CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 1

A database administrator comes across the below records in one of the databases during aninternal audit of the payment system:UserIDAddressCredit Card No.Passwordjsmith123 fake street55XX-XXX-XXXX-1397Password100jqdoe234 fake street42XX-XXX-XXXX-202717DEC12From a security perspective, which of the following should be the administrator’s GREATESTconcern, and what will correct the concern?
Options are :
  • Concern: Passwords are stored in plain text. Correction: Require a minimum of 8 alphanumeric characters and hash the password. (Correct)
  • Concern: User IDs are also usernames, and could be enumerated, thereby disclosing sensitive account information. Correction: Require user IDs to be more complex by using alphanumeric characters and hash the UserIDs.
  • Concern: User IDs are confidential private information. Correction: Require encryption of user IDs.
  • Concern: More than four digits within a credit card number are stored. Correction: Only store the last four digits of a credit card to protect sensitive financial information.

Answer : Concern: Passwords are stored in plain text. Correction: Require a minimum of 8 alphanumeric characters and hash the password.

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 7

A network security engineer would like to allow authorized groups to access network devices witha shell restricted to only show information while still authenticating the administrator's group to anunrestricted shell. Which of the following can be configured to authenticate and enforce these shellrestrictions? (Select TWO).A. Single Sign OnB. Active DirectoryC. KerberosD. NIS+E. RADIUSF. TACACS+
Options are :
  • E,D
  • E,B
  • D,F
  • E,F (Correct)

Answer : E,F

A health service provider is considering the impact of allowing doctors and nurses access to theinternal email system from their personal smartphones. The Information Security Officer (ISO) hasreceived a technical document from the security administrator explaining that the current emailsystem is capable of enforcing security policies to personal smartphones, including screen lockoutand mandatory PINs. Additionally, the system is able to remotely wipe a phone if reported lost orstolen. Which of the following should the Information Security Officer be MOST concerned withbased on this scenario? (Select THREE).A. The email system may become unavailable due to overload.B. Compliance may not be supported by all smartphones.C. Equipment loss, theft, and data leakage.D. Smartphone radios can interfere with health equipment.E. Data usage cost could significantly increase.F. Not all smartphones natively support encryption.G. Smartphones may be used as rogue access points
Options are :
  • B,C,F (Correct)
  • D,C,F
  • B,C,A
  • B,C,G

Answer : B,C,F

In order for a company to boost profits by implementing cost savings on non-core businessactivities, the IT manager has sought approval for the corporate email system to be hosted in thecloud. The compliance officer has been tasked with ensuring that data lifecycle issues are takeninto account. Which of the following BEST covers the data lifecycle end-to-end?
Options are :
  • Information classification, vendor selection, and the RFP process
  • Securing virtual environments, appliances, and equipment that handle email
  • Data provisioning, processing, in transit, at rest, and de-provisioning (Correct)
  • Creation and secure destruction of mail accounts, emails, and calendar items

Answer : Data provisioning, processing, in transit, at rest, and de-provisioning

CompTIA JK0-019 E2C Network Media & Topologies Practice Exam Set 2

A Physical Security Manager is ready to replace all 50 analog surveillance cameras with IPcameras with built-in web management. The Security Manager has several security guard deskson different networks that must be able to view the cameras without unauthorized people viewingthe video as well. The selected IP camera vendor does not have the ability to authenticate users atthe camera level. Which of the following should the Security Manager suggest to BEST secure thisenvironment?
Options are :
  • Create an IP camera network and only allow SSL access to the cameras.
  • Create an IP camera network and deploy NIPS to prevent unauthorized access.
  • Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras. (Correct)
  • Create an IP camera network and restrict access to cameras from a single management host.

Answer : Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.

