Download Cybersecurity Concepts and Practices and more Exams Computer Security in PDF only on Docsity! Sec+ 401 Tested and Reliable Exam Strategies Certified for Academic Excellence Questions from Top-Tier Universities With Detailed Answer Rationale Chosen from Top Universities A third party application has the ability to maintain its own user accounts or it may use single sign- on. To use single sign-on, the application is requesting the following information: OU=Users, DC=Domain, DC=COM. This application is requesting which of the following authentication services? A. TACACS+ B. RADIUS C. LDAP D. Kerberos - -correct ans- -Answer: C Power and data cables from the network center travel through the building's boiler room. Which of the following should be used to prevent data emanation? A. Video monitoring B. EMI shielding C. Plenum CAT6 UTP D. Fire suppression - -correct ans- -Answer: B Which of the following must a security administrator implement to isolate public facing servers from both the corporate network and the Internet? A. NAC B. IPSec C. DMZ D. NAT - -correct ans- -Answer: C Which of the following protocols provides fast, unreliable file transfer? A. TFTP B. SFTP C. Telnet D. FTPS - -correct ans- -Answer: A Which of the following digital certificate management practices will ensure that a lost certificate is not compromised? A. Key escrow B. Non-repudiation C. Recovery agent D. CRL - -correct ans- -Answer: D Which of the following protocols operates at the HIGHEST level of the OSI model? A. ICMP B. IPSec C. SCP D. TCP - -correct ans- -Answer: C Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for B. VLAN management C. Port security D. Access control lists - -correct ans- -Answer: D A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs: 10.10.3.16 10.10.3.23 212.178.24.26 217.24.94.83 These attempts are overloading the server to the point that it cannot respond to traffic. Which of the following attacks is occurring? A. XSS B. DDoS C. DoS D. Xmas - -correct ans- -Answer: B Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization? A. It should be enforced on the client side only. B. It must be protected by SSL encryption. C. It must rely on the user's knowledge of the application. D. It should be performed on the server side. - -correct ans- -Answer: D Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model? A. WAF B. NIDS C. Routers D. Switches - -correct ans- -Answer: A Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment? A. Protocol analyzer B. Router C. Firewall D. HIPS - -correct ans- -Answer: A A datacenter requires that staff be able to identify whether or not items have been removed from the facility. Which of the following controls will allow the organization to provide automated notification of item removal? A. CCTV B. Environmental monitoring C. RFID D. EMI shielding - -correct ans- -Answer: C A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This caused the electronic locks on the datacenter door to release because the. A. badge reader was improperly installed. B. system was designed to fail open for life-safety. C. system was installed in a fail closed configuration. D. system used magnetic locks and the locks became demagnetized. - -correct ans- - Answer: B The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as which of the following? A. Stream ciphers B. Transport encryption C. Key escrow D. Block ciphers - -correct ans- -Answer: B On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the MOST likely cause for this issue? A. Too many incorrect authentication attempts have caused users to be temporarily disabled. A. Deploying identical application firewalls at the border B. Incorporating diversity into redundant design C. Enforcing application white lists on the support workstations D. Ensuring the systems' anti-virus definitions are up-to-date - -correct ans- -Answer: B During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required? A. Conditional rules under which certain systems may be accessed B. Matrix of job titles with required access privileges C. Clearance levels of all company personnel D. Normal hours of business operation - -correct ans- -Answer: B The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future? A. Job rotation B. Separation of duties C. Mandatory Vacations D. Least Privilege - -correct ans- -Answer: B A recently installed application update caused a vital application to crash during the middle of the workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue. Which of the following could BEST prevent this issue from occurring again? A. Application configuration baselines B. Application hardening C. Application access controls D. Application patch management - -correct ans- -Answer: D A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs. Which of the following should the administrator use to test the patching process quickly and often? A. Create an incremental backup of an unpatched PC B. Create an image of a patched PC and replicate it to servers C. Create a full disk image to restore after each installation D. Create a virtualized sandbox and utilize snapshots - -correct ans- -Answer: D An auditing team has found that passwords do not meet best business practices. Which of the following will MOST increase the security of the passwords? (Select TWO). A. Password Complexity B. Password Expiration C. Password Age D. Password Length E. Password History - -correct ans- -Answer: AD A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system. Which of the following describes this cause? A. Application hardening B. False positive C. Baseline code review D. False negative - -correct ans- -Answer: B QUESTION 895 Company A submitted a bid on a contract to do work for Company B via email. Company B was insistent that the bid did not come from Company A. Which of the following would have assured that the bid was submitted by Company A? A. Steganography B. Hashing C. Encryption D. Digital Signatures - -correct ans- -Answer: D QUESTION 896 Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect. Which of the following is MOST likely the reason? A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan. C. Format the storage and reinstall both the OS and the data from the most current backup. D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised. - -correct ans- -Answer: A QUESTION 901 Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab? A. Armored virus B. Polymorphic malware C. Logic bomb D. Rootkit - -correct ans- -Answer: A QUESTION 902 Using a heuristic system to detect an anomaly in a computer's baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw. Which of the following attacks has MOST likely occurred? A. Cookie stealing B. Zero-day C. Directory traversal D. XML injection - -correct ans- -Answer: B QUESTION 903 After copying a sensitive document from his desktop to a flash drive, Joe, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Joe's desktop remain encrypted when moved to external media or other network based storage? A. Whole disk encryption B. Removable disk encryption C. Database record level encryption D. File level encryption - -correct ans- -Answer: D QUESTION 904 A security administrator must implement a system to allow clients to securely negotiate encryption keys with the company's server over a public unencrypted communication channel. Which of the following implements the required secure key negotiation? (Select TWO). A. PBKDF2 B. Symmetric encryption C. Steganography D. ECDHE E. Diffie-Hellman - -correct ans- -Answer: DE QUESTION 905 Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp's debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party? A. The data should be encrypted prior to transport B. This would not constitute unauthorized data sharing C. This may violate data ownership and non-disclosure agreements D. Acme Corp should send the data to ABC Services' vendor instead - -correct ans- - Answer: C QUESTION 906 An organization has introduced token-based authentication to system administrators due to risk of password compromise. The tokens have a set of numbers that automatically change every 30 seconds. Which of the following type of authentication mechanism is this? A. TOTP B. Smart card C. CHAP D. HOTP - -correct ans- -Answer: A QUESTION 907