CompTIA Security+ Certification Exam SY0-601
Version- 7.0 |301 actual exam Questions & Answers|
A security administrator is implementing a security program that addresses
confidentiality and availability. What else should the administrator include? -
ANSWER Ensure systems are not susceptible to unauthorized changes
You need to transmit PII via email and you wan tot maintain its confidentiality. What
should you do? - ANSWER Encrypt it before sending
Lisa manages network devices in your organization and maintains copies of the
configuration files for all the managed routers and switches. On a weekly basis, she
creates hashes for these files and compares them with the hashes she created on
the same files the previous week. Which security goal is she pursuing? - ANSWER
Integrity
An organization wants to provide protection against malware attacks. Administrators
have installed antivirus software on all computers. Additionally, they implemented a
firewall and an IDS on the network. What identifies this principle? - ANSWER
Layered Security
Homer called into the help desk and says he forgot his password. What should the
help-desk professional do after Homer has verified his identity? - ANSWER Reset
the password and configure the password to expire after the first use
Which type of authentication does a hardware token provide? - ANSWER One-time
password
Which type of authentication is a retina scan? - ANSWER Biometric
Users are required to log on to their computers with a smart card and a PIN. Which
describes this? - ANSWER Multifactor authentication
Your company recently began allowing workers to telecommute from home one or
more days a week. However, your company doesn't currently have a remote access
solution. They want to implement an AAA solution that supports different vendors.
Which of the following is the BEST choice? - ANSWER RADIUS
Your organization has implemented a system that stores user credentials in a central
database. Users log on once with their credentials. They can then access other
systems in the organization without logging on again. What does this describe? -
ANSWER Single sign-on
Your organization issues users a variety of different mobile devices. However,
management wants to reduce potential data losses if the devices are lost or stolen.
,Which of the following is the BEST technical control to achieve this goal? - ANSWER
Disk encryption
Your primary job activities include monitoring security logs, analyzing trend reports,
and installing CCTV systems. Which of the following choices BEST identifies your
responsibilities? - ANSWER Detecting security incidents and implementing
monitoring controls
A security professional has reported an increase in the number of tailgating
violations into a secure data center. What can prevent this? - ANSWER Mantrap
You are redesigning your password policy. You want to ensure that users change
their passwords regularly, but they are unable to reuse passwords. What settings
should you configure? - ANSWER Maximum password age, password history, and
minimum password age
An outside security auditor recently completed an in-depth security audit on your
network. One of the issues he reported was related to passwords. Specifically, he
found the following passwords used on the network: Pa$$, 1@W2, and G7bT3.
What should be changed to avoid the problem shown with these passwords? -
ANSWER Password length
A recent security audit discovered several apparently dormant user accounts.
Although users could log on to the accounts, no one had logged on to them for more
than 60 days. You later discovered that these accounts are for contractors who work
approximately one week every quarter. What is the BEST response to this situation?
- ANSWER Disable the accounts
Your organization routinely hires contractors to assist with different projects.
Administrators are rarely notified when a project ends and contractors leave. Which
of the following is the BEST choice to ensure that contractors cannot log on with their
account after they leave? - ANSWER Enable account expiration
Developers are planning to develop an application using role-based access control.
Which of the following would they MOST likely include in their planning? - ANSWER
A matrix of functions matched with their required privileges
An organization has implemented an access control model that enforces permissions
based on data labels assigned at different levels. What type of model is this? -
ANSWER mandatory access control (MAC)
Your organization's security policy requires that PII data at rest and PII data in transit
be encrypted. Of the following choices? what would the organization use to achieve
these objectives? - ANSWER Secure Shell (SSH) and Pretty Good Privacy / GNU
Privacy Guard (PGP/GPG)
Which of the following list of protocols use TCP port 22 by default? - ANSWER SSH,
SCP, SFTP
,Bart wants to block access to all external web sites. Which port should he block at
the firewall? - ANSWER TCP 80
You need to manage a remote server. Which of the following ports should you open
on the firewall between your system and the remote server? - ANSWER 22 and
3389
While reviewing logs on a firewall, you see several requests for the AAAA record of
gcgapremium.com. What is the purpose of this request? - ANSWER To identify the
IPv6 address of gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the "A" record of
gcgapremium.com. What is the purpose of this request? - ANSWER To identify the
IPv4 address of gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the MX record of
gcgapremium.com. What is the purpose of this request? - ANSWER To identify the
mail server for gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the CNAME record
of gcgapremium.com. What is the purpose of this request? - ANSWER To identify
any aliases used by gcgapremium.com
Your organization has several switches used within the network. You need to
implement a security control to secure the switch from physical access. What should
you do? - ANSWER Disable unused ports
You are configuring a switch and need to ensure that only authorized devices can
connect to it and access the network through this switch. Which of the following is
the BEST choice to meet this goal? - ANSWER Implement 802.1x
An ______________ server provides port-based authentication and can prevent
unauthorized devices from connecting to a network. - ANSWER 802.1x
__________________________ will prevent switching loop problems, but doesn't
authenticate clients. - ANSWER Rapid Spanning Tree Protocol (RSTP)
You need to configure a UTM security appliance to restrict access to peer-to-peer file
sharing web sites. What are you MOST likely to configure? - ANSWER URL filter
Your organization has implemented a network design that allows internal computers
to share one public IP address. Of the following choices, what did they MOST likely
implement? - ANSWER Port Address Translation (PAT)
Port Address Translation (PAT) is a form of __________________ and it allows
many internal devices to share one public IP address. - ANSWER Network Address
Translation (NAT)
____________________________ uses multiple public IP addresses instead of just
one. - ANSWER Dynamic Network Address Translation (DNAT)
, __________________________ secures transmissions for data in transit. -
ANSWER Transport Layer Security (TLS)
What would you configure on a Layer 3 device to allow FTP traffic to pass through? -
ANSWER Access Control List (ACL)
What type of device would have the following entries used to define its operation?
permit IP any any eq 80
permit IP any any eq 443
deny IP any any - ANSWER Firewall
You are preparing to deploy an anomaly-based detection system to monitor network
activity. What would you create first? - ANSWER Baseline
A security company wants to gather intelligence about current methods attackers are
using against its clients. What can it use? - ANSWER Honeynet
________________ help protect against SYN flood attacks. - ANSWER Flood
guards
______________________ systems use signatures similar to antivirus software. -
ANSWER Signature-based
A __________________ is a server designed to look valuable to an attacker and can
divert attacks. - ANSWER Honeypot
Lisa oversees and monitors processes at a water treatment plant using SCADA
systems. Administrators recently discovered malware on her system that was
connected to the SCADA systems. Although they removed the malware,
management is still concerned. Lisa needs to continue using her system and it's not
possible to update the SCADA system. What can mitigate this risk? - ANSWER
Install a NIPS on the border of the SCADA network
Your organization maintains a separate wireless network for visitors in a conference
room. However, you have recently noticed that people are connecting to this network
even when there aren't any visitors in the conference room. You want to prevent
these connections, while maintaining easy access for visitors in the conference
room. Which of the following is the BEST solution? - ANSWER Reduce antenna
power
Which of the following represents the BEST action to increase security in a wireless
network? - ANSWER Replace Temporal Key Integrity Protocol (TKIP) with Counter
Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Your organization is hosting a wireless network with an 802.1x server using
Protected Extensible Authentication Protocol (PEAP). On Thursday, users report
they can no longer access the wireless network. Administrators verified the network
configuration matches the baseline, there aren't any hardware outages, and the
Version- 7.0 |301 actual exam Questions & Answers|
A security administrator is implementing a security program that addresses
confidentiality and availability. What else should the administrator include? -
ANSWER Ensure systems are not susceptible to unauthorized changes
You need to transmit PII via email and you wan tot maintain its confidentiality. What
should you do? - ANSWER Encrypt it before sending
Lisa manages network devices in your organization and maintains copies of the
configuration files for all the managed routers and switches. On a weekly basis, she
creates hashes for these files and compares them with the hashes she created on
the same files the previous week. Which security goal is she pursuing? - ANSWER
Integrity
An organization wants to provide protection against malware attacks. Administrators
have installed antivirus software on all computers. Additionally, they implemented a
firewall and an IDS on the network. What identifies this principle? - ANSWER
Layered Security
Homer called into the help desk and says he forgot his password. What should the
help-desk professional do after Homer has verified his identity? - ANSWER Reset
the password and configure the password to expire after the first use
Which type of authentication does a hardware token provide? - ANSWER One-time
password
Which type of authentication is a retina scan? - ANSWER Biometric
Users are required to log on to their computers with a smart card and a PIN. Which
describes this? - ANSWER Multifactor authentication
Your company recently began allowing workers to telecommute from home one or
more days a week. However, your company doesn't currently have a remote access
solution. They want to implement an AAA solution that supports different vendors.
Which of the following is the BEST choice? - ANSWER RADIUS
Your organization has implemented a system that stores user credentials in a central
database. Users log on once with their credentials. They can then access other
systems in the organization without logging on again. What does this describe? -
ANSWER Single sign-on
Your organization issues users a variety of different mobile devices. However,
management wants to reduce potential data losses if the devices are lost or stolen.
,Which of the following is the BEST technical control to achieve this goal? - ANSWER
Disk encryption
Your primary job activities include monitoring security logs, analyzing trend reports,
and installing CCTV systems. Which of the following choices BEST identifies your
responsibilities? - ANSWER Detecting security incidents and implementing
monitoring controls
A security professional has reported an increase in the number of tailgating
violations into a secure data center. What can prevent this? - ANSWER Mantrap
You are redesigning your password policy. You want to ensure that users change
their passwords regularly, but they are unable to reuse passwords. What settings
should you configure? - ANSWER Maximum password age, password history, and
minimum password age
An outside security auditor recently completed an in-depth security audit on your
network. One of the issues he reported was related to passwords. Specifically, he
found the following passwords used on the network: Pa$$, 1@W2, and G7bT3.
What should be changed to avoid the problem shown with these passwords? -
ANSWER Password length
A recent security audit discovered several apparently dormant user accounts.
Although users could log on to the accounts, no one had logged on to them for more
than 60 days. You later discovered that these accounts are for contractors who work
approximately one week every quarter. What is the BEST response to this situation?
- ANSWER Disable the accounts
Your organization routinely hires contractors to assist with different projects.
Administrators are rarely notified when a project ends and contractors leave. Which
of the following is the BEST choice to ensure that contractors cannot log on with their
account after they leave? - ANSWER Enable account expiration
Developers are planning to develop an application using role-based access control.
Which of the following would they MOST likely include in their planning? - ANSWER
A matrix of functions matched with their required privileges
An organization has implemented an access control model that enforces permissions
based on data labels assigned at different levels. What type of model is this? -
ANSWER mandatory access control (MAC)
Your organization's security policy requires that PII data at rest and PII data in transit
be encrypted. Of the following choices? what would the organization use to achieve
these objectives? - ANSWER Secure Shell (SSH) and Pretty Good Privacy / GNU
Privacy Guard (PGP/GPG)
Which of the following list of protocols use TCP port 22 by default? - ANSWER SSH,
SCP, SFTP
,Bart wants to block access to all external web sites. Which port should he block at
the firewall? - ANSWER TCP 80
You need to manage a remote server. Which of the following ports should you open
on the firewall between your system and the remote server? - ANSWER 22 and
3389
While reviewing logs on a firewall, you see several requests for the AAAA record of
gcgapremium.com. What is the purpose of this request? - ANSWER To identify the
IPv6 address of gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the "A" record of
gcgapremium.com. What is the purpose of this request? - ANSWER To identify the
IPv4 address of gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the MX record of
gcgapremium.com. What is the purpose of this request? - ANSWER To identify the
mail server for gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the CNAME record
of gcgapremium.com. What is the purpose of this request? - ANSWER To identify
any aliases used by gcgapremium.com
Your organization has several switches used within the network. You need to
implement a security control to secure the switch from physical access. What should
you do? - ANSWER Disable unused ports
You are configuring a switch and need to ensure that only authorized devices can
connect to it and access the network through this switch. Which of the following is
the BEST choice to meet this goal? - ANSWER Implement 802.1x
An ______________ server provides port-based authentication and can prevent
unauthorized devices from connecting to a network. - ANSWER 802.1x
__________________________ will prevent switching loop problems, but doesn't
authenticate clients. - ANSWER Rapid Spanning Tree Protocol (RSTP)
You need to configure a UTM security appliance to restrict access to peer-to-peer file
sharing web sites. What are you MOST likely to configure? - ANSWER URL filter
Your organization has implemented a network design that allows internal computers
to share one public IP address. Of the following choices, what did they MOST likely
implement? - ANSWER Port Address Translation (PAT)
Port Address Translation (PAT) is a form of __________________ and it allows
many internal devices to share one public IP address. - ANSWER Network Address
Translation (NAT)
____________________________ uses multiple public IP addresses instead of just
one. - ANSWER Dynamic Network Address Translation (DNAT)
, __________________________ secures transmissions for data in transit. -
ANSWER Transport Layer Security (TLS)
What would you configure on a Layer 3 device to allow FTP traffic to pass through? -
ANSWER Access Control List (ACL)
What type of device would have the following entries used to define its operation?
permit IP any any eq 80
permit IP any any eq 443
deny IP any any - ANSWER Firewall
You are preparing to deploy an anomaly-based detection system to monitor network
activity. What would you create first? - ANSWER Baseline
A security company wants to gather intelligence about current methods attackers are
using against its clients. What can it use? - ANSWER Honeynet
________________ help protect against SYN flood attacks. - ANSWER Flood
guards
______________________ systems use signatures similar to antivirus software. -
ANSWER Signature-based
A __________________ is a server designed to look valuable to an attacker and can
divert attacks. - ANSWER Honeypot
Lisa oversees and monitors processes at a water treatment plant using SCADA
systems. Administrators recently discovered malware on her system that was
connected to the SCADA systems. Although they removed the malware,
management is still concerned. Lisa needs to continue using her system and it's not
possible to update the SCADA system. What can mitigate this risk? - ANSWER
Install a NIPS on the border of the SCADA network
Your organization maintains a separate wireless network for visitors in a conference
room. However, you have recently noticed that people are connecting to this network
even when there aren't any visitors in the conference room. You want to prevent
these connections, while maintaining easy access for visitors in the conference
room. Which of the following is the BEST solution? - ANSWER Reduce antenna
power
Which of the following represents the BEST action to increase security in a wireless
network? - ANSWER Replace Temporal Key Integrity Protocol (TKIP) with Counter
Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Your organization is hosting a wireless network with an 802.1x server using
Protected Extensible Authentication Protocol (PEAP). On Thursday, users report
they can no longer access the wireless network. Administrators verified the network
configuration matches the baseline, there aren't any hardware outages, and the
