Exam Cram CompTIA Security+ SYO-301 Practice Questions ...

CompTIA Security+ SY0-301

Practice Questions Third Edition

Diane Barrett

800 East 96th Street, Indianapolis, Indiana 46240 USA

CompTIA Security+ SY0-301 Practice Questions Exam Cram, Third Edition

Publisher Paul Boger

Copyright ? 2012 by Pearson Education, Inc.

All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.

ISBN-13: 978-0-7897-4828-7 ISBN-10: 0-7897-4828-2

Printed in the United States of America

Second Printing: October 2013

Associate Publisher David Dusthimer

Acquisitions Editor Betsy Brown

Senior Development Editor Christopher Cleveland

Managing Editor Sandra Schroeder

Trademarks

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

Warning and Disclaimer

Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an "as is" basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the CD or programs accompanying it.

Bulk Sales

Que Publishing offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contact

U.S. Corporate and Government Sales 1-800-382-3419 corpsales@ For sales outside the U.S., please contact International Sales international@

Technical Editor Chris Crayton

Project Editor Mandie Frank

Copy Editor Barbara Hacha

Proofreader Leslie Joseph

Publishing Coordinator Vanessa Evans

Multimedia Developer Tim Warner

Cover Designer Gary Adair

Page Layout Studio Galou, LLC

Contents at a Glance

Introduction

5

CHAPTER 1 Domain 1.0: Network Security

9

CHAPTER 2 Domain 2.0: Compliance and Operational Security

75

CHAPTER 3 Domain 3.0: Threats and Vulnerabilities

135

CHAPTER 4 Domain 4.0: Application, Data, and Host Security

223

CHAPTER 5 Domain 5.0: Access Control and Identity Management

269

CHAPTER 6 Domain 6.0: Cryptography

317

iv

Table of Contents

CompTIA Security+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 It Pays to Get Certified . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 How Certification Helps Your Career . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 CompTIA Career Pathway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Join the Professional Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Content Seal of Quality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Why CompTIA? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 How to Obtain More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Who This Book Is For. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 What You Will Find in This Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Hints for Using This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Need Further Study? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter One Domain 1.0: Network Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Objective 1.1: Explain the security function and purpose of network devices and technologies. . . . . . . . . . . . . . . . . . . . . . . . . . 10 Objective 1.2: Apply and implement secure network administration principles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Objective 1.3: Distinguish and differentiate network design elements and compounds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Objective 1.4: Implement and use common protocols. . . . . . . . . . 32 Objective 1.5: Identify commonly used ports. . . . . . . . . . . . . . . . . 36 Objective 1.6: Implement wireless network in a secure manner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Objective 1.1: Explain the security function and purpose of network devices and technologies. . . . . . . . . . . . . . . . . . . . . . . . . . 44 Objective 1.2: Apply and implement secure network administration principles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Objective 1.3: Distinguish and differentiate network design elements and compounds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

v

Objective 1.4: Implement and use common protocols. . . . . . . . . . 45 Objective 1.5: Identify commonly used ports. . . . . . . . . . . . . . . . . 46 Objective 1.6: Implement wireless network in a

secure manner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Objective 1.1: Explain the security function and purpose of network devices and technologies. . . . . . . . . . . . . . . . . . . . . . . . . . 47

Objective 1.2: Apply and implement secure network administration principles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Objective 1.3: Distinguish and differentiate network design elements and compounds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Objective 1.4: Implement and use common protocols. . . . . . . . . . 65 Objective 1.5: Identify commonly used ports. . . . . . . . . . . . . . . . . 70 Objective 1.6: Implement wireless network in a secure

manner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Chapter Two Domain 2.0: Compliance and Operational Security . . . . . . . . . . . . . . . . . . . . . . . 75

Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Objective 2.1: Explain risk related concepts.. . . . . . . . . . . . . . . . . . 76 Objective 2.2: Carry out appropriate risk mitigation strategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Objective 2.3: Execute appropriate incident response procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Objective 2.4: Explain the importance of security related awareness and training. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Objective 2.5: Compare and contrast aspects of business continuity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Objective 2.6: Explain the impact and proper use of environmental controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Objective 2.7: Execute disaster recovery plans and procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Objective 2.8: Exemplify the concepts of confidentiality, integrity, and availability.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Objective 2.1: Explain risk related concepts. . . . . . . . . . . . . . . . . 108 Objective 2.2: Carry out appropriate risk mitigation strategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Objective 2.3: Execute appropriate incident response procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

vi

CompTIA Security+ SY0-301 Practice Questions Exam Cram

Objective 2.4: Explain the importance of security related awareness and training. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Objective 2.5: Compare and contrast aspects of business continuity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Objective 2.6: Explain the impact and proper use of environmental controls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Objective 2.7: Execute disaster recovery plans and procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Objective 2.8: Exemplify the concepts of confidentiality, integrity, and availability.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Objective 2.1: Explain risk related concepts. . . . . . . . . . . . . . . . . 111

Objective 2.2: Carry out appropriate risk mitigation strategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Objective 2.3: Execute appropriate incident response procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Objective 2.4: Explain the importance of security related awareness and training. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Objective 2.5: Compare and contrast aspects of business continuity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Objective 2.6: Explain the impact and proper use of environmental controls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Objective 2.7: Execute disaster recovery plans and procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Objective 2.8: Exemplify the concepts of confidentiality, integrity, and availability.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Chapter Three Domain 3.0: Threats and Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Objective 3.1: Analyze and differentiate among types of malware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Objective 3.2: Analyze and differentiate among types of attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Objective 3.3: Analyze and differentiate among types of social engineering attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Objective 3.4: Analyze and differentiate among types of wireless attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Objective 3.5: Analyze and differentiate among types of application attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Contents

vii

Objective 3.6: Analyze and differentiate among types of mitigation and deterrent techniques. . . . . . . . . . . . . . . . . . . . . . . 165

Objective 3.7: Implement assessment tools and techniques to discover security threats and vulnerabilities. . . . . . . . . . . . . . 174

Objective 3.8: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Objective 3.1: Analyze and differentiate among types of malware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Objective 3.2: Analyze and differentiate among types of attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Objective 3.3: Analyze and differentiate among types of social engineering attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Objective 3.4: Analyze and differentiate among types of wireless attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Objective 3.5: Analyze and differentiate among types of application attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Objective 3.6: Analyze and differentiate among types of mitigation and deterrent techniques. . . . . . . . . . . . . . . . . . . . . . . 182

Objective 3.7: Implement assessment tools and techniques to discover security threats and vulnerabilities. . . . . . . . . . . . . . 182

Objective 3.8: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.. . . . . . . . . . . . . . . . . . . . . . 183

Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Objective 3.1: Analyze and differentiate among types of malware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Objective 3.2: Analyze and differentiate among types of attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Objective 3.3: Analyze and differentiate among types of social engineering attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Objective 3.4: Analyze and differentiate among types of wireless attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Objective 3.5: Analyze and differentiate among types of application attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Objective 3.6: Analyze and differentiate among types of mitigation and deterrent techniques. . . . . . . . . . . . . . . . . . . . 210

Objective 3.7: Implement assessment tools and techniques to discover security threats and vulnerabilities. . . . . . . . . . . . . . 216

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download