401 SEC+ Exam Guaranteed Pass: Expert-Verified
Questions with In-Depth Answer Analysis from
Esteemed Educators Worldwide
During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the
following should be disabled to mitigate this risk? (Select TWO).
A. SSL 1.0
B. RC4
C. SSL 3.0
D. AES
E. DES
F. TLS 1.0 - -correct ans- -Answer: A,F
Explanation:
TLS 1.0 and SSL 1.0 both have known vulnerabilities and have been replaced by later versions.
Any systems running these ciphers should have them disabled.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic
protocols designed to provide communications security over a computer network. They use
X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with
whom they are communicating, and to exchange a symmetric key. This session key is then used
to encrypt data flowing between the parties. This allows for data/message confidentiality, and
message authentication codes for message integrity and as a by-product, message
authentication
Netscape developed the original SSL protocol. Version 1.0 was never publicly released because
of serious security flaws in the protocol; version 2.0, released in February 1995, "contained a
number of security flaws which ultimately led to the design of SSL version
3.0".
TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0. As stated
in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are
significant enough to preclude interoperability between TLS 1.0 and SSL 3.0". TLS 1.0 does
,include a means by which a TLS implementation can downgrade the connection to SSL 3.0, thus
weakening security.
TLS 1.1 and then TLS 1.2 were created to replace TLS 1.0.
A security administrator needs to determine which system a particular user is trying to login to
at various times of the day. Which of the following log types would the administrator check?
A. Firewall
B. Application
C. IDS
D. Security - -correct ans- -Answer: D
Explanation:
The security log records events such as valid and invalid logon attempts, as well as events
related to resource use, such as the creating, opening, or deleting of files. For example, when
logon auditing is enabled, an event is recorded in the security log each time a user attempts to
log on to the computer. You must be logged on as Administrator or as a member of the
Administrators group in order to turn on, use, and specify which events are recorded in the
security log.
A security technician is attempting to improve the overall security posture of an internal mail
server. Which of the following actions would BEST accomplish this goal?
A. Monitoring event logs daily
B. Disabling unnecessary services
C. Deploying a content filter on the network
D. Deploy an IDS on the network - -correct ans- -Answer: B
Explanation:
One of the most basic practices for reducing the attack surface of a specific host is to disable
unnecessary services. Services running on a host, especially network services provide an avenue
through which the system can be attacked. If a service is not being used, disable it.
, A vulnerability assessment indicates that a router can be accessed from default port 80 and
default port 22. Which of the following should be executed on the router to prevent access
via these ports? (Select TWO). A. FTP service should be disabled
B. HTTPS service should be disabled
C. SSH service should be disabled
D. HTTP service should disabled
E. Telnet service should be disabled - -correct ans- -Answer: C,D
Explanation:
Port 80 is used by HTTP. Port 22 is used by SSH. By disabling the HTTP and Telnet services, you
will prevent access to the router on ports 80 and 22.
The security administrator is analyzing a user's history file on a Unix server to determine if the
user was attempting to break out of a rootjail. Which of the following lines in the user's history
log shows evidence that the user attempted to escape the rootjail? A. cd ../../../../bin/bash
B. whoami
C. ls /root
D. sudo -u root - -correct ans- -Answer: A
Explanation:
On modern UNIX variants, including Linux, you can define the root directory on a perprocess
basis. The chroot utility allows you to run a process with a root directory other than /.
The root directory appears at the top of the directory hierarchy and has no parent: A process
cannot access any files above the root directory (because they do not exist). If, for example,
yourun a program (process) and specify its root directory as /home/sam/jail, the program would
have no concept of any files in /home/sam or above: jail is the program's root directory and is
labeled / (not jail).
Questions with In-Depth Answer Analysis from
Esteemed Educators Worldwide
During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the
following should be disabled to mitigate this risk? (Select TWO).
A. SSL 1.0
B. RC4
C. SSL 3.0
D. AES
E. DES
F. TLS 1.0 - -correct ans- -Answer: A,F
Explanation:
TLS 1.0 and SSL 1.0 both have known vulnerabilities and have been replaced by later versions.
Any systems running these ciphers should have them disabled.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic
protocols designed to provide communications security over a computer network. They use
X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with
whom they are communicating, and to exchange a symmetric key. This session key is then used
to encrypt data flowing between the parties. This allows for data/message confidentiality, and
message authentication codes for message integrity and as a by-product, message
authentication
Netscape developed the original SSL protocol. Version 1.0 was never publicly released because
of serious security flaws in the protocol; version 2.0, released in February 1995, "contained a
number of security flaws which ultimately led to the design of SSL version
3.0".
TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0. As stated
in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are
significant enough to preclude interoperability between TLS 1.0 and SSL 3.0". TLS 1.0 does
,include a means by which a TLS implementation can downgrade the connection to SSL 3.0, thus
weakening security.
TLS 1.1 and then TLS 1.2 were created to replace TLS 1.0.
A security administrator needs to determine which system a particular user is trying to login to
at various times of the day. Which of the following log types would the administrator check?
A. Firewall
B. Application
C. IDS
D. Security - -correct ans- -Answer: D
Explanation:
The security log records events such as valid and invalid logon attempts, as well as events
related to resource use, such as the creating, opening, or deleting of files. For example, when
logon auditing is enabled, an event is recorded in the security log each time a user attempts to
log on to the computer. You must be logged on as Administrator or as a member of the
Administrators group in order to turn on, use, and specify which events are recorded in the
security log.
A security technician is attempting to improve the overall security posture of an internal mail
server. Which of the following actions would BEST accomplish this goal?
A. Monitoring event logs daily
B. Disabling unnecessary services
C. Deploying a content filter on the network
D. Deploy an IDS on the network - -correct ans- -Answer: B
Explanation:
One of the most basic practices for reducing the attack surface of a specific host is to disable
unnecessary services. Services running on a host, especially network services provide an avenue
through which the system can be attacked. If a service is not being used, disable it.
, A vulnerability assessment indicates that a router can be accessed from default port 80 and
default port 22. Which of the following should be executed on the router to prevent access
via these ports? (Select TWO). A. FTP service should be disabled
B. HTTPS service should be disabled
C. SSH service should be disabled
D. HTTP service should disabled
E. Telnet service should be disabled - -correct ans- -Answer: C,D
Explanation:
Port 80 is used by HTTP. Port 22 is used by SSH. By disabling the HTTP and Telnet services, you
will prevent access to the router on ports 80 and 22.
The security administrator is analyzing a user's history file on a Unix server to determine if the
user was attempting to break out of a rootjail. Which of the following lines in the user's history
log shows evidence that the user attempted to escape the rootjail? A. cd ../../../../bin/bash
B. whoami
C. ls /root
D. sudo -u root - -correct ans- -Answer: A
Explanation:
On modern UNIX variants, including Linux, you can define the root directory on a perprocess
basis. The chroot utility allows you to run a process with a root directory other than /.
The root directory appears at the top of the directory hierarchy and has no parent: A process
cannot access any files above the root directory (because they do not exist). If, for example,
yourun a program (process) and specify its root directory as /home/sam/jail, the program would
have no concept of any files in /home/sam or above: jail is the program's root directory and is
labeled / (not jail).
