A security administrator wants to check user password complexity.

 A security administrator wants to check user password complexity.

362. Which of the following is a hardware based encryption device?

·        

A. EFS
B. TrueCrypt
C. TPM
D. SLE

·         TPM (Trusted Platform Module)

361. Certificates are used for: (Select TWO)

·        

A. Client authentication.
B. WEP encryption.
C. Access control lists.
D. Code signing.
E. Password hashing.

·         Client authentication.
D. Code signing.

360. A security administrator wants to check user password complexity. Which of the following is the
BEST tool to use?

·        

A. Password history
B. Password logging
C. Password cracker
D. Password hashing

·         C. Password cracker

CompTIA:

An organization hires you to test an application that you have limited knowledge of. You are given a login to the application but do not have access to the source code. What type of test are you running?

·        

A. White-box
B. Black-box
C. SDLC
D. Graybox

·         D. Graybox

359. Which of the following can be used by a security administrator to successfully recover a user's
forgotten password on a password protected file?

·        

A. Cognitive password
B. Password sniffing
C. Brute force
D. Social engineering

·         C. Brute force

358. Which of the following application security testing techniques is implemented when an automated
system generates random input data?

·        

A. Fuzzing
B. XSRF
C. Hardening
D. Input validation

·         Fuzzing

357. Which of the following devices would MOST likely have a DMZ interface?

·        

A. Firewall
B. Switch
C. Load balancer
D. Proxy

·         Firewall

356. Employee badges are encoded with a private encryption key and specific personal information.
The encoding is then used to provide access to the network. Which of the following describes this
access control type?

·        

A. Smartcard
B. Token
C. Discretionary access control
D. Mandatory access control

·         Smartcard

355. Which of the following MUST be updated immediately when an employee is terminated to prevent
unauthorized access?

·        

A. Registration
B. CA
C. CRL
D. Recovery agent

·         C. CRL (Certificate Revocation List)

354. A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check?

·        

A. Firewall
B. Application
C. IDS
D. Security

·         D. Security

353. Which of the following would be used when a higher level of security is desired for encryption key
storage?

·        

A. TACACS+
B. L2TP
C. LDAP
D. TPM

·         D. TPM (Trusted Platform Module)

352. In regards to secure coding practices, why is input validation important?

·        

A. It mitigates buffer overflow attacks.
B. It makes the code more readable.
C. It provides an application configuration baseline.
D. It meets gray box testing standards.

·         It mitigates buffer overflow attacks.