1. CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 4

CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 4

You have been hired as a security analyst for your organization. As you begin your job, you are asked to identify new

administrative controls that should be implemented by your organization. Which of the following controls should you list?

(Choose all that apply.)



Options are :

  • c. data backups
  • d. auditing
  • a. departmental security policies (Correct)
  • b. security awareness training (Correct)

Answer : a. departmental security policies b. security awareness training

Your organization must comply with several industry and governmental standards to protect private and confidential

information. You must analyze which standards to implement. Which standards should you consider?



Options are :

  • a. open standards, de facto standards, and de jure standards (Correct)
  • b. open standards only
  • d. de jure standards only
  • c. de facto standards only

Answer : a. open standards, de facto standards, and de jure standards

Your company is merging with a larger organization. Which of the following is not a responsibility of the due diligence team?



Options are :

  • d. Prioritize processes and identify those that require immediate attention.
  • c. Define a plan to set and measure security controls at every step of the process.
  • b. Ensure that auditors and the compliance team are using different frameworks. (Correct)
  • a. Create a risk profile for all identified risks involved in moving data.

Answer : b. Ensure that auditors and the compliance team are using different frameworks.

SY0-401 CompTIA Security+ Certification Practice Exam Set 7

Your company has recently decided to switch Internet service providers. The new provider has provided a document that lists all the guaranteed performance levels of the new connection. Which document contains this information?



Options are :

  • a. SLA (Correct)
  • d. IA
  • c. MOU
  • b. ISA

Answer : a. SLA

Which statement is not true regarding an organization’s database administrator?



Options are :

  • c. Database administrators should implement encryption to protect information in cells, tables, and entire databases.
  • a. Database administrators should grant permissions based on user roles. (Correct)
  • b. Database administrators use database views to limit the information to which users have access.
  • d. Database administrators should use auditing so that users’ actions are recorded.

Answer : a. Database administrators should grant permissions based on user roles.

What design measure is the solution to most XSS and CSRF attacks?



Options are :

  • a. iptables
  • b. input validation (Correct)
  • d. ACLs
  • c. tripwire

Answer : b. input validation

CompTIA JK0-022 Security Cryptography Certification Exam Set 5

As part of a new security initiative, you have been asked to provide data classifications for all organizational data that is stored

on servers. As part of your research, you must interview the data owners. Which staff are most likely to be considered data owners?



Options are :

  • c. CIO and CSO
  • d. physical security manager and business unit managers
  • a. business unit managers and CEO
  • b. business unit managers and CIO (Correct)

Answer : b. business unit managers and CIO

Your organization has experienced several security issues in the past year, and management has adopted a plan to periodically assess its information security awareness. You have been asked to lead this program. Which program are you leading?



Options are :

  • a. security training
  • c. risk mitigation
  • b. continuous monitoring (Correct)
  • d. threat identification

Answer : b. continuous monitoring

You are working with a project team to deploy several new firewalls. The initiation stage is complete, and now the team is

engaged in the acquisition stage. Which step should the team complete as part of this stage?



Options are :

  • c. Design the security architecture. (Correct)
  • b. Test the routers for security resiliency.
  • a. Provide security categories for the new routers.
  • d. Update the routers with the latest updates from the vendor.

Answer : c. Design the security architecture.

JK0-802 CompTIA A+ Certification Exam Set 2

Your company has decided to deploy network access control (NAC) on the enterprise to ensure that all devices comply with

corporate security policies. Which of the following should be done first?



Options are :

  • b. Develop the procedures for NAC.
  • c. Develop the policy for NAC. (Correct)
  • d. Implement NAC.
  • a. Develop the process for NAC.

Answer : c. Develop the policy for NAC.

Which statement is not true regarding an organization’s sales staff?



Options are :

  • a. The sales staff is rarely concerned with organizational security.
  • c. The sales staff will often use publicly available Internet connections.
  • b. The sales staff has unique security issues.
  • d. The sales staff’s devices are rarely targets of attackers. (Correct)

Answer : d. The sales staff’s devices are rarely targets of attackers.

Which of the following statements regarding the security requirements and responsibilities for personnel is true?



Options are :

  • c. All personnel within an organization have some level of security requirements and responsibilities. (Correct)
  • b. Although executive management is responsible for leading any security initiative, executive management is exempt from most of the security requirements and responsibilities.
  • d. Only the physical security manager should be concerned with the organization’s physical security.
  • a. Only management and senior staff have security requirements and responsibilities.

Answer : c. All personnel within an organization have some level of security requirements and responsibilities.

FC0-U41 CompTIA Strata IT Fundamentals Practice Exam Set 9

You have been hired as a security analyst for your organization. As you begin your job, you are asked to identify new physical

controls that should be implemented by your organization. Which of the following controls should you list?


Options are :

  • a. separation of duties
  • b. encryption
  • c. biometrics amd guards (Correct)

Answer : c. biometrics amd guards

What documents the security requirements that a new asset must meet?



Options are :

  • d. RFID
  • b. SRTM (Correct)
  • c. SSDLC
  • a. SDLC

Answer : b. SRTM

Which of the following is a standard that the security automation community uses to enumerate software flaws and configuration issues?



Options are :

  • c. SIEM
  • b. CANVAS
  • d. OWASP
  • a. SCAP (Correct)

Answer : a. SCAP

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 13

You implemented a procedure whereby a testing team was provided with limited knowledge of the network systems and

devices and could use publicly available information. The organization’s security team was NOT informed that an attack was coming. What type of test have you implemented?



Options are :

  • a. double-blind test (Correct)
  • b. target test
  • d. blind test
  • c. full-knowledge test

Answer : a. double-blind test

Which technology uses chips and receivers to manage inventory?


Options are :

  • d. RFID (Correct)
  • a. geolocation
  • b. geotagging
  • c. SRTM

Answer : d. RFID

You have been hired as a security analyst for your organization. As you begin your job, you are asked to identify new technical

controls that should be implemented by your organization. Which of the following controls should you list? (Choose all that apply.)



Options are :

  • a. personnel procedures
  • d. badges
  • c. firewalls (Correct)
  • b. authentication (Correct)

Answer : c. firewalls b. authentication

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 3

You have been asked to document the different threats to an internal file server. As part of that documentation, you need to

include the monetary impact of each threat occurrence. What should you do?



Options are :

  • a. Determine the ARO for each threat occurrence.
  • c. Determine the EF for each threat occurrence.
  • d. Determine the SLE for each threat occurrence. (Correct)
  • b. Determine the ALE for each threat occurrence.

Answer : d. Determine the SLE for each threat occurrence.

Which SCAP component contains methods for describing and classifying operating systems?



Options are :

  • b. CPE (Correct)
  • c. CWE
  • d. CVE
  • a. CCE

Answer : b. CPE

A development team has recently completed the deployment of a new learning management system (LMS) that will replace the current legacy system. The team successfully deploys the new LMS, and it is fully functional. Users are satisfied with the new system. What stage of the SDLC should you implement for the old system?



Options are :

  • a. Dispose (Correct)
  • c. Initiate
  • d. Acquire/develop
  • b. Operate/maintain

Answer : a. Dispose

CompTIA Security+ SY0-501 Questions & Answers Set 2

You have been hired as a security analyst for your company. Recently, several assets have been marked to be removed from the enterprise. You need to document the steps that should be taken in relation to security. Which of the following guidelines should be implemented?



Options are :

  • b. Deploy the most recent updates for the asset.
  • c. Back up all the data on the asset and ensure that the data is completely removed. (Correct)
  • d. Shred all the hard drives in the asset.
  • a. Deploy the appropriate security controls on the asset.

Answer : c. Back up all the data on the asset and ensure that the data is completely removed.

Management expresses concerns about using multitenant public cloud solutions to store organizational data. You explain that tenant data in a multitenant solution is quarantined from other tenants’ data, using tenant IDs in the data labels. What is the term for this process?



Options are :

  • a. data remnants
  • b. data aggregation
  • c. data purging
  • d. data isolation (Correct)

Answer : d. data isolation

During the design of a new data center, several questions arise as to the use of raised flooring and dropped ceiling that are part of the blueprint. Which personnel are most likely to provide valuable information in this area?



Options are :

  • b. database administrator and physical security manager
  • d. emergency response team and facilities manager
  • e. legal counsel and facilities manager
  • c. facilities manager and physical security manager (Correct)
  • a. database administrator and facilities manager

Answer : c. facilities manager and physical security manager

CompTIA Cloud Essentials Cert Exam Prep CL0-002 Set 3

Your organization has decided to formally adopt a change management process, and you have been asked to design the

process. Which of the following guidelines should be part of this new process?



Options are :

  • c. Change steps should be developed only for complicated changes.
  • a. Only critical changes should be fully analyzed.
  • b. After formal approval, all costs and effects of implementation should be reviewed.
  • d. All changes should be formally requested. (Correct)

Answer : d. All changes should be formally requested.

You have been asked to participate in the deployment of a new firewall. The project has just started and is still in the initiation

stage. Which step should be completed as part of this stage?



Options are :

  • d. Assess the business impact of the system. (Correct)
  • a. Develop security controls.
  • b. Assess the system security.
  • c. Ensure information preservation.

Answer : d. Assess the business impact of the system.

Which of the following is a social engineering attack that involves sending a mass email that appears to come from a trusted party, such as the recipient’s bank?



Options are :

  • d. shoulder surfing
  • c. tailgating
  • b. phishing
  • a. SYN flood (Correct)

Answer : a. SYN flood

SY0-401 CompTIA Security+ Certification Practice Exam Set 7

Which of the following outline goals but do not give any specific ways to accomplish the stated goals?



Options are :

  • c. policies (Correct)
  • d. standards
  • b. procedures
  • a. rules

Answer : c. policies

Which of the following is a uniquely identifiable subset of the system that represents the smallest portion to be subject to an

independent configuration control procedure?



Options are :

  • b. AV
  • d. CC
  • c. CU
  • a. CI (Correct)

Answer : a. CI

During the design of a new application, the programmers need to determine the performance and security impact of the new

application on the enterprise. Who should collaborate with the programmers to determine this information?



Options are :

  • b. network administrator (Correct)
  • d. physical security manager
  • c. executive management
  • a. database administrator

Answer : b. network administrator

HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 4

Recommended Readings

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions