CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 7

Which of the following refers to programs running in an isolated space to run untested code andprevents the code from making permanent changes to the OS kernel and other data on the hostmachine?
Options are :
  • Code signing
  • Application sandboxing (Correct)
  • Application hardening
  • Input Validation

Answer : Application sandboxing

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 15

A number of security incidents have been reported involving mobile web-based code developed bya consulting company. Performing a root cause analysis, the security administrator of theconsulting company discovers that the problem is a simple programming error that results in extrainformation being loaded into the memory when the proper format is selected by the user. Afterrepeating the process several times, the security administrator is able to execute unintentionalinstructions through this method. Which of the following BEST describes the problem that isoccurring, a good mitigation technique to use to prevent future occurrences, and why it a securityconcern?
Options are :
  • Problem: Buffer overflow Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data. (Correct)
  • Problem: SQL injection Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability SQL injection and can enable malicious actors to compromise the confidentiality of data or interrupt the availability of a system.
  • Problem: Cross-site scripting Mitigation Technique. Input validation Security Concern: Decreases the company’s profits and cross-site scripting can enable malicious actors to compromise the confidentiality of network connections or interrupt the availability of the network.
  • Problem: Buffer overflow Mitigation Technique: Output validation Security Concern: Exposing the company to public scrutiny buffer overflows can enable malicious actors to interrupt the availability of a system.

Answer : Problem: Buffer overflow Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data.

A user logs into domain A using a PKI certificate on a smartcard protected by an 8 digit PIN. Thecredential is cached by the authenticating server in domain A. Later, the user attempts to access aresource in domain B. This initiates a request to the original authenticating server to somehowattest to the resource server in the second domain that the user is in fact who they claim to be.Which of the following is being described?
Options are :
  • Authentication
  • SAML (Correct)
  • Authorization
  • Kerberos

Answer : SAML

A security manager at Company ABC, needs to perform a risk assessment of a new mobile devicewhich the Chief Information Officer (CIO) wants to immediately deploy to all employees in thecompany. The product is commercially available, runs a popular mobile operating system, and canconnect to IPv6 networks wirelessly. The model the CIO wants to procure also includes theupgraded 160GB solid state hard drive. The producer of the device will not reveal exact numbersbut experts estimate that over 73 million of the devices have been sold worldwide. Which of thefollowing is the BEST list of factors the security manager should consider while performing a riskassessment?
Options are :
  • Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the track record of the vendor in publicizing and correcting security flaws in their products; predicted costs associated with maintaining, integrating and securing the devices. (Correct)
  • Ability to remotely administer the devices, apply security controls remotely, and remove the SSD; the track record of the vendor in securely implementing IPv6 with IPSec; predicted costs associated with securing the devices
  • Ability to remotely monitor the devices, remove security controls remotely, and decrypt the SSD; the track record of the vendor in publicizing and preventing security flaws in their products; predicted costs associated with maintaining, destroying and tracking the devices.
  • Ability to remotely sanitize the devices, apply security controls locally, encrypt the SSD; the track record of the vendor in adapting the open source operating system to their platform; predicted costs associated with inventory management, maintaining, integrating and securing the devices.

Answer : Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the track record of the vendor in publicizing and correcting security flaws in their products; predicted costs associated with maintaining, integrating and securing the devices.

SY0-401 CompTIA Security+ Certification Practice Exam Set 4

An Information Security Officer (ISO) has asked a security team to randomly retrieve discardedcomputers from the warehouse dumpster. The security team was able to retrieve two oldercomputers and a broken MFD network printer. The security team was able to connect the harddrives from the two computers and the network printer to a computer equipped with forensic tools.The security team was able to retrieve PDF files from the network printer hard drive but the dataon the two older hard drives was inaccessible.Which of the following should the Warehouse Manager do to remediate the security issue?
Options are :
  • Update the hardware decommissioning procedures (Correct)
  • Degauss the printer hard drive to delete data.
  • Revise the hardware and software maintenance contract.
  • Implement a new change control process

Answer : Update the hardware decommissioning procedures

Which of the following precautions should be taken to harden network devices in case ofVMEscape?
Options are :
  • Physical servers should only be on the same WAN as other physical servers in their network
  • Web servers should be on the same physical server as database servers in the network segment.
  • Virtual servers should only be on the same physical server as others in their network segment (Correct)
  • Database servers should be on the same virtual server as web servers in the DMZ network segment.

