Home > Articles > CompTIA > Security+

CompTIA Security+ SY0-201 Practice Questions: Assessment and Audits

  • Dec 8, 2009
This chapter provides practice questions, along with answers and explanations, for Assessment and Audits section of the Security+ exam.
This chapter is from the book

This chapter is from the book

CompTIA Security+ SY0-201 Practice Questions Exam Cram, 2nd Edition

Learn More Buy

This chapter is from the book

This chapter is from the book

CompTIA Security+ SY0-201 Practice Questions Exam Cram, 2nd Edition

Learn More Buy

To secure a network, it is important to identify the normal operating parameters so that you can recognize atypical variations from this baseline operational level. The first step toward minimizing the potential damage that may result from unauthorized access attempts is the detection and identification of an unauthorized intrusion. Intrusion detection requires a detailed understanding of all operational aspects of the network, along with a means to identify variations and bring these changes to the attention of the proper responsible parties. Auditing is done to protect the validity and reliability of organizational information and systems. As a security professional, you can audit a vast amount of data. Auditing can create a large repository of information that has to be filtered through. Monitoring can be as simple or complex as you want to make it. Many organizations monitor an extensive amount of information, whereas others may monitor little or nothing. As a prospective security professional, you should also take every opportunity you may find to expand your skill base beyond these basic foundational elements. The following list includes the key areas from Domain 4 that you need to master for the exam:

  • Conduct risk assessments and implement risk mitigation.
  • Carry out vulnerability assessments using common tools.
  • Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.
  • Use monitoring tools on systems and networks and detect security-related anomalies.
  • Compare and contrast various types of monitoring methodologies.
  • Execute proper logging procedures and evaluate the results.
  • Conduct periodic audits of system security settings.

Practice Questions

Objective 4.1: Conduct risk assessments and implement risk mitigation.

1.

Metrics for security baselines and hardening efforts rely on which of the following?

A.

Mitigation of threats and attacks

B.

Identification of security measures and policies

C.

Identification of vulnerability and risk

D.

Mitigation of vulnerability and risk

Quick Answer: 229

Detailed Answer: 232
2.

When the risk of equipment loss is covered by a full-replacement insurance policy, which of the following best describes the risk?

A.

Accepted

B.

Transferred

C.

Eliminated

D.

Mitigated

Quick Answer: 229

Detailed Answer: 232
3.

An organization removes legacy dial-up telephony modem devices to prevent war-dialing attacks. Which of the following best describes the risk?

A.

Accepted

B.

Transferred

C.

Eliminated

D.

Mitigated

Quick Answer: 229

Detailed Answer: 232
4.

When an organization installs a firewall to prevent attacks, which of the following best describes the risk?

A.

Accepted

B.

Transferred

C.

Eliminated

D.

Mitigated

Quick Answer: 229

Detailed Answer: 232
5.

When an organization decides the cost of an IDS is too expensive to implement, which of the following best describes the risk?

A.

Accepted

B.

Transferred

C.

Eliminated

D.

Mitigated

Quick Answer: 229

Detailed Answer: 232
6.

Which of the following best describes the primary purpose of a risk assessment?

A.

To collect user logins and passwords for administrative purposes

B.

To scan the network to find and address vulnerabilities

C.

To properly store and protect personally identifiable information

D.

To identify existing threats and potential mitigation mechanisms

Quick Answer: 229

Detailed Answer: 233
7.

Which of the following is the correct formula for calculating annual loss expectancy?

A.

SLE × ARO

B.

ALE × SLE

C.

ALE × ARO

D.

CLE × SLE

Quick Answer: 229

Detailed Answer: 233
8.

Which of the following best describes how single loss expectancy is calculated?

A.

Loss prevented minus the total cost of the solution

B.

Asset value multiplied by the threat exposure factor

C.

Threat factor multiplied by potential vulnerability

D.

Annualized rate of occurrence multiplied by threat factor

Quick Answer: 229

Detailed Answer: 233
9.

An organization has identified and reduced risk to a level that is comfortable and then implemented controls to maintain that level. Which of the following best describes this action?

A.

Risk management

B.

Risk acceptance

C.

Risk analysis

D.

Risk transference

Quick Answer: 229

Detailed Answer: 233
10.

An organization identified risks, estimated the impact of potential threats, and identified ways to reduce the risk without the cost of the prevention outweighing the risk. Which of the following best describes this action?

A.

Risk management

B.

Risk acceptance

C.

Risk analysis

D.

Risk transference

Quick Answer: 229

Detailed Answer: 233
11.

Which of the following best describes risk?

A.

Probability of threat exposure

B.

Cumulative loss expectancy

C.

Possibility of loss or danger

D.

Mitigation of loss or danger

Quick Answer: 229

Detailed Answer: 233
12.

During the process of risk assessment, which of the following would be reviewed? (Select all correct answers.)

A.

Audit policies

B.

Access methods

C.

Financial records

D.

Hiring procedures

Quick Answer: 229

Detailed Answer: 234
13.

Which of the following best describes return on investment?

A.

Estimating the impact of potential threats and identifying ways to reduce the risk

B.

Implemented controls to maintain a level of risk that is comfortable for the organization

C.

A measure of how effectively a company uses the money invested in its operations

D.

The ratio of money realized on an investment relative to the amount of money invested

Quick Answer: 229

Detailed Answer: 234
14.

When the return on investment is calculated, if the result is a negative number, which of the following is true?

A.

Less money was spent than the loss prevented.

B.

More money was spent than the loss prevented.

C.

The money spent was not a worthwhile investment.

D.

The money spent was an excellent investment.

Quick Answer: 229

Detailed Answer: 234
15.

Which of the following best describes exposure factor or probability?

A.

The weakness that allows an attacker to violate the integrity of a system

B.

The actual amount of loss prevented by implementing a total cost solution

C.

The percentage of loss that a realized threat could have on a certain asset

D.

The estimated possibility of a specific threat taking place in a one-year period

Quick Answer: 229

Detailed Answer: 234

Objective 4.2: Carry out vulnerability assessments using common tools.

1.

Which of the following is a software utility that will scan a single machine or a range of IP addresses checking for a response on service connections?

A.

Port scanner

B.

Network mapper

C.

Protocol analyzer

D.

Vulnerability scanner

Quick Answer: 229

Detailed Answer: 235
2.

Which of the following is a software utility that will scan a range of IP addresses testing for the present of known weaknesses in software configuration and accessible services?

A.

Port scanner

B.

Network mapper

C.

Protocol analyzer

D.

Vulnerability scanner

Quick Answer: 229

Detailed Answer: 235
3.

Which of the following is a software utility that is used on a hub, a switch supervisory port, or in line with network connectivity to allow the analysis of network communications?

A.

Port scanner

B.

Network mapper

C.

Protocol analyzer

D.

Vulnerability scanner

Quick Answer: 229

Detailed Answer: 235
4.

Which of the following is a software utility that is used to conduct network assessments over a range of IP addresses and compiles a listing of all systems, devices, and hardware present within a network segment?

A.

Port scanner

B.

Network mapper

C.

Protocol analyzer

D.

Vulnerability scanner

Quick Answer: 229

Detailed Answer: 235
5.

Which of the following best describes the purpose of OVAL?

A.

An abstract description for layered communications and computer network protocol design

B.

A family of standards dealing with local area networks and metropolitan area networks

C.

An international standard setting body composed of representatives from various national standards organizations

D.

An international language for representing vulnerability information allowing the development of vulnerability test tools

Quick Answer: 229

Detailed Answer: 235
6.

An administrator working in the Department of Homeland Security needs to document standards for the assessment process of systems. Which of the following would be most useful to the administrator?

A.

OVAL

B.

IEEE

C.

ISO

D.

ISSA

Quick Answer: 229

Detailed Answer: 235
7.

An organization wants to select an assessment tool for creating an inventory of services hosted on networked systems. Which of the following should the organization choose?

A.

Port scanner

B.

Network mapper

C.

Protocol analyzer

D.

Vulnerability scanner

Quick Answer: 229

Detailed Answer: 235
8.

An organization wants to select an assessment tool that will examine individual protocols and specific endpoints. Which of the following should the organization choose?

A.

Port scanner

B.

Network mapper

C.

Protocol analyzer

D.

Vulnerability scanner

Quick Answer: 229

Detailed Answer: 236
9.

An organization wants to select an assessment tool for checking particular versions and patch levels of a service. Which of the following should the organization choose?

A.

Port scanner

B.

Network mapper

C.

Protocol analyzer

D.

Vulnerability scanner

Quick Answer: 229

Detailed Answer: 236
10.

An organization wants to select an assessment tool that will create graphical details suitable for reporting on network configurations. Which of the following should the organization choose?

A.

Port scanner

B.

Network mapper

C.

Protocol analyzer

D.

Vulnerability scanner

Quick Answer: 229

Detailed Answer: 236
11.

An organization wants to select an assessment tool that will directly test user logon password strength. Which of the following should the organization choose?

A.

Password Locker

B.

Password generator

C.

Password cracker

D.

Password keychain

Quick Answer: 229

Detailed Answer: 236
12.

Which of the following best describes the difference between a port scanner and a vulnerability scanner?

A.

Port scanners only test for the availability of services; vulnerability scanners check for a particular version or patch level of a service.

B.

Port scanners compile a listing of all hardware present within a network segment; vulnerability scanners check for the availability of services.

C.

Vulnerability scanners only test for the availability of services; port scanners check for a particular version or patch level of a service.

D.

Vulnerability scanners compile a listing of all hardware present within a network segment; port scanners test for the availability of services.

Quick Answer: 229

Detailed Answer: 236
13.

When using a password cracker to test mandatory complexity guidelines, which of the following should the password cracker provide?

A.

The password only

B.

The password and hash value

C.

The username and password

D.

The strength of the password

Quick Answer: 229

Detailed Answer: 237
14.

