Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

TruSecure TU0-001 Exam -

Free TU0-001 Sample Questions:

1. Which is the best example of "The Principle of Least Privilege"?
A. Users can access their own files.
B. Users cannot access their own files.
C. No one can come into a network from the outside.
D. The number of users with system administrator privileges is minimized.
Answer: D

2. Which is an example of synergistic security (defense in depth)?
A. two firewalls in parallel for redundancy
B. a firewall in series with a screening router
C. having different types of firewalls on a network
D. security controls that cover inside abuse, hacking, viruses, and downtime
Answer: B

3. What is true about one-time passwords?
A. They are frequently token based.
B. They do not really improve security.
C. They allow a user to log in with any password, but only once.
D. They require a user to change their password after every login.
Answer: A

4. What most effectively prevents IP address spoofing?
A. personal firewall
B. Network Address Translation
C. egress filtering at the router
D. IP addresses created by a DHCP server
Answer: C

5. Which document is used by employers to explain what employees can do with office computers?
A. Security Policy
B. File Permissions
C. Access Control List
D. Acceptable Use Policy
Answer: D

6. Which three procedures are critical to maintaining an effective security policy? (Choose three.)
A. test
B. patch
C. install
D. backup
Answer: ABD

7. The documents meant to explain allowed and denied behavior to end users should ______ .
A. describe the security countermeasures in place
B. describe the consequences of breaking the rules
C. describe the enterprise's assets being protected
D. be flexible enough to allow users to access personal email accounts
Answer: B

8. You know of a simple, inexpensive, non-infringing security control. It would protect your sensitive transaction server and its information from about 70-80% of the most common and persistent malicious hacking attacks.
The use of this control in conjunction with other control would _____.
A. make sense as a synergistic control
B. suggest a lack of understanding of defense in depth
C. be insufficient because it would fail 20-30% of the time
D. make sense as the primary control for the threat category
E. represent a lack of sound security architecture and design
Answer: A

9. Your network administrator is a significant contributor to a major new product launch from your software company. You have just been informed that he is being terminated.
What should his manager do?
A. go to his desk, tell him he is immediately terminated, and escort him out
B. call him to your office, tell him he is immediately terminated, and escort him out
C. call him to your office, give him a two-week termination notice, and let him return to work
D. change all of the passwords and when asked why he cannot log in explain that he is being terminated
E. go to his desk, tell him he will be terminated after the software launch, and remove his remote access privileges
Answer: B

10. Your organization stores sensitive medical records on a centrally managed database. Most employees need access to different parts of this information. Access control rules are in place to allow appropriate access to the information.
What is most likely to have the largest protective benefit in preventing an employee from gaining information the employee does not have the authority to access?
A. very strong, random passwords
B. aggressive network segmentation using switches instead of hubs
C. hardening the system against common hacking tools and attacks
D. password protected screen savers with timeouts installed on desktops
E. aggressive use of internal firewalls to separate populations of users according to job function
Answer: D

11. How do you most effectively prevent social engineering attacks?
A. You log requests for sensitive data.
B. You never divulge sensitive data to anyone.
C. You authenticate requests for sensitive data.
D. You do not accept outside requests for sensitive data.
Answer: C

12. What is the most likely source of social engineering attacks?
A. office employees
B. maintenance workers
C. hackers in foreign countries
D. purported IT support people on the phone
Answer: D

13. During the workday you receive a phone call from the support desk. What is the most effective way to verify the identity of the individual on the other end of the phone?
A. call them back
B. have them email you
C. ask them their birth date
D. ask them their logon password
Answer: A

14. You are working on the help desk. Users call, complaining that they have forgotten their password.
What is your most secure response?
A. call the users' supervisor to confirm that they still work at the company
B. require them to see you in person and show their company identification
C. reset their password to a default password and force them to change it upon login
D. confirm their identity over the phone by asking for their mother's maiden name or personal ID number
Answer: B

15. According to TruSecure, the likelihood that a security event will happen in a given time span or the rate is called a/an _____.
A. threat
B. attack
C. exploit
D. vulnerability
Answer: A

16. Which is the least sensitive information?
A. browser cookies
B. a CEO's personal public key
C. non-administrative passwords
D. employee addresses and phone numbers
Answer: B

17. Which is the most essential element of risk analysis?
A. understanding the most common threats
B. auditing passwords for common dictionary words
C. identifying all possible ways that hackers might attack your systems
D. having a strategy for stopping the majority of possible threats no matter how unlikely
Answer: A

18. Which is TruSecure/ICSA Lab's risk equation?
A. Risk = Threat / Vulnerability + Cost
B. Risk = Threat x Vulnerability x Cost
C. Risk = Threat x Vulnerability + Cost
D. Risk = (Threat - Vulnerability) x Cost
Answer: B

19. How can most Internet attacks be prevented?
A. using IPSec VPNs
B. fixing well-known vulnerabilities
C. programming in assembly language or C
D. not transmitting credit card numbers in the clear
Answer: B

20. Which statement about vulnerability assessment tools is true?
A. They reveal all important vulnerabilities on a network.
B. They assess a lack of proper configuration and maintenance.
C. They are most effective when directed at a firewall or a Web server.
D. They close holes exploited by password stealers and Trojan horses.
Answer: B

21. When should you run a vulnerability assessment tool?
A. during new system builds
B. after administrative changes
C. during regular business hours
D. before implementing known patches
Answer: B

22. What is a common problem with vulnerability assessment tools?
A. They report CVE numbers.
B. They commonly miss old vulnerabilities.
C. They do not detect host-based vulnerabilities.
D. They are prone to report false-positive results.
Answer: D

23. 802.11b wireless networks _____.
A. do not allow for encryption
B. require Ethernet interfaces
C. automatically detect intrusions
D. can be monitored from outside a building
Answer: D

24. An adversary with unrestricted physical access to a system ______.
A. may overwrite sensitive read-only media
B. must be presumed to have full access to that system
C. will be thwarted if screen savers and tokens are in use
D. must log in to preserve and copy any existing cached certificates
Answer: B

25. What is the most common motivation for computer break-ins?
A. money
B. revenge
C. political
D. recognition
Answer: D

26. Which is NOT an attack?
A. SYN flood
B. port scanning
C. website crawling
D. unauthorized access
Answer: C

27. Which three could be used by someone launching a social engineering attack? (Choose three.)
A. web pages
B. DNS information
C. CPU serial numbers
D. TCP sequence numbers
E. Security and Exchange Commission fillings
Answer: ABE

28. How do you fix buffer overflow vulnerabilities?
A. quality coding practices
B. two-factor authentication
C. proper administration of the application
D. entering a null character at the end of all input
Answer: A

29. Which statement about "security by obscurity" is true?
A. Security by obscurity is a people problem.
B. Security by obscurity is a rarely used practice.
C. Depending solely on security by obscurity is dangerous.
D. Security by obscurity has no place in computer security.
Answer: C

30. Which three are protocols or services used for authentication functions? (Choose three.)
Answer: BCE

© 2014, All Rights Reserved