Frage 1
Frage
Which of the following is a goal of penetration testing?
Antworten
-
Passively assess web vulnerabilities
-
To check compliance of the router configuration
-
Provide a passive check of the networks security
-
Actively assess deployed security controls
Frage 2
Frage
Using a smartcard and a physical token is considered how many factors of authentication?
Frage 3
Frage
Which of the following increases availability during periods of electromagnetic interference? (Select
TWO)
Antworten
-
Fiber optic cable
-
Straight-through cable
-
STP cable
-
Crossover cable
-
UTP cable
Frage 4
Frage
A computer is displaying an MBR error upon restart. The technician is told the user has just installed
new software. Which of the following threats is the MOST likely cause of this error?
Antworten
-
Distributed DoS
-
Boot sector virus
-
ActiveX
-
Trojan
Frage 5
Frage
Which of the following should be disabled to help prevent boot sector viruses from launching when a
computer boots?
Frage 6
Frage
Which of the following video surveillance systems should be installed on an existing network?
Frage 7
Frage
Which of the following has a 128-bit message digest?
Frage 8
Frage
Which of the following is commonly used to secure HTTP and SMTP traffic?
Frage 9
Frage
Which of the following uses an RC4 key that can be discovered by eavesdropping on plain text
initialization vectors?
Frage 10
Frage
A retinal scanner provides which of the following authentication types?
Antworten
-
Biometric
-
Token
-
Two-factor
-
Optic
Frage 11
Frage
The accounting group, clinical group and operations group only have access to their own applications.
The company often needs auditors to have access to all three groups applications with little notice. Which
of the following would simplify the process of granting auditors permissions to all the applications?
Antworten
-
Create an auditors group and merge the members of the accounting, clinical and operations groups
-
Create an auditors group and add each user to the accounting, clinical and operations groups
individually
-
Create an auditors group and add each of the accounting, clinical and operations groups to the auditors group
-
Create an auditors group and add the group to each of the accounting, clinical and operations groups
Frage 12
Frage
Which of the following utilities would allow a system administrator to discover why an ISP is generating
a large amount of TCP RST packets?
Antworten
-
L0phtcrack
-
Wireshark
-
Nmap
-
Nessus
Frage 13
Frage
A large amount of continuous small transmissions are originating from multiple external hosts to the
corporate web server, which is also inaccessible to users. Which of the following attacks is MOST likely the
cause?
Antworten
-
Spoofing
-
DNS poisoning
-
DDoS
-
DoS
Frage 14
Frage
A network security administrator is worried about potential man-in-the-middle attacks against users
when they access a corporate website from their workstations. Which of the following is the BEST
mitigation against this type of attack?
Antworten
-
Implementing server-side PKI certificates for all connections
-
Mandating only client-side PKI certificates for all connections
-
Requiring client and server PKI certificates for all connections
-
Requiring strong authentication for all DNS queries
Frage 15
Frage
The security administrator at a small company is having trouble sending and receiving SMTP traffic
from the network to the external gateway. Network utilization is very high with most traffic originating at one
external IP address and ending at the SMTP server. Which of the following is MOST likely happening?
Antworten
-
DoS attack
-
Open mail relays
-
Distributed DoS attack
-
Spear-phishing
Frage 16
Frage
The last company administrator failed to renew the registration for the corporate web site (e.g.
https://www.comptia.org). When the new administrator tried to register the website it is discovered that the
registration is being held by a series of small companies for very short periods of time. This is typical of
which of the following?
Antworten
-
Spoofing
-
TCP/IP hijacking
-
Domain name kiting
-
DNS poisoning
Frage 17
Frage
When used to encrypt transmissions, which of the following is the MOST resistant to brute force attacks?
Frage 18
Frage
Which of the following is the BEST choice for whole disk encryption when confidentiality is the primary
concern?
Frage 19
Frage
The primary purpose of a hot site is to ensure which of the following?
Antworten
-
Adequate HVAC to meet environmental initiatives
-
Recovery of operations within 30 days after a disaster
-
Transition of operations in a short time period in a disaster
-
Seamless operations in the event of a disaster
Frage 20
Frage
Which of the following is a component of a disaster recovery plan for a company that expects a site to
be rendered non-usable during a disaster and needs a nearly transparent transfer of operations?
Antworten
-
Warm site
-
Cold site
-
Hot site
-
Alternate site
Frage 21
Frage
Which of the following is the BEST mitigation method to implement when protecting against a
discovered OS exploit?
Antworten
-
NIDS
-
Patch
-
Antivirus update
-
HIDS
Frage 22
Frage
Which of the following MUST be taken into account when conducting risk assessments on necessary
systems that are very old, costly to maintain, and very difficult to upgrade?
Antworten
-
Likelihood vulnerability will be exploited
-
Frequency of patches published by the developer
-
Likelihood an attacker will notice the system
-
Maintenance costs associated with the system
Frage 23
Frage
Implicit deny is the practice of setting ACLs to which of the following conditions?
Antworten
-
Verify all IP packets
-
Not allow by default
-
Transfer all traffic
-
Not allow by exception
Frage 24
Frage
Which of the following can virtualization technology provide with respect to availability?
Antworten
-
The capability to manually transition hosts as hardware is added
-
The capacity to deploy more encrypted guests than hardware allows
-
The capability to automatically transition guests as hardware fails
-
The ability to provision more services during off peak hours
Frage 25
Frage
Which of the following is made possible by some commercial virtualization hosting applications?
Antworten
-
Automatic redundancy for power in the event of a blackout
-
Seamless switching between telephony and IP telephony
-
Automatic transfer of applications when hardware fails
-
Transfer of network infrastructure components to meet demand
Frage 26
Frage
Cell phones with network access and the ability to store data files are susceptible to which of the
following risks?
Antworten
-
Input validation errors
-
SMTP open relays
-
Viruses
-
Logic bombs
Frage 27
Frage
If an administrator wanted to gather information about the tools and techniques used by attackers,
which of the following could be used?
Antworten
-
VLANs
-
Honeypot
-
Back door
-
Firewall
Frage 28
Frage
Shielded communications media is MOST often used to prevent electrical emanations from being
detected and crosstalk between which of the following?
Antworten
-
Networks
-
Cables
-
VLANs
-
VPNs
Frage 29
Frage
To prevent unintentional DoS, which of the following should network users be restricted from doing?
Antworten
-
Printing to non-local printers
-
Restarting their own print jobs
-
Installing print management software
-
Deleting jobs from the print queue
Frage 30
Frage
Which of the following would a network administrator implement to control traffic being routed between
networks or network segments in an effort to preserve data confidentiality?
Antworten
-
NAT
-
Group policies
-
Password policies
-
ACLs
Frage 31
Frage
An employee reports that while at the airport an unknown user was taking pictures of the employees
screen. This is commonly known as which of the following?
Antworten
-
Shoulder surfing
-
Phishing
-
Spyware
-
Dumpster diving
Frage 32
Frage
The director of finance is worried about information being seen while working on a laptop at the local
coffee shop. Which of the following can be used to avoid shoulder surfing?
Antworten
-
Spyware
-
Antivirus
-
Privacy screen
-
Spam
Frage 33
Frage
A user needs to send bank account information to the Human Resource department for payroll. This
type of information is considered which of the following?
Frage 34
Frage
A user wants to send personally identifiable information to the security office via email, so they can
perform a background check. Which of the following should be used to send the information to the security
office?
Antworten
-
Level of importance
-
Digital signature
-
Encryption
-
Signature line
Frage 35
Frage
A security administrator wants to prevent employees from sending unencrypted email with proprietary
information. Which of the following can help mitigate this type of problem?
Frage 36
Frage
A technician needs to setup a secure room to enable a private VTC system. Which of the following
should be installed to prevent devices from listening to the VTC?
Antworten
-
Shielding
-
HIDS
-
HVAC
-
MD5 hashing
Frage 37
Frage
A user reports that the workstation is going to obscure websites unexpectedly. Which of the following
should a first responder do when arriving at the workstation?
Frage 38
Frage
A technician is setting up a secure laptop and wants to ensure that every log is captured for later
evaluation. In which of the following locations would this information need to be noted?
Antworten
-
Disaster recovery plan
-
Retention policy
-
Group policy
-
User review
Frage 39
Frage
The president of the company is trying to get to their banks website, and the browser is displaying that
the webpage is being blocked by the system administrator.Which of the following logs would the technician
review?
Antworten
-
DNS
-
Performance
-
System
-
Content filter
Frage 40
Frage
A user reports that the spreadsheet they use for the department will not open. The spreadsheet is
located on a server that was recently patched. Which of the following logs would the technician review
FIRST?
Antworten
-
Access
-
Firewall
-
Antivirus
-
DNS
Frage 41
Frage
Which of the following allows a users private IP address to be displayed as the firewall IP address
when browsing the Internet?
Antworten
-
Screened subnet
-
Dual-homed
-
DHCP
-
NAT
Frage 42
Frage
A user reports that each time they attempt to go to a legitimate website, they are sent to an
inappropriate website. The security administrator suspects the user may have malware on the computer,
which manipulated some of the users files. Which of the following files on the users system would need to
be checked for unauthorized changes?
Antworten
-
SAM
-
LMhosts
-
Services
-
Hosts
Frage 43
Frage
A security administrator responds to a report of a web server that has been compromised. The security
administrator observes the background has been changed to an image of an attacker group. Which of the
following would be the FIRST step in the incident response process?
Frage 44
Frage
While responding to a confirmed breach of the organizations web server, the security administrator
determines the source of the attack was from a rival organizations IP address range.Which of the following
should the security administer do with this information?
Frage 45
Frage
Which of the following organizational disaster recovery types would provide a building and network
equipment but not current application data?
Antworten
-
Warm site
-
Field site
-
Cold site
-
Hot site
Frage 46
Frage
A security administrator is installing a new NIDS. For the NIDS to view all of the available traffic on a
given segment, which of the following must the network administrator configure on the switch?
Antworten
-
VLAN
-
Mirrored port
-
NAT
-
Management interface
Frage 47
Frage
Which of the following solutions will allow a security administrator to implement a white list of
applications authorized on a users PC?
Antworten
-
Antivirus
-
HIPS
-
HIDS
-
Anti-spam
Frage 48
Frage
Which of the following is an authentication method that uses symmetric key encryption and a key
distribution center?
Antworten
-
MS-CHAP
-
Kerberos
-
802.1x
-
EAP