An organization wants to select an assessment tool that will report information used to identify single points of failure. Which of the following should the organization choose?

A.

Port scanner

B.

Network mapper

C.

Protocol analyzer

D.

Vulnerability scanner

Quick Answer: 229

Detailed Answer: 237
15.

Which of the following tools is often referred to as a packet sniffer?

A.

Port scanner

B.

Network mapper

C.

Protocol analyzer

D.

Vulnerability scanner

Quick Answer: 229

Detailed Answer: 237

Objective 4.3: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.

1.

Which of the following is best described as a friendly attack against a network to test the security measures put into place?

A.

Vulnerability assessment

B.

Penetration test

C.

Security assessment

D.

Compliance test

Quick Answer: 229

Detailed Answer: 237
2.

Which of the following are the most serious downsides to conducting a penetration test? (Select all correct answers.)

A.

They can cause some disruption to network operations.

B.

The help desk can be flooded by affected users.

C.

They can generate false data in IDS systems.

D.

External users can have difficulty accessing resources.

Quick Answer: 229

Detailed Answer: 237
3.

Which of the following is true about inexperienced internal systems administrators performing penetration tests against the organizational network? (Select all correct answers.)

A.

It is a safe practice.

B.

It is a bad practice.

C.

It may be a violation of privacy laws.

D.

It does not violate any privacy laws.

Quick Answer: 229

Detailed Answer: 238
4.

Which of the following is true about the relationship between vulnerability assessment and penetration testing?

A.

They are inversely related.

B.

They are contradictory.

C.

They are separate functions.

D.

They are complementary.

Quick Answer: 229

Detailed Answer: 238
5.

Which of the following is the main security risk of penetration testing?

A.

It can conceal aggression that is unrelated to the test.

B.

It can affect user connectivity and resource access.

C.

It can disrupt the normal business environment.

D.

It can weaken the network’s security level.

Quick Answer: 229

Detailed Answer: 238

Objective 4.4: Use monitoring tools on systems and networks and detect security-related anomalies.

1.

Which of the following would most likely be used as a troubleshooting tool to tell whether a route is available to a host?

A.

tracert

B.

netstat

C.

nslookup

D.

ping

Quick Answer: 230

Detailed Answer: 238
2.

Which of the following would most likely be used as a troubleshooting tool in a Windows environment to test the connectivity path a packet takes to arrive at the destination?

A.

tracert

B.

netstat

C.

nslookup

D.

ping

Quick Answer: 230

Detailed Answer: 238
3.

Which of the following would most likely be used to troubleshoot a Domain Name System (DNS) server database?

A.

tracert

B.

netstat

C.

nslookup

D.

ping

Quick Answer: 230

Detailed Answer: 238
4.

Which of the following would most likely be used to display all the ports on which the computer is currently listening?

A.

tracert

B.

netstat

C.

nslookup

D.

ping

Quick Answer: 230

Detailed Answer: 239
5.

Which of the following is used in a Windows environment to verify the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration?

A.

traceroute

B.

ipconfig

C.

netstat

D.

ifconfig

Quick Answer: 230

Detailed Answer: 239
6.

Which of the following is the most likely reason the ping command returns a time out when trying to contact an external host?

A.

The host is unavailable.

B.

DNS traffic is blocked.

C.

The host network is unavailable.

D.

ICMP traffic is blocked.

Quick Answer: 230

Detailed Answer: 239
7.

Which of the following best describes benchmarking?

A.

A measuring of normal activity

B.

The improving of system performance

C.

Determining how much load a server can handle

D.

Spreading work between two or more computers

Quick Answer: 230

Detailed Answer: 239
8.

Which of the following best describes a baseline?

A.

A measure of normal activity

B.

The improvement of system performance

C.

A comparison of how much load a server can handle

D.

The distribution of work between two or more computers

Quick Answer: 230

Detailed Answer: 239
9.

Which of the following protocols is used by the ping utility?

A.

ICMP

B.

SNMP

C.

SMTP

D.

NNTP

Quick Answer: 230

Detailed Answer: 239
10.

Which of the following is used for tracking and viewing the utilization of operating system resources?

A.

Event Viewer

B.

Performance console

C.

Network Monitor

D.

Task Manager

Quick Answer: 230

Detailed Answer: 239
11.

Which of the following is used for system monitoring by allowing an administrator to view actions that occur on the system?

A.

Event Viewer

B.

Performance console

C.

Network Monitor

D.

Task Manager

Quick Answer: 230

Detailed Answer: 240
12.

Which of the following is Microsoft’s version of a protocol analyzer that comes with Windows Server operating systems?

A.

Event Viewer

B.

Performance console

C.

Network Monitor

D.

Task Manager

Quick Answer: 230

Detailed Answer: 240
13.

Which of the following gives you an instant history view of CPU and memory usage?

A.

Event Viewer

B.

Performance console

C.

Network Monitor

D.

Task Manager

Quick Answer: 230

Detailed Answer: 240
14.

The network administrator for the organization attempts to access the security log in Event Viewer on the file server, but the log file does not contain any entries. Which of the following is the most likely reason the security log is missing?

A.

Logging is not enabled.

B.

The security log is not shared.

C.

Auditing is not enabled.

D.

The security log is not stored on the server.

Quick Answer: 230

Detailed Answer: 240
15.

Which of the following is an application layer protocol used to collect statistics from TCP/IP devices?

A.

ICMP

B.

SNMP

C.

SMTP

D.

NNTP

Quick Answer: 230

Detailed Answer: 240
16.

At which of the following levels should the operating system be monitored to detect rootkits?

A.

Kernel

B.

Network

C.

Application

D.

Shell

Quick Answer: 230

Detailed Answer: 240
17.

An organization is concerned about unauthorized users attempting to access network resources. Which of the following tools will the organization use to monitor user access activity?

A.

Event Viewer

B.

Performance console

C.

Network Monitor

D.

Task Manager

Quick Answer: 230

Detailed Answer: 240
18.

An organization is concerned about high I/O and CPU usage on the servers. Which of the following tools will the organization use to monitor resource activity?

A.

Event Viewer

B.

Performance console

C.

Network Monitor

D.

Task Manager

Quick Answer: 230

Detailed Answer: 241
19.

An organization is concerned about high memory and CPU usage on the local user machines. Which of the following tools will the organization use to spot check resource activity?

A.

Event Viewer

B.

Performance console

C.

Network Monitor

D.

Task Manager

Quick Answer: 230

Detailed Answer: 241
20.

An organization is having internal network connectivity issues and would like to implement a packet sniffer. Which of the following tools will the organization use to conduct this activity?

A.

Event Viewer

B.

Performance console

C.

Network Monitor

D.

Task Manager

Quick Answer: 230

Detailed Answer: 241
21.

Several users appear to be having internal network connectivity issues. The systems administrator is not exactly sure where the problem lies. Upon going to a workstation and opening a command prompt, which of the following commands would most likely be typed first?

A.

tracert

B.

netstat

C.

nslookup

D.

ipconfig

Quick Answer: 230

Detailed Answer: 241
22.

The users appear to be having connectivity issues to a vendor’s web hosted application. The systems administrator is not exactly sure where the problem lies. Upon going to a workstation and opening a command prompt, which of the following commands would most likely be typed first?

A.

tracert

B.

netstat

C.

nslookup

D.

ipconfig

Quick Answer: 230

Detailed Answer: 241
23.

No one seems to be able to contact the intranet using DNS names but the intranet can be contacted by using the IP address. After opening a command prompt, which of the following commands would most likely be typed first?

A.

tracert

B.

netstat

C.

nslookup

D.

ipconfig

Quick Answer: 230

Detailed Answer: 241
24.

A user reports slowness and intermittent odd activity on their workstation. After opening a command prompt, which of the following commands would most likely be typed first?

A.

tracert

B.

netstat

C.

nslookup

D.

ipconfig

Quick Answer: 230

Detailed Answer: 241
25.

Which of the following is true about baselines? (Select all correct answers.)

A.

An initial baseline should be done for the network but not applications.

B.

Baselines must be updated on a regular basis.

C.

Baselines do not need to be updated when new technology is added.

D.

Baselines must be updated when the network has changed.

Quick Answer: 230

Detailed Answer: 242

Objective 4.5: Compare and contrast various types of monitoring methodologies.

1.

Which of the following best describes behavior-based monitoring?

A.

Looks at patterns of access that have been established

B.

Looks at the way certain executable files make a computer act

C.

Looks for specific byte sequences that appear in attack traffic

D.

Looks for traffic behavior that is new or unusual

Quick Answer: 230

Detailed Answer: 242
2.

Which of the following best describes anomaly-based monitoring?

A.

Looks at patterns of access that have been established

B.

Looks at the way certain executable files make a computer act

C.

Looks for specific byte sequences that appear in attack traffic

D.

Looks for traffic behavior that is new or unusual

Quick Answer: 230

Detailed Answer: 242
3.

Which of the following best describes signature-based monitoring?

A.

Looks at patterns of access that have been established

B.

Looks at the way certain executable files make a computer act

C.

Looks for specific byte sequences that appear in attack traffic

D.

Looks for traffic behavior that is new or unusual principal

Quick Answer: 230

Detailed Answer: 242
4.

An organization is concerned about buffer overflow attacks. Which of the following monitoring methods will best suit the organization?

A.

Signature-based monitoring

B.

Anomaly-based monitoring

C.

Performance-based monitoring

D.

Behavior-based monitoring

Quick Answer: 230

Detailed Answer: 243
5.

An organization is concerned about internal misuse. Which of the following monitoring methods will best suit the organization?

A.

Signature-based monitoring

B.

Anomaly-based monitoring

C.

Performance-based monitoring

D.

Behavior-based monitoring

Quick Answer: 230

Detailed Answer: 243
6.

An organization is concerned about system compromises from older known attacks on unpatched systems. Which of the following monitoring methods will best suit the organization?

A.

Signature-based monitoring

B.

Anomaly-based monitoring

C.

Performance-based monitoring

D.

Behavior-based monitoring

Quick Answer: 230

Detailed Answer: 243
7.

An organization wants to implement a monitoring solution that returns few false positives and does not use a lot of system resources. Which of the following monitoring methods will best suit the organization?

A.

Signature-based monitoring

B.

Anomaly-based monitoring

C.

Performance-based monitoring

D.

Behavior-based monitoring up

Quick Answer: 230

Detailed Answer: 243
8.

An organization wants to implement a monitoring solution that can be used in a mixed operating system environment and not dependent on OS-specific mechanisms. Which of the following monitoring methods will best suit the organization?

A.

Signature-based monitoring

B.

Anomaly-based monitoring

C.

Performance-based monitoring

D.

Behavior-based monitoring

Quick Answer: 230

Detailed Answer: 243
9.

An organization wants to implement a monitoring solution that includes video surveillance. Which of the following monitoring methods will best suit the organization?

A.

Signature-based monitoring

B.

Anomaly-based monitoring

C.

Performance-based monitoring

D.

Behavior-based monitoring

Quick Answer: 230

Detailed Answer: 243
10.

An organization wants to implement a monitoring solution that does not require a lot of software updating and can be self-learning. Which of the following monitoring methods will best suit the organization?

A.

Signature-based monitoring

B.

Anomaly-based monitoring

C.

Performance-based monitoring

D.

Behavior-based monitoring

Quick Answer: 230

Detailed Answer: 244
11.

An organization wants to implement a monitoring solution that returns a low number of false positives. Which of the following monitoring methods will best suit the organization?

A.

Signature-based monitoring

B.

Anomaly-based monitoring

C.

Performance-based monitoring

D.

Behavior-based monitoring

Quick Answer: 230

Detailed Answer: 244
12.

An organization that issues credit cards requires spending profiles for their customers. Which of the following monitoring methods will best suit the organization?

A.

Signature-based monitoring

B.

Anomaly-based monitoring

C.

Performance-based monitoring

D.

Behavior-based monitoring

Quick Answer: 230

Detailed Answer: 244
13.

An organization requires a monitoring solution that determines if program is malicious by inspecting the stream of system calls that the program issues to the operating system. Which of the following monitoring method will best suit the organization?

A.

Signature-based monitoring

B.

Anomaly-based monitoring

C.

Performance-based monitoring

D.

Behavior-based monitoring

Quick Answer: 230

Detailed Answer: 244
14.

Which of the following are disadvantages of using a behavior-based monitoring solution? (Select all correct answers.)

A.

The rule sets need constant updating.

B.

It can generate false positives.

C.

File checking is quite slow.

D.

It is based on passive monitoring.

Quick Answer: 230

Detailed Answer: 244
15.

Which of the following are disadvantages of using a signature-based monitoring solution? (Select all correct answers.)

A.

The rule sets need constant updating.

B.

It can generate false positives.

C.

File checking is quite slow.

D.

It is based on passive monitoring.

Quick Answer: 230

Detailed Answer: 244
16.

Which of the following are advantages of using a behavior-based monitoring solution? (Select all correct answers.)

A.

Can monitor for malware activities

B.

Triggers a low number of false positives

C.

Can identify polymorphic viruses

D.

Uses very few system resources

Quick Answer: 230

Detailed Answer: 245
17.

Which of the following are advantages of using a signature-based monitoring solution? (Select all correct answers.)

A.

Can monitor for malware activities

B.

Triggers a low number of false positives

C.

Can identify polymorphic viruses

D.

Uses very few system resources

Quick Answer: 230

Detailed Answer: 245
18.

An organization requires a monitoring solution for a highly secure environment in which the individual use patterns for each user profile can be identified. Which of the following monitoring method will best suit the organization?

A.

Signature-based monitoring

B.

Anomaly-based monitoring

C.

Performance-based monitoring

D.

Behavior-based monitoring

Quick Answer: 230

Detailed Answer: 245
19.

Which of the following types of attacks are anomaly-based monitoring solutions best at detecting? (Select all correct answers.)

A.

DoS attacks based on payloads

B.

Protocol and port exploitation

C.

Documented malicious software

D.

Known intrusive activity

Quick Answer: 230

Detailed Answer: 245
20.

Which of the following types of attacks are signature-based monitoring solutions best at detecting? (Select all correct answers.)

A.

DoS attacks based on payloads or volume

B.

Protocol and port exploitation

C.

Documented malicious software

D.

Known intrusive activity

Quick Answer: 230

Detailed Answer: 245

Objective 4.6: Execute proper logging procedures and evaluate the results.

1.

Which of the following best describes system logging?

A.

The process of measuring the performance of a network

B.

The process of collecting data to be used for monitoring

C.

The process of tracking users and actions on the network

D.

The process of observing of the state of a system

Quick Answer: 230

Detailed Answer: 245
2.

To get an accurate view of a network, which of the following must precede logging?

A.

Baselining

B.

Auditing

C.

Monitoring

D.

Archiving

Quick Answer: 230

Detailed Answer: 245
3.

Which of the following best describes the way logging should be implemented?

A.

Only the user events should be logged.

B.

Only pertinent events should be logged.

C.

All events should be logged so nothing is missed.

D.

Nothing should be logged until there is a need for it.

Quick Answer: 230

Detailed Answer: 245
4.

Which of the following would be considered a best practice for improved server performance when deciding where to store log files?

A.

Store in the system directory of a machine in the DMZ

B.

Store in the system directory on the local machine

C.

Store on a nonsystem striped or mirrored disk volume

D.

Store on a nonsystem disk volume on the local machine

Quick Answer: 230

Detailed Answer: 246
5.

Which of the following would be considered a best security practice when deciding where to store log files?

A.

Stored in the system directory on the local machine

B.

Stored in a data directory on a server in the Intranet

C.

Stored in the system directory of a machine in the DMZ

D.

Stored in a centralized repository of an offline volume

Quick Answer: 230

Detailed Answer: 246
6.

An organization requires the implementation of an enterprise application logging strategy. Which of the following would be a critical analysis consideration when choosing a solution?

A.

A proprietary custom-built solution

B.

Already built-in application logging solutions

C.

A solution that uses standard protocols and formats

D.

A variety of solutions that each use different formats

Quick Answer: 230

Detailed Answer: 246
7.

An organization chooses to implement a manual application logging strategy and desires to use a format that can readily be parsed. Which of the following formats will meet the organizational requirements?

A.

CSV

B.

HTML

C.

TXT

D.

SQL

Quick Answer: 230

Detailed Answer: 246
8.

Application logging standards should be implemented for the types of events the organization logs based on which of the following? (Select all correct answers.)

A.

User requirements

B.

Vendor requirements

C.

Business requirements

D.

Regulatory requirements

Quick Answer: 230

Detailed Answer: 246
9.

Which of the following is pertinent in addition to reading the log files?

A.

Knowing how to correlate events

B.

Knowing how to parse log files

C.

Knowing how to delete events

D.

Knowing how to export log files

Quick Answer: 230

Detailed Answer: 246
10.

Internet Information Services (IIS) logs can be used for which of the following purposes? (Select all correct answers.)

A.

Assess content

B.

Identify bottlenecks

C.

End processes

D.

Investigate attacks

Quick Answer: 230

Detailed Answer: 246
11.

Which of the following most accurately describes best practice for using Microsoft DNS logging?

A.

Only the user events should be logged.

B.

Only pertinent events should be logged.

C.

All events should be logged so nothing is missed.

D.

Nothing should be logged until there is a need for it.

Quick Answer: 230

Detailed Answer: 246
12.

Which of the following would be the first place an administrator would look when troubleshooting Microsoft DNS-related issues?

A.

The DNS debug log file

B.

The Event Viewer DNS server log file

C.

Syslog channel log.msgs

D.

The Event Viewer Application log file

Quick Answer: 230

Detailed Answer: 246
13.

Which of the following would be the first place an administrator would look when troubleshooting UNIX- or Linux-based systems?

A.

Mtools.conf

B.

Msconfig

C.

Event Viewer

D.

Syslogd

Quick Answer: 230

Detailed Answer: 247
14.

Which of the following would be considered best practices for system logging? (Select all correct answers.)

A.

For easy compilation, keep log files in plain text.

B.

When permissible, encrypt the log files.

C.

Store log files on a stand-alone system.

D.

Store log files on individual system data partitions.

Quick Answer: 230

Detailed Answer: 247
15.

Which of the following would an administrator use to end applications that get hung up without having to reboot the machine?

A.

Network Monitor

B.

Task Manager

C.

Event Viewer

D.

Performance Console

Quick Answer: 230

Detailed Answer: 247
16.

Which of the following would provide information for troubleshooting remote-access policy issues?

A.

Internet Information Services logging

B.

Critical and error level logging

C.

Authentication and accounting logging

D.

Event Viewer Application logging

Quick Answer: 230

Detailed Answer: 247
17.

Which of the following are events in the firewall log that require additional examination? (Select all correct answers.)

A.

Traffic on port 25

B.

HTTP traffic

C.

Blocked attempts

D.

Suspicious signatures

Quick Answer: 230

Detailed Answer: 247
18.

The organizational firewall log shows repeated traffic to port 53. This could be an indication of which of the following types of attacks? (Select all correct answers.)

A.

Cross-site scripting

B.

Denial of service

C.

Distributed denial of service

D.

SQL injection

Quick Answer: 230

Detailed Answer: 247
19.

Which of the following types of logging events are most commonly found in antivirus software? (Select all correct answers.)

A.

Updates

B.

Dropped packets

C.

Quarantined viruses

D.

Update history

Quick Answer: 230

Detailed Answer: 247
20.

An organization primarily contracts workers and is concerned about remote-access usage and remote authentication attempts. Which of the following would the organization implement to track this type of activity?

A.

Firewall logging

B.

RRAS logging

C.

IIS logging

D.

System logging

Quick Answer: 230

Detailed Answer: 247

Objective 4.7: Conduct periodic audits of system security settings.

1.

Which of the following best describes auditing?

A.

The process of measuring the performance of a network

B.

The process of collecting data to be used for monitoring

C.

The process of tracking users and actions on the network

D.

The process of observing the state of a system

Quick Answer: 231

Detailed Answer: 248
2.

Which of the following are unintended consequences when auditing is not clear-cut or built around the organizational goals and policies? (Select all correct answers.)

A.

Irrelevant information is gathered.

B.

Important security events are deleted.

C.

User hard drives quickly run out of space.

D.

System administrators have reduced workloads.

Quick Answer: 231

Detailed Answer: 248
3.

A systems administrator is tasked with auditing user privileges. Which of the following steps must be taken? (Select two correct answers.)

A.

Enable logging within the operating system.

B.

Enable auditing within the operating system.

C.

Specify the resources to be audited.

D.

Specify the audit file storage directory.

Quick Answer: 231

Detailed Answer: 248
4.

An organization has primarily contract workers and is concerned about unauthorized and unintentional access on these accounts. Which of the following would the organization audit to track this type of activity?

A.

Group policies

B.

Retention polices

C.

DHCP events and changes

D.

Access use and rights changes

Quick Answer: 231

Detailed Answer: 248
5.

Which of the following are user rights used by processes? (Select all correct answers.)

A.

Process tracking

B.

Create a token object

C.

Bypass traverse checking

D.

Account management

Quick Answer: 231

Detailed Answer: 248
6.

Which of the following is true about the auditing of failed logon events and successful login events?

A.

Only failed events should be audited.

B.

Only successful events should be audited.

C.

Both successful and failed events should be audited.

D.

Neither one should be audited unless absolutely necessary.

Quick Answer: 231

Detailed Answer: 248
7.

Which of the following best describes the activity that involves collecting information used for monitoring and reviewing purposes?

A.

Auditing

B.

Logging

C.

Baselining

D.

Inspecting

Quick Answer: 231

Detailed Answer: 248
8.

Which of the following best describes the unintended consequence of turning on all auditing counters for all objects?

A.

Reduced user productivity

B.

Reduced I/O activity on user machines

C.

Reduced administrative overhead

D.

Reduced server performance

Quick Answer: 231

Detailed Answer: 248
9.

Which of the following would an organization include in its retention and disposal policies? (Select all correct answers.)

A.

Security evaluations

B.

Commercial software manuals

C.

Operational documentation

D.

Vendor user manuals

Quick Answer: 231

Detailed Answer: 249
10.

Which of the following most accurately describes the maintenance of data-retention and storage polices?

A.

Once in place, they are good for many years.

B.

They need to be updated on a monthly basis.

C.

They need to be updated on a quarterly basis.

D.

They need to be updated when business goals change.

Quick Answer: 231

Detailed Answer: 249
11.

An organization does not have a data-retention policy in place when it becomes involved in a lawsuit. Many of the employees have kept emails for a period of up to ten years. As a general rule, which of the following is true about the discovery of these emails?

A.

All are discoverable regardless of time frame or format.

B.

None are discoverable because they are electronic format.

C.

They are discoverable only going back three years.

D.

Only the emails the organization deems necessary are discoverable.

Quick Answer: 231

Detailed Answer: 249
12.

Which of the following are pertinent for an organization to review before formulating data-retention policy? (Select all correct answers.)

A.

ISP requirements

B.

Regulatory requirements

C.

User requirements

D.

Business requirements

Quick Answer: 231

Detailed Answer: 249
13.

Which of the following best describes how settings will actually be applied to an object in a group policy?

A.

Individually applied to the object and only from the last policy

B.

A combination of all the settings that can affect the object

C.

Only from settings within the domain where the object is located

D.

A combination of only local group polices that affect the object

Quick Answer: 231

Detailed Answer: 249
14.

An administrator is attempting to resolve some issue with multiple group policies on several computers. Which of the following tools would be used to script GPO troubleshooting of multiple computers?

A.

Gpupdate

B.

Gpresult

C.

Resultant Set of Policy

D.

Group Policy object

Quick Answer: 231

Detailed Answer: 249
15.

Which of the following tools is used to review the effects of Group Policy settings on a particular computer?

A.

Resultant Set of Policy

B.

Group Policy object

C.

Gpupdate

D.

Local Security settings

Quick Answer: 231

Detailed Answer: 249
16.

An organization is concerned with knowing about any unusual activity that would indicate modification to the local security authority (LSA). Which of the following event categories should be audited?

A.

Audit success events in the account management

B.

Success events in the policy change on domain controllers

C.

Success and failure events in the system events

D.

Audit success events in the logon event category

Quick Answer: 231

Detailed Answer: 250
17.

An organization is concerned with unusual activity indicating that an intruder is attempting to gain access to the network. Which of the following event categories should be audited?

A.

Audit success events in the account management

B.

Success events in the policy change on domain controllers

C.

Success and failure events in the system events

D.

Audit success events in the logon event category

Quick Answer: 231

Detailed Answer: 250
18.

An organization wants to verify changes that are made to user account and group properties. Which of the following event categories should be audited?

A.

Audit success events in the account management

B.

Success events in the policy change on domain controllers

C.

Success and failure events in the system events

D.

Audit success events in the logon event category

Quick Answer: 231

Detailed Answer: 250
19.

An organization wants a record of when each user logs on to or logs off from any computer. Which of the following event categories should be audited?

A.

Audit success events in the account management event

B.

Success events in the policy change on domain controllers

C.

Success and failure events in the system events

D.

Audit success events in the logon event category

Quick Answer: 231

Detailed Answer: 250
20.

An organization wants to verify when users log on to or log off from the domain. Which of the following event categories should be audited?

A.

Audit success events in the account management event

B.

Success events in the policy change on domain controllers

C.

Success events in the account logon on domain controllers

D.

Audit success events in the logon event category

Quick Answer: 231

Detailed Answer: 250
vceplus-200-125    | boson-200-125    | training-cissp    | actualtests-cissp    | techexams-cissp    | gratisexams-300-075    | pearsonitcertification-210-260    | examsboost-210-260    | examsforall-210-260    | dumps4free-210-260    | reddit-210-260    | cisexams-352-001    | itexamfox-352-001    | passguaranteed-352-001    | passeasily-352-001    | freeccnastudyguide-200-120    | gocertify-200-120    | passcerty-200-120    | certifyguide-70-980    | dumpscollection-70-980    | examcollection-70-534    | cbtnuggets-210-065    | examfiles-400-051    | passitdump-400-051    | pearsonitcertification-70-462    | anderseide-70-347    | thomas-70-533    | research-1V0-605    | topix-102-400    | certdepot-EX200    | pearsonit-640-916    | itproguru-70-533    | reddit-100-105    | channel9-70-346    | anderseide-70-346    | theiia-IIA-CIA-PART3    | certificationHP-hp0-s41    | pearsonitcertification-640-916    | anderMicrosoft-70-534    | cathMicrosoft-70-462    | examcollection-cca-500    | techexams-gcih    | mslearn-70-346    | measureup-70-486    | pass4sure-hp0-s41    | iiba-640-916    | itsecurity-sscp    | cbtnuggets-300-320    | blogged-70-486    | pass4sure-IIA-CIA-PART1    | cbtnuggets-100-101    | developerhandbook-70-486    | lpicisco-101    | mylearn-1V0-605    | tomsitpro-cism    | gnosis-101    | channel9Mic-70-534    | ipass-IIA-CIA-PART1    | forcerts-70-417    | tests-sy0-401    | ipasstheciaexam-IIA-CIA-PART3    | mostcisco-300-135    | buildazure-70-533    | cloudera-cca-500    | pdf4cert-2v0-621    | f5cisco-101    | gocertify-1z0-062    | quora-640-916    | micrcosoft-70-480    | brain2pass-70-417    | examcompass-sy0-401    | global-EX200    | iassc-ICGB    | vceplus-300-115    | quizlet-810-403    | cbtnuggets-70-697    | educationOracle-1Z0-434    | channel9-70-534    | officialcerts-400-051    | examsboost-IIA-CIA-PART1    | networktut-300-135    | teststarter-300-206    | pluralsight-70-486    | coding-70-486    | freeccna-100-101    | digitaltut-300-101    | iiba-CBAP    | virtuallymikebrown-640-916    | isaca-cism    | whizlabs-pmp    | techexams-70-980    | ciscopress-300-115    | techtarget-cism    | pearsonitcertification-300-070    | testking-2v0-621    | isacaNew-cism    | simplilearn-pmi-rmp    | simplilearn-pmp    | educationOracle-1z0-809    | education-1z0-809    | teachertube-1Z0-434    | villanovau-CBAP    | quora-300-206    | certifyguide-300-208    | cbtnuggets-100-105    | flydumps-70-417    | gratisexams-1V0-605    | ituonline-1z0-062    | techexams-cas-002    | simplilearn-70-534    | pluralsight-70-697    | theiia-IIA-CIA-PART1    | itexamtips-400-051    | pearsonitcertification-EX200    | pluralsight-70-480    | learn-hp0-s42    | giac-gpen    | mindhub-102-400    | coursesmsu-CBAP    | examsforall-2v0-621    | developerhandbook-70-487    | root-EX200    | coderanch-1z0-809    | getfreedumps-1z0-062    | comptia-cas-002    | quora-1z0-809    | boson-300-135    | killtest-2v0-621    | learncia-IIA-CIA-PART3    | computer-gcih    | universitycloudera-cca-500    | itexamrun-70-410    | certificationHPv2-hp0-s41    | certskills-100-105    | skipitnow-70-417    | gocertify-sy0-401    | prep4sure-70-417    | simplilearn-cisa    |
http://www.pmsas.pr.gov.br/wp-content/    | http://www.pmsas.pr.gov.br/wp-content/    |