CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 6

Which of the following enables administrators to set policies that allow employees with corporate-owned or personal mobile devices to safely download an app, typically from an internal store?

Options are :

  • c. container
  • d. plug-in
  • b. application wrapper
  • a. payload

Answer : b. application wrapper

CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 5

Which of the following is the process of using a programming tool to not only identify syntactic problems in code but also discover weaknesses that can lead to memory leaks and buffer overflows?

Options are :

  • d. debugging
  • c. dumping
  • a. fuzzing
  • b. sandboxing

Answer : d. debugging

Which of the following is information on the connection between a mobile device and a radio?

Options are :

  • a. VNC
  • c. PRI
  • d. RCP
  • b. PRL

Answer : c. PRI

Which of the following applies rule sets to an HTTP conversation?

Options are :

  • c. SIEM
  • b. WAF
  • a. HSM
  • d. NIPS

Answer : b. WAF

CompTIA JK0-018 Security+ E2C Certification Practice Exam Set 1

A packet containing a long string of no-operation instructions (NOPs) followed by a command usually indicates what type of


Options are :

  • d. Bluejacking
  • b. CSRF
  • a. XSS
  • c. buffer overflow

Answer : c. buffer overflow

What type of chip makes full drive encryption possible?

Options are :

  • a. out-of-band
  • c. clipper
  • d. sealed
  • b. TPM

Answer : b. TPM

Which of the following is used to control the use of a device and, when applied to a device, makes changes to settings such as the passcode settings?

Options are :

  • d. configuration profile
  • c. plug-in
  • b. container
  • a. payload

Answer : d. configuration profile

CLO-001 CompTIA Cloud Essentials Certification Practice Test Set 1

Which of the following is not a component of 802.1x authentication?

Options are :

  • a. supplicant
  • b. authenticator
  • c. authentication server
  • d. KDC

Answer : d. KDC

Some server products have certain capabilities (such as FTP), but those services may need to be enabled in order to function so that the service is not available to a hacker. What application security principle does this illustrate?

Options are :

  • b. secure by design
  • d. secure by accident
  • c. secure by default
  • a. secure by deployment

Answer : c. secure by default

Which of the following is not a part of hardening an OS?

Options are :

  • d. External storage devices and media should be tightly controlled.
  • c. Unrequired ports should be opened.
  • a. Unnecessary applications should be removed.
  • b. Unnecessary services should be disabled.

Answer : c. Unrequired ports should be opened.

CompTIA Cloud Essentials Cert Exam Prep CL0-002 Set 3

The application development team of your organization has released a new version of an application today. Within hours,several posts regarding a security vulnerability in the application appear on popular hacker forums. Which type of attack does this indicate?

Options are :

  • a. client-side attack
  • b. end-user attack
  • c. advanced persistent threat
  • d. zero-day attack

Answer : d. zero-day attack

CLO-001 CompTIA Cloud Essentials Certification Practice Test Set 8

Your company is examining its password polices and would like to require passwords that include a mixture of upper- and lowercase letters, numbers, and special characters. What type of password does this describe?

Options are :

  • b. combination password
  • c. complex password
  • d. passphrase password
  • a. standard word password

Answer : c. complex password

During a discussion of biometric technologies, one of your coworkers raises a concern that valid users will be falsely rejected

by the system. What type of error is he describing?

Options are :

  • b. FAR
  • d. accuracy
  • a. FRR
  • c. CER

Answer : a. FRR

You would like to prevent users from using a password again when it is time to change their passwords. What policy do you

need to implement?

Options are :

  • a. password life
  • c. password complexity
  • d. authentication period
  • b. password history

Answer : b. password history

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 18

Which of the following combines voice, video, email, instant messaging, personal assistant, and other communication features?

Options are :

  • d. unified communication
  • b. VoIP
  • a. remote access
  • c. telephony

Answer : d. unified communication

Senior management at your organization has implemented a policy which states that best practice documentation must be created for all security personnel. Which of the following is a valid reason for this documentation?

Options are :

  • b. Using this documentation will ensure that the organization will not have any security breaches.
  • a. Using this documentation will ensure that the organization will not have any legal issues due to security.
  • c. Using this documentation will allow security personnel to ensure that they know what to do according to industry standards.
  • d. Using this documentation will ensure that the security personnel are properly trained.

Answer : c. Using this documentation will allow security personnel to ensure that they know what to do according to industry standards.

Which of the following is an example of a crypto processor?

Options are :

  • c. token
  • a. Microsoft CryptoAPI (CAPI)
  • d. CSP
  • b. TPM chip

Answer : b. TPM chip

CompTIA A+ 220 901

What type of traffic is the SIMPLE protocol designed to secure?

Options are :

  • c. video conferencing
  • b. presence
  • d. email
  • a. IM

Answer : b. presence

Which of the following is not an advantage of virtualization?

Options are :

  • c. ability to quickly bring up a replica server in the event of loss of the primary server
  • b. dynamic allocation of memory and CPU resources to the servers
  • a. reduced overall use of power in the data center
  • d. better security

Answer : d. better security

Which of the following utilizes software to perform integration without hardware changes?

Options are :

  • c. sandboxing
  • a. hyperconvergence
  • d. secure enclaves
  • b. convergence

Answer : a. hyperconvergence

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 8

You have recently been hired by a company to analyze its security mechanisms to determine any weaknesses in the current security mechanisms. During this analysis, you detect that an application is using a 3DES implementation that encrypts each block of data three times, each time with a different key. Which 3DES implementation does the application use?

Options are :

  • b. 3DES-EEE3
  • c. 3DES-EDE2
  • a. 3DES-EDE3
  • d. 3DES-EEE2

Answer : b. 3DES-EEE3

The email administrator has suggested that a technique called SPF should be deployed. What issue does this address?

Options are :

  • b. whaling
  • d. captured messages
  • a. spear phishing
  • c. email spoofing

Answer : c. email spoofing

In which cloud service model does the vendor provide the hardware platform or data center, while the company installs and

manages its own operating systems and application systems?

Options are :

  • d. SecaaS
  • c. PaaS
  • a. IaaS
  • b. SaaS

Answer : a. IaaS

CompTIA JK0-022 E2C Security Data & Host Security Exam Set 4

Your organization is planning the deployment of a VoIP phone system. During the risk analysis, which of the following is not a

valid consideration?

Options are :

  • d. increased threat of DoS attacks
  • b. increased threat of theft of service
  • a. increased threat of snooping in VoIP
  • c. access through unsecured maintenance ports on the PBX

Answer : c. access through unsecured maintenance ports on the PBX

Which organization issues RFCs?

Options are :

  • c. ISO
  • a. IETF
  • b. IEEE
  • d. IEC

Answer : a. IETF

Your users use a VPN connection to connect to the office for web conferences. Several users have complained about poor

performance during the meetings. Which of the following actions could help improve the performance of the video conference for all participants without reducing security?

Options are :

  • d. Change the hashing algorithm to SHA-1.
  • a. Change the encryption used from AES to DES.
  • c. Enable read/write desktop mode.
  • b. Disable split tunneling.

Answer : b. Disable split tunneling.

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 10

Which of the following is not a biometric system based on behavioral characteristics?

Options are :

  • d. vascular scan
  • c. voice pattern or print
  • a. signature dynamics
  • b. keystroke dynamics

Answer : d. vascular scan

In which attack does the attacker leave the VM’s normally isolated state and interact directly with the hypervisor?

Options are :

  • d. CSRF
  • a. VMEscape
  • c. XSS
  • b. cross violation

Answer : a. VMEscape

Users on your organization’s network need to be able to access several confidential files located on a file server. Currently, the

files are encrypted. Recently, it was discovered that attackers were able to change the contents of the file. You need to use a hash function to calculate the hash values of the correct files. Which of the following should you not use?

Options are :

  • a. ECC
  • c. SHA-2
  • d. RIPEMD-160
  • b. MD6

Answer : a. ECC

CompTIA JK0-801 A+ Certification Practical Exam Set 3

Your organization just deployed an enterprise instant messaging solution. The CIO is concerned about the transfer of worms,

Trojans, and other malware through the IM connections. Which of the following would not be a measure that could help mitigate the introduction of malware through the IM system?

Options are :

  • c. Install an anti-malware product that can plug into the IM client.
  • d. Train users in the dangers of using IM.
  • a. Disable the ability to transfer files through the system.
  • b. Purchase a product that performs encryption.

Answer : b. Purchase a product that performs encryption.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions