CompTIA CAS-002 Advanced Security Practitioner Certify Exam Set 3

A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system compromise from malware. Currently, the company projects a total cost of $50,000 for the next three years responding to and eradicating workstation malware. The Information Security Officer (ISO) has received three quotes from different companies that provide HIPS. The first quote requires a $20,000 one-time fee, annual cost of $6 per workstation, and a 10% annual support fee based on the number of workstations. The second quote requires a $25,000 one-time fee, an annual cost of $5 per workstation, and a 12% annual fee based on the number of workstations. The third quote has no one-time fee, an annual cost of $8 per workstation, and a 15% annual fee based on the number of workstations. Which solution should the company select if the contract is only valid for three years?


Options are :

  • Accept the risk
  • Second quote
  • Third quote
  • First quote

Answer :Second quote

A large company is preparing to merge with a smaller company. The smaller company has been very profitable, but the smaller company?s main applications were created in-house. Which of the following actions should the large company?s security administrator take in preparation for the merger?


Options are :

  • A security assessment should be performed to establish the risks of integration or co-existence.
  • An ROI calculation should be performed to determine which company's application should be used.
  • A regression test should be performed on the in-house software to determine security risks associated with the software.
  • A review of the mitigations implemented from the most recent audit findings of the smaller company should be performed.

Answer :A security assessment should be performed to establish the risks of integration or co-existence.

Two universities are making their 802.11n wireless networks available to the other university?s students. The infrastructure will pass the student?s credentials back to the home school for authentication via the Internet. The requirements are: Mutual authentication of clients and authentication server The design should not limit connection speeds Authentication must be delegated to the home school No passwords should be sent unencrypted The following design was implemented: WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be used to forward authentication requests to the home school The RADIUS servers will have certificates from a common public certificate authority A strong shared secret will be used for RADIUS server authentication Which of the following security considerations should be added to the design?


Options are :

  • The transport layer between the RADIUS servers should be secured
  • WPA Enterprise should be used to decrease the network overhead
  • Students should be given certificates to use for authentication to the network
  • The RADIUS servers should have local accounts for the visiting students

Answer :The transport layer between the RADIUS servers should be secured

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 15

A company has decided to change its current business direction and refocus on core business. Consequently, several company sub-businesses are in the process of being sold-off. A security consultant has been engaged to advise on residual information security concerns with a de-merger. From a high-level perspective, which of the following BEST provides the procedure that the consultant should follow?


Options are :

  • Duplicate security-based assets should be sold off for commercial gain to ensure that the security posture of the company does not decline.
  • Perform a penetration test for the current state of the company. Perform another penetration test after the de-merger. Identify the gaps between the two tests.
  • Identify the current state from a security viewpoint. Based on the demerger, assess what the security gaps will be from a physical, technical, DR, and policy/awareness perspective.
  • Explain that security consultants are not trained to offer advice on company acquisitions or demergers. This needs to be handled by legal representatives well versed in corporate law.

Answer :Identify the current state from a security viewpoint. Based on the demerger, assess what the security gaps will be from a physical, technical, DR, and policy/awareness perspective.

Company ABC is hiring customer service representatives from Company XYZ. The representatives reside at Company XYZ?s headquarters. Which of the following BEST prevents Company XYZ representatives from gaining access to unauthorized Company ABC systems?


Options are :

  • Require a site-to-site VPN for intercompany communications
  • Require each Company XYZ employee to use an IPSec connection to the required systems
  • Require Company ABC employees to use two-factor authentication on the required systems
  • Require Company XYZ employees to establish an encrypted VDI session to the required systems

Answer :Require Company XYZ employees to establish an encrypted VDI session to the required systems

A security administrator is performing VDI traffic data collection on a virtual server which migrates from one host to another. While reviewing the data collected by the protocol analyzer, the security administrator notices that sensitive data is present in the packet capture. Which of the following should the security administrator recommend to ensure the confidentiality of sensitive information during live VM migration, while minimizing latency issues?


Options are :

  • Sensitive data should be stored on a backend SAN which uses an isolated fiber channel network.
  • A separate physical interface placed on a private VLAN should be configured for live host operations.
  • Database record encryption should be used when storing sensitive information on virtual servers.
  • Full disk encryption should be enabled across the enterprise to ensure the confidentiality of sensitive data.

Answer :A separate physical interface placed on a private VLAN should be configured for live host operations.

SY0-401 CompTIA Security+ Certification Practice Exam Set 6

An internal development team has migrated away from Waterfall development to use Agile development. Overall, this has been viewed as a successful initiative by the stakeholders as it has improved time-to-market. However, some staff within the security team have contended that Agile development is not secure. Which of the following is the MOST accurate statement?


Options are :

  • Agile and Waterfall approaches have the same effective level of security posture. They both need similar amounts of security effort at the same phases of development.
  • Agile development has different phases and timings compared to Waterfall. Security activities need to be adapted and performed within relevant Agile phases.
  • Agile development is fundamentally less secure than Waterfall due to the lack of formal up-front design and inability to perform security reviews.
  • Agile development is more secure than Waterfall as it is a more modern methodology which has the advantage of having been able to incorporate security best practices of recent years.

Answer :Agile development has different phases and timings compared to Waterfall. Security activities need to be adapted and performed within relevant Agile phases.

An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the-middle attack. Which of the following controls should be implemented to mitigate the attack in the future?


Options are :

  • Use PAP for secondary authentication on each RADIUS server
  • Enforce TLS connections between RADIUS servers
  • Use a shared secret for each pair of RADIUS servers
  • Disable unused EAP methods on each RADIUS server

Answer :Enforce TLS connections between RADIUS servers

An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO).


Options are :

  • /etc/security
  • /etc/shadow
  • /etc/passwd
  • /etc/password
  • /sbin/logon

Answer :/etc/shadow /etc/passwd

Comptia Linux+ LX0-103 Certification Exam Practice Test Set 6

Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software from running on mobile devices?


Options are :

  • Identity propagation
  • Secure code review
  • Remote attestation
  • Single sign-on

Answer :Remote attestation

An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management software application. The assessor submitted the report to senior management but nothing has happened. Which of the following would be a logical next step?


Options are :

  • Craft an RFP to begin finding a new human resource application.
  • Include specific case studies from other organizations in an updated report.
  • Meet the two key VPs and request a signature on the original assessment.
  • Include specific case studies from other organizations in an updated report.

Answer :Include specific case studies from other organizations in an updated report.

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 1

A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concerned about the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of using presence technology?


Options are :

  • Physical security
  • Industrial espionage
  • Network reconnaissance
  • Insider threat

Answer :Physical security

A finance manager says that the company needs to ensure that the new system can "replay" data, up to the minute, for every exchange being tracked by the investment departments. The finance manager also states that the company?s transactions need to be tracked against this data for a period of five years for compliance. How would a security engineer BEST interpret the finance manager?s needs?


Options are :

  • Acceptance testing
  • Data elements
  • Data storage
  • User requirements
  • Compliance standards

Answer :User requirements

An educational institution would like to make computer labs available to remote students. The labs are used for various IT networking, security, and programming courses. The requirements are: Each lab must be on a separate network segment. Labs must have access to the Internet, but not other lab networks. Student devices must have network access, not simple access to hosts on the lab networks. Students must have a private certificate installed before gaining access. Servers must have a private certificate installed locally to provide assurance to the students. All students must use the same VPN connection profile. Which of the following components should be used to achieve the design in conjunction with directory services?


Options are :

  • L2TP VPN over TLS for remote connectivity, SAML for federated authentication, firewalls between each lab segment
  • PSec VPN with mutual authentication for remote connectivity, RADIUS for authentication, ACLs on network equipment
  • Cloud service remote access tool for remote connectivity, OAuth for authentication, ACL on routing equipment
  • SSL VPN for remote connectivity, directory services groups for each lab group, ACLs on routing equipment

Answer :PSec VPN with mutual authentication for remote connectivity, RADIUS for authentication, ACLs on network equipment

CompTIA JK0-801 A+ Certification Practical Exam Set 2

In an effort to minimize costs, the management of a small candy company wishes to explore a cloud service option for the development of its online applications. The company does not wish to invest heavily in IT infrastructure. Which of the following solutions should be recommended?


Options are :

  • A public SaaS
  • A public IaaS
  • A public PaaS
  • A private SaaS

Answer :A public PaaS

An IT manager is working with a project manager from another subsidiary of the same multinational organization. The project manager is responsible for a new software development effort that is being outsourced overseas, while customer acceptance testing will be performed in house. Which of the following capabilities is MOST likely to cause issues with network availability?


Options are :

  • End to end network encryption
  • File-size validation
  • ISP to ISP network jitter
  • Time-based access control lists
  • Source code vulnerability scanning

Answer :Time-based access control lists

In a situation where data is to be recovered from an attacker?s location, which of the following are the FIRST things to capture? (Select TWO).


Options are :

  • Snapshots of data on the monitor
  • Documents on the printer
  • Passwords written on scrap paper
  • Removable media
  • Volatile system memory

Answer :Snapshots of data on the monitor Volatile system memory

CompTIA N10-004 Network+ Certification Practice Test Set 12

Customers have recently reported incomplete purchase history and other anomalies while accessing their account history on the web server farm. Upon investigation, it has been determined that there are version mismatches of key e-commerce applications on the production web servers. The development team has direct access to the production servers and is most likely the cause of the different release versions. Which of the following process level solutions would address this problem?


Options are :

  • Change development methodology from strict waterfall to agile
  • Implement change control practices at the organization level.
  • Update the vulnerability management plan to address data discrepancy issues.
  • Adjust the firewall ACL to prohibit development from directly accessing the production server farm.

Answer :Implement change control practices at the organization level.

A project manager working for a large city government is required to plan and build a WAN, which will be required to host official business and public access. It is also anticipated that the city?s emergency and first response communication systems will be required to operate across the same network. The project manager has experience with enterprise IT projects, but feels this project has an increased complexity as a result of the mixed business / public use and the critical infrastructure it will provide. Which of the following should the project manager release to the public, academia, and private industry to ensure the city provides due care in considering all project factors prior to building its new WAN?


Options are :

  • RFQ
  • NDA
  • RFP
  • RFI

Answer :RFI

The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. A vulnerability scan found a collection of Linux servers that are missing OS level patches. Upon further investigation, a technician notices that there are a few unidentified processes running on a number of the servers. What would be a key FIRST step for the data security team to undertake at this point?


Options are :

  • Reboot the Linux servers, check running processes, and install needed patches.
  • Notify upper management of a security breach.
  • Capture process ID data and submit to anti-virus vendor for review.
  • Conduct a bit level image, including RAM, of one or more of the Linux servers.
  • Remove a single Linux server from production and place in quarantine.

Answer :Conduct a bit level image, including RAM, of one or more of the Linux servers.

Test : CompTIA Cloud+ Certification

A company is trying to decide how to manage hosts in a branch location connected via a slow WAN link. The company desires to provide the same level of performance and functionality to the branch office as it provides to the main campus. The company uses Active Directory for its directory service and host configuration management. The branch location does not have a datacenter, and the physical security posture of the building is weak. Which of the following designs is MOST appropriate for this scenario?


Options are :

  • Deploy a branch location Read-Only Domain Controller in the DMZ at the main campus with a two-way trust.
  • Deploy a corporate Domain Controller in the DMZ at the main campus.
  • Deploy a corporate Read-Only Domain Controller to the branch location.
  • Deploy a corporate Domain Controller to the branch location
  • Deploy a branch location Read-Only Domain Controller to the branch office location with a one-way trust.

Answer :Deploy a corporate Read-Only Domain Controller to the branch location.

A senior network security engineer has been tasked to decrease the attack surface of the corporate network. Which of the following actions would protect the external network interfaces from external attackers performing network scanning?


Options are :

  • Remove contact details from the domain name registrar to prevent social engineering attacks.
  • Test external interfaces to see how they function when they process fragmented IP packets.
  • Filter all internal ICMP message traffic, forcing attackers to use full-blown TCP port scans against external network interfaces.
  • Enable a honeynet to capture and facilitate future analysis of malicious attack vectors.

Answer :Test external interfaces to see how they function when they process fragmented IP packets.

A system administrator has just installed a new Linux distribution. The distribution is configured to be "secure out of the box". The system administrator cannot make updates to certain system files and services. Each time changes are attempted, they are denied and a system error is generated. Which of the following troubleshooting steps should the security administrator suggest?


Options are :

  • Disable any firewall software before making changes
  • Review settings in the SELinux configuration files
  • Perform all administrative actions while logged in as root
  • Reset root permissions on systemd files

Answer :Review settings in the SELinux configuration files

CL0-001 CompTIA Cloud Essentials Practice Test Set 3

An administrator is implementing a new network-based storage device. In selecting a storage protocol, the administrator would like the data in transit's integrity to be the most important concern. Which of the following protocols meets these needs by implementing either AES-CMAC or HMAC-SHA256 to sign data?


Options are :

  • SMB
  • NFS
  • iSCSI
  • FCoE

Answer :SMB

An IT manager is working with a project manager to implement a new ERP system capable of transacting data between the new ERP system and the legacy system. As part of this process, both parties must agree to the controls utilized to secure data connections between the two enterprise systems. This is commonly documented in which of the following formal documents?


Options are :

  • Information System Security Agreement
  • Memorandum of Understanding
  • Interconnection Security Agreement
  • Interoperability Agreement

Answer :Interconnection Security Agreement

An IT Manager is concerned about errors made during the deployment process for a new model of tablet. Which of the following would suggest best practices and configuration parameters that technicians could follow during the deployment process?


Options are :

  • Corporate standard
  • Guideline
  • Procedure
  • Automated workflow

Answer :Guideline

CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 9

A company has a difficult time communicating between the security engineers, application developers, and sales staff. The sales staff tends to overpromise the application deliverables. The security engineers and application developers are falling behind schedule. Which of the following should be done to solve this?


Options are :

  • Allow the sales staff to learn application programming and security engineering so they understand the whole lifecycle.
  • Allow the application developers to attend a sales conference so they understand how business is done.
  • Allow the sales staff to shadow the developers and engineers to see how their sales impact the deliverables.
  • Allow the security engineering team to do application development so they understand why it takes so long.

Answer :Allow the sales staff to shadow the developers and engineers to see how their sales impact the deliverables.

An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $25,000. The web filtering solution will cost the organization $20,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution?


Options are :

  • $25,000
  • $22,500
  • $0
  • $7,500
  • $20,000

Answer :$7,500

A security solutions architect has argued consistently to implement the most secure method of encrypting corporate messages. The solution has been derided as not being cost effective by other members of the IT department. The proposed solution uses symmetric keys to encrypt all messages and is very resistant to unauthorized decryption. The method also requires special handling and security for all key material that goes above and beyond most encryption systems. Which of the following is the solutions architect MOST likely trying to implement?


Options are :

  • PKI
  • Digital rights management
  • One time pads
  • Quantum cryptography

Answer :Digital rights management

CompTIA JK0-801 A+ Certification Part - 2 Practice Exam Set 1

A facilities manager has observed varying electric use on the company?s metered service lines. The facility management rarely interacts with the IT department unless new equipment is being delivered. However, the facility manager thinks that there is a correlation between spikes in electric use and IT department activity. Which of the following business processes and/or practices would provide better management of organizational resources with the IT department?s needs? (Select TWO).


Options are :

  • Purchasing software asset management software
  • Hiring a property custodian
  • Designing a business resource monitoring system
  • Facility management participation on a change control board
  • Implementation of change management best practices
  • Deploying a radio frequency identification tagging asset management system

Answer :Facility management participation on a change control board Implementation of change management best practices

ODBC access to a database on a network-connected host is required. The host does not have a security mechanism to authenticate the incoming ODBC connection, and the application requires that the connection have read/write permissions. In order to further secure the data, a nonstandard configuration would need to be implemented. The information in the database is not sensitive, but was not readily accessible prior to the implementation of the ODBC connection. Which of the following actions should be taken by the security analyst?


Options are :

  • Secure the data despite the need to use a security control or solution that is not within company standards.
  • Do not allow the connection to be made to avoid unnecessary risk and avoid deviating from the standard security configuration.
  • Accept the risk in order to keep the system within the company?s standard security configuration.
  • Explain the risks to the data owner and aid in the decision to accept the risk versus choosing a nonstandard solution.

Answer :Explain the risks to the data owner and aid in the decision to accept the risk versus choosing a nonstandard solution.

A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system?


Options are :

  • Implement an application layer firewall to protect the payroll system interface
  • Isolate the system on a secure network to limit its contact with other systems
  • Monitor the system?s security log for unauthorized access to the payroll application
  • Perform reconciliation of all payroll transactions on a daily basis

Answer :Isolate the system on a secure network to limit its contact with other systems

CompTIA JK0-019 E2C Network Media & Topologies Practice Exam Set 2

A security administrator is tasked with increasing the availability of the storage networks while enhancing the performance of existing applications. Which of the following technologies should the administrator implement to meet these goals? (Select TWO).


Options are :

  • vSAN
  • Multipath
  • Snapshots
  • LUN masking
  • Dynamic disk pools

Answer :Multipath Dynamic disk pools

A small company is developing a new Internet-facing web application. The security requirements are: Users of the web application must be uniquely identified and authenticated. Users of the web application will not be added to the company?s directory services. Passwords must not be stored in the code. Which of the following meets these requirements?


Options are :

  • Use SAML with federated directory services.
  • Use Kerberos and browsers that support SAML.
  • Use TLS with a shared client certificate for all users.
  • Use OpenID and allow a third party to authenticate users.

Answer :Use OpenID and allow a third party to authenticate users.

A member of the software development team has requested advice from the security team to implement a new secure lab for testing malware. Which of the following is the NEXT step that the security team should take?


Options are :

  • Develop a policy to outline what will be required in the secure lab
  • Purchase new hardware to keep the malware isolated.
  • Create a proposal and present it to management for approval.
  • Construct a series of VMs to host the malware environment.

Answer :Create a proposal and present it to management for approval.

JK0-019 CompTIA E2C Network + Certification Exam Set 9

During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution?


Options are :

  • Implement an IPS to block the application on the network
  • Implement the remote application out to the rest of the servers
  • Implement SSL VPN with SAML standards for federation
  • Implement an ACL on the firewall with NAT for remote access

Answer :Implement SSL VPN with SAML standards for federation

An organization has decided to reduce labor costs by outsourcing back office processing of credit applications to a provider located in another country. Data sovereignty and privacy concerns raised by the security team resulted in the thirdparty provider only accessing and processing the data via remote desktop sessions. To facilitate communications and improve productivity, staff at the third party has been provided with corporate email accounts that are only accessible via the remote desktop sessions. Email forwarding is blocked and staff at the third party can only communicate with staff within the organization. Which of the following additional controls should be implemented to prevent data loss? (Select THREE).


Options are :

  • Monitor approved credit account
  • Implement hashing of data in transit
  • Session recording and capture
  • User access audit reviews
  • Disable cross session cut and paste
  • Source IP whitelisting

Answer :User access audit reviews Disable cross session cut and paste Source IP whitelisting

An external penetration tester compromised one of the client organization?s authentication servers and retrieved the password database. Which of the following methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organization?s other systems, without impacting the integrity of any of the systems?


Options are :

  • Use rainbow tables to crack the passwords
  • Use social engineering to obtain the actual password
  • Use the existing access to change the password
  • Use the pass the hash technique

Answer :Use the pass the hash technique

N10-006 CompTIA Network+ Certification Practice Test Set 8

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?


Options are :

  • The tool could show that input validation was only enabled on the client side
  • The tool could fuzz the application to determine where memory leaks occur
  • The tool could force HTTP methods such as DELETE that the server has denied
  • The tool could enumerate backend SQL database table and column names

Answer :The tool could show that input validation was only enabled on the client side

A company is in the process of implementing a new front end user interface for its customers, the goal is to provide them with more self service functionality. The application has been written by developers over the last six months and the project is currently in the test phase. Which of the following security activities should be implemented as part of the SDL in order to provide the MOST security coverage over the solution? (Select TWO).


Options are :

  • Perform code review over a sampling of the front end source code
  • Perform grey box penetration testing over the solution
  • Perform black box penetration testing over the solution
  • Perform static code review over the front end source code
  • Perform unit testing of the binary code

Answer :Perform grey box penetration testing over the solution Perform static code review over the front end source code

Executive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary information and closely guarded corporate trade secrets. The information security team has been a part of the department meetings and come away with the following notes: -Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee management application, a cloud-based SaaS application. -Sales is asking for easy order tracking to facilitate feedback to customers. -Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership questions and legal jurisdiction. -Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to be quick and easy. -Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. They would like read-only access to the entire workflow process for monitoring and baselining. The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation, custom fields, and data encryption. Which of the following departments? request is in contrast to the favored solution?


Options are :

  • Quality assurance
  • Manufacturing
  • Legal
  • Human resources
  • Sales

Answer :Human resources

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 2

An attacker attempts to create a DoS event against the VoIP system of a company. The attacker uses a tool to flood the network with a large number of SIP INVITE traffic. Which of the following would be LEAST likely to thwart such an attack?


Options are :

  • Implement QoS parameters on the switches
  • Create separate VLANs for voice and data traffic
  • Install IDS/IPS systems on the network
  • Force all SIP communication to be encrypted

Answer :Implement QoS parameters on the switches

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. The company needs an effective communication solution to remain in constant contact with each other, while maintaining a secure business environment. A junior-level administrator suggests that the company and the sales staff stay connected via free social media. Which of the following decisions is BEST for the CEO to make?


Options are :

  • Social media is an ineffective solution because the policy may not align with the business.
  • Social media is an ineffective solution because it is not primarily intended for business applications.
  • Social media is an effective solution because it implements SSL encryption.
  • Social media is an effective solution because it is easily adaptable to new situations.

Answer :Social media is an ineffective solution because the policy may not align with the business.

A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task?


Options are :

  • Interview candidates, attend training, and hire a staffing company that specializes in technology jobs
  • Interview employees and managers to discover the industry hot topics and trends
  • Attend conferences, webinars, and training to remain current with the industry and job requirements
  • Attend meetings with staff, internal training, and become certified in software management

Answer :Attend conferences, webinars, and training to remain current with the industry and job requirements

220-801 CompTIA A+ Certification Practice Exam Set 8

A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented. Organize the following security requirements into the correct hierarchy required for an SRTM. Requirement 1: The system shall provide confidentiality for data in transit and data at rest. Requirement 2: The system shall use SSL, SSH, or SCP for all data transport. Requirement 3: The system shall implement a file-level encryption scheme. Requirement 4: The system shall provide integrity for all data at rest. Requirement 5: The system shall perform CRC checks on all files.


Options are :

  • Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5 under 4
  • Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under 4; Level 3: Requirement 3 under 2
  • Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5
  • Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5

Answer :Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5 under 4

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions