Download Cybersecurity Concepts and Techniques and more Exams Computer Security in PDF only on Docsity! Sec+ 401 Chosen from Top Universities Expert- Verified Questions and Answers Structured for Success in Every Examination Tested and Reliable Exam Strategies Which of the following explains the difference between a public key and a private key? A. The public key is only used by the client while the private key is available to all. Both keys are mathematically related. B. The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related. C. The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption. D. The private key is only used by the client and kept secret while the public key is available to all. - -correct ans- -Answer: D Requiring technicians to report spyware infections is a step in which of the following? A. Routine audits B. Change management C. Incident management D. Clean desk policy - -correct ans- -Answer: C An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future? A. Business continuity planning B. Quantitative assessment C. Data classification D. Qualitative assessment - -correct ans- -Answer: C Which of the following provides the LEAST availability? A. RAID 0 B. RAID 1 C. RAID 3 D. RAID 5 - -correct ans- -Answer: A FTP/S uses which of the following TCP ports by default? A. 20 and 21 B. 139 and 445 C. 443 and 22 D. 989 and 990 - -correct ans- -Answer: D Which of the following is mainly used for remote access into the network? A. XTACACS B. TACACS+ C. Kerberos D. RADIUS - -correct ans- -Answer: D Which of the following types of data encryption would Matt, a security administrator, use to encrypt a specific table? Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause? A. The system is running 802.1x. B. The system is using NAC. C. The system is in active-standby mode. D. The system is virtualized. - -correct ans- -Answer: D Sara, a security administrator, is noticing a slow down in the wireless network response. Sara launches a wireless sniffer and sees a large number of ARP packets being sent to the AP. Which of the following type of attacks is underway? A. IV attack B. Interference C. Blue jacking D. Packet sniffing - -correct ans- -Answer: A Pete, the security administrator, has been notified by the IDS that the company website is under attack. Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public bulletin board. INSERT INTO message `<script>source=http://evilsite</script> This is an example of which of the following? A. XSS attack B. XML injection attack C. Buffer overflow attack D. SQL injection attack - -correct ans- -Answer: A Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised? A. Least privilege B. Sandboxing C. Black box D. Application hardening - -correct ans- -Answer: B Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection? A. HIPS B. Antivirus C. NIDS D. ACL - -correct ans- -Answer: A Jane, an IT administrator, is implementing security controls on a Microsoft Windows based kiosk used at a bank branch. This kiosk is used by the public for Internet banking. Which of the following controls will BEST protect the kiosk from general public users making system changes? A. Group policy implementation B. Warning banners C. Command shell restrictions D. Host based firewall - -correct ans- -Answer: A Sara, the Chief Information Officer (CIO), has tasked the IT department with redesigning the network to rely less on perimeter firewalls, to implement a standard operating environment for client devices, and to disallow personally managed devices on the network. Which of the following is Sara's GREATEST concern? A. Malicious internal attacks B. Data exfiltration C. Audit findings D. Incident response - -correct ans- -Answer: B Which of the following data loss prevention strategies mitigates the risk of replacing hard drives that cannot be sanitized? A. Virtualization B. Patch management C. Full disk encryption D. Database encryption - -correct ans- -Answer: C Which of the following does Jane, a software developer, need to do after compiling the source B. Bluejacking C. Bluesnarfing D. Packet sniffing - -correct ans- -Answer: B A network device that protects an enterprise based only on source and destination addresses is BEST described as: A. IDS. B. ACL. C. Stateful packet filtering. D. Simple packet filtering. - -correct ans- -Answer: D A human resources employee receives an email from a family member stating there is a new virus going around. In order to remove the virus, a user must delete the Boot.ini file from the system immediately. This is an example of which of the following? A. Hoax B. Spam C. Whaling D. Phishing - -correct ans- -Answer: A QUESTION 807 A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing? A. Single sign-on B. Authorization C. Access control D. Authentication - -correct ans- -Answer: D Jane has implemented an array of four servers to accomplish one specific task. This is BEST known as which of the following? A. Clustering B. RAID C. Load balancing D. Virtualization - -correct ans- -Answer: A Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges? A. Internal account audits B. Account disablement C. Time of day restriction D. Password complexity - -correct ans- -Answer: A To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third party software and hardware vendors. Which of the following should be recommended? A. SHA B. MD5 C. Blowfish D. AES - -correct ans- -Answer: D After a new firewall has been installed, devices cannot obtain a new IP address. Which of the following ports should Matt, the security administrator, open on the firewall? A. 25 B. 68 C. 80 D. 443 - -correct ans- -Answer: B A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior? A. Assign users passwords based upon job role. B. Enforce a minimum password age policy. C. Prevent users from choosing their own passwords. D. Increase the password expiration time frame. - -correct ans- -Answer: B The systems administrator notices that many employees are using passwords that can be easily guessed or are susceptible to brute force attacks. Which of the following would BEST mitigate this risk? C. Enforcing whole disk encryption. D. Moving data and applications into the cloud. - -correct ans- -Answer: A The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO's requirements? A. Sniffers B. NIDS C. Firewalls D. Web proxies E. Layer 2 switches - -correct ans- -Answer: C One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory. Which of the following would have BEST kept this incident from occurring? A. Set up a protocol analyzer B. Set up a performance baseline C. Review the systems monitor on a monthly basis D. Review the performance monitor on a monthly basis - -correct ans- -Answer: B Used in conjunction, which of the following are PII? (Select TWO). A. Marital status B. Favorite movie C. Pet's name D. Birthday E. Full name - -correct ans- -Answer: DE Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks? A. Check the referrer field in the HTTP header B. Disable Flash content C. Use only cookies for authentication D. Use only HTTPS URLs - -correct ans- -Answer: A Which of the following practices is used to mitigate a known security vulnerability? A. Application fuzzing B. Patch management C. Password cracking D. Auditing security logs - -correct ans- -Answer: B Which of the following would Jane, an administrator, use to detect an unknown security vulnerability? A. Patch management B. Application fuzzing C. ID badge D. Application configuration baseline - -correct ans- -Answer: B When reviewing a digital certificate for accuracy, which of the following would Matt, a security administrator, focus on to determine who affirms the identity of the certificate owner? A. Trust models B. CRL C. CA D. Recovery agent - -correct ans- -Answer: C Which of the following is a notification that an unusual condition exists and should be investigated? A. Alert B. Trend C. Alarm D. Trap - -correct ans- -Answer: A If you don't know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it? A. macconfig B. ifconfig C. ipconfig D. config - -correct ans- -Answer: B Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO). D. Antenna placement - -correct ans- -Answer: A A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system's services to the list of standard services on the company's system image. This review process depends on: A. MAC filtering. B. system hardening. C. rogue machine detection. D. baselining. - -correct ans- -Answer: D A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as: A. symmetric cryptography. B. private key cryptography. C. salting. D. rainbow tables. - -correct ans- -Answer: C In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence? A. Mitigation B. Identification C. Preparation D. Lessons learned - -correct ans- -Answer: D A security technician has been asked to recommend an authentication mechanism that will allow users to authenticate using a password that will only be valid for a predefined time interval. Which of the following should the security technician recommend? A. CHAP B. TOTP C. HOTP D. PAP - -correct ans- -Answer: B