Top Banner
Comptia SY0-401 Exam Questions & Answers Number : SY0-401 Passing Score : 800 Time Limit : 120 min File Version : 41.5 http://www.gratisexam.com/ Comptia SY0-401 Exam Questions & Answers Exam Name: CompTIA Security+ Certification Exam
105

Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Mar 11, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Comptia SY0-401 Exam Questions & Answers

Number: SY0-401Passing Score: 800Time Limit: 120 minFile Version: 41.5

http://www.gratisexam.com/

Comptia SY0-401 Exam Questions & Answers

Exam Name: CompTIA Security+ Certification Exam

Page 2: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Exam A

QUESTION 1Which of the following cryptography types provides the same level of security but uses smaller key sizes andless computational resources than logarithms which are calculated against a finite field?

A. Elliptical curveB. Diffie-HellmanC. QuantumD. El Gamal

Correct Answer: ASection: (none)Explanation

Explanation/Reference:FINAL EDIT

QUESTION 2Which of the following BEST describes the purpose of fuzzing?

A. To decrypt network sessionsB. To gain unauthorized access to a facilityC. To hide system or session activityD. To discover buffer overflow vulnerabilities

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 3A security administrator is reviewing remote access and website logs. The administrator notices that usershave been logging in at odd hours from multiple continents on the same day. The security administratorsuspects the company is the victim of which of the following types of attack?

A. TCP/IP hijackingB. SpoofingC. ReplayD. Domain name kiting

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 4Which of the following is the BEST choice of cryptographic algorithms or systems for providing whole diskencryption?

A. One time pad

Page 3: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

B. PGPC. MD5D. TKIP

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 5Which of the following allows a malicious insider to covertly remove information from an organization?

A. NAT traversalB. SteganographyC. Non-repudiationD. Protocol analyzer

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 6The server log shows 25 SSH login sessions per hour. However, it is a large company and the administratordoes not know if this is normal behavior or if the network is under attack. Where should the administrator lookto determine if this is normal behavior?

A. Change managementB. Code reviewC. Baseline reportingD. Security policy

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 7Which of the following is the BEST approach to perform risk mitigation of user access control rights?

A. Conduct surveys and rank the results.B. Perform routine user permission reviews.C. Implement periodic vulnerability scanning.D. Disable user accounts that have not been used within the last two weeks.

Correct Answer: BSection: (none)Explanation

Page 4: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation/Reference:

QUESTION 8Adding a second firewall to the perimeter of a network would provide:

http://www.gratisexam.com/

A. user VLANs.B. failover capability.C. additional bandwidth.D. management of VLANs.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 9A security device prevents certain users from accessing the network remotely with specific applications, butallows VPN connections without any issues. Which of the following access control models is being used?

A. MandatoryB. Rule-basedC. DiscretionaryD. Role-based

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 10Which of the following IDS/IPS systems is used to protect individual servers?

A. NIPSB. NACC. GRED. HIPS

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

Page 5: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 11A security administrator working for a health insurance company needs to protect customer data by installing anHVAC system and a mantrap in the datacenter. Which of the following are being addressed? (Select TWO).

A. IntegrityB. RecoveryC. ClusteringD. ConfidentialityE. Availability

Correct Answer: AESection: (none)Explanation

Explanation/Reference:

QUESTION 12Which of the following camera types would allow a security guard to track movement from one spot throughouta data center?

A. CCTV systemB. PTZ cameraC. Analog cameraD. Digital camera

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 13A new file share has been created to store confidential exit interviews. Which of the following employees shouldhave access to the file share?

A. Human Resources ManagerB. Chief Financial OfficerC. Human Resources RecruiterD. System Administrator

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 14A security administrator reviews the NIDS logs and notices fourteen unsuccessful logins with a subsequentsuccessful login to a DMZ switch from a foreign IP address. Which of the following could have led to thisnetwork device being accessed?

Page 6: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. Default accountB. Privilege escalationC. Denial of serviceD. Strong password

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 15A company runs a site, which has a search option available to the general public. The administrator is reviewingthe site logs and notices an external IP address searching on the site at a rate of two hits per second. This is anindication of which of the following?

A. Man-in-the-middle attackB. Data miningC. Cross-site scripting attackD. Denial of Service (DoS)

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 16Which of the following allows an attacker to identify vulnerabilities within a closed source software application?

A. FuzzingB. CompilingC. Code reviewsD. Vulnerability scanning

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 17Using a combination of a fingerprint reader and retina scanner is considered how many factors ofauthentication?

A. OneB. TwoC. ThreeD. Four

Correct Answer: ASection: (none)

Page 7: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation

Explanation/Reference:

QUESTION 18Instead of giving a security administrator full administrative rights on the network, the administrator is givenrights only to review logs and update security related network devices. Additional rights are handed out tonetwork administrators for the areas that fall within their job description. Which of the following describes thisform of access control?

A. Mandatory vacationB. Least privilegeC. DiscretionaryD. Job rotation

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 19Which of the following authentication services can be used to provide router commands to enforce policies?

A. RADIUSB. KerberosC. LDAPD. TACACS+

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 20A security administrator is implementing a solution that can integrate with an existing server and provideencryption capabilities. Which of the following would meet this requirement?

A. Mobile device encryptionB. Full disk encryptionC. TPMD. HSM

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 21When using USB devices to transfer data from one workstation to another, which of the following should be

Page 8: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

performed?

A. Scan with antivirus software.B. Disable USB ports on the workstation.C. Format the device.D. Use a new USB device to ensure security.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 22Which of the following ensures that an authorized employees access rights are based on a need to know?

A. Least privilegeB. Job rotationC. Implicit denyD. Separation of duties

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 23Which of the following is a technical control?

A. System security categorization requirementB. Baseline configuration developmentC. Contingency planningD. Least privilege implementation

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 24Which of the following malware types is MOST commonly installed through the use of thumb drives tocompromise systems and provide unauthorized access?

A. TrojansB. BotnetsC. AdwareD. Logic bomb

Correct Answer: ASection: (none)

Page 9: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation

Explanation/Reference:

QUESTION 25Which of the following BEST describes an attack involving the interception and later retransmission of the samenetwork traffic?

A. Man-in-the-middleB. Domain name kitingC. SpoofingD. Replay

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 26The network administrator is concerned about password security. Which of the following protocols should beused to remotely administer a router?

A. TelnetB. rloginC. PGPD. SSH

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 27A critical system in the datacenter is not connected to a UPS. The security administrator has coordinated anauthorized service interruption to resolve this issue. This is an example of which of the following?

A. Fault toleranceB. Continuity of operationsC. Succession planningD. Data handling error

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 28Which of the following is the BEST reason to choose a vulnerability assessment over a penetration test?

Page 10: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. The cost of OVAL vulnerability assessment toolsB. The ability to banner grab from within the vulnerability assessment toolC. The high level of training available to staff regarding vulnerability assessmentsD. The low level of skill required to execute the vulnerability assessment

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

http://www.gratisexam.com/

QUESTION 29Which of the following protocols would allow an attacker to gather the MOST information about an unsecurednetwork printer's configuration?

A. ICMPB. SNMPC. RBACD. RTMP

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 30A professor at a university is given two keys. One key unlocks a classroom door and the other locks it. The keyused to lock the door is available to all other faculty. The key used to unlock the door is only given to theprofessor. Which of the following cryptography concepts is illustrated in the example above?

A. Key escrow exchangeB. Asymmetric key sharingC. Exchange of digital signaturesD. Symmetric key sharing

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 31In an effort to increase security, the security administrator revokes each user's certificate after one year. Whichof the following would keep an attacker from using the certificate?

Page 11: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. RAB. CRLC. PKID. CA

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 32WEP is seen as an unsecure protocol based on its improper use of which of the following?

A. RC6B. RC4C. 3DESD. AES

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 33Which of the following solutions would a security administrator MOST likely perform if they were trying toaccess several websites from a single workstation that were potentially dangerous (e.g.contain malware)?

A. Update and enable the anti-spam software.B. Update input validation schemes.C. Setup a virtual machine on that workstation.D. Secure rogue access points.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 34A security engineer is troubleshooting a server in the DMZ, which cannot be reached from the Internet or theinternal network. All other servers on the DMZ are able to communicate with this server. Which of the followingis the MOST likely cause?

A. The server is configured to reject ICMP packets.B. The server is on the external zone and it is configured for DNS only.C. The server is missing the default gateway.D. The server is on the internal zone and it is configured for DHCP only.

Correct Answer: CSection: (none)

Page 12: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation

Explanation/Reference:

Page 13: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Exam B

QUESTION 1Which of the following is true about hardware encryption? (Select TWO).

A. It must use elliptical curve encryption.B. It requires a HSM file system.C. It only works when data is not highly fragmented.D. It is faster than software encryption.E. It is available on computers using TPM.

Correct Answer: DESection: (none)Explanation

Explanation/Reference:

QUESTION 2A security administrator would MOST likely put a network interface card into promiscuous mode to use which ofthe following utilities? (Select TWO).

A. WiresharkB. NessusC. TcpdumpD. NmapE. L0phtcrack

Correct Answer: ACSection: (none)Explanation

Explanation/Reference:

QUESTION 3Which of the following would an administrator apply to mobile devices to BEST ensure the confidentiality ofdata?

A. Screen locksB. Device encryptionC. Remote sanitizationD. Antivirus software

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 4Which of the following should be performed on a computer to protect the operating system from malicioussoftware? (Select TWO).

Page 14: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. Disable unused servicesB. Update NIDS signaturesC. Update HIPS signaturesD. Disable DEP settingsE. Install a perimeter firewall

Correct Answer: ACSection: (none)Explanation

Explanation/Reference:

QUESTION 5In order to access the network, an employee must swipe their finger on a device. Which of the followingdescribes this form of authentication?