A morphed worm carrying a 0-day payload has infiltrated the company network and is nowspreading across the organization. The security administrator was able to isolate the wormcommunication and payload distribution channel to TCP port 445. Which of the following can theadministrator do in the short term to minimize the attack?
Options are :
  • Force a signature update and full system scan from the enterprise anti-virus solution.
  • Add the following ACL to the corporate firewall: DENY - TCP - ANY - ANY - 445.
  • Deploy the following ACL to the HIPS: DENY - TCP - ANY - ANY – 445. (Correct)
  • Run a TCP 445 port scan across the organization and patch hosts with open ports.

Answer : Deploy the following ACL to the HIPS: DENY - TCP - ANY - ANY – 445.

A company has recently implemented a video conference solution that uses the H.323 protocol.The security engineer is asked to make recommendations on how to secure video conferences toprotect confidentiality. Which of the following should the security engineer recommend?
Options are :
  • Recommend implementing G.711 for the audio channel and H.264 for the video.
  • Recommend moving to SIP and RTP as those protocols are inherently secure.
  • Encapsulate the audio channel in the G.711 codec rather than the unsecured Speex.
  • Implement H.235 extensions with DES to secure the audio and video transport. (Correct)

Answer : Implement H.235 extensions with DES to secure the audio and video transport.

JK0-016 CompTIA Network+ 2009 Edition Practice Exam Set 9

A security administrator is redesigning, and implementing a service-oriented architecture toreplace an old, in-house software processing system, tied to a corporate sales website. Afterperforming the business process analysis, the administrator decides the services need to operatein a dynamic fashion. The company has also been the victim of data injection attacks in the pastand needs to build in mitigation features. Based on these requirements and past vulnerabilities,which of the following needs to be incorporated into the SOA?
Options are :
  • Service to service authentication for all workflows. (Correct)
  • Two-factor authentication and signed code
  • Cryptographic hashes of all data transferred between services
  • Point to point VPNs for all corporate intranet users

Answer : Service to service authentication for all workflows.

A manager who was attending an all-day training session was overdue entering bonus and payrollinformation for subordinates. The manager felt the best way to get the changes entered while intraining was to log into the payroll system, and then activate desktop sharing with a trustedsubordinate. The manager granted the subordinate control of the desktop thereby giving thesubordinate full access to the payroll system. The subordinate did not have authorization to be inthe payroll system. Another employee reported the incident to the security team. Which of thefollowing would be the MOST appropriate method for dealing with this issue going forward?
Options are :
  • Block desktop sharing and web conferencing applications and enable use only with approval.
  • Actively monitor the data traffic for each employee using desktop sharing or web conferencing applications.
  • Permanently block desktop sharing and web conferencing applications and do not allow its use at the company.
  • Provide targeted security awareness training and impose termination for repeat violators. (Correct)

Answer : Provide targeted security awareness training and impose termination for repeat violators.

The Chief Information Security Officer (CISO) has just returned from attending a securityconference and now wants to implement a Security Operations Center (SOC) to improve andcoordinate the detection of unauthorized access to the enterprise. The CISO’s biggest concern isthe increased number of attacks that the current infrastructure cannot detect. Which of thefollowing is MOST likely to be used in a SOC to address the CISO’s concerns?
Options are :
  • eGRC, WIPS, Federated ID, Network enumerator, NIPS and Port Scanners
  • DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC (Correct)
  • Vulnerability assessments, NIDP, HIDS, SCAP, Analytics and SIEM
  • Forensics, White box testing, Log correlation, HIDS, and SSO

Answer : DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC

SY0-401 CompTIA Security+ Certification Practice Exam Set 6

An existing enterprise architecture included an enclave where sensitive research and developmentwork was conducted. This network enclave also served as a storage location for proprietarycorporate data and records. The initial security architect chose to protect the enclave by restrictingaccess to a single physical port on a firewall. All downstream network devices were isolated fromthe rest of the network and communicated solely through the single 100mbps firewall port. Overtime, researchers connected devices on the protected enclave directly to external resources andcorporate data stores. Mobile and wireless devices were also added to the enclave to support highspeed data research. Which of the following BEST describes the process which weakened thesecurity posture of the enclave?
Options are :
  • The shrinking of an overall attack surface due to the additional access.
  • Emerging business requirements led to the de-perimiterization of the network. (Correct)
  • Emerging security threats rendered the existing architecture obsolete.
  • None
  • The single firewall port was oversaturated with network packets.

Answer : Emerging business requirements led to the de-perimiterization of the network.

A security manager is developing new policies and procedures. Which of the following is a bestpractice in end user security?
Options are :
  • Access controls for computer systems and networks with two-factor authentication.
  • Employee identity badges and physical access controls to ensure only staff are allowed onsite.
  • Access controls to prevent end users from gaining access to confidential data.
  • A training program that is consistent, ongoing, and relevant. (Correct)

Answer : A training program that is consistent, ongoing, and relevant.

A new web application system was purchased from a vendor and configured by the internaldevelopment team. Before the web application system was moved into production, a vulnerabilityassessment was conducted. A review of the vulnerability assessment report indicated that thetesting team discovered a minor security issue with the configuration of the web application. Thesecurity issue should be reported to:
Options are :
  • The vendor who supplied the web application system.
  • Users of the new web application system
  • CISO immediately in an exception report.
  • Team lead in a weekly report. (Correct)

Answer : Team lead in a weekly report.

FC0-U41 CompTIA Strata IT Fundamentals Practice Exam Set 6

A security architect is seeking to outsource company server resources to a commercial cloudservice provider. The provider under consideration has a reputation for poorly controlling physicalaccess to datacenters and has been the victim of multiple social engineering attacks. The serviceprovider regularly assigns VMs from multiple clients to the same physical resources. Whenconducting the final risk assessment which of the following should the security architect take intoconsideration?
Options are :
  • Annual loss expectancy resulting from social engineering attacks against the cloud service provider affecting corporate network infrastructure.
  • The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform. (Correct)
  • The ability to implement user training programs for the purpose of educating internal staff about the dangers of social engineering.
  • The cost of resources required to relocate services in the event of resource exhaustion on a particular VM.

Answer : The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform.

An administrator notices the following file in the Linux server’s /tmp directory.-rwsr-xr-x. 4 root root 234223 Jun 6 22:52 bash*Which of the following should be done to prevent further attacks of this nature?
Options are :
  • Never mount the /tmp directory over NFS
  • Stop the rpcidmapd service from running
  • Restrict access to the /tmp directory
  • Mount all tmp directories nosuid, noexec (Correct)

Answer : Mount all tmp directories nosuid, noexec

A security consultant is hired by a company to determine if an internally developed web applicationis vulnerable to attacks. The consultant spent two weeks testing the application, and determinesthat no vulnerabilities are present. Based on the results of the tools and tests available, which ofthe following statements BEST reflects the security status of the application?
Options are :
  • There are no vulnerabilities in the application.
  • There are no known vulnerabilities at this time. (Correct)
  • The company should deploy a web application firewall to ensure extra security.
  • The company’s software lifecycle management improved the security of the application

Answer : There are no known vulnerabilities at this time.

CompTIA Security+ SY0-501 Exam Preparation (Latest Version) Set 4

A large organization has gone through several mergers, acquisitions, and de-mergers over thepast decade. As a result, the internal networks have been integrated but have complexdependencies and interactions between systems. Better integration is needed in order to simplifythe underlying complexity. Which of the following is the MOST suitable integration platform toprovide event-driven and standards-based secure software architecture?
Options are :
  • Object request broker (ORB)
  • Federated identities
  • Service oriented architecture (SOA)
  • Enterprise service bus (ESB) (Correct)

Answer : Enterprise service bus (ESB)

After connecting to a secure payment server at https://pay.xyz.com, an auditor notices that theSSL certificate was issued to *.xyz.com. The auditor also notices that many of the internaldevelopment servers use the same certificate. After installing the certificate on dev1.xyz.com, oneof the developers reports misplacing the USB thumb-drive where the SSL certificate was stored.Which of the following should the auditor recommend FIRST?
Options are :
  • Replace the SSL certificate on pay.xyz.com. (Correct)
  • Generate a new public key on both servers.
  • Generate a new private key password for both servers.
  • Replace the SSL certificate on dev1.xyz.com.

Answer : Replace the SSL certificate on pay.xyz.com.

If a technician must take an employee’s workstation into custody in response to an investigation,which of the following can BEST reduce the likelihood of related legal issues?
Options are :
  • A formal letter from the company’s president approving the seizure of the workstation
  • A formal training and awareness program on information security for all company managers
  • A printout of an activity log, showing that the employee has been spending substantial time on non-work related websites.
  • A screen displayed at log in that informs users of the employer’s rights to seize, search, and monitor company devices. (Correct)

Answer : A screen displayed at log in that informs users of the employer’s rights to seize, search, and monitor company devices.

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 1

An administrator is unable to connect to a server via VNC.Upon investigating the host firewall configuration, the administrator sees the following lines:A INPUT -m state --state NEW -m tcp -p tcp --dport 3389 -j DENYA INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j DENYA INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPTA INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j DENYA INPUT -m state --state NEW -m tcp -p tcp --sport 3389 -j ACCEPTWhich of the following should occur to allow VNC access to the server?
Options are :
  • A line needs to be added. (Correct)
  • DENY needs to be changed to ACCEPT on one line.
  • A line needs to be added.
  • Fix the typo in one line.

Answer : A line needs to be added.

A financial institution wants to reduce the costs associated with managing and troubleshootingemployees’ desktops and applications, while keeping employees from copying data onto externalstorage. The Chief Information Officer (CIO) has asked the security team to evaluate four solutionssubmitted by the change management group. Which of the following BEST accomplishes thistask?
Options are :
  • Implement server virtualization and move the application from the desktop to the server.
  • Move the critical applications to a private cloud and disable VPN and tunneling.
  • Implement desktop virtualization and encrypt all sensitive data at rest and in transit.
  • Implement VDI and disable hardware and storage mapping from the thin client. (Correct)

Answer : Implement VDI and disable hardware and storage mapping from the thin client.

A process allows a LUN to be available to some hosts and unavailable to others. Which of the

following causes such a process to become vulnerable?


Options are :

  • Data injection
  • LUN masking
  • Moving the HBA (Correct)
  • Data fragmentation

Answer : Moving the HBA

CompTIA Network+ (N10-007) : 6 Practice Exams - 2019 Set 1

A company has a single subnet in a small office. The administrator wants to limit non-web relatedtraffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTPprotocol anomalies from causing problems with the web server. Which of the following is theMOST likely solution?
Options are :
  • Application firewall and NIPS
  • Edge firewall and HIDS
  • Host firewall and WAF (Correct)
  • ACLs and anti-virus

Answer : Host firewall and WAF

A company is preparing to upgrade its NIPS at five locations around the world. The three platformsthe team plans to test, claims to have the most advanced features and lucrative pricing.Assuming all platforms meet the functionality requirements, which of the following methods shouldbe used to select the BEST platform?
Options are :
  • Evaluate each platform based on the total cost of ownership. (Correct)
  • Develop a service level agreement to ensure the selected NIPS meets all performance requirements.
  • Run a cost/benefit analysis based on the data received from the RFP.
  • Establish return on investment as the main criteria for selection

Answer : Evaluate each platform based on the total cost of ownership.

A startup company offering software on demand has hired a security consultant to provideexpertise on data security. The company’s clients are concerned about data confidentiality. Thesecurity consultant must design an environment with data confidentiality as the top priority, overavailability and integrity. Which of the following designs is BEST suited for this purpose?
Options are :
  • Each client is assigned a set of virtual hosts running shared hardware. Physical storage is partitioned into LUNS and assigned to each client. MPLS technology is used to segment and encrypt each of the client’s networks. PKI based remote desktop with hardware tokens is used by the client to connect to the application. (Correct)
  • Each client is assigned a set of virtual hosts running shared hardware. Virtual storage is partitioned and assigned to each client. VLAN technology is used to segment each of the client’s networks. PKI based remote desktop access is used by the client to connect to the application.
  • All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment to access the virtualized applications. A secret key kept by the startup encrypts the application virtual memory and data store.
  • All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment and to access the virtualized applications. Each client has a common shared key, which encrypts the application virtual memory and data store.

Answer : Each client is assigned a set of virtual hosts running shared hardware. Physical storage is partitioned into LUNS and assigned to each client. MPLS technology is used to segment and encrypt each of the client’s networks. PKI based remote desktop with hardware tokens is used by the client to connect to the application.

CompTIA Security+ SY0-501 Questions & Answers Set 1

Capital Reconnaissance, LLC is building a brand new research and testing location, and thephysical security manager wants to deploy IP-based access control and video surveillance. Thesetwo systems are essential for keeping the building open for operations. Which of the followingcontrols should the security administrator recommend to determine new threats against the newIP-based access control and video surveillance systems?
Options are :
  • Require separate non-VLANed networks and NIPS for each physical security system network.
  • Develop a network traffic baseline for each of the physical security systems. (Correct)
  • Air gap the physical security networks from the administrative and operational networks.
  • Have the Network Operations Center (NOC) review logs and create a CERT to respond to breaches.

Answer : Develop a network traffic baseline for each of the physical security systems.

A company recently experienced a malware outbreak. It was caused by a vendor using anapproved non-company device on the company’s corporate network that impacted manufacturinglines, causing a week of downtime to recover from the attack.Which of the following reduces this threat and minimizes potential impact on the manufacturinglines?
Options are :
  • Require a NIPS for all communications to and from manufacturing SCADA systems.
  • Disable remote access capabilities on manufacturing SCADA systems.
  • Add anti-virus and client firewall capabilities to the manufacturing SCADA systems.
  • Deploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems. (Correct)

Answer : Deploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems.

A new startup company with very limited funds wants to protect the organization from externalthreats by implementing some type of best practice security controls across a number of hostslocated in the application zone, the production zone, and the core network. The 50 hosts in thecore network are a mixture of Windows and Linux based systems, used by development staff todevelop new applications. The single Windows host in the application zone is used exclusively bythe production team to control software deployments into the production zone. There are 10 UNIXweb application hosts in the production zone which are publically accessible.Development staff is required to install and remove various types of software from their hosts on aregular basis while the hosts in the zone rarely require any type of configuration changes.Which of the following when implemented would provide the BEST level of protection with theLEAST amount of disruption to staff?
Options are :
  • NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware across all Windows hosts. (Correct)
  • NIPS in the production zone, NIDS in the application zone, HIPS in the core network, and antivirus / anti-malware across all hosts.
  • HIPS in the production zone, NIPS in the application zone, and HIPS in the core network.
  • NIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware across all hosts.

Answer : NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware across all Windows hosts.

CompTIA MB0-001 Mobility+ Certification Practice Exam Set 2

Company ABC has entered into a marketing agreement with Company XYZ, whereby ABC willshare some of its customer information with XYZ. However, XYZ can only contact ABC customerswho explicitly agreed to being contacted by third parties. Which of the following documents wouldcontain the details of this marketing agreement?
Options are :
  • ISA
  • BPA (Correct)
  • SLA
  • NDA

Answer : BPA

The root cause analysis of a recent security incident reveals that an attacker accessed a printerfrom the Internet. The attacker then accessed the print server, using the printer as a launch padfor a shell exploit. The print server logs show that the attacker was able to exploit multipleaccounts, ultimately launching a successful DoS attack on the domain controller.Defending against which of the following attacks should form the basis of the incident mitigationplan?
Options are :
  • Buffer overflow
  • SYN flood
  • DDoS
  • Privilege escalation (Correct)

Answer : Privilege escalation

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions