Exam : SY0-101 Title : Security+ Ver : 11-13-2008 SY0-101 QUESTION Which of the following is NOT a valid access control mechanism? A DAC (Discretionary Access Control) list B SAC (Subjective Access Control) list C MAC (Mandatory Access Control) list D RBAC (Role Based Access Control) list Answer: B Explanation: There is no such thing as a SAC (Subjective Access Control) list QUESTION Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization? A MAC (Mandatory Access Control) B RBAC (Role Based Access Control) C DAC (Discretionary Access Control) D None of the above Answer: B Explanation: The RBAC model allows a user to act in a certain predetermined manner based on the role the user holds in the organization Users can be assigned certain roles system wide Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 12 QUESTION Which of the following best describes an access control mechanism that allows the data owner to create and administer access control? A MACs (Mandatory Access Control) B RBACs (Role Based Access Control) C LBACs (List Based Access Control) D DACs (Discretionary Access Control) Answer: D Explanation: The DAC model allows the owner of a resource to establish privileges to the information Actualtests.com - The Power of Knowing SY0-101 they own The DAC model would allow a user to share a file or use a file that someone else has shared The DAC model establishes an ACL that identifies the users who have authorization to that information This allows the owner to grant or revoke access to individuals or groups of individuals based on the situation This model is dynamic in nature and allows information to be shared easily between users Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 12 QUESTION Which of the following is an inherent flaw of DAC (Discretionary Access Control)? A DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse B DAC (Discretionary Access Control) relies on certificates, allowing attackers to use those certificates C DAC (Discretionary Access Control) does not rely on the identity of a user, allowing anyone to use an account D DAC (Discretionary Access Control) has no known security flaws Answer: A Explanation: In a DAC model, network users have some flexibility regarding how information is accessed This model allows users to dynamically share information with other users The process allows a more flexible environment, but it increases the risk of unauthorized disclosure of information Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 440 QUESTION Which of the following access control methods provides the most granular access to protected objects? A Capabilities B Access control lists C Permission bits D Profiles Answer: B Explanation: Access control lists enable devices in your network to ignore requests from specified users or systems, or grant certain network capabilities to them ACLs allow a stronger set Actualtests.com - The Power of Knowing SY0-101 of access controls to be established in your network The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 235 QUESTION You work as the security administrator at Certkiller com You set permissions on a file object in a network operating system which uses DAC (Discretionary Access Control) The ACL (Access Control List) of the file is as follows: Owner: Read, Write, Execute User A: Read, Write, - User B: -, -, - (None) Sales: Read,-, - Marketing: -, Write, - Other Read, Write, User "A" is the owner of the file User "B" is a member of the Sales group What effective permissions does User "B" have on the file? A User B has no permissions on the file B User B has read permissions on the file C User B has read and write permissions on the file D User B has read, write and execute permissions on the file Answer: A Explanation: The Owner is allowed to: Read, Write, & Execute User A is allowed to: Read, Write, & Sales is allowed to: Read, -, Marketing is allowed to: -, Write, Others are allowed to: Red, Write, And User B is allowed to nothing! -,-,-(None) QUESTION You work as the security administrator at Certkiller com Certkiller has a RBAC (Role Based Access Control) compliant system for which you are planning the security implementation There are three types of resources including files, printers, and mailboxes and four distinct departments with distinct functions including Sales, Marketing, Management, and Production in the system Each department needs access to different resources Each user has a workstation Which roles should you create to support the RBAC (Role Based Access Control) model? A file, printer, and mailbox roles B sales, marketing, management, and production roles C user and workstation roles D allow access and deny access roles Answer: B Actualtests.com - The Power of Knowing SY0-101 Explanation: Each distinct department (sales, marketing, management, and production) has their own role in the company, which probably includes using the: filer server, print server, and mail server So it would be wise to create roles for each department QUESTION With regard to DAC (Discretionary Access Control), which of the following statements are true? A Files that don't have an owner CANNOT be modified B The administrator of the system is an owner of each object C The operating system is an owner of each object D Each object has an owner, which has full control over the object Answer: D Explanation: The DAC model allows the owner of a resource to establish privileges to the information they own The DAC model would allow a user to share a file or use a file that someone else has shared The DAC model establishes an ACL that identifies the users who have authorized to that information This allows the owner to grant or revoke access to individuals or group of individuals based on the situation This model is dynamic in nature and allows information to be shared easily between users Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 12 QUESTION Which of the following are used to make access decisions in a MAC (Mandatory Access Control) environment? A Access control lists B Ownership C Group membership D Sensitivity labels Answer: D Explanation: Mandatory Access Control is a strict hierarchical model usually associated with governments All objects are given security labels known as sensitivity labels and are classified accordingly Then all users are given specific security clearances as to what they are allowed to access Actualtests.com - The Power of Knowing SY0-101 QUESTION 10 Which of the following access control methods allows access control decisions to be based on security labels associated with each data item and each user? A MACs (Mandatory Access Control) B RBACs (Role Based Access Control) C LBACs (List Based Access Control) D DACs (Discretionary Access Control) Answer: A Explanation: The MAC model is a static model that uses a predefined set of access privileges to files on the system The system administrator establishes these parameters and associates them with an account, files or resources The MAC model can be very restrictive Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 11 QUESTION 11 Which of the following access control methods relies on user security clearance and data classification? A RBAC (Role Based Access Control) B NDAC (Non-Discretionary Access Control) C MAC (Mandatory Access Control) D DAC (Discretionary Access Control) Answer: C Explanation: Mandatory Access Control is a strict hierarchical model, first developed by governments and it is based on classifying data on importance and categorizing data by department Users receive specific security clearances to access this data For instance, the most important piece of data would have the highest classification, where only the President would of that department would have access; while the least important resources would be classified at the bottom where everyone in the organization including the janitors could access it QUESTION 12 Which of the following is a characteristic of MAC (Mandatory Access Control)? A use levels of security to classify users and data B allow owners of documents to determine who has access to specific documents C use access control lists which specify a list of authorized users D use access control lists which specify a list of unauthorized users Actualtests.com - The Power of Knowing SY0-101 Answer: A Explanation: Mandatory Access Control is a strict hierarchical model, first developed by governments and it is based on classifying data on importance and categorizing data by department Users receive specific security clearances to access this data For instance, the most important piece of data would have the highest classification, where only the President would of that department would have access; while the least important resources would be classified at the bottom where everyone in the organization including the janitors could access it QUESTION 13 Which of the following terms represents a MAC (Mandatory Access Control) model? A Lattice B Bell La-Padula C BIBA D Clark and Wilson Answer: A Explanation: The word lattice is used to describe the upper and lower level bounds of a user' access permission QUESTION 14 Identify the access control model that makes use of security labels connected to the objects? A You should make use of the Role Based Access Control (RBAC) model B You should make use of the Mandatory Access Control (MAC) model C You should make use of the Rule Based Access Control (RBAC) model D You should make use of the Discretionary Access Control (DAC) model Answer: B QUESTION 15 Which of the following is an example of a task-based control model? A It is an example of Rule Based Access Control (RBAC) B It is an example of Mandatory Access Control (MAC) C It is an example of Role Based Access Control (RBAC) D It is an example of Discretionary Access Control (DAC) Actualtests.com - The Power of Knowing SY0-101 Answer: C QUESTION 16 Identify from the list below the access control models that makes use of subject and object labels? A You should identify Rule Based Access Control (RBAC) B You should identify Mandatory Access Control (MAC) C You should identify Discretionary Access Control (DAC) D You should identify Role Based Access Control (RBAC) Answer: B QUESTION 17 What is the access control model that explicitly assigns access rights to users? A Assigning access rights to a client is a Discretionary Access Control (DAC) characteristic B Assigning access rights to a client is a Rule Based Access Control (RBAC) characteristic C Assigning access rights to a client is a Mandatory Access Control (MAC) characteristic D Assigning access rights to a client is a Role Based Access Control (RBAC) characteristic Answer: A QUESTION 18 Identify the access decisions based on a Mandatory Access Control (MAC) environment? A Sensitivity labels are based on a Mandatory Access Control (MAC) environment B Access control lists are based on a Mandatory Access Control (MAC) environment C Group membership is based on a Mandatory Access Control (MAC) environment D Ownership is based on a Mandatory Access Control (MAC) environment Answer: A QUESTION 19 What access control model is a Windows file server an example of? A It is an example of a Discretionary Access Control (DAC) model B It is an example of a Role Based Access Control (RBAC) model C It is an example of a Mandatory Access Control (MAC) model D It is an example of a Rule Based Access Control (RBAC) model Actualtests.com - The Power of Knowing SY0-101 Answer: A QUESTION 20 Which servers should be located on a private network? A You should place a File and print server on the private network B You should place a Remote Access Server (RAS) on the private network C You should place an E-mail server on the private network D You should place a Web server on the private network Answer: A QUESTION 21 What model assigns sensitivity labels to users and their data? A You should identify the Discretionary Access Control (DAC) access control model B You should identify the Role Based Access Control (RBAC) access control model C You should identify the Mandatory Access Control (MAC) access control model D You should identify the Rule Based Access Control (RBAC) access control model Answer: C QUESTION 22 The Certkiller com network contains of various departments that makes use of an access control model The finance department only requires access to the personal data of staff and the marketing department only needs access to the production data Which access control model is MOST suitable? A The Discretionary Access Control (DAC) access control model would be most suitable B The Rule Based Access Control (RBAC) access control model would be most suitable C The Role Based Access Control (RBAC) access control model would be most suitable D The Mandatory Access Control (MAC) access control model would be most suitable Answer: C QUESTION 23 Which access controls are based on security labels assigned to every data item and every user? A You should identify Mandatory Access Control (MAC) B You should identify Role Based Access Control (RBAC) C You should identify Discretionary Access Control (DAC) D You should identify List Based Access Control (LBAC) Actualtests.com - The Power of Knowing SY0-101 Answer: A QUESTION 24 Determine the access control model where users are assigned access rights based on their function within the organization? A This is a feature of Discretionary Access Control (DAC) B This is a feature of Rule Based Access Control (RBAC) C This is a feature of Role Based Access Control (RBAC) D This is a feature of Mandatory Access Control (MAC) Answer: C QUESTION 25 Which of the following password generators is based on challenge-response mechanisms? A asynchronous B synchronous C cryptographic keys D smart cards Answer: A Explanation: An synchronous password generator, has an authentication server that generates a challenge (a large number or string) which is encrypted with the private key of the token device and has that token device's public key so it can verify authenticity of the request (which is independent from the time factor) That challenge can also include a hash of transmitted data, so not only can the authentication be assured; but also the data integrity QUESTION 26 Which of the following password management systems is designed to provide availability for a large number of users? A self service password resets B locally saved passwords C multiple access methods D synchronized passwords Answer: A Explanation: A self service password reset is a system where if an individual user forgets their password, they can reset it on their own (usually by answering a secret question on a web Actualtests.com - The Power of Knowing SY0-101 QUESTION 960 Choose the protocol that is most vulnerable to packet sniffing attacks aimed at intercepting username and password information A SSH (Secure Shell) B HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) C FTP (File Transfer Protocol) D SSL (Secure Sockets Layer) Answer: C QUESTION 961 Which component of a security triad deals with ensuring that any needed data is available when necessary? A Confidentiality B Availability C Integrity D Fault tolerance Answer: B QUESTION 962 Which of the following is FALSE for the MAC access method? A Security breaches are easy to identify, investigate and correct B Enforces a rigid model of security C Users are allowed to change permissions or rights that are associated with objects D All statements are TRUE Answer: C QUESTION 963 Which of the following statements regarding access control models is FALSE? A The MAC model uses Access Control Lists (ACLs) to map a user's access permissions to a resource B In the DAC model a user's access permissions to a resource is mapped to the user's account C The RBAC model uses the role or responsibilities users have in the organization to determine a user's access permissions to a resource D The MAC model uses predefined access privileges to a resource to determine a user's access permissions to a resource Answer: A Actualtests.com - The Power of Knowing SY0-101 QUESTION 964 Which of the following would be achieved by using encryption? (Select THREE) A Non-repudiation B Availability C Confidentiality D Authorization E Integrity Answer: A,C,E QUESTION 965 The concept of forensic analysis involves a standard approach or process Choose the correct combination of steps for this process A E A, B, C B Authenticate the evidence C Collect the evidence and analyze the evidence D Acquire the evidence E Analyze the evidence Answer: A QUESTION 966 You work as the security administrator at Certkiller com A hacker has recently accessed confidential company data from over the network You have just secured the crime scene and now want to preserve evidence What should you next? Choose all correct options A Document all messages being displayed by the computer B Take photographs of all information being displayed on all monitors that was used to access the confidential data C Collect all malfunctioning devices, and materials and equipment used in the crime scene for transport to another location D Shut down the computer to prevent any other attacks that could end up changing your data Answer: A,B QUESTION 967 A representative from the human resources department informs a security specialist that an employee has been terminated Which of the following would be the BEST action to take? A Disable the employee's user accounts and keep the data for a specified period of time Actualtests.com - The Power of Knowing SY0-101 B Change the employee's user password and keep the data for a specified period C Contact the employee's supervisor regarding disposition of user accounts D Disable the employee's user accounts and delete all data Answer: A QUESTION 968 Which of the following options best describe how a social engineering attack occurs? A A colleague spies on you in a quest to get your password and acquires it by reading as you type B You are e-mailed by your "manager" and he is out of town and forgot his password and you send him the necessary information C You are attacked and robbed of the necessary information D A family member told your "best friend" the password Answer: B QUESTION 969 Choose the type of encryption used by SSL (Secure Sockets Layer) A Secret encryption B Asymmetric key exchange C Public keys D Symmetric key exchange Answer: D QUESTION 970 Which of the following would be the BEST reason for certificate expiration? A To keep the server from using the same key for two sessions B Brute force techniques are likely to break the key if given enough time C Renewal keeps the log files from getting too large D The longer an encryption key is used the more processing power it will consume Answer: B QUESTION 971 Which access control model uses Access Control Lists to identify the users who have permissions to a resource? A RBAC B None of the above C DAC D MAC Actualtests.com - The Power of Knowing SY0-101 Answer: C QUESTION 972 What is the main reason why e-mail security concepts not work? A A lack of suitable software B The rate at which new viruses are being developed C Viruses are unstoppable D The workers lack of interest in updating virus definitions Answer: D QUESTION 973 Which security management model works on the basis that all new privilege assignments and privilege assignment modifications made to existing privileges are performed through one governing group? A Decentralized security management model B Centralized security management model C Both of the above D None of the above Answer: B QUESTION 974 Choose the option that best defines what a security patch is? A It is a fully tested hotfix, which addresses a new vulnerability, is mandatory for all users, and should be deployed as soon as possible B It is a not fully tested software fix which addresses a specific issue(s) being experienced by certain customers C It is a major, crucial update for an operating system or product for which it is intended, and consists of a collection of patches released to date since the operating system or product was shipped D It is a crucial update that should be deployed on each operating system installation as soon as possible Answer: A QUESTION 975 Which of the following measures can be used to secure twisted-pair cable networks from eavesdropping? A Protect the physical cables B Protect all critical network segments that connect hubs and switches, and provide Actualtests.com - The Power of Knowing SY0-101 connectivity to routers and servers C Check your network cable infrastructure regularly D All of the above E Protect all central connectivity devices such as patch panels and hubs Answer: D QUESTION 976 Which of the following attacks are being referred to if the attack involves the attacker gaining access to a host in the network and logically disconnecting it? A Smurf Attacks B TCP/IP Hijacking C UDP Attack D ICMP Attacks Answer: B QUESTION 977 Which of the following definitions fit correctly to TACACS? A It allows credentials to be accepted from multiple methods, including Kerberos B Is an older protocol that was used in early remote access environments C are used to make connections between private networks across a public network, such as the Internet D Has largely replaced SLIP and offers multiple protocol support including AppleTalk, IPX, and DECnet Answer: A QUESTION 978 You work as the security administrator at Certkiller com You are investigating the consequences of networks attacks aimed at FTP servers Which of the following states the aim of a FTP (File Transfer Protocol) bounce attack? A The attack aims to store and distribute malicious code B The attack aims to exploit a buffer overflow vulnerability on the FTP server C The attack aims to establish a connection between the FTP server and another computer D The attack aims to reboot the FTP server Answer: C QUESTION 979 Which of the following BEST describes actions pertaining to user account reviews? (Select TWO) Actualtests.com - The Power of Knowing SY0-101 A User accounts reports are periodically extracted from systems and end users are informed B User accounts reports are periodically extracted from systems and user access dates are verified C User account reports are periodically extracted from systems and employment verification is performed D User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes E User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization Answer: C,E QUESTION 980 Which of the following is based on granting users access to all the systems, applications and resources they need, when they start a computer session? A Principle of single sign-on (SSO) B Centralized privilege management C None of the above D Role-Based Access Control (RBAC) method Answer: A QUESTION 981 Which of the following ports does SMTP use? A 20 B 25 C 162 D 23 Answer: B QUESTION 982 Which of the following access attacks would involve putting a computer system between the sender and receiver to capture information? A Snooping B Interception C Eavesdropping D None of the above Answer: B Actualtests.com - The Power of Knowing SY0-101 QUESTION 983 Which of the following characteristics form part of an IEEE (Institute of Electrical and Electronics Engineers) connection? A All of the above B A wireless device C A low-power transmitter D An access point Answer: A QUESTION 984 Which of the following security topologies is a dual-homed device used to connect the outside network with the inside network This would also be one of the first devices where public traffic arrives, and where specialized software defines which types of traffic are allowed to pass through? A Bastion host B Screened host gateway C None of the above D Screened subnet gateway Answer: A QUESTION 985 A user accesses a retailer from an Internet search While browsing the retailer's web site, the user wants to purchase an item and enters the credit card information The user later observes unknown charges on the credit card bill and has not received the purchased items Which of the following actions should the user take? A Be sure that a URL is secure before entering personal information B Check for shipping delays for the requested items C Type the retailer's web address directly into the URL in the future D Limit the number of times online purchases are made monthly Answer: A QUESTION 986 At what radio frequency does an IEEE 802.11g wireless network operate? A 10 GHz B 5.4 GHz C 5.0 GHz D 2.4 GHz Answer: D Actualtests.com - The Power of Knowing SY0-101 QUESTION 987 Which of the following would originally link UNIX systems together in a dial-up environment? A RADIUS (Remote Authentication Dial-In User Service) B VPN C SLIP (Serial Line Internet Protocol) D PPP (Point-to-Point Protocol) Answer: C QUESTION 988 An SMTP server is the source of email spam in an organization Which of the following is MOST likely the cause? A Remote access to the email application's install directory has not been removed B Anonymous relays have not been disabled C The administrator account was not secured D X.400 connectors have not been password protected Answer: B QUESTION 989 Which of the following attacks are being referred to if packets are not connection-oriented and not require the synchronization process? A ICMP Attacks B TCP/IP Hijacking C UDP Attack D Smurf Attacks Answer: C QUESTION 990 An employee receives a request from a person claiming to be an employee at a remote office location The caller is knowledgeable about the company and the caller's name is listed in the company telephone and email directory; however, the caller claims there is an emergency and asks that the request be expedited Which of the following would be the BEST action for the employee to take? A Expedite the request since the caller's identity has been verified B Give the caller a supervisor's name and telephone number to request authority to expedite the request C Follow established procedures and report any abnormal incidents D Ask a supervisor for permission to deviate from established procedures due to the Actualtests.com - The Power of Knowing SY0-101 emergency Answer: C QUESTION 991 Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? A Revoke the key B Renew the key C Reconfigure the key D Delete the key Answer: A QUESTION 992 Which of the following definitions should BEST suit the functions of an e-mail server? A Makes use of a port used specifically for messages to be sent through B Notify you that a message carries a virus C Detect the viruses in the messages received from various sources and send warnings to the recipient to warn him/her of the risky mail D Forms a platform on which messages are sent Answer: C QUESTION 993 Which of the following are nonessential protocols and services? A Network News Transfer Protocol (NNTP) B Mail C NetBios services D Web Answer: C QUESTION 994 To which of the following viruses does the characteristic when the virus will attempt to avoid detection by masking itself from applications It may attach itself to the boot sector of the hard drive, form part of? A Stealth Virus B Retrovirus C Trojan Horse Virus D Polymorphic Virus Actualtests.com - The Power of Knowing SY0-101 Answer: A QUESTION 995 On the topic of the DAC (Discretionary Access Control) model, choose the statement(s) which are TRUE A The operating system is an owner of all objects B All objects have an owner, and this owner has full control over that specific object C All files that not have a specified owner cannot be modified D The system administrator is an owner of all objects Answer: B QUESTION 996 To which of the following viruses does the characteristic when the virus bypasses the antivirus software installed on a computer, form part of? A Stealth Virus B Trojan Horse Virus C Polymorphic Virus D Retrovirus Answer: D QUESTION 997 Monitoring changes to the current security policy represents the best way to audit which element? A Privilege B Usage C Privilege escalation D All of the above Answer: A QUESTION 998 Forensic investigations and response actions should define the actions for dealing with a number of situations Which of the following actions should you perform when an attack is in progress? Choose all options that apply A You should remove all affected systems immediately B You should remove the affected systems for immediate evidence collection and to recover the system C You should maintain connectivity so that you can continuously collect data on the attack Actualtests.com - The Power of Knowing SY0-101 D You should maintain connectivity for a possible return of the attacker Answer: A,C QUESTION 999 Which of the following definitions refers to X.500? A It is a standardized directory access protocol that allows queries to be made of directories B It stores information on all system resources, users, and any other relevant information about systems attached to a NetWare server C It is the backbone for all security, access, and network