Here are 10 more Security+ SY0-301 practice questions for your enjoyment. Answers are listed after the last question. There are over 500 practice questions, answers, and explanations in the Security+ Cert Guide. Note: The questions below do not appear in the book.

1. The IT director asks you to protect a server's data from unauthorized access and disclosure. What is this an example of?

A. Integrity
B. Confidentiality
C. Availability
D. Nonrepudiation

 

2. Which of the following programming techniques can stop buffer overflow attacks?

A. SQL injection attack
B. Input validation
C. Sandbox
D. Backdoor analysis

 

3. You have been asked by an organization to help correct problems with users unknowingly downloading malicious code from websites. Which of the following should you do to fix this problem?

A. Install a network-based intrusion detection system.
B. Disable unauthorized ActiveX controls.
C. Implement a policy to minimize the problem.
D. Use virtual machines.

 

4. What is providing false information about the source of an attack known as?

A. Aliasing
B. Flooding
C. Redirecting
D. Spoofing

 

5. Your LAN is isolated from the Internet by a perimeter network. You suspect that someone is trying to gather information about your LAN. The IT director asks you to gather as much information about the attacker as possible while preventing the attacker from knowing that the attempt has been detected. What is the best method to accomplish this?

A. Deploy a DMZ.
B. Deploy a proxy server in the perimeter network.
C. Deploy a NIPS outside the perimeter network.
D. Deploy a honeypot in the perimeter network.

 

6. Which of the following methods can possibly identify when an unauthorized access has occurred?

A. Session lock mechanism
B. Session termination mechanism
C. Two-factor authentication
D. Previous logon notification

 

7. You have been contracted to determine if network activity spikes are related to an attempt by an attacker to breach the network. The customer wants you to identify when the activity occurs and what type of traffic causes the activity. Which type of tool should you use?

A. Network mapper
B. Protocol analyzer
C. Systems monitor
D. Performance monitor

 

8. Of the following, what is the service provided by message authentication code?

A. Confidentiality
B. Fault tolerance
C. Integrity
D. Data recovery

 

9. The IT director asks you to set up a system that will encrypt credit card data. She wants you to use the most secure symmetric algorithm with the least amount of CPU usage. Which of the following algorithms should you select?

A. AES
B. SHA-1
C. 3DES
D. RSA

 

10. Your high-tech server room needs a quality fire suppression system. What is the most appropriate type of fire suppression system to install?

A. Dry chemical suppression
B. Gaseous fire suppression
C. Wet chemical suppression
D. Dry-pipe sprinkler system

 

Answers:

1. The IT director asks you to protect a server's data from unauthorized access and disclosure. What is this an example of?

A. Integrity
B. Confidentiality
C. Availability
D. Nonrepudiation

Answer: B. Confidentiality.

Explanation: Confidentiality means preventing the access and disclosure of information to unauthorized persons. Integrity means that authorization is necessary before data can be modified by a user. Availability means that data is obtainable regardless of how information is stored, accessed, or protected. Nonrepudiation is a concept of ensuring that people cannot refute claims against them; it is accomplished with computer evidence such as log files.
See the section: Section "Security 101" in Chapter 1, "Introduction to Security" of the Security+ Cert Guide

 

2. Which of the following programming techniques can stop buffer overflow attacks?

A. SQL injection attack
B. Input validation
C. Sandbox
D. Backdoor analysis

Answer: B. Input validation.

Explanation: Input validation is the best programming technique to stop buffer overflow attacks and is also used to prevent SQL injection attacks. A sandbox is used to run the web scripts in their own testing environment. Backdoors are used in computer programs to bypass normal authentication. Backdoor analysis includes checking the operating system, applications, and firmware on devices and making sure they are updated.
See the section: "Securing Other Applications" in Chapter 4, "Application Security" of the Security+ Cert Guide

 

3. You have been asked by an organization to help correct problems with users unknowingly downloading malicious code from websites. Which of the following should you do to fix this problem?

A. Install a network-based intrusion detection system.
B. Disable unauthorized ActiveX controls.
C. Implement a policy to minimize the problem.
D. Use virtual machines.

Answer: B. Disable unauthorized ActiveX controls.

Explanation: ActiveX controls can be built directly into websites and can contain malicious code that can be easily downloaded by users without their knowledge. ActiveX controls can be disabled in whole or in part within the browser and can also be controlled as add-ons. A NIDS can possibly defend against malicious ActiveX controls to a certain extent, but you should not solely depend on it. Implementing policies is always a good idea, but you don't want to minimize the problem; you want to fix it. The use of virtual machines works well to isolate problems that might occur from ActiveX controls, but it does not fix the problem as far as downloading the malicious code.
See the section: "Securing the Browser" in Chapter 4, "Application Security" of the Security+ Cert Guide

 

4. What is providing false information about the source of an attack known as?

A. Aliasing
B. Flooding
C. Redirecting
D. Spoofing

Answer: D. Spoofing.

Explanation: Spoofing is an attack where an attacker masquerades as another person by falsifying information. Types of spoofing attacks include the man-in-the-middle attack and phishing. Aliasing is when a secondary name is given to a computer or other device, usually for legitimate purposes. Flooding is a category of attack that can use different types of packets to flood a device or server to deny service. Redirecting is when a particular connection is redirected to another resource, for example, when mapping a network drive.
See the section: "Malicious Attacks" in Chapter 5, "Network Design Elements and Threats" of the Security+ Cert Guide

 

5. Your LAN is isolated from the Internet by a perimeter network. You suspect that someone is trying to gather information about your LAN. The IT director asks you to gather as much information about the attacker as possible while preventing the attacker from knowing that the attempt has been detected. What is the best method to accomplish this?

A. Deploy a DMZ.
B. Deploy a proxy server in the perimeter network.
C. Deploy a NIPS outside the perimeter network.
D. Deploy a honeypot in the perimeter network.

Answer: D. Deploy a honeypot in the perimeter network.

Explanation: A honeypot can be used to lure attackers in and trap them while you analyze their methods. The honeypot is usually placed within the perimeter network which is the DMZ. Proxy servers are usually not placed in the perimeter network; they act as go-betweens forward users on the LAN and servers on the Internet. NIPS can be placed in or out of a perimeter network, but they do not lure in attackers; instead they attempt to prevent attacks from happening.
See the section: "Firewalls and Network Security" in Chapter 6, "Network Perimeter Security" of the Security+ Cert Guide

 

6. Which of the following methods can possibly identify when an unauthorized access has occurred?

A. Session lock mechanism
B. Session termination mechanism
C. Two-factor authentication
D. Previous logon notification

Answer: D. Previous logon notification.

Explanation: Previous logon notification notifies the user and possibly the administrator of when the last-known good logon occurred. If users knows that they did not log on at that time, it is a good indicator that unauthorized access occurred. Session lock mechanisms can be implemented on several different types of operating systems. For example, in Windows a policy can be created to lock the computer after a specific timeout. Sessions can also be terminated automatically via systems such as an FTP server after a specific timeout. Two-factor authentication is a type of multifactor authentication in which two types of identification are necessary to gain access to a network.
See the section: "Rights, Permissions, and Policies" in Chapter 9, "Access Control Methods and Models" of the Security+ Cert Guide

 

7. You have been contracted to determine if network activity spikes are related to an attempt by an attacker to breach the network. The customer wants you to identify when the activity occurs and what type of traffic causes the activity. Which type of tool should you use?

A. Network mapper
B. Protocol analyzer
C. Systems monitor
D. Performance monitor

Answer: B. Protocol analyzer.

Explanation: A protocol analyzer will capture packets and timestamp each one. This tells you exactly what type of packets were captured and when. If the timestamps correspond to the network activity spikes, you know you have a match for the time. By digging into the packets with a protocol analyzer, you can find out exactly what type of traffic is causing the activity. Network mappers such as LanSurveyor locate all the hosts on a network. System Monitor is a program used by Linux, and performance monitor is a program used by Windows; both of these monitor a servers resources such as CPU, RAM, and hard drive.
See the section: "Using Tools to Monitor Systems and Networks" in Chapter 11, "Monitoring and Auditing" of the Security+ Cert Guide

 

8. Of the following, what is the service provided by message authentication code?

A. Confidentiality
B. Fault tolerance
C. Integrity
D. Data recovery

Answer: C. Integrity.

Explanation: Message authentication code (MAC) is a short piece of information that authenticates the message in an attempt to guarantee the messages data integrity. The MAC algorithm is sometimes referred to as a cryptographic hash function. Confidentiality needs to prevent the disclosure of information to unauthorized persons that can be done with encryption, not hashing. Fault tolerance is the capability for a server, network device, or entire network to continue functioning even if an error or attack occurs. Data recovery is necessary if a failure occurs that the network cannot recover from automatically. It is usually part of a disaster recovery plan.
See the section: "Hashing Basics" in Chapter 12, "Encryption and Hashing Concepts" of the Security+ Cert Guide

 

9. The IT director asks you to set up a system that will encrypt credit card data. She wants you to use the most secure symmetric algorithm with the least amount of CPU usage. Which of the following algorithms should you select?

A. AES
B. SHA-1
C. 3DES
D. RSA

Answer: A. AES.

Explanation: The Advanced Encryption Standard (AES) is the best solution for this scenario. It uses the least amount of CPU resources yet is the most secure symmetric algorithm listed. SHA-1 is not a symmetric encryption algorithm; it is a hashing algorithm. 3DES is the predecessor to AES; it is not as secure or fast. RSA is an asymmetric encryption algorithm; it is secure but can use a lot of CPU resources.
See the section: "Encryption Algorithms" in Chapter 12, "Encryption and Hashing Concepts" of the Security+ Cert Guide

 

10. Your high-tech server room needs a quality fire suppression system. What is the most appropriate type of fire suppression system to install?

A. Dry chemical suppression
B. Gaseous fire suppression
C. Wet chemical suppression
D. Dry-pipe sprinkler system

Answer: B. Gaseous fire suppression.

Explanation: A gaseous fire suppression system is the best way to go in this scenario. Server room equipment can be easily damaged by other types of systems. An example of a gaseous fire suppression system would be FM200. A less powerful example would be a C02 fire extinguisher. Some municipalities require that a sprinkler system be installed, even if a gaseous fire suppression system has already been installed to the server room. If this is the case, a dry pipe sprinkler system will be installed in addition to the gaseous fire suppression system. Multipurpose dry chemical fire extinguishers can be extremely messy and can damage server room equipment easily and therefore should not be used. Wet chemical suppression is even worse. These and water-based fire extinguishers should not be used in server rooms.
See the section: "Environmental Controls" in Chapter 15, "Policies, Procedures, and People" of the Security+ Cert Guide


This has been a sample of 10 questions from the Security+ Cert Guide.  Get your copy today!

                      
About Dave Testimonials FAQ Site Map Contact
Copyright © David L. Prowse – Official Website - All Rights Reserved