101 A technician is rebuilding the infrastructure for an organization. The technician has been tasked with making sure that the virtualization technology is implemented securely. Which of the following is a concern when implementing virtualization technology?
C. The technician should verify that the virtual servers and the host have the latest service packs and patches applied.
102 A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request?
C. Time of day restrictions
103 How would a technician implement a security patch in an enterprise environment?
A. Download the patch from the vendors secure website, test the patch and install it on all workstations.
104 Which of the following is considered the weakest encryption?
D. DES
105 Which of the following encryption schemes is the public key infrastructure based on?
B. Asymmetric
106 Which of the following BEST describes the term war driving?
A. Driving from point to point with a laptop and an antenna to find unsecured wireless access points
107 Which of the following statements BEST describes the implicit deny concept?
D. Blocks everything and only allows explicitly granted permissions
108 When is the BEST time to update antivirus definitions?
C. As the definitions become available from the vendor
109 Why would a technician use a password cracker?
C. To look for weak passwords on the network
110 Users on a network report that they are receiving unsolicited emails from an email address that does not change. Which of the following steps should be taken to stop this from occurring?
C. Install an anti-spam filter on the domain mail servers and filter the email address
111 Which of the following is a true statement with regards to a NIDS?
A. A NIDS monitors and analyzes network traffic for possible intrusions
112 A technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which of the following will help determine the amount of CPU cycles that are being consumed?
A. Run performance monitor to evaluate the CPU usage
113 Which of the following are characteristics of a hash function? (Select TWO)
E. One-way
D. Fixed length output
114 Which of the following is the MOST secure alternative for administrative access to a router?
A. SSH
115 Which of the following might an attacker resort to in order to recover discarded company documents?
A. Dumpster diving
116 Which of the following creates a security buffer zone between two rooms?
D. Mantrap
117 Which of the following tools would be used to review network traffic for clear text passwords?
C. Protocol analyzer
118 Kerberos uses which of the following trusted entities to issue tickets?
D. Key Distribution Center
119 Which of the following specifies a set of consistent requirements for a workstation or server?
A. Configuration baseline
120 A company?s website allows customers to search for a product and display the current price and quantity available of each product from the production database. Which of the following would invalidate an SQL injection attack launched from the lookup field at the web server level?
A. Input validation
121 Which of the following virtual machine components monitors and manages the various virtual instances?
C. Hypervisor
122 A smurf attack is an example of which of the following threats?
A. DoS
123 Which of the following is the BEST tool for allowing users to go to approved business-related websites only?
A. Internet content filter
124 Which of the following is a security trait of a virtual machine?
B. Provides a restricted environment for executing code
125 An unauthorized user intercepted a user?s password and used this information to obtain the company?s administrator password. The unauthorized user can use the administrator?s password to access sensitive information pertaining to client data. Which of the following is this an example of?
D. Privilege escalation
126 Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO)
E. Disable the USB root hub within the OS
C. Disable USB within the workstations BIOS
127 An administrator has developed an OS install that will implement the tightest security controls possible. In order to quickly replicate these controls on all systems, which of the following should be established?
D. Create an image from the OS install
128 After registering an email address on a website, a user starts receiving messages from unknown sources. The email account is new, and therefore the user is concerned. This type of message traffic is referred to as:
B. spam
129 A technician is testing the security of a new database application with a website front-end. The technician notices that when certain characters are input into the application it will crash the server. Which of the following does the technician need to do?
B. Input validation
130 An administrator in a small office environment has implemented an IDS on the network perimeter to detect malicious traffic patterns. The administrator still has a concern about traffic inside the network originating between client workstations. Which of the following could be implemented?
A. HIDS
131 A user is redirected to a different website when the user requests the DNS record www.xyz.comptia. com. Which of the following is this an example of?
A. DNS poisoning
132 A company wants to host public servers on a new network. These servers will include a website and mail server. Which of the following should be implemented on the network to isolate these public hosts from the rest of the network?
B. DMZ
133 A user has decided that they do not want an internal LAN segment to use public IP addresses. The user wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the Internet. Which of the following does the user want to implement?
D. NAT
134 An administrator has been studying stateful packet inspection and wants to implement this security technique on the network. Which of the following devices could the administrator use to BEST utilize stateful packet inspection?
D. Firewall
135 Which of the following is the primary purpose of a honeypot?
A. To provide a decoy target on the network
136 An administrator wants to ensure that that no equipment is damaged when there is a fire or false alarm in the server room. Which of the following type of fire suppression systems should be used?
C. Carbon Dioxide
137 Which of the following is a CRL composed of?
D. Expired or revoked certificates
138 Which of the following is the primary purpose of a CA?
B. Issue private/public keys
139 An administrator wants to replace telnet with a more secure protocol to manage a network device. Which of the following should be implemented on the network?
A. SSH
140 A user is attempting to receive digitally signed and encrypted email messages from a remote office. Which of the following protocols does the system need to support?
B. S/MIME
141 An administrator does not want anyone to VPN from inside the network to a remote office or network. Which of the following protocols should be blocked outbound on the network?
D. ISAKMP
142 An administrator is implementing a public website and they want all client connections to the server to be encrypted via their web browser. Which of the following should be implemented?
A. SSL
143 Which of the following is MOST likely provided by asymmetric key cryptography?
B. Confidentiality
144 All of the following are symmetric key algorithms EXCEPT:
C. ECC
145 Which of the following is true about ECC algorithms?
D. It is implemented in portable devices
146 Which of the following is a way to encrypt session keys using SSL?
B. Session keys are encrypted using an asymmetric algorithm
147 Which of the following can reduce the risk associated with password guessing attacks? (Select TWO).
E. Implement account-lockout thresholds
E. Implement stronger password complexity policies
148 Which of the following is a common practice in forensic investigation?
C. Performing a binary copy of the systems storage media
149 Which of the following is done to ensure appropriate personnel have access to systems and networks? (Select TWO).
A. Conduct periodic penetration testing assessments.
B. Conduct periodic personnel employment verifications.
C. Conduct rights review of users and groups.
D. Conduct virus scan.
E. Conduct vulnerability assessments.
B. Conduct periodic personnel employment verifications.
C. Conduct rights review of users and groups.
150 Antivirus software products detect malware by comparing the characteristics of known instances against which of the following type of file sets?
A. Signature
151 Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment?
D. Water
152 Which of the following is the BEST process of removing PII data from a disk drive before reuse?
D. Sanitization
153 When assigning permissions, which of the following concepts should be applied to enable a person to perform their job task?
A. Least privilege
154 While conducting a review of the system logs, a user had attempted to log onto the network over 250 times. Which of the following type of attacks is MOST likely occurring?
A. Brute force
155 Users do not want to enter credentials to each server or application to conduct their normal work. Which of the following type of strategies will resolve this issue?
D. SSO
156 A user was trying to update an open file but when they tried to access the file they were denied. Which of the following would explain why the user could not access the file?
C. Rights are not set correctly
157 Accessing a system or application using permissions from another users account is a form of which of the following?
D. Privilege escalation
158 Which of the following is an important reason for password protecting the BIOS?
A. To keep a user from changing the boot order of the system
159 Which of the following is a software bundle containing multiple security fixes?
D. Service pack
160 A company uses a policy of assigning passwords to users, by default the passwords are based off of the word $ervicexx, where xx is the last two numbers of the users cell phone number. The users are not required to change this password. Which of the following is this an example of?
D. Weak passwords
161 Which of the following is an installable package that includes several patches from the same vendor for various applications?
B. Service pack
162 Which of the following is a best practice to prevent users from being vulnerable to social engineering?
B. Provide thorough and frequent user awareness training
163 The RAS logs on a server show 100 errors in a two minute time period from an attempt to access an account. The error log shows unknown username or password. Which of the following is this an example of?
D. An unauthorized attempt to access the server
164 An administrator notices that former temporary employees? accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?
D. Implement an account expiration date for temporary employees
165 Which of the following is the primary security risk with coaxial cable?
C. Data emanation from the core
166 Which of the following is a collection of patches?
C. A service pack
167 Which of the following would allow an administrator to find weak passwords on the network?
D. A rainbow table
168 Which of the following is the BEST place where the disaster recovery plan should be kept?
B. At multiple offsite locations
169 Which of the following is established immediately upon evidence seizure?
C. Chain of custody
170 Which of the following is a required privilege that an administrator must have in order to restore a public/private key set on a certificate authority (CA)?
D. Recovery agent
171 Which of the following algorithms have the smallest key space?
A. DES
172 Which of the following is the MOST recent addition to cryptography?
D. AES
173 Which of the following requires a common pre-shared key before communication can begin?
A. Symmetric key cryptography
174 Which of the following provides the MOST comprehensive redundancy for an entire site with the least downtime?
A. A hot site
175 Which of the following allows devices attached to the same switch to have separate broadcast domains?
C. VLAN
176 Which of the following allows for notification when a hacking attempt is discovered?
D. NIDS
177 When dealing with a 10BASE5 network, which of the following is the MOST likely security risk?
A. A vampire tap
178 Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem?
C. A vulnerability scanner
179 Which of the following allows for proof that a certain person sent a particular email?
D. Non-repudiation
180 Which of the following uses a key ring?
A. PGP
181 Which of the following allows for the highest level of security at time of login?
B. Two-factor authentication
182 Sending a patch through a testing and approval process is an example of which of the following?
C. Change management
183 Sending continuous TCP requests to a device and ignoring the return information until the device ceases to accept new connections is an example of which of the following?
A. DoS
184 Which of the following would use a group of bots to stop a web server from accepting new requests?
D. DDoS
185 Which of the following is the MOST likely to generate static electricity?
A. Low humidity and high temperature
186 Using an asymmetric key cryptography system, where can a technician generate the key pairs?
B. A certificate authority
187 Which of the following media is the LEAST likely to be successfully tapped into?
C. Fiber optic cable
188 Which of the following allows a person to find public wireless access points?
A. SSID broadcast
189 Which of the following allows a file to have different security permissions for users that have the same roles or user groups?
D. Discretionary Access Control (DAC)
190 A DMZ has a fake network that a hacker is attacking. Which of the following is this an example of?
B. Honeypot
191 A company decides that the purchasing agent and the accounts receivable agent should exchange positions in order to allow for more oversight of past transactions. Which of the following is this an example of?
A. Job rotation
192 A user complains that the color laser printer continuously gives an access denied message while attempting to print a text document. The administrator logs onto the PC and prints successfully. Which of the following should the administrator check FIRST?
B. That the user has sufficient rights to print to the printer
193 Which of the following uses a sandbox to manage a program?s ability to access system resources?
A. Java
194 Which of the following allows a technician to view the security permissions of a file?
C. The access control list
195 A user is denied access to a file. The user had access to the file yesterday. Which of the following is the FIRST action for the technician to take?
C. Verify that the user?s permissions are correct
196 A user is convinced that someone is attempting to use their user account at night. Which of the following should an administrator check FIRST in order to prove or disprove this claim?
D. The local security logs
197 A user reports that a web based application is not working after a browser upgrade. Before the upgrade, a login box would appear on the screen and disappear after login. The login box does not appear after the upgrade. Which of the following BEST describes what to check FIRST?
A. That the pop-up blocker application trusts this site
198 An intrusion has been detected on a company?s network from the Internet. Which of the following should be checked FIRST?
D. The firewall logs
199 A user needs to verify that a patch file downloaded from a third party has not been modified since the time that the original manufacturer released the patch. Which of the following is the BEST way to verify that the file has not been modified?
A. Compare the final MD5 hash with the original
200 A technician suspects that one of the network cards on the internal LAN is causing a broadcast storm. Which of the following would BEST diagnose which NIC is causing this problem?