multi test b

101 A technician is rebuilding the infrastructure for an organization. The technician has been tasked with making sure that the virtualization technology is implemented securely. Which of the following is a concern when implementing virtualization technology?

A. The technician should verify that the virtual servers are dual homed so that traffic is securely separated.
B. The technician should subnet the network so each virtual server is on a different network segment.
C. The technician should verify that the virtual servers and the host have the latest service packs and patches applied.
D. The technician should perform penetration testing on all the virtual servers to monitor performance.

102 A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request?


A. Access control lists
B. Deploy smart cards
C. Time of day restrictions
D. Enforce Kerberos

103 How would a technician implement a security patch in an enterprise environment?

A. Download the patch from the vendors secure website, test the patch and install it on all workstations.
B. Download the patch from the Internet, test the patch and install it on all of the production servers.
C. Download the patch from the vendors secure website and install it as needed.
D. Download the patch from the vendors secure website and install it on the most vulnerable workstation.

104 Which of the following is considered the weakest encryption?

A. AES
B. SHA
C. RSA
D. DES

105 Which of the following encryption schemes is the public key infrastructure based on?

A. Elliptical curve
B. Asymmetric
C. Quantum
D. Symmetric

106 Which of the following BEST describes the term war driving?

A. Driving from point to point with a laptop and an antenna to find unsecured wireless access points
B. Driving from point to point with a wireless network card and hacking into unsecured wireless access points
C. Driving from point to point with a wireless scanner to use unsecured access points
D. Driving from point to point with a wireless scanner to read other users emails through the access point

107 Which of the following statements BEST describes the implicit deny concept?

A. Blocks everything and allows the maximum level of permissions
B. Blocks everything and only allows the minimal required privileges
C. Blocks everything and only allows privileges based on job description
D. Blocks everything and only allows explicitly granted permissions

108 When is the BEST time to update antivirus definitions?

A. When a new virus is discovered on the system
B. At least once a week as part of system maintenance
C. As the definitions become available from the vendor
D. When an attack occurs on the network

109 Why would a technician use a password cracker?

A. To change users passwords if they have forgotten them
B. To enforce password complexity requirements
C. To look for weak passwords on the network
D. To change a user?s passwords when they leave the company

110 Users on a network report that they are receiving unsolicited emails from an email address that does not change. Which of the following steps should be taken to stop this from occurring?

A. Install an ACL on the firewall to block traffic from the sender and filter the IP address
B. Configure a rule in each user?s router and restart the router
C. Install an anti-spam filter on the domain mail servers and filter the email address
D. Configure rules on the users host and restart the host

111 Which of the following is a true statement with regards to a NIDS?

A. A NIDS monitors and analyzes network traffic for possible intrusions
B. A NIDS is installed on the proxy server
C. A NIDS is normally installed on the email server
D. A NIDS prevents certain types of traffic from entering a network

112 A technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which of the following will help determine the amount of CPU cycles that are being consumed?

A. Run performance monitor to evaluate the CPU usage
B. Install malware scanning software
C. Use a protocol analyzer to find the cause of the traffic
D. Install HIDS to determine the CPU usage

113 Which of the following are characteristics of a hash function? (Select TWO)

A. Encrypts a connection
B. Fixed length output
C. Ensures data can be easily decrypted
D. Requires a key
E. One-way

114 Which of the following is the MOST secure alternative for administrative access to a router?

A. SSH
B. HTTP
C. rlogin
D. Telnet

115 Which of the following might an attacker resort to in order to recover discarded company documents?

A. Dumpster diving
B. Shoulder surfing
C. Phishing
D. Insider theft

116 Which of the following creates a security buffer zone between two rooms?

A. Anti-pass back
B. DMZ
C. Turnstile
D. Mantrap

117 Which of the following tools would be used to review network traffic for clear text passwords?

A. Password cracker
B. Firewall
C. Protocol analyzer
D. Port scanner

118 Kerberos uses which of the following trusted entities to issue tickets?

A. Certificate Authority
B. Internet Key Exchange
C. Ticket Granting System
D. Key Distribution Center

119 Which of the following specifies a set of consistent requirements for a workstation or server?

A. Configuration baseline
B. Vulnerability assessment
C. Imaging software
D. Patch management

120 A company?s website allows customers to search for a product and display the current price and quantity available of each product from the production database. Which of the following would invalidate an SQL injection attack launched from the lookup field at the web server level?

A. Input validation
B. Security template
C. Buffer overflow protection
D. NIPS

121 Which of the following virtual machine components monitors and manages the various virtual instances?

A. VMOS
B. VCPU
C. Hypervisor
D. Virtual supervisor

122 A smurf attack is an example of which of the following threats?

A. DoS
B. Man-in-the-middle
C. ARP Poisoning
D. TCP/IP Hijacking

123 Which of the following is the BEST tool for allowing users to go to approved business-related websites only?

A. Internet content filter
B. ACL
C. Caching server
D. Firewall

124 Which of the following is a security trait of a virtual machine?

A. Provides a read-only area for executing code
B. Provides a restricted environment for executing code
C. Provides additional resources for testing
D. Provides real-time access to all system processes

125 An unauthorized user intercepted a user?s password and used this information to obtain the company?s administrator password. The unauthorized user can use the administrator?s password to access sensitive information pertaining to client data. Which of the following is this an example of?

A. Session hijacking
B. Least privilege
C. Network address translation
D. Privilege escalation

126 Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO)

A. Install anti-virus software on the USB drives
B. Run spyware detection against all workstations
C. Apply the concept of least privilege to USB devices
D. Disable USB within the workstations BIOS
E. Disable the USB root hub within the OS

127 An administrator has developed an OS install that will implement the tightest security controls possible. In order to quickly replicate these controls on all systems, which of the following should be established?

A. Create a boot disk for the operating system
B. Implement OS hardening procedures
C. Take screen shots of the configuration options
D. Create an image from the OS install

128 After registering an email address on a website, a user starts receiving messages from unknown sources. The email account is new, and therefore the user is concerned. This type of message traffic is referred to as:

A. instant message traffic
B. spam
C. S/MIME
D. SPIM

129 A technician is testing the security of a new database application with a website front-end. The technician notices that when certain characters are input into the application it will crash the server. Which of the following does the technician need to do?

A. Implement an ACL
B. Input validation
C. Lock-down the database
D. Utilize SSL on the website

130 An administrator in a small office environment has implemented an IDS on the network perimeter to detect malicious traffic patterns. The administrator still has a concern about traffic inside the network originating between client workstations. Which of the following could be implemented?

A. HIDS
B. A VLAN
C. An access list
D. A network router

131 A user is redirected to a different website when the user requests the DNS record www.xyz.comptia. com. Which of the following is this an example of?

A. DNS poisoning
B. Smurf attack
C. DNS caching
D. DoS

132 A company wants to host public servers on a new network. These servers will include a website and mail server. Which of the following should be implemented on the network to isolate these public hosts from the rest of the network?

A. IPv6
B. DMZ
C. IPSec
D. VLAN

133 A user has decided that they do not want an internal LAN segment to use public IP addresses. The user wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the Internet. Which of the following does the user want to implement?

A. IPSec
B. SFTP
C. SSH
D. NAT

134 An administrator has been studying stateful packet inspection and wants to implement this security technique on the network. Which of the following devices could the administrator use to BEST utilize stateful packet inspection?

A. IDS
B. Hub
C. Switch
D. Firewall

135 Which of the following is the primary purpose of a honeypot?

A. To provide a decoy target on the network
B. Translate addresses at the perimeter
C. Work as a network proxy
D. Provide cryptography for the network

136 An administrator wants to ensure that that no equipment is damaged when there is a fire or false alarm in the server room. Which of the following type of fire suppression systems should be used?

A. Hydrogen Peroxide
B. Deluge sprinkler
C. Carbon Dioxide
D. Wet pipe sprinkler

137 Which of the following is a CRL composed of?

A. Certificate authorities
B. Expired user accounts
C. Public Key Infrastructure (PKI)
D. Expired or revoked certificates

138 Which of the following is the primary purpose of a CA?

A. Kerberos authentication
B. Issue private/public keys
C. Encrypt data
D. LANMAN validation

139 An administrator wants to replace telnet with a more secure protocol to manage a network device. Which of the following should be implemented on the network?

A. SSH
B. SFTP
C. SNMP
D. SMTP

140 A user is attempting to receive digitally signed and encrypted email messages from a remote office. Which of the following protocols does the system need to support?

A. IPSec
B. S/MIME
C. SMTP
D. ISAKMP

141 An administrator does not want anyone to VPN from inside the network to a remote office or network. Which of the following protocols should be blocked outbound on the network?

A. OVAL
B. TPM
C. SNMP
D. ISAKMP

142 An administrator is implementing a public website and they want all client connections to the server to be encrypted via their web browser. Which of the following should be implemented?

A. SSL
B. 3DES
C. Blowfish
D. SHA-1

143 Which of the following is MOST likely provided by asymmetric key cryptography?

A. Performance
B. Confidentiality
C. A pre-shared key
D. Kiting

144 All of the following are symmetric key algorithms EXCEPT:

A. RC4
B. 3DES
C. ECC
D. Rijndael

145 Which of the following is true about ECC algorithms?

A. It is CPU intensive
B. It is the algorithm used in PGP
C. It is a private key algorithm
D. It is implemented in portable devices

146 Which of the following is a way to encrypt session keys using SSL?

A. Session keys are sent in clear text because they are private keys
B. Session keys are encrypted using an asymmetric algorithm
C. Session keys are encrypted using a symmetric algorithm
D. Session keys are sent unencrypted

147 Which of the following can reduce the risk associated with password guessing attacks? (Select TWO).

A. Implement shadow passwords
B. Implement single sign-on
C. Implement stronger password complexity policies
D. Implement shared passwords
E. Implement account-lockout thresholds

148 Which of the following is a common practice in forensic investigation?

A. Performing a file level copy of the systems storage media
B. Performing a Gutman sanitization of the drive
C. Performing a binary copy of the systems storage media
D. Performing a sanitization of the drive

149 Which of the following is done to ensure appropriate personnel have access to systems and networks? (Select TWO).

A. Conduct periodic penetration testing assessments.
B. Conduct periodic personnel employment verifications.
C. Conduct rights review of users and groups.
D. Conduct virus scan.
E. Conduct vulnerability assessments.

150 Antivirus software products detect malware by comparing the characteristics of known instances against which of the following type of file sets?

A. Signature
B. NIDS signature
C. Text
D. Dynamic Library

151 Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment?

A. Foam
B. Carbon Dioxide
C. Halon
D. Water

152 Which of the following is the BEST process of removing PII data from a disk drive before reuse?

A. Degaussing
B. Reformatting
C. Destruction
D. Sanitization

153 When assigning permissions, which of the following concepts should be applied to enable a person to perform their job task?

A. Least privilege
B. Role based
C. Discretionary access control (DAC)
D. Rule based

154 While conducting a review of the system logs, a user had attempted to log onto the network over 250 times. Which of the following type of attacks is MOST likely occurring?

A. Brute force
B. Spamming
C. Phishing
D. DNS spoofing

155 Users do not want to enter credentials to each server or application to conduct their normal work. Which of the following type of strategies will resolve this issue?

A. Biometrics
B. Smart card
C. Two-factor authentication
D. SSO

156 A user was trying to update an open file but when they tried to access the file they were denied. Which of the following would explain why the user could not access the file?

A. Write only access
B. Audit only access
C. Rights are not set correctly
D. Execute only access

157 Accessing a system or application using permissions from another users account is a form of which of the following?

A. ARP spoofing
B. Domain kiting
C. Phishing
D. Privilege escalation

158 Which of the following is an important reason for password protecting the BIOS?

A. To keep a user from changing the boot order of the system
B. To maintain password complexity requirements
C. To prevent system start-up without knowing the password
D. To keep a virus from overwriting the BIOS

159 Which of the following is a software bundle containing multiple security fixes?

A. A patch
B. A hotfix
C. Patch management
D. Service pack

160 A company uses a policy of assigning passwords to users, by default the passwords are based off of the word $ervicexx, where xx is the last two numbers of the users cell phone number. The users are not required to change this password. Which of the following is this an example of?

A. Known plain text
B. Default accounts
C. Back door
D. Weak passwords

161 Which of the following is an installable package that includes several patches from the same vendor for various applications?

A. Patch template
B. Service pack
C. Patch rollup
D. Hotfix

162 Which of the following is a best practice to prevent users from being vulnerable to social engineering?

A. Have a solid acceptable use policy in place with a click through banner
B. Provide thorough and frequent user awareness training
C. Have user sign both the acceptable use policy and security based HR policy
D. Provide a service level agreement that addresses social engineering issues

163 The RAS logs on a server show 100 errors in a two minute time period from an attempt to access an account. The error log shows unknown username or password. Which of the following is this an example of?

A. One of the users forgot their password and kept trying to login
B. The local firewall is blocking GRE packets
C. The end users ISP is having issues with packet loss
D. An unauthorized attempt to access the server

164 An administrator notices that former temporary employees? accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?

A. Run a last logon script to look for inactive accounts
B. Implement time of day restrictions for all temporary employees
C. Implement a password expiration policy
D. Implement an account expiration date for temporary employees

165 Which of the following is the primary security risk with coaxial cable?

A. Diffusion of the core light source
B. Crosstalk between the wire pairs
C. Data emanation from the core
D. Refraction of the signal

166 Which of the following is a collection of patches?

A. A security baseline
B. A security hotfix
C. A service pack
D. A security template

167 Which of the following would allow an administrator to find weak passwords on the network?

A. A network mapper
B. A hash function
C. A password generator
D. A rainbow table

168 Which of the following is the BEST place where the disaster recovery plan should be kept?

A. Printed out and kept in the desk of the CIO
B. At multiple offsite locations
C. Multiple copies printed out and kept in the server room
D. On the network file server

169 Which of the following is established immediately upon evidence seizure?

A. Start the incident respond plan
B. Damage and loss control
C. Chain of custody
D. Forensic analysis

170 Which of the following is a required privilege that an administrator must have in order to restore a public/private key set on a certificate authority (CA)?

A. Group administrator
B. Domain administrator
C. Registration authority
D. Recovery agent

171 Which of the following algorithms have the smallest key space?

A. DES
B. SHA-1
C. AES
D. IDEA

172 Which of the following is the MOST recent addition to cryptography?

A. 3DES
B. DES
C. PGP
D. AES

173 Which of the following requires a common pre-shared key before communication can begin?

A. Symmetric key cryptography
B. Asymmetric key cryptography
C. Secure hashing algorithm
D. Public key infrastructure

174 Which of the following provides the MOST comprehensive redundancy for an entire site with the least downtime?

A. A hot site
B. A warm site
C. A cold site
D. A mobile site

175 Which of the following allows devices attached to the same switch to have separate broadcast domains?

A. NAC
B. DMZ
C. VLAN
D. NAT

176 Which of the following allows for notification when a hacking attempt is discovered?

A. NAT
B. Protocol analyzer
C. Netflow
D. NIDS

177 When dealing with a 10BASE5 network, which of the following is the MOST likely security risk?

A. A vampire tap
B. SSID broadcasting
C. A repeater
D. An incorrect VLAN

178 Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem?

A. Security baselines
B. A port scanner
C. A vulnerability scanner
D. Group policy

179 Which of the following allows for proof that a certain person sent a particular email?

A. Integrity
B. Trusted Platform Module
C. Steganography
D. Non-repudiation

180 Which of the following uses a key ring?

A. PGP
B. RSA
C. DES
D. AES

181 Which of the following allows for the highest level of security at time of login?

A. NTLMv2
B. Two-factor authentication
C. One-factor authentication
D. Single sign-on

182 Sending a patch through a testing and approval process is an example of which of the following?

A. Disaster planning
B. User education and awareness training
C. Change management
D. Acceptable use policies

183 Sending continuous TCP requests to a device and ignoring the return information until the device ceases to accept new connections is an example of which of the following?

A. DoS
B. TCP/IP hijacking
C. Kiting
D. DNS poisoning

184 Which of the following would use a group of bots to stop a web server from accepting new requests?

A. MAC
B. ARP
C. DoS
D. DDoS

185 Which of the following is the MOST likely to generate static electricity?

A. Low humidity and high temperature
B. High humidity and low temperature
C. High humidity and high temperature
D. Low humidity and low temperature

186 Using an asymmetric key cryptography system, where can a technician generate the key pairs?

A. A key escrow service
B. A certificate authority
C. A recovery agent
D. IETF

187 Which of the following media is the LEAST likely to be successfully tapped into?

A. Unshielded twisted pair cable
B. Shielded twisted pair cable
C. Fiber optic cable
D. Coaxial cable

188 Which of the following allows a person to find public wireless access points?

A. SSID broadcast
B. 8021x
C. Weak encryption
D. Data emanation

189 Which of the following allows a file to have different security permissions for users that have the same roles or user groups?

A. Mandatory Access Control (MAC)
B. Rule-Based Access Control (RBAC)
C. Role-Based Access Control (RBAC)
D. Discretionary Access Control (DAC)

190 A DMZ has a fake network that a hacker is attacking. Which of the following is this an example of?

A. Proxy server
B. Honeypot
C. Firewall
D. Man-in-the-middle

191 A company decides that the purchasing agent and the accounts receivable agent should exchange positions in order to allow for more oversight of past transactions. Which of the following is this an example of?

A. Job rotation
B. Implicit deny
C. Separation of duties
D. Least privilege

192 A user complains that the color laser printer continuously gives an access denied message while attempting to print a text document. The administrator logs onto the PC and prints successfully. Which of the following should the administrator check FIRST?

A. That the toner should be changed in the printer
B. That the user has sufficient rights to print to the printer
C. That the user is attempting to print to the correct printer tray
D. That the printer has the correct size of paper in each of the trays

193 Which of the following uses a sandbox to manage a program?s ability to access system resources?

A. Java
B. Cold Fusion
C. ActiveX
D. JavaScript

194 Which of the following allows a technician to view the security permissions of a file?

A. The data emanation
B. The local security template
C. The access control list
D. The security baseline

195 A user is denied access to a file. The user had access to the file yesterday. Which of the following is the FIRST action for the technician to take?

A. Grant access to the file
B. Deny the users request and forward to the human resources department
C. Verify that the user?s permissions are correct
D. Reboot the system

196 A user is convinced that someone is attempting to use their user account at night. Which of the following should an administrator check FIRST in order to prove or disprove this claim?

A. The firewall logs
B. The security application logs
C. The IDS logs
D. The local security logs

197 A user reports that a web based application is not working after a browser upgrade. Before the upgrade, a login box would appear on the screen and disappear after login. The login box does not appear after the upgrade. Which of the following BEST describes what to check FIRST?

A. That the pop-up blocker application trusts this site
B. That the software based firewall application trusts this site
C. That the antivirus application trusts this site
D. That the anti-spam application trusts this site

198 An intrusion has been detected on a company?s network from the Internet. Which of the following should be checked FIRST?

A. The performance logs
B. The DNS logs
C. The access logs
D. The firewall logs

199 A user needs to verify that a patch file downloaded from a third party has not been modified since the time that the original manufacturer released the patch. Which of the following is the BEST way to verify that the file has not been modified?

A. Compare the final MD5 hash with the original
B. Compare the final LANMAN hash with the original
C. Download the patch file over an AES encrypted VPN connection
D. Download the patch file through a SSL connection

200 A technician suspects that one of the network cards on the internal LAN is causing a broadcast storm. Which of the following would BEST diagnose which NIC is causing this problem?

A. The NIDS log file
B. A protocol analyzer
C. The local security log file
D. The local firewall log file