CompTIA CA1-001 Advanced Security Practitioner Practice Exam Set 5

Which of the following governing factors should be considered to derive an overall likelihood rating that is used to specify the probability that a potential vulnerability may be exercised within the construct of the associated threat environment? Each correct answer represents a complete solution. Choose three.


Options are :

  • Threat-source motivation and capability
  • Existence and effectiveness of current controls
  • Detect a problem and determine its cause
  • Nature of the vulnerability

Answer :Threat-source motivation and capability Existence and effectiveness of current controls Nature of the vulnerability

Mark works as a Network Security Administrator for uCertify Inc. Mark has been assigned to a task to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Mark successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access. How was security compromised and how did the firewall respond?


Options are :

  • Security was compromised as keylogger is invisible for firewall.
  • The attack was social engineering and the firewall did not detect it.
  • The attack was Cross Site Scripting and the firewall blocked it.
  • Security was not compromised as the webpage was hosted internally.

Answer :The attack was social engineering and the firewall did not detect it.

Which of the following counters measures the rate at which the bytes are sent through or received by a network?


Options are :

  • Network Interface: Bytes/sec
  • Network Interface: Bytes Sent/sec
  • Network Interface: Bytes Received/sec
  • Network Interface: Output Queue Length

Answer :Network Interface: Bytes/sec

CompTIA 220-801 A+ Advanced Certification Practice Exam Set 2

Which of the following department in an organization is responsible for documenting and the controlling the incoming and outgoing cash flows as well as the actual handling of the cash flows?


Options are :

  • Stakeholder
  • Management
  • Financial
  • Human Resource

Answer :Financial

Which of the following statements are true about Mean Time to Repair (MTTR)? Each correct answer represents a complete solution. Choose three.


Options are :

  • It is the average time taken to repair a Configuration Item or IT Service after a failure.
  • It is the total corrective maintenance time divided by the total number of corrective maintenance actions during a given period of time.
  • It represents the average time required to repair a failed component or device.
  • It includes lead time for parts not readily available or other Administrative or Logistic Downtime (ALDT).

Answer :It is the average time taken to repair a Configuration Item or IT Service after a failure. It is the total corrective maintenance time divided by the total number of corrective maintenance actions during a given period of time. It represents the average time required to repair a failed component or device.

Which of the following protocols encrypt the segments of network connections at the Transport Layer end-to-end? Each correct answer represents a complete solution. Choose two


Options are :

  • SNMP
  • SSL
  • TLS
  • HTTPS

Answer :SSL TLS

CD0-001 CDIA+ Certification Practice Exam Set 3

Which of the following are examples of privilege escalation? Each correct answer represents a complete solution. Choose two.


Options are :

  • John logs in as a standard user but uses a flaw in the system to get admin privilege
  • Fred uses Ophcrack to get a Windows XP password
  • John uses SQL commands to login to a website he does not have authorization to
  • Juan logs in with his account, then takes over Anita's privileges

Answer :John logs in as a standard user but uses a flaw in the system to get admin privilege Juan logs in with his account, then takes over Anita's privileges

CompTIA JK0-022 Security Cryptography Certification Exam Set 3

which of the following is the randomness collected by an operating system or application for use in cryptography or other uses that require random data?


Options are :

  • Confusion
  • Digital signature
  • Diffusion
  • Entrop

Answer :Entrop

Which of the following statements are true about Fibre Channel over Ethernet (FCoE)? Each correct answer represents a complete solution. Choose three.


Options are :

  • It replaces the FCO and FC1 layers of the Fibre Channel stack with Ethernet.
  • It maps Fibre Channel over selected half duplex IEEE 802.3.
  • It allows Fibre Channel to use 10 Gigabit Ethernet networks while preserving the Fibre Channel protocol.
  • It is an encapsulation of Fibre Channel frames over Ethernet networks

Answer :It replaces the FCO and FC1 layers of the Fibre Channel stack with Ethernet. It allows Fibre Channel to use 10 Gigabit Ethernet networks while preserving the Fibre Channel protocol. It is an encapsulation of Fibre Channel frames over Ethernet networks

Which of the following statements are true about prototypes? Each correct answer represents a complete solution. Choose three.


Options are :

  • It reduces initial project risks within a business organization
  • It helps verify some of the application requirements that are not dearly defined by a user.
  • It confirms technology recommendations for an application.
  • It reduces the closeness between what a developer has defined for application architecture and what business management has understood.

Answer :It reduces initial project risks within a business organization It helps verify some of the application requirements that are not dearly defined by a user. It confirms technology recommendations for an application.

CompTIA CySA+ (CS0-001) 5 Practice Certification Exams Set 5

An organization s network uses public keys for message encryption. Which of the following manages security credentials in the network and issues certificates to confirm the identity and other attributes of a certificate in relation to other entities?


Options are :

  • Online Certificate Status Protocol
  • Certificate Revocation List
  • Public Key Infrastructure
  • Certificate Authority

Answer :Certificate Authority

Allen is using a security feature that ensures that if hackers want to compromise a private key, they will only be able to access data in transit protected by that key and not any future data because future data will not be associated with that compromised key? Which security feature is he using?


Options are :

  • PFS
  • SPKI
  • PGP
  • IPSec

Answer :PFS

You work as a System Administrator for uCertify Inc. The company has a Windows-based network. A user requests you to provide him instructions regarding the installation of application software’s on his computer. You want to show the user how to perform the configuration by taking control of his desktop. Which of the following tools will you use to accomplish the task?


Options are :

  • Computer Management
  • Remote desktop
  • Task Manager
  • Remote Assistance

Answer :Remote Assistance

CompTIA N10-004 Network+ Certification Practice Test Set 5

Which of the following helps an employee to access his corporation's network while traveling?


Options are :

  • Remote Assistance
  • Computer management
  • Task Manager
  • Remote access

Answer :Remote access

Which of the following is a set of interactive telecommunication technologies which allow two or more locations to interact via two-way video and audio transmissions simultaneously?


Options are :

  • Electronic mail
  • Audio conferencing
  • Video conferencing
  • Instant messaging

Answer :Video conferencing

___________is defined as maintaining ongoing awareness of information


Options are :

  • Continuous Monitoring
  • Security Awareness
  • Intrusion detection
  • Vulnerability assessment

Answer :Continuous Monitoring

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 8

What is the goal of a black-box penetration testing?


Options are :

  • To simulate an external hacking or cyber warfare attack
  • To simulate an attacker who has some knowledge of the organization and its infrastructure
  • To simulate a user to include customizable scripts, additional tools and configurable kernels in personalized distributions
  • To simulate a malicious insider who has some knowledge and possibly basic credentials to the target system

Answer :To simulate an external hacking or cyber warfare attack

Which of the following standard organizations promulgates worldwide proprietary industrial and commercial standards?


Options are :

  • IEEE
  • W3C
  • ISO
  • ANSI

Answer :ISO

Risk assessment helps in determining the extent of potential threats and risks associated with an IT system throughout its SDLC. Which of the following steps covered by the risk assessment methodology? Each correct answer represents a complete solution. Choose three.


Options are :

  • System Characterization
  • Threat Identification
  • Vulnerability Identification
  • Cost Analysis

Answer :System Characterization Threat Identification Vulnerability Identification

CompTIA 220-801 A+ Advanced Certification Practice Exam Set 7

Which of the following are the purposes of the Cost-benefit analysis process? Each correct answer represents a complete solution. Choose two.


Options are :

  • To describe the future value on the investment of the project
  • To determine if an investment is sound
  • To support benefit management, measurement, and reporting
  • To see how it compares with alternate projects

Answer :To determine if an investment is sound To see how it compares with alternate projects

Mark works as a Human Resource Manager for uCertify Inc. He is responsible to hiring some new employees for the company and improving the organization's overall security by turning employees among numerous job positions. What will Mark do to accomplish the task?


Options are :

  • Job responsibility
  • Mandatory Vacations
  • Separation of duties
  • Job rotation

Answer :Job rotation

Mark works as a Network Security Administrator for uCertify Inc. The organization is using an intranet to distribute information to its employees. A database residing on the network contains employees' information, such as employee name, designation, department, phone extension, date of birth, date of joining, etc. He is concerned about the security because the database has all information about employees, which can help an unauthorized person to recognize an individual. Which Personally Identifiable Information should be removed from the database so that the unauthorized person cannot identify an individual?


Options are :

  • Date of joining
  • Employee name
  • Employee code
  • Date of birth

Answer :Date of birth

CompTIA JK0-801 A+ Certification Part – 2 Practice Exam Set 5

Which of the following statements best describe the advantages of Simple Object Access Protocol (SOAP): Each correct answer represents a complete solution. Choose three.


Options are :

  • It is simple and extensible.
  • It is language and platform dependent.
  • It allows easier communication through proxies and firewalls than previous remote execution technology.
  • It is versatile enough to allow for the use of different transport protocols.

Answer :It is simple and extensible. It allows easier communication through proxies and firewalls than previous remote execution technology. It is versatile enough to allow for the use of different transport protocols.

Allen is a network administrator for a hosting company. Multiple different companies store data on the same server. Which of the following is the best method to reduce security issues from co-mingling?


Options are :

  • Install each data set on a separate VM
  • Install each data set on a separate drive
  • Install each data set on a separate partition
  • Install each data set on the same drive, but use EFS to encrypt each data set separately.

Answer :Install each data set on a separate VM

Which of the following is the process of salvaging data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally?


Options are :

  • Virtual backup appliance
  • Data recovery
  • File carving
  • Backup

Answer :Data recovery

220-701 A+ Essentials Certification Practice Exam Set 5

Which of the following federal regulations requires federal agencies to be able to monitor activity in a "meaningful and actionable way"?


Options are :

  • Sarbanes-Oxley
  • FISMA
  • HIPAA
  • CAN SPAM

Answer :FISMA

Which of the following is a log that contains records of login/logout activity or other security-related events specified by the systems audit policy?


Options are :

  • Object Manager
  • Logon event
  • Process tracking
  • Security Log

Answer :Security Log

Which of the following is an approximate of the average or mean time until a component's first failure or disruption in the operation of the product, process, procedure, or design takes place?


Options are :

  • MTF
  • MTBF
  • MSDS
  • HMA

Answer :MTF

FC0-U51 CompTIA IT Fundamentals Certification Exam Set 1

Which of the following is a written document and is used in those cases where parties do not imply a legal commitment or in those situations where the parties are unable to create a legally enforceable agreement?


Options are :

  • Memorandum of understanding (MOU)
  • Patent law
  • Memorandum of agreement (MOA)
  • Certification and Accreditation (COA or CnA)

Answer :Memorandum of understanding (MOU)

Which of the following security measures would be most effective against a memory exhaustion DoS attack?


Options are :

  • Secure programming
  • Checking user inputs
  • Truncating buffers
  • SPI Firewall

Answer :Secure programming

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions