Embed Size (px)
DESCRIPTION
insidetests offers CompTIA SY0-301 questions and answers for your Security+ Certification Exam 2011 version exam preparation. Download SY0-301 free sample to check the quality.
Citation preview
CompTIA SY0-301
Security+ Certification Exam 2011 version
20 Q&A
Version DEMO
http://www.insidetests.com/sy0-301.htm
Leading the way in IT testing and certification tools, www.InsideTests.com
- 2 -
Important Note, Please Read Carefully
Other prep2pass products
A) Offline Testing engine
Use the offline Testing engine product topractice the questions in an exam environment.
Build a foundation of knowledge which will be useful also after passing the exam.
Latest Version
We are constantly reviewing our products. New material is added and old material is
revised. Free updates are available for 90 days after the purchase. You should check your
member zone at prep2pass and update 3-4 days before the scheduled exam date.
Here is the procedure to get the latest version:
1.Go towww.prep2pass.com
2.Click on Log in
3.The latest versions of all purchased products are downloadable from here. Just click the
links.
For most updates,it is enough just to print the new questions at the end of the new
version, not the whole document.
Feedback
If you spot a possible improvement then please let us know. We always interested in
improving product quality.
Feedback should be send to [email protected]. You should include the following:
Exam number, version, page number, question number, and your login Email.
Our experts will answer your mail promptly.
Copyright
Each iPAD file is a green exe file. if we find out that a particular iPAD Viewer file is
being distributed by you, prep2pass reserves the right to take legal action against you
according to the International Copyright Laws.
Explanations
This product does not include explanations at the moment. If you are interested in
providing explanations for this exam, please contact [email protected].
Leading the way in IT testing and certification tools, www.InsideTests.com
- 3 -
www.prep2pass.com Q: 1 Which of the following malware types is MOST
commonly associated with command and control?
A. Rootkits
B. Logic bombs
C. Botnets
D. Backdoors
Answer: C
www.prep2pass.com Q: 2 Which of the following security chips does BitLocker
utilize?
A. BIOS
B. CPU
C. CMOS
D. TPM
Answer: D
www.prep2pass.com Q: 3 Which of the following web application security
weaknesses can be mitigated by preventing the use of HTML tags?
A. LDAP injection
B. SQL injection
C. Error and exception handling
D. Cross-site scripting
Answer: D
www.prep2pass.com Q: 4 Which of the following is used to verify the identity of the
sender of a signed email?
A. Public key
B. Sender's IP
C. From field
D. Private key
Leading the way in IT testing and certification tools, www.InsideTests.com
- 4 -
Answer: A
www.prep2pass.com Q: 5 Sara, a security guard, reports that the side of the
company building has been marked with spray paint. Which of the following could
this be an example of?
A. Interference
B. War driving
C. War chalking
D. War dialing
Answer: C
www.prep2pass.com Q: 6 While performing basic forensic analysis of a hard drive
in Sara's, the security administrator, possession, which of the following should be
verified during the analysis?
A. Witness statements
B. Image hashes
C. Chain of custody
D. Order of volatility
Answer: B
www.prep2pass.com Q: 7 Which of the following policies is implemented in order
to minimize data loss or theft?
A. PII handling
B. Password policy
C. Chain of custody
D. Zero day exploits
Answer: A
www.prep2pass.com Q: 8 Which of the following allows Pete, a security technician,
to prevent email traffic from entering the company servers?
A. IDS
Leading the way in IT testing and certification tools, www.InsideTests.com
- 5 -
B. URL filtering
C. VPN concentrators
D. Spam filter
Answer: D
www.prep2pass.com Q: 9 Which of the following security controls enforces user
permissions based on a job role?
A. Single sign-on access
B. Group based privileges
C. Account policy enforcement
D. User assigned privileges
Answer: B
www.prep2pass.com Q: 10 Which of the following should be implemented to secure
Pete's, a network administrator, day-today maintenance activities? (Select TWO).
A. TFTP
B. Telnet
C. TACACS+
D. FTP
E. SSH
Answer: C, E
www.prep2pass.com Q: 11 When integrating source material from an open source
project into a highly secure environment, which of the following precautions should
prevent hidden threats?
A. Design review
B. Code review
C. Risk assessment
D. Vulnerability scan
Answer: B
Leading the way in IT testing and certification tools, www.InsideTests.com
- 6 -
www.prep2pass.com Q: 12 Which of the following malware types is BEST
described as protecting itself by hooking system processes and hiding its presence?
A. Botnet
B. Rootkit
C. Logic bomb
D. Virus
Answer: B
www.prep2pass.com Q: 13 A company notices that there is a flaw in one of their
proprietary programs that the company runs in-house. The flaw could cause
damage to the HVAC system. Which of the following would the company transfer to
an insurance company?
A. Risk
B. Threat
C. Vulnerability
D. Code review
Answer: A
www.prep2pass.com Q: 14 Which of the following can Sara, a security
administrator, implement to ensure that encrypted files and devices can be
recovered if the passphrase is lost?
A. Private key rings
B. Trust models
C. Registration
D. Key escrow
Answer: D
www.prep2pass.com Q: 15 An administrator responsible for building and
validating security configurations is a violation of which of the following security
principles?
A. Least privilege
B. Job rotation
C. Separation of duties
Leading the way in IT testing and certification tools, www.InsideTests.com
- 7 -
D. Best business practices
Answer: C
www.prep2pass.com Q: 16 Sara, a network security administrator, has been tasked
with setting up a guest wireless network for her corporation. The requirements for
this connection state that it must have password authentication, with passwords
being changed every week. Which of the following security protocols would meet
this goal in the MOST secure manner?
A. WPA - CCMP
B. WPA - PSK
C. WPA2-CCMP
D. WPA2-PSK
Answer: D
www.prep2pass.com Q: 17 The corporate NIPS requires a daily download from its
vendor with updated definitions in order to block the latest attacks. Which of the
following describes how the NIPS is functioning?
A. Heuristics
B. Anomaly based
C. Signature based
D. Behavior based
Answer: C
www.prep2pass.com Q: 18 Which of the following are security relevant policies?
(Select THREE)
A. Information classification policy
B. Network access policy
C. Data security standard
D. Procurement policy
E. Domain name policy
F. Auditing and monitoring policy
G. Secure login process
Leading the way in IT testing and certification tools, www.InsideTests.com
- 8 -
Answer: A, B, F
www.prep2pass.com Q: 19 Which of the following attacks is manifested as an
embedded HTML image object or JavaScript image tag in an email?
A. Exception handling
B. Adware
C. Cross-site request forgery
D. Cross-site scripting
Answer: D
www.prep2pass.com Q: 20 Which of the following is a policy that would force all
users to organize their areas as well as help in reducing the risk of possible data
theft?
A. Password behaviors
B. Clean desk policy
C. Data handling
D. Data disposal
Answer: B
