CompTIA Advanced Security Practitioner(CASP+) Practice Exams Set 4

In what type of web attack does the website think that a request came from the userís browser and was made by the user himself, when actually the request was planted in the userís browser?



Options are :

  • d. click-jacking
  • a. insecure direct object references
  • c. CSRF (Correct)
  • b. XSS

Answer : c. CSRF

Which of the following is used to provision certificates to network devices, including mobile devices?



Options are :

  • c. COPE
  • b. BYOD
  • d. OSCP
  • a. SCEP (Correct)

Answer : a. SCEP

A hacker gains access to your organizationís network. During this attack, he is able to change some data and access some design plans that are protected by a U.S. patent. Which security tenets have been violated?



Options are :

  • d. confidentiality, integrity, and availability
  • b. confidentiality and integrity (Correct)
  • a. confidentiality and availability
  • c. integrity and availability

Answer : b. confidentiality and integrity

JK0-802 CompTIA A+ Certification Exam Set 6

What design measure is the solution to most XSS and CSRF attacks?



Options are :

  • a. iptables
  • d. ACLs
  • c. tripwire
  • b. input validation (Correct)

Answer : b. input validation

The following is what type of attack?

#include

char *code = "AAAABBBBCCCCDDD"; //including the character '\0'

size = 16 bytes

void main()

{char buf[8];

strcpy(buf,code);


Options are :

  • b. CSRF
  • d. buffer overflow (Correct)
  • c. SQL injection
  • a. XSS

Answer : d. buffer overflow

Which of the following refers to responsibilities that an organization has due to partnerships with other organizations and

customers?



Options are :

  • c. due diligence
  • a. due process
  • b. downstream liability (Correct)
  • d. indirect costs

Answer : b. downstream liability

SY0-401 CompTIA Security+ Certification Practice Exam Set 8

You are the security analyst for your enterprise. You have been asked to make several security controls easier to implement and manage. Which attribute will you be addressing?



Options are :

  • b. availability
  • a. maintainability
  • c. usability (Correct)
  • d. recoverability

Answer : c. usability

Your organization has recently undergone major restructuring. During this time, a new chief security officer (CSO) was hired. He has asked you to make recommendations for the implementation of organizational security policies. Which of the following should you not recommend?



Options are :

  • c. All high-level transactions should require a minimum of two personnel to complete.
  • d. The principle of least privilege should be implemented only for all high-level positions. (Correct)
  • b. All personnel should be cross-trained and should rotate to multiple positions throughout the year.
  • a. All personnel are required to use their vacation time.

Answer : d. The principle of least privilege should be implemented only for all high-level positions.

Recently someone stole data from your network, and that data should have been encrypted, but itís too late to figure out whether it was. What tool could you use to determine if certain types of traffic on your network are encrypted?



Options are :

  • d. fuzzer
  • c. password cracker
  • a. port scanner
  • b. protocol analyzer (Correct)

Answer : b. protocol analyzer

SK0-004 CompTIA Server+ Certification Practice Exam Set 9

Which of the following applies rule sets to an HTTP conversation?



Options are :

  • a. HSM
  • b. WAF (Correct)
  • d. NIPS
  • c. SIEM

Answer : b. WAF

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions