CompTIA security+ certification practice exams, third edition (exam SY0 501)

Dan has worked as a technical editor on a number of certification titles and has authored titles including CompTIA Server+ Certification All-in-One Exam Guide Exam SK0-004 and CompTIA Se

Copyright © 2017 by McGraw-Hill Education All rights reserved Except aspermitted under the United States Copyright Act of 1976, no part of this

publication may be reproduced or distributed in any form or by any means, orstored in a database or retrieval system, without the prior written permission

of the publisher, with the exception that the program listings may be entered,stored, and executed in a computer system, but they may not be reproducedfor publication

McGraw-Hill Education eBooks are available at special quantity discounts touse as premiums and sales promotions or for use in corporate training

programs To contact a representative, please visit the Contact Us page atwww.mhprofessional.com

Information has been obtained by McGraw-Hill Education from sources

believed to be reliable However, because of the possibility of human or

mechanical error by our sources, McGraw-Hill Education, or others,

McGraw-Hill Education does not guarantee the accuracy, adequacy, or

completeness of any information and is not responsible for any errors or

omissions or the results obtained from the use of such information

reverse engineer, reproduce, modify, create derivative works based upon,transmit, distribute, disseminate, sell, publish or sublicense the work or anypart of it without McGraw-Hill Education’s prior consent You may use thework for your own noncommercial and personal use; any other use of thework is strictly prohibited Your right to use the work may be terminated ifyou fail to comply with these terms.

THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION

AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES

AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF ORRESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDINGANY INFORMATION THAT CAN BE ACCESSED THROUGH THEWORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY

DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDINGBUT NOT LIMITED TO IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.McGraw-Hill Education and its licensors do not warrant or guarantee that thefunctions contained in the work will meet your requirements or that its

operation will be uninterrupted or error free Neither McGraw-Hill Educationnor its licensors shall be liable to you or anyone else for any inaccuracy, error

or omission, regardless of cause, in the work or for any damages resultingtherefrom McGraw-Hill Education has no responsibility for the content ofany information accessed through the work Under no circumstances shallMcGraw-Hill Education and/or its licensors be liable for any indirect,

incidental, special, punitive, consequential or similar damages that resultfrom the use of or inability to use the work, even if any of them has beenadvised of the possibility of such damages This limitation of liability shallapply to any claim or cause whatsoever whether such claim or cause arises incontract, tort or otherwise

For my beautiful and wonderful mother, Louisette Lachance – thank you for

being you!

–Daniel Lachance

ABOUT THE AUTHORS

Daniel Lachance, CompTIA Cloud Essentials, CompTIA Server+,

CompTIA A+, CompTIA Network+, CompTIA Security+, MCT, MCSA,MCITP, MCTS, is the owner of Lachance IT Consulting Inc., based in

Halifax, Nova Scotia Dan has delivered technical IT training for a wide

variety of products for more than 20 years He has recorded IT support videosrelated to security and various cloud-computing platforms Dan has

developed custom applications and planned, implemented, troubleshot, anddocumented various network configurations and conducted network securityaudit Dan has worked as a technical editor on a number of certification titles

and has authored titles including CompTIA Server+ Certification All-in-One Exam Guide (Exam SK0-004) and CompTIA Security+ Certification Practice Exams, Second Edition (Exam SY0-401).

When not performing with the Halifax-based cover band Clusterfunk, Danloves being around family and spending time outdoors

Glen E Clarke, CCNA, MCITP, MCSE, MCSD, MCDBA, MCT, CEH,

CHFI, SCNP, CISSO, CompTIA Security+, CompTIA Network+, CompTIAA+, is owner of DC Advanced Technology Training, an IT services company

in Halifax, NS, focusing on providing IT certification training and consulting

on technologies in the fields of networking, security, and programming Glenspends most of his time delivering certified courses on Windows Server, SQLServer, Exchange Server, SharePoint, Visual Basic NET, and ASP.NET.Glen also teaches a number of security-related courses covering topics such

as ethical hacking and countermeasures, computer forensics and

investigation, information systems security officers, vulnerability testing,firewall design, and packet analysis

Glen is an experienced author and technical editor whose published workwas nominated for a Referenceware Excellence Award in 2003 and 2004.Glen has worked on a number of certification titles, including topics on A+

certification, Windows Server certification, Cisco’s CCENT and CCNAcertification, and Network+ and Security+ certification.

When he’s not working, Glen loves to spend quality time with his wife,Tanya, and their four children, Sara, Brendon, Ashlyn, and Rebecca You canvisit Glen online at www.gleneclarke.com or contact him at

glenclarke@dcatt.ca

About the Technical Editor

S Russell Christy is a trainer for New Horizons Computer Learning Center

of Memphis, TN, where he delivers traditional and online classroom learningfor adults, covering a wide variety of products He specializes in web andprint design; Microsoft Office applications; and computer maintenance,

network, and security For nearly 20 years he has deployed new desktops andoperating systems, servers, network hardware, and software, while

simultaneously troubleshooting various hardware and software issues

Russ holds a bachelor’s degree in business administration from the

University of Memphis He has additionally gained industry certifications inCompTIA A+, CompTIA Network+, CompTIA Security+, CompTIA

Server+, MTA Windows Server Administration Fundamentals, NetworkFundamentals, Security Fundamentals, and Windows OS Fundamentals, and

he is a Microsoft Office Specialist 2007 Master, Microsoft Office Specialist

2013 Master, Adobe Certified Expert Dreamweaver CS6, and Adobe

Education Trainer

Becoming a CompTIA Certified IT

Professional Is Easy

It’s also the best way to reach greater professional opportunities and rewards

Why Get CompTIA Certified?

Growing Demand

Labor estimates predict some technology fields will experience growth ofmore than 20% by the year 2020 (Source: CompTIA 9th Annual InformationSecurity Trends study: 500 U.S IT and Business Executives Responsible forSecurity.) CompTIA certification qualifies the skills required to join thisworkforce

Universal Skills

CompTIA certifications are vendor neutral—which means that certified

professionals can proficiently work with an extensive variety of hardware andsoftware found in most organizations

Learn More:

Certification.CompTIA.org/securityplus

CompTIA Disclaimer

© 2016 CompTIA Properties, LLC, used under license by CompTIA

Certifications, LLC All rights reserved All certification programs and

education related to such programs are operated exclusively by CompTIACertifications, LLC CompTIA is a registered trademark of CompTIA

Properties, LLC in the U.S and internationally Other brands and companynames mentioned herein may be trademarks or service marks of CompTIAProperties, LLC or of their respective owners Reproduction or dissemination

of this courseware sheet is prohibited without written consent of CompTIAProperties, LLC Printed in the U.S 02544-Mar2016

The logo of the CompTIA Approved Quality Curriculum Program and thestatus of this or other training material as “Approved” under the CompTIAApproved Curriculum Program signifies that, in CompTIA’s opinion, suchtraining material covers the content of CompTIA’s related certification exam

CompTIA has not reviewed or approved the accuracy of the contents of thistraining material and specifically disclaims any warranties of merchantability

or fitness for a particular purpose CompTIA makes no guarantee concerningthe success of persons using any such “Approved” or other training material

in order to prepare for any CompTIA certification exam

CONTENTS AT A GLANCE

1 Networking Basics and Terminology

2 Introduction to Security Terminology

3 Security Policies and Standards

4 Types of Attacks

5 System Security Threats

6 Mitigating Security Threats

7 Implementing System Security

8 Securing the Network Infrastructure

9 Wireless Networking and Security

16 Disaster Recovery and Business Continuity

17 Introduction to Computer Forensics and Incident Response

18 Security Assessments and Audits

19 Understanding Monitoring and Auditing

A Pre-assessment Exam

B About the CD-ROM

Acknowledgments

Introduction

Exam Readiness Checklist

1 Networking Basics and Terminology

Quick Answer Key

ACKNOWLEDGMENTS

would like to make known the stellar team that contributed to this

book’s existence All of the following people were given raw materialsthat were forged into a refined product—this book

The dedication of the skilled staff at McGraw-Hill Education cannot be

overstated: Hilary Flood, Amy Stonebraker, Claire Yee, Jim Kussow, and theentire crew that were involved with this project from beginning to end—thank you! In addition, my thanks go to Anju Joshi at Cenveo for managingall of the production phases, and I also appreciate the watchful copy editingeyes of Lisa Theobald, who made this book flow To my son Roman

Lachance—thanks for the great security discussions that made this book amuch better product! To my superb technical editor, Russ Christy, your

attention to detail always amazes me and contributes greatly to our workprojects—thanks Russ!

Last and certainly not least, thanks are due to our household for tolerating

my endless work hours—my beautiful better half, Stacey, and Roman,

Trinity, Raylee, Stasia, Zoey, and the dogs, Dori and Bailey—I love you all!

–Daniel Lachance

The CompTIA Security+ Exam (Exam SY0-501)

The CompTIA Security+ certification exam is a vendor-neutral exam thatvalidates your skills in risk identification and management, the application ofphysical and digital security controls for devices and networks, disaster

recovery, and the adherence to rules set forth by legal and regulatory bodies.This certification is aimed at individuals with a minimum of two years ofexperience in IT administration focusing on security

The CompTIA Security+ exam consists of six domains (categories)

CompTIA represents the relative importance of each domain within the body

of knowledge required for an entry-level IT professional taking this exam

Your CompTIA Security+ certification is valid for three years from thedate you are certified, after which you must take the most current version ofthe exam to keep your certification Detailed information regarding the

CompTIA Security+ certification and exam is available at www.comptia.org

In This Book

The objective of this book is to prepare you for the CompTIA Security+

exam by familiarizing you with the technology and body of knowledge tested

on the exam Because the primary focus of this book is to help you pass thetest, we don’t always cover every aspect of the related technology Someaspects of the technology are covered only to the extent necessary to help youunderstand what you need to know to pass the exam, but we hope this bookwill serve you as a valuable professional resource after your exam as well

CompTIA Security+ Certification Practice Exams, Third Edition (Exam SY0-501), provides a battery of practice test questions organized by the

official exam objectives The 19 chapters contain more than 700 questionsthat cover all the objectives for the SY0-501 exam Additionally, the

accompanying media contains 300-plus questions in a customizable test

engine that enables you to take three full practice exams in a simulated

testing environment or customized exams by chapter or exam domain

This book was developed and written in conjunction with the CompTIA Security+ Certification Study Guide, Third Edition (Exam SY0-501), by Glen

E Clarke The order the objectives are presented in is identical, as are thechapter titles These books were designed to work together as a

comprehensive program for self-study

Pre-assessment Exam

This book features a assessment exam in Appendix A The

pre-assessment exam will gauge your areas of strength and weakness so you cantailor your studies based on your needs We recommend that you take thepre-assessment test before starting the questions in Chapter 1

In Every Chapter

This book is organized in such a way as to serve as an in-depth review for theCompTIA Security+ exam for both experienced IT security professionals andnewcomers to security technologies Each chapter covers a major aspect ofthe exam, with practice questions to test your knowledge of specific examobjectives The SY0-501 exam will present you with some performance-based questions that will test your ability to carry out a task to solve a

problem This could be in the form of typing in a command, placing networkdevices in the correct positions on a network map, or matching terms withdefinitions

Each chapter contains components that call your attention to importantitems and reinforce salient points Take a look at what you’ll find in everychapter:

Every chapter begins with certification objectives, a list of the official

CompTIA exam objectives covered in that chapter

Practice questions, similar to those found on the actual exam, are

included in every chapter By answering these questions, you’ll testyour knowledge while becoming familiar with the structure of the

exam questions

The Quick Answer Key section follows the questions and enables you

easily to check your answers

In-Depth Answers at the end of every chapter include explanations for

the correct and incorrect answer choices and provide an opportunity forreviewing the exam topics

Practice Exams

In addition to the 700 questions included in this book, more than 300

questions are included in the customizable test engine on the accompanyingmedia You can create practice exams by objective or by chapter, or you cantake full-length practice exams Like the questions in the chapters, these

practice exams also include detailed explanations for the correct and incorrectanswer choices For more information about the accompanying media, pleasesee Appendix B

Strategies for Use

You can use this book a variety of ways, whether simultaneously with the

CompTIA Security+ Certification Study Guide, Third Edition, or as a

stand-alone test prep tool

With the Study Guide: Taking a chapter-by-chapter approach, you can opt to read a Study Guide chapter and then practice what you have learned with the questions in the corresponding Practice Exams

chapter, alternating between books throughout your course of study

The Practice Exams book alone: Using the Practice Exams book after you have read the Study Guide, or as a stand-alone test prep tool, you

can work through the book cover to cover and take the three practiceexams as the final step in your preparation

Alternatively, by means of the “Exam Readiness Checklist” in the nextsection, you can gauge your level of expertise and determine which

objectives to focus on and then work through the book by objectives Thechecklist notes which questions pertain to which objectives, allowing you totailor your review

Exam Readiness Checklist

This “Exam Readiness Checklist” has been constructed to enable you to

reference the official CompTIA Security+ objectives and refer to the order inwhich these objectives are covered in this book You can use this checklist togauge your level of expertise on each exam objective at the outset of yourstudies This will enable you to check your progress and make sure you spendthe time you need on more difficult or unfamiliar sections The objectives arelisted as CompTIA has presented them with the corresponding book chapterand question number reference

QUESTIONS

Computer networks consist of many moving parts Mastering the relatedterms and their meanings is the first stepping stone that ultimately leads tosecuring a network and its digital assets properly

Internet Protocol version 4 (IPv4) and the newer IPv6 are the protocolfoundation on which network services are available Network services such

as Domain Name System (DNS) and Simple Network Management Protocol(SNMP) use different port numbers that uniquely identify them Clients

connect to these unique port numbers when accessing network services

Because firewalls could block this traffic, you must know which port is used

by which network service

1. Which network device transmits data between different networks by

examining the destination network address in a packet?

3. A busy web site has not been responding well because of the large

volumes of HTTP connections to the web server Which solution wouldincrease web server performance?

A Add more RAM to the web server

B Install two web servers hosting the same content Configure a loadbalancer to distribute incoming HTTP connections between the two

web servers.

C Place a router between the web server and the Internet to throttleincoming HTTP connections

D Enable SSL on the web server

4. Which router security feature drops inbound traffic with a forged sourceaddress of an internal network?

A Stateful packet inspection

B Stateless packet inspection

C Anti-malware

D Anti-spoofing

5. Refer to the diagram in Figure 1-1 You would like to prevent clientrequests from being serviced by busier back-end servers Which loadbalancer scheduling algorithm should you configure?

6. Your web application consists of two back-end servers fronted by a loadbalancer As client requests come in you would like the first request to

be sent to the first server, the next request to the second, and so on, in acircular pattern Which load balancer scheduling algorithm should youconfigure?

company web site ordering system She suggests having two load

balancers configured, with only one in service at a given time Whattype of load balancing configuration has Raylee described?

balancer is down, what attribute does it take control of?

A Load balancer MAC address

B Load balancer IP address

C First back-end server MAC address

D First back-end server IP address

9. Which of the following statements regarding router ACLs is true?

A Rules are processed in a top-down fashion

B Rules are processed in a bottom-up fashion

C The first rule should be a deny-all rule

D The last rule should be an allow-all rule

10. When writing router ACL rules, which general guideline should befollowed?

A Do not allow traffic based on IP addresses

B Do not block traffic based on IP addresses.

C The first rule should be a deny-all rule

D The last rule should be a deny-all rule

11. Your network requires routers that can block traffic based on the MACaddress What type of ACL rule support must routers support?

A Layer 1

B Layer 2

C Layer 3

D Layer 4

12. Figure 1-2 shows router ACL rules for router 1 User DNS queries must

be able to pass through router 1 Which statements regarding this

configuration are correct? (Choose two.)

FIGURE 1-2

Router ACL rules

A User DNS queries will go through router 1

B DNS server replication traffic will go through router 1

C User SSH traffic will go through router 1

D SMTP server messages will go through router 1

13. As part of a network security team, you need to capture network

transmissions to and from all hosts on an Ethernet network switch.However, after plugging into switch port 24 and beginning a packet-capturing session, you see only broadcast and multicast transmissionsfrom other hosts What must you do?

A Plug into switch port 1

B Plug a hub into switch port 24, and plug your station into the hub

C Configure switch port monitoring on port 24

D Configure switch port monitoring on port 1

14. Which type of network device results in additional broadcast domains?

of network bandwidth?

A Place IT staff stations and the servers on their own VLAN

B Place server 1 and server 2 on separate VLANs

C Place a router between IT staff stations and the servers

D Place a switch between IT staff stations and the servers

16. Which of the following is Telnet used for?

A Verifying routers in a transmission path

B Performing encrypted remote command-line management

C Performing clear-text remote command-line management

D Forcing the retrieval of operating system updates

17. Zoey, your assistant, has captured network traffic on your LAN for a hour period, as shown in Figure 1-3 You would like to view networktraffic related to users connecting to web sites Which protocol in theprotocol column should you filter by?

FIGURE 1-4

Network requirements and devices

20. Your wiring closet consists of three 24-port Ethernet switches all linkedtogether Computers from the Accounting department are plugged intoeach Ethernet switch, as are computers from the Research department.Your manager asks you to ensure that computers in the Accountingdepartment are on a network different from computers in the Researchdepartment What could you do? (Choose two.)

A Replace the Ethernet switches with Ethernet hubs

B Configure all Accounting computers on the same TCP/IP subnet(e.g., 192.268.2.0 /24) and configure all Research computers ontheir own TCP/IP subnet (e.g., 192.168.3.0 /16)

C Configure an Accounting VLAN that includes the Accountingcomputers and a Research VLAN that includes the Research

computers

D Configure all Accounting computers on the same TCP/IP subnet(e.g., 192.168.2.0 /24) and configure all Research computers ontheir own TCP/IP subnet (e.g., 192.168.3.0 /24)

21. What type of address is fe80::dca6:d048:cba6:bd06?

A It resolves NetBIOS computer names to IP addresses

B Client-to-server queries use TCP port 53

C It resolves FQDNs to IP addresses

D Given an IP address, DNS can return an FQDN

23. Which protocol uses TCP port 443?

A FTPS

B HTTP

C HTTPS

D SSH

24. You are troubleshooting TCP/IP settings on a workstation The

workstation IP address is 10.17.6.8/24, the DNS server setting is set to199.126.129.86, and the default gateway setting is 10.17.5.6./24 Therouter has a public IP address of 199.126.129.76/24 and a private

internal IP address of 10.17.5.6/24 This workstation is the only station

on the network that cannot connect to the Internet What should you do?

A Change the DNS server setting to 10.17.5.6

B Change the router private internal IP address to 10.17.6.6

C Change the workstation IP address to 10.17.5.8

D Change the default gateway setting to 199.126.129.76

25. You need a server to store router configuration files The server must notrequire a username or password Which type of server is the best choice?

A Windows file server

32. Your Vancouver users cannot connect to a corporate web server housed

in Seattle, but they can connect to Internet web sites The network

technicians in Seattle insist the web server is running because Seattleusers have no problem connecting to the Seattle web server From theVancouver network, you ping the Seattle web server but do not get areply Which tool should you use next?

A tracert

B ipconfig

C Telnet

D HTTP

33. A workstation has an IP address of 169.254.46.86 The server

administrators realize the DHCP service is offline, so they start the

DHCP service What command should be used next on the workstation

to immediately obtain a valid TCP/IP configuration?

A Disable unused ports and assign MAC addresses to enabled ports.

B Disable unused ports and configure enabled ports for half-duplex

C Disable unused ports and configure additional VLANs

D Disable unused ports and configure enabled ports for full-duplex

35. You are attempting to connect to one of your user’s computers usingRDP but cannot get connected A new firewall has been installed onyour network Which port must be opened on the firewall to allow RDPtraffic?

A 143

B 389

C 3389

D 443