example of a root certificate based trust that validates other
certificates within an organization?
A. Web of trust
B. Hierarchical trust
C. Direct trust
D. Trusted introducer
Answer: B
460. Which of the following trust models is an example of when a certificate becomes trusted by a group of
trusted sources?
A. Web of trust
B. Trusted introducer
C. Direct trust

Testinside
D. Hierarchical trust
Answer: B
461. An administrator wants to deploy a solution that will use a secret key to secure data transmissions.
Which of the following would allow the administrator to do this?
A. Asymmetric encryption
B. Non-repudiation
C. Symmetric encryption
D. Whole disk encryption
Answer: C
462. An administrator wants to ensure a high level of security between two nodes when a transmission is
taking place. Which of the following would provide the HIGHEST level of security?
A. Using a symmetric key
B. Using a public key
C. Using a asymmetric key
D. Using a single private key
Answer: C
463. A company has a problem with users inadvertently posting company information on the Internet. Which
of the following is the BEST method for the company to address it?
A. Educate the users and perform awareness training.
B. Harden the password policies in case of future breaches.
C. Routinely audit all users browse history.
D. Implement HR policies with consequences.
Answer: A
464. An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns.
Which of the following is an example of this threat?
A. An attacker using the phone remotely for spoofing other phone numbers

Testinside
B. Unauthorized intrusions into the phone to access data
C. The Bluetooth enabled phone causing signal interference with the network
D. An attacker using exploits that allow the phone to be disabled
Answer: B
465. When implementing an HVAC system, a company needs to be aware of which of the following security
concerns?
A. The high-voltage tools that technicians may introduce to the environment
B. That any technicians have proper clearance, or are supervised
C. That the technicians need to be electrically grounded at all times
D. That the system has a redundant power supply in place
Answer: B
466. Which of the following is the MOST important reason to verify the integrity of acquired data in a
forensic investigation?
A. To ensure that a virus cannot get copied to the target media
B. To ensure that the MBR gets transferred successfully to the target media
C. To ensure that source data will fit on the specified target media
D. To ensure that the data has not been tampered with
Answer: D
467. An administrator is made aware of a possible malware infection on one of the servers. The company
uses instant messaging software to keep all employees in contact with one another and the employees
receive constant messages from users outside the company. Which of the following is the MOST likely
cause of the problem?
A. Rootkit
B. SPIM
C. Trojan
D. Blue jacking
Answer: B

Testinside
468. An administrator has just performed an audit on their network. The security administrator has not
allowed the results to be shown to the IT departmental staff. Which of the following BEST describes the
reasoning for this?
A. Least privilege
B. Job rotation
C. Separation of duties
D. Implicit deny
Answer: C
469. An administrator in an organization with 33,000 users would like to store six months of Internet proxy
logs on a dedicated logging server for analysis and content reporting. The reports are not time critical, but
are required by upper management for legal obligations. All of the following apply when determining the
requirements for the logging server EXCEPT:
A. log details and level of verbose logging.
B. time stamping and integrity of the logs.
C. performance baseline and audit trails.
D. log storage and backup requirements.
Answer: C

Testinside
Testinside.com was founded in 2006. The safer,easier way to help you pass any IT
Certification exams . We provide high quality IT Certification exams practice
questions and answers(Q&A). Especially Adobe, Apple, Citrix, Comptia, EMC, HP,
Juniper, LPI, Nortel, Oracle, SUN, Vmware and so on. And help you pass any IT
Certification exams at the first try.
You can reach us at any of the email addresses listed below.
English Customer: Sales(at)TestInside.Com

TaiWan&HK Customer: Salestw(at)TestInside.Com
Chinese Customer: Salescn(at)TestInside.com
English Version http://www.testinside.com

Chinese (Traditional) http:// www.testinside.net
Chinese (Simplified) http:// www.testinside.cn

Security++ Test+ +sy0 201v3+31

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Security++ Test+ +sy0 201v3+31

Transféré par

Droits d'auteur :

Formats disponibles

Testinside

Exam : CompTIA SY0-201

Title : CompTIA Security+

Testinside - help you pass any IT exam!

Important Note, Please Read Carefully

Our products of Offline Testing Engine

TestInside Testing Engine

and update 3-4 days before the scheduled exam date.

Here is the procedure to get the latest version:

2. Log in the User Center

version, page number, question number, and your login Account.

Our experts will answer your mail promptly.

for this exam, please contact sales(at)TestInside.com.

TestInside Help You Pass Any IT Exam http://www.TestInside.com

areas? (Select TWO).

C. Key card readers

originating between client workstations. Which of the following could be implemented?

4. Which of the following algorithms have the smallest key space?

TestInside Help You Pass Any IT Exam http://www.TestInside.com

D. Damage and loss control

7. A CRL contains a list of which of the following type of keys?

A. Both public and private keys

TestInside Help You Pass Any IT Exam http://www.TestInside.com

9. Which of the following type of attacks is TCP/IP hijacking?

11. Which of the following are the functions of asymmetric keys?

A. Decrypt, decipher, encode and encrypt

B. Sign, validate, encrypt and verify

C. Decrypt, validate, encode and verify

D. Encrypt, sign, decrypt and verify

A. Install a word processor.

B. Run the latest spyware.

TestInside Help You Pass Any IT Exam http://www.TestInside.com

Which of the following is this contract an example of?

A. Public key infrastructure

A. type of storage media.

B. password complexity rules.

C. physical access controls.

TestInside Help You Pass Any IT Exam http://www.TestInside.com

called which of the following?

19. Classification of information is critical to information security because it:

A. defines what information should have the highest protection.

B. demonstrates that the company is using discretionary access control (DAC).

C. allows a company to share top secret information.

D. is a requirement for service level agreements (SLA).

application. All information is stored in a database, which is also located on Network B.

TestInside Help You Pass Any IT Exam http://www.TestInside.com

- ADD (read existing data, write new data)

- CHANGE (read, write and change existing data)

- READ (read existing data)

The company has 2 different network zones:

- Network A, the DMZ, a public accessible network

- Network B, the internal LAN, accessible from company systems only

MOST appropriate for the warehouse employees?

A. READ on Network B, NONE on Network A

B. ADD on Network A, NONE on Network B

C. CHANGE on Network A, ADD on Network B

D. READ on Network A and B

B. Identification tells who the user is and authentication proves it.

A. IPSec in tunnel mode, using both the ESP and AH protocols

B. IPSec in tunnel mode, using the ESP protocol

C. IPSec in transport mode, using the AH protocol

TestInside Help You Pass Any IT Exam http://www.TestInside.com

23. Performance baselines are used to: