401 SEC+ Exam Guaranteed Pass: Multiple
Questions with Correct Answers Designed to Boost
Academic Performance
An internal audit has detected that a number of archived tapes are missing from secured
storage. There was no recent need for restoration of data from the missing tapes. The
location is monitored by access control and CCTV systems. Review of the CCTV system
indicates that it has not been recording for three months. The access control system shows
numerous valid entries into the storage location during that time. The last audit was six
months ago and the tapes were accounted for at that time. Which of the following could
have aided the investigation?
A. Testing controls
B. Risk assessment
C. Signed AUP
D. Routine audits - -correct ans- -Answer: A
Explanation:
Testing controls come in three types: Technical, Management and Operational.
In this question, the CCTV system has not been recording for three months and no one
noticed. Improved testing controls (regular testing to verify the CCTV system is recording)
would ensure that the CCTV is recording as expected.
The CCTV recordings could have aided the investigation into the missing tapes.
Topic 4, Application, Data and Host Security
Methods to test the responses of software and web applications to unusual or unexpected
inputs are known as:
A. Brute force.
B. HTML encoding.
,C. Web crawling.
D. Fuzzing. - -correct ans- -Answer: D
Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or
random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.
Which of the following application security testing techniques is implemented when an
automated system generates random input data?
A. Fuzzing
B. XSRF
C. Hardening
D. Input validation - -correct ans- -Answer: A
Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or
random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.
Which of the following security concepts identifies input variables which are then used to
perform boundary testing?
A. Application baseline
B. Application hardening
C. Secure coding
D. Fuzzing - -correct ans- -Answer: D
Explanation:
, Fuzzing is a software testing technique that involves providing invalid, unexpected, or
random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.
An attacker crafts a message that appears to be from a trusted source, but in reality it
redirects the recipient to a malicious site where information is harvested. The message is
narrowly tailored so it is effective on only a small number of victims. This describes which
of the following?
A. Spear phishing
B. Phishing
C. Smurf attack
D. Vishing - -correct ans- -Answer: A
Explanation:
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization,
seeking unauthorized access to confidential data. As with the e-mail messages used in
regular phishing expeditions, spear phishing messages appear to come from a trusted
source. Phishing messages usually appear to come from a large and well-known company
or Web site with a broad membership base, such as eBay or PayPal. In the case of spear
phishing, however, the apparent source of the e-mail is likely to be an individual within the
recipient's own company and generally someone in a position of authority.
An administrator is instructed to disable IP-directed broadcasts on all routers in an
organization. Which of the following attacks does this prevent?
A. Pharming
B. Smurf
C. Replay
D. Xmas - -correct ans- -Answer: B
Explanation:
Questions with Correct Answers Designed to Boost
Academic Performance
An internal audit has detected that a number of archived tapes are missing from secured
storage. There was no recent need for restoration of data from the missing tapes. The
location is monitored by access control and CCTV systems. Review of the CCTV system
indicates that it has not been recording for three months. The access control system shows
numerous valid entries into the storage location during that time. The last audit was six
months ago and the tapes were accounted for at that time. Which of the following could
have aided the investigation?
A. Testing controls
B. Risk assessment
C. Signed AUP
D. Routine audits - -correct ans- -Answer: A
Explanation:
Testing controls come in three types: Technical, Management and Operational.
In this question, the CCTV system has not been recording for three months and no one
noticed. Improved testing controls (regular testing to verify the CCTV system is recording)
would ensure that the CCTV is recording as expected.
The CCTV recordings could have aided the investigation into the missing tapes.
Topic 4, Application, Data and Host Security
Methods to test the responses of software and web applications to unusual or unexpected
inputs are known as:
A. Brute force.
B. HTML encoding.
,C. Web crawling.
D. Fuzzing. - -correct ans- -Answer: D
Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or
random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.
Which of the following application security testing techniques is implemented when an
automated system generates random input data?
A. Fuzzing
B. XSRF
C. Hardening
D. Input validation - -correct ans- -Answer: A
Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or
random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.
Which of the following security concepts identifies input variables which are then used to
perform boundary testing?
A. Application baseline
B. Application hardening
C. Secure coding
D. Fuzzing - -correct ans- -Answer: D
Explanation:
, Fuzzing is a software testing technique that involves providing invalid, unexpected, or
random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.
An attacker crafts a message that appears to be from a trusted source, but in reality it
redirects the recipient to a malicious site where information is harvested. The message is
narrowly tailored so it is effective on only a small number of victims. This describes which
of the following?
A. Spear phishing
B. Phishing
C. Smurf attack
D. Vishing - -correct ans- -Answer: A
Explanation:
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization,
seeking unauthorized access to confidential data. As with the e-mail messages used in
regular phishing expeditions, spear phishing messages appear to come from a trusted
source. Phishing messages usually appear to come from a large and well-known company
or Web site with a broad membership base, such as eBay or PayPal. In the case of spear
phishing, however, the apparent source of the e-mail is likely to be an individual within the
recipient's own company and generally someone in a position of authority.
An administrator is instructed to disable IP-directed broadcasts on all routers in an
organization. Which of the following attacks does this prevent?
A. Pharming
B. Smurf
C. Replay
D. Xmas - -correct ans- -Answer: B
Explanation:
