Practice Test

Question 1

802.1Q

Answer 1

Standard for virtual lans

Question 2

A sniffer is also known as a

Answer 2

protocol analyzer, but an analyzer analyzes and a sniffer doesn’t

Question 3

Administrative controls

Answer 3

train personnel on security policies

Question 4

deterrent controls

Answer 4

stop an attacker from attacking in the first place

Question 5

detective controls

Answer 5

identify an attack in progress

Question 6

preventive controls

Answer 6

stop an attack before it can cause damage

Question 7

warm site

Answer 7

Dormant or performs non critical function, ready to be adapted to critical

Question 8

cold site

Answer 8

has power and network hookups, think warehouse

Question 9

hot site

Answer 9

fully configured alternative network

Question 10

three major steps in a continuity of operations plan

Answer 10

audit mitigate and recover

Question 11

which term is correct, risk assessment or risk analysis?

Answer 11

Risk assessment

Question 12

periodic control testing

Answer 12

Best way to check effectiveness of safety measures

Question 13

DNS Poisoning

Answer 13

redirects a domain name to a malicious IP address

Question 14

DNS hijacking

Answer 14

setting up a fake DNS server

Question 15

802.1x is a port-based authentication mechanism T or F

Answer 15

True

Question 16

802.1x works over a LAN, a Wireless Lan, or both

Answer 16

both

Question 17

hardware security module

Answer 17

cryptoprocessor device attached to servers and computers to provide digital key security

Question 18

TPM

Answer 18

creates a secure computing environment with cryptoprocessors

Question 19

Mandatory Access Control

Answer 19

Assigns a security level for users and resources, and the two much “match.”

Question 20

Transitive Authentication is also known as

Answer 20

single sign on

Question 21

Discretionary Access control is managed by

Answer 21

Access control lists

Question 22

TOTP

Answer 22

Time-based one time password

Question 23

Chap is deprecated because it

Answer 23

uses MD5

Question 24

HMAC

Answer 24

Hash message authentication code - uses hash and key

Question 25

PBKDF2 is what?

Answer 25

A key and/or password stretching algorith

Question 26

Bcrypt is what?

Answer 26

password stretching algorithm

Question 27

ISA stands for

Answer 27

Interconnection Security Agreement

Question 28

Radius is used for

Answer 28

wireless. Remote Authentication dial in user service

Question 29

Mac

Answer 29

Mandatory Access control, restricted, public, private etc

Question 30

DAC

Answer 30

Discretionary access control - based on object ownership

Question 31

SFTP uses port

Answer 31

22

Question 32

VSAN

Answer 32

virtual storage area network, similar to vlan in segmentation ability

Question 33

Trusted Platform Module uses what key

Answer 33

storage root key

Question 34

What is a TPM

Answer 34

Trusted Platform Module, chip that stores RSA keys and uses hardware encryption

Question 35

Stages of common incident response

Answer 35

d

Question 36

ale

Answer 36

s

Question 37

sle

Answer 37

s

Question 38

aro

Answer 38

s

Question 39

Which of the following security devices can be replicated on a Linux based computer using IP
tables to inspect and properly handle network based traffic? 
A.
Sniffer
B.
Router
C.
Firewall
D.
Switch

Answer 39

c. Firewall

Question 40

QUESTION NO: 11
Mike, a network administrator, has been asked to passively monitor network traffic to the
company’s sales websites. Which of the following would be BEST suited for this task?
A.
HIDS
B.
Firewall
C.
NIPS
D.

Spam filter

Answer 40

c nips

Question 41

QUESTION NO: 12
Which of the following should be deployed to prevent the transmission of malicious traffic between
virtual machines hosted on a singular physical device on a network?
A.
HIPS on each virtual machine
B.
NIPS on the network
C.
NIDS on the network
D.
HIDS on each virtual machine

Answer 41

Answer: A
Explanation:
Host-based intrusion prevention system (HIPS) is an installed software package which monitors a
single host for suspicious activity by analyzing events occurring within that host.

Question 42

QUESTION NO: 21
Which of the following components of an all-in-one security appliance would MOST likely be
configured in order to restrict access to peer-to-peer file sharing websites?
A.
Spam filter
B.
URL filter
C.
Content inspection
D.
Malware inspection

Answer 42

B.

URL filter

Question 43

QUESTION NO: 25
Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a

page is displayed notifying him that this site cannot be visited. Which of the following is MOST
likely blocking Pete’s access to this site?
A.
Internet content filter
B.
Firewall
C.
Proxy server
D.
Protocol analyzer

Answer 43

A.

Internet content filter

Question 44

A security engineer is reviewing log data and sees the output below:
POST: /payload.php HTTP/1.1
HOST: localhost

Accept: */*
Referrer: http://localhost/
*******
HTTP/1.1 403 Forbidden
Connection: close
Log: Access denied with 403. Pattern matches form bypass Which of the following technologies
was MOST likely being used to generate this log?
A.
Host-based Intrusion Detection System
B.
Web application firewall
C.
Network-based Intrusion Detection System
D.
Stateful Inspection Firewall
E.
URL Content Filter

Answer 44

B.

Web application firewall

Question 45

QUESTION NO: 30
An administrator would like to review the effectiveness of existing security in the enterprise. Which
of the following would be the BEST place to start?
A.
Review past security incidents and their resolution
B.
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 21
Rewrite the existing security policy
C.
Implement an intrusion prevention system
D.
Install honey pot systems

Answer 45

C.

Implement an intrusion prevention system

Question 46

SCP uses TCP/UDP or both

Answer 46

TCP

Question 47

TFTP uses TCP/UDP or both

Answer 47

UDP

Question 48

A technician is deploying virtual machines for multiple customers on a single physical host to
reduce power consumption in a data center. Which of the following should be recommended to
isolate the VMs from one another?
A.
Implement a virtual firewall
B.
Install HIPS on each VM
C.
Virtual switches with VLANs
D.
Develop a patch management guide

Answer 48

C.

Virtual switches with VLANs

Question 49

A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet
interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks.
Which of the following is MOST likely the reason for the sub-interfaces?
A.
The network uses the subnet of 255.255.255.128.
B.
The switch has several VLANs configured on it.
C.
The sub-interfaces are configured for VoIP traffic.
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 31
D.
The sub-interfaces each implement quality of service.

Answer 49

b

Question 50

A company determines a need for additional protection from rogue devices plugging into physical
ports around the building.
Which of the following provides the highest degree of protection from unauthorized wired network
access?
A.
Intrusion Prevention Systems
B.
MAC filtering
C.
Flood guards
D.
802.1x

Answer 50

D.

802.1x

Question 51

QUESTION NO: 48
A network administrator wants to block both DNS requests and zone transfers coming from
outside IP addresses. The company uses a firewall which implements an implicit allow and is
currently configured with the following ACL applied to its external interface.
PERMIT TCP ANY ANY 80

PERMIT TCP ANY ANY 443
Which of the following rules would accomplish this task? (Select TWO).
A.
Change the firewall default settings so that it implements an implicit deny
B.
Apply the current ACL to all interfaces of the firewall
C.
Remove the current ACL
D.
Add the following ACL at the top of the current ACLDENY TCP ANY ANY 53
E.
Add the following ACL at the bottom of the current ACLDENY ICMP ANY ANY 53
F.
Add the following ACL at the bottom of the current ACLDENY IP ANY ANY 53

Answer 51

Answer: A,F

Question 52

QUESTION NO: 50
The Human Resources department has a parent shared folder setup on the server. There are two
groups that have access, one called managers and one called staff. There are many sub folders
under the parent shared folder, one is called payroll. The parent folder access control list
propagates all subfolders and all subfolders inherit the parent permission. Which of the following is
the quickest way to prevent the staff group from gaining access to the payroll folder?
A.
Remove the staff group from the payroll folder
B.
Implicit deny on the payroll folder for the staff group
C.
Implicit deny on the payroll folder for the managers group
D.
Remove inheritance from the payroll folder

Answer 52

B.

Implicit deny on the payroll folder for the staff group

Question 53

A company has several conference rooms with wired network jacks that are used by both
employees and guests. Employees need access to internal resources and guests only need
access to the Internet. Which of the following combinations is BEST to meet the requirements?
A.
NAT and DMZ
B.
VPN and IPSec
C.
Switches and a firewall
D.
802.1x and VLANs

Answer 53

D.

802.1x and VLANs

Question 54

A security administrator is segregating all web-facing server traffic from the internal network and
restricting it to a single interface on a firewall. Which of the following BEST describes this new
network?
A.
VLAN
B.
Subnet
C.
VPN
D.
DMZ

Answer 54

D.

DMZ

Question 55

When designing a new network infrastructure, a security administrator requests that the intranet
web server be placed in an isolated area of the network for security purposes. Which of the
following design elements would be implemented to comply with the security administrator’s
request?
A.
DMZ
B.
Cloud services
C.
Comptia SY0-401 Exam
"Pass Any Exam. Any Time." - www.actualtests.com 47
Virtualization
D.
Sandboxing
Answer: A
Explanation:
A

Answer 55

A.

DMZ

Question 56

Which of the following IP addresses would be hosts on the same subnet given the subnet mask
255.255.255.224? (Select TWO).
A.
10.4.4.125
B.
10.4.4.158
C.
10.4.4.165
D.
10.4.4.189
E.
10.4.4.199

Answer 56

Answer: C,D

Question 57

Which of the following would the security engineer set as the subnet mask for the servers below to
utilize host addresses on separate broadcast domains?
Server 1: 192.168.100.6
Server 2: 192.168.100.9
Server 3: 192.169.100.20
A.
/24
B.
/27
C.
/28
D.
/29
E.
/30

Answer 57

D.

/29

Question 58

A small company can only afford to buy an all-in-one wireless router/switch. The company has 3
wireless BYOD users and 2 web servers without wireless access. Which of the following should
the company configure to protect the servers from the user devices? (Select TWO).
A.
Deny incoming connections to the outside router interface.
B.
Change the default HTTP port
C.
Implement EAP-TLS to establish mutual authentication
D.
Disable the physical switch ports
E.
Create a server VLAN
F.
Create an ACL to access the server

Answer 58

e,f

Question 59

Pete, a network administrator, is capturing packets on the network and notices that a large amount
of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment
that traffic from the other traffic?
A.
Connect the WAP to a different switch.
B.
Create a voice VLAN.
C.
Create a DMZ.
D.
Set the switch ports to 802.1q mode.

Answer 59

B.

Create a voice VLAN.

Question 60

Which of the following is a programming interface that allows a remote computer to run programs
on a local machine?
A.
RPC
B.
RSH
C.
SSH
Comptia SY0-401 Exam
"Pass Any Exam. Any Time." - www.actualtests.com 58
D.
SSL

Answer 60

A.
RPC
remote procedure call

Question 61

A company’s business model was changed to provide more web presence and now its ERM
software is no longer able to support the security needs of the company. The current data center
will continue to provide network and security services. Which of the following network elements
would be used to support the new business model?
A.
Software as a Service
B.
DMZ
C.
Remote access support
D.
Infrastructure as a Service

Answer 61

A.

Software as a Service

Question 62

An IT director is looking to reduce the footprint of their company’s server environment. They have
decided to move several internally developed software applications to an alternate environment,
supported by an external company. Which of the following BEST describes this arrangement?
A.
Infrastructure as a Service
B.
Storage as a Service
C.
Platform as a Service
D.
Software as a Service

Answer 62

Answer: A

Question 63

A company’s legacy server requires administration using Telnet. Which of the following protocols
could be used to secure communication by offering encryption at a lower OSI layer? (Select
TWO).
A.
IPv6
B.
SFTP
C.
IPSec
D.
SSH
E.
IPv4

Answer 63

Answer: A,C

Question 64

Bind is what?

Answer 64

DNS

Question 65

AAAA record does what?

Answer 65

links a FQDN to an ipv6 address

Question 66

Which of the following should be implemented to stop an attacker from mapping out addresses
and/or devices on a network?
A.
Single sign on
Comptia SY0-401 Exam
"Pass Any Exam. Any Time." - www.actualtests.com 76
B.
IPv6
C.
Secure zone transfers
D.
VoIP

Answer 66

Answer: C

Question 67

An administrator configures all wireless access points to make use of a new network certificate
authority. Which of the following is being used?
A.
WEP
B.
LEAP
C.
EAP-TLS
Comptia SY0-401 Exam
"Pass Any Exam. Any Time." - www.actualtests.com 78
D.
TKIP

Answer 67

C.

EAP-TLS

Question 68

FTP/S uses which of the following TCP ports by default?
A.
20 and 21
B.
139 and 445
C.
443 and 22
D.
989 and 990

Answer 68

D.

989 and 990

Question 69

Which of the following protocols is used by IPv6 for MAC address resolution?
A.
NDP
B.
ARP
C.
DNS
D.
NCP

Answer 69

Answer: A
Explanation:
The Neighbor Discovery Protocol (NDP) is a protocol in the Internet protocol suite used with
Internet Protocol Version 6 (IPv6).

Question 70

Which of the following ports and protocol types must be opened on a host with a host-based
firewall to allow incoming SFTP connections?
A.
21/UDP
B.
21/TCP
C.
22/UDP
D.
22/TCP

Answer 70

Answer: D
Explanation:
SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec,
and slogin, also use TCP port 22.

Question 71

A security analyst noticed a colleague typing the following command:
`Telnet some-host 443’
Which of the following was the colleague performing?
A.
A hacking attempt to the some-host web server with the purpose of achieving a distributed denial
of service attack.
B.
A quick test to see if there is a service running on some-host TCP/443, which is being routed
correctly and not blocked by a firewall.
C.
Trying to establish an insecure remote management session. The colleague should be using SSH
or terminal services instead.
D.
A mistaken port being entered because telnet servers typically do not listen on port 443.

Answer 71

B.
A quick test to see if there is a service running on some-host TCP/443, which is being routed
correctly and not blocked by a firewall.

Question 72

A malicious program modified entries in the LMHOSTS file of an infected system. Which of the
following protocols would have been affected by this?
Comptia SY0-401 Exam
"Pass Any Exam. Any Time." - www.actualtests.com 88
A.
ICMP
B.
BGP
C.
NetBIOS
D.
DNS

Answer 72

C.

NetBIOS

Question 73

LDAP Port

Answer 73

389

Question 74

A company has implemented PPTP as a VPN solution. Which of the following ports would need to
be opened on the firewall in order for this VPN to function properly? (Select TWO).
A.
UDP 1723
B.
TCP 500
Comptia SY0-401 Exam
"Pass Any Exam. Any Time." - www.actualtests.com 94
C.
TCP 1723
D.
UDP 47
E.
TCP 47

Answer 74

C and D

Question 75

DHCP Port

Answer 75

68

Question 76

By default, which of the following uses TCP port 22? (Select THREE).
A.
FTPS
B.
STELNET
C.
TLS
D.
SCP
E.
SSL
F.
HTTPS
G.
SSH
H.
SFTP

Answer 76

Answer: D,G,H

Question 77

A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to
connect to it. Only after an authorized client has connected and the hacker was able to capture the
client handshake with the AP can the hacker begin a brute force attack to discover the encryption
key. Which of the following attacks is taking place?
A.
IV attack
B.
WEP cracking
C.
WPA cracking
D.
Rogue AP

Answer 77

C.

WPA cracking

Question 78

Which of the following is a step in deploying a WPA2-Enterprise wireless network?
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 106
A.
Install a token on the authentication server
B.
Install a DHCP server on the authentication server
C.
Install an encryption key on the authentication server
D.
Install a digital certificate on the authentication server

Answer 78

d

Question 79

A security administrator must implement a wireless security system, which will require users to
enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS
wireless encryption.
Which of the following should be implemented?
A.
WPA2-CCMP with 802.1X
B.
WPA2-PSK
C.
WPA2-CCMP
D.
WPA2-Enterprise

Answer 79

Answer: D

Question 80

A security administrator must implement a network authentication solution which will ensure
encryption of user credentials when users enter their username and password to authenticate to
the network.
Which of the following should the administrator implement?
A.
WPA2 over EAP-TTLS
B.
WPA-PSK
C.
WPA2 with WPS
D.
WEP over EAP-PEAP

Answer 80

D

Question 81

Which of the following BEST describes the weakness in WEP encryption?
A.
The initialization vector of WEP uses a crack-able RC4 encryption algorithm.Once enough packets
are captured an XOR operation can be performed and the asymmetric keys can be derived.
B.
The WEP key is stored in plain text and split in portions across 224 packets of random data.Once
enough packets are sniffed the IV portion of the packets can be removed leaving the plain text
key.
C.
The WEP key has a weak MD4 hashing algorithm used.A simple rainbow table can be used to
generate key possibilities due to MD4 collisions.
D.
The WEP key is stored with a very small pool of random numbers to make the cipher text.As the
random numbers are often reused it becomes easy to derive the remaining WEP key.

Answer 81

D

Question 82

Which of the following would satisfy wireless network implementation requirements to use mutual
authentication and usernames and passwords?
A.
EAP-MD5
B.
WEP
C.
PEAP-MSCHAPv2
D.
EAP-TLS

Answer 82

Answer: C
Explanation:
PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication
is accomplished via password-base credentials (user name and password) rather than digital
certificates or smart cards.

Question 83

Matt, a systems security engineer, is determining which credential-type authentication to use
within a planned 802.1x deployment. He is looking for a method that does not require a client
certificate, has a server side certificate, and uses TLS tunnels for encryption. Which credential
type authentication method BEST fits these requirements?
A.
EAP-TLS
B.
EAP-FAST
C.
PEAP-CHAP
D.
PEAP-MSCHAPv2

Answer 83

Answer: D
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 111
Explanation:
PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication
is accomplished via password-base credentials (user name and password) rather than digital
certificates or smart cards. Only servers running Network Policy Server (NPS) or PEAP-MS-CHAP
v2 are required to have a certificate.

Question 84

Which of the following means of wireless authentication is easily vulnerable to spoofing?
A.
MAC Filtering
B.
WPA - LEAP
C.
WPA - PEAP
D.
Enabled SSID

Answer 84

A.

MAC Filtering

Question 85

QUESTION NO: 165
A company provides secure wireless Internet access for visitors and vendors working onsite.
Some of the vendors using older technology report that they are unable to access the wireless
network after entering the correct network information. Which of the following is the MOST likely
reason for this issue?
A.
The SSID broadcast is disabled.
B.
The company is using the wrong antenna type.
C.
The MAC filtering is disabled on the access point.
D.
The company is not using strong enough encryption.

Answer 85

A.

The SSID broadcast is disabled.

Question 86

An access point has been configured for AES encryption but a client is unable to connect to it.
Which of the following should be configured on the client to fix this issue?
A.
WEP
B.
CCMP
C.
TKIP
D.
RC4

Answer 86

B.

CCMP

Question 87

A system administrator wants to enable WPA2 CCMP. Which of the following is the only
encryption used?
A.
RC4
B.
DES
C.
3DES
D.
AES

Answer 87

D

Question 88

Which of the following is a directional antenna that can be used in point-to-point or point-to-multipoint
WiFi communication systems? (Select TWO).
A.
Backfire
B.
Dipole
C.
Omni
D.
PTZ
E.
Dish

Answer 88

Answer: A,E
Explanation:
Both the Backfire and the Dish antennae are high gain antenna types that transmit a narrow beam
of signal. It can therefore be used as a point-to-point antenna over short distances, but as point-tomulti-
point antenna over longer distances.

Question 89

Which of the following would be MOST appropriate to secure an existing SCADA system by
preventing connections from unauthorized networks?
A.
Implement a HIDS to protect the SCADA system
B.
Implement a Layer 2 switch to access the SCADA system
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 130
C.
Implement a firewall to protect the SCADA system
D.
Implement a NIDS to protect the SCADA system

Answer 89

Answer: C
Explanation:
Firewalls manage traffic using filters, which is just a rule or set of rules. A recommended guideline
for firewall rules is, “deny by default; allow by exception”. This means that if a network connection
is not specifically allowed, it will be denied.

Question 90

A security administrator must implement a firewall rule to allow remote employees to VPN onto the
company network. The VPN concentrator implements SSL VPN over the standard HTTPS port.
Which of the following is the MOST secure ACL to implement at the company’s gateway firewall?
A.
PERMIT TCP FROM ANY 443 TO 199.70.5.25 443
B.
PERMIT TCP FROM ANY ANY TO 199.70.5.23 ANY
C.
PERMIT TCP FROM 199.70.5.23 ANY TO ANY ANY
D.
PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443

Answer 90

Answer: D
Explanation:
The default HTTPS port is port 443. When configuring SSL VPN you can change the default port
for HTTPS to a port within the 1024-65535 range. This ACL will allow traffic from VPNs using the
1024-65535 port range to access the company network via company’s gateway firewall on port
443.

Question 91

Ann, the Chief Information Officer (CIO) of a company, sees cloud computing as a way to save
money while providing valuable services. She is looking for a cost-effective solution to assist in
capacity planning as well as visibility into the performance of the network. Which of the following
cloud technologies should she look into?
A.
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 134
IaaS
B.
MaaS
C.
SaaS
D.
PaaS

Answer 91

Answer: B
Explanation:
Monitoring-as-a-service (MaaS) is a cloud delivery model that falls under anything as a service
(XaaS). MaaS allows for the deployment of monitoring functionalities for several other services
and applications within the cloud.

Question 92

An organization recently switched from a cloud-based email solution to an in-house email server.
The firewall needs to be modified to allow for sending and receiving email. Which of the following
ports should be open on the firewall to allow for email traffic? (Select THREE).
A.
TCP 22
B.
TCP 23
C.
TCP 25
D.
TCP 53
E.
TCP 110
F.
TCP 143
G.
TCP 445

Answer 92

Answer: C,E,F

Question 93

Secure LDAP port

Answer 93

636

Question 94

A retail store uses a wireless network for its employees to access inventory from anywhere in the
store. Due to concerns regarding the aging wireless network, the store manager has brought in a
consultant to harden the network. During the site survey, the consultant discovers that the network
was using WEP encryption. Which of the following would be the BEST course of action for the
consultant to recommend?
A.
Replace the unidirectional antenna at the front of the store with an omni-directional antenna.
B.
Change the encryption used so that the encryption protocol is CCMP-based.
C.
Disable the network’s SSID and configure the router to only access store devices based on MAC
addresses.
D.
Increase the access point’s encryption from WEP to WPA TKIP.

Answer 94

B

Question 95

A server is configured to communicate on both VLAN 1 and VLAN 12. VLAN 1 communication
works fine, but VLAN 12 does not. Which of the following MUST happen before the server can
communicate on VLAN 12?
A.
The server’s network switch port must be enabled for 802.11x on VLAN 12.
B.
The server’s network switch port must use VLAN Q-in-Q for VLAN 12.
C.
The server’s network switch port must be 802.1q untagged for VLAN 12.
D.
The server’s network switch port must be 802.1q tagged for VLAN 12.

Answer 95

Answer: D
Explanation:
802.1q is a standard that defines a system of VLAN tagging for Ethernet frames. The purpose of a
tagged port is to pass traffic for multiple VLAN’s.

Question 96

A major security risk with co-mingling of hosts with different security requirements is:
A.
Security policy violations.
B.
Zombie attacks.
C.
Password compromises.
D.
Privilege creep.
Comptia SY0-401 Exam
"

Answer 96

A

Question 97

Two members of the finance department have access to sensitive information. The company is
concerned they may work together to steal information. Which of the following controls could be
implemented to discover if they are working together?
A.
Least privilege access
B.
Separation of duties
C.
Mandatory access control
D.
Mandatory vacations

Answer 97

D

Question 98

While rarely enforced, mandatory vacation policies are effective at uncovering:
A.
Help desk technicians with oversight by multiple supervisors and detailed quality control systems.
B.
Collusion between two employees who perform the same business function.
C.
Acts of incompetence by a systems engineer designing complex architectures as a member of a
team.
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 154
D.
Acts of gross negligence on the part of system administrators with unfettered access to system
and no oversight.

Answer 98

D

Question 99

A company that has a mandatory vacation policy has implemented which of the following controls?
A.
Risk control
B.
Privacy control
C.
Technical control
D.
Physical control

Answer 99

A

Question 100

The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to
determine who may be responsible. Which of the following would be the BEST course of action?
A.
Create a single, shared user account for every system that is audited and logged based upon time
of use.
B.
Implement a single sign-on application on equipment with sensitive data and high-profile shares.
C.
Enact a policy that employees must use their vacation time in a staggered schedule.
D.
Separate employees into teams led by a person who acts as a single point of contact for
observation purposes.

Answer 100

Answer: C

Question 101

In order to prevent and detect fraud, which of the following should be implemented?
A.
Job rotation
B.
Risk analysis
C.
Incident management
D.
Employee evaluations

Answer 101

a

Question 102

The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a
database administrator performing several other job functions within the company. Which of the
following is the BEST method to prevent such activities in the future?
A.
Job rotation
B.
Separation of duties
C.
Mandatory Vacations
D.
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 159
Least Privilege

Answer 102

Answer: B

Question 103

One of the system administrators at a company is assigned to maintain a secure computer lab.
The administrator has rights to configure machines, install software, and perform user account
maintenance. However, the administrator cannot add new computers to the domain, because that
requires authorization from the Information Assurance Officer. This is an example of which of the
following?
A.
Mandatory access
B.
Rule-based access control
C.
Least privilege
D.
Job rotation

Answer 103

C.

Least privilege

Question 104

A security administrator notices that a specific network administrator is making unauthorized
changes to the firewall every Saturday morning. Which of the following would be used to mitigate
this issue so that only security administrators can make changes to the firewall?
A.
Mandatory vacations
B.
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 162
Job rotation
C.
Least privilege
D.
Time of day restrictions

Answer 104

C.

Least privilege

Question 105

Identifying residual risk is MOST important to which of the following concepts?
A.
Risk deterrence
B.
Risk acceptance
C.
Risk mitigation
D.
Risk avoidance

Answer 105

b

Question 106

RPO stands for

Answer 106

Recovery Point Objective

Question 107

CIA

Answer 107

Confidentiality , Integrity, Availability

Question 108

Which of the following is the GREATEST security risk of two or more companies working together
under a Memorandum of Understanding?
A.
Budgetary considerations may not have been written into the MOU, leaving an entity to absorb
more cost than intended at signing.
B.
MOUs have strict policies in place for services performed between the entities and the penalties
for compromising a partner are high.
C.
MOUs are generally loose agreements and therefore may not have strict guidelines in place to
protect sensitive data between the two entities.
D.
MOUs between two companies working together cannot be held to the same legal standards as
SLAs.

Answer 108

C.
MOUs are generally loose agreements and therefore may not have strict guidelines in place to
protect sensitive data between the two entities.

Question 109

The network administrator is responsible for promoting code to applications on a DMZ web server.
Which of the following processes is being followed to ensure application integrity?
Comptia SY0-401 Exam
"Pass Any Exam. Any Time." - www.actualtests.com 179
A.
Application hardening
B.
Application firewall review
C.
Application change management
D.
Application patch management

Answer 109

c

Question 110

Which of the following MOST specifically defines the procedures to follow when scheduled system
patching fails resulting in system outages?
A.
Risk transference
B.
Change management
C.
Configuration management
D.
Access control revalidation

Answer 110

b

Question 111

A security engineer is given new application extensions each month that need to be secured prior
to implementation. They do not want the new extensions to invalidate or interfere with existing
application security. Additionally, the engineer wants to ensure that the new requirements are
approved by the appropriate personnel. Which of the following should be in place to meet these
two goals? (Select TWO).
A.
Patch Audit Policy
B.
Change Control Policy
C.
Incident Management Policy
D.
Regression Testing Policy
E.
Escalation Policy
F.
Application Audit Policy

Answer 111

b,d

Question 112

Various network outages have occurred recently due to unapproved changes to network and
security devices. All changes were made using various system credentials. The security analyst
has been tasked to update the security policy. Which of the following risk mitigation strategies
would also need to be implemented to reduce the number of network outages due to unauthorized
changes?
A.
User rights and permissions review
B.
Configuration management
C.
Incident management
D.
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 186
Implement security controls on Layer 3 devices

Answer 112

a

Question 113

The security administrator is currently unaware of an incident that occurred a week ago. Which of
the following will ensure the administrator is notified in a timely manner in the future?
A.
User permissions reviews
B.
Incident response team
C.
Change management
D.
Routine auditing

Answer 113

D.

Routine auditing

Question 114

The system administrator has deployed updated security controls for the network to limit risk of
attack. The security manager is concerned that controls continue to function as intended to
maintain appropriate security posture.
Which of the following risk mitigation strategies is MOST important to the security manager?
A.
User permissions
B.
Policy enforcement
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 188
C.
Routine audits
D.
Change management

Answer 114

C.

Routine audits

Question 115

DLP

Answer 115

Data Loss Prevention

Question 116

Several employees have been printing files that include personally identifiable information of
customers. Auditors have raised concerns about the destruction of these hard copies after they
are created, and management has decided the best way to address this concern is by preventing
these files from being printed.
Which of the following would be the BEST control to implement?
A.
File encryption
B.
Printer hardening
C.
Clean desk policies
D.
Data loss prevention

Answer 116

DLP

Question 117

Which of the following security strategies allows a company to limit damage to internal systems
and provides loss control?
A.
Restoration and recovery strategies
Comptia SY0-401 Exam
"Pass Any Exam. Any Time." - www.actualtests.com 191
B.
Deterrent strategies
C.
Containment strategies
D.
Detection strategies

Answer 117

c

Question 118

Which of the following assets is MOST likely considered for DLP?
Comptia SY0-401 Exam
"Pass Any Exam. Any Time." - www.actualtests.com 194
A.
Application server content
B.
USB mass storage devices
C.
Reverse proxy
D.
Print server

Answer 118

b

Question 119

Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing
data in use?
A.
Email scanning
B.
Content discovery
C.
Database fingerprinting
D.
Endpoint protection

Answer 119

d

Question 120

Which of the following should Jane, a security administrator, perform before a hard drive is
analyzed with forensics tools?
A.
Identify user habits
B.
Disconnect system from network
C.
Capture system image
D.
Interview witnesses

Answer 120

C.

Capture system image

Question 121

A security administrator needs to image a large hard drive for forensic analysis. Which of the
following will allow for faster imaging to a second hard drive?
A.
cp /dev/sda /dev/sdb bs=8k
B.
Comptia SY0-401 Exam
"Pass Any Exam. Any Time." - www.actualtests.com 202
tail -f /dev/sda > /dev/sdb bs=8k
C.
dd in=/dev/sda out=/dev/sdb bs=4k
D.
locate /dev/sda /dev/sdb bs=4k

Answer 121

Answer: C

Question 122

NTP

Answer 122

Network Time Protocol

Question 123

The helpdesk reports increased calls from clients reporting spikes in malware infections on their
systems. Which of the following phases of incident response is MOST appropriate as a FIRST
response?
A.
Recovery
B.
Follow-up
C.
Validation
D.
Identification
E.
Eradication
F.
Containment

Answer 123

D

Question 124

In which of the following steps of incident response does a team analyze the incident and
determine steps to prevent a future occurrence?
A.
Mitigation
B.
Identification
C.
Preparation
D.
Lessons learned

Answer 124

D

Question 125

QUESTION NO: 307
A server dedicated to the storage and processing of sensitive information was compromised with a
rootkit and sensitive data was extracted. Which of the following incident response procedures is
best suited to restore the server?
A.
Wipe the storage, reinstall the OS from original media and restore the data from the last known
good backup.
B.
Keep the data partition, restore the OS from the most current backup and run a full system
antivirus scan.
C.
Format the storage and reinstall both the OS and the data from the most current backup.
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 214
D.
Erase the storage, reinstall the OS from most current backup and only restore the data that was
not compromised.

Answer 125

A.
Wipe the storage, reinstall the OS from original media and restore the data from the last known
good backup.

Question 126

In the initial stages of an incident response, Matt, the security administrator, was provided the hard
drives in question from the incident manager. Which of the following incident response procedures
would he need to perform in order to begin the analysis? (Select TWO).
A.
Take hashes
B.
Begin the chain of custody paperwork
C.
Take screen shots
D.
Capture the system image
E.
Decompile suspicious files

Answer 126

a , d

Question 127

Sara, a company’s security officer, often receives reports of unauthorized personnel having
access codes to the cipher locks of secure areas in the building. Sara should immediately
implement which of the following?

A.
Acceptable Use Policy
B.
Physical security controls
C.
Technical controls
D.
Security awareness training

Answer 127

Answer: D

Question 128

Ann a technician received a spear-phishing email asking her to update her personal information by
clicking the link within the body of the email. Which of the following type of training would prevent
Ann and other employees from becoming victims to such attacks?
A.
User Awareness
B.
Acceptable Use Policy
C.
Personal Identifiable Information
D.
Information Sharing

Answer 128

c

Question 129

QUESTION NO: 319
End-user awareness training for handling sensitive personally identifiable information would
include secure storage and transmission of customer:
A.
Date of birth.
B.
First and last name.
C.
Phone number.
D.
Employer name.

Answer 129

Answer: A
Explanation:
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely
identify an individual. This data can be anything from the person’s name to a fingerprint (think
biometrics), credit card number, or patient record. Date of birth is personally identifiable
information.

Question 130

Which of the following policies is implemented in order to minimize data loss or theft?
A.
PII handling
B.
Password policy
C.
Chain of custody
D.
Zero day exploits

Answer 130

Answer: A

Question 131

QUESTION NO: 326
What is the term for the process of luring someone in (usually done by an enforcement officer or a
government agent)?
A.
Enticement
B.
Entrapment
C.
Deceit
D.
Sting

Answer 131

A.

Enticement

Question 132

QUESTION NO: 329
Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be
accessed using the same password. The company’s network device security policy mandates that
at least one virtual terminal have a different password than the other virtual terminals. Which of the
following sets of commands would meet this requirement?
A.
line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password
B.
line console 0 password password line vty 0 4 password P@s5W0Rd
C.
line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd
D.
line vty 0 3 password Qwer++!Y line console 0 password P@s5W0Rd

Answer 132

c

Question 133

Which of the following security concepts would Sara, the security administrator, use to mitigate the
risk of data loss?
A.
Record time offset
B.
Clean desk policy
C.
Cloud computing
D.
Routine log review

Answer 133

b

Question 134

The manager has a need to secure physical documents every night, since the company began
enforcing the clean desk policy. The BEST solution would include: (Select TWO).
A.
Fire- or water-proof safe.
B.
Department door locks.
C.
Proximity card.
D.
24-hour security guard.
E.
Locking cabinets and drawers.

Answer 134

a, e

Question 135

A security researcher wants to reverse engineer an executable file to determine if it is malicious.
The file was found on an underused server and appears to contain a zero-day exploit. Which of
the following can the researcher do to determine if the file is malicious in nature?
A.
TCP/IP socket design review
B.
Executable code review
C.
OS Baseline comparison
D.
Software architecture review

Answer 135

c

Question 136

The information security team does a presentation on social media and advises the participants
not to provide too much personal information on social media web sites. This advice would BEST
Comptia SY0-401 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 235
protect people from which of the following?
A.
Rainbow tables attacks
B.
Brute force attacks
C.
Birthday attacks
D.
Cognitive passwords attacks

Answer 136

d

Question 137

Which of the following should be connected to the fire alarm system in order to help prevent the
spread of a fire in a server room without data loss to assist in an FM-200 deployment?
A.
Water base sprinkler system
B.
Electrical
C.
HVAC
D.
Video surveillance

Answer 137

C

Question 138

Which of the following is a security benefit of providing additional HVAC capacity or increased
tonnage in a datacenter?
A.
Increased availability of network services due to higher throughput
B.
Longer MTBF of hardware due to lower operating temperatures
C.
Higher data integrity due to more efficient SSD cooling
D.
Longer UPS run time due to increased airflow

Answer 138

B.

Longer MTBF of hardware due to lower operating temperatures

Question 139

EMI Shielding prevents theft of data t/f

Answer 139

t

Question 140

EMI Shielding is an environmental control t/f

Answer 140

t

Question 141

Ann is starting a disaster recovery program. She has gathered specifics and team members for a
meeting on site. Which of the following types of tests is this?
A.

Structured walkthrough
B.
Full Interruption test
C.
Checklist test
D.
Tabletop exercise

Answer 141

Structured walkthrough

Question 142

Which of the following is the MOST specific plan for various problems that can arise within a
system?
A.
Business Continuity Plan
B.
Continuity of Operation Plan
C.
Disaster Recovery Plan
D.
IT Contingency Plan

Answer 142

D

Question 143

Which of the following provides the LEAST availability?
A.
RAID 0
B.
RAID 1
C.
RAID 3
D.
RAID 5

Answer 143

a

Question 144

TPM

Answer 144

Trusted platform module - has hard drive encryption

Question 145

AES is symmetric or Asymmetric?

Answer 145

Symmetric

Question 146

SAML

Answer 146

Xml based, security assertion markup language

Question 147

what auth method uses shared secrets?

Answer 147

RADIUS

Question 148

Host software baseline identifies what?

Answer 148

list of approved software.

Question 149

Host software baseline is also called

Answer 149

application baseline

Question 150

TOTP

Answer 150

Time based one time password

Question 151

which review ensures systems are developed properly?

Answer 151

Design review

Question 152

What uses a storage root key?

Answer 152

TPM

Question 153

STP and RSTP do what

Answer 153

prevent loop switching problems

Question 154

PKI requires what?

Answer 154

a CA

Question 155

RTO

Answer 155

Recovery Time Objective. When do you have to be back on line?

Question 156

RPO

Answer 156

Recovery Point Objective - how much data can you lose?

Question 157

After copying a sensitive document from his desktop to a flash drive, Joe, a user, realizes that the
document is no longer encrypted. Which of the following can a security technician implement to
ensure that documents stored on Joe’s desktop remain encrypted when moved to external media
or other network based storage?
A.
Whole disk encryption
B.
Removable disk encryption
C.
Database record level encryption
D.
File level encryption

Answer 157

Answer: D
Explanation:
Encryption is used to ensure the confidentiality of information. In this case you should make use of
file level encryption. File level encryption is a form of disk encryption where individual files or
directories are encrypted by the file system itself. This is in contrast to full disk encryption where
the entire partition or disk, in which the file system resides, is encrypted.

Question 158

DLP

Answer 158

Data Loss Prevention

Question 159

Which of the following will BEST mitigate the risk if implemented on the switches?
A.
Spanning tree
B.
Flood guards
C.
Access control lists
D.
Syn flood

Answer 159

A

Question 160

IPV6 uses NDP/ARP

Answer 160

NDP

Question 161

HMAC is included in IPSEC

Answer 161

True