A. Single sign-onB. MultifactorC. BiometricsD. Tokens

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 6Which of the following will prevent inbound ICMP traffic between systems?

A. HIDSB. VPNC. AntivirusD. Personal firewall

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 7Which of the following BEST describes a malicious application that attaches itself to other files?

A. RootkitsB. AdwareC. BackdoorsD. Virus

Correct Answer: DSection: (none)Explanation

Page 15: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation/Reference:

QUESTION 8A physical server goes offline. It takes down six virtual web servers that it was hosting. This is an example ofwhich of the following vulnerabilities?

A. Man in the middleB. SQL injectionC. Cross-site scriptingD. Single point of failure

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 9A security administrator wants to determine what data is allowed to be collected from users of the corporateInternet-facing web application. Which of the following should be referenced?

A. Privacy policyB. Human Resources policyC. Appropriate use policyD. Security policy

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 10A security administrator with full administrative rights on the network is forced to temporarily take time off oftheir duties. Which of the following describes this form of access control?

A. Separation of dutiesB. DiscretionaryC. Mandatory vacationD. Least privilege

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 11Which of the following are the BEST reasons to use an HSM? (Select TWO).

A. Encrypt the CPU L2 cache

Page 16: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

B. Recover keysC. Generate keysD. Transfer keys to the CPUE. Store keys

Correct Answer: CESection: (none)Explanation

Explanation/Reference:

QUESTION 12Which of the following would an administrator do to ensure that an application is secure and all unnecessaryservices are disabled?

A. BaseliningB. Application hardeningC. Secure application codingD. Patch management

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 13Several existing, poorly documented networks have been integrated. Which of the following would defineexpected traffic with the LOWEST impact on existing processes?

A. Configure the firewall to log all traffic and begin researching.B. Update all network services to use secure protocols.C. Configure the firewall to block all non-standard ports and review logs for blocked traffic.D. Update signatures on the intrusion detection devices and review alerts.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 14A company hires a security firm to assess the security of the company's network. The company does notprovide the firm with any internal knowledge or documentation of the network. Which of the following should thesecurity firm perform?

A. Black hatB. Black boxC. Gray hatD. Gray box

Correct Answer: B

Page 17: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Section: (none)Explanation

Explanation/Reference:

QUESTION 15Which of the following risks may result from improper use of social networking and P2P software?

A. Shoulder surfingB. Denial of serviceC. Information disclosureD. Data loss prevention

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 16An administrator needs to setup devices on a network that will make it possible for the company to separateresources within the internal network. Which of the following BEST describes the needed network design?

A. DMZB. VLANC. NATD. NAC

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 17Data can potentially be stolen from a disk encrypted, screen-lock protected, smart phone by which of thefollowing?

A. BluesnarfingB. IV attackC. HoneynetD. SIM cloning

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 18The administrator wishes to monitor incoming traffic, but does not want to risk accidentally blocking legitimatetraffic. Which of the following should the administrator implement?

Page 18: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. A client-based firewallB. A DMZC. A NIDSD. A HIPS

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 19A user reports that their home page is being redirected to an obscure website. An antivirus scan shows noabnormalities. Which of the following is the MOST probable cause?

A. WormB. BotnetC. SpamD. Rootkit

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 20A company wants to sell some old cell phones on an online auction to recover some of the cost of the newerphones. Which of the following should be done to ensure the confidentiality of the information that is stored onthe phones (e.g. client phone numbers and email communications)?

A. Degauss the phones for 30 minutes.B. Contact the vendor.C. Manually delete the phone book entries and all email in the phone.D. Perform a master reset.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 21Which of the following BEST describes S/MIME certificates?

A. They use public and private keys.B. They provide non-repudiation.C. They make all emails a fixed size.D. They automatically append legal disclaimers to emails.

Correct Answer: B

Page 19: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Section: (none)Explanation

Explanation/Reference:

QUESTION 22An employee is processing classified information on a secured laptop and leaves the laptop unlocked in apublic place. This negligence may BEST be attributed to:

A. a weak intrusion detection system.B. password complexity issues.C. absence of due diligence.D. lack of security education and awareness training.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 23Which of the following is the primary concern when using a Halon fire suppression system to cover an entiredata center?

A. Ample time to remove backup tapesB. Ample space to install servers near the systemC. Adequate volume to cover all equipmentD. Adequate evacuation time for personnel

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 24A certificate that has been compromised should be published to which of the following?

A. AESB. CAC. CRLD. PKI

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 25When a user first moves into their residence, the user receives a key that unlocks and locks their front door.

Page 20: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

This key is only given to them but may be shared with others they trust. Which of the following cryptographyconcepts is illustrated in the example above?

A. Asymmetric key sharingB. Exchange of digital signaturesC. Key escrow exchangeD. Symmetric key sharing

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 26Which of the following wireless security controls can be easily and quickly circumvented using only a networksniffer? (Select TWO).

A. MAC filteringB. Disabled SSID broadcastC. WPA2-EnterpriseD. EAP-TLSE. WEP with 802.1x

Correct Answer: AESection: (none)Explanation

Explanation/Reference:

QUESTION 27Which of the following is a best practice to identify fraud from an employee in a sensitive position?

A. Acceptable usage policyB. Separation of dutiesC. False positivesD. Mandatory vacations

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 28A security administrator is tasked with ensuring that all servers are highly available and that hard drive failurewill not affect an individual server. Which of the following configurations will allow for high availability? (SelectTWO).

A. Hardware RAID 5

Page 21: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

B. Load sharingC. Server clusteringD. Software RAID 1E. Load balancing

Correct Answer: ACSection: (none)Explanation

Explanation/Reference:

QUESTION 29Which of the following is performed during a security assessment?

A. Remediate the machines with incorrectly configured controls.B. Quarantine the machines that have no controls in place.C. Determine which controls are operating as intended.D. Calculate the cost of bringing the controls back into compliance.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 30In the context of authentication models the concept of identification is BEST described as which of thefollowing?

A. Providing identity documents to a new user based on approved paperwork.B. Verifying that a user is authorized to access a computer system.C. The last step in a three-factor authentication process.D. Verifying that a user's identity matches a set of provided credentials.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 31Which of the following provides the STRONGEST hashing?

A. AES512B. SHA256C. AES256D. MD5

Correct Answer: ASection: (none)

Page 22: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation

Explanation/Reference:

QUESTION 32Which of the following is the correct formula for calculating mean time to restore (MTTR)?

A. MTTR = (time of fail) / (time of restore)B. MTTR = (time of fail) - (time of restore)C. MTTR = (time of restore) - (time of fail)D. MTTR = (time of restore) x (time of fail)

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 33Which of the following represents the complexity of a password policy which enforces lower case passwordusing letters from a through z where n is the password length?

A. n26B. 2n * 26C. 26nD. n2 * 26

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 34MAC filtering is a form of which of the following?

A. VirtualizationB. Network Access ControlC. Virtual Private NetworkingD. Network Address Translation

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 35Which of the following would BEST prevent the theft of laptops located in the corporate office?

A. Install security cameras inside the building.

Page 23: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

B. Configure all laptops with passwords.C. Require all employees to use company supplied device locks to secure the laptops.D. Install locator software that sends its location back to the corporate office.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 36Which of the following do environmental controls influence?

A. Wire shieldingB. Room lightingC. Fire suppressionD. System availability

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 37Which of the following protocols would be the MOST secure method to transfer files from a host machine?

A. SFTPB. WEPC. TFTPD. FTP

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 38Which of the following would be a reason the IT department would disallow the use of USB flash storagedevices?

A. The stored data might be out of date with networked-stored equivalents.B. Users can inadvertently spread viruses.C. Data stored on the device may be copyrighted.D. Users might be using incompatible USB 1.0 technology.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

Page 24: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 39Which of the following is a vulnerability introduced into a hardware or software product by the developer?

A. Null sessionB. Default accountC. Weak passwordD. Back door

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 40A network device blocking incoming traffic which does not match an internal request for traffic is considered tohave:

A. stateful packet inspection.B. behavior based heuristics.C. an implicit allow rule.D. URL filtering.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 41Which of the following is the GREATEST security risk posed by removable media?

A. Disclosure of cryptographic algorithmsB. Loss of data integrityC. Disclosure of public keysD. Loss of confidential data

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

Page 25: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Exam C

QUESTION 1Which of the following operating system characteristics allows malware propagation via USB storage devices?(Select TWO).

A. Small sizeB. AutorunC. Large memory spaceD. MobilityE. Plug 'n play

Correct Answer: BESection: (none)Explanation

Explanation/Reference:

QUESTION 2ARP poison routing attacks are an example of which of the following?

A. Distributed Denial of ServiceB. Smurf AttackC. Man-in-the-middleD. Vishing

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 3Which of the following logical access control methods would a security administrator need to modify in order tocontrol network traffic passing through a router to a different network?

A. Configuring VLAN 1B. ACLC. Logical tokensD. Role-based access control changes

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 4Which of the following tools limits external access to the network?

A. IDSB. VLAN

Page 26: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

C. FirewallD. DMZ

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 5Which of the following is MOST likely to be an issue when turning on all auditing functions within a system?

A. Flooding the network with all of the log informationB. Lack of support for standardized log review toolsC. Too much information to reviewD. Too many available log aggregation tools

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 6Upon opening the browser, a guest user is redirected to the company portal and asked to agree to theacceptable use policy. Which of the following is MOST likely causing this to appear?

A. NATB. NACC. VLAND. DMZ

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 7USB devices with a virus delivery mechanism are an example of which of the following security threats?

A. AdwareB. TrojanC. BotnetsD. Logic bombs

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

Page 27: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 8Cell phones with network access and the ability to store data files are susceptible to which of the followingrisks?

A. Input validation errorsB. SMTP open relaysC. VirusesD. Logic bombs

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 9Which of the following algorithms provides better protection against brute force attacks by using a 160-bitmessage digest?

A. MD5B. SHA-1C. LANMAND. NTLM

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 10Which of the following access control technologies provides a rolling password for one-time use?

A. RSA tokensB. ACLC. Multifactor authenticationD. PIV card

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 11Which of the following uses an RC4 key that can be discovered by eavesdropping on plain text initializationvectors?

A. WEPB. TKIPC. SSH

Page 28: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

D. WPA

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 12An administrator wants to crack passwords on a server with an account lockout policy. Which of the followingwould allow this without locking accounts?

A. Try guessing passwords slow enough to reset the bad count interval.B. Try guessing passwords with brute force.C. Copy the password file offline and perform the attack on it.D. Try only real dictionary words.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 13A user reports that each time they attempt to go to a legitimate website, they are sent to an inappropriatewebsite. The security administrator suspects the user may have malware on the computer, which manipulatedsome of the user's files. Which of the following files on the user's system would need to be checked forunauthorized changes?

A. SAMB. LMhostsC. ServicesD. Hosts

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 14An administrator needs to limit and monitor the access users have to the Internet and protect the internalnetwork. Which of the following would MOST likely be implemented?

A. A heuristic firewallB. DNS caching on the client machinesC. A pushed update modifying users' local host fileD. A content-filtering proxy server

Correct Answer: DSection: (none)Explanation

Page 29: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation/Reference:

QUESTION 15The security administrator needs to make a change in the network to accommodate a new remote location. Thenew location will be connected by a serial interface, off the main router, through a commercial circuit. Thisremote site will also have traffic completely separated from all other traffic. Which of the following designelements will need to be implemented to accommodate the new location?

A. VLANs need to be added on the switch but not the router.B. The NAT needs to be re-configured to allow the remote location.C. The current IP scheme needs to be subnetted.D. The switch needs to be virtualized and a new DMZ needs to be created

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 16Which of the following is the MOST secure authentication method?

A. SmartcardB. IrisC. PasswordD. Fingerprints

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 17When reviewing IDS logs, the security administrator notices many events pertaining to a "NOOP sled". Whichof the following attacks is occurring?

A. Man-in-the-middleB. SQL injectionC. Buffer overflowD. Session hijacking

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 18Which of the following is the MAIN difference between a hotfix and a patch?

A. Hotfixes follow a predetermined release schedule while patches do not.

Page 30: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

B. Hotfixes are smaller than patches.C. Hotfixes may be released at anytime and will later be included in a patch.D. Patches can only be applied after obtaining proper approval, while hotfixes do not need management

approval

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 19A vulnerability assessment was conducted against a network. One of the findings indicated an out- datedversion of software. This is an example of weak:

A. security policies.B. patch management.C. acceptable use policies.D. configuration baselines.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 20Which of the following tools can execute a ping sweep?

A. Protocol analyzerB. Anti-virus scannerC. Network mapperD. Password cracker

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 21Which of the following is used when performing a qualitative risk analysis?

A. Exploit probabilityB. JudgmentC. Threat frequencyD. Asset value

Correct Answer: ASection: (none)Explanation

Page 31: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation/Reference:

QUESTION 22Exploitation of security vulnerabilities is used during assessments when which of the following is true?

A. Security testers have clear and written authorization to conduct vulnerability scans.B. Security testers are trying to document vulnerabilities without impacting network operations.C. Network users have permissions allowing access to network devices with security weaknesses.D. Security testers have clear and written authorization to conduct penetration testing.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 23In order to prevent data loss in case of a disk error which of the following options would an administrator MOSTlikely deploy?

A. Redundant connectionsB. RAIDC. Disk stripingD. Redundant power supplies

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 24After installing database software the administrator must manually change the default administrative password,remove a default database, and adjust permissions on specific files.These actions are BEST described as:

A. vulnerability assessment.B. mandatory access control.C. application hardening.D. least privilege

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 25Which of the following is the BEST mitigation method to implement when protecting against a discovered OSexploit?

A. NIDS

Page 32: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

B. PatchC. Antivirus updateD. HIDS

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 26Which of the following is the primary concern of governments in terms of data security?

A. IntegrityB. AvailabilityC. CostD. Confidentiality

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 27Which of the following is BEST used to change common settings for a large number of deployed computers?

A. Group policiesB. HotfixesC. Configuration baselinesD. Security templates

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 28Which of the following solutions would a company be MOST likely to choose if they wanted to conserve rackspace in the data center and also be able to manage various resources on the servers?

A. Install a manageable, centralized power and cooling systemB. Server virtualizationC. Different virtual machines on a local workstationD. Centralize all blade servers and chassis within one or two racks

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

Page 33: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 29A rogue wireless network is showing up in the IT department. The network appears to be coming from a printerthat was installed. Which of the following should have taken place, prior to this printer being installed, to preventthis issue?

A. Installation of Internet content filters to implement domain name kiting.B. Penetration test of the network to determine any further rogue wireless networks in the area.C. Conduct a security review of the new hardware to determine any possible security risks.D. Implement a RADIUS server to authenticate all users to the wireless network.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 30Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?

A. EavesdroppingB. Process hidingC. Self-replicationD. Popup displays

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 31Which of the following is used to generate keys in PKI?

A. AESB. RSAC. DESD. 3DES

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 32Which of the following methods is a best practice for granting access to resources?

A. Add ACLs to computers; add computers to groups.B. Add ACLs to users; add users to groups.C. Add users to ACLs; add computers to groups.

Page 34: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

D. Add groups to ACLs; add users and computers to groups.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 33Which of the following may cause a user, connected to a NAC-enabled network, to not be prompted forcredentials?

A. The user's PC is missing the authentication agent.B. The user's PC is not fully patched.C. The user's PC is not at the latest service pack.D. The user's PC has out-of-date antivirus software.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 34When used to encrypt transmissions, which of the following is the MOST resistant to brute force attacks?

A. SHAB. MD5C. 3DESD. AES256

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 35Which of the following BEST describes how the private key is handled when connecting to a secure webserver?

A. The key is not shared and remains on the serverB. Anyone who connects receives the keyC. Only users from configured IP addresses received the keyD. All authenticated users receive the key

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

Page 35: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 36A user visits their normal banking website. The URL is correct and the website is displayed in the browser, butthe user gets an SSL warning that the SSL certificate is invalid as it is signed by an unknown authority. Whichof the following has occurred?

A. Domain name kitingB. Privilege escalationC. Replay attackD. Man-in-the-middle attack

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 37A technician reviews the system log entries for an internal DNS server. Which of the following entries MOSTwarrants further investigation?

A. DNS query from a source outside the organizationB. DNS query from a source inside the organizationC. Zone transfer to a source inside the organizationD. Zone transfer to a source outside the organization

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 38Monitoring a computer's logs and critical files is part of the functionality of a

A. NIPS.B. HIDS.C. firewall.D. honeypot.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 39Which of the following can be implemented as an OS hardening practice to mitigate risk?

A. Domain name kitingB. Removable storageC. Input validationD. Security templates

Page 36: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 40Continuously documenting state and location of hardware from collection to disposition during a forensicinvestigation is known as:

A. risk mitigation.B. data handling.C. chain of custody.D. incident response.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

Page 37: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Exam D

QUESTION 1Which of the following is an example of two factor authentication?

A. PIN and passwordB. Smartcard and tokenC. Smartcard and PIND. Fingerprint and retina scan

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 2Which of the following uses a three-way-handshake for authentication and is commonly used in PPPconnections?

A. MD5B. CHAPC. KerberosD. SLIP

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 3A security analyst has been notified that one of the web servers has stopped responding to web traffic. Thenetwork engineer also reports very high bandwidth utilization to and from the Internet. Which of the followinglogs is MOST likely to be helpful in finding the cause and source of the problem?

A. Access logB. Event logC. System logD. Firewall log

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 4Which of the following transmission types would an attacker most likely use to try to capture data packets?

A. Shielded twisted pair

Page 38: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

B. FiberopticC. BluesnarfingD. Wireless

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 5Which of the following describes a port that is left open in order to facilitate access at a later date?

A. HoneypotB. Proxy serverC. Open relayD. Backdoor

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 6Which of the following is often bundled with freely downloaded software?

A. CookiesB. Logic bombC. AdwareD. Spam

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 7Which of the following security types would require the use of certificates to verify a user's identity?

A. ForensicsB. CRLC. PKID. Kerberos

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

Page 39: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 8An administrator believes a user is secretly transferring company information over the Internet. The networklogs do not show any non-standard traffic going through the firewall. Which of the following tools would allowthe administrator to better evaluate the contents of the network traffic?

A. Vulnerability scannerB. Network anomaly detectionC. Protocol analyzerD. Proxy server

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 9Which of the following monitoring technology types is MOST dependent on receiving regular updates?

A. Signature-basedB. Kerberos-basedC. Behavior-basedD. Anomaly-based

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 10A company has just recovered from a major disaster. Which of the following should signify the completion of adisaster recovery?

A. Verify all servers are back online and working properly.B. Update the disaster recovery plan based on lessons learned.C. Conduct post disaster recovery testing.D. Verify all network nodes are back online and working properly.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 11Which of the following is a public key cryptosystem?

A. RSAB. SHA-1

Page 40: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

C. 3DESD. MD5

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 12A file has been compromised with corrupt data and might have additional information embedded within it.Which of the following actions should a security administrator follow in order to ensure data integrity of the fileon that host?

A. Disable the wireless network and copy the data to the next available USB drive to protect the dataB. Perform proper forensics on the file with documentation along the way.C. Begin chain of custody for the document and disallow access.D. Run vulnerability scanners and print all reports of all diagnostic results.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 13Every company workstation contains the same software prior to being assigned to workers. Which of thefollowing software options would give remote users the needed protection from outside attackers when they areoutside of the company's internal network?

A. HIDSB. Vulnerability scannerC. Personal firewallD. NIPS

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 14To ensure users are logging into their systems using a least privilege method, which of the following should bedone?

A. Create a user account without administrator privileges.B. Employ a BIOS password that differs from the domain password.C. Enforce a group policy with the least amount of account restrictions.D. Allow users to determine their needs and access to resources.

Correct Answer: ASection: (none)

Page 41: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation

Explanation/Reference:

QUESTION 15A security administrator is analyzing the packet capture from an IDS triggered filter. The packet capture showsthe following string:<scrip>source=http://www.evilsite.jp/evil.js</script>Which of the following attacks is occurring?

A. SQL injectionB. Redirection attackC. Cross-site scriptingD. XLM injection

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 16Which of the following concepts addresses the threat of data being modified without authorization?

A. IntegrityB. Key managementC. AvailabilityD. Non-repudiation

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 17Which of the following is a best practice for organizing users when implementing a least privilege model?

A. By functionB. By departmentC. By geographic locationD. By management level

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 18Management would like to know if anyone is attempting to access files on the company file server. Which of thefollowing could be deployed to BEST provide this information?

Page 42: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. Software firewallB. Hardware firewallC. HIDSD. NIDS

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 19Which of the following is the correct risk assessment equation?

A. Risk = exploit x number of systems x cost of assetB. Risk = infections x number of days infected x cost of assetC. Risk = threat x vulnerability x cost of assetD. Risk = vulnerability x days unpatched x cost of asset

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 20The process of validating a user's claimed identity is called

A. identification.B. authorization.C. validation.D. repudiation.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 21The security administrator wants to increase the cipher strength of the company's internal root certificate.Which of the following would the security administer use to sign a stronger root certificate?

A. Certificate authorityB. Registration authorityC. Key escrowD. Trusted platform module

Correct Answer: ASection: (none)Explanation

Page 43: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation/Reference:

QUESTION 22Which of the following devices hooks into a LAN and captures traffic?

A. Protocol analyzerB. Protocol filterC. Penetration testing toolD. Vulnerability assessment tool

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 23When assessing a network containing resources that require near 100% availability, which of the followingtechniques should be employed to assess overall security?

A. Penetration testingB. Vulnerability scanningC. User interviewsD. Documentation reviews

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 24Which of the following would MOST likely contain a <SCRIPT> tag?

A. CookiesB. XSSC. DOSD. Buffer overflow

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 25Which of the following is a reason why wireless access points should not be placed near a building's perimeter?

A. Rouge access pointsB. Vampire taps

Page 44: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

C. Port scanningD. War driving

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 26A new enterprise solution is currently being evaluated due to its potential to increase the company's profitmargins. The security administrator has been asked to review its security implications. While evaluating theproduct, various vulnerability scans were performed. It was determined that the product is not a threat but hasthe potential to introduce additional vulnerabilities. Which of the following assessment types should the securityadministrator also take into consideration while evaluating this product?

A. Threat assessmentB. Vulnerability assessmentC. Code assessmentD. Risk assessment

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 27Which of the following tools BEST identifies the method an attacker used after they have entered into anetwork?

A. Input validationB. NIDSC. Port scannerD. HIDS

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 28Which of the following is a major risk associated with cloud computing?

A. Loss of physical control over dataB. Increased complexity of qualitative risk assessmentsC. Smaller attack surfaceD. Data labeling challenges

Correct Answer: A

Page 45: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Section: (none)Explanation

Explanation/Reference:

QUESTION 29Which of the following BEST describes how the mandatory access control (MAC) method works?

A. It is an access policy based on a set of rules.B. It is an access policy based on the role that the user has in an organization.C. It is an access policy based on biometric technologies.D. It is an access policy that restricts access to objects based on security clearance.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 30Using a smartcard and a physical token is considered how many factors of authentication?

A. OneB. TwoC. ThreeD. Four

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 31Which of the following protocols is considered more secure than SSL?

A. TLSB. WEPC. HTTPD. Telnet

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 32A NIDS monitoring traffic on the public-side of a firewall provides which of the following?

A. Faster alerting to internal compromises

Page 46: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

B. Intelligence about external threatsC. Protection of the external firewall interfaceD. Prevention of malicious traffic

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 33Which of the following would a network administrator implement to control traffic being routed betweennetworks or network segments in an effort to preserve data confidentiality?

A. NATB. Group policiesC. Password policiesD. ACLs

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 34The security administrator wants each user to individually decrypt a message but allow anybody to encrypt it.Which of the following MUST be implemented to allow this type of authorization?

A. Use of digital certificatesB. Use of public keys onlyC. Use of private keys onlyD. Use of public and private keys

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 35Which of the following has been implemented if several unsuccessful login attempts were made in a shortperiod of time denying access to the user account, and after two hours the account becomes active?

A. Account lockoutB. Password expirationC. Password disablementD. Screen lock

Correct Answer: ASection: (none)Explanation

Page 47: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation/Reference:

QUESTION 36Which of the following BEST describes an intrusion prevention system?

A. A system that stops an attack in progress.B. A system that allows an attack to be identified.C. A system that logs the attack for later analysis.D. A system that serves as a honeypot.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 37In the event of a disaster, in which the main datacenter is immediately shutdown, which of the following would acompany MOST likely use with a minimum Recovery Time Objective?

A. Fault toleranceB. Hot siteC. Cold siteD. Tape backup restoration

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

Page 48: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Exam E

QUESTION 1Which of the following methods involves placing plain text data within a picture or document?

A. SteganographyB. Digital signatureC. Transport encryptionD. Stream cipher

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 2Which of the following is a detective security control?

A. CCTVB. FirewallC. Design reviewsD. Bollards

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 3Which of the following can cause hardware based drive encryption to see slower deployment?

A. A lack of management softwareB. USB removable drive encryptionC. Role/rule-based access controlD. Multifactor authentication with smart cards

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 4Which of the following is a reason to implement Kerberos over local system authentication?

A. Authentication to multiple devicesB. Centralized file integrity protectionC. Non-repudiation

Page 49: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

D. Greater password complexity

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 5Which of the following cipher types is used by AES?

A. BlockB. FourierC. StreamD. Turing

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 6Which of the following control systems is used to maintain proper environmental conditions in a datacenter?

A. HVACB. BollardsC. CCTVD. Mantrap

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 7A penetration test shows that almost all database servers were able to be compromised through a defaultdatabase user account with the default password. Which of the following is MOST likely missing from theoperational procedures?

A. Application hardeningB. OS hardeningC. Application patch managementD. SQL injection

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

Page 50: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 8A user reports that their 802.11n capable interface connects and disconnects frequently to an access point thatwas recently installed. The user has a Bluetooth enabled laptop. A company in the next building had theirwireless network breached last month. Which of the following is MOST likely causing the disconnections?

A. An attacker inside the company is performing a bluejacking attack on the user's laptop.B. Another user's Bluetooth device is causing interference with the Bluetooth on the laptop.C. The new access point was mis-configured and is interfering with another nearby access point.D. The attacker that breached the nearby company is in the parking lot implementing a war driving attack.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 9Which of the following facilitates computing for heavily utilized systems and networks?

A. Remote accessB. Provider cloudC. VPN concentratorD. Telephony

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 10A security administrator finished taking a forensic image of a computer's memory. Which of the following shouldthe administrator do to ensure image integrity?

A. Run the image through AES128.B. Run the image through a symmetric encryption algorithm.C. Compress the image to a password protected archive.D. Run the image through SHA256.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 11A customer has called a company to report that all of their computers are displaying a rival company's websitewhen the user types the correct URL into the browser. All of the other websites the user visits work correctlyand other customers are not having this issue. Which of the following has MOST likely occurred?

A. The website company has a misconfigured firewall.B. The customer has a virus outbreak.

Page 51: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

C. The customer's DNS has been poisoned.D. The company's website has been attacked by the rival company

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 12A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which of thefollowing?

A. WhalingB. BluesnarfingC. VishingD. Dumpster diving

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 13Which of the following should be reviewed periodically to ensure a server maintains the correct securityconfiguration?

A. NIDS configurationB. Firewall logsC. User rightsD. Incident management

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 14Which of the following is true when a user browsing to an HTTPS site receives the message: a Site namemismatch'?

A. The certificate CN is different from the site DNS A record.B. The CA DNS name is different from the root certificate CN.C. The certificate was issued by the intermediate CA and not by the root CA.D. The certificate file name is different from the certificate CN.

Correct Answer: ASection: (none)Explanation

Page 52: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation/Reference:

QUESTION 15DRPs should contain which of the following?

A. Hierarchical list of non-critical personnelB. Hierarchical list of critical systemsC. Hierarchical access control listsD. Identification of single points of failure

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 16Which of the following access control methods provides the BEST protection against attackers logging on asauthorized users?

A. Require a PIV cardB. Utilize time of day restrictionsC. Implement implicit denyD. Utilize separation of duties

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 17Several PCs are running extremely slow all of a sudden. Users of the PCs report that they do a lot of webbrowsing and explain that a disgruntled employee from their department was recently fired. The securityadministrator observes that all of the PCs are attempting to open a large number of connections to the samedestination. Which of the following is MOST likely the issue?

A. A logic bomb has been installed by the former employeeB. A man-in-the-middle attack is taking place.C. The PCs have downloaded adware.D. The PCs are being used in a botnet

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 18Which of the following is the BEST way to secure data for the purpose of retention?

Page 53: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. Off-site backupB. RAID 5 on-site backupC. On-site clusteringD. Virtualization

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 19Which of the following has a programmer MOST likely failed to consider if a user entering improper input is ableto compromise the integrity of data?

A. SDLMB. Error handlingC. Data formattingD. Input validation

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 20A user reports that a web browser stopped working after it was updated. Which of the following BEST describesa probable cause of failure?

A. The browser was previously compromised and corrupted during the update.B. Anti-spyware is preventing the browser from accessing the network.C. A faulty antivirus signature has identified the browser as malware.D. A network based firewall is blocking the browser as it has been modified.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 21Which of the following devices is MOST likely to be installed to prevent malicious attacks?

A. VPN concentratorB. FirewallC. NIDSD. Protocol analyzer

Correct Answer: BSection: (none)

Page 54: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation

Explanation/Reference:

QUESTION 22Which of the following protocols uses UDP port 69 by default?

A. KerberosB. TFTPC. SSHD. DNS

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 23Which of the following would a security administrator use to diagnose network issues?

A. ProxyB. Host-based firewallC. Protocol analyzerD. Gateway

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 24Which of the following should be implemented on a mobile phone to help prevent a conversation from beingcaptured?

A. Device encryptionB. Voice encryptionC. GPS trackingD. Sniffer

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 25A user wishes to encrypt only certain files and folders within a partition. Which of the following methods shoulda technician recommend?

A. EFS

Page 55: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

B. Partition encryptionC. Full diskD. BitLocker

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 26Centrally authenticating multiple systems and applications against a federated user database is an example of:

A. smart card.B. common access card.C. single sign-on.D. access control list.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 27Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?

A. EavesdroppingB. Process hidingC. Self-replicationD. Popup displays

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 28A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remotebranch. Which of the following protocols should be used for the tunnel?

A. RTPB. SNMPC. IPSecD. 802.1X

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

Page 56: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 29Which of the following uses tickets to identify users to the network?

A. RADIUSB. LDAPC. TACACS+D. Kerberos

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 30A security administrator notices an unauthorized vehicle roaming the area on company grounds. The securityadministrator verifies that all network connectivity is up and running and that no unauthorized wireless devicesare being used to authenticate other devices; however, the administrator does notice an unusual spike inbandwidth usage. This is an example of which of the following attacks?

A. Rogue access pointB. BluesnarfingC. Evil twinD. War driving

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 31Which of the following is a best practice when securing a switch from physical access?

A. Disable unnecessary accountsB. Print baseline configurationC. Enable access listsD. Disable unused ports

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 32Risk can be managed in the following ways EXCEPT:

A. mitigation.B. acceptance.

Page 57: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

C. elimination.D. transference.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 33Which of the following environmental variables reduces the potential for static discharges?

A. EMIB. TemperatureC. UPSD. Humidity

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 34A user reports that the spreadsheet they use for the department will not open. The spreadsheet is located on aserver that was recently patched. Which of the following logs would the technician review FIRST?

A. AccessB. FirewallC. AntivirusD. DNS

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 35Which of the following helps prevent a system from being fingerprinted?

A. Personal firewallB. Complex passwordsC. Anti-spam softwareD. OS patching

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

Page 58: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 36An attacker captures valid wireless traffic in hopes of transmitting it repeatedly to generate enough traffic todiscover the encryption key. Which of the following is the attacker MOST likely using?

A. War drivingB. Replay attackC. BluejackingD. DNS poisoning

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 37Which of the following is a preventative physical security measure?

A. Video surveillanceB. External lightingC. Physical access logD. Access control system

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 38A Maintenance Manager requests that a new group be created for a new development project, concerningpower distribution, in order to email and setup conference meetings to the whole project team. Which of thefollowing group types would need to be created?

A. Default power usersB. Restricted groupC. DistributionD. Security

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

Page 59: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Exam F

QUESTION 1Which of the following is an example of data obfuscation within a data stream?

A. CryptographyB. SteganographyC. HashingD. Fuzzing

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 2Which of the following is a malicious program that infects a host computer and has the ability to replicate itself?

A. SpywareB. VirusC. RootkitD. Spam

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 3Which of the following concepts is applied FIRST when a user logs into a domain?

A. VirealizationB. Non-repudiationC. AuthorizationD. Identification

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 4Which of the following tools will allow a technician to detect devices and associated IP addresses on thenetwork?

A. Network intrusion detection softwareB. Network mapping softwareC. Port scannerD. Protocol analyzers

Page 60: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 5Which of the following attacks involves sending unsolicited contact information to Bluetooth devices configuredin discover mode?

A. ImpersonationB. BluejackingC. War drivingD. Bluesnarfing

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 6Which of the following has the capability to perform onboard cryptographic functions?

A. SmartcardB. ACLC. RFID badgeD. Proximity badge

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 7Shielded communications media is MOST often used to prevent electrical emanations from being detected andcrosstalk between which of the following?

A. NetworksB. CablesC. VLANsD. VPNs

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

Page 61: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

http://www.gratisexam.com/

QUESTION 8Which of the following measures ensures unauthorized users cannot access a WAP in a user's home?

A. Proper WAP placementB. Turn off the computers when not in useC. Set the SSID to hiddenD. Change the administrator password on the computer

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 9The president of the company is trying to get to their bank's website, and the browser is displaying that thewebpage is being blocked by the system administrator. Which of the following logs would the technicianreview?

A. DNSB. PerformanceC. SystemD. Content filter

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 10Which of the following should a technician run to find user accounts that can be easily compromised?

A. NMAPB. SNORTC. John the RipperD. Nessus

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

Page 62: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 11Which of the following defines the role of a root certificate authority (CA) in PKI?

A. The root CA is the recovery agent used to encrypt data when a user's certificate is lost.B. The CA stores the user's hash value for safekeeping.C. The CA is the trusted root that issues certificates.D. The root CA is used to encrypt email messages to prevent unintended disclosure of data

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 12Which of the following BEST represents why a system administrator should download security patches from themanufacturer's website directly?

A. Maintain configuration baselineB. Implement OS hardeningC. Ensure integrity of the patchD. Ensure patches are up-to-date

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 13While responding to a confirmed breach of the organization's web server, the security administrator determinesthe source of the attack was from a rival organization's IP address range. Which of the following should thesecurity administer do with this information?

A. Notify the Help DeskB. Notify ICANNC. Notify managementD. Notify the rival organization's IT department

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 14Biometrics is an example of which of the following type of user authentication?

A. Something the user isB. Something the user hasC. Something the user doesD. Something the user knows

Page 63: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 15Which of the following contains a database of users and passwords used for authentication?

A. CHAPB. SAMC. TPMD. DNS

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 16The accounting group, clinical group and operations group only have access to their own applications. Thecompany often needs auditors to have access to all three groups' applications with little notice. Which of thefollowing would simplify the process of granting auditors permissions to all the applications?

A. Create an auditors group and merge the members of the accounting, clinical and operations groups.B. Create an auditors group and add each user to the accounting, clinical and operations groups individually.C. Create an auditors group and add each of the accounting, clinical and operations groups to the auditors

groupD. Create an auditors group and add the group to each of the accounting, clinical and operations groups.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 17Attackers may be able to remotely destroy critical equipment in the datacenter by gaining control over which ofthe following systems?

A. Physical access controlB. Video surveillanceC. HVACD. Packet sniffer

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

Page 64: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 18Which of the following situations applies to disaster recovery exercises?

A. Vulnerability scans should be performed after each exercise.B. Separation of duties should be implemented after each exercise.C. Passwords should be changed after each exercise.D. Procedures should be updated after each exercise.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 19Purchasing insurance on critical equipment is an example of which of the following types of risk mitigationtechniques?

A. Risk avoidanceB. Risk transferC. Risk retentionD. Risk reduction

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 20After completing a forensic image of a hard drive, which of the following can be used to confirm data integrity?

A. Chain of custodyB. Image compressionC. AES256 encryptionD. SHA512 hash

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 21A security administrator wants to prevent corporate users from being infected with viruses from flash basedadvertisements while using web browsers at work. Which of the following could be used to mitigate this threat?

A. Content filterB. FirewallC. IDSD. Protocol analyzer

Page 65: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 22Which of the following tools provides the MOST comprehensive view of the network's security?

A. Vulnerability assessmentB. Network anomaly detectionC. Penetration testD. Network mapping program

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 23A user is concerned about threats regarding social engineering and has asked the IT department for advice.One suggestion offered might be to:

A. install a removable data backup device for portability ease.B. verify the integrity of all data that is accessed across the network.C. ensure that passwords are not named after relatives.D. disallow all port 80 inbound connection attempts.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 24When disposing of old or damaged computer systems, which of the following is the primary security concern?

A. Integrity of company HR informationB. Compliance with industry best practicesC. Confidentiality of proprietary informationD. Adherence to local legal regulations

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 25Which of the following is performed during a security assessment?

Page 66: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. Remediate the machines with incorrectly configured controls.B. Quarantine the machines that have no controls in place.C. Calculate the cost of bringing the controls back into compliance.D. Determine the extent to which controls are implemented correctly

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 26The root certificate for the CA for a branch in a city was generated by the CA in a city in another country. Whichof the following BEST describes this trust model?

A. Chain of trustB. Linear trustC. Hierarchical trustD. Web of trust

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 27The security administrator needs to determine whether common words and phrases are being used aspasswords on the company server. Which of the following attacks would MOST easily accomplish this task?

A. NTLM hashingB. DictionaryC. Brute forceD. Encyclopedia

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 28Conducting periodic user rights audits can help an administrator identity:

A. new user accounts that have been created.B. users who are concurrently logged in under different accounts.C. unauthorized network services.D. users who can view confidential information.

Correct Answer: DSection: (none)

Page 67: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation

Explanation/Reference:

QUESTION 29Which of the following has a 128-bit message digest?

A. NTLMB. MD5C. SHAD. 3DES

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 30Which of the following BEST describes a security benefit of a virtualization farm?

A. Increased anomaly detectionB. Stronger authenticationC. Stronger encryptionD. Increased availability

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 31The company president wants to replace usernames and passwords with USB security tokens for companysystems. Which of the following authentication models would be in use?

A. Two factorB. Form factorC. Physical factorD. Single factor

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 32A security administrator wants to detect and prevent attacks at the network perimeter. Which of the followingsecurity devices should be installed to address this concern?

Page 68: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. NIPSB. IDSC. HIPSD. NDS

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 33Which of the following allows a systems administrator to regain lost keys within a PKI?

A. Recovery agentB. One time padC. CRLD. Asymmetric keys

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 34A vulnerable service is required between two systems on a network. Which of the following should anadministrator use to prevent an attack on that service from outside the network?

A. Proxy serverB. NIDSC. FirewallD. HIDS

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 35A technician needs to validate that a sent file has not been modified in any way. A co-worker recommends thata thumbprint be taken before the file is sent. Which of the following should be done?

A. Take an AES hash of the file and send the receiver both the hash and the original file in a signed andencrypted email.

B. Take a MD5 hash of the file and send the receiver both the hash and the original file in a signed andencrypted email.

C. Take a NTLM hash of the file and send the receiver both the hash and the original file in a signed andencrypted email.

Page 69: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

D. Take a LANMAN hash of the file and send the receiver both the hash and the original file in a signed andencrypted email.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 36Which of the following is a primary effect of allowing P2P connections on a network?

A. Increased amount of spamB. Input validation on web applicationsC. Possible storage of illegal materialsD. Tracking cookies on the website

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 37Which of the following services should be turned off on a printer to prevent malicious reconnaissance attempts?

A. FTPB. SpoolerC. SNMPD. IP printing

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

Page 70: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Exam G

QUESTION 1Which of the following devices is used to optimize and distribute data workloads across multiple computers ornetworks?

A. Load balancerB. URL filterC. VPN concentratorD. Protocol analyzer

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 2Which of the following port numbers is used for SCP, by default?

A. 22B. 69C. 80D. 443

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 3A technician needs to allow seven specific users connection to a new access point. Which of the followingshould be performed to achieve this action?

A. Enable MAC filteringB. Disable SSID broadcastC. Adjust antenna placementD. Decrease WAP power levels

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 4Which of the following systems implements a secure key distribution system that relies on hardcopy keysintended for individual sessions?

A. BlowfishB. PGP/GPG

Page 71: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

C. One-time padsD. PKI

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 5Which of the following devices is typically used at the enclave boundary to inspect, block, and re- route networktraffic for security purposes?

A. Load balancersB. Protocol analyzersC. FirewallsD. Spam filter

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 6Which of the following BEST describes the proper method and reason to implement port security?

A. Apply a security control which ties specific ports to end-device MAC addresses and prevents additionaldevices from being connected to the network.

B. Apply a security control which ties specific networks to end-device IP addresses and prevents new devicesfrom being connected to the network.

C. Apply a security control which ties specific ports to end-device MAC addresses and prevents all devicesfrom being connected to the network.

D. Apply a security control which ties specific ports to end-device IP addresses and prevents mobile devicesfrom being connected to the network.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 7Which of the following BEST describes the process of key escrow?

A. Maintains a copy of a user's public key for the sole purpose of recovering messages if it is lostB. Maintains a secured copy of a user's private key to recover the certificate revocation listC. Maintains a secured copy of a user's private key for the sole purpose of recovering the key if it is lostD. Maintains a secured copy of a user's public key in order to improve network performance

Correct Answer: CSection: (none)

Page 72: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation

Explanation/Reference:

QUESTION 8Which of the following technologies is used to verify that a file was not altered?

A. RC5B. AESC. DESD. MD5

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 9IPSec has been chosen for remote access VPN connections for telecommuters. Which of the followingcombinations would BEST secure the connection?

A. Transport mode, ESPB. Transport mode, AHC. Tunnel mode, AHD. Tunnel mode, ESP

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 10Recovery Point Objectives and Recovery Time Objectives directly relate to which of the following BCPconcepts?

A. Succession planningB. Remove single points of failureC. Risk managementD. Business impact analysis

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 11Which of the following security applications would an administrator use to help reduce the amount of bandwidthused by web browsing?

Page 73: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. HIDSB. Proxy serverC. NIPSD. Personal software firewall

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 12Which of the following is the MOST secure condition a firewall should revert to when it is overloaded withnetwork traffic?

A. Fail dangerB. Fail safeC. Fail closedD. Fail open

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 13Which of the following can restrict a computer from receiving network traffic?

A. HIDSB. Software firewallC. AntivirusD. NIDS

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 14Which of the following is the primary location where global policies are implemented in an organization?

A. Physical memoryB. DomainC. User documentationD. Security group

Correct Answer: BSection: (none)Explanation

Page 74: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation/Reference:

QUESTION 15Which of the following network security devices is the BEST to use when increasing the security of an entirenetwork, or network segment, by preventing the transmission of malicious packets from known attackingsources?

A. HoneypotB. FirewallC. HIDSD. NIDS

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 16Which of the following would be used to gain access to a data center where the administrator would have touse multiple authentication factors?

A. Fingerprint scan and passwordB. Fingerprint and retina scanC. Enter two different passwordsD. ID badge and smartcard

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 17Employee A sends employee B an encrypted message along with a digital signature. Employee B wants tomake sure that the message is truly from employee A. Which of the following will employee B do to verify thesource of the message?

A. Use employee Bs private key to unencrypted the message.B. Use employee as private key to verify the digital signature.C. Use employee Bs public key to unencrypted the message.D. Use employee as public key to verify the digital signature.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 18Which of the following is the primary difference between role-based access control and rule-based access

Page 75: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

control?

A. Both are based on local legal regulations but role based provides greater security.B. One is based on identity and the other on authentication.C. One is based on job function and the other on a set of approved instructions.D. Both are based on job title but rule based provides greater user flexibility.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 19Which of the following devices would be used to gain access to a secure network without affecting networkconnectivity?

A. RouterB. Vampire tapC. FirewallD. Fiber-optic splicer

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 20Which of the following is the purpose of key escrow in a PKI system?

A. Ensures that all private keys are publicly accessible to PKI usersB. Provides a system for recovering encrypted data even if the users lose private keysC. Provides a system for recovering encrypted data when public keys are corruptedD. Ensures the security of public keys by storing the keys confidentially

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 21A security manager decides to assign the daily responsibility of firewall and NIDS administration to differenttechnicians. This is an example of which of the following?

A. Implicit denyB. Separation of dutiesC. Least privilegeD. Job rotation

Correct Answer: B

Page 76: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Section: (none)Explanation

Explanation/Reference:

QUESTION 22Which of the following security applications would be MOST useful to traveling employees? (Select THREE).

A. Anti-spamB. Personal software firewallC. NIDSD. External corporate firewallE. NIPSF. Antivirus

Correct Answer: ABFSection: (none)Explanation

Explanation/Reference:

QUESTION 23Which of the following is performed when conducting a penetration test?

A. Documentation of security vulnerabilities and policy gaps.B. Demonstrations of network capabilities and resiliency.C. Documentation of network security settings, policy gaps and user errors.D. Demonstrations of security vulnerabilities and flaws in policy implementation.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 24Employee A wants to send employee B an encrypted message that will identify employee A as the source of themessage. Which of the following will employee A do to accomplish this? (Select TWO).

A. Use employee as private key to sign the message.B. Use the message application to mark the message as urgent.C. Use only symmetric encryption to send the message.D. Use employee Bs private key to encrypt the message.E. Use employee Bs public key to encrypt the message.F. Use employee as public key to sign the message.

Correct Answer: AESection: (none)Explanation

Explanation/Reference:

Page 77: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 25IPSec provides which of the following?

A. New IP headersB. Payload encryptionC. NAT traversalD. Payload compression

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 26Which of the following relies on prime numbers to generate keys?

A. RSAB. AESC. IPSecD. Elliptic curve

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 27A technician places a network jack in the parking garage for administrative use. Which of the following can beused to mitigate threats from entering the network via this jack?

A. Disable ports when not in useB. Install wireless access pointsC. Replace CAT5 with CAT6 plenumD. Install a firewall

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 28Which of the following provides an organization with the ability to hide an internal private network, whilesimultaneously providing additional IP addresses?

A. VLANB. NATC. VPND. DMZ

Page 78: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 29Which of the following keys is used to sign an email message?

A. PublicB. PrivateC. SymmetricD. CA key

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 30On which of the following algorithms is PGP based?

A. RSAB. MD5C. WPAD. DES

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 31A security administrator works for a corporation located in a state with strict data breach disclosure laws.Compliance with these local legal regulations requires the security administrator to report data losses due towhich of the following?

A. CryptographyB. Backup corruptionC. Power failuresD. Hacking

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

Page 79: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 32Command-and-Control is a key element of a:

A. logic bomb.B. rootkit.C. Trojan.D. botnet.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 33Which of the following would a technician implement to mitigate SQL injection security risks?

A. Use input validation.B. Disable Java on Internet browsers.C. Delete Internet history.D. Use software firewalls.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 34 Which of the following encryption methods is being used when both parties share the same secret key?

A. AsymmetricB. Certificate basedC. SymmetricD. Kerberos

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 35After a recent viral intrusion, an administrator wishes to verify the server's functionality post-clean- up. Theadministrator should:

A. analyze the NIDS logs for any errant connections that may have been recorded.B. install any hotfixes that may have been overlooked.C. compare the systems performance against the configuration baseline.D. ensure that the antivirus applications definitions are up-to-date.

Correct Answer: C

Page 80: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Section: (none)Explanation

Explanation/Reference:

QUESTION 36A small company wants to hire a security assessment team for the server and network infrastructure. Which ofthe following needs to be defined before penetration testing occurs?

A. Vulnerability scanB. Bandwidth requirementsC. Protocols analysisD. Rules of engagement

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 37Which operating system hardening procedure can be implemented to ensure all systems have the most up-to-date version available?

A. Group policiesB. Patch managementC. Security templatesD. Configuration baselines

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 38In the event of a fire, the MOST appropriate setting for electronic cipher locks would be to:

A. allow personnel to exit the building only after security confirms the threat and electronically releases alllocks.

B. allow personnel to exit the building without any forms of authentication.C. allow personnel to exit the building using only a photo ID badge.D. allow personnel to exit the building only after using a valid swipe card and key.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 39The company's administrative assistant acts as the main point of contact for outside sales vendors and

Page 81: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

provides information over the phone. Which of the following is the GREATEST threat that the administrativeassistant should be educated about?

A. Non-redundant personnel role distributionB. Providing employee personal contact informationC. Data information verification and up-to-date reporting structureD. Providing the corporate mailing address to unidentified callers

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 40In the past several weeks, there have been an increased amount of failed remote desktop login attempts froman external IP address. Which of the following ports should the administrator change from its default to controlthis?

A. 21B. 25C. 3389D. 4658

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

Page 82: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Exam H

QUESTION 1Which of the following is a transmission encryption that is generally regarded as weak?

A. AES256B. PGPC. SSLD. WEP

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 2Which of the following BEST describes when code that is initiated on a virtual machine directly affects the host?

A. VM clusterB. VM escapeC. VM hypervisorD. VM hardware abstraction

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 3Which of the following tools is used to report a wide range of security and configuration problems on a network?

A. Protocol analyzerB. Vulnerability scannerC. Port scannerD. TACACS

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 4A user reports that their system is slow and reboots on its own. The technician is unable to remotely control thecomputer and realizes that they no longer have administrative rights to that workstation. Which of the followingis MOST likely the cause?

A. SpamB. DDoSC. Adware

Page 83: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

D. Rootkit

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 5A user creates an archive of files that are sensitive and wants to ensure that no one else can access them.Which of the following could be used to assess the security of the archive?

A. Password crackerB. Port scannerC. FirewallD. Protocol analyzer

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 6Which of the following is the BEST way for an attacker to conceal their identity?

A. Shoulder surfingB. Deleting the cookiesC. Increase the max size of the logD. Disable logging

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 7Which of the following is the FINAL phase of disaster recovery?

A. Notify all personnel that a disaster has taken place.B. Hold a follow-up meeting to review lessons learned.C. Perform a full recovery so all devices are back in working order.D. Restore all network connectivity.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

Page 84: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 8Which of the following does an attacker with minimal rights need to accomplish to continue attacking acompromised system?

A. RootkitB. Logic bombC. Cross-site scriptingD. Privilege escalation

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 9Virtualization technology can be implemented to positively affect which of the following security concepts?

A. Non-repudiationB. ConfidentialityC. AvailabilityD. Integrity

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 10Which of the following uses both private and public key algorithms for email encryption and decryption?

A. CAB. DESC. PGPD. AES256

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 11Which of the following BEST describes NAC?

A. Provides access based on predetermined characteristicsB. Provides access based on ARP requestsC. Translates between DHCP requests and IP addressesD. Translates between private addresses and public addresses

Page 85: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 12Which of the following will allow a technician to restrict access to one folder within a shared folder?

A. NTLMB. IPSecC. NTLMv2D. NTFS

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 13A network administrator was recently promoted from their former position as a server administrator and nowcan no longer log on to servers they previously supported. This is an example of:

A. job rotation.B. single sign on.C. separation of duties.D. implicit deny.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 14The security administrator wants to know if a new device has any known issues with its available applications.Which of the following would be BEST suited to accomplish this task?

A. Vulnerability scannerB. Port scannerC. Network mapperD. Protocol analyzer

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 15

Page 86: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

An administrator believes a user has more access to a financial application than they should. Which of thefollowing policies would this MOST likely violate?

A. Group policyB. Server configuration policyC. User rights assignmentD. Storage and retention

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 16Which of the following is the BEST course of action to ensure an email server is not an open relay?

A. Require authentication for all outbound SMTP traffic.B. Require authentication for all inbound and outbound SMTP traffic.C. Block all inbound traffic on SMTP port 25.D. Require authentication for all inbound SMTP traffic.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 17Which of the following is the MAIN difference between bluejacking and bluesnarfing?

A. Bluesnarfing can be done from a greater distance than bluejacking.B. Bluejacking involves sending unsolicited messages to a phone while bluesnarfing involves accessing the

phone data.C. Bluejacking involves some social engineering while bluesnarfing does not.D. Bluesnarfing involves sending unsolicited messages to a phone while bluejacking involves accessing the

phone data.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 18Which of the following centralizes authentication on a wireless network?

A. RADIUSB. VPNC. RDPD. CHAP

Page 87: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 19Which of the following ensures that an employee cannot continue carrying out fraudulent activities?

A. Biometric readerB. Job rotationC. Two-factor authenticationD. Role-based access control

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 20Which of the following concepts is applied when a user enters a password to gain authorized access to asystem?

A. IdentificationB. PrivatizationC. AuthenticationD. Non-repudiation

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 21Which of the following BEST describes what users are required to provide in a two factor authenticationsystem?

A. Two distinct items from each of the authentication factor groups.B. Two distinct items from one of the authentication factor groups.C. Two distinct items from distinct categories of authentication factor groups.D. Two distinct items they know from the same authentication factor group.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 22A user loses a USB device containing credit card numbers. Which of the following would BEST protect the

Page 88: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

data?

A. Encryption of the device with the key stored elsewhereB. Password protection which destroys data on the device after 12 incorrect attemptsC. Password protection which destroys data on the device after 10 incorrect attemptsD. Encryption of the laptop to which the device is connected

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 23During a data exfiltration penetration test, which of the following is the NEXT step after gaining access to asystem?

A. Attack weak passwordsB. DoSC. Use default accountsD. Privilege escalation

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 24Which of the following would an administrator MOST likely update after deploying a service pack?

A. Configuration baselineB. PatchC. HotfixD. Group policy

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 25Which of the following logs contains user logons and logoffs?

A. SecurityB. DNSC. ApplicationD. System

Page 89: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 26A cipher lock system is which of the following security method types?

A. BiometricsB. Proximity readerC. Door accessD. Man-trap design

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 27Which of the following is able to detect that a local system has been compromised?

A. NIDSB. HIDSC. Anti-spamD. Personal firewall

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 28Verifying the time and date certain users access a server is an example of which of the following audit types?

A. Retention policyB. Account loginC. User rightsD. Account lockout

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 29Which of the following is required for an anomaly detection system to evaluate traffic properly?

A. Baseline

Page 90: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

B. SignatureC. Vulnerability assessmentD. Protocol analyzer

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 30An administrator is concerned about the amount of time it would take to investigate email that may be subject toinspection during legal proceedings. Which of the following could help limit the company's exposure and thetime spent on these types of proceedings?

A. Storage and retention policiesB. Decentralize email serversC. Encrypting email transmissionsD. Adjust user access rights assignments

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 31Which of the following helps protect logs from compromise?

A. Centralize log management.B. Turn on all logging options.C. Log failed logon attempts.D. View logs regularly.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 32A user from the accounting department is in the Customer Service area and tries to connect to the file serverthrough their laptop, but is unable to access the network. The network administrator checks the networkconnection and verifies that there is connectivity. Which of the following is the MOST likely cause of this issue?

A. File server is not on the DMZB. IPS has blocked accessC. Wrong VLAND. NAT is not properly configured

Correct Answer: CSection: (none)

Page 91: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation

Explanation/Reference:

QUESTION 33Which of the following RAID types would be implemented for disk mirroring?

A. RAID 0B. RAID 1C. RAID 3D. RAID 5

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 34Which of the following is MOST likely to be used to transfer malicious code to a corporate network byintroducing viruses during manufacturing?

A. P2P softwareB. BIOS chipsC. USB drivesD. Cell phones

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 35Which of the following defines the process and accounting structure for handling system upgrades andmodifications?

A. Service level agreementB. Change managementC. Loss controlD. Key management

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 36Which of the following BEST describes why USB storage devices present a security risk to the confidentiality ofdata?

Page 92: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. Ability to remotely install keylogger software and bypass network routing.B. High raw storage capacity combined with wireless transfer capability.C. High volume and transfer speeds combined with ease of concealment.D. Slow data transfer speeds combined with ease of concealment.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 37Implementing a mandatory vacation policy for administrators is a security best practice because of which of thefollowing?

A. Increases administrator's skills by providing them with a vacation.B. Detects malicious actions by an administrator responsible for reviewing logs.C. Makes it easier to implement a job rotation policy and cross train administrators.D. Detects malicious actions by users with remote access to network resources.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 38A user is recording a file on disk. Which of the following will allow a user to verify that the file is the original?

A. 3DESB. NTFSC. RSAD. MD5

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 39Which of the following is associated with a command and control system?

A. BotnetB. RootkitC. VirusD. Logic bomb

Correct Answer: ASection: (none)Explanation

Page 93: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation/Reference:

QUESTION 40Which of the following is BEST suited to determine which services are running on a remote host?

A. Log analyzerB. AntivirusC. Protocol analyzerD. Port scanner

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 41Which of the following is a best practice when creating groups of user and computer accounts in a directoryservice?

A. Delegation of administration and policy deploymentB. Naming conventions and technical aptitudeC. Department and salary divisionsD. Seniority at the company and access level

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 42Which of the following allows two people to communicate securely without having to know each other prior tocommunicating?

A. 3DESB. AESC. Symmetric keysD. PKI

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

Page 94: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Exam I

QUESTION 1 Which of the following should an HVAC system do when a fire is detected in a data center?

A. It should increase humidity.B. It should change to full cooling.C. It should decrease humidity.D. It should shut down.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 2Multiple machines are detected connecting to a specific web server during non-business hours and receivinginstructions to execute a DNS attack. Which of the following would be responsible?

A. VirusB. AdwareC. Logic BombD. Botnet

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 3Which of the following is the BEST solution for an administrator to implement in order to learn more about thezero-day exploit attacks on the internal network?

A. A HoneypotB. A stateful firewallC. A HIDSD. An IDS

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 4A technician wants to implement a change across the production domain. Which of the following techniquesshould the technician perform?

A. Change the acceptable use policy.B. Install service packs on the domain.

Page 95: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

C. Deploy a group policy.D. Edit the access control list.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 5A user logs onto a laptop with an encrypted hard drive. There is one password for unlocking the encryption andone password for logging onto the network. Both passwords are synchronized and used to login to the machine.Which of the following authentication types is this?

A. BiometricB. Single sign-onC. Three factorD. Two factor

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 6Limiting access to a file resource to only the creator by default, is an example of applying which of the followingsecurity concepts?

A. Behavior-based securityB. Role-based access controlC. Least privilegeD. Logical tokens

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 7A security administrator is worried about attackers accessing a specific server within the company's network.Which of the following would allow the security staff to identify unauthorized access to the server?

A. HIDSB. AntivirusC. Anti-spywareD. Honeypotadministrator to perform internal research

Correct Answer: ASection: (none)Explanation

Page 96: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation/Reference:

QUESTION 8Which of the following can be used to prevent ongoing network based attacks?

A. NIDSB. HIDSC. NATD. NIPS

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 9Which of the following audit systems should be enabled in order to audit user access and be able to know whois trying to access critical systems?

A. Group policyB. Account expirationC. Password policyD. Failed logon attempts

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 10Which of the following vulnerability assessment tools would be used to identify weaknesses in a company'srouter ACLs or firewall?

A. Rainbow tablesB. Intrusion prevention systemsC. Brute force attacksD. Port scanner

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 11Which of the following should be protected from disclosure?

A. Certificate revocation list

Page 97: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

B. Users private key passphraseC. Users public keyD. Public key infrastructure

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 12The firewall administrator sees an outbound connection on IP port 50 and UDP port 500. Which of the followingis the cause?

A. IPSec VPN connectionB. SSH tunnelingC. Certificate revocation list look-upD. Incorrect DNS setup

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 13Which of the following methods allows the administrator to create different user templates to comply with theprinciple of least privilege?

A. Rule-based access controlB. Mandatory access controlC. Physical access controlD. Role-based access control

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 14In the event of a disaster resulting in the loss of their data center, a company had determined that they will needto be able to be back online within the next day, with some systems. Which of the following would BEST meettheir needs?

A. A spare set of servers stored in the data centerB. A hot backup siteC. A cold backup siteD. A warm backup site

Page 98: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 15A network administrator is alerted to an incident on a file server. The alerting application is a file integrity checker. Which of the following is a possible source of this HIDS alert?

A. ARP poisoningB. DDOSC. Teardrop attackD. Rootkit

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 16Which of the following has a primary goal of hiding its processes to avoid detection?

A. WormB. RootkitC. Logic bombD. Virus

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 17Which of the following ports is susceptible to DNS poisoning?

A. 23B. 53C. 80D. 8080

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 18Which of the following system types would a security administrator need to implement in order to detect andmitigate behavior-based activity on the network?

Page 99: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. Antivirus serverB. NIPSC. Signature-based security devicesD. NIDS

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 19The technical user group has read and write access to a network share. The executive user group has fullcontrol of the same network share. A user is a member of both groups. Which of the following BEST describesthe users permissions on the share?

A. The user is able to modify, write, delete and read documents in network share.B. The user is able to modify, write and delete documents in network share.C. The user is able to write and read documents in the network share.D. The user is able to modify and write documents in network share.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 20Which of the following provides active protection to critical operating system files?

A. NIPSB. FirewallC. HIPSD. HIDS

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 21Which of the following technologies address key management?

A. Digital signature algorithmB. Advanced encryption standardC. BlowfishD. Diffie-Hellman

Correct Answer: DSection: (none)

Page 100: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Explanation

Explanation/Reference:

QUESTION 22Which of the following is a valid two-factor authentication model?

A. Retina scan and palm printB. Smartcard and hardware tokenC. Iris scan and user passwordD. User password and user PIN

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 23Which of the following redundancy planning concepts would MOST likely be used when trying to strike abalance between cost and recovery time?

A. Hot siteB. Cold siteC. Warm siteD. Field site

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 24Which of the following should the network administrator use to remotely check if a workstation is running a P2Papplication?

A. Ping sweeperB. Port scannerC. Network mapperD. ARP scanner

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 25The security policy at a company clearly specifies that server administrators cannot have access to log serversor permissions to review log files. These rights are granted only to security administrators. This policy is anexample of which of the following industry best practices?

Page 101: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

A. Separation of dutiesB. Job rotationC. Privilege escalationD. Implicit deny

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 26Which of the following is the process by which encryption keys are distributed?

A. User access and rights reviewB. Trusted Platform Module (TPM)C. Key managementD. Key escrow

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 27Management wants a security assessment conducted on their network. The assessment must be conductedduring normal business hours without impacting users. Which of the following would BEST facilitate this?

A. A risk assessmentB. A honeynetC. A penetration testD. A vulnerability scan

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 28The manager has tasked an administrator to test the security of the network. The manager wants to know ifthere are any issues that need to be addressed, but the manager is concerned about affecting normaloperations. Which of the following should be used to test the network?

A. Use a protocol analyzer.B. Read the log files on each system on the network.C. Use a vulnerability scanner.D. Launch a DDoD attack in the network and see what occurs.

Correct Answer: C

Page 102: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Section: (none)Explanation

Explanation/Reference:

QUESTION 29The company's new administrative assistant wants to use their name as a password and asks if it isappropriate. Which of the following is the BEST reason for not allowing this?

A. The proposed password does not meet complexity requirements.B. It will require too much time to conduct due diligence.C. The password risks disclosure of Personally Identifiable Information (PII).D. Change management approval has not been granted.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 30A user reports a problem with resetting a password on the company website. The help desk determined theuser was redirected to a fraudulent website. Which of the following BEST describes this attack type?

A. SpywareB. XSSC. WormD. Logic bomb

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 31Which of the following security protocols could be configured to use EAP when connecting to a wireless accesspoint?

A. WPA-personal/TKIPB. RADIUSC. IPSecD. WPA2-enterprise

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 32An administrator needs to ensure that all machines deployed to the production environment follow strict

Page 103: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

company guidelines. Which of the following are they MOST likely to use?

A. Mandatory Access Control (MAC)B. Security templatesC. Horizontal scansD. Vertical scans

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 33The network administrator has been tasked with creating a VPN connection to a vendors site. The vendor isusing older equipment that does not support AES. Which of the following would be the network administratorsBEST option for configuring this link?

A. 3DESB. DESC. PGPD. One time pad

Correct Answer: ASection: (none)Explanation

Explanation/Reference:

QUESTION 34A new software application is designed to interact with the company's proprietary devices. Systems where thesoftware is installed can no longer connect to the devices. Which of the following should the administrator doFIRST?

A. Ensure that the software is compliant to the systems host OS.B. Consult the firewall logs for blocked process threads or port communication.C. Verify that the devices are not rogue machines and blocked by network policy.D. Check the antivirus definitions for false positives caused by the new software.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 35Which of the following is mitigated by implementing proper data validation?

A. RootkitsB. Cross-site scriptingC. SMTP open relaysD. DNS poisoning

Page 104: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 36Which of the following is the BEST way to restrict the GUI interface on a workstation?

A. Batch fileB. Registry editsC. Group policyD. Local policy

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 37Which of the following BEST controls traffic between networks?

A. HIPSB. Access pointC. NIDSD. Firewall

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 38Which of the following cryptographic methods provides the STRONGEST security when implementedcorrectly?

A. WEPB. Elliptic curveC. MD5D. NTLM

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

Page 105: Comptia SY0-401 Exam Questions & Answers · Comptia SY0-401 Exam Questions & Answers ... Exam A QUESTION 1 Which of the following cryptography types provides the same level of security

QUESTION 39After accessing several different Internet sites a user reports their computer is running slow. The technicianverifies that the antivirus definitions on that workstation are current. Which of the following security threats is theMOST probable cause?

A. TrojanB. WormC. SpywareD. Spam

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 40Which of the following is the MOST common way to allow a security administrator to securely administerremote *NIX based systems?

A. IPSecB. PPTPC. SSL/TLSD. SSH

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 41Which of the following protocols requires the use of a CA based authentication process?

A. FTPS implicitB. FTPS explicitC. MD5D. PEAP-TLS

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

http://www.gratisexam.com/