Ensurepass

QUESTION 281

Jane, a security administrator, notices that a program has crashed. Which of the following logs should Jane check?

A. Access log

B. Firewall log

C. Audit log

D. Application log

Correct Answer: D


QUESTION 282

A process in which the functionality of an application is tested with some knowledge of the internal mechanisms of the application is known as:

A. white hat testing.

B. black box testing.

C. black hat testing.

D. gray box testing.

Correct Answer: D


QUESTION 283

Which of the following passwords is the LEAST complex?

A. MyTrain!45

B. Mytr@in!!

C. MyTr@in12

D. MyTr@in#8

Correct Answer: B


QUESTION 284

Which of the following security benefits would be gained by disabling a terminated user account rather than deleting it?

A. Retention of user keys

B. Increased logging on access attempts

C. Retention of user directories and files

D. Access to quarantined files

Correct Answer: A


QUESTION 285

Which RAID level is LEAST suitable for disaster recovery plans?

A. 0

B. 1

C. 5

D. 6

Correct Answer: A


QUESTION 286

Which of the following security architecture elements also has sniffer functionality? (Select TWO).

A. HSM

B. IPS

C. SSL accelerator

D. WAP

E. IDS

Correct Answer: BE


QUESTION 287

During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool.

Which statement BEST describes her privileges?

A. All users have write access to the directory.

B. Jane has read access to the file.

C. All users have read access to the file.

D. Jane has read access to the directory.

Correct Answer: C


QUESTION 288

Sara, an IT security technician, is actively involved in identifying coding issues for her company. Which of the following is an application security technique that she can use to identify unknown weaknesses within the code?

A. Vulnerability scanning 54 / 78

The safer , easier way to help you pass any IT exams.

B. Denial of service

C. Fuzzing

D. Port scanning

Correct Answer: C


QUESTION 289

Sara, an IT security technician, has identified security weaknesses within her company 痵 code. Which of

the following is a common security coding issue?

A. Input validation

B. Application fuzzing

C. Black box testing

D. Vulnerability scanning

Correct Answer: A


QUESTION 290

Which of the following is an application security coding problem?

A. Error and exception handling

B. Patch management

C. Application hardening

D. Application fuzzing

Correct Answer: A


QUESTION 291

Pete, an IT security technician, needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?

A. Implement IIS hardening by restricting service accounts.

B. Implement database hardening by applying vendor guidelines.

C. Implement perimeter firewall rules to restrict access.

D. Implement OS hardening by applying GPOs.

Correct Answer: D


QUESTION 292

Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration?

A. Hard drive encryption

B. Infrastructure as a service

C. Software based encryption

D. Data loss prevention

Correct Answer: A


QUESTION 293

Jane, an IT security technician, receives a call from the vulnerability assessment team informing her that port 1337 is open on a user 痵 workstation.

Which of the following BEST describes this type of malware?

A. Logic bomb

B. Spyware

C. Backdoor

D. Adware

Correct Answer: C


QUESTION 294

Which of the following is based on asymmetric keys?

A. CRLs

B. Recovery agent

C. PKI

D. Registration

Correct Answer: C


QUESTION 295

Which of the following is BEST described as a notification control, which is supported by other identification controls?

A. Fencing

B. Access list

C. Guards

D. Alarm

Correct Answer: D


QUESTION 296

Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate?

A. Certification authority

B. Key escrow

C. Certificate revocation list

D. Registration authority

Correct Answer: A


QUESTION 297

Which of the following BEST describes the weakness in WEP encryption?

A. The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.

B. The WEP key is stored in plain text and split in portions across 224 packets of random data. Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.

C. The WEP key has a weak MD4 hashing algorithm used. A simple rainbow table can be used to generate key possibilities due to MD4 collisions.

D. The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.

Correct Answer: D


QUESTION 298

Which of the following is used to ensure message integrity during a TLS transmission?

A. RIPEMD

B. RSA

C. AES

D. HMAC

Correct Answer: D


QUESTION 299

Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in

56 / 78

The safer , easier way to help you pass any IT exams.

the system for $25,000. The breached system is scheduled to be replaced in five years. Which of the following should Sara do to address the risk?

A. Accept the risk saving $10,000.

B. Ignore the risk saving $5,000.

C. Mitigate the risk saving $10,000.

D. Transfer the risk saving $5,000.

Correct Answer: D


QUESTION 300

A company has asked Pete, a penetration tester, to test their corporate network. Pete was provided with all of the server names, configurations, and corporate IP addresses. Pete was then instructed to stay off of the Accounting subnet as well as the company web server in the DMZ. Pete was told that social engineering was not in the test scope as well.

Which of the following BEST describes this penetration test?

A. Gray box

B. Black box

C. White box

D. Blue box

Correct Answer: C


Download Latest SY0-301 Real Free Tests , help you to pass exam 100%.

Comments are closed.