implementations from here on out D It was implemented by the International Telecommunications Union (ITU) Answer: D QUESTION 1000 You work as the security administrator at Certkiller com Certkiller com has headquarters in London and a branch office in Paris You must ensure that a secure connection is established between the London headquarters and the Paris branch office over the public network You deploy IPSec (Internet Protocol Security) to achieve this goal You must still configure the IPSec mode for the router at each location Which IPSec mode should you configure? A Secure moe B Data link mode C Tunnel mode D Transport mode Answer: C QUESTION 1001 Which of the following definitions BEST suit ActiveX? A It allows customized controls, icons, and other features to increase the usability of web enabled systems B It can also include a digital signature to verify authenticity C The client browser must have the ability to run Java applets in a virtual machine on the client D It is a programming language that allows access to system resources of the system running the script Answer: A Actualtests.com - The Power of Knowing SY0-101 QUESTION 1002 A company wants to connect the network to a manufacturer's network to be able to order parts Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? A Intranet B Scatternet C Extranet D VPN Answer: C QUESTION 1003 Which of the following are nonessential protocols and services? A Internet Control Message Protocol (ICMP) B Domain Name Service (DNS) C Network News Transfer Protocol (NNTP) D TFTP (Trivial File Transfer Protocol) Answer: D QUESTION 1004 Which of the following would be an easy way to determine whether a secure web page has a valid certificate? A Right click on the lock at the bottom of the browser and check the certificate information B Ensure that the web URL starts with 'https:\\' C Contact Thawte or Verisign and ask about the web page D Contact the web page's web master Answer: A QUESTION 1005 Which of the following CANNOT be performed by a proxy server? A Packet filtering B Data encryption C Network Address Translation D Web page caching Answer: B QUESTION 1006 What does the DAC access control model use to identify the users who have permissions Actualtests.com - The Power of Knowing SY0-101 to a resource? A Predefined access privileges B Access Control Lists C The role or responsibilities users have in the organization D None of the above Answer: B QUESTION 1007 Operating system hardening essentially means securing the operating system Which of the following is not a method, specific for securing the operating system? A Disable unnecessary programs, processes, and services and protocols B You should disable promiscuous mode C Use encryption to protect the transfer of sensitive information, and ensure that encryption is enabled between the server and client D Regularly check for vendor patches; and test and install all vendor patches E Consider using vulnerability scanners to assist you with identifying all potential security weaknesses Answer: C QUESTION 1008 One of the below options are correct regarding the DoS (Denial of Service) attack? A Placing a computer system between the sender and receiver to capture information B Listening or overhearing parts of a conversation C Prevention access to resources by users authorized to use those resources D Use of multiple computers to attack a single organization Answer: C QUESTION 1009 Which of the following is MOST often used to allow a client or partner access to a network? A Demilitarized zone (DMZ) B VLAN C Extranet D Intranet Answer: C QUESTION 1010 Which of the following identifies the layer of the OSI model where SSL provides Actualtests.com - The Power of Knowing SY0-101 encryption? A Network B Transport C Application D Session Answer: D QUESTION 1011 Of the different IDS types and analysis methods, which of the following is considered the simplest IDS system to implement? A Heuristic analysis IDS B Pattern matching network-based IDS C Stateful inspection network-based IDS D Protocol decode analysis IDS Answer: B QUESTION 1012 Security for the extranet security zone can include a number of strategies Choose the one that does not apply A Using VPN connections B Use host-based firewalls for computers that contain confidential data C Limiting the number of services provided D Removing all unnecessary services E Regularly auditing all services Answer: B QUESTION 1013 Which of the below options would you consider as a program that constantly observes data traveling over a network? A Smurfer B Fragmenter C Sniffer D Spoofer Answer: C QUESTION 1014 Which of the following Directory Services does the statement that it stores information on all system resources, users, and any other relevant information about systems attached Actualtests.com - The Power of Knowing SY0-101 to a NetWare server refer to? A X.500 B eDirectory C LDAP D Active Directory Answer: B QUESTION 1015 Which of the following is the primary method of performing network hardening? A Disable any unnecessary ports and services B Conduct vulnerability analysis C Deploy a firewall and IDS D Develop a trust model Answer: A Actualtests.com - The Power of Knowing ... following is an example of a task-based control model? A It is an example of Rule Based Access Control (RBAC) B It is an example of Mandatory Access Control (MAC) C It is an example of Role Based... Windows file server an example of? A It is an example of a Discretionary Access Control (DAC) model B It is an example of a Role Based Access Control (RBAC) model C It is an example of a Mandatory... Education, limit available information and security policy B Education, firewalls and security policy C Security policy, firewalls and incident response D Security policy, system logging and incident