sy0-201 braindumps (1)

Exam Name: CompTIA Security+ (2008 Edition) Exam
Exam Type: CompTIA
Exam Code: SY0-201 Total Questions: 400Question: 1
Who is responsible for establishing access permissions to network resources in the DAC access
control model?

A. The system administrator.
B. The owner of the resource.
C. The system administrator and the owner of the resource.
D. The user requiring access to the resource.

Answer: B

Question: 2
The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and
procedures needed to create, manage, store, distribute, and revoke digital certificates. The public
key infrastructure is based on which encryption schemes?

A. Symmetric
B. Quantum
C. Asymmetric
D. Elliptical curve

Answer: C

Question: 3

Why will a Faraday cage be used?

A. To find rogue access points
B. To allow wireless usage
C. To mitigate data emanation
D. To minimize weak encryption

Answer: C

Question: 4
Which definition best defines what a challenge-response session is?

A. A challenge-response session is a workstation or system that produces a random challenge
string that the user provides, when prompted, in conjunction with the proper PIN (Personal
Identification Number).
B. A challenge-response session is a workstation or system that produces a random login ID that
the user provides, when prompted, in conjunction with the proper PIN (Personal Identification
Number).
C. A challenge-response session is a special hardware device used to produce random text in a
cryptography system.
D. A challenge-response session is the authentication mechanism in the workstation or system
that does not determine whether the owner should be authenticated.

Answer: A

Question: 5
The hashing algorithm is created from a hash value, maguide it nearly impossible to derive the
original input number. Which item can implement the strongest hashing algorithm?

A. NTLMv2
B. LANMAN

C. NTLM
D. VLAN

Answer: A

Question: 6
For which reason are clocks used in Kerberos authentication?

A. Clocks are used to ensure proper connections.
B. Clocks are used to ensure that tickets expire correctly.
C. Clocks are used to generate the seed value for the encryptions keys.
D. Clocks are used to both benchmark and specify the optimal encryption algorithm.

Answer: B

Question: 7
Network utilization is the ratio of current network traffic to the maximum traffic that the port can
handle. Which of the following can most effectively determine whether network utilization is
abnormal?
A. Application log
B. Performance baseline
C. Systems monitor
D. Security log

Answer: B

Question: 8
To reduce vulnerabilities on a web server, an administrator should adopt which of the following
preventative measures?

A. Use packet sniffing software on all inbound communications
B. Apply the most recent manufacturer updates and patches to the server.
C. Enable auditing on the web server and periodically review the audit logs
D. Block all Domain Name Service (DNS) requests coming into the server.

Answer: B

Question: 9
A travel reservation organization conducts the majority of its transactions via a public facing
website. Any downtime to this website will lead to serious financial damage for this organization.
One web server is connected to several distributed database servers. Which statement is correct
about this scenario?

A. RAID
B. Warm site
C. Proxy server
D. Single point of failure

Answer: D

Question: 10
Which of the following is a common type of attack on web servers?
B. Buffer overflow
C. Spam
D. Brute force

Answer: B

Question: 11
An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted
attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a
network, such as the Internet. When an IDS is configured to match a specific traffic pattern, then
which of the following is this referring to?

A. Signature-based
B. Behavior-based
C. Anomaly-based
D. Heuristic-based

Answer: A
Question: 12
The employees at a company are using instant messaging on company networked computers.
The MOST important security issue to address when using instant messaging is that instant
messaging:

A. Communications are a drain on bandwidth
B. Communications are open and unprotected
C. Has no common protocol
D. Uses weak encryption

Answer: B

Question: 13
How is access control permissions established in the RBAC access control model?

A. The system administrator.
B. The owner of the resource.
C. The role or responsibilities users have in the organization.
D. None of the above.

Answer: C

Question: 14
Removable storage has been around almost as long as the computer itself. Which of the
following is the GREATEST security risk regarding removable storage?

A. Availability of data
B. Integrity of data
C. Not enough space available
D. Confidentiality of data

Answer: D

Donwload Free PassGuide Braindumps-The Most Realistic Practice Questions and Answers,Help You Pass any Exams

Question: 15
A VPN typically provides a remote access link from one host to another over:
A. An intranet
B. A modem
C. A network interface card
D. The Internet

Answer: D

Question: 16
In which authentication model a ticket granting server is an important concept?

A. CHAP
B. PAP
C. Kerberos
D. RADIUS

Answer: C

Question: 17
Which of the following would be needed to ensure that a user who has received an email cannot
claim that the email was not received?

A. Anti-aliasing
B. Data integrity
C. Asymmetric cryptography
D. Non-repudiation

Answer: D
Question: 18
Coaxial cable is a cable consisting of an inner conductor, surrounded by a tubular insulating layer
typically made from a flexible material with a high dielectric constant, all of which is then
surrounded by another conductive layer (typically of fine woven wire for flexibility, or of a thin
metallic foil), and then finally covered again with a thin insulating layer on the outside. Which is
the primary security risk with coaxial cable?

A. Crosstalk between the wire pairs
B. Data emanation from the core
C. Refraction of the signal
D. Diffusion of the core light source

Answer: B

Question: 19
Which of the following portions of a company’s network is between the Internet and an internal
network?

A. IDS
B. Demilitarized zone (DMZ)
C. Filter router
D. Bastion host

Answer: B

Question: 20
A technician is conducting a forensics analysis on a computer system. Which step should be
taken FIRST?

A. Search for Trojans.
B. Look for hidden files.
C. Get a binary copy of the system.
D. Analyze temporary files.

Answer: C

Question: 21
Which of the following is MOST often used to allow a client or partner access to a network?

A. Extranet
B. Intranet
C. VLAN
D. Demilitarized zone (DMZ)

Answer: A

Question: 22
In a secure environment, which authentication mechanism will perform better?

A. RADIUS because it encrypts client-server passwords.
B. TACACS because it encrypts client-server negotiation dialogs.
C. TACACS because it is a remote access authentication service.
D. RADIUS because it is a remote access authentication service.

Answer: B

Question: 23
Which of the following types of firewalls provides inspection at layer 7 of the OSI model?

A. Application-proxy
B. Network address translation (NAT)
C. Packet filters
D. Stateful inspection

Answer: A

Question: 24
Which threat is increased by the availability of portable external storage such as USB hard drives
to networks?

A. Increased loss business data
B. Introduction of material on to the network
C. Removal of sensitive and PII data
D. Introduction of rogue wireless access points
Answer: C

Question: 25
Which goals can be achieved by use of security templates? (Select TWO).

A. To ensure that PKI will work properly within the companys trust model

B. To ensure that performance is standardized across all servers
C. To ensure that servers are in compliance with the corporate security policy
D. To ensure that all servers start from a common security configuration

Answer: C, D

Question: 26
A newly hired security specialist is asked to evaluate a company’s network security. The security
specialist discovers that users have installed personal software; the network OS has default
settings and no patches have been installed and passwords are not required to be changed
regularly. Which of the following would be the FIRST step to take?

A. Install software patches.
B. Disable non-essential services.
C. Enforce the security policy.
D. Password management

Answer: C

Question: 27
Which of the following can be used to implement a procedure to control inbound and outbound
traffic on a network segment?

A. Proxy
B. NIDS
C. ACL
D. HIDS

Answer: C

Question: 28
Giving each user or group of users only the access they need to do their job is an example of
which of the following security principals?

A. Least privilege
B. Defense in depth
C. Separation of duties
D. Access control

Answer: A

Question: 29
Which one of the following is not Bluetooth threat?

A. Blue jacguide.
B. Bluesnarfing.
C. Discovery mode.
D. A smurf attack.

Answer: D

Question: 30
A company implements an SMTP server on their firewall. This implementation would violate
which of the following security principles?
A. Keep the solution simple
B. Use a device as intended
C. Create an in-depth defense
D. Address internal threats

Answer: B

Question: 31
In computing, the Basic Input/Output System (BIOS , also known as the System BIOS, is a de
facto standard defining a firmware interface for IBM PC Compatible computers. A user is
concerned with the security of their laptops BIOS. The user would not like anyone to be able to
access control functions except themselves. Which of the following could make the BIOS more
secure?

A. Password
B. Flash the BIOS
C. Encrypt the hard drive
D. Create an access-list

Answer: A

PassGuide Cisco Exams Questions & Training Materials

1. Free isc2 cissp braindumps (1)
2. Free 642-972 braindumps
3. Free new hp hp0-j22 braindumps
4. Free passguide HP0-J19 exam
5. Free passguide HP0-Y11
6. Free Download latest 070-290 Latest Testinside dumps & Video simulations from here…
7. Free (offer) Examworx For 70-270 Feb 08 173 Q’s
8. Free preplogic comptia sy0-101
9. Free passguide HP ASE HP0-758
10. Free passguide pw0-070 exam
11. Free passguide A00-205 Exam :SAS Webaf Server-Side Application Development
12. Free MCPD self-paced training kit PDFs, 70-526/ 70-528/ 70-529/ 70-536/ 70-547/ 70-548/