Security+ SY0-401 Missed Questions
A security manager requires fencing around the perimeter, and cipher locks on all entrances. The manager is concerned with what kind of security control?
SAFETY
Which hashing algorithm uses a 160-bit hash value?
SECURE HASHING ALGORITHM (SHA)
The CIO wants to implement two-factor authentication within the company. What would BEST fulfill the CIO's requirements?
USB TOKEN AND PIN
If you wanted to connect two networks securely over the Internet, what type of technology could you use?
VIRTUAL PRIVATE NETWORK
Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company's live modem pool. What activity would be MOST appropriate to accomplish this task?
WAR DIALING
A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?
WARNING BANNER
A network administrator has been tasked with securing the WLAN. Which cryptographic product would be used to provide the MOST secure environment for the WLAN?
WPA2 CCMP
Which of the following technologies simplifies configuration of new wireless networks by providing non-technical users with a capability to easily configure network security settings and add new devices to an existing network?
WPS (WIRELESS PORT SECURITY)
Which type of attack is one in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that user transmit?
EVIL TWIN
A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system. What might describe this cause?
FALSE POSITIVE
Separation of duties policies are designed to reduce the risk of what?
FRAUD
A system administrator is setting up a file transfer server. The goal is to encrypt the user authentication and the files the user is sending using only a user ID and a key pair. Which of the following method would achieve this goal?
SECURE SHELL (SSH)
Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160-bits long. Which hashing method would Matt have to use to obtain this digital fingerprinting?
SHA1
The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has concerns that the device is only able to detect known anomalies. Which of the following types of IDS has been deployed?
SIGNATURE BASED IDS
An email sent from unknown source disguised as a source known to the message receiver is an example of:
SPOOFING
What kind of cryptographic method replaces one character with another from a "match-up list" to produce the cipher text? The decoder wheels kids get in cereal boxes often make this kind of cryptography.
SUBSTITUTION CIPHER
Which authentication method uses a Key Distribution Center (KCD)?
KERBEROS
What TCP port does Telnet use?
23
An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised?
A USER ACCOUNT WITH ADMINISTRATIVE RIGHTS
Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. What would BEST describe this statement?
ACCEPTABLE USE POLICY AND PRIVACY POLICY
The security administrator needs to manage traffic on a layer 3 device to support FTP from a remote site. What would need to be implemented?
ACCESS CONTROL LISTS
Which encryption algorithm is based on Rijndael, and is built upon by CCMP?
ADVANCED ENCRYPTION SYSTEM (AES)
According to the TCP/IP model, HTTP functions at which layer?
APPLICATION
What is NOT a goal of information security?
ARCHIVAL SECURITY
A set of standardized system images with a pre-defined set of applications is used to build end user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the:
ATTACK SURFACE
The area of an application that is available to user (those who are authenticated as well as those who are not) is known as its:
ATTACK SURFACE
What is the type of attack where a program or service is placed on a server to bypass normal security procedures?
BACK DOOR
A firewall has been instructed to disable port 21, 69, 80, and 137-139. The firewall is to allow ports 22 and 443. Which protocols are blocked or allowed?
BLOCKED - FTP, TFTP, HTTP, NETBIOS ALLOWED - SFTP, SSH, SCP, HTTPS
Which method of code breaking tries every possible combination of characters in an attempt to "guess" the password or key?
BRUTE FORCE
What is an example of a penetration testing method?
CALLING THE TARGET'S HELPDESK, REQUESTING A PASSWORD RESET
Which encryption algorithm uses a 40 to 128-bit key and is used on many products from Microsoft and IBM?
CAST
Company XYZ has encountered an increased amount of buffer overflow attacks. The programmer has been tasked to identify the issue and issue and report any findings. Which of the following is the FIRST step of action recommended in this scenario?
CODE REVIEW
A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080?
CREATE A STRATIC PAT FROM PORT 80 ON THE OUTSIDE INTERFACE TO THE INTERNAL INTERFACE ON PORT 8080
Individuals who specialize in the making of codes are known as
CRYPTOGRAPHERS
You are the administrator of the sybex.com website. You are working when suddenly web server and network utilization spikes to 100% and stays there for several minutes and users start report "Server not available" errors. You may have been the victim of what kind of attack?
DENIAL OF SERVICE (DoS)
Which of the following is NOT an asymmetric encryption algorithm?
DIFFIE-HELLMAN
Which access control method model allows the owner of a resource to grant privileges to information they own?
DISCRETIONARY ACCESS CONTROL
Which RAID level provides for no fault tolerance?
RAID 0
Joe, an administrator, installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up the second web server that looks like the first web server. However, the second server contains fabricated files and folders made to look like payments were processed on this server but really were not. What is the second server?
HONEYPOT
In TCP/IP parlance, any computer or device with an IP address on a TCP/IP network is known as a(n):
HOST
The TCP protocol functions at which layer of the TCP/IP model?
HOST-TO-HOST
What is NOT an example of a routing protocol?
ICMP
Which organization is concerned with defining technology and other electrical standards?
IEEE
Which organization is tasked with developing standards for, and tries to improve, the Internet?
IETF (Internet Engineering Task Force)
A company's security administrator wants to mange PKI for internal systems to help reduce costs. What would be the FIRST step the security administrator should take?
INSTALL A CERTIFICATE AUTHORITY (CA)
Pete, the system administrator, wishes to monitor and limit user's access to external websites. Which of the following would BEST address this?
INSTALL A PROXY SERVER
Which of the following answers apply to smurf attack?
IP SPOOFING, DDOS, AND LARGE AMOUNT OF ICMP ECHO REPLIES
A security administrator has deployed all laptops with Self Encrypting Drives (SED) and enforces key encryption. Which of the following represents the greatest threat to maintaining data confidentiality with these devices?
LAPTOPS THAT ARE PLACED IN A SLEEP MODE ALLOW FULL DATA ACCESS WHEN POWERED BACK ON
A business has set up a Customer Service kiosk within a shopping mall. The location will be staffed by an employee using a laptop during the mall business hours, but there are still concerns regarding the physical safety of the equipment while it is not in use. Which of the following controls would BEST address this security concern?
LOCKING CABINETS
Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. What is this an example of?
LOGIC BOMB AND BACKDOOR
Use of a smart card to authenticate remote servers remains MOST susceptible to what kind of attack?
MALICIOUS CODE ON THE LOCAL SYSTEM
Which access control model is a static model that uses predefined access privileges for resources that are assigned by the administrator?
MANDATORY ACCESS CONTROL
What is war chalking?
MARKING UNSECURED WIRELESS NETWORKS
Which US government agency publishes lists of known vulnerabilities in operating systems?
NIST
Which U.S. government agency is responsible for creating and breaking codes?
NSA
A company is concerned that a compromised certificate may result in a man-in-the-middle attacked against backend financial servers. In order to minimize the amount of time a compromised certificate would be accepted by other servers, the company decides to add another validation step to SSL/TLS connections. Which of the following technologies provides the FASTEST revocation capability?
ONLINE CERTIFICATE STATUS PROTOCOL (OCSP)
A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A system administrator wants to disable certain services and remove the local accounting groups installed by default on this virtual machine. The system administrator is adhering to which of the following security best practices?
OPERATING SYSTEM HARDENING
A firewall operating a ______________ firewall will pass or block packets based on their application or TCP port number.
PACKET FILTER
A fraudulent email requesting its recipient to reveal sensitive information (e.g. user name and password) used later by an attacker for the purpose of identity theft is an example of:
PHISHING AND SOCIAL ENGINEERING
Which PKCS standard is the standard for password-based cryptography?
PKCS #5
Joe, a user, wants to protect sensitive information stored on his hard drive. He uses a program that encrypted the whole hard drive. Once the hard drive is fully encrypted, he uses the same program to create a hidden volume within the encrypted hard drive and stores the sensitive information within the hidden volume. This is an example of which of the following?
PLAUSIBLE DENIABILITY AND STEGANOGRAPHY
Which of the following answers apply to Xmas attacks?
PORT SCAN AND DENIAL-OF-SERVICE ATTACK
Sara, the CIO, has requested an audit take place to determine what services and operation systems are running on the corporate network. What should be used to complete this task?
PORT SCAN AND FINGERPRINTING
A security administrator wants to implement a solution which will allow some applications to run under the user's home directory and only have access to files stored within the same user's folder, while other applications have access to shared folders. Which of the following BEST addresses these requirements if the environment is concurrently shared by multiple users?
PROCESS SANDBOXING
After reviewing the firewall logs of her organization's wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. What would be the BEST option to begin addressing the issue?
REDUCE THE POWER LEVEL OF THE AP ON THE NETWORK
What primarily relies on the use of shared secrets to protect communication?
REMOTE ACCESS DIAL-IN USER SERVICE (RADIUS)
What can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen?
REMOTE WIPE AND DEVICE ENCRYPTION
Which document is used to propose a new standard?
RFC (request for comments)
The process of OS hardening involves:
RISK ASSESSMENT, IDENTIFICATION OF CRITICAL SYSTEMS AND COMPONENTS, DISABLING UNNECESSARY SERVICES, PASSWORD PROTECTION, DISABLING UNNACESSARY ACCOUNTS
Which access control method model grants rights or privileges based on their job function or position held?
ROLE-BASED ACCESS CONTROL
To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which type of control is being described in this situation?
TECHNICAL
Which of the following is a example of a false negative?
THE IDS DOES NOT IDENTIFY A BUFFER OVERFLOW
Why would a technician use a password cracker?
TO LOOK FOR WEAK PASSWORDS ON THE NETWORK
You have taken out an insurance policy on your data/systems to share some of the risk with another entity. What type of strategy is this?
TRANSFERENCE
A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability?
INTRUSION DETECTION SYSTEM (IDS)
Configuring the mode, encryption methods, and security associations are part of which encryption method?
IPSEC
A security administrator at a company which implements which implements key escrow and symmetric encryption only, needs to decrypt an employee's file. The employee refuses to provide the decryption key to the file. Which of the following can the administrator do to decrypt the file?
RETRIEVE THE ENCRYPTION KEY
During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. What is most likely installed on the server to cause this issue?
ROOTKIT
In order to run "sniffer" software properly, the NIC in the computer running the software must be set to:
PROMISCUOUS MODE
Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on the social media site)?
TRANSITIVE TRUST
A replay attack occurs when an attacker intercepts user credentials and tries to use this information later for gaining unauthorized access to resources on a network.
TRUE