CA1-001 CompTIA Advanced Security Practitioner Practice Exam Set 4

Which of the following can monitor any application input, output, and/or system service calls madefrom, to, or by an application?


Options are :

  • Host-based firewall
  • Dynamic firewall
  • Network-based firewall
  • Application firewall

Answer : Host-based firewall

Mark works as a Network Security Administrator for uCertify Inc. Mark has been assigned to a taskto test the network security of the company. He created a webpage to discuss the progress of thetests with employees who were interested in following the test. Visitors were allowed to click on acompany's icon to mark the progress of the test. Mark successfully embeds a keylogger. He alsoadded some statistics on the webpage. The firewall protects the network well and allows strictInternet access. How was security compromised and how did the firewall respond?


Options are :

  • The attack was social engineering and the firewall did not detect it.
  • Security was compromised as keylogger is invisible for firewall.
  • The attack was Cross Site Scripting and the firewall blocked it.
  • Security was not compromised as the webpage was hosted internally.

Answer : The attack was social engineering and the firewall did not detect it.

Which of the following is a deterministic algorithm to generate a sequence of numbers with little orno discernible pattern in the numbers, apart from broad statistical properties?




Options are :

  • Pseudorandom number generator
  • Java Cryptographic Extension
  • Twofish
  • Simple and Protected GSSAPI Negotiation Mechanism

Answer : Pseudorandom number generator

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 4

Maria is concerned about outside parties attempting to access her companies network via thewireless connection. Where should she place the WAP?


Options are :

  • Inside a secure room
  • WAPs should be placed at each corner
  • Centrally in the building
  • In the server room

Answer : Centrally in the building

Which of the following counters measures the rate at which the bytes are sent through or receivedby a network?




Options are :

  • Network Interface: Bytes/sec
  • Network Interface: Bytes Received/sec
  • Network Interface: Bytes Sent/sec
  • Network Interface: Output Queue Length

Answer : Network Interface: Bytes/sec

Which of the following processes is used to ensure that standardized methods and procedures areused for efficient handling of all changes?


Options are :

  • Change Management
  • Exception management
  • Risk Management
  • Configuration Management

Answer : Change Management

FC0-U51 CompTIA IT Fundamentals Certification Exam Set 7

Which of the following security principles would be most helpful in preventing privilege escalation?


Options are :

  • Least privileges
  • Single point of failure
  • Implicit deny
  • Job rotation

Answer : Least privileges

In which of the following phases of the System Development Life Cycle (SDLC) is the IT systemdesigned, purchased, and programmed?




Options are :

  • Disposal
  • Development/Acquisition
  • Operation/Maintenance
  • Initiation

Answer : Development/Acquisition

John is setting up a public web server. He has decided to place it in the DMZ. Which firewallshould have the tightest restrictions?




Options are :

  • On the web server itself
  • Outer end of the DMZ
  • The restrictions should be consistent
  • Inner end of the DMZ

Answer : Inner end of the DMZ

CompTIA Project+ (PK0-004) 5 Practice Test 2019 Set 4

__________ is the concept that disclosure of the long-term secret keying material that is used toderive an agreed key does not compromise the secrecy of agreed keys that had previously beengenerated.




Options are :

  • Diffie-Hellman
  • Perfect forward secrecy
  • Authentication protocol
  • Key exchange protocol

Answer : Perfect forward secrecy

Which of the following terms suggests that the supplier of an application program or systemprovides all the hardware and software components and resources to meet the customersrequirement and no other supplier is required to be involved?


Options are :

  • COTS product
  • Change Management
  • End-to-end solution
  • Collaboration platform

Answer : End-to-end solution

John is hosting several Web sites on a single server. One is an e-commerce site that handlescredit card transactions, while the other sites do not handle credit card data. Does this present asecurity problem, and if so, what?


Options are :

  • The other sites may allow privilege escalation to the e-commerce site
  • Credit card processing requires HIPAA compliance, the other sites do not
  • Credit card processing requires PCI compliance, the other sites do not
  • There is no issue with different types of sites on one server

Answer : Credit card processing requires PCI compliance, the other sites do not

CompTIA Network+ (N10-007) 6 Practice Exams and Simulations Set 1

Which of the following department in an organization is responsible for documenting and thecontrolling the incoming and outgoing cash flows as well as the actual handling of the cash flows?




Options are :

  • Human Resource
  • Financial
  • Stakeholder
  • Management

Answer : Financial

Which of the following governing factors should be considered to derive an overall likelihood ratingthat is used to specify the probability that a potential vulnerability may be exercised within theconstruct of the associated threat environment?Each correct answer represents a complete solution. Choose three.

A. Threat-source motivation and capability

B. Detect a problem and determine its cause

C. Nature of the vulnerability

D. Existence and effectiveness of current controls



Options are :

  • A,B,C
  • B,C,D
  • A,B,D
  • C,D,A

Answer : C,D,A

Which of the following are the main aims of Change Management?Each correct answer represents a complete solution. Choose all that apply.

A. Reduction in back-out activities

B. Economic utilization of resources involved in the change

C. Tracking all of the individual Configuration Items (CI) in an IT system

D. Minimal disruption of services



Options are :

  • C,D,A
  • B,C,D
  • A,B,C
  • A,B,D

Answer : A,B,D

N10-006 CompTIA Network+ Certification Practice Test Set 5

You work as a Security Administrator for uCertify Inc. The company has a TCP/IP based networkand uses the WS-Security service to enable message-level security for Web services. Which ofthe following mechanisms does it describe?Each correct answer represents a complete solution. Choose three.

A. How to attach security tokens to ascertain the identity of sender.

B. How to encrypt SOAP messages to assure confidentiality.

C. How to sign SOAP messages to assure integrity.

D. How to provide a guarantee of security.




Options are :

  • B,C,D
  • C,D,A
  • A,B,C
  • A,D,B

Answer : C,D,A

As a network administrator, if you are experiencing intermittent security issues what is the firstthing you should do?




Options are :

  • Isolate the problem
  • Consider alternative solutions
  • Define a solution
  • Try obvious fixes

Answer : Isolate the problem

Mark, a malicious hacker, submits Cross-Site Scripting (XSS) exploit code to the Website of theInternet forum for online discussion. When a user visits the infected Web page, the code getsautomatically executed and Mark can easily perform acts such as account hijacking, history theft,etc. Which of the following types of cross-site scripting attacks does Mark intend to perform?


Options are :

  • Document Object Model (DOMJ
  • SAX
  • Non-persistent
  • Persistent

Answer : Persistent

CompTIA Security+ (SY0-501) Practice Exams with Simulations Set 1

Continuous Monitoring is the fourth phase of the Security Certification and Accreditation process,which of the following activities can be involved in the Continuous Monitoring process?Each correct answer represents a complete solution. Choose three.

A. Security control monitoring

B. Status reporting and documentation

C. Configuration Management and Control

D. Network impact analysis



Options are :

  • A,B,C
  • C,D,A
  • B,C,D
  • A,B,D

Answer : A,B,C

You are working in an organization, which has a TCP/IP based network. Each employee reportsyou whenever he finds a problem in the network and asks you to debug the problem, what is yourdesignation in the organization?


Options are :

  • Network administrator
  • Database administrator
  • Facility manager
  • Stakeholder

Answer : Network administrator

Which of the following are the primary rules to apply RBAC-based delegation for a user on anetwork? Each correct answer represents a complete solution. Choose all that apply.

A. Authorization of Role

B. Assignment of Roles

C. Assignment of Permission

D. Authorization of Permission



Options are :

  • A,B,D
  • C,D,A
  • B,C,D
  • A,B,C

Answer : A,B,D

CompTIA JK0-801 A+ Laptops Printers and Operational Exam Set 2

Which of the following statements best describe the responsibilities of a facility manager in anorganization? Each correct answer represents a complete solution. Choose three.

A. Analyze and manage project in order to provide desired output in given deadlines.

B. Develop written physical security plans for critical infrastructures.

C. Improve current activities with minimum interruption for excellent result.

D. Make an attractive plan with the help of different business strategies.



Options are :

  • B,C,D
  • C,D,A
  • A,B,C
  • A,B,D

Answer : C,D,A

Which of the following Web sites provides a virtual community where people with a shared interestcan communicate and also can post their thoughts, ideas, and anything else and share it with theirfriends?


Options are :

  • Social networking site
  • E-commerce site
  • Internet forum
  • Blog

Answer : Social networking site

You are responsible for evaluating, recommending, and directing changes to the CorporateSecurity Manager in order to ensure the security of assets, facilities, and employees of theorganization. What is your designation?


Options are :

  • Network administrator
  • Facility manager
  • Physical security manager
  • HR manager

Answer : Physical security manager

CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 5

The help desk is flooded with calls from users who receive an e-mail warning about a new virus.The e-mail instructs them to search and delete a number of files from their systems. Many of themattempt to reboot the systems after deleting the specified files and find that the systems are notrebooting properly, which of the following types of attacks has occurred?




Options are :

  • Hoax
  • Pharming
  • Phishing
  • Spam

Answer : Hoax

PFS depends on which type of following encryption?

A.



Options are :

  • Asymmetric
  • Classic
  • Secret
  • Symmetric

Answer : Asymmetric

Which of the following is the process of digitally signing executables and scripts to confirm thesoftware author and guarantee that the code has not been altered or corrupted since it was signedby use of a cryptographic hash?


Options are :

  • Entropy
  • Code signing
  • Hashing
  • Non-repudiation

Answer : Code signing

CompTIA JK0-022 Security Cryptography Certification Exam Set 9

Which of the following is a key agreement protocol that allows two users to exchange a secret keyover an insecure medium without any prior secrets?




Options are :

  • One-way encryption
  • XML encryption
  • SecureFiles Encryption
  • Diffie-Hellman encryption

Answer : Diffie-Hellman encryption

Which of the following attacks are computer threats that try to exploit computer applicationvulnerabilities that are unknown to others or undisclosed to the software developer?


Options are :

  • FMS
  • Buffer overflow
  • Zero-day
  • Spoofing

Answer : Zero-day

Which of the following is a legal contract between at least two parties that outlines confidentialmaterials or knowledge the parties wish to share with one another for certain purposes, but wish torestrict access to?


Options are :

  • SLA
  • OLA
  • NDA
  • SA

Answer : NDA

CompTIA JK0-022 Security Cryptography Certification Exam Set 2

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions