Security+ Pre-Assesment Test Questions (SYO-401) Flashcards
Practice exam questions from the Study Guide and Practice Exams Guides.
You are the senior security officer within your organization and need to implement a security feature that controls which workstations can connect to a network switch. Which switch feature would you use? A. Disable unused ports B. Port mirroring C. VLANs D. Port security
D. Port security
Your manager would like to implement some form of technology that would only allow a VPN client to connect to the network if their system is up to date with patches and antivirus definitions. Which of the following would do this? A. NAT B. NAC C. VLANs D. 802.1x
B. NAC
You are researching and identifying any unsecure protocols used by applications on the network. You have learned that the network administrators are using Telnet to connect to routers and switches for remote administration. Which of the following protocols would you replace Telnet with to ensure secure communication? A. FTP B. HTTPS C. SSH D. SFTP
C. SSH
Your coworker, Matt, is looking to create a wireless network in the office to allow users to roam throughout the office with their laptops. Matt asks what steps he should take to configure some security on the wireless network. (Select three) A. Enable SSID broadcasting B. Disable SSID broadcasting C. Enable WEP D. Enable WPA2 E. Disable MAC Filtering F. Enable MAC Filtering
B. Disable SSID broadcasting D. Enable WPA2 F. Enable MAC Filtering
Your coworker, Jeff, is looking at configuring security controls to help create a more secure environment for your office. He is not sure what a management control is. Which of the following is an example of a management control? A. Security policy B. Firewall C. Antivirus software D. Backup
A. Security Policy
You are working on a risk assessment and need to calculate the ALE. Which of the following represents the formula for ALE? A. MTTF*SLE B. SLE/ARO C. MTTF/SLE D. SLE*ARO
D. SLE*ARO
You are reviewing the physical security for your office and would like to mitigate the risk of tailgating within your organization. Which of the following would you implement? A. Swipe cards B. Keypads C. Proximity readers D. Mantrap
D. Mantrap
You are the first responder for the incident response team at your company. What is your first goal when responding to a security incident? A. Perform a change audit B. Containment C. Back up the log files D. Capture an image
B. Containment
Which of the following attack types involves the hacker infecting a site you visit, which then infects your system when you visit the site? A. Phishing B. Vishing C. Watering hole D. Spoofing
C. Watering hole
You work for a software development company. Your manager has been hearing about a large number of buffer overflow attacks and is wondering how to help prevent the attacks against the software your company creates. What would you recommend? A. Input validation B. Patching C. Strong passwords D. Encryption
A. Input validation
You are looking at performing a security assessment of your organization, but your manager has expressed concerns and does not want any active attacks being performed against production systems. What type of assessment should you perform? A. Buffer overflow B. Penetrationtest C. Brute-force D. Vulnerability assessment
D. Vulnerability assessment
Your manager has tasked you with hardening the operating system of the accounting department system. Which of the following tasks will you perform? A. Add all accounts to the administrators group B. Disable unnecessary services C. Enable all interfaces D. Perform a brute-force attack
B. Disable unnecessary services
Which of the following is a method of testing applications against malicious input? A. Hashing B. Fuzzing C. Data labeling D. Zero day exploits
B. Fuzzing
The sales manager for your company wants to use his tablet for business purposes. Which of the following would you do to secure the data on the device? (Select two) A. Device encryption B. HTTPS C. WPA2 D. Disable SSID broadcasting E. Screen lock
A. Device encryption E. Screen lock
Your company is considering allowing employees to use their own devices in the office to perform their job. Which of the following would represent a valid concern of BYOD? A. Proper lighting B. ALE C. Data ownership D. TKIP
C. Data ownership
You are evaluating access control models and are looking to implement an access control model that involves assigning data labels to information. Which model should you use? A. DAC B. RBAC C. ARP D. MAC
D. MAC
Your manager has asked you to increase the security when it comes to authentication. You have decided to implement a two-factor authentication model. Which of the following would you use? A. PIN and retina scan B. Retina scan and fingerprint C. Password and PIN D. Username and password
A. PIN and retina scan
You have configured your password policy to require employees to change their password every 30 days, but you have recently realized that some employees have been using the same password for over 90 days. What policy setting should you configure? A. Password complexity B. Passwordlength C. Maximum password age D. Password history
D. Password history
The programmers in your company are creating an application that symmetrically encrypts information and they want to know what algorithm to use. Which of the following would you instruct them to use? A. MD5 B. RSA C. AES D. SHA1
C. AES
You are looking to use a hashing algorithm to verify the integrity of some data using a 160-bit hash value. Which of the following algorithms would you use? A. AES B. SHA1 C. RSA D. MD5
B. SHA1