Answer : Virtual servers should only be on the same physical server as others in their network segment

A company contracts with a third party to develop a new web application to process credit cards.Which of the following assessments will give the company the GREATEST level of assurance forthe web application?
Options are :
  • Code Review (Correct)
  • Social Engineering
  • Penetration Test
  • Vulnerability Assessment

Answer : Code Review

SY0-401 CompTIA Security+ Certification Practice Exam Set 8

Wireless users are reporting issues with the company’s video conferencing and VoIP systems.The security administrator notices DOS attacks on the network that are affecting the company’sVoIP system (i.e. premature call drops and garbled call signals). The security administrator alsonotices that the SIP servers are unavailable during these attacks. Which of the following securitycontrols will MOST likely mitigate the VoIP DOS attacks on the network? (Select TWO).A. Configure 802.11b on the networkB. Configure 802.1q on the networkC. Configure 802.11e on the networkD. Update the firewall managing the SIP serversE. Update the HIDS managing the SIP servers
Options are :
  • C,A
  • C,B
  • C,D (Correct)
  • B,D

Answer : C,D

A security architect is assigned to a major software development project. The softwaredevelopment team has a history of writing bug prone, inefficient code, with multiple security flawsin every release. The security architect proposes implementing secure coding standards to theproject manager. The secure coding standards will contain detailed standards for:
Options are :
  • error prevention, requirements validation, memory use and reuse, commenting typical security problems, and testing code standards.
  • error handling, input validation, commenting, preventing typical security problems, managing customers, and documenting extra requirements.
  • error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems. (Correct)
  • error elimination, trash collection, documenting race conditions, peer review, and typical security problems.

Answer : error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems.

A network engineer at Company ABC observes the following raw HTTP request:GET /disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01-01-0101&Run=Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1HTTP/1.1Host: test.example.netAccept: */*Accept-Language: enConnection: closeCookie: java14=1; java15=1; java16=1; js=1292192278001;Which of the following should be the engineer’s GREATEST concern?
Options are :
  • The HTTPS is not being enforced so the system is vulnerable.
  • The dates entered are outside a normal range, which may leave the system vulnerable to a denial of service attack.
  • Sensitive data is transmitted in the URL.
  • The numerical encoding on the session ID is limited to hexadecimal characters, making it susceptible to a brute force attack. (Correct)

Answer : The numerical encoding on the session ID is limited to hexadecimal characters, making it susceptible to a brute force attack.

JK0-019 CompTIA E2C Network + Certification Exam Set 6

A company has decided to relocate and the security manager has been tasked to perform a sitesurvey of the new location to help in the design of the physical infrastructure. The current locationhas video surveillance throughout the building and entryways.The following requirements must be met:Able to log entry of all employees in and out of specific areasAccess control into and out of all sensitive areasTailgating preventionWhich of the following would MOST likely be implemented to meet the above requirements andprovide a secure solution? (Select TWO).A. Discretionary Access controlB. Man trapC. Visitor logsD. Proximity readersE. Motion detection sensors
Options are :
  • B,D (Correct)
  • B,C
  • B,A
  • A,D

Answer : B,D

A security audit has uncovered a lack of security controls with respect to employees’ networkaccount management. Specifically, the audit reveals that employee’s network accounts are notdisabled in a timely manner once an employee departs the organization. The company policystates that the network account of an employee should be disabled within eight hours oftermination. However, the audit shows that 5% of the accounts were not terminated until threedays after a dismissed employee departs. Furthermore, 2% of the accounts are still active.Which of the following is the BEST course of action that the security officer can take to avoidrepeat audit findings?
Options are :
  • Update the company policy to account for delays and unforeseen situations in account deactivation.
  • Enforce the company policy by conducting monthly account reviews of inactive accounts.
  • Review the termination policy with the company managers to ensure prompt reporting of employee terminations. (Correct)
  • Review the HR termination process and ask the software developers to review the identity management code.

Answer : Review the termination policy with the company managers to ensure prompt reporting of employee terminations.

A company has asked their network engineer to list the major advantages for implementing avirtual environment in regards to cost. Which of the following would MOST likely be selected?
Options are :
  • Isolation of applications
  • Reducing physical footprint (Correct)
  • Reduced network traffic
  • Ease of patch testing

Answer : Reducing physical footprint

CompTIA Security+ Certification (SY0-501): Sample

The security administrator of a small private firm is researching and putting together a proposal topurchase an IPS to replace an existing IDS. A specific brand and model has been selected, butthe security administrator needs to gather various cost information for that product. Which of thefollowing documents would perform a cost analysis report and include information such aspayment terms?
Options are :
  • RFQ (Correct)
  • RFC
  • RTO
  • RFI

Answer : RFQ

A certain script was recently altered by the author to meet certain security requirements, andneeds to be executed on several critical servers. Which of the following describes the process ofensuring that the script being used was not altered by anyone other than the author?
Options are :
  • Password entropy
  • Digital signing
  • Digital encryption
  • Code signing (Correct)

Answer : Code signing

The company is about to upgrade a financial system through a third party, but wants to legallyensure that no sensitive information is compromised throughout the project. The project managermust also make sure that internal controls are set to mitigate the potential damage that oneindividual’s actions may cause. Which of the following needs to be put in place to make certainboth organizational requirements are met? (Select TWO).A. Separation of dutiesB. Forensic tasksC. MOUD. OLAE. NDAF. Job rotation
Options are :
  • A,D
  • B,E
  • A,E (Correct)
  • A,C

Answer : A,E

CompTIA 220-801 A+ Advanced Certification Practice Exam Set 8

Which of the following can aid a buffer overflow attack to execute when used in the creation ofapplications?
Options are :
  • Secure cookie storage
  • Standard libraries (Correct)
  • Input validation
  • State management

Answer : Standard libraries

The helpdesk is receiving multiple calls about slow and intermittent Internet access from theCompTIA CAS-001 Exam"Pass Any Exam. Any Time." - www.actualtests.com 25finance department. The network administrator reviews the tickets and compiles the followinginformation for the security administrator:------Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0All callers are connected to the same switch and are routed by a router with five built-in interfaces.The upstream router interface’s MAC is 00-01-42-32-ab-1a------The security administrator brings a laptop to the finance office, connects it to one of the wall jacks,starts up a network analyzer, and notices the following:09:05:10.937590 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)09:05:15.934840 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)09:05:19.931482 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)Which of the following can the security administrator determine from the above information?
Options are :
  • A man in the middle attack is underway - implementing static ARP entries is a possible solution. (Correct)
  • The default gateway is being spoofed - implementing static routing with MD5 is a possible solution.
  • The router is being advertised on a separate network - router reconfiguration is a possible solution.
  • An ARP flood attack targeted at the router is causing intermittent communication – implementing IPS is a possible solution.

Answer : A man in the middle attack is underway - implementing static ARP entries is a possible solution.

A security consultant is evaluating forms which will be used on a company website. Which of thefollowing techniques or terms is MOST effective at preventing malicious individuals fromsuccessfully exploiting programming flaws in the website?
Options are :
  • Input validation (Correct)
  • Anti-spam software
  • Data loss prevention
  • Application sandboxing

Answer : Input validation

CompTIA Security+ Cert. (SY0-501): Practice Tests 2019 Set 5

Which of the following is true about an unauthenticated SAMLv2 transaction?
Options are :
  • The browser asks the SP for a resource. The SP provides the browser with an XHTML format. The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access. (Correct)
  • B. The browser asks the IdP for a resource. The IdP provides the browser with an XHTML format. The browser asks the SP to validate the user, and then provides the XHTML to the IdP for access.
  • The browser asks the IdP to validate the user. The IdP sends an XHTML form to the SP and a cookie to the browser. The browser asks for a resource to the SP, which verifies the cookie and XHTML format for access.
  • The browser asks the SP to validate the user. The SP sends an XHTML form to the IdP. The IdP provides the XHTML form back to the SP, and then the browser asks the SP for a resource.

Answer : The browser asks the SP for a resource. The SP provides the browser with an XHTML format. The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access.

The security administrator is receiving numerous alerts from the internal IDS of a possibleConficker infection spreading through the network via the Windows file sharing services. Given thesize of the company which deploys over 20,000 workstations and 1,000 servers, the securityengineer believes that the best course of action is to block the file sharing service across theorganization by placing ACLs on the internal routers.Which of the following should the security administrator do before applying the ACL?
Options are :
  • Call an emergency change management meeting to ensure the ACL will not impact core business functions. (Correct)
  • Quickly research best practices with respect to stopping Conficker infections and implement the solution.
  • Apply the ACL immediately since this is an emergency that could lead to a widespread data compromise.
  • Consult with the rest of the security team and get approval on the solution by all the team members and the team manager.

Answer : Call an emergency change management meeting to ensure the ACL will not impact core business functions.

Which of the following must be taken into consideration for e-discovery purposes when a legalcase is first presented to a company?
Options are :
  • Data ownership on all files
  • Data recovery and storage (Correct)
  • Data retention policies on only file servers
  • Data size on physical disks

Answer : Data recovery and storage

Several critical servers are unresponsive after an update was installed. Other computers that havenot yet received the same update are operational, but are vulnerable to certain buffer overflowattacks. The security administrator is required to ensure all systems have the latest updates whileminimizing any downtime. Which of the following is the BEST risk mitigation strategy to use to ensure a system is properlyupdated and operational?
Options are :
  • Distributed patch management system where all updates are tested in a lab environment prior to being installed on a live production system. (Correct)
  • Central patch management system where all systems in production are patched by automatic updates as they are released.
  • Central patch management system where all updates are tested in a lab environment after being installed on a live production system.
  • Distributed patch management system where all systems in production are patched as updates are released.

Answer : Distributed patch management system where all updates are tested in a lab environment prior to being installed on a live production system.

CompTIA JK0-801 A+ Certification Practical Exam Set 3

The security administrator at a bank is receiving numerous reports that customers are unable tologin to the bank website. Upon further investigation, the security administrator discovers that thename associated with the bank website points to an unauthorized IP address.Which of the following solutions will MOST likely mitigate this type of attack?
Options are :
  • Configuring and deploying TSIG (Correct)
  • Firewalls and IDS technologies
  • Security awareness and user training
  • Recursive DNS from the root servers

Answer : Configuring and deploying TSIG

A security audit has uncovered that some of the encryption keys used to secure the company B2Bfinancial transactions with its partners may be too weak. The security administrator needs toimplement a process to ensure that financial transactions will not be compromised if a weakencryption key is found. Which of the following should the security administrator implement?
Options are :
  • AES256-CBC should be implemented for all encrypted data.
  • PFS should be implemented on all SSH connections.
  • Entropy should be enabled on all SSLv2 transactions.
  • PFS should be implemented on all VPN tunnels. (Correct)

Answer : PFS should be implemented on all VPN tunnels.

A company which manufactures ASICs for use in an IDS wants to ensure that the ASICs’ code isnot prone to buffer and integer overflows. The ASIC technology is copyrighted and theconfidentiality of the ASIC code design is exceptionally important. The company is required toconduct internal vulnerability testing as well as testing by a third party.Which of the following should be implemented in the SDLC to achieve these requirements?
Options are :
  • Defect testing by the manufacturer and user acceptance testing by the third party
  • Regression testing by the manufacturer and integration testing by the third party
  • White box unit testing by the manufacturer and black box testing by the third party (Correct)
  • User acceptance testing by the manufacturer and black box testing by the third party

Answer : White box unit testing by the manufacturer and black box testing by the third party

CompTIA Security+ Certification (SY0-501): Practice Tests

Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitiveinformation on it?
Options are :
  • Write over the data
  • Incinerate the DVD
  • Purge the data
  • Shred the DVD (Correct)

Answer : Shred the DVD

After implementing port security, restricting all network traffic into and out of a network, migratingto IPv6, installing NIDS, firewalls, spam and application filters, a security administer is convincedthat the network is secure. The administrator now focuses on securing the hosts on the network,starting with the servers.Which of the following is the MOST complete list of end-point security software the administratorcould plan to implement?
Options are :
  • Anti-malware/virus/spyware/spam software, as well as a host based firewall and biometric authentication.
  • Anti-malware/spam software, as well as a host based firewall and strong, three-factor authentication.
  • Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, twofactor authentication (Correct)
  • Anti-virus/spyware/spam software, as well as a host based IDS, firewall, and strong three-factor authentication.

Answer : Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, twofactor authentication

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions