CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 2

You are analyzing a group of threat agents that includes hardware and software failure, malicious code, and new technologies. Which type of threat agents are you analyzing?



Options are :

  • b. natural
  • c. environmental
  • a. human
  • d. technical (Correct)

Answer : d. technical

JK0-019 CompTIA E2C Network + Certification Exam Set 2

After analyzing a successful attack against several of your organizationís servers, you come up with five possible solutions that could prevent the type of attack that occurred. You need to implement the solution that will provide the best protection against this attack while minimizing the impact on the serversí performance. You decide to test the solutions in your organizationís virtual lab. What should you do?



Options are :

  • c. Implement all five solutions in the virtual lab. Run a simulation for the attack in the virtual lab. Collect metrics on the serversí performance. Choose which solutions to implement based on the metrics collected.
  • d. Implement each solution one at a time in the virtual lab and collect metrics on the serversí performance. Run a simulation for the attack in the virtual lab. Roll back each solution and implement the next solution, repeating the process for each solution. Choose which solutions to implement based on the metrics collected.
  • a. Implement all five solutions in the virtual lab and collect metrics on the serversí performance. Run a simulation for the attack in the virtual lab. Choose which solutions to implement based on the metrics collected.
  • b. Implement the solutions one at a time in the virtual lab. Run a simulation for the attack in the virtual lab. Collect metrics on the serversí performance. Roll back each solution and implement the next solution, repeating the process for each solution. Choose which solutions to implement based on the metrics collected. (Correct)

Answer : b. Implement the solutions one at a time in the virtual lab. Run a simulation for the attack in the virtual lab. Collect metrics on the serversí performance. Roll back each solution and implement the next solution, repeating the process for each solution. Choose which solutions to implement based on the metrics collected.

Which document requires that a vendor reply with a formal bid proposal?



Options are :

  • c. RFQ
  • a. RFI
  • d. agreement
  • b. RFP (Correct)

Answer : b. RFP

Your organization has signed a new contract to provide database services to another company. The partner company has requested that the appropriate privacy protections be in place within your organization. Which document should be used to ensure data privacy?



Options are :

  • b. IA
  • a. ISA
  • d. PII
  • c. NDA (Correct)

Answer : c. NDA

JK0-019 CompTIA E2C Network + Certification Exam Set 10

A hacker gains access to your organizationís network. During this attack, he is able to change some data and access some design plans that are protected by a U.S. patent. Which security tenets have been violated?



Options are :

  • c. integrity and availability
  • a. confidentiality and availability
  • b. confidentiality and integrity (Correct)
  • d. confidentiality, integrity, and availability

Answer : b. confidentiality and integrity

Which of the following tenets has been satisfied when an organization takes all the actions it can reasonably take to prevent

security issues or to mitigate damage if security breaches occur?



Options are :

  • c. due process
  • a. due care (Correct)
  • d. CIA
  • b. due diligence

Answer : a. due care

You are the security analyst for your enterprise. You have been asked to make several security controls easier to implement and manage. Which attribute will you be addressing?



Options are :

  • b. availability
  • a. maintainability
  • d. recoverability
  • c. usability (Correct)

Answer : c. usability

CompTIA JK0-022 E2C Security+ Network Security Practice Exam Set 3

You are the security analyst for your enterprise. You have been asked to analyze the efficiency of the security controls

implemented on the enterprise. Which attribute will you be analyzing?



Options are :

  • c. scalability
  • b. performance (Correct)
  • d. capability
  • a. latency

Answer : b. performance

An organization has a research server farm with a value of $12,000. The exposure factor for a complete power failure is 10%.

The annualized rate of occurrence that this will occur is 5%. What is the ALE for this event?



Options are :

  • a. $1,200
  • c. $60 (Correct)
  • d. $600
  • b. $12,000

Answer : c. $60

You have been asked to document the different threats to an internal file server. As part of that documentation, you need to

include the monetary impact of each threat occurrence. What should you do?



Options are :

  • b. Determine the ALE for each threat occurrence.
  • d. Determine the SLE for each threat occurrence. (Correct)
  • a. Determine the ARO for each threat occurrence.
  • c. Determine the EF for each threat occurrence.

Answer : d. Determine the SLE for each threat occurrence.

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 1

Which of the following are used to steal proximity badge information?



Options are :

  • a. lock picks
  • d. evil twins
  • c. rogue APs
  • b. RFID tools (Correct)

Answer : b. RFID tools

HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 3

Recently someone stole data from your network, and that data should have been encrypted, but itís too late to figure out whether it was. What tool could you use to determine if certain types of traffic on your network are encrypted?



Options are :

  • c. password cracker
  • b. protocol analyzer (Correct)
  • d. fuzzer
  • a. port scanner

Answer : b. protocol analyzer

Which of the following runs directly on the hostís hardware to control the hardware and to manage guest operating systems?


Options are :

  • a. Type 1 hypervisor (Correct)
  • b. Type 2 hypervisor
  • c. Type 3 hypervisor
  • d. Type 4 hypervisor

Answer : a. Type 1 hypervisor

During a recent security analysis, you determined that users do not use authentication when accessing some private data. What should you do first?



Options are :

  • d. Implement complex user passwords.
  • b. Configure the appropriate ACL for the data.
  • a. Encrypt the data.
  • c. Determine whether authentication can be used. (Correct)

Answer : c. Determine whether authentication can be used.

CompTIA Security+ Cert. (SY0-501): Practice Tests 2019 Set 5

A group of your software developers just reviewed code while the author explained his reasoning. What type of code review have they just completed?



Options are :

  • a. pair programming
  • c. tool assisted
  • d. email
  • b. over-the-shoulder (Correct)

Answer : b. over-the-shoulder

Which of the following should not be taken into consideration for e-discovery purposes when a legal case is presented to a company?



Options are :

  • a. data ownership
  • d. data size (Correct)
  • c. data recovery
  • b. data retention

Answer : d. data size

You implemented a procedure whereby a testing team was provided with limited knowledge of the network systems and devices and could use publicly available information. The organizationís security team was NOT informed that an attack was coming. What type of test have you implemented?



Options are :

  • a. double-blind test (Correct)
  • b. target test
  • c. full-knowledge test
  • d. blind test

Answer : a. double-blind test

Test : CompTIA Network+ (N10-007)

Which tool type captures raw packets?



Options are :

  • a. fuzzer
  • b. sniffer (Correct)
  • c. network enumerator
  • d. port scanner

Answer : b. sniffer

Which SFC switch scans a file that you specify and fixes problems if they are found?



Options are :

  • b. /SCANONCE
  • c. /SCANFILE (Correct)
  • a. /CACHSIZE=X
  • d. /SCANNOW

Answer : c. /SCANFILE

Management expresses concerns about using multitenant public cloud solutions to store organizational data. You explain that tenant data in a multitenant solution is quarantined from other tenantsí data, using tenant IDs in the data labels. What is the term for this process?



Options are :

  • b. data aggregation
  • d. data isolation (Correct)
  • c. data purging
  • a. data remnants

Answer : d. data isolation

JK0-016 CompTIA Network+ 2009 Edition Practice Exam Set 2

Which of the following is a cloud solution owned and managed by one company solely for that companyís use?



Options are :

  • b. public
  • a. hybrid
  • c. private (Correct)
  • d. community

Answer : c. private

The data owner has determined all the data classifications of the data he owns. He determines the level of access that will be

granted to users. Who should be responsible for implementing the controls?



Options are :

  • c. the data ownerís supervisor
  • d. a security specialist
  • b. the data custodian (Correct)
  • a. the data owner

Answer : b. the data custodian

As your enterprise has grown, it has become increasingly hard to access and manage resources. Users often have trouble locating printers, servers, and other resources. You have been asked to deploy a solution that will allow easy access to internal resources. Which solution should you deploy?



Options are :

  • a. Directory Services (Correct)
  • d. SOA
  • b. CMDB
  • c. ESB

Answer : a. Directory Services

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 14

Your company has recently been the victim of a prolonged password attack in which attackers used a dictionary attack to determine user passwords. After this occurred, attackers were able to access your network and download confidential information. Your organization only found out about the breach when the attackers requested monetary compensation for keeping the information confidential. Later, it was determined that your audit logs recorded many suspicious events over a period of several weeks. What was the most likely reason this attack was successful?



Options are :

  • a. No one was reviewing the audit logs. (Correct)
  • c. The audit logs generated too many false positives.
  • b. The audit logs generated too many false negatives.
  • d. The attack occurred outside normal operating hours.

Answer : a. No one was reviewing the audit logs.

Which SCAP component contains methods for describing and classifying operating systems?



Options are :

  • a. CCE
  • c. CWE
  • b. CPE (Correct)
  • d. CVE

Answer : b. CPE

What concept prescribes that information that has been converted and stored in binary digital form is subject to the laws of the country in which it is located?



Options are :

  • b. data ownership
  • c. data isolation
  • a. data sovereignty (Correct)

Answer : a. data sovereignty

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 5

Which of the following is a new breed of software that comes in modules allowing for customization by the organization?



Options are :

  • b. open source
  • c. in-house developed
  • a. tailored commercial (Correct)

Answer : a. tailored commercial

What command captures packets on Linux and UNIX platforms?



Options are :

  • d. ifconfig
  • c. netstat
  • b. nbtstat
  • a. tcpdunp (Correct)

Answer : a. tcpdunp

Your organization has recently partnered with another organization. The partner organization needs access to certain

resources. Management wants you to create a perimeter network that contains only the resources that the partner organization needs to access. What should you do?



Options are :

  • a. Deploy a DMZ. (Correct)
  • c. Deploy a wireless network.
  • d. Deploy a VPN.
  • b. Deploy a VLAN.

Answer : a. Deploy a DMZ.

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 3

You would like to prevent the corruption of the routing tables in your network. Which of the following would be the best approach?



Options are :

  • a. Implement CDP.
  • c. Implement sandboxing.
  • b. Configure CHAP between routers. (Correct)
  • d. Disable CDP.

Answer : b. Configure CHAP between routers.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions