CompTIA Advanced Security Practitioner(CASP+) Practice Exams Set 4

In what type of web attack does the website think that a request came from the user’s browser and was made by the user himself, when actually the request was planted in the user’s browser?



Options are :

  • d. click-jacking
  • a. insecure direct object references
  • c. CSRF
  • b. XSS

Answer : c. CSRF

Which of the following is used to provision certificates to network devices, including mobile devices?



Options are :

  • c. COPE
  • b. BYOD
  • d. OSCP
  • a. SCEP

Answer : a. SCEP

A hacker gains access to your organization’s network. During this attack, he is able to change some data and access some design plans that are protected by a U.S. patent. Which security tenets have been violated?



Options are :

  • d. confidentiality, integrity, and availability
  • b. confidentiality and integrity
  • a. confidentiality and availability
  • c. integrity and availability

Answer : b. confidentiality and integrity

CompTIA CySA+ Set 10

What design measure is the solution to most XSS and CSRF attacks?



Options are :

  • a. iptables
  • d. ACLs
  • c. tripwire
  • b. input validation

Answer : b. input validation

The following is what type of attack?

#include

char *code = "AAAABBBBCCCCDDD"; //including the character '\0'

size = 16 bytes

void main()

{char buf[8];

strcpy(buf,code);


Options are :

  • b. CSRF
  • d. buffer overflow
  • c. SQL injection
  • a. XSS

Answer : d. buffer overflow

Which of the following refers to responsibilities that an organization has due to partnerships with other organizations and

customers?



Options are :

  • c. due diligence
  • a. due process
  • b. downstream liability
  • d. indirect costs

Answer : b. downstream liability

CompTIA JK0-801 A+ Certification Practical Exam Set 3

You are the security analyst for your enterprise. You have been asked to make several security controls easier to implement and manage. Which attribute will you be addressing?



Options are :

  • b. availability
  • a. maintainability
  • c. usability
  • d. recoverability

Answer : c. usability

Your organization has recently undergone major restructuring. During this time, a new chief security officer (CSO) was hired. He has asked you to make recommendations for the implementation of organizational security policies. Which of the following should you not recommend?



Options are :

  • c. All high-level transactions should require a minimum of two personnel to complete.
  • d. The principle of least privilege should be implemented only for all high-level positions.
  • b. All personnel should be cross-trained and should rotate to multiple positions throughout the year.
  • a. All personnel are required to use their vacation time.

Answer : d. The principle of least privilege should be implemented only for all high-level positions.

Recently someone stole data from your network, and that data should have been encrypted, but it’s too late to figure out whether it was. What tool could you use to determine if certain types of traffic on your network are encrypted?



Options are :

  • d. fuzzer
  • c. password cracker
  • a. port scanner
  • b. protocol analyzer

Answer : b. protocol analyzer

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 27

Which of the following applies rule sets to an HTTP conversation?



Options are :

  • a. HSM
  • b. WAF
  • d. NIPS
  • c. SIEM

Answer : b. WAF

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions