CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 1

Your organization has recently hired a new chief security officer (CSO). One of his first efforts is to implement a network trends

collection policy. Which statement best defines the purpose of this policy?



Options are :

  • b. to determine the security thresholds
  • d. to test security controls that you want to deploy
  • a. to anticipate where and when defenses might need to be changed (Correct)
  • c. to determine the benefits of implementing security controls

Answer : a. to anticipate where and when defenses might need to be changed

CompTIA N10-004 Network+ Certification Practice Test Set 3

Recently, you created several security benchmarks and compared them to your security baselines. Then you performed a trend analysis and determined that several new security controls needed to be deployed. After testing the new security controls, you decided to implement only two of the proposed controls. Once the security controls were deployed, you analyzed the controls to ensure that the business needs were met. What should you do now?



Options are :

  • b. Perform a cost/benefit analysis.
  • c. Determine ROI on the new controls.
  • d. Determine the TCO on the new controls.
  • a. Create a lessons-learned report. (Correct)

Answer : a. Create a lessons-learned report.

After a recent attack, senior management at your organization asked for a thorough analysis of the attack. Security professionals provided the results of the analysis to senior management, and then requests were made to the IT department on several new security controls that should be deployed. One of the controls was deployed, and now the network is experiencing higher latency. What should you do?



Options are :

  • c. Edit the security control to increase the latency.
  • d. Report the issue to senior management to find out if the higher latency value is acceptable. (Correct)
  • a. Do nothing. High latency is desirable.
  • b. Remove the new security control.

Answer : d. Report the issue to senior management to find out if the higher latency value is acceptable.

Your organization has recently undergone major restructuring. During this time, a new chief security officer (CSO) was hired. He has asked you to make recommendations for the implementation of organizational security policies. Which of the following should you not recommend?



Options are :

  • b. All personnel should be cross-trained and should rotate to multiple positions throughout the year.
  • a. All personnel are required to use their vacation time.
  • c. All high-level transactions should require a minimum of two personnel to complete.
  • d. The principle of least privilege should be implemented only for all high-level positions. (Correct)

Answer : d. The principle of least privilege should be implemented only for all high-level positions.

SY0-401 CompTIA Security+ Certification Practice Exam Set 5

Which of the following is not a valid IPv6 address?



Options are :

  • b. 2001:0db8:85a3:0:0:8a2e:0370:7334
  • d. 2001::85a3:8a2e::7334 (Correct)
  • a. 2001:0db8:85a3:0000:0000:8a2e:0370:7334
  • c. 2001:0db8:85a3::8a2e:0370:7334

Answer : d. 2001::85a3:8a2e::7334

Your organization has experienced several security issues in the past year, and management has adopted a plan to periodically assess its information security awareness. You have been asked to lead this program. Which program are you leading?



Options are :

  • c. risk mitigation
  • a. security training
  • b. continuous monitoring (Correct)
  • d. threat identification

Answer : b. continuous monitoring

Your company has decided to deploy network access control (NAC) on the enterprise to ensure that all devices comply with

corporate security policies. Which of the following should be done first?



Options are :

  • c. Develop the policy for NAC. (Correct)
  • d. Implement NAC.
  • b. Develop the procedures for NAC.
  • a. Develop the process for NAC.

Answer : c. Develop the policy for NAC.

CLO-001 CompTIA Cloud Essentials Certification Practice Test Set 7

What is the first step of a risk assessment?



Options are :

  • c. Identify vulnerabilities and threats.
  • b. Calculate threat probability and business impact.
  • d. Identify assets and asset value. (Correct)
  • a. Balance threat impact with countermeasure cost.

Answer : d. Identify assets and asset value.

Which of the following is not an example of de-perimeterization?



Options are :

  • d. three-legged firewall (Correct)
  • b. cloud computing
  • c. BYOD
  • a. telecommuting

Answer : d. three-legged firewall

While performing risk analysis, your team has come up with a list of many risks. Several of the risks are unavoidable, even though you plan to implement some security controls to protect against them. Which type of risk is considered unavoidable?



Options are :

  • a. inherent risks (Correct)
  • d. operational risks
  • c. technical risks
  • b. residual risks

Answer : a. inherent risks

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 8

Your company has recently decided to switch Internet service providers. The new provider has provided a document that lists all the guaranteed performance levels of the new connection. Which document contains this information?



Options are :

  • a. SLA (Correct)
  • b. ISA
  • c. MOU
  • d. IA

Answer : a. SLA

You are currently engaged in IT security governance for your organization. You specifically provide instruction on acceptable

and unacceptable activities for all personnel. What should you do?



Options are :

  • b. Create an NDA that addresses all these issues.
  • a. Create an advisory security policy that addresses all these issues. (Correct)
  • d. Create a regulatory security policy and system-specific security policy that address all these issues.
  • c. Create an informative security policy that addresses all these issues.

Answer : a. Create an advisory security policy that addresses all these issues.

As a security analyst for your organization, you have implemented several new security controls. Management requests

that you analyze the availability of several devices and provide them with the appropriate metrics. Which metrics should you

provide?



Options are :

  • b. MTTR and MTBF (Correct)
  • a. ROI and TCO
  • c. WRT and RPO
  • d. baselines and benchmarks

Answer : b. MTTR and MTBF

CompTIA JK0-801 A+ Laptops Printers and Operational Exam Set 4

Which of the following is not a command-line utility?



Options are :

  • b. Telnet
  • d. nslookup
  • a. RDP (Correct)
  • c. SSH

Answer : a. RDP

Your organization has recently been the victim of fraud perpetrated by a single employee. After a thorough analysis has been completed of the event, security experts recommend that security controls be established to require multiple employees to complete a task. Which control should you implement, based on the expert recommendations?



Options are :

  • c. least privilege
  • a. mandatory vacation
  • d. continuous monitoring
  • b. separation of duties (Correct)

Answer : b. separation of duties

A security analyst is using the SCinformation system = [(confidentiality, impact), (integrity, impact), (availability, impact)]

formula while performing risk analysis. What will this formula be used for?



Options are :

  • b. to calculate ALE
  • a. to calculate quantitative risk (Correct)
  • d. to calculate SLE
  • c. to calculate the aggregate CIA score

Answer : a. to calculate quantitative risk

JK0-802 CompTIA A+ Certification Exam Set 9

Generally speaking, an increase in security measures in a network is accompanied by what?



Options are :

  • a. an increase in performance
  • c. a decrease in performance (Correct)
  • d. a decrease in security
  • b. an increased ease of use

Answer : c. a decrease in performance

The chief information security officer (CISO) has asked you to prepare a report for management that includes the overall costs associated with running the organizational risk management process, including insurance premiums, finance costs,administrative costs, and any losses incurred. What are you providing?



Options are :

  • a. ROI
  • d. NPV
  • b. SLE
  • c. TCO (Correct)

Answer : c. TCO

Which of the following cloud approaches offers the maximum control over company data?



Options are :

  • a. public
  • c. hybrid
  • d. composite
  • b. private (Correct)

Answer : b. private

CompTIA Security+ Cert. (SY0-501): Practice Tests 2019 Set 2

Which of the following is an example of an incident?



Options are :

  • c. several invalid password attempts for multiple users (Correct)
  • d. a user attempting to access a folder to which he does not have access
  • a. an invalid user account’s login attempt
  • b. account lockout for a single user account

Answer : c. several invalid password attempts for multiple users

After analyzing the risks to your company’s web server, company management decides to implement different safeguards for each risk. For several risks, management chooses to avoid the risk. What do you need to do for these risks?



Options are :

  • a. Determine how much risk is left over after safeguards have been implemented.
  • b. Terminate the activity that causes the risks or choose an alternative that is not as risky. (Correct)
  • c. Pass the risk to a third party.
  • d. Define the acceptable risk level the organization can tolerate and reduce the risks to that level.

Answer : b. Terminate the activity that causes the risks or choose an alternative that is not as risky.

Your organization has established a new security metrics policy to be more proactive in its security measures. As part of the policy, you have been tasked with collecting and comparing metrics on a day-to-day basis. Which of the following are you performing?



Options are :

  • a. thresholds
  • b. trends
  • c. baselines
  • d. daily workloads (Correct)

Answer : d. daily workloads

CompTIA JK0-022 E2C Security+ Network Security Practice Exam Set 2

During a recent security audit, your organization provided the auditor with an SOA. What was the purpose of this document?


Options are :

  • b. to document the performance levels that are guaranteed
  • c. to document risks
  • a. to identify the controls chosen by an organization and explain how and why the controls are appropriate (Correct)
  • d. to prevent the disclosure of confidential information

Answer : a. to identify the controls chosen by an organization and explain how and why the controls are appropriate

Which of the following refers to responsibilities that an organization has due to partnerships with other organizations and

customers?



Options are :

  • d. indirect costs
  • b. downstream liability (Correct)
  • c. due diligence
  • a. due process

Answer : b. downstream liability

What is the primary concern of PII?



Options are :

  • c. integrity
  • a. availability
  • b. confidentiality (Correct)
  • d. authentication

Answer : b. confidentiality

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 5

Your organization wants to deploy a new security control on its network. However, management has requested that you provide information on whether the security control will add value to the organization after its deployment. What should you do to provide this information to management?



Options are :

  • c. Perform a cost/benefit analysis for the new security control. (Correct)
  • d. Prototype the new solution in a lab environment and provide the prototype results to management.
  • b. Deploy the security control and create baselines for reporting to management.
  • a. Deploy the security control and collect the appropriate metrics for reporting to management.

Answer : c. Perform a cost/benefit analysis for the new security control.

Which of the following is most likely to be affected by the Sarbanes-Oxley (SOX) Act?



Options are :

  • a. healthcare company
  • c. federal contracting company
  • b. publicly traded corporation (Correct)
  • d. retail company

Answer : b. publicly traded corporation

Your organization has been working to formally document all of its third-party agreements. Management contacts you, requesting that you provide access to a document that spells out exactly the security measures that should be taken with respect to the handling of data exchanged between your organization and a third party.

Which of the following documents should you provide?


Options are :

  • a. BYOD
  • b. TCA (Correct)
  • c. ISO
  • d. SOE

Answer : b. TCA

CompTIA Network+ (N10-007) : 6 Practice Exams - 2019 Set 2

Which of the following outline goals but do not give any specific ways to accomplish the stated goals?



Options are :

  • d. standards
  • a. rules
  • c. policies (Correct)
  • b. procedures

Answer : c. policies

Your organization is in the process of upgrading the hardware in several servers. You need to ensure that you have captured the appropriate metrics. Which steps should you take?



Options are :

  • c. Capture benchmarks for all the upgraded servers. Compare these benchmarks to the old thresholds. Replace the old thresholds using the new benchmarks for any values that have changed.
  • b. Capture baselines for all the upgraded servers. Compare these baselines to the old benchmarks. Replace the old benchmarks using the new baselines for any values that have changed.
  • a. Capture benchmarks for all the upgraded servers. Compare these benchmarks to the old baselines. Replace the old baselines using the new benchmarks for any values that have changed. (Correct)
  • d. Capture baselines for all the upgraded servers. Compare these baselines to the old thresholds. Replace the old thresholds using the new baselines for any values that have changed.

Answer : a. Capture benchmarks for all the upgraded servers. Compare these benchmarks to the old baselines. Replace the old baselines using the new benchmarks for any values that have changed.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions