CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 3

During a recent data breach at your organization, a forensic expert was brought in to ensure that the evidence was retained in a proper manner. The forensic expert stressed the need to ensure the chain of custody. Which of the following components is not part of the chain of custody?



Options are :

  • a. who detected the evidence (Correct)
  • d. who obtained the evidence
  • b. who controlled the evidence
  • c. who secured the evidence

Answer : a. who detected the evidence

What is the last step in performing a penetration test?



Options are :

  • c. Execute attacks against the target system or device to gain user and privileged access.
  • b. Document information about the target system or device.
  • d. Document the results of the penetration test and report the findings. (Correct)
  • a. Gather information about attack methods against the target system or device.

Answer : d. Document the results of the penetration test and report the findings.

JK0-019 CompTIA E2C Network + Certification Exam Set 11

Which of the following is a technique used by hackers and pen testers alike to advance from the initially compromised host to

other hosts on the same network?



Options are :

  • d. fuzzing
  • c. APT
  • a. port scanning
  • b. pivoting (Correct)

Answer : b. pivoting

Which of the following testing types would you use if you wanted to spend the least amount of time on the test?



Options are :

  • b. gray box
  • c. white box
  • a. black box (Correct)
  • d. clear box

Answer : a. black box

Recently your users were redirected to a malicious site when their DNS cache was polluted. What type of attack have you suffered?



Options are :

  • d. Dumpster diving
  • b. shoulder surfing
  • c. pharming (Correct)
  • a. phishing

Answer : c. pharming

CompTIA PenTest+ Certified for Cybersecurity Professionals Set 1

Management expresses concerns about using multitenant public cloud solutions to store organizational data. You explain that tenant data in a multitenant solution is quarantined from other tenantsí data using tenant IDs in the data labels. What is this condition referred to?



Options are :

  • d. data isolation (Correct)
  • a. data remnants
  • c. data purging
  • b. data aggregation

Answer : d. data isolation

You have been hired as a security practitioner for an organization. You ask the network administrator for any network diagrams that are available. Which network diagram would give you the most information?



Options are :

  • c. physical network diagram (Correct)
  • d. DMZ diagram
  • b. wireless network diagram
  • a. logical network diagram

Answer : c. physical network diagram

Your company performs a full backup on Mondays and a differential backup on all other days. You need to restore the data

to the state it was in on Thursday. How many backups do you need to restore?



Options are :

  • c. three
  • b. two (Correct)
  • d. four
  • a. one

Answer : b. two

CompTIA JK0-022 Security Cryptography Certification Exam Set 1

You have recently suffered some network attacks and would like to discover what services are available on the computers in your network. Which of the following assessment tools would be most appropriate for this?



Options are :

  • c. password cracker
  • b. protocol analyzer
  • d. fuzzer
  • a. port scanner (Correct)

Answer : a. port scanner

OllyDbg is an example of which tool type?



Options are :

  • b. sniffer
  • c. network enumerator
  • a. fuzzer
  • d. reverse engineering tools (Correct)

Answer : d. reverse engineering tools

WhatsUp Gold is an example of what tool type?



Options are :

  • b. sniffer
  • c. network enumerator (Correct)
  • a. fuzzer
  • d. port scanner

Answer : c. network enumerator

SY0-401 CompTIA Security+ Certification Practice Exam Set 1

A forensic investigator is collecting evidence of a recent attack at your organization. You are helping him preserve the evidence for use in the lawsuit that your company plans to bring against the attackers. Which of the following is not one of the five rules of evidence?



Options are :

  • d. Be convincing.
  • b. Be volatile. (Correct)
  • c. Be admissible.
  • a. Be accurate.

Answer : b. Be volatile.

Your organization does not have an e-discovery process in place. Management has asked you to provide an explanation for why ediscovery is so important. What is the primary reason for this process?



Options are :

  • c. to provide evidence (Correct)
  • d. to provide intrusion prevention
  • b. to provide intrusion detection
  • a. to provide access control

Answer : c. to provide evidence

Recently, sales people within your organization have been having trouble managing customer-related data. Management is concerned that sales figures are being negatively affected as a result of this mismanagement. You have been asked to provide a suggestion to fix this problem. What should you recommend?



Options are :

  • a. Deploy an ERP solution.
  • b. Deploy a CRM solution. (Correct)
  • d. Deploy a CMS solution.
  • c. Deploy a GRC solution.

Answer : b. Deploy a CRM solution.

SY0-401 CompTIA Security+ Certification Practice Exam Set 9

A web application developed by your company was recently compromised and caused the loss of sensitive data. You need a tool that can help identify security holes in the application before it is redeployed. Which tool could you use?



Options are :

  • d. fuzzer (Correct)
  • a. port scanner
  • b. protocol analyzer
  • c. password cracker

Answer : d. fuzzer

You are formulating the data retention policies for your organization. Senior management is concerned that the data storage

capabilities of your organization will be exceeded and has asked you to implement a data retention period of 180 days or less.

Middle management is concerned that data will need to be accessed beyond this time limit and has requested a data retention

period of at least 1 year. In your research, you discover a state regulation that requires a data retention period of 3 years and a

federal law that requires a data retention period of 5 years. Which data retention policy should you implement?



Options are :

  • b. 3 years
  • d. 180 days
  • a. 5 years (Correct)
  • c. 1 year

Answer : a. 5 years

Your organization must comply with several industry and governmental standards to protect private and confidential

information. You must analyze which standards to implement. Which standards should you consider?



Options are :

  • d. de jure standards only
  • b. open standards only
  • a. open standards, de facto standards, and de jure standards (Correct)
  • c. de facto standards only

Answer : a. open standards, de facto standards, and de jure standards

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 24

You need to identify zero-day malware. What technique could be used to help in this process?



Options are :

  • b. deploying an HTTP interceptor
  • a. fuzzing
  • c. malware sandboxing (Correct)
  • d. establishing a social media policy

Answer : c. malware sandboxing

Which of the following is a standard that the security automation community uses to enumerate software flaws and configuration issues?



Options are :

  • b. CANVAS
  • c. SIEM
  • d. OWASP
  • a. SCAP (Correct)

Answer : a. SCAP

Your organization has recently experienced issues with data storage. The servers you currently use do not provide adequate storage. After researching the issues and the options available, you decide that data storage needs for your organization will grow exponentially over the next couple years. However, within three years, data storage needs will return to the current demand level. Management wants to implement a solution that will provide for current and future needs without investing in hardware that will no longer be needed in the future. Which recommendation should you make?



Options are :

  • a. Deploy virtual servers on the existing machines.
  • b. Contract with a public cloud service provider. (Correct)
  • d. Deploy a community cloud service.
  • c. Deploy a private cloud service.

Answer : b. Contract with a public cloud service provider.

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 7

Which of the following entails determining the devices in the network, their connectivity relationships to one another, and the

internal IP addressing scheme in use?



Options are :

  • c. packet capture
  • b. service discovery
  • d. topology discovery (Correct)
  • a. OS fingerprinting

Answer : d. topology discovery

SK0-004 CompTIA Server+ Certification Practice Exam Set 6

How are new technologies submitted for peer review to the IETF and, once approved, published as Internet standards?



Options are :

  • c. as RFPs
  • b. as RFCs (Correct)
  • a. as SLAs
  • d. as SPDs

Answer : b. as RFCs

Which of the following is typically used with big data?



Options are :

  • c. AI
  • d. CERT
  • b. BGP
  • a. Hadoop (Correct)

Answer : a. Hadoop

You have been asked to join the development team at your organization to provide guidance on security controls. During the

first meeting, you discover that the development team does not fully understand the SDLC. During which phase of this life cycle is the system actually deployed?



Options are :

  • a. Acquire/develop
  • b. Implement (Correct)
  • c. Initiate
  • d. Operate/maintain

Answer : b. Implement

CompTIA Network+ (N10-007) : 6 Practice Exams - 2019 Set 8

Your organization has decided to convert two rarely used conference rooms into a secure data center. This new data center

will house all servers and databases. Access to the data center will be controlled using biometrics. CCTV will be deployed to monitor all access to the data center. Which staff members should be involved in the data center design and deployment?



Options are :

  • a. database administrator, network administrator, facilities manager, physical security manager, and management (Correct)
  • b. database administrator, programmer, facilities manager, physical security manager, and management
  • d. database administrator, network administrator, programmer, physical security manager, and management
  • c. database administrator, network administrator, facilities manager, physical security manager, and programmer

Answer : a. database administrator, network administrator, facilities manager, physical security manager, and management

You would like to prevent the corruption of the routing tables in your network. Which of the following would be the best approach?



Options are :

  • d. Disable CDP.
  • c. Implement sandboxing.
  • a. Implement CDP.
  • b. Configure CHAP between routers. (Correct)

Answer : b. Configure CHAP between routers.

Which of the following is not one of the three threat actors listed by the FBI?



Options are :

  • b. state sponsors
  • d. natural disasters (Correct)
  • a. organized crime groups
  • c. terrorist groups

Answer : d. natural disasters

N10-006 CompTIA Network+ Certification Practice Test Set 9

Which of the following is a device-tracking technology?



Options are :

  • b. geotagging
  • d. RFID
  • a. geolocation (Correct)
  • c. geofencing

Answer : a. geolocation

Which IDS type analyzes traffic and compares it to attack or state patterns that reside within the IDS database?



Options are :

  • b. protocol anomaly-based IDS
  • c. rule- or heuristic-based IDS
  • a. signature-based IDS (Correct)
  • d. traffic anomaly-based IDS

Answer : a. signature-based IDS

Which IPv4-to-IPv6 transition mechanism assigns addresses and creates host-to-host tunnels for unicast IPv6 traffic when IPv6

hosts are located behind IPv4 network address translators?



Options are :

  • c. dual stack
  • b. 6to4
  • d. Teredo (Correct)
  • a. GRE tunnels

Answer : d. Teredo

JK0-019 CompTIA E2C Network + Certification Exam Set 2

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions