Security+ SY0-401 Exam Review
Terms in this set (72)
An achievement in providing worldwide Internet security was the signing of certificates associated
with which of the following protocols?
A Chief Information Security Officer (CISO) wants to implement two-factor authentication within
the company. Which of the following would fulfill the CISO's requirements?
A. Username and password
B. Retina scan and fingerprint scan
C. USB token and PIN
D. Proximity badge and token
Which of the following can a security administrator implement on mobile devices that will help
prevent unwanted people from viewing the data if the device is left unattended?
A. Screen lock
B. Voice encryption
C. GPS tracking
D. Device encryption
QUESTION NO: 4
Which of the following would a security administrator implement in order to identify a problem
between two systems that are not communicating properly?
A. Protocol analyzer
B. Baseline report
C. Risk assessment
D. Vulnerability scan
Which of the following can result in significant administrative overhead from incorrect reporting?
A. Job rotation
B. Acceptable usage policies
C. False positives
D. Mandatory vacations
A security administrator wants to perform routine tests on the network during working hours when
certain applications are being accessed by the most people. Which of the following would allow
the security administrator to test the lack of security controls for those applications with the least
impact to the system?
A. Penetration test
B. Vulnerability scan
C. Load testing
D. Port scanner
Which of the following risk concepts requires an organization to determine the number of failures
D. Quantitative analysis
A system security analyst using an enterprise monitoring tool notices an unknown internal host
exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate
A. Disabling unnecessary accounts
B. Rogue machine detection
C. Encrypting sensitive files
D. Implementing antivirus
Three of the primary security control types that can be implemented are.
A. Supervisory, subordinate, and peer.
B. Personal, procedural, and legal.
C. Operational, technical, and management.
D. Mandatory, discretionary, and permane
The helpdesk reports increased calls from clients reporting spikes in malware infections on their
systems. Which of the following phases of incident response is MOST appropriate as a FIRST
Which of the following protocols operates at the HIGHEST level of the OSI model?
Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for
a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring
a system reboot to recover with only 10% loss of data or function. Which of the following is the
ALE of this server?
Which of the following should an administrator implement to research current attack
A. Design reviews
C. Vulnerability scanner
D. Code reviews
Which of the following can be implemented in hardware or software to protect a web server from
cross-site scripting attacks?
A. Intrusion Detection System
B. Flood Guard Protection
C. Web Application Firewall
D. URL Content Filter
Which of the following means of wireless authentication is easily vulnerable to spoofing?
A. MAC Filtering
B. WPA - LEAP
C. WPA - PEAP
D. Enabled SSID
The BEST methods for a web developer to prevent the website application code from being
vulnerable to cross-site request forgery (XSRF) are to: (Select TWO).
A. permit redirection to Internet-facing web URLs.
B. ensure all HTML tags are enclosed in angle brackets, e.g., "<" and ">".
C. validate and filter input on the server side and client side.
D. use a web proxy to pass website requests between the user and the application.
E. restrict and sanitize use of special characters in input and URLs.
Jane, a security administrator, needs to implement a secure wireless authentication method that
uses a remote RADIUS server for authentication.
Which of the following is an authentication method Jane should use?
Computer evidence at a crime scene is documented with a tag stating who had possession of the
evidence at a given time.
Which of the following does this illustrate?
A. System image capture
B. Record time offset
C. Order of volatility
D. Chain of custody
A network administrator is configuring access control for the sales department which has high
employee turnover. Which of the following is BEST suited when assigning user rights to individuals
in the sales department?
A. Time of day restrictions
B. Group based privileges
C. User assigned privileges
D. Domain admin restrictions
Which of the following is being tested when a company's payroll server is powered off for eight
A. Succession plan
B. Business impact document
C. Continuity of operations plan
D. Risk assessment plan
A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been
created for a frequently used application. She notifies the software vendor and asks them for
remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability.
Which of the following BEST describes this exploit?
A. Malicious insider threat
C. Client-side attack
D. Malicious add-on
A security administrator has concerns about new types of media which allow for the mass
distribution of personal comments to a select group of people. To mitigate the risks involved with
this media, employees should receive training on which of the following?
A. Peer to Peer
B. Mobile devices
C. Social networking
D. Personally owned devices
A network administrator is responsible for securing applications against external attacks. Every
month, the underlying operating system is updated. There is no process in place for other software
Which of the following processes could MOST effectively mitigate these risks?
A. Application hardening
B. Application change management
C. Application patch management
D. Application firewall review
A software developer is responsible for writing the code on an accounting application. Another
software developer is responsible for developing code on a system in human resources. Once a
year they have to switch roles for several weeks.
Which of the following practices is being implemented?
A. Mandatory vacations
B. Job rotation
C. Least privilege
D. Separation of duties
A network engineer is designing a secure tunneled VPN. Which of the following protocols would
be the MOST secure?
Which of the following implementation steps would be appropriate for a public wireless hot-spot?
A. Reduce power level
B. Disable SSID broadcast
C. Open system authentication
D. MAC filter
Which of the following is a step in deploying a WPA2-Enterprise wireless network?
A. Install a token on the authentication server
B. Install a DHCP server on the authentication server
C. Install an encryption key on the authentication server
D. Install a digital certificate on the authentication server
Which of the following controls would allow a company to reduce the exposure of sensitive
systems from unmanaged devices on internal networks?
B. Data encryption
C. Password strength
Which of the following preventative controls would be appropriate for responding to a directive toreduce the attack surface of a specific host?
A. Installing anti-malware
B. Implementing an IDS
C. Taking a baseline configuration
D. Disabling unnecessary services
A security manager must remain aware of the security posture of each system. Which of the
following supports this requirement?
A. Training staff on security policies
B. Establishing baseline reporting
C. Installing anti-malware software
D. Disabling unnecessary accounts/services
Deploying a wildcard certificate is one strategy to:
A. Secure the certificate's private key.
B. Increase the certificate's encryption key length.
C. Extend the renewal date of the certificate.
D. Reduce the certificate management burden
The security administrator needs to manage traffic on a layer 3 device to support FTP from a new
A. Implicit deny
B. VLAN management
C. Port security
D. Access control lists
Which of the following ports is used for SSH, by default?
A network administrator has been tasked with securing the WLAN. Which of the following
cryptographic products would be used to provide the MOST secure environment for the WLAN?
A. WPA2 CCMP
C. WPA with MAC filtering
D. WPA2 TKIP
A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs:
These attempts are overloading the server to the point that it cannot respond to traffic. Which of
the following attacks is occurring?
Which of the following ciphers would be BEST used to encrypt streaming video?
A user attempting to log on to a workstation for the first time is prompted for the following
information before being granted access: username, password, and a four-digit security pin that
was mailed to him during account registration. This is an example of which of the following?
A. Dual-factor authentication
B. Multifactor authentication
C. Single factor authentication
D. Biometric authentication
After analyzing and correlating activity from multiple sensors, the security administrator has
determined that a group of very well organized individuals from an enemy country is responsible
for various attempts to breach the company network, through the use of very sophisticated and
targeted attacks. Which of the following is this an example of?
A. Privilege escalation
B. Advanced persistent threat
C. Malicious insider threat
D. Spear phishing
Which of the following is true about input validation in a client-server architecture, when data
integrity is critical to the organization?
A. It should be enforced on the client side only.
B. It must be protected by SSL encryption.
C. It must rely on the user's knowledge of the application.
D. It should be performed on the server side
A merchant acquirer has the need to store credit card numbers in a transactional database in a
high performance environment. Which of the following BEST protects the credit card data?
A. Database field encryption
B. File-level encryption
C. Data loss prevention system
D. Full disk encryption
A bank has a fleet of aging payment terminals used by merchants for transactional processing.
The terminals currently support single DES but require an upgrade in order to be compliant with
security standards. Which of the following is likely to be the simplest upgrade to the aging
terminals which will improve in-transit protection of transactional data?
Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI
Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?
A. Protocol analyzer
After a number of highly publicized and embarrassing customer data leaks as a result of social
engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will
reduce the risk of another data leak. Which of the following would be MOST effective in reducing
data leaks in this situation?
A. Information Security Awareness
B. Social Media and BYOD
C. Data Handling and Disposal
D. Acceptable Use of IT Systems
Which of the following functions provides an output which cannot be reversed and converts data
into a string of characters?
B. Stream ciphers
D. Block ciphers
Which of the following encrypts data a single bit at a time?
A. Stream cipher
Which of the following is used to verify data integrity?
By default, which of the following uses TCP port 22? (Select THREE).
Access mechanisms to data on encrypted USB hard drives must be implemented correctly
A. user accounts may be inadvertently locked out.
B. data on the USB drive could be corrupted.
C. data on the hard drive will be vulnerable to log analysis.
D. the security controls on the USB drive can be bypassed.
Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the
CEO's office with various connected cables from the office. Which of the following describes the
type of attack that was occurring?
A. Spear phishing
B. Packet sniffing
D. MAC flooding
A security administrator is segregating all web-facing server traffic from the internal network and
restricting it to a single interface on a firewall. Which of the following BEST describes this new
Which of the following was based on a previous X.500 specification and allows either unencrypted
authentication or encrypted authentication through the use of TLS?
The Quality Assurance team is testing a new third party developed application. The Quality team
does not have any experience with the application. Which of the following is the team performing?
A. Grey box testing
B. Black box testing
C. Penetration testing
D. White box testing
Which of the following has a storage root key?
A datacenter requires that staff be able to identify whether or not items have been removed from
the facility. Which of the following controls will allow the organization to provide automated
notification of item removal?
B. Environmental monitoring
D. EMI shielding
A malicious person gained access to a datacenter by ripping the proximity badge reader off the
wall near the datacenter entrance. This caused the electronic locks on the datacenter door to
release because the:
A. badge reader was improperly installed.
B. system was designed to fail open for life-safety.
C. system was installed in a fail closed configuration.
D. system used magnetic locks and the locks became demagnetized
The concept of rendering data passing between two points over an IP based network impervious
to all but the most sophisticated advanced persistent threats is BEST categorized as which of the
A. Stream ciphers
B. Transport encryption
C. Key escrow
D. Block ciphers
On Monday, all company employees report being unable to connect to the corporate wireless
network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were
made to the wireless network and its supporting infrastructure, and that there are no outages.
Which of the following is the MOST likely cause for this issue?
A. Too many incorrect authentication attempts have caused users to be temporarily disabled.
B. The DNS server is overwhelmed with connections and is unable to respond to queries.
C. The company IDS detected a wireless attack and disabled the wireless network.
D. The Remote Authentication Dial-In User Service server certificate has expired.
Which of the following would BEST deter an attacker trying to brute force 4-digit PIN numbers to
access an account at a bank teller machine?
A. Account expiration settings
B. Complexity of PIN
C. Account lockout settings
D. PIN history requirements
An administrator discovers that many users have used their same passwords for years even
though the network requires that the passwords be changed every six weeks. Which of the
following, when used together, would BEST prevent users from reusing their existing password?
A. Length of password
B. Password history
C. Minimum password age
D. Password expiration
E. Password complexity
F. Non-dictionary words
A recent audit has discovered that at the time of password expiration clients are able to recycle the
previous credentials for authentication. Which of the following controls should be used together to
prevent this from occurring? (Select TWO).
A. Password age
B. Password hashing
C. Password complexity
D. Password history
E. Password length
A system administrator is configuring UNIX accounts to authenticate against an external server.
The configuration file asks for the following information DC=ServerName and DC=COM. Which of
the following authentication services is being used?
In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following?
D. Multifactor authentication
Which of the following network design elements allows for many internal devices to share one
public IP address?
Which of the following components of an all-in-one security appliance would MOST likely be
configured in order to restrict access to peer-to-peer file sharing websites?
A. Spam filter
B. URL filter
C. Content inspection
D. Malware inspection
When considering a vendor-specific vulnerability in critical industrial control systems which of the
following techniques supports availability?
A. Deploying identical application firewalls at the border
B. Incorporating diversity into redundant design
C. Enforcing application white lists on the support workstations
D. Ensuring the systems' anti-virus definitions are up-to-date
During the information gathering stage of a deploying role-based access control model, which of
the following information is MOST likely required?
A. Conditional rules under which certain systems may be accessed
B. Matrix of job titles with required access privileges
C. Clearance levels of all company personnel
D. Normal hours of business operation
The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a
database administrator performing several other job functions within the company. Which of the
following is the BEST method to prevent such activities in the future?
A. Job rotation
B. Separation of duties
C. Mandatory Vacations
D. Least Privilege
Ann would like to forward some Personal Identifiable Information to her HR department by email,
but she is worried about the confidentiality of the information. Which of the following will
accomplish this task securely?
A. Digital Signatures
C. Secret Key
A company is trying to limit the risk associated with the use of unapproved USB devices to copy
documents. Which of the following would be the BEST technology control to use in this scenario?
A. Content filtering
C. Audit logs
A company is trying to implement physical deterrent controls to improve the overall security
posture of their data center. Which of the following BEST meets their goal?
A. Visitor logs
C. Hardware locks
D. Environmental monitoring
A company's employees were victims of a spear phishing campaign impersonating the CEO. The
company would now like to implement a solution to improve the overall security posture by
assuring their employees that email originated from the CEO. Which of the following controls could
they implement to BEST meet this goal?
A. Spam filter
B. Digital signatures
C. Antivirus software
D. Digital certificates
YOU MIGHT ALSO LIKE...
SEC+ Volume A
Security+ SY0-401 Practice Exam 2
Security+ SY0-401 Practice Exam 7
OTHER SETS BY THIS CREATOR
WINDOWS SERVER ADMINISTRATION FUNDAMENTALS 98-365
ACTUAL TESTS MICROSOFT 70-687 EXAM
Linux Part 1
CompTIA SYS-401 Actual Tests
THIS SET IS OFTEN IN FOLDERS WITH...
Security+ (SY0-401) Personal Study Focus
CompTIA Security+ (SY0-401)
Security + CompTIA SY0-401 Practice Test
Security+ Port Numbers